так правильнее
This commit is contained in:
parent
4e3dfdab49
commit
c5dfae5f3e
@ -15,7 +15,7 @@ export default function App() {
|
|||||||
{path: 'films', label: 'Главная', userAccess: 'NONE'},
|
{path: 'films', label: 'Главная', userAccess: 'NONE'},
|
||||||
{path: 'registration', label: 'Регистрация', userAccess: 'NONE'},
|
{path: 'registration', label: 'Регистрация', userAccess: 'NONE'},
|
||||||
{path: 'entry', label: 'Вход', userAccess: 'NONE'},
|
{path: 'entry', label: 'Вход', userAccess: 'NONE'},
|
||||||
{path: 'users', label: 'Пользователи', userAccess: 'ADMIN'},
|
{path: 'users', label: 'Пользователи', userAccess: 'USER'},
|
||||||
{path: 'sessions', label: 'Сеансы', userAccess: 'NONE'},
|
{path: 'sessions', label: 'Сеансы', userAccess: 'NONE'},
|
||||||
{path: 'orders', label: 'Заказы', userAccess: 'USER'}
|
{path: 'orders', label: 'Заказы', userAccess: 'USER'}
|
||||||
];
|
];
|
||||||
@ -35,7 +35,7 @@ export default function App() {
|
|||||||
<Route element={<PrivateRoutes userAccess='USER'/>}>
|
<Route element={<PrivateRoutes userAccess='USER'/>}>
|
||||||
<Route element={<Orders/>} path="/orders"/>
|
<Route element={<Orders/>} path="/orders"/>
|
||||||
</Route>
|
</Route>
|
||||||
<Route element={<PrivateRoutes userAccess="ADMIN"/>}>
|
<Route element={<PrivateRoutes userAccess='USER'/>}>
|
||||||
<Route element={<Users/>} path="/users"/>
|
<Route element={<Users/>} path="/users"/>
|
||||||
</Route>
|
</Route>
|
||||||
</Routes>
|
</Routes>
|
||||||
|
|||||||
@ -11,14 +11,18 @@ import org.springframework.context.annotation.Configuration;
|
|||||||
import org.springframework.http.HttpMethod;
|
import org.springframework.http.HttpMethod;
|
||||||
import org.springframework.security.authentication.AuthenticationManager;
|
import org.springframework.security.authentication.AuthenticationManager;
|
||||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||||
|
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.builders.WebSecurity;
|
import org.springframework.security.config.annotation.web.builders.WebSecurity;
|
||||||
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
|
||||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||||
import org.springframework.security.web.SecurityFilterChain;
|
import org.springframework.security.web.SecurityFilterChain;
|
||||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
||||||
|
|
||||||
@Configuration
|
@Configuration
|
||||||
|
@EnableWebSecurity
|
||||||
|
@EnableMethodSecurity(securedEnabled = true)
|
||||||
public class SecurityConfiguration {
|
public class SecurityConfiguration {
|
||||||
private final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class);
|
private final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class);
|
||||||
public static final String SPA_URL_MASK = "/{path:[^\\.]*}";
|
public static final String SPA_URL_MASK = "/{path:[^\\.]*}";
|
||||||
@ -51,13 +55,12 @@ public class SecurityConfiguration {
|
|||||||
.requestMatchers("/", SPA_URL_MASK).permitAll()
|
.requestMatchers("/", SPA_URL_MASK).permitAll()
|
||||||
.requestMatchers(HttpMethod.POST, CustomerController.URL_LOGIN).permitAll()
|
.requestMatchers(HttpMethod.POST, CustomerController.URL_LOGIN).permitAll()
|
||||||
.requestMatchers(HttpMethod.POST, CustomerController.URL_SIGNUP).permitAll()
|
.requestMatchers(HttpMethod.POST, CustomerController.URL_SIGNUP).permitAll()
|
||||||
.requestMatchers(HttpMethod.POST, CustomerController.URL_GET_ROLE).permitAll()
|
|
||||||
.anyRequest()
|
.anyRequest()
|
||||||
.authenticated()
|
.authenticated()
|
||||||
.and()
|
.and()
|
||||||
.addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class)
|
.addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class)
|
||||||
.anonymous();
|
.anonymous();
|
||||||
return http.build();
|
return http.userDetailsService(userService).build();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
|
|||||||
@ -11,6 +11,8 @@ import org.springframework.data.domain.Page;
|
|||||||
import org.springframework.data.domain.PageRequest;
|
import org.springframework.data.domain.PageRequest;
|
||||||
import org.springframework.data.domain.Pageable;
|
import org.springframework.data.domain.Pageable;
|
||||||
import org.springframework.security.access.annotation.Secured;
|
import org.springframework.security.access.annotation.Secured;
|
||||||
|
import org.springframework.security.core.context.SecurityContext;
|
||||||
|
import org.springframework.security.core.context.SecurityContextHolder;
|
||||||
import org.springframework.security.core.userdetails.UserDetails;
|
import org.springframework.security.core.userdetails.UserDetails;
|
||||||
import org.springframework.web.bind.annotation.*;
|
import org.springframework.web.bind.annotation.*;
|
||||||
|
|
||||||
@ -61,17 +63,10 @@ public class CustomerController {
|
|||||||
return user.getRole().toString();
|
return user.getRole().toString();
|
||||||
}
|
}
|
||||||
|
|
||||||
@GetMapping(OpenAPI30Configuration.API_PREFIX + URL_MAIN)
|
|
||||||
@Secured({UserRole.AsString.ADMIN})
|
@Secured({UserRole.AsString.ADMIN})
|
||||||
|
@GetMapping(OpenAPI30Configuration.API_PREFIX + URL_MAIN)
|
||||||
public Page<CustomerDto> getCustomers(@RequestParam(defaultValue = "1") int page,
|
public Page<CustomerDto> getCustomers(@RequestParam(defaultValue = "1") int page,
|
||||||
@RequestParam(defaultValue = "5") int size) {
|
@RequestParam(defaultValue = "5") int size) {
|
||||||
/*final Page<CustomerDto> users = customerService.findAllPages(page, size)
|
|
||||||
.map(CustomerDto::new);
|
|
||||||
final int totalPages = users.getTotalPages();
|
|
||||||
final List<Integer> pageNumbers = IntStream.rangeClosed(1, totalPages)
|
|
||||||
.boxed()
|
|
||||||
.toList();
|
|
||||||
return Pair.of(users, pageNumbers);*/
|
|
||||||
final Page<CustomerDto> users = customerService.findAllPages(page, size)
|
final Page<CustomerDto> users = customerService.findAllPages(page, size)
|
||||||
.map(CustomerDto::new);
|
.map(CustomerDto::new);
|
||||||
return users;
|
return users;
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user