Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
G
Gestion des stages Backend
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Fatima Ezzahra Majidi
Gestion des stages Backend
Compare revisions
f4a54d25dc690ff03af76aa5b099e59fc08ced08 to dd69abf97c20a305d3a3f6a6840356f711677224
Compare revisions
Changes are shown as if the
source
revision was being merged into the
target
revision.
Learn more about comparing revisions.
Source
fatima-ezzahra.majidi.etu/gestion-des-stages
Select target project
No results found
dd69abf97c20a305d3a3f6a6840356f711677224
Select Git revision
Branches
main
1 result
Swap
Target
fatima-ezzahra.majidi.etu/gestion-des-stages
Select target project
fatima-ezzahra.majidi.etu/gestion-des-stages
1 result
f4a54d25dc690ff03af76aa5b099e59fc08ced08
Select Git revision
Branches
main
1 result
Show changes
Only incoming changes from source
Include changes to target since source was created
Compare
Commits on Source (2)
renforcement sécurité Backend
· 330f2851
Fatima Ezzahra Majidi
authored
2 months ago
330f2851
Merge branch 'master' into 'main'
· dd69abf9
Fatima Ezzahra Majidi
authored
2 months ago
renforcement sécurité Backend See merge request
!10
dd69abf9
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
src/main/java/com/example/gestionstagesbackend/config/SecurityConfig.java
+30
-12
30 additions, 12 deletions
...m/example/gestionstagesbackend/config/SecurityConfig.java
with
30 additions
and
12 deletions
src/main/java/com/example/gestionstagesbackend/config/SecurityConfig.java
View file @
dd69abf9
...
...
@@ -2,6 +2,7 @@ package com.example.gestionstagesbackend.config;
import
org.springframework.context.annotation.Bean
;
import
org.springframework.context.annotation.Configuration
;
import
org.springframework.http.HttpMethod
;
import
org.springframework.security.authentication.AuthenticationManager
;
import
org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
;
import
org.springframework.security.config.annotation.web.builders.HttpSecurity
;
...
...
@@ -42,19 +43,36 @@ public class SecurityConfig {
.
requestMatchers
(
"/**"
).
permitAll
()
// Role-based access
.
requestMatchers
(
"/api/students"
).
hasAuthority
(
"ROLE_ETUDIANT"
)
.
requestMatchers
(
"/api/students/**"
).
hasAuthority
(
"ROLE_ETUDIANT"
)
.
requestMatchers
(
"/api/stages"
).
hasAuthority
(
"ROLE_ETUDIANT"
)
.
requestMatchers
(
"/api/stages/**"
).
hasAuthority
(
"ROLE_ENTREPRISE"
)
.
requestMatchers
(
"/api/students"
).
hasAuthority
(
"ROLE_SUPERVISEUR"
)
.
requestMatchers
(
"/api/students/**"
).
hasAuthority
(
"ROLE_SUPERVISEUR"
)
.
requestMatchers
(
"/api/stages"
).
hasAuthority
(
"ROLE_SUPERVISEUR"
)
.
requestMatchers
(
"/api/stages/**"
).
hasAuthority
(
"ROLE_SUPERVISEUR"
)
.
requestMatchers
(
"/api/enterprises/add"
).
hasAuthority
(
"ROLE_ENTREPRISE"
)
.
requestMatchers
(
"/api/enterprises/update"
).
hasAuthority
(
"ROLE_ENTREPRISE"
)
.
requestMatchers
(
"/api/enterprises/delete"
).
hasAuthority
(
"ROLE_ENTREPRISE"
)
.
requestMatchers
(
"/**"
).
hasAuthority
(
"ROLE_ADMIN"
)
// 👨🎓 STUDENTS (ETUDIANTS) - Can ONLY View Students & Stages
.
requestMatchers
(
HttpMethod
.
GET
,
"/api/students"
).
hasAuthority
(
"ROLE_ETUDIANT"
)
.
requestMatchers
(
HttpMethod
.
GET
,
"/api/stages"
).
hasAuthority
(
"ROLE_ETUDIANT"
)
// ENTERPRISES - Can CRUD Stages but NOT Students
.
requestMatchers
(
HttpMethod
.
POST
,
"/api/stages/add"
).
hasAuthority
(
"ROLE_ENTREPRISE"
)
.
requestMatchers
(
HttpMethod
.
PUT
,
"/api/stages/update/**"
).
hasAuthority
(
"ROLE_ENTREPRISE"
)
.
requestMatchers
(
HttpMethod
.
DELETE
,
"/api/stages/delete/**"
).
hasAuthority
(
"ROLE_ENTREPRISE"
)
// SUPERVISEURS - Can CRUD Students & View Stages
.
requestMatchers
(
HttpMethod
.
GET
,
"/api/students"
).
hasAuthority
(
"ROLE_SUPERVISEUR"
)
.
requestMatchers
(
HttpMethod
.
POST
,
"/api/students/add"
).
hasAuthority
(
"ROLE_SUPERVISEUR"
)
.
requestMatchers
(
HttpMethod
.
PUT
,
"/api/students/update/**"
).
hasAuthority
(
"ROLE_SUPERVISEUR"
)
.
requestMatchers
(
HttpMethod
.
DELETE
,
"/api/students/delete/**"
).
hasAuthority
(
"ROLE_SUPERVISEUR"
)
.
requestMatchers
(
HttpMethod
.
GET
,
"/api/stages"
).
hasAuthority
(
"ROLE_SUPERVISEUR"
)
// ENTERPRISES - Can CRUD their own Enterprise details
.
requestMatchers
(
HttpMethod
.
POST
,
"/api/enterprises/add"
).
hasAuthority
(
"ROLE_ENTREPRISE"
)
.
requestMatchers
(
HttpMethod
.
PUT
,
"/api/enterprises/update/**"
).
hasAuthority
(
"ROLE_ENTREPRISE"
)
.
requestMatchers
(
HttpMethod
.
DELETE
,
"/api/enterprises/delete/**"
).
hasAuthority
(
"ROLE_ENTREPRISE"
)
// CANDIDATURES - Students Can Apply, Supervisors & Admins Can View & Manage
.
requestMatchers
(
HttpMethod
.
POST
,
"/api/candidacies/add"
).
hasAuthority
(
"ROLE_ETUDIANT"
)
// Students apply
.
requestMatchers
(
HttpMethod
.
GET
,
"/api/candidacies"
).
hasAnyAuthority
(
"ROLE_ADMIN"
,
"ROLE_SUPERVISEUR"
)
// Admin & Supervisor can view
.
requestMatchers
(
HttpMethod
.
PUT
,
"/api/candidacies/update/**"
).
hasAuthority
(
"ROLE_ADMIN"
)
// Only Admins can update candidacies
.
requestMatchers
(
HttpMethod
.
DELETE
,
"/api/candidacies/delete/**"
).
hasAuthority
(
"ROLE_ADMIN"
)
// Only Admins can delete candidacies
// ADMIN ACCESS - Has Full Control Over Everything
.
requestMatchers
(
"/api/admin/**"
).
hasAuthority
(
"ROLE_ADMIN"
)
.
requestMatchers
(
"/**"
).
hasAuthority
(
"ROLE_ADMIN"
)
// Any other request requires authentication
.
anyRequest
().
authenticated
()
)
...
...
This diff is collapsed.
Click to expand it.
