Skip to content

Commit

Permalink
Introduce context path and remove /download/
Browse files Browse the repository at this point in the history
 from controller
  • Loading branch information
KochTobi committed Apr 5, 2024
1 parent c64a3f2 commit 3ef8764
Show file tree
Hide file tree
Showing 4 changed files with 6 additions and 13 deletions.
Original file line number Diff line number Diff line change
@@ -1,11 +1,8 @@
package life.qbic.data_download.rest.config;

import io.swagger.v3.oas.annotations.OpenAPIDefinition;
import io.swagger.v3.oas.annotations.enums.SecuritySchemeIn;
import io.swagger.v3.oas.annotations.enums.SecuritySchemeType;
import io.swagger.v3.oas.annotations.info.Info;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import io.swagger.v3.oas.annotations.security.SecurityScheme;
import io.swagger.v3.oas.models.Components;
import io.swagger.v3.oas.models.OpenAPI;
import io.swagger.v3.oas.models.security.SecurityScheme.In;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,6 @@
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.expression.DefaultHttpSecurityExpressionHandler;
Expand Down Expand Up @@ -109,7 +108,7 @@ public SecurityFilterChain apiFilterChain(HttpSecurity http,
.addFilterAt(tokenAuthenticationFilter, BasicAuthenticationFilter.class)
.authorizeHttpRequests(authorizedRequest ->
authorizedRequest
.requestMatchers("/download/measurements/{measurementId}")
.requestMatchers("/measurements/{measurementId}")
.access(anyOf(
requestAuthorizationManagerFactory.spel(
"hasPermission(#measurementId, 'qbic.measurement', 'READ')")
Expand All @@ -127,11 +126,6 @@ public RequestAuthorizationManagerFactory authorizationManagerFactory(
return new RequestAuthorizationManagerFactory(expressionHandler);
}

@Bean
public WebSecurityCustomizer webSecurityCustomizer() {
return web -> web.ignoring().requestMatchers(ignoredEndpoints);
}

// ACL
@Bean("auditLogger")
public AuditLogger auditLogger() {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,12 +31,10 @@
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.servlet.mvc.method.annotation.StreamingResponseBody;

@RestController
@RequestMapping(path = "/download")
public class DownloadController {

private final MeasurementDataProvider measurementDataProvider;
Expand All @@ -58,7 +56,8 @@ public DownloadController(
@Parameter(name = "measurementId", required = true, description = "The identifier of the measurement to download")
@ApiResponses(value = {
@ApiResponse(responseCode = "200", description = "successful operation, the measurement is retrieved asynchronously", content = @Content(schema = @Schema(implementation = Void.class))),
@ApiResponse(responseCode = "404", description = "measurement not found", content = @Content(schema = @Schema(implementation = Void.class)))
@ApiResponse(responseCode = "403", description = "forbidden, you do not have access to this resource", content = @Content(schema = @Schema(implementation = Void.class))),
@ApiResponse(responseCode = "404", description = "measurement not found", content = @Content(schema = @Schema(implementation = Void.class))),
})
public ResponseEntity<StreamingResponseBody> downloadMeasurement(
@PathVariable("measurementId") String measurementId) {
Expand Down
3 changes: 3 additions & 0 deletions rest-api/src/main/resources/application.properties
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,11 @@ spring.datasource.url=${USER_DB_URL:localhost}
spring.datasource.driver-class-name=${USER_DB_DRIVER:com.mysql.cj.jdbc.Driver}
spring.datasource.username=${USER_DB_USER_NAME:myusername}
spring.datasource.password=${USER_DB_USER_PW:astrongpassphrase!}

### Spring JPA general configuration
spring.jpa.hibernate.naming.implicit-strategy=org.hibernate.boot.model.naming.ImplicitNamingStrategyLegacyJpaImpl
spring.jpa.hibernate.naming.physical-strategy=org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
spring.jpa.open-in-view=false

### openAPI and Swagger UI endpoints
springdoc.api-docs.enabled=true
Expand Down

0 comments on commit 3ef8764

Please sign in to comment.