Merge pull request #223 from Arabasta/secure-endpoints

update spring securtiy
Arabasta · Aug 18, 2024 · dd1c577 · dd1c577
2 parents e7ffb53 + 13f6774
commit dd1c577
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/back/spring/src/main/java/com/robotrader/spring/security/SecurityConfig.java b/back/spring/src/main/java/com/robotrader/spring/security/SecurityConfig.java
@@ -62,16 +62,17 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
                             .requestMatchers(
                                     "/api/v1/health/customer",
                                     "/api/v1/customer/**",
-                                    "/api/v1/backtest/**"
+                                    "/api/v1/backtest/**",
+                                    "/api/v1/user/**"
                             ).hasAuthority("ROLE_CUSTOMER")
 
                             // ADMIN role required to access /api/health/admin
                             .requestMatchers(
                                     "/api/v1/health/admin",
                                     "/api/v1/admin/**",
                                     "/api/v1/dev/**",
-                                    "/api/v1/backtest/**"
-
+                                    "/api/v1/backtest/**",
+                                    "/api/v1/user/**"
                             ).hasAuthority("ROLE_ADMIN")
 
                             .anyRequest().authenticated();