Role-Based Access Protection (The "Gatekeeper") #16
Description
Configure Spring Security to lock down the API routes based on the Roles I created.
Goal: Lock the doors based on the Role enum.
Tasks:
-
Create SecurityConfig class.
-
Define SecurityFilterChain.
-
Set up rules: .requestMatchers("/api/admin/**").hasRole("MANAGEMENT").
-
Enable BCrypt password encoding for the login process.
-------**-
/api/projects/** -> Only PRODUCER or MANAGEMENT can POST.
/api/tasks/** -> EMPLOYEE can only PATCH their own tasks.
/api/public/** -> Everyone (including VISITOR) can GET.