Bugdroid/Bugdroid-Back
3
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Improved SecurityConfig

Browse Source
This commit is contained in:
Индекс Зиро 2025-02-19 17:01:48 +03:00
parent 848b61108e
commit bfe859b08b
5 changed files with 31 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/main/java/com/indexzero/finals/config/SecurityConfig.java
View File

@ -27,17 +27,27 @@ public class SecurityConfig {
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http http
.authorizeHttpRequests((authorize) -> authorize .authorizeHttpRequests((authorize) -> authorize
// Swagger and OpenAPI Docs
.requestMatchers("/v3/api-docs/**").permitAll() .requestMatchers("/v3/api-docs/**").permitAll()
.requestMatchers("/swagger-ui/**").permitAll()
// EmployeeController for everyone
.requestMatchers("/api/employee/login").authenticated() .requestMatchers("/api/employee/login").authenticated()
.requestMatchers("/api/employee/profile").authenticated() .requestMatchers("/api/employee/profile").authenticated()
.requestMatchers("/api/employee/open").authenticated() .requestMatchers("/api/employee/open").authenticated()
.requestMatchers("/api/entrance").authenticated() // EmployeeController for admins
.requestMatchers("/api/entrance/all").hasAuthority("ADMIN")
.requestMatchers("/api/employee/{login}/delete").hasAuthority("ADMIN") .requestMatchers("/api/employee/{login}/delete").hasAuthority("ADMIN")
.requestMatchers("/api/employee/{login}/{state}").hasAuthority("ADMIN") .requestMatchers("/api/employee/{login}/{state}").hasAuthority("ADMIN")
.requestMatchers("/api/employee/all").hasAuthority("ADMIN")
.requestMatchers("/api/employee/{login}").hasAuthority("ADMIN") .requestMatchers("/api/employee/{login}").hasAuthority("ADMIN")
.requestMatchers("/swagger-ui/**").permitAll() .requestMatchers("/api/employee/all").hasAuthority("ADMIN")
// Entrance for everyone
.requestMatchers("/api/entrance").authenticated()
.requestMatchers("/api/entrance/last").authenticated()
// Entrance for admins
.requestMatchers("/api/entrance/all").hasAuthority("ADMIN")
.requestMatchers("/api/entrance/{login}").hasAuthority("ADMIN")
.anyRequest().authenticated() .anyRequest().authenticated()
) )
.httpBasic(Customizer.withDefaults()).csrf(csrf -> csrf .httpBasic(Customizer.withDefaults()).csrf(csrf -> csrf

6
src/main/java/com/indexzero/finals/entity/Code.java
View File

@ -17,12 +17,12 @@ public class Code {
@GeneratedValue(strategy = GenerationType.IDENTITY) @GeneratedValue(strategy = GenerationType.IDENTITY)
private long id; private long id;
@Column(name = "value") @Column(name = "value", nullable = false)
private long value; private long value;
@Column(name = "name") @Column(name = "name", nullable = false)
String name; String name;
@Column(name = "entry_type") @Column(name = "entry_type", nullable = false)
String entryType; String entryType;
} }

4
src/main/java/com/indexzero/finals/entity/Employee.java
View File

@ -33,10 +33,10 @@ public class Employee implements UserDetails {
@Column(name = "position", nullable = false) @Column(name = "position", nullable = false)
private String position; private String position;
@Column(name = "photo_url") @Column(name = "photo_url", nullable = false)
private String photoUrl; private String photoUrl;
@Column(name = "is_enabled") @Column(name = "is_enabled", nullable = false)
Boolean isQREnabled; Boolean isQREnabled;
@ManyToMany(fetch = FetchType.EAGER) @ManyToMany(fetch = FetchType.EAGER)

1
src/main/java/com/indexzero/finals/repository/EmployeeRepository.java
View File

@ -5,6 +5,5 @@ import org.springframework.data.jpa.repository.JpaRepository;
public interface EmployeeRepository extends JpaRepository<Employee, Long> { public interface EmployeeRepository extends JpaRepository<Employee, Long> {
boolean existsByLogin(String login);
Employee findByLogin(String login); Employee findByLogin(String login);
} }

13
src/test/java/com/indexzero/finals/NtoFinalsApplicationTests.java → src/test/java/com/indexzero/finals/EmployeeControllerTests.java
View File

@ -13,7 +13,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
@SpringBootTest @SpringBootTest
@AutoConfigureMockMvc @AutoConfigureMockMvc
class NtoFinalsApplicationTests { class EmployeeControllerTests {
@Autowired @Autowired
private MockMvc mockMvc; private MockMvc mockMvc;
@ -29,4 +29,15 @@ class NtoFinalsApplicationTests {
); );
} }
@Test
void userLoginWrong() throws Exception {
this.mockMvc.perform(
post("/api/employee/login")
.with(httpBasic("pivanov", "HelloWorld12345")))
.andDo(print())
.andExpect(status().isUnauthorized());
}
} }