2021-12-14 23:59:36 -05:00
2 changed files with 9 additions and 6 deletions
--- a/src/main/kotlin/dev/fyloz/colorrecipesexplorer/config/security/SecurityConfig.kt
+++ b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/config/security/SecurityConfig.kt
@ -8,7 +8,10 @@ import dev.fyloz.colorrecipesexplorer.service.CreUserDetailsService
 import dev.fyloz.colorrecipesexplorer.service.UserService
 import org.slf4j.Logger
 import org.springframework.boot.context.properties.EnableConfigurationProperties
-import org.springframework.context.annotation.*
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
+import org.springframework.context.annotation.Lazy
+import org.springframework.context.annotation.Profile
 import org.springframework.core.env.Environment
 import org.springframework.http.HttpMethod
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
@ -99,11 +102,9 @@ class SecurityConfig(
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)

        if (!debugMode) {
-            http.authorizeRequests()
-                .antMatchers("/api/login").permitAll()
-                .antMatchers("/api/logout").fullyAuthenticated()
-                .antMatchers("/api/user/current").fullyAuthenticated()
-                .anyRequest().fullyAuthenticated()
+            http
+                .authorizeRequests()
+                .anyRequest().permitAll()
        } else {
            http
                .cors()
--- a/src/main/kotlin/dev/fyloz/colorrecipesexplorer/rest/AccountControllers.kt
+++ b/src/main/kotlin/dev/fyloz/colorrecipesexplorer/rest/AccountControllers.kt
@ -32,6 +32,7 @@ class UserController(private val userService: UserService) {
        ok(userService.getByIdForOutput(id))

    @GetMapping("current")
+    @PreAuthorize("isFullyAuthenticated()")
    fun getCurrent(loggedInUser: Principal?) =
        if (loggedInUser != null)
            ok(
@ -161,6 +162,7 @@ class GroupsController(
@Profile("!emergency")
 class LogoutController(private val userService: UserService) {
    @GetMapping("logout")
+    @PreAuthorize("isFullyAuthenticated()")
    fun logout(request: HttpServletRequest) =
        ok {
            userService.logout(request)