так правильнее
This commit is contained in:
parent
4e3dfdab49
commit
c5dfae5f3e
@ -15,7 +15,7 @@ export default function App() {
|
||||
{path: 'films', label: 'Главная', userAccess: 'NONE'},
|
||||
{path: 'registration', label: 'Регистрация', userAccess: 'NONE'},
|
||||
{path: 'entry', label: 'Вход', userAccess: 'NONE'},
|
||||
{path: 'users', label: 'Пользователи', userAccess: 'ADMIN'},
|
||||
{path: 'users', label: 'Пользователи', userAccess: 'USER'},
|
||||
{path: 'sessions', label: 'Сеансы', userAccess: 'NONE'},
|
||||
{path: 'orders', label: 'Заказы', userAccess: 'USER'}
|
||||
];
|
||||
@ -35,7 +35,7 @@ export default function App() {
|
||||
<Route element={<PrivateRoutes userAccess='USER'/>}>
|
||||
<Route element={<Orders/>} path="/orders"/>
|
||||
</Route>
|
||||
<Route element={<PrivateRoutes userAccess="ADMIN"/>}>
|
||||
<Route element={<PrivateRoutes userAccess='USER'/>}>
|
||||
<Route element={<Users/>} path="/users"/>
|
||||
</Route>
|
||||
</Routes>
|
||||
|
@ -11,14 +11,18 @@ import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.builders.WebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
|
||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
@EnableMethodSecurity(securedEnabled = true)
|
||||
public class SecurityConfiguration {
|
||||
private final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class);
|
||||
public static final String SPA_URL_MASK = "/{path:[^\\.]*}";
|
||||
@ -51,13 +55,12 @@ public class SecurityConfiguration {
|
||||
.requestMatchers("/", SPA_URL_MASK).permitAll()
|
||||
.requestMatchers(HttpMethod.POST, CustomerController.URL_LOGIN).permitAll()
|
||||
.requestMatchers(HttpMethod.POST, CustomerController.URL_SIGNUP).permitAll()
|
||||
.requestMatchers(HttpMethod.POST, CustomerController.URL_GET_ROLE).permitAll()
|
||||
.anyRequest()
|
||||
.authenticated()
|
||||
.and()
|
||||
.addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class)
|
||||
.anonymous();
|
||||
return http.build();
|
||||
return http.userDetailsService(userService).build();
|
||||
}
|
||||
|
||||
@Bean
|
||||
|
@ -11,6 +11,8 @@ import org.springframework.data.domain.Page;
|
||||
import org.springframework.data.domain.PageRequest;
|
||||
import org.springframework.data.domain.Pageable;
|
||||
import org.springframework.security.access.annotation.Secured;
|
||||
import org.springframework.security.core.context.SecurityContext;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
|
||||
@ -61,17 +63,10 @@ public class CustomerController {
|
||||
return user.getRole().toString();
|
||||
}
|
||||
|
||||
@GetMapping(OpenAPI30Configuration.API_PREFIX + URL_MAIN)
|
||||
@Secured({UserRole.AsString.ADMIN})
|
||||
@GetMapping(OpenAPI30Configuration.API_PREFIX + URL_MAIN)
|
||||
public Page<CustomerDto> getCustomers(@RequestParam(defaultValue = "1") int page,
|
||||
@RequestParam(defaultValue = "5") int size) {
|
||||
/*final Page<CustomerDto> users = customerService.findAllPages(page, size)
|
||||
.map(CustomerDto::new);
|
||||
final int totalPages = users.getTotalPages();
|
||||
final List<Integer> pageNumbers = IntStream.rangeClosed(1, totalPages)
|
||||
.boxed()
|
||||
.toList();
|
||||
return Pair.of(users, pageNumbers);*/
|
||||
final Page<CustomerDto> users = customerService.findAllPages(page, size)
|
||||
.map(CustomerDto::new);
|
||||
return users;
|
||||
|
Loading…
Reference in New Issue
Block a user