Update permission accès

2024-04-23 14:44:43 +02:00
parent b983676adb
commit 3ca27ce33d
8 changed files with 202 additions and 38 deletions
--- a/src/main/java/fr/eni/enchere/security/WebSecurityConfig.java
+++ b/src/main/java/fr/eni/enchere/security/WebSecurityConfig.java
@@ -13,15 +13,15 @@ public class WebSecurityConfig {

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-        http.authorizeHttpRequests((requests) -> requests.requestMatchers("/", "/accueil").permitAll()
-                        .requestMatchers("/accueil", "/login", "/inscription", "/searchArticle").permitAll()
+        http.authorizeHttpRequests((requests) -> requests
+                        .requestMatchers("/", "/accueil").permitAll()
+                        .requestMatchers("/accueil", "/login", "/inscription/**", "/searchArticle", "/profile/**").permitAll()
                        .requestMatchers("/css/**", "/images/**", "/assets/**", "/img/**", "/js/**").permitAll()
-                        .requestMatchers("/profile").hasAnyRole("MEMBRE", "ADMIN")
                        .requestMatchers("/admin").hasRole("ADMIN")
                        .anyRequest().authenticated())
                .formLogin((form) -> form.loginPage("/login").defaultSuccessUrl("/", true))
                .logout((logout) -> logout.clearAuthentication(true).invalidateHttpSession(true)
-                        .deleteCookies("JSESSIONID").logoutSuccessUrl("/filmLogout")
+                        .deleteCookies("JSESSIONID").logoutSuccessUrl("/logout")
                        .logoutRequestMatcher(new AntPathRequestMatcher("/logout")).permitAll());

        return http.build();