Project

General

Profile

Revision 1b7ce0af

ID1b7ce0af13bcefb5e9c9f2899c844413946bf9f6
Parent 61d32ca1
Child fcfd1e30

Added by Andreas Kohlbecker almost 4 years ago

ref #6248 also protecting /**description/accumulateDistributions

View differences:

cdmlib-remote/src/main/java/eu/etaxonomy/cdm/remote/config/OAuth2ServerConfiguration.java
41 41

  
42 42
    private static final String CDM_RESOURCE_ID = "cdm";
43 43

  
44
    private static final String ACCEXPR_MANAGE_CLIENT =
45
            "#oauth2.clientHasRole('ROLE_CLIENT') "
46
          + "or (!#oauth2.isOAuth() and ( "
47
          + "      hasRole('ROLE_ADMIN') or hasRole('" + MultiWebSecurityConfiguration.ROLE_MANAGE_CLIENT + "')"
48
          + "   )"
49
          + ")";
50

  
44 51
    @EnableResourceServer
45 52
    protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
46 53

  
......
56 63
                // Since we want the protected resources to be accessible in the UI as well we need
57 64
                // session creation to be allowed (it's disabled by default in 2.0.6)
58 65
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
59
            .and() // TODO do we need this?
60
                .requestMatchers()
61
                    .antMatchers(
62
                        "/manage/**",
63
                        "/user/**"
64
                        // "/oauth/users/**",
65
                        // "/oauth/clients/**")
66
                        )
67
                     //.regexMatchers("/classification/.*|/classification\\..*")
68 66
            .and()
69 67
                .authorizeRequests()
70 68
                    // see
......
72 70
                    //      or
73 71
                    //   org.springframework.security.access.expression.SecurityExpressionRoot
74 72
                    // - org.springframework.security.oauth2.provider.expression.OAuth2SecurityExpressionMethods
75
                    .antMatchers("/manage/**").access(
76
                              "#oauth2.clientHasRole('ROLE_CLIENT') "
77
                            + "or (!#oauth2.isOAuth() and ( "
78
                            + "      hasRole('ROLE_ADMIN') or hasRole('" + MultiWebSecurityConfiguration.ROLE_MANAGE_CLIENT + "')"
79
                            + "   )"
80
                            + ")")
73
                    .antMatchers("/manage/**").access(ACCEXPR_MANAGE_CLIENT)
74
                    .antMatchers("/**description/accumulateDistributions").access(ACCEXPR_MANAGE_CLIENT)
81 75
                    .antMatchers("/user/me").access("isAuthenticated()")
82 76
                    .regexMatchers("/user/.*|/user\\..*").access("hasAnyRole('ROLE_ADMIN', 'ROLE_USER_MANAGER')")
83 77

  

Also available in: Unified diff

Add picture from clipboard (Maximum size: 40 MB)