reguły dostępu za pomocą antMatchers

PC30-SklepSpring/src/main/java/sklep/alternatywne_wersje_bazy_danych/ProductController_v8.java

@@ -12,7 +12,6 @@ import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
 
 import sklep.model.Product;
-import sklep.repository.ProductRepository;
 
 @Controller
 @RequestMapping("/alt8")

PC30-SklepSpring/src/main/java/sklep/security/SecurityConfig.java

@@ -3,6 +3,7 @@ package sklep.security;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.ObjectPostProcessor;
 import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
@@ -15,9 +16,17 @@ public class SecurityConfig {
 	@Bean
 	SecurityFilterChain setHttpSecurity(HttpSecurity httpSecurity) throws Exception {
 		httpSecurity.authorizeHttpRequests()
-				.anyRequest().authenticated()
-			.and()
-				.httpBasic()
+			// .antMatchers(HttpMethod.POST).authenticated()
+			.antMatchers("/", "/whoami", "/*.css").permitAll()
+			.antMatchers("/hello", "/time").permitAll()
+			.antMatchers("/alt?/**").authenticated() // zalogowany jako ktokolwiek
+			.antMatchers("/products/new", "/products/*/edit").hasAuthority("ROLE_manager")
+			.antMatchers("/products/**").permitAll()
+			.antMatchers("/customers/new", "/customers/*/edit").hasAuthority("ROLE_manager")
+			.antMatchers("/customers/**").authenticated()
+			.anyRequest().denyAll()
+		.and()
+			.formLogin()
 		;
 		return httpSecurity.build();
 	}