vuminh224/hackathon
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

//TODO WebSecurityConfig

Browse Source
This commit is contained in:
tuanvu
2026-01-08 12:34:24 +01:00
parent 988a7c16b3
commit 919149e012
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
back_end/src/main/java/hackathon/FrisbYEE/config/WebSecurityConfig.java
View File

@@ -26,7 +26,13 @@ public class WebSecurityConfig {
.cors(cors -> cors.configurationSource(corsConfigurationSource())) .cors(cors -> cors.configurationSource(corsConfigurationSource()))
.csrf(csrf -> csrf.disable()) .csrf(csrf -> csrf.disable())
.authorizeHttpRequests(auth -> auth .authorizeHttpRequests(auth -> auth
.requestMatchers(HttpMethod.OPTIONS, "/", "/public", "/coach/**","/athlete/**").permitAll() // allow coach endpoints // TODO //TODO // T O D O
.requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
// 2. Allow public endpoints BEFORE any authenticated() calls
.requestMatchers("/athlete/create", "/", "/public").permitAll()
.requestMatchers("/coach/**").permitAll()
// 3. Authenticated endpoints
.requestMatchers("/users/sync").authenticated()
.requestMatchers("/admin/**").hasRole("admin") .requestMatchers("/admin/**").hasRole("admin")
.requestMatchers("/user/**").hasRole("user") .requestMatchers("/user/**").hasRole("user")
.anyRequest().authenticated()) .anyRequest().authenticated())