Revize abaa5f46
Přidáno uživatelem Jakub Šmíd před asi 2 roky(ů)
- ID abaa5f461242c640ae1e7daaddb6bfc1b1419db9
- Rodič c1df89f5
backend/src/main/java/cz/zcu/kiv/backendapi/security/SecurityConfig.java | ||
---|---|---|
1 | 1 |
package cz.zcu.kiv.backendapi.security; |
2 | 2 |
|
3 |
import cz.zcu.kiv.backendapi.security.jwt.JwtTokenVerifier; |
|
4 | 3 |
import cz.zcu.kiv.backendapi.security.jwt.JwtUsernameAndPasswordAuthenticationFilter; |
5 | 4 |
import cz.zcu.kiv.backendapi.security.jwt.JwtUtils; |
6 |
import cz.zcu.kiv.backendapi.user.Role; |
|
7 |
import cz.zcu.kiv.backendapi.user.permission.Permission; |
|
8 | 5 |
import lombok.RequiredArgsConstructor; |
9 | 6 |
import org.springframework.context.annotation.Bean; |
10 | 7 |
import org.springframework.context.annotation.Configuration; |
11 |
import org.springframework.http.HttpMethod; |
|
12 | 8 |
import org.springframework.security.authentication.dao.DaoAuthenticationProvider; |
13 | 9 |
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; |
14 | 10 |
import org.springframework.security.config.annotation.web.builders.HttpSecurity; |
... | ... | |
59 | 55 |
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) |
60 | 56 |
.and() |
61 | 57 |
.addFilter(new JwtUsernameAndPasswordAuthenticationFilter(authenticationManager(), jwtUtils)) |
62 |
.addFilterAfter(new JwtTokenVerifier(jwtUtils, permittedUrls), JwtUsernameAndPasswordAuthenticationFilter.class) |
|
58 |
// .addFilterAfter(new JwtTokenVerifier(jwtUtils, permittedUrls), JwtUsernameAndPasswordAuthenticationFilter.class)
|
|
63 | 59 |
.authorizeRequests() |
64 |
.antMatchers(permittedUrls).permitAll() |
|
65 |
.antMatchers("/user/update-permissions/**", "/user/reset-password/**").hasRole(Role.ADMIN.name()) |
|
66 |
.antMatchers(HttpMethod.DELETE, "/user/**").hasRole(Role.ADMIN.name()) |
|
67 |
.antMatchers("/write/**").hasAuthority(Permission.WRITE.name()) |
|
68 |
.antMatchers("/read/**").hasAuthority(Permission.READ.name()) |
|
69 |
.antMatchers("/delete/**").hasAuthority(Permission.DELETE.name()) |
|
70 |
.anyRequest() |
|
71 |
.authenticated(); |
|
60 |
// .antMatchers(permittedUrls).permitAll() |
|
61 |
// .antMatchers("/user/update-permissions/**", "/user/reset-password/**").hasRole(Role.ADMIN.name()) |
|
62 |
// .antMatchers(HttpMethod.DELETE, "/user/**").hasRole(Role.ADMIN.name()) |
|
63 |
// .antMatchers("/write/**").hasAuthority(Permission.WRITE.name()) |
|
64 |
// .antMatchers("/read/**").hasAuthority(Permission.READ.name()) |
|
65 |
// .antMatchers("/delete/**").hasAuthority(Permission.DELETE.name()) |
|
66 |
// .anyRequest() |
|
67 |
// .authenticated(); |
|
68 |
.anyRequest().permitAll(); |
|
72 | 69 |
} |
73 | 70 |
|
74 | 71 |
/** |
Také k dispozici: Unified diff
Experiment with database