Allow user role management for admins

master
esensar 2018-01-17 22:40:15 +01:00
parent c2f56bc23b
commit c5553591d9
1 changed files with 4 additions and 0 deletions

View File

@ -46,6 +46,10 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
http.csrf().disable().authorizeRequests()
.antMatchers("/accesstoken", "/accesstoken/**", "/").permitAll()
.antMatchers(HttpMethod.POST, "/users").permitAll()
.antMatchers(HttpMethod.GET, "/users/**/userRoles").hasRole("ADMIN")
.antMatchers(HttpMethod.POST, "/users/**/userRoles").hasRole("ADMIN")
.antMatchers(HttpMethod.PUT, "/users/**/userRoles").hasRole("ADMIN")
.antMatchers(HttpMethod.DELETE, "/users/**/userRoles/*").hasRole("ADMIN")
.anyRequest().authenticated()
.and()
.addFilterBefore(new AuthenticationFilter(tokenStore, usersJpaRepository), CustomUrlUsernamePasswordAuthenticationFilter.class);