notminus_onlyc/notminusonlycplusplus-back
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

security: update WebSecurityConfig

Browse Source
This commit is contained in:
Petr Rudichev 2025-02-20 15:21:20 +03:00
parent c76f57da93
commit f6ca912ed1
1 changed files with 3 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/main/java/com/example/nto/config/WebSecurityConfig.java
View File

@ -5,7 +5,6 @@ import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
@ -33,21 +32,13 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
http.csrf().disable()
.authorizeRequests()
.antMatchers("/h2-console/**").permitAll()
.antMatchers("/api/v1/images/**").permitAll()
.antMatchers("/api/v1/volunteers/login").permitAll()
.antMatchers("/api/v1/volunteers/register").permitAll()
.antMatchers("/api/v1/**").permitAll()
//.antMatchers("/api/v1/**").hasAnyAuthority("ROLE_USER", "ROLE_ADMIN")
.antMatchers("/api/v1/**").hasAnyAuthority("ROLE_USER", "ROLE_ADMIN")
.antMatchers("/api/v1/authorization/login").permitAll()
.antMatchers("/api/v1/authorization/register").permitAll()
.anyRequest().authenticated()
.and()
.httpBasic()
.and()
.headers().frameOptions().disable();
}
@Override
public void configure(WebSecurity web) {
web.ignoring().antMatchers("/api/v1/volunteers/images");
}
}