Updated Security (#47)

* updated sec
IEEE-RVCE · May 29, 2024 · 8d2b956 · 8d2b956
1 parent 6b9df7f
commit 8d2b956
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 7 deletions.
diff --git a/src/main/java/org/ieeervce/gatekeeper/config/SecurityConfiguration.java b/src/main/java/org/ieeervce/gatekeeper/config/SecurityConfiguration.java
@@ -2,6 +2,7 @@
 
 import org.ieeervce.gatekeeper.entity.User;
 import org.ieeervce.gatekeeper.service.UserInfoUserDetailsService;
+import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
@@ -48,20 +49,25 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
 
     private static void getCustomizedHttpAuthorization(AuthorizeHttpRequestsConfigurer<HttpSecurity>.AuthorizationManagerRequestMatcherRegistry customizer) {
         customizer
-                .requestMatchers(HttpMethod.POST, "/user").hasRole("Admin")
-                .requestMatchers(HttpMethod.PUT, "/user").hasRole("Admin")
-                .requestMatchers(HttpMethod.DELETE, "/user").hasRole("Admin")
+
+                .requestMatchers(HttpMethod.POST,"/user").hasRole("Admin")
+                .requestMatchers(HttpMethod.PUT,"/user").hasRole("Admin")
+                .requestMatchers(HttpMethod.DELETE,"/user").hasRole("Admin")
                 .requestMatchers("/role").hasRole("Admin")
                 .requestMatchers("/society").hasRole("Admin")
-                .anyRequest().permitAll();
+                .requestMatchers("/").permitAll()
+                .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
+                .anyRequest().authenticated();
 
     }
 
     CorsConfigurationSource corsConfigurationSource() {
         CorsConfiguration configuration = new CorsConfiguration();
         configuration.applyPermitDefaultValues();
-        configuration.setAllowedOrigins(Arrays.asList("*"));
+        configuration.setAllowedOrigins(Arrays.asList("http://localhost:3000","https://gate.ieee-rvce.org"));
         configuration.setAllowedMethods(Arrays.asList("GET","POST","PUT","DELETE"));
+        configuration.setAllowCredentials(true);
+        configuration.setAllowedHeaders(Arrays.asList("Authorization", "Cache-Control", "Content-Type"));
         UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
         source.registerCorsConfiguration("/**", configuration);
         return source;
@@ -72,4 +78,4 @@ public static String getRequesterDetails() {
         Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
         return authentication.getName();
     }
-}
+}
diff --git a/src/main/java/org/ieeervce/gatekeeper/controller/RequestFormController.java b/src/main/java/org/ieeervce/gatekeeper/controller/RequestFormController.java
@@ -79,7 +79,7 @@ public ResponseRequestFormDTO getOne(@PathVariable Long requestFormId) throws It
         return modelMapper.map(requestFormService.findOne(requestFormId), ResponseRequestFormDTO.class);
     }
 
-    @DeleteMapping("/{requestFormID}")
+    @DeleteMapping("/{requestFormId}")
     public void deleteRequestForm(@PathVariable Long requestFormId) throws ItemNotFoundException {
         requestFormService.delete(requestFormId);
     }