Security issue fix

src/main/java/kz/project/printedFormsService/config/SecurityConfiguration.java

@@ -47,6 +47,7 @@ public class SecurityConfiguration {
         http.sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
 
         http.csrf(AbstractHttpConfigurer::disable);
+        http.anonymous(AbstractHttpConfigurer::disable);
 
         http.exceptionHandling(eh -> eh.authenticationEntryPoint((request, response, authException) -> {
             response.addHeader(HttpHeaders.WWW_AUTHENTICATE, "Bearer realm=\"Restricted Content\"");
@@ -57,9 +58,7 @@ public class SecurityConfiguration {
                 .requestMatchers("/actuator/health/readiness",
                         "/actuator/health/liveness",
                         "/api-docs/**",
-                        "/swagger-ui/**",
-                        BASE_PATH + TemplateController.GET_TEMPLATE,
-                        DTemplateTypeController.BASE_PATH+DTemplateTypeController.GET_ALL
+                        "/swagger-ui/**"
                 )
                 .permitAll()
 
@@ -93,7 +92,13 @@ public class SecurityConfiguration {
                 .requestMatchers(GitlabTemplateController.EDIT)
                 .hasAnyRole(EDITOR, ADMIN)
 
-                .anyRequest().authenticated()
+                .requestMatchers(
+                        BASE_PATH + TemplateController.GET_TEMPLATE,
+                        DTemplateTypeController.BASE_PATH + DTemplateTypeController.GET_ALL)
+                .permitAll()
+
+                .anyRequest().fullyAuthenticated()
+
         );
 
 

src/main/java/kz/project/printedFormsService/service/impl/GitlabClientImpl.java

@@ -2,6 +2,7 @@ package kz.project.printedFormsService.service.impl;
 
 import kz.project.printedFormsService.data.dto.GitlabMultipartFile;
 import kz.project.printedFormsService.service.GitlabClient;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
 import org.springframework.web.multipart.MultipartFile;
@@ -11,6 +12,7 @@ import reactor.core.publisher.Mono;
 import java.io.File;
 
 @Service
+@Slf4j
 public class GitlabClientImpl implements GitlabClient {
 
     private final WebClient webClient;
@@ -22,7 +24,6 @@ public class GitlabClientImpl implements GitlabClient {
                 .build();
     }
 
-    //http://gitlab.lan.arta.kz/d.ermakov/templates/-/raw/master/dto.txt?inline=false
     @Override
     public Mono<byte[]> downloadFileFromGitLab(String projectName, String filePath, String branch) {
         String urlPath = String.format("/api/v4/projects/%s/repository/files/%s/raw", projectName, filePath);
@@ -33,7 +34,7 @@ public class GitlabClientImpl implements GitlabClient {
                         .build())
                 .retrieve()
                 .bodyToMono(byte[].class)
-                .doOnError(error -> System.err.println("Error downloading file: " + error.getMessage()));
+                .doOnError(error -> log.error("Error downloading file: {}", error.getMessage()));
     }
 
     @Override
@@ -46,7 +47,7 @@ public class GitlabClientImpl implements GitlabClient {
                         .build())
                 .retrieve()
                 .bodyToMono(String.class)
-                .doOnError(error -> System.err.println("Error downloading file: " + error.getMessage()));
+                .doOnError(error -> log.error("Error downloading file: {}", error.getMessage()));
     }
 
     @Override
@@ -63,7 +64,7 @@ public class GitlabClientImpl implements GitlabClient {
                     File file = new File(filePath);
                     return new GitlabMultipartFile(file.getName(), file.getName(), null, bytes);
                 })
-                .doOnError(error -> System.err.println("Error downloading file: " + error.getMessage()))
+                .doOnError(error -> log.error("Error downloading file: {}", error.getMessage()))
                 .block();
     }
 }