Examples with Secured org.springframework.security.access.annotation.Secured used on opensource projects

Example 96 with Secured

use of org.springframework.security.access.annotation.Secured in project hello-world by haoziapple.

the class UserResource method createUser.

/**
 * POST  /users  : Creates a new user.
 * <p>
 * Creates a new user if the login and email are not already used, and sends an
 * mail with an activation link.
 * The user needs to be activated on creation.
 *
 * @param userDTO the user to create
 * @return the ResponseEntity with status 201 (Created) and with body the new user, or with status 400 (Bad Request) if the login or email is already in use
 * @throws URISyntaxException if the Location URI syntax is incorrect
 * @throws BadRequestAlertException 400 (Bad Request) if the login or email is already in use
 */
@PostMapping("/users")
@Timed
@Secured(AuthoritiesConstants.ADMIN)
public ResponseEntity<User> createUser(@Valid @RequestBody UserDTO userDTO) throws URISyntaxException {
    log.debug("REST request to save User : {}", userDTO);
    if (userDTO.getId() != null) {
        throw new BadRequestAlertException("A new user cannot already have an ID", "userManagement", "idexists");
    // Lowercase the user login before comparing with database
    } else if (userRepository.findOneByLogin(userDTO.getLogin().toLowerCase()).isPresent()) {
        throw new LoginAlreadyUsedException();
    } else if (userRepository.findOneByEmailIgnoreCase(userDTO.getEmail()).isPresent()) {
        throw new EmailAlreadyUsedException();
    } else {
        User newUser = userService.createUser(userDTO);
        mailService.sendCreationEmail(newUser);
        return ResponseEntity.created(new URI("/api/users/" + newUser.getLogin())).headers(HeaderUtil.createAlert("A user is created with identifier " + newUser.getLogin(), newUser.getLogin())).body(newUser);
    }
}

Example 97 with Secured

use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.

the class AuditScenarioController method getScenarioFile.

@RequestMapping(value = TgolKeyStore.DOWNLOAD_SCENARIO_URL_CONTRACT_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public void getScenarioFile(@RequestParam(TgolKeyStore.CONTRACT_ID_KEY) String contractId, @RequestParam(TgolKeyStore.SCENARIO_ID_KEY) String scenarioId, HttpServletResponse response) {
    Contract contract = contractDataService.read(Long.valueOf(contractId));
    if (contract.getUser().getId().equals(getCurrentUser().getId())) {
        try {
            for (Scenario scenario : contract.getScenarioSet()) {
                if (scenario.getId().equals(Long.valueOf(scenarioId))) {
                    InputStream is = IOUtils.toInputStream(scenario.getContent());
                    IOUtils.copy(is, response.getOutputStream());
                    response.setContentType(TgolKeyStore.CONTENT_TYPE);
                    StringBuilder strb = new StringBuilder(TgolKeyStore.ATTACHMENT);
                    strb.append(scenario.getLabel());
                    strb.append(TgolKeyStore.JSON_EXTENSION);
                    response.setHeader(TgolKeyStore.CONTENT_DISPOSITION, strb.toString());
                    response.flushBuffer();
                    return;
                }
            }
            throw new ForbiddenPageException(getCurrentUser());
        } catch (IOException ex) {
            throw new RuntimeException("IOError writing file to output stream");
        }
    } else {
        throw new ForbiddenPageException(getCurrentUser());
    }
}

Example 98 with Secured

use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.

the class AuditScenarioController method submitForm.

@RequestMapping(value = TgolKeyStore.AUDIT_SCENARIO_SET_UP_CONTRACT_URL, method = RequestMethod.POST)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
protected String submitForm(@ModelAttribute(TgolKeyStore.ADD_SCENARIO_COMMAND_KEY) AuditSetUpCommand auditSetUpCommand, BindingResult result, Model model, HttpServletRequest request) {
    Contract contract = contractDataService.read(auditSetUpCommand.getContractId());
    Map<String, List<AuditSetUpFormField>> formFielMap = getFreshAuditSetUpFormFieldMap(contract, scenarioOptionFormFieldBuilderMap);
    return submitForm(contract, auditSetUpCommand, formFielMap, auditSiteSetUpFormValidator, model, result, request);
}

Example 99 with Secured

use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.

the class AuditScenarioController method addScenario.

@RequestMapping(value = TgolKeyStore.AUDIT_SCENARIO_MANAGEMENT_CONTRACT_URL, method = RequestMethod.POST)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
protected String addScenario(@ModelAttribute(TgolKeyStore.ADD_SCENARIO_COMMAND_KEY) AddScenarioCommand addScenarioCommand, BindingResult result, Model model, HttpServletRequest request) {
    Contract contract = contractDataService.read(addScenarioCommand.getContractId());
    addScenarioFormValidator.validate(addScenarioCommand, result);
    // and the same page with updated data is displayed again
    if (!result.hasErrors()) {
        saveScenario(addScenarioCommand, contract);
        model.addAttribute(TgolKeyStore.NEW_SCENARIO_NAME_KEY, addScenarioCommand.getScenarioLabel());
        prepareScenarioManagementData(model, addScenarioCommand.getContractId().toString());
        return TgolKeyStore.SCENARIO_MANAGEMENT_VIEW_NAME;
    }
    addScenarioListToModel(contract, model);
    model.addAttribute(TgolKeyStore.ADD_SCENARIO_COMMAND_KEY, addScenarioCommand);
    model.addAttribute(TgolKeyStore.CONTRACT_NAME_KEY, contract.getLabel());
    return TgolKeyStore.SCENARIO_MANAGEMENT_VIEW_NAME;
}

Example 100 with Secured

use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.

the class AuditSynthesisController method displayAuditTestSynthesisFromContract.

/**
 * @param auditId
 * @param request
 * @param response
 * @param model
 * @return
 */
@RequestMapping(value = TgolKeyStore.FAILED_TEST_LIST_CONTRACT_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public String displayAuditTestSynthesisFromContract(@RequestParam(TgolKeyStore.AUDIT_ID_KEY) String auditId, HttpServletRequest request, HttpServletResponse response, Model model) {
    Long aId;
    try {
        aId = Long.valueOf(auditId);
    } catch (NumberFormatException nfe) {
        throw new ForbiddenPageException();
    }
    Audit audit = auditDataService.read(aId);
    if (isUserAllowedToDisplayResult(audit)) {
        if (isAuthorizedScopeForSynthesis(audit)) {
            Contract contract = retrieveContractFromAudit(audit);
            model.addAttribute(TgolKeyStore.CONTRACT_ID_KEY, contract.getId());
            model.addAttribute(TgolKeyStore.CONTRACT_NAME_KEY, contract.getLabel());
            model.addAttribute(TgolKeyStore.AUDIT_ID_KEY, auditId);
            model.addAttribute(TgolKeyStore.REFERENTIAL_CD_KEY, parameterDataService.getReferentialKeyFromAudit(audit));
            model.addAttribute(TgolKeyStore.WEBRESOURCE_ID_KEY, audit.getSubject().getId());
            Site site = (Site) audit.getSubject();
            // TODO cas manual
            addAuditStatisticsToModel(site, model, TgolKeyStore.TEST_DISPLAY_SCOPE_VALUE);
            model.addAttribute(TgolKeyStore.FAILED_TEST_INFO_BY_OCCURRENCE_SET_KEY, statisticsDataService.getFailedTestByOccurrence(site, audit, -1));
            model.addAttribute(TgolKeyStore.HAS_SITE_SCOPE_TEST_KEY, processResultDataService.hasAuditSiteScopeResult(site, siteScope));
            model.addAttribute(TgolKeyStore.STATUS_KEY, computeAuditStatus(site.getAudit()));
            return TgolKeyStore.FAILED_TEST_LIST_VIEW_NAME;
        } else {
            throw new ForbiddenPageException();
        }
    } else {
        throw new ForbiddenUserException();
    }
}