Examples with Secured org.springframework.security.access.annotation.Secured used on opensource projects

Example 11 with Secured

use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.

the class AuditScenarioController method getScenarioFile.

@RequestMapping(value = TgolKeyStore.DOWNLOAD_SCENARIO_URL_CONTRACT_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public void getScenarioFile(@RequestParam(TgolKeyStore.CONTRACT_ID_KEY) String contractId, @RequestParam(TgolKeyStore.SCENARIO_ID_KEY) String scenarioId, HttpServletResponse response) {
    Contract contract = getContractDataService().read(Long.valueOf(contractId));
    if (contract.getUser().getId().equals(getCurrentUser().getId())) {
        try {
            for (Scenario scenario : contract.getScenarioSet()) {
                if (scenario.getId().equals(Long.valueOf(scenarioId))) {
                    InputStream is = IOUtils.toInputStream(scenario.getContent());
                    IOUtils.copy(is, response.getOutputStream());
                    response.setContentType(TgolKeyStore.CONTENT_TYPE);
                    StringBuilder strb = new StringBuilder(TgolKeyStore.ATTACHMENT);
                    strb.append(scenario.getLabel());
                    strb.append(TgolKeyStore.JSON_EXTENSION);
                    response.setHeader(TgolKeyStore.CONTENT_DISPOSITION, strb.toString());
                    response.flushBuffer();
                    break;
                }
            }
            throw new ForbiddenPageException(getCurrentUser());
        } catch (IOException ex) {
            throw new RuntimeException("IOError writing file to output stream");
        }
    } else {
        throw new ForbiddenPageException(getCurrentUser());
    }
}

Example 12 with Secured

use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.

the class AuditScenarioController method submitForm.

@RequestMapping(value = TgolKeyStore.AUDIT_SCENARIO_SET_UP_CONTRACT_URL, method = RequestMethod.POST)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
protected String submitForm(@ModelAttribute(TgolKeyStore.ADD_SCENARIO_COMMAND_KEY) AuditSetUpCommand auditSetUpCommand, BindingResult result, Model model, HttpServletRequest request) {
    Contract contract = getContractDataService().read(auditSetUpCommand.getContractId());
    Map<String, List<AuditSetUpFormField>> formFielMap = getFreshAuditSetUpFormFieldMap(contract, getScenarioOptionFormFieldBuilderMap());
    AuditSetUpFormValidator auditSetUpFormValidator = getAuditSiteSetUpFormValidator();
    return submitForm(contract, auditSetUpCommand, formFielMap, auditSetUpFormValidator, model, result, request);
}

Example 13 with Secured

use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.

the class AuditScenarioController method addScenario.

@RequestMapping(value = TgolKeyStore.AUDIT_SCENARIO_MANAGEMENT_CONTRACT_URL, method = RequestMethod.POST)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
protected String addScenario(@ModelAttribute(TgolKeyStore.ADD_SCENARIO_COMMAND_KEY) AddScenarioCommand addScenarioCommand, BindingResult result, Model model, HttpServletRequest request) {
    Contract contract = getContractDataService().read(addScenarioCommand.getContractId());
    addScenarioFormValidator.validate(addScenarioCommand, result);
    // and the same page with updated data is displayed again
    if (!result.hasErrors()) {
        saveScenario(addScenarioCommand, contract);
        model.addAttribute(TgolKeyStore.NEW_SCENARIO_NAME_KEY, addScenarioCommand.getScenarioLabel());
        prepareScenarioManagementData(model, addScenarioCommand.getContractId().toString());
        return TgolKeyStore.SCENARIO_MANAGEMENT_VIEW_NAME;
    }
    addScenarioListToModel(contract, model);
    model.addAttribute(TgolKeyStore.ADD_SCENARIO_COMMAND_KEY, addScenarioCommand);
    model.addAttribute(TgolKeyStore.CONTRACT_NAME_KEY, contract.getLabel());
    return TgolKeyStore.SCENARIO_MANAGEMENT_VIEW_NAME;
}

Example 14 with Secured

use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.

the class AccountSettingsController method submitChangeTestWeight.

/**
     * 
     * @param refCode
     * @param changeTestWeightCommand
     * @param result
     * @param model
     * @param request
     * @return
     * @throws Exception 
     */
@RequestMapping(value = TgolKeyStore.TEST_WEIGHT_URL, method = RequestMethod.POST)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public String submitChangeTestWeight(@RequestParam(TgolKeyStore.REFERENTIAL_CD_KEY) String refCode, @ModelAttribute(TgolKeyStore.CHANGE_TEST_WEIGHT_COMMAND_KEY) ChangeTestWeightCommand changeTestWeightCommand, BindingResult result, Model model, HttpServletRequest request) throws Exception {
    Reference referential = refMap.get(refCode);
    if (referential == null || !secondaryLevelMenuDisplayer.isRequestedReferentialModifiable(refCode)) {
        throw new ForbiddenPageException();
    }
    // We check whether the form is valid
    changeTestWeightFormValidator.validate(changeTestWeightCommand, result);
    // If the form has some errors, we display it again with errors' details
    addTestListAndModifiableRefToModel(referential, model);
    model.addAttribute(TgolKeyStore.CHANGE_TEST_WEIGHT_COMMAND_KEY, changeTestWeightCommand);
    if (!result.hasErrors()) {
        ChangeTestWeightCommandFactory.getInstance().updateUserTestWeight(getCurrentUser(), changeTestWeightCommand);
        model.addAttribute(TgolKeyStore.TEST_WEIGHT_SUCCESSFULLY_UPDATED_KEY, true);
    }
    return TgolKeyStore.TEST_WEIGHT_VIEW_NAME;
}

Example 15 with Secured

use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.

the class AccountSettingsController method submitAccountSettingForm.

/**
     * This methods controls the validity of the edit user form.
     * If the user tries to modidy its email, or try to desactivate its account
     * or try to set him as admin where he's not admin, return attack message.
     * 
     * @param createUserCommand
     * @param result
     * @param model
     * @return
     * @throws Exception
     */
@RequestMapping(value = TgolKeyStore.ACCOUNT_SETTINGS_URL, method = RequestMethod.POST)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
protected String submitAccountSettingForm(@ModelAttribute(TgolKeyStore.CREATE_USER_COMMAND_KEY) CreateUserCommand createUserCommand, BindingResult result, Model model) throws Exception {
    User user = getCurrentUser();
    if (this.forbiddenUserList.contains(user.getEmail1())) {
        throw new ForbiddenPageException();
    }
    if (!createUserCommand.getEmail().equals(user.getEmail1()) || (createUserCommand.getAdmin() && !isUserAdmin(user))) {
        model.addAttribute(TgolKeyStore.CREATE_USER_ATTACK_COMMAND_KEY, true);
        return prepateDataAndReturnCreateUserView(model, user, TgolKeyStore.ACCOUNT_SETTINGS_VIEW_NAME);
    }
    secondaryLevelMenuDisplayer.setModifiableReferentialsForUserToModel(user, model);
    return submitUpdateUserForm(createUserCommand, result, null, model, user, TgolKeyStore.ACCOUNT_SETTINGS_VIEW_NAME, TgolKeyStore.ACCOUNT_SETTINGS_VIEW_NAME, false, false, TgolKeyStore.UPDATED_USER_NAME_KEY);
}