From 3ef87649121d5362d3277dbd87411c4100579dd7 Mon Sep 17 00:00:00 2001 From: Tobias Koch Date: Fri, 5 Apr 2024 16:23:55 +0200 Subject: [PATCH] Introduce context path and remove `/download/` from controller --- .../qbic/data_download/rest/config/OpenApiConfig.java | 3 --- .../qbic/data_download/rest/config/SecurityConfig.java | 8 +------- .../data_download/rest/download/DownloadController.java | 5 ++--- rest-api/src/main/resources/application.properties | 3 +++ 4 files changed, 6 insertions(+), 13 deletions(-) diff --git a/rest-api/src/main/java/life/qbic/data_download/rest/config/OpenApiConfig.java b/rest-api/src/main/java/life/qbic/data_download/rest/config/OpenApiConfig.java index 7918d39..a873d1b 100644 --- a/rest-api/src/main/java/life/qbic/data_download/rest/config/OpenApiConfig.java +++ b/rest-api/src/main/java/life/qbic/data_download/rest/config/OpenApiConfig.java @@ -1,11 +1,8 @@ package life.qbic.data_download.rest.config; import io.swagger.v3.oas.annotations.OpenAPIDefinition; -import io.swagger.v3.oas.annotations.enums.SecuritySchemeIn; -import io.swagger.v3.oas.annotations.enums.SecuritySchemeType; import io.swagger.v3.oas.annotations.info.Info; import io.swagger.v3.oas.annotations.security.SecurityRequirement; -import io.swagger.v3.oas.annotations.security.SecurityScheme; import io.swagger.v3.oas.models.Components; import io.swagger.v3.oas.models.OpenAPI; import io.swagger.v3.oas.models.security.SecurityScheme.In; diff --git a/rest-api/src/main/java/life/qbic/data_download/rest/config/SecurityConfig.java b/rest-api/src/main/java/life/qbic/data_download/rest/config/SecurityConfig.java index eded56d..9eaeb21 100644 --- a/rest-api/src/main/java/life/qbic/data_download/rest/config/SecurityConfig.java +++ b/rest-api/src/main/java/life/qbic/data_download/rest/config/SecurityConfig.java @@ -43,7 +43,6 @@ import org.springframework.security.authentication.ProviderManager; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.access.expression.DefaultHttpSecurityExpressionHandler; @@ -109,7 +108,7 @@ public SecurityFilterChain apiFilterChain(HttpSecurity http, .addFilterAt(tokenAuthenticationFilter, BasicAuthenticationFilter.class) .authorizeHttpRequests(authorizedRequest -> authorizedRequest - .requestMatchers("/download/measurements/{measurementId}") + .requestMatchers("/measurements/{measurementId}") .access(anyOf( requestAuthorizationManagerFactory.spel( "hasPermission(#measurementId, 'qbic.measurement', 'READ')") @@ -127,11 +126,6 @@ public RequestAuthorizationManagerFactory authorizationManagerFactory( return new RequestAuthorizationManagerFactory(expressionHandler); } - @Bean - public WebSecurityCustomizer webSecurityCustomizer() { - return web -> web.ignoring().requestMatchers(ignoredEndpoints); - } - // ACL @Bean("auditLogger") public AuditLogger auditLogger() { diff --git a/rest-api/src/main/java/life/qbic/data_download/rest/download/DownloadController.java b/rest-api/src/main/java/life/qbic/data_download/rest/download/DownloadController.java index 10fa7ad..3d8ab51 100644 --- a/rest-api/src/main/java/life/qbic/data_download/rest/download/DownloadController.java +++ b/rest-api/src/main/java/life/qbic/data_download/rest/download/DownloadController.java @@ -31,12 +31,10 @@ import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PathVariable; -import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; import org.springframework.web.servlet.mvc.method.annotation.StreamingResponseBody; @RestController -@RequestMapping(path = "/download") public class DownloadController { private final MeasurementDataProvider measurementDataProvider; @@ -58,7 +56,8 @@ public DownloadController( @Parameter(name = "measurementId", required = true, description = "The identifier of the measurement to download") @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "successful operation, the measurement is retrieved asynchronously", content = @Content(schema = @Schema(implementation = Void.class))), - @ApiResponse(responseCode = "404", description = "measurement not found", content = @Content(schema = @Schema(implementation = Void.class))) + @ApiResponse(responseCode = "403", description = "forbidden, you do not have access to this resource", content = @Content(schema = @Schema(implementation = Void.class))), + @ApiResponse(responseCode = "404", description = "measurement not found", content = @Content(schema = @Schema(implementation = Void.class))), }) public ResponseEntity downloadMeasurement( @PathVariable("measurementId") String measurementId) { diff --git a/rest-api/src/main/resources/application.properties b/rest-api/src/main/resources/application.properties index fc660d5..ad67890 100644 --- a/rest-api/src/main/resources/application.properties +++ b/rest-api/src/main/resources/application.properties @@ -28,8 +28,11 @@ spring.datasource.url=${USER_DB_URL:localhost} spring.datasource.driver-class-name=${USER_DB_DRIVER:com.mysql.cj.jdbc.Driver} spring.datasource.username=${USER_DB_USER_NAME:myusername} spring.datasource.password=${USER_DB_USER_PW:astrongpassphrase!} + +### Spring JPA general configuration spring.jpa.hibernate.naming.implicit-strategy=org.hibernate.boot.model.naming.ImplicitNamingStrategyLegacyJpaImpl spring.jpa.hibernate.naming.physical-strategy=org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl +spring.jpa.open-in-view=false ### openAPI and Swagger UI endpoints springdoc.api-docs.enabled=true