Search in sources :

Example 1 with Secured

use of org.springframework.security.access.annotation.Secured in project summerb by skarpushin.

the class LoginController method processPasswordChangeForm.

@Secured({ "ROLE_USER" })
@RequestMapping(method = RequestMethod.POST, value = SecurityActionsUrlsProviderDefaultImpl.CHANGE_PASSWORD)
public String processPasswordChangeForm(@ModelAttribute(ATTR_PASSWORD_CHANGE) PasswordChange passwordChange, Model model, HttpServletRequest request) throws UserNotFoundException {
    try {
        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
        usersServiceFacade.changePassword(auth.getName(), passwordChange);
        model.addAttribute(ATTR_PASSWORD_CHANGED, true);
    } catch (FieldValidationException fve) {
        model.addAttribute(ControllerBase.ATTR_VALIDATION_ERRORS, new ValidationErrorsVm(fve.getErrors()));
    }
    return views.changePassword();
}
Also used : FieldValidationException(org.summerb.approaches.validation.FieldValidationException) Authentication(org.springframework.security.core.Authentication) ValidationErrorsVm(org.summerb.approaches.springmvc.model.ValidationErrorsVm) Secured(org.springframework.security.access.annotation.Secured) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 2 with Secured

use of org.springframework.security.access.annotation.Secured in project summerb by skarpushin.

the class LoginRestController method processPasswordChangeForm.

@Secured({ "ROLE_USER" })
@RequestMapping(method = RequestMethod.POST, value = "change")
public User processPasswordChangeForm(@RequestBody PasswordChange passwordChange) throws UserNotFoundException, FieldValidationException {
    User user = securityContextResolver.getUser();
    usersServiceFacade.changePassword(user.getEmail(), passwordChange);
    return user;
}
Also used : User(org.summerb.microservices.users.api.dto.User) Secured(org.springframework.security.access.annotation.Secured) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 3 with Secured

use of org.springframework.security.access.annotation.Secured in project herd by FINRAOS.

the class BusinessObjectDataStatusRestController method updateBusinessObjectDataStatus.

/**
 * Updates status of a business object data with 2 subpartition values. <p>Requires WRITE permission on namespace</p>
 *
 * @param namespace the namespace
 * @param businessObjectDefinitionName the business object definition name
 * @param businessObjectFormatUsage the business object format usage
 * @param businessObjectFormatFileType the business object format file type
 * @param businessObjectFormatVersion the business object format version
 * @param partitionValue the partition value
 * @param subPartition1Value the value of the first subpartition
 * @param subPartition2Value the value of the second subpartition
 * @param businessObjectDataVersion the business object data version
 * @param request the business object data status update request
 *
 * @return the business object data status update response
 */
@RequestMapping(value = BUSINESS_OBJECT_DATA_STATUS_URI_PREFIX + "/namespaces/{namespace}" + "/businessObjectDefinitionNames/{businessObjectDefinitionName}/businessObjectFormatUsages/{businessObjectFormatUsage}" + "/businessObjectFormatFileTypes/{businessObjectFormatFileType}/businessObjectFormatVersions/{businessObjectFormatVersion}" + "/partitionValues/{partitionValue}/subPartition1Values/{subPartition1Value}/subPartition2Values/{subPartition2Value}" + "/businessObjectDataVersions/{businessObjectDataVersion}", method = RequestMethod.PUT, consumes = { "application/xml", "application/json" })
@Secured(SecurityFunctions.FN_BUSINESS_OBJECT_DATA_STATUS_PUT)
public BusinessObjectDataStatusUpdateResponse updateBusinessObjectDataStatus(@PathVariable("namespace") String namespace, @PathVariable("businessObjectDefinitionName") String businessObjectDefinitionName, @PathVariable("businessObjectFormatUsage") String businessObjectFormatUsage, @PathVariable("businessObjectFormatFileType") String businessObjectFormatFileType, @PathVariable("businessObjectFormatVersion") Integer businessObjectFormatVersion, @PathVariable("partitionValue") String partitionValue, @PathVariable("subPartition1Value") String subPartition1Value, @PathVariable("subPartition2Value") String subPartition2Value, @PathVariable("businessObjectDataVersion") Integer businessObjectDataVersion, @RequestBody BusinessObjectDataStatusUpdateRequest request) {
    // Update status of the business object data.
    BusinessObjectDataStatusUpdateResponse businessObjectDataStatusUpdateResponse = businessObjectDataStatusService.updateBusinessObjectDataStatus(new BusinessObjectDataKey(namespace, businessObjectDefinitionName, businessObjectFormatUsage, businessObjectFormatFileType, businessObjectFormatVersion, partitionValue, Arrays.asList(subPartition1Value, subPartition2Value), businessObjectDataVersion), request);
    // Create business object data notification.
    notificationEventService.processBusinessObjectDataNotificationEventAsync(NotificationEventTypeEntity.EventTypesBdata.BUS_OBJCT_DATA_STTS_CHG, businessObjectDataStatusUpdateResponse.getBusinessObjectDataKey(), businessObjectDataStatusUpdateResponse.getStatus(), businessObjectDataStatusUpdateResponse.getPreviousStatus());
    return businessObjectDataStatusUpdateResponse;
}
Also used : BusinessObjectDataStatusUpdateResponse(org.finra.herd.model.api.xml.BusinessObjectDataStatusUpdateResponse) BusinessObjectDataKey(org.finra.herd.model.api.xml.BusinessObjectDataKey) Secured(org.springframework.security.access.annotation.Secured) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 4 with Secured

use of org.springframework.security.access.annotation.Secured in project herd by FINRAOS.

the class BusinessObjectDataRestController method invalidateUnregisteredBusinessObjectData.

/**
 * Registers data as INVALID for objects which exist in S3 but are not registered in herd. <p> Requires WRITE permission on namespace </p>
 *
 * @param businessObjectDataInvalidateUnregisteredRequest the business object data invalidate un-register request
 *
 * @return the business object data invalidate unregistered response
 */
@RequestMapping(value = "/businessObjectData/unregistered/invalidation", method = RequestMethod.POST, consumes = { "application/xml", "application/json" })
@Secured(SecurityFunctions.FN_BUSINESS_OBJECT_DATA_UNREGISTERED_INVALIDATE)
public BusinessObjectDataInvalidateUnregisteredResponse invalidateUnregisteredBusinessObjectData(@RequestBody BusinessObjectDataInvalidateUnregisteredRequest businessObjectDataInvalidateUnregisteredRequest) {
    BusinessObjectDataInvalidateUnregisteredResponse businessObjectDataInvalidateUnregisteredResponse = businessObjectDataService.invalidateUnregisteredBusinessObjectData(businessObjectDataInvalidateUnregisteredRequest);
    // Trigger notifications.
    businessObjectDataDaoHelper.triggerNotificationsForInvalidateUnregisteredBusinessObjectData(businessObjectDataInvalidateUnregisteredResponse);
    return businessObjectDataInvalidateUnregisteredResponse;
}
Also used : BusinessObjectDataInvalidateUnregisteredResponse(org.finra.herd.model.api.xml.BusinessObjectDataInvalidateUnregisteredResponse) Secured(org.springframework.security.access.annotation.Secured) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 5 with Secured

use of org.springframework.security.access.annotation.Secured in project herd by FINRAOS.

the class PartitionKeyGroupRestController method deletePartitionKeyGroup.

/**
 * Deletes an existing partition key group by name.
 *
 * @param partitionKeyGroupName the partition key group name
 *
 * @return the partition key group that got deleted
 */
@RequestMapping(value = PARTITION_KEY_GROUPS_URI_PREFIX + "/{partitionKeyGroupName}", method = RequestMethod.DELETE)
@Secured(SecurityFunctions.FN_PARTITION_KEY_GROUPS_DELETE)
public PartitionKeyGroup deletePartitionKeyGroup(@PathVariable("partitionKeyGroupName") String partitionKeyGroupName) {
    PartitionKeyGroupKey partitionKeyGroupKey = new PartitionKeyGroupKey();
    partitionKeyGroupKey.setPartitionKeyGroupName(partitionKeyGroupName);
    return partitionKeyGroupService.deletePartitionKeyGroup(partitionKeyGroupKey);
}
Also used : PartitionKeyGroupKey(org.finra.herd.model.api.xml.PartitionKeyGroupKey) Secured(org.springframework.security.access.annotation.Secured) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Aggregations

Secured (org.springframework.security.access.annotation.Secured)256 VerticalLayout (com.vaadin.ui.VerticalLayout)117 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)50 ForbiddenUserException (org.asqatasun.webapp.exception.ForbiddenUserException)23 HorizontalLayout (com.vaadin.ui.HorizontalLayout)20 CollectSurvey (org.openforis.collect.model.CollectSurvey)20 UserAccount (com.hack23.cia.model.internal.application.user.impl.UserAccount)18 Contract (org.asqatasun.entity.contract.Contract)17 ForbiddenPageException (org.asqatasun.webapp.exception.ForbiddenPageException)16 Timed (com.codahale.metrics.annotation.Timed)14 ViewRiksdagenParty (com.hack23.cia.model.internal.application.data.party.impl.ViewRiksdagenParty)14 CreateApplicationEventRequest (com.hack23.cia.service.api.action.application.CreateApplicationEventRequest)14 URI (java.net.URI)14 User (org.asqatasun.entity.user.User)14 ViewRiksdagenCommittee (com.hack23.cia.model.internal.application.data.committee.impl.ViewRiksdagenCommittee)13 ViewRiksdagenPolitician (com.hack23.cia.model.internal.application.data.politician.impl.ViewRiksdagenPolitician)13 SessionState (org.openforis.collect.web.session.SessionState)13 CollectRecord (org.openforis.collect.model.CollectRecord)12 DocumentElement (com.hack23.cia.model.external.riksdagen.dokumentlista.impl.DocumentElement)11 ArrayList (java.util.ArrayList)11