Ignore:
Timestamp:
09/17/22 01:23:47 (2 years ago)
Author:
Marko <Marko@…>
Branches:
master
Children:
7e88e46
Parents:
e5b84dc
Message:

Added more controllers

File:
1 edited

Legend:

Unmodified
Added
Removed

  • phonelux-backend/src/main/java/finki/it/phoneluxbackend/security/configs/WebSecurityConfig.java

    re5b84dc r775e15e  
    2929    @Override
    3030    protected void configure(HttpSecurity http) throws Exception {
    31 //        http
    32 //                .csrf().disable()
    33 //                .authorizeRequests()
    34 //                .antMatchers("/registration/**")
    35 //                .permitAll()
    36 //                .anyRequest()
    37 //                .authenticated().and()
    38 //                .formLogin();
     31
    3932
    4033        http.csrf().disable();
    4134        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    42 //        http.authorizeRequests().antMatchers(GET,"/phones").hasAnyAuthority("USER");
    43         http.authorizeRequests().anyRequest().permitAll();
     35
     36        http.authorizeRequests()
     37                .and()
     38                .authorizeRequests()
     39                .antMatchers("/user/**")
     40                .hasAnyAuthority("USER","ADMIN", "SUPERADMIN")
     41                .and()
     42                .authorizeRequests()
     43                .antMatchers("/management/**")
     44                .hasAnyAuthority("SUPERADMIN")
     45                .anyRequest().permitAll();
     46
     47
     48
    4449        http.addFilter(new CustomAuthenticationFilter(authenticationManagerBean()));
    4550        http.addFilterBefore(new CustomAuthorizationFilter(), UsernamePasswordAuthenticationFilter.class);
Note: See TracChangeset for help on using the changeset viewer.