Fix spring security config

This commit is contained in:
Anton Romanov 2025-01-28 12:31:54 +04:00
parent f0c683cd39
commit d7d05132c8

View File

@ -17,18 +17,24 @@ import ru.ulstu.model.UserRoleConstants;
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class SecurityConfiguration {
private final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class);
private final String[] permittedUrls = new String[]{
"/login", "/index", "/news/**",
"/meetings/**", "/files/**", "/docs/**",
"/public/**", "/organizers", "/webjars/**",
"/h2-console/*", "/h2-console",
"/css/**", "/js/**", "/img/**",
"/templates/**", "/webjars/**"};
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
log.debug("Security enabled");
http
.headers(headers -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable))
.csrf(AbstractHttpConfigurer::disable)
.authorizeHttpRequests(auth ->
auth.requestMatchers("/").permitAll()
.requestMatchers("/login", "/index", "/news/**", "/meetings/**", "/files/**", "/docs/**",
"/public/**", "/organizers", "/webjars/**", "/h2-console/*", "/h2-console",
"/css/**", "/js/**", "/img/**", "/templates/**", "/webjars/**").permitAll()
.requestMatchers(permittedUrls).permitAll()
.requestMatchers("/swagger-ui.html").hasAuthority(UserRoleConstants.ADMIN)
.anyRequest().authenticated())
.formLogin(form ->