lab6 vue done

front/src/pages/registration.vue

@@ -7,6 +7,7 @@
                      <div class="form__password">
                          <input class="password-input form-control" v-model="password" id="password" required="" validate="false" placeholder="Пароль" type="password" name="Пароль">
                      </div>
+                     <br>
                      <div class="registration__buttons">
                          <button class="registration__confirm btn btn-primary" id="reg_btn" type="submit">Зарегестрироваться</button><a class="registration__login" href="/login">Уже есть аккаунт</a>
                      </div>

front/src/pages/users.vue

@@ -50,7 +50,7 @@ export default {
                                           if (error.response && error.response.status === 403) {
                                             console.error("Forbidden: User does not have permission to perform this operation");
                                           } else {
-                                            console.error(error);
+                                            console.log(error);
                                           }
                             });
     },

src/main/java/ru/ulstu/is/sbapp/configuration/SecurityConfiguration.java

@@ -18,7 +18,7 @@ import ru.ulstu.is.sbapp.database.service.UserService;
 
 @Configuration
 @EnableWebSecurity
-@EnableMethodSecurity(securedEnabled = true)
+@EnableMethodSecurity(securedEnabled = true, proxyTargetClass = true)
 public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
     private final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class);
     public static final String SPA_URL_MASK = "/{path:[^\\.]*}";
@@ -42,16 +42,17 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
         http.cors()
                 .and()
                 .csrf().disable()
-                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER)
                 .and()
                 .authorizeRequests()
                 .antMatchers("/", SPA_URL_MASK).permitAll()
+                .antMatchers("/who_i_am").permitAll()
                 .antMatchers(HttpMethod.POST, UserController.URL_LOGIN).permitAll()
                 .anyRequest()
                 .authenticated()
                 .and()
                 .addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class)
-                .anonymous();
+                .anonymous().and().logout().permitAll();
     }
     @Override
     protected void configure(AuthenticationManagerBuilder builder) throws Exception {

src/main/java/ru/ulstu/is/sbapp/controllers/AlbumController.java

@@ -1,9 +1,12 @@
 package ru.ulstu.is.sbapp.controllers;
 
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.annotation.Secured;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 import ru.ulstu.is.sbapp.configuration.OpenAPI30Configuration;
 import ru.ulstu.is.sbapp.database.model.Artist;
+import ru.ulstu.is.sbapp.database.model.Role;
 import ru.ulstu.is.sbapp.database.model.Song;
 import ru.ulstu.is.sbapp.database.service.AlbumService;
 
@@ -33,6 +36,7 @@ public class AlbumController {
     }
 
     @PostMapping
+    @PreAuthorize("hasAuthority('ROLE_ADMIN')")
     public AlbumDTO createAlbum(@RequestBody @Valid AlbumDTO albumDTO){
         return new AlbumDTO(albumService.addAlbum(albumDTO.getAlbumName(), albumDTO.getArtistIds()));
     }

src/main/java/ru/ulstu/is/sbapp/controllers/ArtistController.java

@@ -1,8 +1,12 @@
 package ru.ulstu.is.sbapp.controllers;
 
 import javax.validation.Valid;
+
+import org.springframework.security.access.annotation.Secured;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 import ru.ulstu.is.sbapp.configuration.OpenAPI30Configuration;
+import ru.ulstu.is.sbapp.database.model.Role;
 import ru.ulstu.is.sbapp.database.service.ArtistService;
 
 import java.util.List;
@@ -29,6 +33,7 @@ public class ArtistController {
     }
 
     @PostMapping
+    @PreAuthorize("hasAuthority('ROLE_ADMIN')")
     public ArtistDTO createArtist(@RequestBody @Valid ArtistDTO artistDTO){
         return new ArtistDTO(artistService.addArtist(artistDTO.getArtistName(), artistDTO.getGenre()));
     }

src/main/java/ru/ulstu/is/sbapp/controllers/SongController.java

@@ -1,8 +1,12 @@
 package ru.ulstu.is.sbapp.controllers;
 
 import javax.validation.Valid;
+
+import org.springframework.security.access.annotation.Secured;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 import ru.ulstu.is.sbapp.configuration.OpenAPI30Configuration;
+import ru.ulstu.is.sbapp.database.model.Role;
 import ru.ulstu.is.sbapp.database.service.AlbumService;
 import ru.ulstu.is.sbapp.database.service.SongService;
 
@@ -32,6 +36,7 @@ public class SongController {
     }
 
     @PostMapping
+    @PreAuthorize("hasAuthority('ROLE_ADMIN')")
     public SongDTO createSong(@RequestBody @Valid SongDTO songDTO){
         return new SongDTO(songService.addSong(songDTO.getSongName(), songDTO.getDuration()));
     }

src/main/java/ru/ulstu/is/sbapp/controllers/UserController.java

@@ -44,7 +44,7 @@ public class UserController {
         return new UserDTO(userService.findUser(id));
     }
     @GetMapping("/")
-    @PreAuthorize("hasAuthority('ADMIN')")
+    @PreAuthorize("hasAuthority('ROLE_ADMIN')")
     public List<UserDTO> getUsers() {
         return userService.findAllUsers().stream()
                 .map(UserDTO::new)