vuminh224/hackathon
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Changed permission management to a safer one

Browse Source
This commit is contained in:
Alexis Leboeuf
2026-01-12 14:04:57 +01:00
parent 158ee781c6
commit e4dd334832
1 changed files with 2 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
back_end/src/main/java/hackathon/FrisbYEE/config/WebSecurityConfig.java
View File

@@ -30,11 +30,9 @@ public class WebSecurityConfig {
.requestMatchers(HttpMethod.OPTIONS, "/**").permitAll() .requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
// 2. Allow public endpoints BEFORE any authenticated() calls // 2. Allow public endpoints BEFORE any authenticated() calls
.requestMatchers("/athlete/create", "/", "/public").permitAll() .requestMatchers("/athlete/create", "/", "/public").permitAll()
.requestMatchers("/coach/**").permitAll() .requestMatchers("/coach/**").hasRole("coach")
// 3. Authenticated endpoints
.requestMatchers("/users/sync").authenticated()
.requestMatchers("/admin/**").hasRole("admin") .requestMatchers("/admin/**").hasRole("admin")
.requestMatchers("/user/**").hasRole("user") .requestMatchers("/athlete/**").hasRole("athlete")
.anyRequest().authenticated()) .anyRequest().authenticated())
.oauth2ResourceServer(oauth2 -> oauth2 .oauth2ResourceServer(oauth2 -> oauth2
.jwt(jwt -> jwt.jwtAuthenticationConverter(jwtToken -> { .jwt(jwt -> jwt.jwtAuthenticationConverter(jwtToken -> {