fix: remove swager user acess on app

Throyer · Throyer · commit 83963de5aef4 · 2022-06-01T02:20:28.000-03:00
diff --git a/src/main/java/com/github/throyer/common/springboot/configurations/SpringSecurityConfiguration.java b/src/main/java/com/github/throyer/common/springboot/configurations/SpringSecurityConfiguration.java
@@ -18,6 +18,7 @@
 import static org.springframework.http.HttpMethod.POST;
 import static org.springframework.security.config.http.SessionCreationPolicy.STATELESS;
 
+import java.util.List;
 import java.util.Optional;
 import java.util.stream.Stream;
 
@@ -80,7 +81,7 @@ protected void globalConfiguration(
                     .passwordEncoder(ENCODER)
                     .withUser(username)
                     .password(ENCODER.encode(password))
-                    .authorities("SWAGGER");
+                    .authorities(List.of());
         }
 
 
@@ -133,7 +134,7 @@ public SecurityFilterChain app(HttpSecurity http) throws Exception {
                     .antMatchers(POST, "/app/register", "/app/recovery/**")
                         .permitAll()
                     .anyRequest()
-                        .authenticated()
+                        .hasAuthority("USER")
             .and()
                 .csrf()
                     .disable()                    
diff --git a/src/main/resources/templates/app/fragments/me.html b/src/main/resources/templates/app/fragments/me.html
@@ -5,10 +5,10 @@
                 <h5 class="modal-title"><i class="fas fa-user-alt"></i> About me</h5>
                 <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
             </div>
-            <div class="modal-body py-0" sec:authorize="isAuthenticated()" th:object="${#authentication.principal}">
+            <div class="modal-body py-0" sec:authorize="hasAnyAuthority('USER', 'ADM')" th:object="${#authentication.principal}">
                 <p>
                     <span class="fs-3">Name: </span>
-                    <span class="fs-5 fw-light" th:if="*{name}" th:text="*{name}"></span>
+                    <span class="fs-5 fw-light" th:text="*{name}"></span>
                 </p>
                 <p>
                     <span class="fs-3">Roles: </span>
diff --git a/src/main/resources/templates/app/fragments/navbar.html b/src/main/resources/templates/app/fragments/navbar.html
@@ -68,7 +68,7 @@
                         Show more
                     </a>
                     <ul class="dropdown-menu border-0 shadow bg-light animate slideIn" aria-labelledby="show-more">
-                        <li>
+                        <li sec:authorize="hasAnyAuthority('USER', 'ADM')">
                             <a href="#" data-bs-toggle="modal" data-bs-target="#me" class="dropdown-item">
                                 <i class="fas fa-user-circle"></i>
                                 Me
