Enforced controller security; restructured deps file; cleanup
This commit is contained in:
parent
c6a3ca9318
commit
43a626eef9
16
pom.xml
16
pom.xml
|
@ -31,21 +31,25 @@
|
||||||
<groupId>org.springframework.boot</groupId>
|
<groupId>org.springframework.boot</groupId>
|
||||||
<artifactId>spring-boot-starter-security</artifactId>
|
<artifactId>spring-boot-starter-security</artifactId>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.springframework.boot</groupId>
|
||||||
|
<artifactId>spring-boot-starter-data-jpa</artifactId>
|
||||||
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.springframework</groupId>
|
<groupId>org.springframework</groupId>
|
||||||
<artifactId>spring-jdbc</artifactId>
|
<artifactId>spring-jdbc</artifactId>
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
|
||||||
<groupId>org.springframework.data</groupId>
|
|
||||||
<artifactId>spring-data-jpa</artifactId>
|
|
||||||
</dependency>
|
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.springframework</groupId>
|
<groupId>org.springframework</groupId>
|
||||||
<artifactId>spring-beans</artifactId>
|
<artifactId>spring-beans</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.springframework.data</groupId>
|
||||||
|
<artifactId>spring-data-jpa</artifactId>
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.springframework.boot</groupId>
|
<groupId>org.springframework.security</groupId>
|
||||||
<artifactId>spring-boot-starter-data-jpa</artifactId>
|
<artifactId>spring-security-core</artifactId>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,38 +1,27 @@
|
||||||
package com.itdominator.api.controller;
|
package com.itdominator.api.controller;
|
||||||
|
|
||||||
|
|
||||||
import java.util.List;
|
|
||||||
|
|
||||||
import org.springframework.security.access.prepost.PreAuthorize;
|
import org.springframework.security.access.prepost.PreAuthorize;
|
||||||
|
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
|
||||||
import org.springframework.validation.annotation.Validated;
|
import org.springframework.validation.annotation.Validated;
|
||||||
import org.springframework.web.bind.annotation.GetMapping;
|
import org.springframework.web.bind.annotation.GetMapping;
|
||||||
import org.springframework.web.bind.annotation.PathVariable;
|
|
||||||
import org.springframework.web.bind.annotation.PostMapping;
|
|
||||||
import org.springframework.web.bind.annotation.RequestBody;
|
|
||||||
import org.springframework.web.bind.annotation.RestController;
|
import org.springframework.web.bind.annotation.RestController;
|
||||||
|
|
||||||
import com.itdominator.api.dto.ThumbnailDto;
|
|
||||||
import com.itdominator.api.dto.ThumbnailSearchCriteria;
|
|
||||||
import com.itdominator.api.services.ThumbnailerService;
|
|
||||||
|
|
||||||
import jakarta.validation.Valid;
|
|
||||||
import jakarta.validation.constraints.Max;
|
|
||||||
import jakarta.validation.constraints.Min;
|
|
||||||
import jakarta.validation.constraints.Pattern;
|
|
||||||
|
|
||||||
import lombok.RequiredArgsConstructor;
|
import lombok.RequiredArgsConstructor;
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@RestController
|
@RestController
|
||||||
|
@EnableMethodSecurity(securedEnabled = true, prePostEnabled = true)
|
||||||
@RequiredArgsConstructor
|
@RequiredArgsConstructor
|
||||||
@Slf4j
|
@Slf4j
|
||||||
@Validated
|
@Validated
|
||||||
public class BaseController {
|
public class BaseController {
|
||||||
|
|
||||||
|
|
||||||
@PreAuthorize("hashPermission('User')")
|
@PreAuthorize("hasRole('User')")
|
||||||
|
// @PreAuthorize("hashPermission('User')")
|
||||||
@GetMapping("/")
|
@GetMapping("/")
|
||||||
public String root() {
|
public String root() {
|
||||||
return "<h1>Hello, World!</h1>";
|
return "<h1>Hello, World!</h1>";
|
||||||
|
|
|
@ -4,6 +4,7 @@ package com.itdominator.api.controller;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
import org.springframework.security.access.prepost.PreAuthorize;
|
import org.springframework.security.access.prepost.PreAuthorize;
|
||||||
|
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
|
||||||
import org.springframework.validation.annotation.Validated;
|
import org.springframework.validation.annotation.Validated;
|
||||||
import org.springframework.web.bind.annotation.GetMapping;
|
import org.springframework.web.bind.annotation.GetMapping;
|
||||||
import org.springframework.web.bind.annotation.PathVariable;
|
import org.springframework.web.bind.annotation.PathVariable;
|
||||||
|
@ -26,6 +27,7 @@ import lombok.extern.slf4j.Slf4j;
|
||||||
|
|
||||||
|
|
||||||
@RestController
|
@RestController
|
||||||
|
@EnableMethodSecurity(securedEnabled = true, prePostEnabled = true)
|
||||||
@RequiredArgsConstructor
|
@RequiredArgsConstructor
|
||||||
@Slf4j
|
@Slf4j
|
||||||
@Validated
|
@Validated
|
||||||
|
@ -34,7 +36,7 @@ public class ThumbnailerApiController {
|
||||||
private final ThumbnailerService thumbnailerService;
|
private final ThumbnailerService thumbnailerService;
|
||||||
|
|
||||||
|
|
||||||
@PreAuthorize("hashPermission('User')")
|
@PreAuthorize("hasRole('User')")
|
||||||
@PostMapping("/get-thumbnail/id/{id}")
|
@PostMapping("/get-thumbnail/id/{id}")
|
||||||
public ThumbnailDto getThumbnailById(
|
public ThumbnailDto getThumbnailById(
|
||||||
@PathVariable
|
@PathVariable
|
||||||
|
@ -44,7 +46,7 @@ public class ThumbnailerApiController {
|
||||||
return thumbnailerService.getThumbnailById(id);
|
return thumbnailerService.getThumbnailById(id);
|
||||||
}
|
}
|
||||||
|
|
||||||
@PreAuthorize("hashPermission('User')")
|
@PreAuthorize("hasRole('User')")
|
||||||
@PostMapping("/get-thumbnail/hash/{fileHash}")
|
@PostMapping("/get-thumbnail/hash/{fileHash}")
|
||||||
public ThumbnailDto getThumbnailByHash(
|
public ThumbnailDto getThumbnailByHash(
|
||||||
@Pattern(regexp = "[a-zA-Z0-9]{32}*$") @PathVariable("fileHash") final String fileHash
|
@Pattern(regexp = "[a-zA-Z0-9]{32}*$") @PathVariable("fileHash") final String fileHash
|
||||||
|
@ -53,7 +55,7 @@ public class ThumbnailerApiController {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@PreAuthorize("hashPermission('User')")
|
@PreAuthorize("hasRole('User')")
|
||||||
@PostMapping("/get-thumbnail")
|
@PostMapping("/get-thumbnail")
|
||||||
public ThumbnailDto getThumbnailByIdOrHashQuery(
|
public ThumbnailDto getThumbnailByIdOrHashQuery(
|
||||||
@Valid @RequestBody ThumbnailSearchCriteria criteria
|
@Valid @RequestBody ThumbnailSearchCriteria criteria
|
||||||
|
@ -61,7 +63,7 @@ public class ThumbnailerApiController {
|
||||||
return thumbnailerService.getThumbnailByIdOrHashQuery(criteria);
|
return thumbnailerService.getThumbnailByIdOrHashQuery(criteria);
|
||||||
}
|
}
|
||||||
|
|
||||||
@PreAuthorize("hashPermission('User') and hashPermission('Admin')")
|
@PreAuthorize("hasRole('Admin')")
|
||||||
@GetMapping("/get-all-thumbnails")
|
@GetMapping("/get-all-thumbnails")
|
||||||
public List<ThumbnailDto> getAllThumbnails() {
|
public List<ThumbnailDto> getAllThumbnails() {
|
||||||
return thumbnailerService.getAllThumbnails();
|
return thumbnailerService.getAllThumbnails();
|
||||||
|
|
|
@ -2,7 +2,7 @@ server.port=8999
|
||||||
|
|
||||||
spring.security.user.name=root
|
spring.security.user.name=root
|
||||||
spring.security.user.password=toor
|
spring.security.user.password=toor
|
||||||
spring.security.user.roles=USER
|
spring.security.user.roles=User,Admin
|
||||||
|
|
||||||
spring.jpa.properties.hibernate.current_session_context_class=org.springframework.orm.hibernate5.SpringJtaSessionContext
|
spring.jpa.properties.hibernate.current_session_context_class=org.springframework.orm.hibernate5.SpringJtaSessionContext
|
||||||
|
|
||||||
|
|
|
@ -1,8 +0,0 @@
|
||||||
driverClassName=org.sqlite.JDBC
|
|
||||||
#url=jdbc:sqlite:memory:myDb?cache=shared
|
|
||||||
url=jdbc:sqlite:src/main/resource/static/db/database.db?cache=shared
|
|
||||||
username=
|
|
||||||
password=
|
|
||||||
spring.jpa.database-platform=org.hibernate.community.dialect.SQLiteDialect
|
|
||||||
hibernate.hbm2ddl.auto=create-drop
|
|
||||||
hibernate.show_sql=true
|
|
Loading…
Reference in New Issue