Page 460 - MDP2022-3

P. 460

CorsFilter corsFilter
) {
this.jwtTokenProvider = jwtTokenProvider;
this.corsFilter = corsFilter;
}

@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}

@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.csrf().disable()
.formLogin().disable()
.addFilterBefore(corsFilter, UsernamePasswordAuthenticationFilter.class)
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)

.and()
.authorizeRequests()
.antMatchers("/api/signUp").permitAll()
.antMatchers("/api/login").permitAll()
.antMatchers("/api/get").permitAll()
.antMatchers("/api/refresh/{userNickName}").permitAll()
.antMatchers("/api/printAll").access("hasAnyRole('ADMIN')")
// .antMatchers("/api/{userNickname}").access("hasAnyRole('USER','ADMIN')")

.antMatchers("/api/userDelete/{userNickName}").access("hasAnyRole('USER','ADMIN')")
.antMatchers("/api/{userNickname}/**").permitAll()

.antMatchers("/api/{departStatus}/{userNickname}/reportUpload").access("hasAnyRole('USER','A
DMIN')")

.antMatchers("/api/{userNickname}/{reportId}").access("hasAnyRole('USER','ADMIN')")
.antMatchers("/api/{departStatus}/showAll").access("hasAnyRole('USER',
'ADMIN')")

.antMatchers("/api/{userNickname}/reportDelete").access("hasAnyRole('USER','ADMIN')")
.antMatchers("/{departStatus}/showAll").permitAll()

455 456 457 458 459 460 461 462 463 464 465