@@ -98,6 +98,15 @@ public SecurityConfiguration(
9898 this .security = applicationProperties .getSecurity ();
9999 }
100100
101+ /**
102+ * Configures the security filter chain for the actuator endpoints, specifying authorization rules, authentication
103+ * mechanisms, and exception handling.
104+ *
105+ * @param http the {@link HttpSecurity} object used to customize security settings for the actuator endpoints
106+ * @param mvc a {@link PathPatternRequestMatcher.Builder} used to create matchers for specific URI patterns
107+ * @return a configured {@link SecurityFilterChain} to handle security for actuator endpoints
108+ * @throws Exception if an error occurs while configuring the security filter chain
109+ */
101110 @ Bean
102111 @ Order (2 )
103112 public SecurityFilterChain actuatorFilterChain (
@@ -135,6 +144,32 @@ public SecurityFilterChain actuatorFilterChain(
135144 return http .build ();
136145 }
137146
147+ /**
148+ * Configures the security filter chain for API endpoints and GraphQL requests, defining authorization,
149+ * authentication, CSRF settings, and headers for securing requests.
150+ *
151+ * @param http the {@link HttpSecurity} object used to customize the security settings
152+ * for the application.
153+ * @param mvc a {@link PathPatternRequestMatcher.Builder} used to build request
154+ * matchers.
155+ * @param authenticationProviderContributors a list of {@link AuthenticationProviderContributor} instances
156+ * contributing custom {@link AuthenticationProvider}s to handle
157+ * authentication.
158+ * @param authorizeHttpRequestContributors a list of {@link AuthorizeHttpRequestContributor} instances providing
159+ * paths to be configured as permit-all in the API security configuration.
160+ * @param csrfContributors a list of {@link CsrfContributor} instances contributing request
161+ * matchers to be ignored for CSRF protection.
162+ * @param environment the {@link Environment} object used to retrieve profiles and
163+ * environment properties.
164+ * @param filterAfterContributors a list of {@link FilterAfterContributor} instances allowing additional
165+ * filters to be added after default filters in the chain.
166+ * @param filterBeforeContributors a list of {@link FilterBeforeContributor} instances allowing additional
167+ * filters to be added before default filters in the chain.
168+ * @param spaWebFilterContributors a list of {@link SpaWebFilterContributor} instances contributing to the
169+ * customization of SPA-specific filters.
170+ * @return a configured {@link SecurityFilterChain} for securing API and GraphQL endpoints.
171+ * @throws Exception if an error occurs while configuring the security filter chain.
172+ */
138173 @ Bean
139174 @ Order (3 )
140175 public SecurityFilterChain apiFilterChain (
@@ -224,6 +259,22 @@ public SecurityFilterChain apiFilterChain(
224259 return http .build ();
225260 }
226261
262+ /**
263+ * Configures the security filter chain for the web application, defining authorization, authentication, and the
264+ * integration of SPA-specific and permit-all contributors.
265+ *
266+ * @param http the {@link HttpSecurity} object used to customize security settings for
267+ * the application
268+ * @param mvc a {@link PathPatternRequestMatcher.Builder} used to create request
269+ * matchers for specific URI patterns
270+ * @param authorizeHttpRequestContributors a list of {@link AuthorizeHttpRequestContributor} instances providing
271+ * paths to be configured as permit-all in the security configuration
272+ *
273+ * @param spaWebFilterContributors a list of {@link SpaWebFilterContributor} instances contributing to the
274+ * customization of SPA-specific filters
275+ * @return a configured {@link SecurityFilterChain} for managing security in the application
276+ * @throws Exception if an error occurs while configuring the security filter chain
277+ */
227278 @ Bean
228279 @ Order (4 )
229280 public SecurityFilterChain filterChain (
@@ -268,6 +319,15 @@ public SecurityFilterChain filterChain(
268319 return http .build ();
269320 }
270321
322+ /**
323+ * Configures the security filter chain for GraphQL and GraphiQL endpoints in the development profile, defining
324+ * authorization rules, authentication mechanisms, and exception handling.
325+ *
326+ * @param http the {@link HttpSecurity} object used to customize security settings for the GraphQL endpoints
327+ * @param mvc a {@link PathPatternRequestMatcher.Builder} used to create request matchers for specific URI patterns
328+ * @return a configured {@link SecurityFilterChain} for securing GraphQL and GraphiQL endpoints
329+ * @throws Exception if an error occurs while configuring the security filter chain
330+ */
271331 @ Bean
272332 @ Profile ("dev" )
273333 @ Order (1 )
@@ -328,6 +388,12 @@ private String getRememberMeKey() {
328388 return rememberMe .getKey ();
329389 }
330390
391+ /**
392+ * A configuration class for adding custom filters to the security filter chain after specified filters. This class
393+ * allows customization of the filter chain by applying a list of {@link FilterAfterContributor} instances.
394+ *
395+ * @param <H> the type of {@link HttpSecurityBuilder} used for configuring the security filter chain
396+ */
331397 private static class FilterAfterContributorConfigurer <H extends HttpSecurityBuilder <HttpSecurity >>
332398 extends AbstractHttpConfigurer <FilterBeforeContributorConfigurer <H >, HttpSecurity > {
333399
@@ -347,6 +413,13 @@ public void configure(HttpSecurity http) {
347413 }
348414 }
349415
416+ /**
417+ * A private configuration class for adding and positioning filters in the web security filter chain before a
418+ * specific set of filters. This configurer uses a list of {@link FilterBeforeContributor} instances to determine
419+ * which filters should be introduced into the chain and their corresponding positions.
420+ *
421+ * @param <H> the type of {@link HttpSecurityBuilder} used to configure the web security filter chain.
422+ */
350423 private static class FilterBeforeContributorConfigurer <H extends HttpSecurityBuilder <HttpSecurity >>
351424 extends AbstractHttpConfigurer <FilterBeforeContributorConfigurer <H >, HttpSecurity > {
352425
@@ -410,6 +483,21 @@ public String resolveCsrfTokenValue(HttpServletRequest request, CsrfToken csrfTo
410483 }
411484 }
412485
486+ /**
487+ * A custom implementation of {@link BasicAuthenticationEntryPoint} used to handle unauthorized access attempts when
488+ * basic authentication is required.
489+ *
490+ * This class extends the default functionality of {@link BasicAuthenticationEntryPoint} to customize the behavior
491+ * for responding to unauthorized requests. It specifically defines the response headers and status code returned to
492+ * the client upon an authentication failure.
493+ *
494+ * Key functionality: - Sets the "WWW-Authenticate" response header to indicate the required basic authentication
495+ * with a realm. - Responds with the HTTP 401 (Unauthorized) status code to indicate that the request requires
496+ * authentication.
497+ *
498+ * Method: {@link #commence(HttpServletRequest, HttpServletResponse, AuthenticationException)}: - Handles the
499+ * response when an {@link AuthenticationException} occurs, customizing the headers and status code.
500+ */
413501 private static class UnauthorizedBasicAuthenticationEntryPoint extends BasicAuthenticationEntryPoint {
414502
415503 @ Override
0 commit comments