Skip to content

Rubén Ramírez / MangAffinity

Go to a project
Commit 1ad6a309 by Rubén Ramírez
Options

feat: [ServicioSeguridad]: Añadidas urls

parent c1dbc3d3
Inline Side-by-side
Showing with 32 additions and 29 deletions
src/main/java/com/ujaen/tfg/mangaffinity/seguridad/ServicioSeguridad.java
...@@ -20,37 +20,40 @@ public class ServicioSeguridad { ...@@ -20,37 +20,40 @@ public class ServicioSeguridad {
this.jwtUtil = jwtUtil; this.jwtUtil = jwtUtil;
} }
@Bean @Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
return http return http
.csrf(csrf -> csrf.disable()) .csrf(csrf -> csrf.disable())
.sessionManagement(session -> session.disable()) .sessionManagement(session -> session.disable())
.httpBasic(httpBasic -> httpBasic.realmName("mangaffinity")) .httpBasic(httpBasic -> httpBasic.realmName("mangaffinity"))
.authorizeHttpRequests(request -> request .authorizeHttpRequests(request -> request
.requestMatchers(HttpMethod.POST, "/usuarios/{email}").permitAll() .requestMatchers(HttpMethod.POST, "/usuarios/{email}").permitAll()
.requestMatchers(HttpMethod.POST, "/usuarios/").permitAll() .requestMatchers(HttpMethod.POST, "/usuarios/").permitAll()
.requestMatchers(HttpMethod.GET, "/recursos/titulo/**").permitAll() .requestMatchers(HttpMethod.GET, "/recursos/titulo/**").permitAll()
.requestMatchers(HttpMethod.GET, "/recursos/autor/**").permitAll() .requestMatchers(HttpMethod.GET, "/recursos/autor/**").permitAll()
.requestMatchers(HttpMethod.GET, "/recursos/genero/**").permitAll() .requestMatchers(HttpMethod.GET, "/recursos/genero/**").permitAll()
.requestMatchers(HttpMethod.GET, "/recursos/fecha").permitAll() .requestMatchers(HttpMethod.GET, "/recursos/fecha").permitAll()
.requestMatchers(HttpMethod.GET, "/recursos/{id}").permitAll() .requestMatchers(HttpMethod.GET, "/recursos/{id}").permitAll()
.requestMatchers(HttpMethod.GET, "/recursos").hasAuthority("ROLE_ADMIN") .requestMatchers(HttpMethod.GET, "/recursos").hasAuthority("ROLE_ADMIN")
.requestMatchers(HttpMethod.POST, "/recursos/").hasAuthority("ROLE_ADMIN") .requestMatchers(HttpMethod.POST, "/recursos/").hasAuthority("ROLE_ADMIN")
.requestMatchers(HttpMethod.PUT, "/recursos/{id}").hasAuthority("ROLE_ADMIN") .requestMatchers(HttpMethod.PUT, "/recursos/{id}").hasAuthority("ROLE_ADMIN")
.requestMatchers(HttpMethod.DELETE, "/recursos/{id}").hasAuthority("ROLE_ADMIN") .requestMatchers(HttpMethod.DELETE, "/recursos/{id}").hasAuthority("ROLE_ADMIN")
.requestMatchers(HttpMethod.POST, "/recursos/{id}/capitulos").hasAuthority("ROLE_ADMIN") .requestMatchers(HttpMethod.POST, "/recursos/{id}/capitulos").hasAuthority("ROLE_ADMIN")
.requestMatchers(HttpMethod.GET, "/recursos/{id}/capitulos").permitAll() .requestMatchers(HttpMethod.GET, "/recursos/{id}/capitulos").permitAll()
.anyRequest().authenticated() // 🔹 Protección de las rutas de la biblioteca (solo usuarios autenticados)
) .requestMatchers(HttpMethod.POST, "/biblioteca/{usuarioId}/recursos/{recursoId}/categoria").authenticated()
.addFilterBefore(new JwtFilter(jwtUtil), UsernamePasswordAuthenticationFilter.class) .requestMatchers(HttpMethod.GET, "/biblioteca/{usuarioId}/recursos/categoria/{categoria}").authenticated()
.build(); .requestMatchers(HttpMethod.DELETE, "/biblioteca/{usuarioId}/recursos/{recursoId}").authenticated() // ✅ Nueva regla
.requestMatchers(HttpMethod.PUT, "/biblioteca/{usuarioId}/recursos/{recursoId}/categoria").authenticated() // ✅ Nueva regla
.anyRequest().authenticated()
)
.addFilterBefore(new JwtFilter(jwtUtil), UsernamePasswordAuthenticationFilter.class)
.build();
} }
@Bean public PasswordEncoder passwordEncoder() {
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder(); return new BCryptPasswordEncoder();
} }
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment