back spring: update endpoint security

Arabasta · Aug 18, 2024 · 13f6774 · 13f6774
1 parent f9af578
commit 13f6774
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/back/spring/src/main/java/com/robotrader/spring/security/SecurityConfig.java b/back/spring/src/main/java/com/robotrader/spring/security/SecurityConfig.java
@@ -62,16 +62,17 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
                             .requestMatchers(
                                     "/api/v1/health/customer",
                                     "/api/v1/customer/**",
-                                    "/api/v1/backtest/**"
+                                    "/api/v1/backtest/**",
+                                    "/api/v1/user/**"
                             ).hasAuthority("ROLE_CUSTOMER")
 
                             // ADMIN role required to access /api/health/admin
                             .requestMatchers(
                                     "/api/v1/health/admin",
                                     "/api/v1/admin/**",
                                     "/api/v1/dev/**",
-                                    "/api/v1/backtest/**"
-
+                                    "/api/v1/backtest/**",
+                                    "/api/v1/user/**"
                             ).hasAuthority("ROLE_ADMIN")
 
                             .anyRequest().authenticated();