From 364997445bb99ac6f5d0f1b7c8a3ce4067d39bbd Mon Sep 17 00:00:00 2001
From: cmullercejas <cmullercejas@gmail.com>
Date: Wed, 5 Feb 2020 15:57:53 +0100
Subject: [PATCH] better role-based access control to the differents routes

---
 .../petclinic/configuration/SecurityConfiguration.java      | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/springframework/samples/petclinic/configuration/SecurityConfiguration.java b/src/main/java/org/springframework/samples/petclinic/configuration/SecurityConfiguration.java
index 3ccc73c8c9b..28c545aa19c 100644
--- a/src/main/java/org/springframework/samples/petclinic/configuration/SecurityConfiguration.java
+++ b/src/main/java/org/springframework/samples/petclinic/configuration/SecurityConfiguration.java
@@ -34,8 +34,10 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
 	protected void configure(HttpSecurity http) throws Exception {
 		http.authorizeRequests()
 				.antMatchers("/resources/**","/webjars/**","/h2-console/**").permitAll()
-				.antMatchers(HttpMethod.GET, "/","/oups").permitAll()
-				.antMatchers("/owners/**","/vets/**").hasAuthority("admin")
+				.antMatchers(HttpMethod.GET, "/","/oups","/register").permitAll()
+//				.antMatchers("/owners/**","/vets/**").hasAuthority("admin")
+				.antMatchers("/owners/**").hasAnyAuthority("owner","admin")
+				.antMatchers("/vets/**").authenticated()
 				.anyRequest().denyAll()
 				.and()
 				 	.formLogin()