Reguły autoryzacji

a4aef070 · Patryk Czarnik · bcd2a63b · a4aef070
Commit a4aef070 authored Oct 05, 2022 by Patryk Czarnik
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 1 deletions

SecurityConfig.java ...epSpring/src/main/java/sklep/security/SecurityConfig.java +8 -1

No files found.
--- a/PC30-SklepSpring/src/main/java/sklep/security/SecurityConfig.java
+++ b/PC30-SklepSpring/src/main/java/sklep/security/SecurityConfig.java
@@ -21,7 +21,14 @@ public class SecurityConfig {
 	@Bean
 	SecurityFilterChain setHttpSecurity(HttpSecurity httpSecurity) throws Exception {
 		httpSecurity.authorizeHttpRequests()
-			.anyRequest().authenticated()
+			.antMatchers("/products/new", "/products/*/edit").hasAuthority("ROLE_manager")
+			.antMatchers("/alt?/**").authenticated() // zalogowany jako ktokolwiek
+			.antMatchers("/", "/whoami", "/*.css").permitAll()
+			.antMatchers("/hello", "/ktora-godzina").permitAll()
+			.antMatchers("/products/**", "/wyszukiwarka").permitAll()
+			.antMatchers("/customers/new", "/customers/*/edit").hasAuthority("ROLE_manager")
+			.antMatchers("/customers/**").permitAll()
+			.anyRequest().denyAll()
 		.and()
 			.formLogin();
 		return httpSecurity.build();