Bugdroid/Bugdroid-Back
3
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Improved SecurityConfig

Browse Source
This commit is contained in:
Индекс Зиро 2025-02-19 17:01:48 +03:00
parent 848b61108e
commit bfe859b08b
5 changed files with 31 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/main/java/com/indexzero/finals/config/SecurityConfig.java
View File

@ -27,17 +27,27 @@ public class SecurityConfig {
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests((authorize) -> authorize
// Swagger and OpenAPI Docs
.requestMatchers("/v3/api-docs/**").permitAll()
.requestMatchers("/swagger-ui/**").permitAll()
// EmployeeController for everyone
.requestMatchers("/api/employee/login").authenticated()
.requestMatchers("/api/employee/profile").authenticated()
.requestMatchers("/api/employee/open").authenticated()
.requestMatchers("/api/entrance").authenticated()
.requestMatchers("/api/entrance/all").hasAuthority("ADMIN")
// EmployeeController for admins
.requestMatchers("/api/employee/{login}/delete").hasAuthority("ADMIN")
.requestMatchers("/api/employee/{login}/{state}").hasAuthority("ADMIN")
.requestMatchers("/api/employee/all").hasAuthority("ADMIN")
.requestMatchers("/api/employee/{login}").hasAuthority("ADMIN")
.requestMatchers("/swagger-ui/**").permitAll()
.requestMatchers("/api/employee/all").hasAuthority("ADMIN")
// Entrance for everyone
.requestMatchers("/api/entrance").authenticated()
.requestMatchers("/api/entrance/last").authenticated()
// Entrance for admins
.requestMatchers("/api/entrance/all").hasAuthority("ADMIN")
.requestMatchers("/api/entrance/{login}").hasAuthority("ADMIN")
.anyRequest().authenticated()
)
.httpBasic(Customizer.withDefaults()).csrf(csrf -> csrf

6
src/main/java/com/indexzero/finals/entity/Code.java
View File

@ -17,12 +17,12 @@ public class Code {
@GeneratedValue(strategy = GenerationType.IDENTITY)
private long id;
@Column(name = "value")
@Column(name = "value", nullable = false)
private long value;
@Column(name = "name")
@Column(name = "name", nullable = false)
String name;
@Column(name = "entry_type")
@Column(name = "entry_type", nullable = false)
String entryType;
}

4
src/main/java/com/indexzero/finals/entity/Employee.java
View File

@ -33,10 +33,10 @@ public class Employee implements UserDetails {
@Column(name = "position", nullable = false)
private String position;
@Column(name = "photo_url")
@Column(name = "photo_url", nullable = false)
private String photoUrl;
@Column(name = "is_enabled")
@Column(name = "is_enabled", nullable = false)
Boolean isQREnabled;
@ManyToMany(fetch = FetchType.EAGER)

1
src/main/java/com/indexzero/finals/repository/EmployeeRepository.java
View File

@ -5,6 +5,5 @@ import org.springframework.data.jpa.repository.JpaRepository;
public interface EmployeeRepository extends JpaRepository<Employee, Long> {
boolean existsByLogin(String login);
Employee findByLogin(String login);
}

13
src/test/java/com/indexzero/finals/NtoFinalsApplicationTests.java → src/test/java/com/indexzero/finals/EmployeeControllerTests.java
View File

@ -13,7 +13,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
@SpringBootTest
@AutoConfigureMockMvc
class NtoFinalsApplicationTests {
class EmployeeControllerTests {
@Autowired
private MockMvc mockMvc;
@ -29,4 +29,15 @@ class NtoFinalsApplicationTests {
);
}
@Test
void userLoginWrong() throws Exception {
this.mockMvc.perform(
post("/api/employee/login")
.with(httpBasic("pivanov", "HelloWorld12345")))
.andDo(print())
.andExpect(status().isUnauthorized());
}
}