From 0be1dc7244f0b3c732e871a5c9b94b0477140279 Mon Sep 17 00:00:00 2001 From: jleroy Date: Tue, 23 Apr 2024 11:15:06 +0200 Subject: [PATCH] =?UTF-8?q?Update=20permission=20acc=C3=A8s?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/main/java/fr/eni/enchere/security/WebSecurityConfig.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/main/java/fr/eni/enchere/security/WebSecurityConfig.java b/src/main/java/fr/eni/enchere/security/WebSecurityConfig.java index 79e0542..19f282e 100644 --- a/src/main/java/fr/eni/enchere/security/WebSecurityConfig.java +++ b/src/main/java/fr/eni/enchere/security/WebSecurityConfig.java @@ -16,7 +16,8 @@ public class WebSecurityConfig { http.authorizeHttpRequests((requests) -> requests.requestMatchers("/", "/accueil").permitAll() .requestMatchers("/accueil", "/login", "/inscription").permitAll() .requestMatchers("/css/**", "/images/**", "/assets/**", "/img/**", "/js/**").permitAll() - .requestMatchers("/admin").hasRole("ADMIN") + .requestMatchers("/profile").hasRole("MEMBRE") + .requestMatchers("/admin").hasAnyRole("MEMBRE", "ADMIN") .anyRequest().authenticated()) .formLogin((form) -> form.loginPage("/login").defaultSuccessUrl("/", true)) .logout((logout) -> logout.clearAuthentication(true).invalidateHttpSession(true)