From f6ca912ed13745140210a1f313de3dff990375ea Mon Sep 17 00:00:00 2001 From: Petr Rudichev Date: Thu, 20 Feb 2025 15:21:20 +0300 Subject: [PATCH 1/2] security: update WebSecurityConfig --- .../com/example/nto/config/WebSecurityConfig.java | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/src/main/java/com/example/nto/config/WebSecurityConfig.java b/src/main/java/com/example/nto/config/WebSecurityConfig.java index 350422c..3d477d5 100644 --- a/src/main/java/com/example/nto/config/WebSecurityConfig.java +++ b/src/main/java/com/example/nto/config/WebSecurityConfig.java @@ -5,7 +5,6 @@ import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.UserDetailsService; @@ -33,21 +32,13 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { http.csrf().disable() .authorizeRequests() .antMatchers("/h2-console/**").permitAll() - .antMatchers("/api/v1/images/**").permitAll() - .antMatchers("/api/v1/volunteers/login").permitAll() - .antMatchers("/api/v1/volunteers/register").permitAll() - - .antMatchers("/api/v1/**").permitAll() - //.antMatchers("/api/v1/**").hasAnyAuthority("ROLE_USER", "ROLE_ADMIN") + .antMatchers("/api/v1/**").hasAnyAuthority("ROLE_USER", "ROLE_ADMIN") + .antMatchers("/api/v1/authorization/login").permitAll() + .antMatchers("/api/v1/authorization/register").permitAll() .anyRequest().authenticated() .and() .httpBasic() .and() .headers().frameOptions().disable(); } - - @Override - public void configure(WebSecurity web) { - web.ignoring().antMatchers("/api/v1/volunteers/images"); - } } From 105d028fa8e50da6c701f4fbe0b4c4a437c3f456 Mon Sep 17 00:00:00 2001 From: Petr Rudichev Date: Thu, 20 Feb 2025 15:22:10 +0300 Subject: [PATCH 2/2] fix: Employee entity and controller --- .../com/example/nto/controller/AuthorizationController.java | 1 + .../java/com/example/nto/controller/EmployeeController.java | 1 - src/main/java/com/example/nto/domain/entity/Employee.java | 5 ----- 3 files changed, 1 insertion(+), 6 deletions(-) diff --git a/src/main/java/com/example/nto/controller/AuthorizationController.java b/src/main/java/com/example/nto/controller/AuthorizationController.java index 54aa07b..c739503 100644 --- a/src/main/java/com/example/nto/controller/AuthorizationController.java +++ b/src/main/java/com/example/nto/controller/AuthorizationController.java @@ -17,6 +17,7 @@ public class AuthorizationController { @GetMapping("/login") public ResponseEntity login(Authentication authentication) { + return ResponseEntity.ok(employeeService.getByEmail(authentication.getName())); } diff --git a/src/main/java/com/example/nto/controller/EmployeeController.java b/src/main/java/com/example/nto/controller/EmployeeController.java index a43b3ba..194868f 100644 --- a/src/main/java/com/example/nto/controller/EmployeeController.java +++ b/src/main/java/com/example/nto/controller/EmployeeController.java @@ -65,5 +65,4 @@ public class EmployeeController { employeeService.patchBlockEmployee(employeeId, blockStatus); return ResponseEntity.noContent().build(); } - } diff --git a/src/main/java/com/example/nto/domain/entity/Employee.java b/src/main/java/com/example/nto/domain/entity/Employee.java index 3b9c8ad..12e7515 100644 --- a/src/main/java/com/example/nto/domain/entity/Employee.java +++ b/src/main/java/com/example/nto/domain/entity/Employee.java @@ -94,11 +94,6 @@ public class Employee implements UserDetails { return List.of(this.role); } - @Override - public String getPassword() { - return this.password; - } - @Override public String getUsername() { return this.email;