diff --git a/src/main/java/com/libraryman_api/security/config/WebConfiguration.java b/src/main/java/com/libraryman_api/security/config/WebConfiguration.java index 75c966d..47d2d60 100644 --- a/src/main/java/com/libraryman_api/security/config/WebConfiguration.java +++ b/src/main/java/com/libraryman_api/security/config/WebConfiguration.java @@ -39,8 +39,6 @@ public SecurityFilterChain web(HttpSecurity http) throws Exception { // make sure it is in order to access the proper Url .requestMatchers("/api/signup").permitAll() - .requestMatchers("/api/signup/admin/{secretKey}").permitAll() - .requestMatchers("/api/signup/librarian/{secretKey}").permitAll() .requestMatchers("/api/login").permitAll() .requestMatchers("/api/logout").permitAll() .anyRequest().authenticated() diff --git a/src/main/java/com/libraryman_api/security/controllers/SignupController.java b/src/main/java/com/libraryman_api/security/controllers/SignupController.java index 2d6244c..a1f6891 100644 --- a/src/main/java/com/libraryman_api/security/controllers/SignupController.java +++ b/src/main/java/com/libraryman_api/security/controllers/SignupController.java @@ -1,5 +1,6 @@ package com.libraryman_api.security.controllers; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; @@ -22,12 +23,14 @@ public void signup(@RequestBody Members members) { this.signupService.signup(members); } - @PostMapping("/api/signup/admin/{secretKey}") - public void signupAdmin(@RequestBody Members members,@PathVariable String secretKey) { - this.signupService.signupAdmin(members,secretKey); + @PostMapping("/api/signup/admin") + @PreAuthorize("hasRole('ADMIN')") + public void signupAdmin(@RequestBody Members members) { + this.signupService.signupAdmin(members); } - @PostMapping("/api/signup/librarian/{secretKey}") - public void signupLibrarian(@RequestBody Members members,@PathVariable String secretKey) { - this.signupService.signupLibrarian(members,secretKey); + @PostMapping("/api/signup/librarian") + @PreAuthorize("hasRole('LIBRARIAN') or hasRole('ADMIN')") + public void signupLibrarian(@RequestBody Members members) { + this.signupService.signupLibrarian(members); } } diff --git a/src/main/java/com/libraryman_api/security/services/SignupService.java b/src/main/java/com/libraryman_api/security/services/SignupService.java index c5f928f..33ff122 100644 --- a/src/main/java/com/libraryman_api/security/services/SignupService.java +++ b/src/main/java/com/libraryman_api/security/services/SignupService.java @@ -20,11 +20,6 @@ public class SignupService { private PasswordEncoder passwordEncoder; - @Value("${admin.secretKey}") - private String adminSecretKey; - - @Value("${librarian.secretKey}") - private String librarianSecretKey; public SignupService(MemberRepository memberRepository,PasswordEncoder passwordEncoder) { this.memberRepository=memberRepository; @@ -50,7 +45,7 @@ public void signup(Members members) { memberRepository.save(new_members); } - public void signupAdmin(Members members,String secretKey) { + public void signupAdmin(Members members) { Optional memberOptId=memberRepository.findById(members.getMemberId()); Optional memberOptUsername=memberRepository.findByUsername(members.getUsername()); if(memberOptId.isPresent()) { @@ -59,9 +54,7 @@ public void signupAdmin(Members members,String secretKey) { if(memberOptUsername.isPresent()) { throw new ResourceNotFoundException("User already Exists"); } - if(!adminSecretKey.equals(secretKey)) { - throw new ResourceNotFoundException("Secret Key does not match"); - } + String encoded_password=passwordEncoder.bCryptPasswordEncoder().encode(members.getPassword()); Members new_members=new Members(); new_members.setEmail(members.getEmail()); @@ -73,7 +66,7 @@ public void signupAdmin(Members members,String secretKey) { memberRepository.save(new_members); } - public void signupLibrarian(Members members,String secretKey) { + public void signupLibrarian(Members members) { Optional memberOptId=memberRepository.findById(members.getMemberId()); Optional memberOptUsername=memberRepository.findByUsername(members.getUsername()); if(memberOptId.isPresent()) { @@ -82,9 +75,6 @@ public void signupLibrarian(Members members,String secretKey) { if(memberOptUsername.isPresent()) { throw new ResourceNotFoundException("User already Exists"); } - if(!librarianSecretKey.equals(secretKey)) { - throw new ResourceNotFoundException("secret key does not match"); - } String encoded_password=passwordEncoder.bCryptPasswordEncoder().encode(members.getPassword()); Members new_members=new Members(); new_members.setEmail(members.getEmail()); diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 08f31b7..004aed8 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -1,5 +1,3 @@ spring.application.name=libraryman-api spring.profiles.active=${ENV:dev} jwt.secretKey=${YOUR_JWT_SECRET_KEY} -admin.secretKey=${ADMIN_SECRET_KEY} -librarian.secretKey=${LIBRARIAN_SECRET_KEY} \ No newline at end of file