From 3a98049e938975649ad913aea3301effe364231e Mon Sep 17 00:00:00 2001 From: jleroy Date: Tue, 23 Apr 2024 11:17:54 +0200 Subject: [PATCH] =?UTF-8?q?Update=20permission=20acc=C3=A8s?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit (cherry picked from commit 9fbd893865d74d401cee228c6c368103bb12a2eb) --- src/main/java/fr/eni/enchere/security/WebSecurityConfig.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/main/java/fr/eni/enchere/security/WebSecurityConfig.java b/src/main/java/fr/eni/enchere/security/WebSecurityConfig.java index 5b90f97..a4a0537 100644 --- a/src/main/java/fr/eni/enchere/security/WebSecurityConfig.java +++ b/src/main/java/fr/eni/enchere/security/WebSecurityConfig.java @@ -16,7 +16,8 @@ public class WebSecurityConfig { http.authorizeHttpRequests((requests) -> requests.requestMatchers("/", "/accueil").permitAll() .requestMatchers("/accueil", "/login", "/inscription", "/searchArticle").permitAll() .requestMatchers("/css/**", "/images/**", "/assets/**", "/img/**", "/js/**").permitAll() - .requestMatchers("/admin").hasRole("ADMIN") + .requestMatchers("/profile").hasAnyRole("MEMBRE", "ADMIN") + .requestMatchers("/admin").hasRole("MEMBRE") .anyRequest().authenticated()) .formLogin((form) -> form.loginPage("/login").defaultSuccessUrl("/", true)) .logout((logout) -> logout.clearAuthentication(true).invalidateHttpSession(true)