oppdatert med sikring av metodene

tofiksa · Jul 23, 2024 · 22498f6 · 22498f6
1 parent 9ede0ed
commit 22498f6
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 6 deletions.
diff --git a/src/main/java/no/josefushighscore/configure/SecurityConfiguration.java b/src/main/java/no/josefushighscore/configure/SecurityConfiguration.java
@@ -3,6 +3,7 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.http.SessionCreationPolicy;
@@ -16,6 +17,7 @@
 
 @Configuration
 @EnableWebSecurity
+@EnableMethodSecurity
 public class SecurityConfiguration {
     private final AuthenticationProvider authenticationProvider;
     private final JwtAuthenticationFilter jwtAuthenticationFilter;
@@ -33,10 +35,9 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
         http.csrf()
                 .disable()
                 .authorizeHttpRequests()
-                .requestMatchers("/auth/**")
-                .permitAll()
-                .requestMatchers("/swagger-ui.html", "/swagger-ui/**", "/swagger-resources/**", "/swagger-resources", "/v3/api-docs/*", "/v3/api-docs").hasRole("ANONYMOUS")
-                .requestMatchers("/register/**").hasRole("ANONYMOUS")
+                .requestMatchers("/auth/**").permitAll()
+                .requestMatchers("/swagger-ui.html", "/swagger-ui/**", "/swagger-resources/**", "/swagger-resources", "/v3/api-docs/*", "/v3/api-docs").permitAll()
+                .requestMatchers("/register/**").permitAll()
                 .anyRequest()
                 .authenticated()
                 .and()

diff --git a/src/main/java/no/josefushighscore/controller/UserInfoController.java b/src/main/java/no/josefushighscore/controller/UserInfoController.java
@@ -4,7 +4,7 @@
 import no.josefushighscore.service.UserService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
-import org.springframework.security.access.annotation.Secured;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -19,7 +19,7 @@ public class UserInfoController {
     private UserService userService;
 
 
-    @Secured("ROLE_USER")
+    @PreAuthorize("hasRole('ROLE_USER')")
     @GetMapping("/me")
     public ResponseEntity currentUser(@AuthenticationPrincipal UserDetails userDetails) throws InvalidJwtAuthenticationException {
         return ok(userService.getUserDetails(userDetails.getUsername()));