Enforced controller security; restructured deps file; cleanup

pom.xml

@@ -32,20 +32,24 @@
 			<artifactId>spring-boot-starter-security</artifactId>
 		</dependency>
 		<dependency>
-            <groupId>org.springframework</groupId>
-            <artifactId>spring-jdbc</artifactId>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-data-jpa</artifactId>
 		</dependency>
         <dependency>
-            <groupId>org.springframework.data</groupId>
-            <artifactId>spring-data-jpa</artifactId>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-jdbc</artifactId>
         </dependency>
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-beans</artifactId>
         </dependency>
         <dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter-data-jpa</artifactId>
+            <groupId>org.springframework.data</groupId>
+            <artifactId>spring-data-jpa</artifactId>
+        </dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-core</artifactId>
 		</dependency>
 
 

src/main/java/com/itdominator/api/controller/BaseController.java

@@ -1,38 +1,27 @@
 package com.itdominator.api.controller;
 
 
-import java.util.List;
-
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.PathVariable;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RestController;
 
-import com.itdominator.api.dto.ThumbnailDto;
-import com.itdominator.api.dto.ThumbnailSearchCriteria;
-import com.itdominator.api.services.ThumbnailerService;
-
-import jakarta.validation.Valid;
-import jakarta.validation.constraints.Max;
-import jakarta.validation.constraints.Min;
-import jakarta.validation.constraints.Pattern;
-
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 
 
 
 @RestController
+@EnableMethodSecurity(securedEnabled = true, prePostEnabled = true)
 @RequiredArgsConstructor
 @Slf4j
 @Validated
 public class BaseController {
 
 
-    @PreAuthorize("hashPermission('User')")
+    @PreAuthorize("hasRole('User')")
+    // @PreAuthorize("hashPermission('User')")
     @GetMapping("/")
     public String root() {
         return "<h1>Hello, World!</h1>";

src/main/java/com/itdominator/api/controller/ThumbnailerApiController.java

@@ -4,6 +4,7 @@ package com.itdominator.api.controller;
 import java.util.List;
 
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -26,6 +27,7 @@ import lombok.extern.slf4j.Slf4j;
 
 
 @RestController
+@EnableMethodSecurity(securedEnabled = true, prePostEnabled = true)
 @RequiredArgsConstructor
 @Slf4j
 @Validated
@@ -34,7 +36,7 @@ public class ThumbnailerApiController {
     private final ThumbnailerService thumbnailerService;
 
 
-    @PreAuthorize("hashPermission('User')")
+    @PreAuthorize("hasRole('User')")
     @PostMapping("/get-thumbnail/id/{id}")
     public ThumbnailDto getThumbnailById(
         @PathVariable
@@ -44,7 +46,7 @@ public class ThumbnailerApiController {
         return thumbnailerService.getThumbnailById(id);
     }
 
-    @PreAuthorize("hashPermission('User')")
+    @PreAuthorize("hasRole('User')")
     @PostMapping("/get-thumbnail/hash/{fileHash}")
     public ThumbnailDto getThumbnailByHash(
         @Pattern(regexp = "[a-zA-Z0-9]{32}*$") @PathVariable("fileHash") final String fileHash
@@ -53,7 +55,7 @@ public class ThumbnailerApiController {
     }
 
 
-    @PreAuthorize("hashPermission('User')")
+    @PreAuthorize("hasRole('User')")
     @PostMapping("/get-thumbnail")
     public ThumbnailDto getThumbnailByIdOrHashQuery(
         @Valid @RequestBody ThumbnailSearchCriteria criteria
@@ -61,7 +63,7 @@ public class ThumbnailerApiController {
         return thumbnailerService.getThumbnailByIdOrHashQuery(criteria);
     }
 
-    @PreAuthorize("hashPermission('User') and hashPermission('Admin')")
+    @PreAuthorize("hasRole('Admin')")
     @GetMapping("/get-all-thumbnails")
     public List<ThumbnailDto> getAllThumbnails() {
         return thumbnailerService.getAllThumbnails();

src/main/resources/application.properties

@@ -2,7 +2,7 @@ server.port=8999
 
 spring.security.user.name=root
 spring.security.user.password=toor
-spring.security.user.roles=USER
+spring.security.user.roles=User,Admin
 
 spring.jpa.properties.hibernate.current_session_context_class=org.springframework.orm.hibernate5.SpringJtaSessionContext
 

src/main/resources/persistence.properties

@@ -1,8 +0,0 @@
-driverClassName=org.sqlite.JDBC
-#url=jdbc:sqlite:memory:myDb?cache=shared 
-url=jdbc:sqlite:src/main/resource/static/db/database.db?cache=shared 
-username= 
-password=
-spring.jpa.database-platform=org.hibernate.community.dialect.SQLiteDialect 
-hibernate.hbm2ddl.auto=create-drop
-hibernate.show_sql=true