Revision 60501
Added by Konstantina Galouni about 3 years ago
| SecurityConfig.java | ||
|---|---|---|
| 1 |
package eu.dnetlib.uoaadmintools.configuration.properties; |
|
| 2 |
|
|
| 3 |
import org.springframework.boot.context.properties.ConfigurationProperties; |
|
| 4 |
|
|
| 5 |
import java.util.ArrayList; |
|
| 6 |
import java.util.List; |
|
| 7 |
|
|
| 8 |
@ConfigurationProperties("admintool.security")
|
|
| 9 |
public class SecurityConfig {
|
|
| 10 |
|
|
| 11 |
private String userInfoUrl; |
|
| 12 |
private String originServer; |
|
| 13 |
private List<String> postsAllowed = new ArrayList<>(); |
|
| 14 |
|
|
| 15 |
public void setUserInfoUrl(String userInfoUrl) {
|
|
| 16 |
this.userInfoUrl = userInfoUrl; |
|
| 17 |
} |
|
| 18 |
|
|
| 19 |
public void setOriginServer(String originServer) {
|
|
| 20 |
this.originServer = originServer; |
|
| 21 |
} |
|
| 22 |
|
|
| 23 |
|
|
| 24 |
public void setPostsAllowed(List<String> posts) {
|
|
| 25 |
this.postsAllowed = posts; |
|
| 26 |
} |
|
| 27 |
|
|
| 28 |
public String getUserInfoUrl() {
|
|
| 29 |
return userInfoUrl; |
|
| 30 |
} |
|
| 31 |
|
|
| 32 |
public String getOriginServer() {
|
|
| 33 |
return originServer; |
|
| 34 |
} |
|
| 35 |
|
|
| 36 |
public List<String> getPostsAllowed() {
|
|
| 37 |
return postsAllowed; |
|
| 38 |
} |
|
| 39 |
|
|
| 40 |
} |
|
| 1 |
//package eu.dnetlib.uoaadmintools.configuration.properties; |
|
| 2 |
// |
|
| 3 |
//import org.springframework.boot.context.properties.ConfigurationProperties; |
|
| 4 |
// |
|
| 5 |
//import java.util.ArrayList; |
|
| 6 |
//import java.util.List; |
|
| 7 |
// |
|
| 8 |
//@ConfigurationProperties("admintool.security")
|
|
| 9 |
//public class SecurityConfig {
|
|
| 10 |
// |
|
| 11 |
// private String userInfoUrl; |
|
| 12 |
// private String originServer; |
|
| 13 |
// private List<String> postsAllowed = new ArrayList<>(); |
|
| 14 |
// |
|
| 15 |
// public void setUserInfoUrl(String userInfoUrl) {
|
|
| 16 |
// this.userInfoUrl = userInfoUrl; |
|
| 17 |
// } |
|
| 18 |
// |
|
| 19 |
// public void setOriginServer(String originServer) {
|
|
| 20 |
// this.originServer = originServer; |
|
| 21 |
// } |
|
| 22 |
// |
|
| 23 |
// |
|
| 24 |
// public void setPostsAllowed(List<String> posts) {
|
|
| 25 |
// this.postsAllowed = posts; |
|
| 26 |
// } |
|
| 27 |
// |
|
| 28 |
// public String getUserInfoUrl() {
|
|
| 29 |
// return userInfoUrl; |
|
| 30 |
// } |
|
| 31 |
// |
|
| 32 |
// public String getOriginServer() {
|
|
| 33 |
// return originServer; |
|
| 34 |
// } |
|
| 35 |
// |
|
| 36 |
// public List<String> getPostsAllowed() {
|
|
| 37 |
// return postsAllowed; |
|
| 38 |
// } |
|
| 39 |
// |
|
| 40 |
//} |
|
Also available in: Unified diff
[Trunk | Admin Tools]:
1. pom.xml: Added dependency for spring security.
2. UoaAdminToolsApplication.java: Import AuthorizationConfiguration.class | Remove SecurityConfig.class from @EnableConfigurationProperties.
3. UoaAdminToolsConfiguration.java: Comment "addInterceptors()" method calling AuthorizationHandler with SecurityConfig.
4. SecurityConfig.java & AuthorizationHandler.java & AuthorizationUtils.java & CommunityInfo.java & UserInfo.java: Commented all contents of these files (files will be deleted in coming commit).
5. PortalSubscribersController.java: Comment imports from commeted files.
6. Notifications.java: Added field "aaiId" get getters and setters.
7. NotificationsController.java:
a. Method "getNotifications()" is replaced by "getNotificationsForUser()" (/community/{pid}/notifications) - returns notification settings only for user who made the request (uoa-authorization-li$
b. Path changed for method "getNotifications()": /community/{pid}/notifications/all
c. Remove "@RequestBody String email" parameter from method "deleteNotification()" - get email from user who made the request (uoa-authorization-library).
d. In method "saveNotification()" get aaiId and email from user who made the request (uoa-authorization-library).
e. Added checks and throw Exceptions in all methods.
f. Added @PreAuthorize
Portal Admins: "getNotifications()" (/community/{pid}/notifications/all)
Portal Admins - Curators - Managers: "getNotificationsForUser()" (/community/{pid}/notifications), "deleteNotification()" (/community/{pid}/notifications), "saveNotification()" (/communit$
8. ExploreController.java:
a. Added checks and throw Exceptions in all methods.
b. Added @PreAuthorize
Portal Admins: "updateExplore()" (/explore/update), "insertExplore()" (/explore/save), "deleteExplore()" (/explore/delete).
9. ConnectController.java:
a. Added checks and throw Exceptions in all methods.
b. Added @PreAuthorize
Portal Admins: "updateConnect()" (/connect/update), "insertConnect()" (/connect/save), "deleteConnect()" (/connect/delete).
c. Commented methods "getLayoutForConnect()" and "updateLayoutForConnect()" (/connect/{pid}/layout).
10. CommunityController.java:
a. Added checks and throw Exceptions in all methods.
b. Added @PreAuthorize
Portal Admins: "updateCommunity()" (/community/update), "insertCommunity()" (/community/save), "deleteCommunity()" (/community/delete).
Portal Admin - Curators - Managers: "updateLayoutForCommunity()" (/community/{pid}/layout).
11. CuratorController.java:
a. In "insertCurator() (/curator) set _id field with aaiId from user who made the request (uoa-authorization-library).
b. Added @PreAuthorize
Authenticated users: "getCuratorById()" (/curator/{id}), "insertCurator()" (/curator).
Portal Admins: "deleteCurators()" (/curator).