From 928fe1184266abddf18393d96a6ec7899c11f1c3 Mon Sep 17 00:00:00 2001
From: tuanvu <tuan-minh.vu@univ-rennes1.fr>
Date: Wed, 7 Jan 2026 13:16:43 +0100
Subject: [PATCH] add security

---
 .../FrisbYEE/config/WebSecurityConfig.java    | 40 +++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 back_end/src/main/java/hackathon/FrisbYEE/config/WebSecurityConfig.java

diff --git a/back_end/src/main/java/hackathon/FrisbYEE/config/WebSecurityConfig.java b/back_end/src/main/java/hackathon/FrisbYEE/config/WebSecurityConfig.java
new file mode 100644
index 0000000..2d807d7
--- /dev/null
+++ b/back_end/src/main/java/hackathon/FrisbYEE/config/WebSecurityConfig.java
@@ -0,0 +1,40 @@
+package hackathon.FrisbYEE.config;
+
+import java.util.Collection;
+import java.util.List;
+import java.util.Map;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
+import org.springframework.security.web.SecurityFilterChain;
+
+@Configuration
+@EnableWebSecurity
+public class WebSecurityConfig {
+
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        http
+                .csrf(csrf -> csrf.disable())
+                .authorizeHttpRequests(auth -> auth
+                        .requestMatchers("/", "/public", "/coach/**").permitAll() // allow coach endpoints
+                        .requestMatchers("/admin/**").hasRole("admin")
+                        .requestMatchers("/user/**").hasRole("user")
+                        .anyRequest().authenticated())
+                .oauth2ResourceServer(oauth2 -> oauth2
+                        .jwt(jwt -> jwt.jwtAuthenticationConverter(jwtToken -> {
+                            Map<String, Collection<String>> realmAccess = jwtToken.getClaim("realm_access");
+                            Collection<String> roles = realmAccess.get("roles");
+                            List<SimpleGrantedAuthority> authorities = roles.stream()
+                                    .map(role -> new SimpleGrantedAuthority("ROLE_" + role))
+                                    .toList();
+                            return new JwtAuthenticationToken(jwtToken, authorities);
+                        })));
+
+        return http.build();
+    }
+}