Skip to content

Commit 3b39d0c

Browse files
ByunDohwiByunDohwi
committed
fix :: antMatchers 순서 정리, /meal/date 권한 authenticated으로 변경
1 parent 178c15a commit 3b39d0c

File tree

1 file changed

+52
-54
lines changed

1 file changed

+52
-54
lines changed

src/main/kotlin/dsm/pick2024/global/config/security/SecurityConfig.kt

Lines changed: 52 additions & 54 deletions
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,6 @@ class SecurityConfig(
3232
.and()
3333
.sessionManagement()
3434
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
35-
3635
http.authorizeRequests()
3736
.requestMatchers(CorsUtils::isCorsRequest)
3837
.permitAll()
@@ -57,18 +56,18 @@ class SecurityConfig(
5756
"/admin/key"
5857
).permitAll()
5958
.antMatchers(
60-
HttpMethod.POST,
61-
"/user/club",
62-
"/after/**",
63-
"/meal",
64-
"/notice",
65-
"/schedule/create",
66-
"/self-study/register",
67-
"/timetable",
68-
"/weekend-meal/saveAll",
69-
"/status/saveAll",
70-
"/schedule/**"
71-
).hasRole(Role.SCH.name)
59+
HttpMethod.GET,
60+
"/user/simple",
61+
"/user/details",
62+
"/application/my",
63+
"/application/simple",
64+
"/class-room/move",
65+
"/early-return/my",
66+
"/timetable/today",
67+
"/timetable/week",
68+
"/weekend-meal/my",
69+
"/notification/**"
70+
).hasRole(Role.STU.name)
7271
.antMatchers(
7372
HttpMethod.GET,
7473
"/admin/**",
@@ -94,8 +93,42 @@ class SecurityConfig(
9493
"/status/**",
9594
"/user/all",
9695
"/status/grade",
97-
"/timetable/all"
96+
"/timetable/all",
97+
"/weekend-meal/excel",
98+
"/weekend-meal/excel/grade",
99+
"/application/non-return"
100+
101+
).hasRole(Role.SCH.name)
102+
.antMatchers(
103+
HttpMethod.GET,
104+
"/meal/date",
105+
).authenticated()
106+
.antMatchers(
107+
HttpMethod.POST,
108+
"/application",
109+
"/class-room/move",
110+
"/early-return/create"
111+
).hasRole(Role.STU.name)
112+
.antMatchers(
113+
HttpMethod.POST,
114+
"/user/club",
115+
"/after/**",
116+
"/meal",
117+
"/notice",
118+
"/schedule/create",
119+
"/self-study/register",
120+
"/timetable",
121+
"/weekend-meal/saveAll",
122+
"/status/saveAll",
123+
"/schedule/**"
98124
).hasRole(Role.SCH.name)
125+
.antMatchers(
126+
HttpMethod.PATCH,
127+
"/application/status",
128+
"/weekend-meal/my-status",
129+
"/user/profile",
130+
"/notification/**"
131+
).hasRole(Role.STU.name)
99132
.antMatchers(
100133
HttpMethod.PATCH,
101134
"/application/**",
@@ -110,6 +143,10 @@ class SecurityConfig(
110143
"/weekend-meal/period",
111144
"/timetable/change"
112145
).hasRole(Role.SCH.name)
146+
.antMatchers(
147+
HttpMethod.DELETE,
148+
"/class-room/return"
149+
).hasRole(Role.STU.name)
113150
.antMatchers(
114151
HttpMethod.DELETE,
115152
"/after/**",
@@ -118,51 +155,12 @@ class SecurityConfig(
118155
"/after/delete"
119156
)
120157
.hasRole(Role.SCH.name)
121-
.antMatchers(
122-
HttpMethod.POST,
123-
"/application",
124-
"/class-room/move",
125-
"/early-return/create"
126-
).hasRole(Role.STU.name)
127-
.antMatchers(
128-
HttpMethod.PATCH,
129-
"/application/status",
130-
"/weekend-meal/my-status",
131-
"/user/profile",
132-
"/notification/**"
133-
).hasRole(Role.STU.name)
134-
.antMatchers(
135-
HttpMethod.GET,
136-
"/user/simple",
137-
"/user/details",
138-
"/application/my",
139-
"/application/simple",
140-
"/class-room/move",
141-
"/early-return/my",
142-
"/meal/date",
143-
"/timetable/today",
144-
"/timetable/week",
145-
"/weekend-meal/my",
146-
"/notification/**"
147-
).hasRole(Role.STU.name)
148-
.antMatchers(
149-
HttpMethod.DELETE,
150-
"/class-room/return"
151-
).hasRole(Role.STU.name)
152-
.antMatchers(
153-
HttpMethod.GET,
154-
"/application/non-return"
155-
).hasRole(Role.SCH.name)
156-
.antMatchers(
157-
HttpMethod.GET,
158-
"/weekend-meal/excel",
159-
"/weekend-meal/excel/grade"
160-
).hasRole(Role.SCH.name)
161158
.anyRequest().authenticated()
162159
.and()
163160
.exceptionHandling()
164161
.authenticationEntryPoint(HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED))
165162

163+
166164
http
167165
.apply(FilterConfig(objectMapper, jwtTokenProvider))
168166

0 commit comments

Comments
 (0)