Enforced controller security; restructured deps file; cleanup

2023-09-20 22:24:33 -05:00 · 2023-09-20 22:24:33 -05:00 · 43a626eef9
parent c6a3ca9318
commit 43a626eef9
5 changed files with 21 additions and 34 deletions
--- a/pom.xml
+++ b/pom.xml
@ -32,20 +32,24 @@
 			<artifactId>spring-boot-starter-security</artifactId>
 		</dependency>
 		<dependency>
-            <groupId>org.springframework</groupId>
+			<groupId>org.springframework.boot</groupId>
-            <artifactId>spring-jdbc</artifactId>
+			<artifactId>spring-boot-starter-data-jpa</artifactId>
 		</dependency>
        <dependency>
-            <groupId>org.springframework.data</groupId>
+            <groupId>org.springframework</groupId>
-            <artifactId>spring-data-jpa</artifactId>
+            <artifactId>spring-jdbc</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-beans</artifactId>
        </dependency>
        <dependency>
-			<groupId>org.springframework.boot</groupId>
+            <groupId>org.springframework.data</groupId>
-			<artifactId>spring-boot-starter-data-jpa</artifactId>
+            <artifactId>spring-data-jpa</artifactId>
        </dependency>
 		<dependency>
 			<groupId>org.springframework.security</groupId>
 			<artifactId>spring-security-core</artifactId>
 		</dependency>
--- a/src/main/java/com/itdominator/api/controller/BaseController.java
+++ b/src/main/java/com/itdominator/api/controller/BaseController.java
@ -1,38 +1,27 @@
 package com.itdominator.api.controller;
 import java.util.List;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RestController;
 import com.itdominator.api.dto.ThumbnailDto;
 import com.itdominator.api.dto.ThumbnailSearchCriteria;
 import com.itdominator.api.services.ThumbnailerService;
 import jakarta.validation.Valid;
 import jakarta.validation.constraints.Max;
 import jakarta.validation.constraints.Min;
 import jakarta.validation.constraints.Pattern;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
@RestController
@EnableMethodSecurity(securedEnabled = true, prePostEnabled = true)
@RequiredArgsConstructor
@Slf4j
@Validated
 public class BaseController {
-    @PreAuthorize("hashPermission('User')")
+    @PreAuthorize("hasRole('User')")
    // @PreAuthorize("hashPermission('User')")
    @GetMapping("/")
    public String root() {
        return "<h1>Hello, World!</h1>";
--- a/src/main/java/com/itdominator/api/controller/ThumbnailerApiController.java
+++ b/src/main/java/com/itdominator/api/controller/ThumbnailerApiController.java
@ -4,6 +4,7 @@ package com.itdominator.api.controller;
 import java.util.List;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@ -26,6 +27,7 @@ import lombok.extern.slf4j.Slf4j;
@RestController
@EnableMethodSecurity(securedEnabled = true, prePostEnabled = true)
@RequiredArgsConstructor
@Slf4j
@Validated
@ -34,7 +36,7 @@ public class ThumbnailerApiController {
    private final ThumbnailerService thumbnailerService;
-    @PreAuthorize("hashPermission('User')")
+    @PreAuthorize("hasRole('User')")
    @PostMapping("/get-thumbnail/id/{id}")
    public ThumbnailDto getThumbnailById(
        @PathVariable
@ -44,7 +46,7 @@ public class ThumbnailerApiController {
        return thumbnailerService.getThumbnailById(id);
    }
-    @PreAuthorize("hashPermission('User')")
+    @PreAuthorize("hasRole('User')")
    @PostMapping("/get-thumbnail/hash/{fileHash}")
    public ThumbnailDto getThumbnailByHash(
        @Pattern(regexp = "[a-zA-Z0-9]{32}*$") @PathVariable("fileHash") final String fileHash
@ -53,7 +55,7 @@ public class ThumbnailerApiController {
    }
-    @PreAuthorize("hashPermission('User')")
+    @PreAuthorize("hasRole('User')")
    @PostMapping("/get-thumbnail")
    public ThumbnailDto getThumbnailByIdOrHashQuery(
        @Valid @RequestBody ThumbnailSearchCriteria criteria
@ -61,7 +63,7 @@ public class ThumbnailerApiController {
        return thumbnailerService.getThumbnailByIdOrHashQuery(criteria);
    }
-    @PreAuthorize("hashPermission('User') and hashPermission('Admin')")
+    @PreAuthorize("hasRole('Admin')")
    @GetMapping("/get-all-thumbnails")
    public List<ThumbnailDto> getAllThumbnails() {
        return thumbnailerService.getAllThumbnails();
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@ -2,7 +2,7 @@ server.port=8999
 spring.security.user.name=root
 spring.security.user.password=toor
-spring.security.user.roles=USER
+spring.security.user.roles=User,Admin
 spring.jpa.properties.hibernate.current_session_context_class=org.springframework.orm.hibernate5.SpringJtaSessionContext
--- a/src/main/resources/persistence.properties
+++ b/src/main/resources/persistence.properties
@ -1,8 +0,0 @@
 driverClassName=org.sqlite.JDBC
 #url=jdbc:sqlite:memory:myDb?cache=shared 
 url=jdbc:sqlite:src/main/resource/static/db/database.db?cache=shared 
 username= 
 password=
 spring.jpa.database-platform=org.hibernate.community.dialect.SQLiteDialect 
 hibernate.hbm2ddl.auto=create-drop
 hibernate.show_sql=true