em phần quyền nhưng khi xét quyền admin với member thì không được
config security
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.authorizeRequests().antMatchers( "/user/logins", "/user/register").permitAll(); http.antMatcher("/user/").httpBasic().authenticationEntryPoint(restServicesEntryPoint()).and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests() .antMatchers(HttpMethod.POST, "/user/getListProductType").access("hasRole('admin')")
.antMatchers(HttpMethod.POST, "/user/getListSegmentPrice").access("hasRole('member')").and()
.addFilterBefore(jwtAuthenticationTokenFilter(), UsernamePasswordAuthenticationFilter.class)
.exceptionHandling().accessDeniedHandler(customAccessDeniedHandler());
}
Controller
@RestController
@RequestMapping("/user")
public class UserController {
@Autowired
SegmentService segmentService;
@Autowired
ProductTypeService productTypeService;
@Autowired
private JwtService jwtService;
@Autowired
private UserSerivce userSerivce;
@Autowired
private UserRepository userRepository;
ResponseData responseData = new ResponseData(1, "Chưa có dữ liệu", null);
@RequestMapping(value = "/logins",method = RequestMethod.POST)
ResponseEntity<?> logins(InputStream inputStream){
try {
responseData = new ResponseData(1, "Lỗi", null);
BaseRequest baseRequest = RequestUtils.convertToBaseRequest(inputStream);
System.out.println("--------------------");
if (baseRequest.getWsRequest() != null) {
ObjectMapper objectMapper = new ObjectMapper();
JsonNode jsonNode = objectMapper.readTree(objectMapper.writeValueAsString(baseRequest.getWsRequest()));
String phone = "";
String pass = "";
String result= "";
if (jsonNode.get("phone") != null) {
phone = jsonNode.get("phone").asText();
}
if (jsonNode.get("password") != null) {
pass = jsonNode.get("password").asText();
}
UserDao personal = userSerivce.findByPhone(phone);
if (personal != null) {
String passs = userRepository.findByUsername(phone);
if (pass.equals(passs)) {
result=jwtService.generateTokenLogin(phone);
responseData = new ResponseData(0, "OK", new ResponseBase(null,result));
} else {
responseData = new ResponseData(0, "sai mat khau", null);
}
} else {
responseData = new ResponseData(1, "Tài khoản không tồn tại!", null);
}
}
}
catch (Exception e){
e.printStackTrace();
}
return ResponseEntity.status(HttpStatus.OK).body(responseData);
}
@RequestMapping(value = "/getListProductTypes", method = RequestMethod.POST)
public ResponseEntity<?> getListProductType(InputStream inputStream) {
try {
BaseRequest baseRequest = RequestUtils.convertToBaseRequest(inputStream);
responseData = new ResponseData(1, "loi", null);
if (baseRequest.getWsRequest() != null) {
List<ProductType> list = productTypeService.findAll();
responseData = new ResponseData(0, "thanh cong", new ResponseBase(null, list));
}
} catch (Exception e) {
e.printStackTrace();
}
return ResponseEntity.status(HttpStatus.OK).body(responseData);
}
@RequestMapping(value = "/getListSegmentPrice", method = RequestMethod.POST)
public ResponseEntity<?> getListSegment(InputStream inputStream) {
try {
BaseRequest baseRequest = RequestUtils.convertToBaseRequest(inputStream);
responseData = new ResponseData(1, "loi", null);
if (baseRequest.getWsRequest() != null) {
ObjectMapper objectMapper = new ObjectMapper();
JsonNode jsonNode = objectMapper.readTree(objectMapper.writeValueAsString(baseRequest.getWsRequest()));
List<SegmentPrice> list = segmentService.findAll();
responseData = new ResponseData(0, "thanh cong", new ResponseBase(null, list));
}
} catch (Exception e) {
e.printStackTrace();
}
return ResponseEntity.status(HttpStatus.OK).body(responseData);
}
}