Ignore:
Timestamp:
09/17/22 01:23:47 (2 years ago)
Author:
Marko <Marko@…>
Branches:
master
Children:
7e88e46
Parents:
e5b84dc
Message:

Added more controllers

Location:
phonelux-backend/src/main/java/finki/it/phoneluxbackend/security
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • phonelux-backend/src/main/java/finki/it/phoneluxbackend/security/CustomAuthenticationFilter.java

    re5b84dc r775e15e  
    5050                .withClaim("role", user.getAuthorities().stream()
    5151                        .map(GrantedAuthority::getAuthority).collect(Collectors.toList()))
     52                .withClaim("name", user.getFirstName())
     53                .withClaim("id", user.getId())
    5254                .sign(algorithm);
    5355
    54 //        String refresh_token = JWT.create()
    55 //                .withSubject(user.getEmail())
    56 //                .withExpiresAt(new Date(System.currentTimeMillis() + 30 * 60 * 1000))
    57 //                .withIssuer(request.getRequestURL().toString())
    58 //                .withClaim("role",user.getAuthorities().stream()
    59 //                        .map(GrantedAuthority::getAuthority).collect(Collectors.toList()))
    60 //                .sign(algorithm);
    6156
    62 
    63         Map<String,String> tokens = new HashMap<>();
    64         tokens.put("access_token",access_token);
    65 //        tokens.put("refresh_token",refresh_token);
     57        Map<String,String> authInfo = new HashMap<>();
     58        authInfo.put("access_token",access_token);
    6659        response.setContentType(APPLICATION_JSON_VALUE);
    67         new ObjectMapper().writeValue(response.getOutputStream(),tokens);
     60        new ObjectMapper().writeValue(response.getOutputStream(),authInfo);
    6861    }
    6962}

  • phonelux-backend/src/main/java/finki/it/phoneluxbackend/security/configs/WebSecurityConfig.java

    re5b84dc r775e15e  
    2929    @Override
    3030    protected void configure(HttpSecurity http) throws Exception {
    31 //        http
    32 //                .csrf().disable()
    33 //                .authorizeRequests()
    34 //                .antMatchers("/registration/**")
    35 //                .permitAll()
    36 //                .anyRequest()
    37 //                .authenticated().and()
    38 //                .formLogin();
     31
    3932
    4033        http.csrf().disable();
    4134        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    42 //        http.authorizeRequests().antMatchers(GET,"/phones").hasAnyAuthority("USER");
    43         http.authorizeRequests().anyRequest().permitAll();
     35
     36        http.authorizeRequests()
     37                .and()
     38                .authorizeRequests()
     39                .antMatchers("/user/**")
     40                .hasAnyAuthority("USER","ADMIN", "SUPERADMIN")
     41                .and()
     42                .authorizeRequests()
     43                .antMatchers("/management/**")
     44                .hasAnyAuthority("SUPERADMIN")
     45                .anyRequest().permitAll();
     46
     47
     48
    4449        http.addFilter(new CustomAuthenticationFilter(authenticationManagerBean()));
    4550        http.addFilterBefore(new CustomAuthorizationFilter(), UsernamePasswordAuthenticationFilter.class);
Note: See TracChangeset for help on using the changeset viewer.