igor/org.ccalm.jwt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

+

Browse Source
This commit is contained in:
igor
2025-02-24 07:45:30 +05:00
parent 78bf0afeb9
commit 3d13a2e010
2 changed files with 21 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/java/org/ccalm/jwt/MainController.java
View File

@ -1564,7 +1564,7 @@ public class MainController implements ServletContextAware {
throw new CustomException(10000, trt.trt("Error_executing_SQL_query"),null); throw new CustomException(10000, trt.trt("Error_executing_SQL_query"),null);
}*/ }*/
//Получаю id пользователя //Получаю id пользователя TODO should work through the authorization function
String sql = "select id from main._users where del=false and password=crypt(:password, password) and email=:email"; String sql = "select id from main._users where del=false and password=crypt(:password, password) and email=:email";
MapSqlParameterSource parameters = new MapSqlParameterSource(); MapSqlParameterSource parameters = new MapSqlParameterSource();
parameters.addValue("email", update.getLogin()); parameters.addValue("email", update.getLogin());

26
src/main/java/org/ccalm/jwt/SecurityConfig.java
View File

@ -46,6 +46,14 @@ public class SecurityConfig {
@Component @Component
public class JwtAuthFilter extends OncePerRequestFilter { public class JwtAuthFilter extends OncePerRequestFilter {
@Override
protected boolean shouldNotFilter(HttpServletRequest request) throws ServletException {
String path = request.getRequestURI();
System.out.println(path); // https://127.0.0.1:8082/logout
return path.equals("/") || path.equals("/login") || path.equals("/logout") || path.equals("/create");
}
@Override @Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
@ -115,13 +123,17 @@ public class SecurityConfig {
@Bean @Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http, JwtAuthFilter jwtAuthFilter) throws Exception { public SecurityFilterChain securityFilterChain(HttpSecurity http, JwtAuthFilter jwtAuthFilter) throws Exception {
http.csrf(AbstractHttpConfigurer::disable); http.csrf(AbstractHttpConfigurer::disable);
//http.authorizeHttpRequests(auth -> auth.anyRequest().permitAll()); // Отключил защиту, теперь все запросы разрешены //http.formLogin(AbstractHttpConfigurer::disable); // Отключает /login
http.authorizeHttpRequests(auth -> auth http.logout(AbstractHttpConfigurer::disable); // Отключает /logout
//.requestMatchers("/swagger-ui/**", "/v3/api-docs/**").authenticated() // Swagger доступен только после авторизации //http.oauth2Login(AbstractHttpConfigurer::disable); // Отключает OAuth2 авторизацию
.requestMatchers("/","/login", "/create").permitAll() // Логин и регистрация - доступны без авторизации
//.requestMatchers("/admin/**").hasRole("ADMIN") // Все пути, начинающиеся с /admin/, доступны только админам
.anyRequest().authenticated() // Все остальные запросы требуют авторизации //http.authorizeHttpRequests(auth -> auth.anyRequest().authenticated());
); http.authorizeHttpRequests(auth -> auth.anyRequest().permitAll()); // Отключил защиту, теперь все запросы разрешены
//http.authorizeHttpRequests(auth -> auth
// .requestMatchers("/","/login", "/create").permitAll()
// .anyRequest().authenticated()
//);
http.addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class); http.addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class);
return http.build(); return http.build();
} }