diff --git a/core/src/main/java/cz/muni/pa165/config/SecurityConfig.java b/core/src/main/java/cz/muni/pa165/config/SecurityConfig.java
index 396a438db54215fc25f22b656be3a2a92485222b..5935f7624b6aa3dbd56b5473b5636c64fd886efe 100644
--- a/core/src/main/java/cz/muni/pa165/config/SecurityConfig.java
+++ b/core/src/main/java/cz/muni/pa165/config/SecurityConfig.java
@@ -19,7 +19,6 @@ public class SecurityConfig {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
- http.csrf().disable();
http
.authorizeHttpRequests(x -> x
.requestMatchers("/swagger-ui/**", "/v3/api-docs/**", "/seed", "/clear").permitAll()
@@ -28,7 +27,7 @@ public class SecurityConfig {
.requestMatchers("/carComponent/**").hasAnyAuthority("SCOPE_test_5", "SCOPE_test_1")
.requestMatchers("/car", "/car/**", "/driver/**", "/driver").hasAuthority("SCOPE_test_5")
.requestMatchers("/engineer", "/engineer/**", "/department", "/department/**").hasAuthority("SCOPE_test_5")
- .anyRequest().permitAll()
+ .anyRequest().denyAll()
)
.oauth2ResourceServer(OAuth2ResourceServerConfigurer::opaqueToken)
;
@@ -49,13 +48,13 @@ public class SecurityConfig {
.authorizationUrl("https://oidc.muni.cz/oidc/authorize")
.tokenUrl("https://oidc.muni.cz/oidc/token")
.scopes(new Scopes()
- //.addString("openid", "idk")
.addString("test_5", "manager scope")
.addString("test_1", "engineer scope")
)
)
)
);
+
var managerScopeRequirement = new SecurityRequirement().addList("OAuth2", "test_5");
var engineerScopeRequirement = new SecurityRequirement().addList("OAuth2", "test_1");
@@ -87,7 +86,6 @@ public class SecurityConfig {
openApi.getPaths().get("/engineer").getPost().addSecurityItem(managerScopeRequirement);
openApi.getPaths().get("/engineer/{id}").getGet().addSecurityItem(managerScopeRequirement);
openApi.getPaths().get("/engineer/{id}").getDelete().addSecurityItem(managerScopeRequirement);
-
openApi.getPaths().get("/carComponent").getPost().addSecurityItem(engineerScopeRequirement);
};
}