cheese/cheese-back
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

improve

Browse Source
This commit is contained in:
Konstantin 2025-02-20 13:49:10 +03:00
parent 06eb2e8b12
commit 9000c6b9a1
2 changed files with 14 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/main/java/com/example/nto/config/SecurityConfig.java
View File

@ -16,6 +16,7 @@ import org.springframework.security.config.annotation.authentication.configurati
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.core.userdetails.UserDetailsService;
@ -26,6 +27,8 @@ import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import javax.servlet.DispatcherType;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@ -46,8 +49,8 @@ public class SecurityConfig {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
return http.csrf(AbstractHttpConfigurer::disable)
.authorizeHttpRequests(auth -> auth.requestMatchers(new AntPathRequestMatcher("/api/auth")).permitAll()
return http.csrf().disable()
.authorizeHttpRequests(auth -> auth
.anyRequest().authenticated())
.logout((logout) -> logout.logoutUrl("/api/logout"))
.httpBasic(Customizer.withDefaults())

15
src/main/java/com/example/nto/controller/EmployeeController.java
View File

@ -4,9 +4,15 @@ import com.example.nto.model.entity.Code;
import com.example.nto.model.entity.Employee;
import com.example.nto.service.EmployeeService;
import lombok.RequiredArgsConstructor;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.*;
import javax.servlet.http.HttpServletRequest;
@RestController
@RequestMapping("/api")
@RequiredArgsConstructor
@ -15,13 +21,10 @@ public class EmployeeController {
private final EmployeeService employeeService;
@GetMapping("/auth")
public void authEmployee(@RequestParam final String login) {
employeeService.employeeExists(login);
}
@GetMapping("/logout")
public void logoutEmployee(@RequestParam final String login) {
employeeService.employeeExists(login);
public ResponseEntity<?> authEmployee() {
return new ResponseEntity<>(null, HttpStatus.OK);
}
@GetMapping("/info")
public Employee info(@RequestParam final String login) {
return employeeService.getEmployee(login);