|
|
@@ -57,12 +57,9 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
|
|
http.cors().and().csrf().disable().
|
|
|
authorizeRequests()
|
|
|
.antMatchers("/auth/**").permitAll()
|
|
|
- // next line for secured app
|
|
|
- //.antMatchers("/restApi/students/**").hasAnyRole("ADMIN","USER") //hasRole("ADMIN")
|
|
|
- // next app for not secured version (lecture with REST)
|
|
|
- .antMatchers("/students/**").permitAll()
|
|
|
- .antMatchers("/exampleSecurity/user").hasRole("USER")
|
|
|
- .antMatchers("/exampleSecurity/admin").hasRole("ADMIN")
|
|
|
+ .antMatchers("/students/**").hasRole("ADMIN")
|
|
|
+ .antMatchers("/subject/student/**").hasRole("USER")
|
|
|
+ .antMatchers("/subject/**").hasRole("ADMIN")
|
|
|
.anyRequest().authenticated()
|
|
|
.and()
|
|
|
.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
|
Marcin Jaborski