9 changed files with 24 additions and 53 deletions
--- a/front/src/pages/albums.vue
+++ b/front/src/pages/albums.vue
@ -302,23 +302,16 @@ export default {
        },
        addAlbum(album){
            console.log(this.album);
-          axios
-            .create({
+            axios .create({
                                     headers: {
                                         'Authorization': 'Bearer ' + localStorage.getItem("token")
-              }
-            })
-            .post(this.URL + "album", album)
+                                     }}).post(this.URL + "album", album)
                .then(() => {
                    this.getAlbums();
                    this.closeModal();
                })
                .catch(error => {
-              if (error.response && error.response.status === 403) {
-                console.error("Forbidden: User does not have permission to perform this operation");
-              } else {
-                console.error(error);
-              }
+                    console.log(error);
                });
        },
        deleteAlbum(id){
--- a/front/src/pages/registration.vue
+++ b/front/src/pages/registration.vue
@ -7,7 +7,6 @@
                     <div class="form__password">
                         <input class="password-input form-control" v-model="password" id="password" required="" validate="false" placeholder="Пароль" type="password" name="Пароль">
                     </div>
-                     <br>
                     <div class="registration__buttons">
                         <button class="registration__confirm btn btn-primary" id="reg_btn" type="submit">Зарегестрироваться</button><a class="registration__login" href="/login">Уже есть аккаунт</a>
                     </div>
--- a/front/src/pages/songs.vue
+++ b/front/src/pages/songs.vue
@ -60,8 +60,6 @@ import 'axios';
 import axios from "axios";
 import Song from "@/models/Song";
 export default {
-    name: 'Songs',
-    emits: ['login'],
    created() {
        this.getSongs();
        this.getAlbums();
--- a/front/src/pages/users.vue
+++ b/front/src/pages/users.vue
@ -47,11 +47,7 @@ export default {
                              this.users = response.data;
                              })
            .catch(error => {
-                                          if (error.response && error.response.status === 403) {
-                                            console.error("Forbidden: User does not have permission to perform this operation");
-                                          } else {
                console.log(error);
-                                          }
            });
    },
    methods:{
--- a/src/main/java/ru/ulstu/is/sbapp/configuration/SecurityConfiguration.java
+++ b/src/main/java/ru/ulstu/is/sbapp/configuration/SecurityConfiguration.java
@ -18,7 +18,7 @@ import ru.ulstu.is.sbapp.database.service.UserService;

@Configuration
@EnableWebSecurity
-@EnableMethodSecurity(securedEnabled = true, proxyTargetClass = true)
+@EnableMethodSecurity(securedEnabled = true)
 public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
    private final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class);
    public static final String SPA_URL_MASK = "/{path:[^\\.]*}";
@ -42,17 +42,16 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
        http.cors()
                .and()
                .csrf().disable()
-                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER)
+                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .authorizeRequests()
                .antMatchers("/", SPA_URL_MASK).permitAll()
-                .antMatchers("/who_i_am").permitAll()
                .antMatchers(HttpMethod.POST, UserController.URL_LOGIN).permitAll()
                .anyRequest()
                .authenticated()
                .and()
                .addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class)
-                .anonymous().and().logout().permitAll();
+                .anonymous();
    }
    @Override
    protected void configure(AuthenticationManagerBuilder builder) throws Exception {
--- a/src/main/java/ru/ulstu/is/sbapp/controllers/AlbumController.java
+++ b/src/main/java/ru/ulstu/is/sbapp/controllers/AlbumController.java
@ -1,12 +1,9 @@
 package ru.ulstu.is.sbapp.controllers;

 import org.springframework.http.ResponseEntity;
-import org.springframework.security.access.annotation.Secured;
-import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 import ru.ulstu.is.sbapp.configuration.OpenAPI30Configuration;
 import ru.ulstu.is.sbapp.database.model.Artist;
-import ru.ulstu.is.sbapp.database.model.Role;
 import ru.ulstu.is.sbapp.database.model.Song;
 import ru.ulstu.is.sbapp.database.service.AlbumService;

@ -36,7 +33,6 @@ public class AlbumController {
    }

    @PostMapping
-    @PreAuthorize("hasAuthority('ROLE_ADMIN')")
    public AlbumDTO createAlbum(@RequestBody @Valid AlbumDTO albumDTO){
        return new AlbumDTO(albumService.addAlbum(albumDTO.getAlbumName(), albumDTO.getArtistIds()));
    }
--- a/src/main/java/ru/ulstu/is/sbapp/controllers/ArtistController.java
+++ b/src/main/java/ru/ulstu/is/sbapp/controllers/ArtistController.java
@ -1,12 +1,8 @@
 package ru.ulstu.is.sbapp.controllers;

 import javax.validation.Valid;
-
-import org.springframework.security.access.annotation.Secured;
-import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 import ru.ulstu.is.sbapp.configuration.OpenAPI30Configuration;
-import ru.ulstu.is.sbapp.database.model.Role;
 import ru.ulstu.is.sbapp.database.service.ArtistService;

 import java.util.List;
@ -33,7 +29,6 @@ public class ArtistController {
    }

    @PostMapping
-    @PreAuthorize("hasAuthority('ROLE_ADMIN')")
    public ArtistDTO createArtist(@RequestBody @Valid ArtistDTO artistDTO){
        return new ArtistDTO(artistService.addArtist(artistDTO.getArtistName(), artistDTO.getGenre()));
    }
--- a/src/main/java/ru/ulstu/is/sbapp/controllers/SongController.java
+++ b/src/main/java/ru/ulstu/is/sbapp/controllers/SongController.java
@ -1,12 +1,8 @@
 package ru.ulstu.is.sbapp.controllers;

 import javax.validation.Valid;
-
-import org.springframework.security.access.annotation.Secured;
-import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 import ru.ulstu.is.sbapp.configuration.OpenAPI30Configuration;
-import ru.ulstu.is.sbapp.database.model.Role;
 import ru.ulstu.is.sbapp.database.service.AlbumService;
 import ru.ulstu.is.sbapp.database.service.SongService;

@ -36,7 +32,6 @@ public class SongController {
    }

    @PostMapping
-    @PreAuthorize("hasAuthority('ROLE_ADMIN')")
    public SongDTO createSong(@RequestBody @Valid SongDTO songDTO){
        return new SongDTO(songService.addSong(songDTO.getSongName(), songDTO.getDuration()));
    }
--- a/src/main/java/ru/ulstu/is/sbapp/controllers/UserController.java
+++ b/src/main/java/ru/ulstu/is/sbapp/controllers/UserController.java
@ -2,7 +2,6 @@ package ru.ulstu.is.sbapp.controllers;

 import javax.validation.Valid;
 import org.springframework.security.access.annotation.Secured;
-import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 import ru.ulstu.is.sbapp.database.model.User;
 import ru.ulstu.is.sbapp.database.model.Role;
@ -40,11 +39,12 @@ public class UserController {
        }
    }
    @GetMapping("/{id}")
+    @Secured({Role.AsString.ADMIN})
    public UserDTO getUser(@PathVariable Long id) {
        return new UserDTO(userService.findUser(id));
    }
    @GetMapping("/")
-    @PreAuthorize("hasAuthority('ROLE_ADMIN')")
+    @Secured({Role.AsString.ADMIN})
    public List<UserDTO> getUsers() {
        return userService.findAllUsers().stream()
                .map(UserDTO::new)