From 14767cd4559c583fdcaed5330274479e95463cdb Mon Sep 17 00:00:00 2001 From: I-migi Date: Thu, 28 Nov 2024 11:34:09 +0900 Subject: [PATCH] . --- .../api/config/security/SecurityConfig.java | 39 ++++++------------- 1 file changed, 12 insertions(+), 27 deletions(-) diff --git a/api/src/main/java/org/badminton/api/config/security/SecurityConfig.java b/api/src/main/java/org/badminton/api/config/security/SecurityConfig.java index 31a8c915..43b368f7 100644 --- a/api/src/main/java/org/badminton/api/config/security/SecurityConfig.java +++ b/api/src/main/java/org/badminton/api/config/security/SecurityConfig.java @@ -64,14 +64,6 @@ public SecurityFilterChain publicFilterChain(HttpSecurity http) throws Exception .csrf(AbstractHttpConfigurer::disable) .cors(this::corsConfigurer) .authorizeHttpRequests(auth -> auth - .requestMatchers("/").permitAll() - .requestMatchers("/oauth2/**").permitAll() - .requestMatchers("/login/**").permitAll() - .requestMatchers("/error").permitAll() - .requestMatchers("/swagger-ui/**").permitAll() - .requestMatchers("/v1/leagues/**").permitAll() - .requestMatchers("/v1/members/session").permitAll() - .requestMatchers("/v1/clubs/**").permitAll() .anyRequest().permitAll()) .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) .oauth2Login(oauth2 -> oauth2 @@ -129,14 +121,6 @@ public SecurityFilterChain clubFilterChain(HttpSecurity http) throws Exception { .exceptionHandling( exception -> exception.authenticationEntryPoint(failedAuthenticationEntryPoint)) .authorizeHttpRequests(auth -> auth - .requestMatchers("/").permitAll() - .requestMatchers("/oauth2/**").permitAll() - .requestMatchers("/login/**").permitAll() - .requestMatchers("/error").permitAll() - .requestMatchers("/swagger-ui/**").permitAll() - .requestMatchers("/v1/leagues/**").permitAll() - .requestMatchers("/v1/members/session").permitAll() - .requestMatchers("/v1/clubs/**").permitAll() .requestMatchers(HttpMethod.GET, "/v1/clubs/{clubToken}/leagues/month") .permitAll() .requestMatchers(HttpMethod.GET, "/v1/clubs/{clubToken}/leagues/date") @@ -146,35 +130,36 @@ public SecurityFilterChain clubFilterChain(HttpSecurity http) throws Exception { .requestMatchers(HttpMethod.POST, "/v1/clubs") .permitAll() .requestMatchers(HttpMethod.DELETE, "/v1/clubs/{clubToken}") - .permitAll() + .access(hasClubRole("OWNER")) .requestMatchers(HttpMethod.GET, "/v1/clubs/{clubToken}/applicants") - .permitAll() + .access(hasClubRole("OWNER", "MANAGER")) .requestMatchers(HttpMethod.PATCH, "/v1/clubs/{clubToken}") - .permitAll() + .access(hasClubRole("OWNER", "MANAGER")) .requestMatchers(HttpMethod.GET, "/v1/clubs/{clubToken}/leagues/{leagueId}") .permitAll() .requestMatchers(HttpMethod.GET, "/v1/clubs/{clubToken}/clubMembers") - .permitAll() + .access(hasClubRole("OWNER", "MANAGER", "USER")) .requestMatchers(HttpMethod.GET, "/v1/clubs/{clubToken}") .permitAll() + .requestMatchers(HttpMethod.POST, "/v1/clubs/{clubToken}/clubMembers/approve", "/v1/clubs/{clubToken}/clubMembers/reject") - .permitAll() + .access(hasClubRole("OWNER", "MANAGER")) .requestMatchers(HttpMethod.POST, "/v1/clubs/images") - .permitAll() + .access(hasClubRole("OWNER", "MANAGER")) .requestMatchers(HttpMethod.DELETE, "/v1/clubs/{clubToken}/leagues/{leagueId}") - .permitAll() + .access(hasClubRole("OWNER", "MANAGER", "USER")) .requestMatchers(HttpMethod.PATCH, "/v1/clubs/{clubToken}/leagues/{leagueId}") - .permitAll() + .access(hasClubRole("OWNER", "MANAGER", "USER")) .requestMatchers(HttpMethod.POST, "/v1/clubs/{clubToken}/leagues/{leagueId}/participation", "/v1/clubs/{clubToken}/leagues") - .permitAll() + .access(hasClubRole("OWNER", "MANAGER", "USER")) .requestMatchers(HttpMethod.DELETE, "/v1/clubs/{clubToken}/leagues/{leagueId}/participation") - .permitAll() + .access(hasClubRole("OWNER", "MANAGER", "USER")) .requestMatchers(HttpMethod.PATCH, "/v1/clubs/{clubToken}/clubMembers/role", "v1/clubs/{clubToken}/clubMembers/ban", "v1/clubs/{clubToken}/clubMembers/expel") - .permitAll() + .access(hasClubRole("OWNER")) .anyRequest() .authenticated() );