Updated forgotten security settings

3670840c · Andrej Zabka · 73fe8671 · 3670840c
Commit 3670840c authored 1 year ago by Andrej Zabka
--- a/core/src/main/java/cz/muni/pa165/config/SecurityConfig.java
+++ b/core/src/main/java/cz/muni/pa165/config/SecurityConfig.java
@@ -19,7 +19,6 @@ public class SecurityConfig {

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        http.csrf().disable();
        http
                .authorizeHttpRequests(x -> x
                        .requestMatchers("/swagger-ui/**", "/v3/api-docs/**", "/seed", "/clear").permitAll()
@@ -28,7 +27,7 @@ public class SecurityConfig {
                        .requestMatchers("/carComponent/**").hasAnyAuthority("SCOPE_test_5", "SCOPE_test_1")
                        .requestMatchers("/car", "/car/**", "/driver/**", "/driver").hasAuthority("SCOPE_test_5")
                        .requestMatchers("/engineer", "/engineer/**", "/department", "/department/**").hasAuthority("SCOPE_test_5")
-                        .anyRequest().permitAll()
+                        .anyRequest().denyAll()
                )
                .oauth2ResourceServer(OAuth2ResourceServerConfigurer::opaqueToken)
        ;
@@ -49,13 +48,13 @@ public class SecurityConfig {
                                                    .authorizationUrl("https://oidc.muni.cz/oidc/authorize")
                                                    .tokenUrl("https://oidc.muni.cz/oidc/token")
                                                    .scopes(new Scopes()
-                                                            //.addString("openid", "idk")
                                                            .addString("test_5", "manager scope")
                                                            .addString("test_1", "engineer scope")
                                                    )
                                            )
                                    )
                    );
+
            var managerScopeRequirement = new SecurityRequirement().addList("OAuth2", "test_5");
            var engineerScopeRequirement = new SecurityRequirement().addList("OAuth2", "test_1");

@@ -87,7 +86,6 @@ public class SecurityConfig {
            openApi.getPaths().get("/engineer").getPost().addSecurityItem(managerScopeRequirement);
            openApi.getPaths().get("/engineer/{id}").getGet().addSecurityItem(managerScopeRequirement);
            openApi.getPaths().get("/engineer/{id}").getDelete().addSecurityItem(managerScopeRequirement);
-
            openApi.getPaths().get("/carComponent").getPost().addSecurityItem(engineerScopeRequirement);
        };
    }