Мобильная версияКод: Выделить всё
org.springdoc
springdoc-openapi-starter-webmvc-ui
2.0.2
Код: Выделить всё
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) {
try {
return http
.authorizeHttpRequests(authCustomizer -> authCustomizer
.requestMatchers(HttpMethod.POST,
"/api/users/register", "/api/users/login", "/swagger-ui/**").permitAll()
.requestMatchers(HttpMethod.GET, "/api/users/{id}").hasRole("USER")
.requestMatchers(HttpMethod.PUT, "/api/users/{id}").hasRole("USER")
.requestMatchers(HttpMethod.DELETE, "/api/users/{id}").hasRole("USER")
.requestMatchers(HttpMethod.POST, "/api/transactions").hasRole("USER")
.requestMatchers(HttpMethod.GET, "/api/transactions/{id}").hasRole("USER")
.requestMatchers(HttpMethod.PUT, "/api/transactions/{id}").hasRole("USER")
.requestMatchers(HttpMethod.DELETE, "/api/transactions/{id}").hasRole("USER")
)
.build();
} catch (Exception e) {
throw new RuntimeException(e);
}
}
}
Подробнее здесь: https://stackoverflow.com/questions/783 ... -localhost
