From 5de538dda30ccee04da354e75061a8e38f9a42c4 Mon Sep 17 00:00:00 2001
From: Ramon Malcolm <ramonmalcolm10@gmail.com>
Date: Mon, 28 Nov 2022 17:32:14 -0500
Subject: [PATCH] Add Resource server config

---
 .../java/com/example/config/SecurityConfig.java | 17 ++++++++++++++++-
 .../example/controller/TestApiController.java   | 14 ++++++++++++++
 2 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100644 src/main/java/com/example/controller/TestApiController.java

diff --git a/src/main/java/com/example/config/SecurityConfig.java b/src/main/java/com/example/config/SecurityConfig.java
index 19b2da2..abe8606 100644
--- a/src/main/java/com/example/config/SecurityConfig.java
+++ b/src/main/java/com/example/config/SecurityConfig.java
@@ -41,6 +41,20 @@ public class SecurityConfig {
 
     @Bean
     @Order(1)
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        http
+                .securityMatcher("/api/**")
+                .authorizeHttpRequests()
+                .anyRequest()
+                .authenticated()
+                .and()
+                .oauth2ResourceServer()
+                .jwt();
+        return http.build();
+    }
+
+    @Bean
+    @Order(2)
     public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http)
             throws Exception {
         OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
@@ -53,6 +67,7 @@ public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity h
                         .authenticationEntryPoint(
                                 new LoginUrlAuthenticationEntryPoint("/login"))
                 )
+                //.exceptionHandling()
                 // Accept access tokens for User Info and/or Client Registration
                 .oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
 
@@ -60,7 +75,7 @@ public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity h
     }
 
     @Bean
-    @Order(2)
+    @Order(3)
     public SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http)
             throws Exception {
         http
diff --git a/src/main/java/com/example/controller/TestApiController.java b/src/main/java/com/example/controller/TestApiController.java
new file mode 100644
index 0000000..19a4de1
--- /dev/null
+++ b/src/main/java/com/example/controller/TestApiController.java
@@ -0,0 +1,14 @@
+package com.example.controller;
+
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+public class TestApiController {
+
+    @GetMapping("/api/test")
+    public String test() {
+        return "test";
+    }
+
+}
\ No newline at end of file