Skip to content

Commit 4eb8d2e

Browse files
krtksharmakrtksharma
authored
Update SecurityConfig.java
1 parent 61222b7 commit 4eb8d2e

1 file changed

Lines changed: 14 additions & 12 deletions

File tree

src/main/java/com/cognizant/config/SecurityConfig.java

Lines changed: 14 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -33,31 +33,33 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
3333
.cors(cors -> cors.configurationSource(corsConfigurationSource()))
3434
.sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
3535
.authorizeHttpRequests(auth -> auth
36-
// 1. Public Endpoints
37-
.requestMatchers("/api/users/login", "/api/users/register").permitAll()
36+
// Public — no token needed
37+
.requestMatchers("/api/users/login").permitAll()
38+
.requestMatchers("/api/users/register").permitAll()
3839
.requestMatchers("/api/attachments/download/**").permitAll()
3940
.requestMatchers("/swagger-ui/**", "/v3/api-docs/**").permitAll()
4041

41-
// 2. Attachment Endpoints (Requires Auth)
42-
.requestMatchers(HttpMethod.POST, "/api/defects/*/attachments").authenticated()
43-
.requestMatchers(HttpMethod.DELETE, "/api/attachments/**").authenticated()
44-
45-
// 3. Role-Based Endpoints
46-
.requestMatchers(HttpMethod.POST, "/api/defects/new").hasRole("TESTER")
47-
.requestMatchers(HttpMethod.PUT, "/api/defects/resolve").hasAnyRole("DEVELOPER", "TESTER")
48-
.requestMatchers("/api/defects/report/**").hasRole("PRODUCTOWNER")
42+
// Role-specific routes
43+
.requestMatchers(HttpMethod.POST, "/api/defects/new")
44+
.hasRole("TESTER")
45+
.requestMatchers(HttpMethod.PUT, "/api/defects/resolve")
46+
.hasAnyRole("DEVELOPER", "TESTER")
47+
.requestMatchers("/api/defects/report/**")
48+
.hasRole("PRODUCTOWNER")
4949

50+
// Everything else just needs a valid token
5051
.anyRequest().authenticated()
5152
)
52-
.addFilterBefore(new JwtAuthFilter(jwtUtil), UsernamePasswordAuthenticationFilter.class);
53+
.addFilterBefore(new JwtAuthFilter(jwtUtil),
54+
UsernamePasswordAuthenticationFilter.class);
5355

5456
return http.build();
5557
}
5658

5759
@Bean
5860
public CorsConfigurationSource corsConfigurationSource() {
5961
CorsConfiguration config = new CorsConfiguration();
60-
config.setAllowedOriginPatterns(List.of("*"));
62+
config.setAllowedOriginPatterns(List.of("*"));
6163
config.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "OPTIONS"));
6264
config.setAllowedHeaders(List.of("*"));
6365
config.setAllowCredentials(true);

0 commit comments

Comments
 (0)