Reguły autoryzacji

PC30-SklepSpring/src/main/java/sklep/security/SecurityConfig.java

@@ -21,7 +21,14 @@ public class SecurityConfig {
 	@Bean
 	SecurityFilterChain setHttpSecurity(HttpSecurity httpSecurity) throws Exception {
 		httpSecurity.authorizeHttpRequests()
-			.anyRequest().authenticated()
+			.antMatchers("/products/new", "/products/*/edit").hasAuthority("ROLE_manager")
+			.antMatchers("/alt?/**").authenticated() // zalogowany jako ktokolwiek
+			.antMatchers("/", "/whoami", "/*.css").permitAll()
+			.antMatchers("/hello", "/ktora-godzina").permitAll()
+			.antMatchers("/products/**", "/wyszukiwarka").permitAll()
+			.antMatchers("/customers/new", "/customers/*/edit").hasAuthority("ROLE_manager")
+			.antMatchers("/customers/**").permitAll()
+			.anyRequest().denyAll()
 		.and()
 			.formLogin();
 		return httpSecurity.build();