From 9000c6b9a140a17b560d1c3c5c8a156930691b4e Mon Sep 17 00:00:00 2001 From: Konstantin Date: Thu, 20 Feb 2025 13:49:10 +0300 Subject: [PATCH] improve --- .../com/example/nto/config/SecurityConfig.java | 7 +++++-- .../nto/controller/EmployeeController.java | 15 +++++++++------ 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/src/main/java/com/example/nto/config/SecurityConfig.java b/src/main/java/com/example/nto/config/SecurityConfig.java index 55b7163..cf4702d 100644 --- a/src/main/java/com/example/nto/config/SecurityConfig.java +++ b/src/main/java/com/example/nto/config/SecurityConfig.java @@ -16,6 +16,7 @@ import org.springframework.security.config.annotation.authentication.configurati import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer; import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.core.userdetails.UserDetailsService; @@ -26,6 +27,8 @@ import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; +import javax.servlet.DispatcherType; + @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) @@ -46,8 +49,8 @@ public class SecurityConfig { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { - return http.csrf(AbstractHttpConfigurer::disable) - .authorizeHttpRequests(auth -> auth.requestMatchers(new AntPathRequestMatcher("/api/auth")).permitAll() + return http.csrf().disable() + .authorizeHttpRequests(auth -> auth .anyRequest().authenticated()) .logout((logout) -> logout.logoutUrl("/api/logout")) .httpBasic(Customizer.withDefaults()) diff --git a/src/main/java/com/example/nto/controller/EmployeeController.java b/src/main/java/com/example/nto/controller/EmployeeController.java index 05547e8..bf49fa7 100644 --- a/src/main/java/com/example/nto/controller/EmployeeController.java +++ b/src/main/java/com/example/nto/controller/EmployeeController.java @@ -4,9 +4,15 @@ import com.example.nto.model.entity.Code; import com.example.nto.model.entity.Employee; import com.example.nto.service.EmployeeService; import lombok.RequiredArgsConstructor; +import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.web.bind.annotation.*; +import javax.servlet.http.HttpServletRequest; + @RestController @RequestMapping("/api") @RequiredArgsConstructor @@ -15,13 +21,10 @@ public class EmployeeController { private final EmployeeService employeeService; @GetMapping("/auth") - public void authEmployee(@RequestParam final String login) { - employeeService.employeeExists(login); - } - @GetMapping("/logout") - public void logoutEmployee(@RequestParam final String login) { - employeeService.employeeExists(login); + public ResponseEntity authEmployee() { + return new ResponseEntity<>(null, HttpStatus.OK); } + @GetMapping("/info") public Employee info(@RequestParam final String login) { return employeeService.getEmployee(login);