Skip to content

Commit

Permalink
9/11: testing
Browse files Browse the repository at this point in the history
  • Loading branch information
thuan committed Nov 9, 2023
1 parent 9e9896d commit f6f3a05
Show file tree
Hide file tree
Showing 10 changed files with 171 additions and 176 deletions.
26 changes: 13 additions & 13 deletions src/main/java/com/spotify/app/config/OpenApiConfig.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,19 +13,19 @@


@Configuration
//@SecurityScheme(
// name = "bearerAuth",
// description = "JWT auth description",
// scheme = "bearer",
// type = SecuritySchemeType.HTTP,
// bearerFormat = "JWT",
// in = SecuritySchemeIn.HEADER
//)
//@OpenAPIDefinition(security = {
// @SecurityRequirement(
// name = "bearerAuth"
// )
//})
@SecurityScheme(
name = "bearerAuth",
description = "JWT auth description",
scheme = "bearer",
type = SecuritySchemeType.HTTP,
bearerFormat = "JWT",
in = SecuritySchemeIn.HEADER
)
@OpenAPIDefinition(security = {
@SecurityRequirement(
name = "bearerAuth"
)
})
public class OpenApiConfig {
@Bean
public OpenAPI customOpenAPI() {
Expand Down
3 changes: 0 additions & 3 deletions src/main/java/com/spotify/app/controller/ReviewController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,4 @@ public ResponseEntity<?> findAll() {
return ResponseEntity.ok().body(reviewService.findAll());
}




}
6 changes: 3 additions & 3 deletions src/main/java/com/spotify/app/controller/SongController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,15 +74,15 @@ public ResponseEntity<?> updateSong(
}

@PutMapping("/update/status/{songId}")
// @PreAuthorize("hasAnyRole('ARTIST', 'ADMIN')")
@PreAuthorize("hasAnyRole('ARTIST', 'ADMIN')")
public ResponseEntity<?> updateStatus(
@PathVariable("songId") Long songId
) {
return ResponseEntity.ok().body(songService.updateStatus(songId));
}

@GetMapping("/{songId}/add/{userId}")
// @PreAuthorize("hasRole('ARTIST')")
@PreAuthorize("hasRole('ARTIST')")
public ResponseEntity<?> addUser(
@PathVariable("songId")Long songId,
@PathVariable("userId")Long userId
Expand All @@ -91,7 +91,7 @@ public ResponseEntity<?> addUser(
}

@GetMapping("/{songId}/remove/{userId}")
// @PreAuthorize("hasRole('ARTIST')")
@PreAuthorize("hasRole('ARTIST')")
public ResponseEntity<?> removeUser(
@PathVariable("songId")Long songId,
@PathVariable("userId")Long userId
Expand Down
103 changes: 53 additions & 50 deletions src/main/java/com/spotify/app/security/config/SecurityFilterChainConfig.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,64 +41,67 @@ public JwtAuthenticationFilter jwtAuthenticationFilter () {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
// .csrf((AbstractHttpConfigurer::disable))
// .cors(Customizer.withDefaults())
// .authorizeHttpRequests(
// authz ->
// authz
// .requestMatchers(
// "/api/v1/song/save",
// "/api/v1/song/update/**",
// "/api/v1/song/upload/**",
// "/api/v1/album/upload/**",
// "/api/v1/album/*/add/**",
// "/api/v1/album/*/remove/**",
// "/api/v1/album/*/add",
// "/api/v1/album/update/**"
// )
// .hasRole( "ARTIST")
// .requestMatchers(
// "/api/v1/role/**",
// "/api/v1/playlist/admin/**",
// "/api/v1/category/admin/**")
// .hasRole("ADMIN")
// .requestMatchers(
// "/api/v1/song/find/by/sentiment/**",
// "/api/v1/song/increase/view/**",
// "/api/v1/user/increase/view/**",
// "/api/v1/user/*/playlists/followings",
// "/api/v1/user/*/add/**",
// "/api/v1/user/*/remove/**",
// "/api/v1/playlist/user/*/add/**",
// "/api/v1/playlist/user/*/remove/**",
// "/api/v1/playlist/*/create/playlist",
// "/api/v1/playlist/*/add/song/**",
// "/api/v1/playlist/*/remove/song/**",
// "/api/v1/playlist/upload/**",
// "/api/v1/follower/*/follow/**",
// "/api/v1/follower/*/cancel/**",
// "/api/v1/follower/*/followings",
// "/api/v1/follower/is/*/followed/**"
// )
// .authenticated()
// .anyRequest()
// .permitAll())
// .sessionManagement(httpSecuritySessionManagementConfigurer -> httpSecuritySessionManagementConfigurer
// .sessionCreationPolicy(SessionCreationPolicy.STATELESS))
// .authenticationProvider(authenticationProvider)
// .addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)
// .logout(httpSecurityLogoutConfigurer -> httpSecurityLogoutConfigurer.logoutUrl("/api/v1/auth/logout")
// .logoutSuccessHandler((request, response, authentication) -> SecurityContextHolder.clearContext()))
.csrf((AbstractHttpConfigurer::disable))
.cors(Customizer.withDefaults())
.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> authorizationManagerRequestMatcherRegistry
.requestMatchers("/api/v1/allowAllByPhi/**").authenticated().anyRequest().permitAll())
.authorizeHttpRequests(
authz ->
authz
.requestMatchers(
"/api/v1/song/save",
"/api/v1/song/update/**",
"/api/v1/song/upload/**",
"/api/v1/album/upload/**",
"/api/v1/album/*/add/**",
"/api/v1/album/*/remove/**",
"/api/v1/album/*/add",
"/api/v1/album/update/**"
)
.hasRole( "ARTIST")
.requestMatchers(
"/api/v1/role/**",
"/api/v1/playlist/admin/**",
"/api/v1/category/admin/**",
"/api/v1/review/admin/**"
)
.hasRole("ADMIN")
.requestMatchers(
"/api/v1/song/find/by/sentiment/**",
"/api/v1/song/increase/view/**",
"/api/v1/user/increase/view/**",
"/api/v1/user/*/playlists/followings",
"/api/v1/user/*/add/**",
"/api/v1/user/*/remove/**",
"/api/v1/playlist/user/*/add/**",
"/api/v1/playlist/user/*/remove/**",
"/api/v1/playlist/*/create/playlist",
"/api/v1/playlist/*/add/song/**",
"/api/v1/playlist/*/remove/song/**",
"/api/v1/playlist/upload/**",
"/api/v1/follower/*/follow/**",
"/api/v1/follower/*/cancel/**",
"/api/v1/follower/*/followings",
"/api/v1/follower/is/*/followed/**",
"/api/v1/review/*/review/in/**"
)
.authenticated()
.anyRequest()
.permitAll())
.sessionManagement(httpSecuritySessionManagementConfigurer -> httpSecuritySessionManagementConfigurer
.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.authenticationProvider(authenticationProvider)
.addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)
.logout(httpSecurityLogoutConfigurer -> httpSecurityLogoutConfigurer.logoutUrl("/api/v1/auth/logout")
.logoutSuccessHandler((request, response, authentication) -> SecurityContextHolder.clearContext()))
// .csrf((AbstractHttpConfigurer::disable))
// .cors(Customizer.withDefaults())
// .authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> authorizationManagerRequestMatcherRegistry
// .requestMatchers("/api/v1/allowAllByPhi/**").authenticated().anyRequest().permitAll())
// .sessionManagement(httpSecuritySessionManagementConfigurer -> httpSecuritySessionManagementConfigurer
// .sessionCreationPolicy(SessionCreationPolicy.STATELESS))
// .authenticationProvider(authenticationProvider)
// .addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)
// .logout(httpSecurityLogoutConfigurer -> httpSecurityLogoutConfigurer.logoutUrl("/api/v1/auth/logout")
// .logoutSuccessHandler((request, response, authentication) -> SecurityContextHolder.clearContext()))
;
return http.build();
}
Expand Down
Loading

0 comments on commit f6f3a05

Please sign in to comment.