diff --git a/backend/src/main/java/se/bilhalsning/config/SecurityConfig.java b/backend/src/main/java/se/bilhalsning/config/SecurityConfig.java index c3ddd1d..9a99694 100644 --- a/backend/src/main/java/se/bilhalsning/config/SecurityConfig.java +++ b/backend/src/main/java/se/bilhalsning/config/SecurityConfig.java @@ -37,6 +37,7 @@ public class SecurityConfig { .requestMatchers("/api/auth/register", "/api/auth/login").permitAll() .requestMatchers("/api/webhooks/**").permitAll() .requestMatchers("/api/vehicles/**").permitAll() + .requestMatchers("/api/admin/**").hasRole("ADMIN") .anyRequest().authenticated()) .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class); diff --git a/backend/src/main/java/se/bilhalsning/security/JwtAuthenticationFilter.java b/backend/src/main/java/se/bilhalsning/security/JwtAuthenticationFilter.java index fc3cc84..93d71f3 100644 --- a/backend/src/main/java/se/bilhalsning/security/JwtAuthenticationFilter.java +++ b/backend/src/main/java/se/bilhalsning/security/JwtAuthenticationFilter.java @@ -45,8 +45,16 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter { var userDetails = userDetailsService.loadUserByUsername(username); if (jwtService.isTokenValid(token)) { + String role = jwtService.extractRole(token); + List authorities = + new java.util.ArrayList<>(); + if (role != null) { + authorities.add(new org.springframework.security.core.authority.SimpleGrantedAuthority( + "ROLE_" + role.toUpperCase())); + } + var authToken = new UsernamePasswordAuthenticationToken( - userDetails, null, userDetails.getAuthorities()); + userDetails, null, authorities); authToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request)); SecurityContextHolder.getContext().setAuthentication(authToken); }