Make weather SecurityFilterChain more explicit

36c4c6e0 · Matej Hrica · a94cdd58 · 36c4c6e0
Unverified Commit 36c4c6e0 authored 1 year ago by Matej Hrica
--- a/weather/src/main/java/cz/muni/fi/pa165/weather/server/config/AppConfig.java
+++ b/weather/src/main/java/cz/muni/fi/pa165/weather/server/config/AppConfig.java
 package cz.muni.fi.pa165.weather.server.config;

+import cz.muni.fi.pa165.user.client.Authorities;
 import cz.muni.fi.pa165.user.client.UserServiceInterceptionConfigurer;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -21,8 +22,8 @@ public class AppConfig {
                        .requestMatchers("/v3/api-docs/**").permitAll()
                        .requestMatchers(HttpMethod.GET, "/").permitAll()
                        .requestMatchers(HttpMethod.GET, "/swagger-ui.html").permitAll()
-                        // default
-                        .anyRequest().authenticated()
+                        // MANAGER has access to everything in this service
+                        .anyRequest().hasAuthority(Authorities.MANAGER)
                )
                .oauth2ResourceServer(OAuth2ResourceServerConfigurer::opaqueToken);
        return http.build();