+

2025-02-24 07:45:30 +05:00
parent 78bf0afeb9
commit 3d13a2e010
2 changed files with 21 additions and 9 deletions
--- a/src/main/java/org/ccalm/jwt/MainController.java
+++ b/src/main/java/org/ccalm/jwt/MainController.java
@ -1564,7 +1564,7 @@ public class MainController implements ServletContextAware {
                throw new CustomException(10000, trt.trt("Error_executing_SQL_query"),null);
            }*/

-            //Получаю id пользователя
+            //Получаю id пользователя TODO should work through the authorization function
            String sql = "select id from main._users where del=false and password=crypt(:password, password) and email=:email";
            MapSqlParameterSource parameters = new MapSqlParameterSource();
            parameters.addValue("email", update.getLogin());
--- a/src/main/java/org/ccalm/jwt/SecurityConfig.java
+++ b/src/main/java/org/ccalm/jwt/SecurityConfig.java
@ -46,6 +46,14 @@ public class SecurityConfig {

    @Component
    public class JwtAuthFilter extends OncePerRequestFilter {
+
+        @Override
+        protected boolean shouldNotFilter(HttpServletRequest request) throws ServletException {
+            String path = request.getRequestURI();
+            System.out.println(path); // https://127.0.0.1:8082/logout
+            return path.equals("/") || path.equals("/login") || path.equals("/logout") || path.equals("/create");
+        }
+
        @Override
        protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {

@ -115,14 +123,18 @@ public class SecurityConfig {
    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http, JwtAuthFilter jwtAuthFilter) throws Exception {
        http.csrf(AbstractHttpConfigurer::disable);
-        //http.authorizeHttpRequests(auth -> auth.anyRequest().permitAll()); // Отключил защиту, теперь все запросы разрешены
-        http.authorizeHttpRequests(auth -> auth
-                //.requestMatchers("/swagger-ui/**", "/v3/api-docs/**").authenticated() // Swagger доступен только после авторизации
-                .requestMatchers("/","/login", "/create").permitAll() // Логин и регистрация - доступны без авторизации
-                //.requestMatchers("/admin/**").hasRole("ADMIN") // Все пути, начинающиеся с /admin/, доступны только админам
-                .anyRequest().authenticated() // Все остальные запросы требуют авторизации
-        );
-        http.addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class);
+        //http.formLogin(AbstractHttpConfigurer::disable);   // Отключает /login
+        http.logout(AbstractHttpConfigurer::disable);      // Отключает /logout
+        //http.oauth2Login(AbstractHttpConfigurer::disable); // Отключает OAuth2 авторизацию
+
+
+        //http.authorizeHttpRequests(auth -> auth.anyRequest().authenticated());
+        http.authorizeHttpRequests(auth -> auth.anyRequest().permitAll()); // Отключил защиту, теперь все запросы разрешены
+        //http.authorizeHttpRequests(auth -> auth
+        //        .requestMatchers("/","/login", "/create").permitAll()
+        //        .anyRequest().authenticated()
+        //);
+         http.addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class);
        return http.build();
    }