B
B
Bruce Parker2019-06-12 06:41:43
Java
Bruce Parker, 2019-06-12 06:41:43

How to make correct access rights to all users?

I have access rights to all pages only for the admin (only the login page can be visited by all users). So I want all users to be able to visit the "allStudents.jsp" page too. I correctly wrote the code for access rights? And how can I make sure that allStudents is the main page and immediately pops up when I start the project, it's just that now the authorization page comes out first
Security Config

@Configuration
    @EnableWebSecurity
    public class SecurityConfig extends WebSecurityConfigurerAdapter {
    
        @Autowired
        public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
            auth.inMemoryAuthentication().withUser("admin").password("{noop}1234").roles("ADMIN");
        }
    
        @Override
        protected void configure(HttpSecurity http) throws Exception {
    
            http.authorizeRequests()
                    .anyRequest().access("hasRole('ROLE_ADMIN')")
                    .and()
                    .authorizeRequests().antMatchers("/login**").permitAll()
                    .and()
                    .authorizeRequests().antMatchers("/allStudents**").permitAll()
                    .and()
                    .formLogin().loginPage("/login").loginProcessingUrl("/loginAction").permitAll()
                    .and()
                    .logout().logoutSuccessUrl("/login").permitAll()
                    .and()
                    .csrf().disable();
        }
    }

AuthorizationController
package adil.java.schoolmaven.controller;
    import org.springframework.stereotype.Controller;
    import org.springframework.web.bind.annotation.RequestMapping;
    import org.springframework.web.bind.annotation.RequestMethod;
    import org.springframework.web.servlet.ModelAndView;
    
    @Controller
    public class AuthorizationController {
    
        @RequestMapping(value = "/admin", method = RequestMethod.GET)
        public ModelAndView adminPage() {
    
            ModelAndView m = new ModelAndView();
            m.addObject("title", "Successfully logged in");
            m.addObject("message", "home");
            m.setViewName("admin");
            return new ModelAndView("redirect: allStudents");
        }
    }

Student Controller
@Controller
    public class StudentController {
    
        @Autowired
        private ServletContext servletContext;
    
        // Constructor based Dependency Injection
        private StudentService studentService;
    
        public StudentController() {
    
        }
    
        @Autowired
        public StudentController(StudentService studentService) {
            this.studentService = studentService;
        }
    
        
       
       
        @RequestMapping(value = "/allStudents", method = {RequestMethod.GET, RequestMethod.POST})
    
        public ModelAndView displayAllUser() {
            System.out.println("User Page Requested : All Students");
            ModelAndView mv = new ModelAndView();
            List<Student> studentList = studentService.getAllStudents();
            mv.addObject("studentList", studentList);
            mv.setViewName("allStudents");
            return mv;
        }
    
        @RequestMapping(value = "/addStudent", method = RequestMethod.GET)
        public ModelAndView displayNewUserForm() {
            ModelAndView mv = new ModelAndView("addStudent");
            mv.addObject("headerMessage", "Add Student Details");
            mv.addObject("student", new Student());
            return mv;
        }
    
        @PostMapping(value = "/addStudent")
        public String saveNewStudent(@RequestParam("name") @NonNull String name,
                @RequestParam("surname") @NonNull String surname,
                @RequestParam("avatar") MultipartFile file)
                throws IOException {
    
            Student student = new Student();
            student.setSurname(surname);
            student.setName(name);
    
            if (file != null && !file.isEmpty()) {
                student.setAvatar(studentService.saveAvatarImage(file).getName());
            }
    
            studentService.saveStudent(student);
            return "redirect:/allStudents";
        }
    
        @GetMapping(value = "/editStudent/{id}")
        public ModelAndView displayEditUserForm(@PathVariable Long id) {
            ModelAndView mv = new ModelAndView("editStudent");
            Student student = studentService.getStudentById(id);
            mv.addObject("headerMessage", "Редактирование студента");
            mv.addObject("student", student);
            return mv;
        }
    
        @PostMapping(value = "/editStudent")
        public String saveEditedUser(
                @RequestParam("id") Long id,
                @RequestParam("name") String name,
                @RequestParam("surname") String surname,
                @RequestParam("avatar") MultipartFile file) {
    
            try {
    
                studentService.updateStudent(name, surname, file, studentService.getStudentById(id));
    
            } catch (FileSystemException ex) {
                ex.printStackTrace();
            } catch (IOException e) {
                return "redirect:/error";
            }
    
            return "redirect:/allStudents";
        }
    
        @GetMapping(value = "/deleteStudent/{id}")
        public ModelAndView deleteUserById(@PathVariable Long id) {
            studentService.deleteStudentById(id);
            ModelAndView mv = new ModelAndView("redirect:/allStudents");
    
            return mv;
    
        }
    
    }

Answer the question

In order to leave comments, you need to log in

1 answer(s)
O
Orkhan, 2019-06-12
Hasanly @azerphoenix

I just now the authorization page comes out first

this is due to the fact that the url /allStudents is not allowed for you, most likely, therefore, the login page opens for you.
If you want the /allStudents page to open when opening the site, then you need to:
@GetMapping("/")
public String homePage() {
return "redirect:/allStudents";
}

simple example. Well, or you can, when accessing the url / return the template that you return with / allStudents

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question