implement HTTP Basic Authentication

d91de48f · Hoai Viet Nguyen · 26124796 · d91de48f · d91de48f · d91de48f
Commit d91de48f authored 1 month ago by Hoai Viet Nguyen
--- a/src/main/kotlin/de/thk/gm/gdw/todolist/configs/SecurityConfig.kt
+++ b/src/main/kotlin/de/thk/gm/gdw/todolist/configs/SecurityConfig.kt
@@ -25,12 +25,15 @@ class SecurityConfig {
                authorize(HttpMethod.GET,"/dashboard", hasAuthority("ROLE_USER"))
                authorize("/user/tasks/**", hasAuthority("ROLE_USER"))
                authorize(HttpMethod.POST, "/users", permitAll)
+                authorize("/api/v1/user/**",hasAuthority("ROLE_USER"))
            }

            formLogin {
                permitAll()
                defaultSuccessUrl("/dashboard",true)
            }
+
+            httpBasic {  }
        }

        return http.build()

--- a/src/main/kotlin/de/thk/gm/gdw/todolist/controllers/TasksRestController.kt
+++ b/src/main/kotlin/de/thk/gm/gdw/todolist/controllers/TasksRestController.kt
@@ -34,8 +34,8 @@ class TasksRestController (private val tasksService: TasksService, private val u
    }

    @GetMapping("/tasks")
-    fun getTasks(@PathVariable userId: UUID) : List<Task> {
-        val user  = usersService.getUserById(userId)
+    fun getTasks(principal: Principal) : List<Task> {
+        val user  = usersService.getUserByEmail(principal.name)
        if(user != null) {
            val tasks = tasksService.getAllByUser(user,true)
            return tasks

--- a/src/main/resources/templates/tasks/showTask.ftlh
+++ b/src/main/resources/templates/tasks/showTask.ftlh
@@ -24,7 +24,7 @@
            var task = {}
            task.name = document.getElementById("name").value
            task.open = document.getElementById("open").value
-            xhr.open("PUT","/api/v1/users/${task.user.id}/tasks/${task.id}")
+            xhr.open("PUT","/api/v1/user/tasks/${task.id}")
            xhr.setRequestHeader("Content-Type", "application/json")
            xhr.send(JSON.stringify(task))
            xhr.onreadystatechange = function(){
@@ -35,11 +35,11 @@
        }

        function deleteTask() {
-            xhr.open("DELETE","/api/v1/users/${task.user.id}/tasks/${task.id}")
+            xhr.open("DELETE","/api/v1/user/tasks/${task.id}")
            xhr.send()
            xhr.onreadystatechange = function(){
                if(this.readyState == 4 && this.status == 204){
-                    window.location.href= "/users/${task.user.id}/tasks"
+                    window.location.href= "/dashboard"
                }
            }
        }