Introduce context path and remove /download/

from controller
qbicsoftware · Apr 5, 2024 · 3ef8764 · 3ef8764
1 parent c64a3f2
commit 3ef8764
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 13 deletions.
diff --git a/rest-api/src/main/java/life/qbic/data_download/rest/config/OpenApiConfig.java b/rest-api/src/main/java/life/qbic/data_download/rest/config/OpenApiConfig.java
@@ -1,11 +1,8 @@
 package life.qbic.data_download.rest.config;
 
 import io.swagger.v3.oas.annotations.OpenAPIDefinition;
-import io.swagger.v3.oas.annotations.enums.SecuritySchemeIn;
-import io.swagger.v3.oas.annotations.enums.SecuritySchemeType;
 import io.swagger.v3.oas.annotations.info.Info;
 import io.swagger.v3.oas.annotations.security.SecurityRequirement;
-import io.swagger.v3.oas.annotations.security.SecurityScheme;
 import io.swagger.v3.oas.models.Components;
 import io.swagger.v3.oas.models.OpenAPI;
 import io.swagger.v3.oas.models.security.SecurityScheme.In;

diff --git a/rest-api/src/main/java/life/qbic/data_download/rest/config/SecurityConfig.java b/rest-api/src/main/java/life/qbic/data_download/rest/config/SecurityConfig.java
@@ -43,7 +43,6 @@
 import org.springframework.security.authentication.ProviderManager;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.access.expression.DefaultHttpSecurityExpressionHandler;
@@ -109,7 +108,7 @@ public SecurityFilterChain apiFilterChain(HttpSecurity http,
         .addFilterAt(tokenAuthenticationFilter, BasicAuthenticationFilter.class)
         .authorizeHttpRequests(authorizedRequest ->
             authorizedRequest
-                .requestMatchers("/download/measurements/{measurementId}")
+                .requestMatchers("/measurements/{measurementId}")
                 .access(anyOf(
                     requestAuthorizationManagerFactory.spel(
                         "hasPermission(#measurementId, 'qbic.measurement', 'READ')")
@@ -127,11 +126,6 @@ public RequestAuthorizationManagerFactory authorizationManagerFactory(
     return new RequestAuthorizationManagerFactory(expressionHandler);
   }
 
-  @Bean
-  public WebSecurityCustomizer webSecurityCustomizer() {
-    return web -> web.ignoring().requestMatchers(ignoredEndpoints);
-  }
-
   // ACL
   @Bean("auditLogger")
   public AuditLogger auditLogger() {

diff --git a/rest-api/src/main/java/life/qbic/data_download/rest/download/DownloadController.java b/rest-api/src/main/java/life/qbic/data_download/rest/download/DownloadController.java
@@ -31,12 +31,10 @@
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
-import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.servlet.mvc.method.annotation.StreamingResponseBody;
 
 @RestController
-@RequestMapping(path = "/download")
 public class DownloadController {
 
   private final MeasurementDataProvider measurementDataProvider;
@@ -58,7 +56,8 @@ public DownloadController(
   @Parameter(name = "measurementId", required = true, description = "The identifier of the measurement to download")
   @ApiResponses(value = {
       @ApiResponse(responseCode = "200", description = "successful operation, the measurement is retrieved asynchronously", content = @Content(schema = @Schema(implementation = Void.class))),
-      @ApiResponse(responseCode = "404", description = "measurement not found", content = @Content(schema = @Schema(implementation = Void.class)))
+      @ApiResponse(responseCode = "403", description = "forbidden, you do not have access to this resource", content = @Content(schema = @Schema(implementation = Void.class))),
+      @ApiResponse(responseCode = "404", description = "measurement not found", content = @Content(schema = @Schema(implementation = Void.class))),
   })
   public ResponseEntity<StreamingResponseBody> downloadMeasurement(
       @PathVariable("measurementId") String measurementId) {

diff --git a/rest-api/src/main/resources/application.properties b/rest-api/src/main/resources/application.properties
@@ -28,8 +28,11 @@ spring.datasource.url=${USER_DB_URL:localhost}
 spring.datasource.driver-class-name=${USER_DB_DRIVER:com.mysql.cj.jdbc.Driver}
 spring.datasource.username=${USER_DB_USER_NAME:myusername}
 spring.datasource.password=${USER_DB_USER_PW:astrongpassphrase!}
+
+### Spring JPA general configuration
 spring.jpa.hibernate.naming.implicit-strategy=org.hibernate.boot.model.naming.ImplicitNamingStrategyLegacyJpaImpl
 spring.jpa.hibernate.naming.physical-strategy=org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
+spring.jpa.open-in-view=false
 
 ### openAPI and Swagger UI endpoints
 springdoc.api-docs.enabled=true