Changeset ac41d70 for ReserveNGo-backend

Timestamp:

01/28/25 04:42:09 (3 months ago)

Author:

Nikola Jordanoski <nikolaj_koko@…>

Branches:

master

Children:

48e50b4, e2a84e9

Parents:

0f3afae

Message:

Fully fixed security :)

File:

• ReserveNGo-backend/src/main/java/mk/ukim/finki/it/reservengo/config/WebSecurityConfig.java (modified) (4 diffs)

ReserveNGo-backend/src/main/java/mk/ukim/finki/it/reservengo/config/WebSecurityConfig.java

@@ -4 +4 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.lang.NonNull;
 import org.springframework.security.authentication.AuthenticationProvider;
@@ -37 +38 @@
                         .frameOptions(HeadersConfigurer.FrameOptionsConfig::sameOrigin))
                 .authorizeHttpRequests((requests) -> requests
+                        .requestMatchers(HttpMethod.OPTIONS,"/**").permitAll()
                         .requestMatchers(
-                                "/api/**",
+                                "api/auth/**",
                                 "/h2/**",
-                                "/favicon.ico")
+                                "/favicon.ico",
+                                "/api/locals/**")
                         .permitAll()
+                        .requestMatchers("/api/customer/**").hasRole("CUSTOMER")
+                        .requestMatchers("/api/admin/**").hasRole("ADMIN")
                         .anyRequest()
                         .authenticated()
@@ -61 +66 @@
                 registry.addMapping("/api/**")
                         .allowedOrigins("http://localhost:5173")
-                        .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH", "HEAD")
+                        .allowedMethods("*")
                         .allowedHeaders("*")
                         .allowCredentials(true);
@@ -67 +72 @@
         };
     }
-
 }