diff options
3 files changed, 9 insertions, 15 deletions
diff --git a/src/main/java/org/berzerkula/builddb/config/SecurityConfig.java b/src/main/java/org/berzerkula/builddb/config/SecurityConfig.java index 8d8b4b7..36229e3 100644 --- a/src/main/java/org/berzerkula/builddb/config/SecurityConfig.java +++ b/src/main/java/org/berzerkula/builddb/config/SecurityConfig.java @@ -15,20 +15,19 @@ import org.springframework.security.web.SecurityFilterChain; @EnableMethodSecurity public class SecurityConfig { + private static final String[] ADMINLIST = {"/admin", "/actuator/beans", "/actuator/env", "actuator/metrics", "/actuator/shutdown"}; + private static final String[] CLIENTLIST = {"/client", "/pkgs/**"}; + private static final String[] WHITELIST = {"/", "/register", "/login", "/actuator/health", "/actuator/info", "/contact"}; + @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { return http .securityMatcher("/**") //.requiresChannel(channel -> channel.anyRequest().requiresSecure()) .authorizeHttpRequests( auth -> auth - .requestMatchers("/").permitAll() - .requestMatchers("/actuator/health","/actuator/info").permitAll() - .requestMatchers("/actuator/beans", "/actuator/env", "actuator/metrics", "/actuator/shutdown").hasRole(BuilddbConstants.ROLE_ADMIN) - .requestMatchers("/contact").permitAll() - .requestMatchers("/pkgs/**").hasRole(BuilddbConstants.ROLE_CLIENT) - .requestMatchers("/register").permitAll() - .requestMatchers("/login").permitAll() - .requestMatchers("/logout").authenticated() + .requestMatchers(WHITELIST).permitAll() + .requestMatchers(ADMINLIST).hasRole(BuilddbConstants.ROLE_ADMIN) + .requestMatchers(CLIENTLIST).hasRole(BuilddbConstants.ROLE_CLIENT) .anyRequest().authenticated() ) .csrf(csrf -> csrf diff --git a/src/main/resources/templates/register.html b/src/main/resources/templates/register.html index 31f240b..41175d5 100644 --- a/src/main/resources/templates/register.html +++ b/src/main/resources/templates/register.html @@ -14,8 +14,6 @@ <h2 class="text-center mb-4">Register</h2> <hr /> - - <div th:if="${success}" class="alert alert-success alert-dismissible fade show" role="alert"> @@ -25,13 +23,10 @@ aria-label="Close"></button> </div> - <form method="post" th:object="${registerDto}"> <input type="hidden" th:name="${_csrf.parameterName}" th:value="${_csrf.token}" /> - - <div class="row mb-3"> <label class="col-sm-4 col-form-label">First Name*</label> <div class="col-sm-8"> diff --git a/src/test/java/org/berzerkula/builddb/controllers/BuilddbDashboardControllerTest.java b/src/test/java/org/berzerkula/builddb/controllers/BuilddbDashboardControllerTest.java index c0860e3..d0e5496 100644 --- a/src/test/java/org/berzerkula/builddb/controllers/BuilddbDashboardControllerTest.java +++ b/src/test/java/org/berzerkula/builddb/controllers/BuilddbDashboardControllerTest.java @@ -33,7 +33,7 @@ class BuilddbDashboardControllerTest { } @Test - @WithMockUser + @WithMockUser(roles="admin") void shouldReturnAdminView() throws Exception { this.mockMvc.perform(get("/admin")) .andExpect(status().isOk()) @@ -42,7 +42,7 @@ class BuilddbDashboardControllerTest { } @Test - @WithMockUser + @WithMockUser(roles="client") void shouldReturnClientView() throws Exception { this.mockMvc.perform(get("/client")) .andExpect(status().isOk()) |