feat: [ServicioSeguridad]: Añadidas urls

1ad6a309 · Rubén Ramírez · c1dbc3d3 · 1ad6a309
Commit 1ad6a309 authored Feb 24, 2025 by Rubén Ramírez
Showing with 32 additions and 29 deletions
src/main/java/com/ujaen/tfg/mangaffinity/seguridad/ServicioSeguridad.java
--- a/src/main/java/com/ujaen/tfg/mangaffinity/seguridad/ServicioSeguridad.java
+++ b/src/main/java/com/ujaen/tfg/mangaffinity/seguridad/ServicioSeguridad.java
@@ -20,37 +20,40 @@ public class ServicioSeguridad {
        this.jwtUtil = jwtUtil;
    }

-    @Bean
-    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-        return http
-                .csrf(csrf -> csrf.disable())
-                .sessionManagement(session -> session.disable())
-                .httpBasic(httpBasic -> httpBasic.realmName("mangaffinity"))
-                .authorizeHttpRequests(request -> request
-                        .requestMatchers(HttpMethod.POST, "/usuarios/{email}").permitAll()
-                        .requestMatchers(HttpMethod.POST, "/usuarios/").permitAll()
-                        .requestMatchers(HttpMethod.GET, "/recursos/titulo/**").permitAll()
-                        .requestMatchers(HttpMethod.GET, "/recursos/autor/**").permitAll()
-                        .requestMatchers(HttpMethod.GET, "/recursos/genero/**").permitAll()
-                        .requestMatchers(HttpMethod.GET, "/recursos/fecha").permitAll()
-                        .requestMatchers(HttpMethod.GET, "/recursos/{id}").permitAll()
-                        .requestMatchers(HttpMethod.GET, "/recursos").hasAuthority("ROLE_ADMIN")
-                        .requestMatchers(HttpMethod.POST, "/recursos/").hasAuthority("ROLE_ADMIN")
-                        .requestMatchers(HttpMethod.PUT, "/recursos/{id}").hasAuthority("ROLE_ADMIN")
-                        .requestMatchers(HttpMethod.DELETE, "/recursos/{id}").hasAuthority("ROLE_ADMIN")
-                        .requestMatchers(HttpMethod.POST, "/recursos/{id}/capitulos").hasAuthority("ROLE_ADMIN")
-                        .requestMatchers(HttpMethod.GET, "/recursos/{id}/capitulos").permitAll()
-
-                        .anyRequest().authenticated()
-                )
-                .addFilterBefore(new JwtFilter(jwtUtil), UsernamePasswordAuthenticationFilter.class)
-                .build();
+        @Bean
+        public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+            return http
+                    .csrf(csrf -> csrf.disable())
+                    .sessionManagement(session -> session.disable())
+                    .httpBasic(httpBasic -> httpBasic.realmName("mangaffinity"))
+                    .authorizeHttpRequests(request -> request
+                            .requestMatchers(HttpMethod.POST, "/usuarios/{email}").permitAll()
+                            .requestMatchers(HttpMethod.POST, "/usuarios/").permitAll()
+                            .requestMatchers(HttpMethod.GET, "/recursos/titulo/**").permitAll()
+                            .requestMatchers(HttpMethod.GET, "/recursos/autor/**").permitAll()
+                            .requestMatchers(HttpMethod.GET, "/recursos/genero/**").permitAll()
+                            .requestMatchers(HttpMethod.GET, "/recursos/fecha").permitAll()
+                            .requestMatchers(HttpMethod.GET, "/recursos/{id}").permitAll()
+                            .requestMatchers(HttpMethod.GET, "/recursos").hasAuthority("ROLE_ADMIN")
+                            .requestMatchers(HttpMethod.POST, "/recursos/").hasAuthority("ROLE_ADMIN")
+                            .requestMatchers(HttpMethod.PUT, "/recursos/{id}").hasAuthority("ROLE_ADMIN")
+                            .requestMatchers(HttpMethod.DELETE, "/recursos/{id}").hasAuthority("ROLE_ADMIN")
+                            .requestMatchers(HttpMethod.POST, "/recursos/{id}/capitulos").hasAuthority("ROLE_ADMIN")
+                            .requestMatchers(HttpMethod.GET, "/recursos/{id}/capitulos").permitAll()
+
+                            // 🔹 Protección de las rutas de la biblioteca (solo usuarios autenticados)
+                            .requestMatchers(HttpMethod.POST, "/biblioteca/{usuarioId}/recursos/{recursoId}/categoria").authenticated()
+                            .requestMatchers(HttpMethod.GET, "/biblioteca/{usuarioId}/recursos/categoria/{categoria}").authenticated()
+                            .requestMatchers(HttpMethod.DELETE, "/biblioteca/{usuarioId}/recursos/{recursoId}").authenticated()  // ✅ Nueva regla
+                            .requestMatchers(HttpMethod.PUT, "/biblioteca/{usuarioId}/recursos/{recursoId}/categoria").authenticated()  // ✅ Nueva regla
+
+                            .anyRequest().authenticated()
+                    )
+                    .addFilterBefore(new JwtFilter(jwtUtil), UsernamePasswordAuthenticationFilter.class)
+                    .build();
    }
-
-    @Bean
-    public PasswordEncoder passwordEncoder() {
+        @Bean public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
 }

-