Examples with PreAuthorize org.springframework.security.access.prepost.PreAuthorize used on opensource projects

Search in sources :

Example 61 with PreAuthorize

use of org.springframework.security.access.prepost.PreAuthorize in project dhis2-core by dhis2.

the class MetadataSyncController method metadataSync.

@PreAuthorize("hasRole('ALL') or hasRole('F_METADATA_MANAGE')")
@GetMapping
public ResponseEntity<? extends WebMessageResponse> metadataSync(HttpServletRequest request, HttpServletResponse response) throws MetadataSyncException, BadRequestException, MetadataImportConflictException, OperationNotAllowedException {
    MetadataSyncParams syncParams;
    MetadataSyncSummary metadataSyncSummary = null;
    synchronized (metadataSyncService) {
        try {
            syncParams = metadataSyncService.getParamsFromMap(contextService.getParameterValuesMap());
        } catch (RemoteServerUnavailableException exception) {
            throw new MetadataSyncException(exception.getMessage(), exception);
        } catch (MetadataSyncServiceException serviceException) {
            throw new BadRequestException("Error in parsing inputParams " + serviceException.getMessage(), serviceException);
        }
        try {
            boolean isSyncRequired = metadataSyncService.isSyncRequired(syncParams);
            if (isSyncRequired) {
                metadataSyncSummary = metadataSyncService.doMetadataSync(syncParams);
                validateSyncSummaryResponse(metadataSyncSummary);
            } else {
                throw new MetadataImportConflictException("Version already exists in system and hence not starting the sync.");
            }
        } catch (MetadataSyncImportException importerException) {
            throw new MetadataSyncException("Runtime exception occurred while doing import: " + importerException.getMessage());
        } catch (MetadataSyncServiceException serviceException) {
            throw new MetadataSyncException("Exception occurred while doing metadata sync: " + serviceException.getMessage());
        } catch (DhisVersionMismatchException versionMismatchException) {
            throw new OperationNotAllowedException("Exception occurred while doing metadata sync: " + versionMismatchException.getMessage());
        }
    }
    return new ResponseEntity<MetadataSyncSummary>(metadataSyncSummary, HttpStatus.OK);
}
Also used : MetadataSyncServiceException(org.hisp.dhis.dxf2.metadata.sync.exception.MetadataSyncServiceException) MetadataSyncParams(org.hisp.dhis.dxf2.metadata.sync.MetadataSyncParams) ResponseEntity(org.springframework.http.ResponseEntity) RemoteServerUnavailableException(org.hisp.dhis.exception.RemoteServerUnavailableException) BadRequestException(org.hisp.dhis.webapi.controller.exception.BadRequestException) MetadataSyncImportException(org.hisp.dhis.dxf2.metadata.sync.exception.MetadataSyncImportException) DhisVersionMismatchException(org.hisp.dhis.dxf2.metadata.sync.exception.DhisVersionMismatchException) MetadataSyncSummary(org.hisp.dhis.dxf2.metadata.sync.MetadataSyncSummary) OperationNotAllowedException(org.hisp.dhis.webapi.controller.exception.OperationNotAllowedException) MetadataSyncException(org.hisp.dhis.webapi.controller.exception.MetadataSyncException) MetadataImportConflictException(org.hisp.dhis.webapi.controller.exception.MetadataImportConflictException) GetMapping(org.springframework.web.bind.annotation.GetMapping) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)

Example 62 with PreAuthorize

use of org.springframework.security.access.prepost.PreAuthorize in project dhis2-core by dhis2.

the class MetadataVersionController method createSystemVersion.

//Creates version in versioning table, exports the metadata and saves the snapshot in datastore
@PreAuthorize("hasRole('ALL') or hasRole('F_METADATA_MANAGE')")
@RequestMapping(value = MetadataVersionSchemaDescriptor.API_ENDPOINT + "/create", method = RequestMethod.POST, produces = ContextUtils.CONTENT_TYPE_JSON)
@ResponseBody
public MetadataVersion createSystemVersion(@RequestParam(value = "type") VersionType versionType) throws MetadataVersionException, BadRequestException {
    MetadataVersion versionToReturn = null;
    boolean enabled = isMetadataVersioningEnabled();
    try {
        if (!enabled) {
            throw new BadRequestException("Metadata versioning is not enabled for this instance.");
        }
        synchronized (versionService) {
            versionService.saveVersion(versionType);
            versionToReturn = versionService.getCurrentVersion();
            return versionToReturn;
        }
    } catch (MetadataVersionServiceException ex) {
        throw new MetadataVersionException("Unable to create version in system. " + ex.getMessage());
    }
}
Also used : MetadataVersion(org.hisp.dhis.metadata.version.MetadataVersion) MetadataVersionServiceException(org.hisp.dhis.dxf2.metadata.version.exception.MetadataVersionServiceException) BadRequestException(org.hisp.dhis.webapi.controller.exception.BadRequestException) MetadataVersionException(org.hisp.dhis.webapi.controller.exception.MetadataVersionException) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) RequestMapping(org.springframework.web.bind.annotation.RequestMapping) ResponseBody(org.springframework.web.bind.annotation.ResponseBody)

Example 63 with PreAuthorize

use of org.springframework.security.access.prepost.PreAuthorize in project dhis2-core by dhis2.

the class UserController method replicateUser.

@SuppressWarnings("unchecked")
@PreAuthorize("hasRole('ALL') or hasRole('F_REPLICATE_USER')")
@RequestMapping(value = "/{uid}/replica", method = RequestMethod.POST)
public void replicateUser(@PathVariable String uid, HttpServletRequest request, HttpServletResponse response) throws IOException, WebMessageException {
    User existingUser = userService.getUser(uid);
    if (existingUser == null || existingUser.getUserCredentials() == null) {
        throw new WebMessageException(WebMessageUtils.conflict("User not found: " + uid));
    }
    User currentUser = currentUserService.getCurrentUser();
    if (!validateCreateUser(existingUser, currentUser)) {
        return;
    }
    Map<String, String> auth = renderService.fromJson(request.getInputStream(), Map.class);
    String username = StringUtils.trimToNull(auth != null ? auth.get(KEY_USERNAME) : null);
    String password = StringUtils.trimToNull(auth != null ? auth.get(KEY_PASSWORD) : null);
    if (auth == null || username == null) {
        throw new WebMessageException(WebMessageUtils.conflict("Username must be specified"));
    }
    if (userService.getUserCredentialsByUsername(username) != null) {
        throw new WebMessageException(WebMessageUtils.conflict("Username already taken: " + username));
    }
    if (password == null) {
        throw new WebMessageException(WebMessageUtils.conflict("Password must be specified"));
    }
    if (!ValidationUtils.passwordIsValid(password)) {
        throw new WebMessageException(WebMessageUtils.conflict("Password must have at least 8 characters, one digit, one uppercase"));
    }
    User userReplica = new User();
    mergeService.merge(new MergeParams<>(existingUser, userReplica).setMergeMode(MergeMode.MERGE));
    userReplica.setUid(CodeGenerator.generateUid());
    userReplica.setCode(null);
    userReplica.setCreated(new Date());
    UserCredentials credentialsReplica = new UserCredentials();
    mergeService.merge(new MergeParams<>(existingUser.getUserCredentials(), credentialsReplica).setMergeMode(MergeMode.MERGE));
    credentialsReplica.setUid(CodeGenerator.generateUid());
    credentialsReplica.setCode(null);
    credentialsReplica.setCreated(new Date());
    credentialsReplica.setLdapId(null);
    credentialsReplica.setOpenId(null);
    credentialsReplica.setUsername(username);
    userService.encodeAndSetPassword(credentialsReplica, password);
    userReplica.setUserCredentials(credentialsReplica);
    credentialsReplica.setUserInfo(userReplica);
    userService.addUser(userReplica);
    userService.addUserCredentials(credentialsReplica);
    userGroupService.addUserToGroups(userReplica, IdentifiableObjectUtils.getUids(existingUser.getGroups()), currentUser);
    // ---------------------------------------------------------------------
    // Replicate user settings
    // ---------------------------------------------------------------------
    List<UserSetting> settings = userSettingService.getUserSettings(existingUser);
    for (UserSetting setting : settings) {
        Optional<UserSettingKey> key = UserSettingKey.getByName(setting.getName());
        key.ifPresent(userSettingKey -> userSettingService.saveUserSetting(userSettingKey, setting.getValue(), userReplica));
    }
    response.addHeader("Location", UserSchemaDescriptor.API_ENDPOINT + "/" + userReplica.getUid());
    webMessageService.send(WebMessageUtils.created("User replica created"), response, request);
}
Also used : User(org.hisp.dhis.user.User) WebMessageException(org.hisp.dhis.dxf2.webmessage.WebMessageException) MergeParams(org.hisp.dhis.schema.MergeParams) UserSettingKey(org.hisp.dhis.user.UserSettingKey) UserCredentials(org.hisp.dhis.user.UserCredentials) Date(java.util.Date) UserSetting(org.hisp.dhis.user.UserSetting) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 64 with PreAuthorize

use of org.springframework.security.access.prepost.PreAuthorize in project dhis2-core by dhis2.

the class SmsController method getSmsCommandTypes.

@PreAuthorize("hasRole('ALL') or hasRole('F_MOBILE_SENDSMS')")
@RequestMapping(value = "/commands/{commandName}", method = RequestMethod.GET, produces = "application/json")
public void getSmsCommandTypes(@PathVariable("commandName") String commandName, @RequestParam ParserType type, HttpServletRequest request, HttpServletResponse response) throws IOException, WebMessageException {
    SMSCommand command = smsCommandService.getSMSCommand(commandName, type);
    if (command == null) {
        throw new WebMessageException(WebMessageUtils.notFound("No SMS command found"));
    }
    response.setContentType(MediaType.APPLICATION_JSON_VALUE);
    renderService.toJson(response.getOutputStream(), command);
}
Also used : WebMessageException(org.hisp.dhis.dxf2.webmessage.WebMessageException) SMSCommand(org.hisp.dhis.sms.command.SMSCommand) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 65 with PreAuthorize

use of org.springframework.security.access.prepost.PreAuthorize in project dhis2-core by dhis2.

the class SmsController method receiveSMSMessage.

@RequestMapping(value = "/inbound", method = RequestMethod.POST, consumes = "application/json")
@PreAuthorize("hasRole('ALL') or hasRole('F_MOBILE_SETTINGS')")
public void receiveSMSMessage(HttpServletRequest request, HttpServletResponse response) throws WebMessageException, ParseException, IOException {
    IncomingSms sms = renderService.fromJson(request.getInputStream(), IncomingSms.class);
    int smsId = incomingSMSService.save(sms);
    webMessageService.send(WebMessageUtils.ok("Received SMS: " + smsId), response, request);
}
Also used : IncomingSms(org.hisp.dhis.sms.incoming.IncomingSms) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Aggregations

PreAuthorize (org.springframework.security.access.prepost.PreAuthorize)289 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)234 ResponseBody (org.springframework.web.bind.annotation.ResponseBody)88 ApiOperation (io.swagger.annotations.ApiOperation)70 ModelAndView (org.springframework.web.servlet.ModelAndView)51 ResultCodeException (eu.bcvsolutions.idm.core.api.exception.ResultCodeException)44 ResponseEntity (org.springframework.http.ResponseEntity)41 ResponseStatus (org.springframework.web.bind.annotation.ResponseStatus)40 WebMessageException (org.hisp.dhis.dxf2.webmessage.WebMessageException)36 IOException (java.io.IOException)35 ServiceException (org.nhindirect.common.rest.exceptions.ServiceException)34 InputStream (java.io.InputStream)26 Date (java.util.Date)26 ArrayList (java.util.ArrayList)25 ImportSummary (org.hisp.dhis.dxf2.importsummary.ImportSummary)23 ConfigurationServiceException (org.nhindirect.config.service.ConfigurationServiceException)21 List (java.util.List)17 HttpHeaders (org.springframework.http.HttpHeaders)16 Grid (org.hisp.dhis.common.Grid)14 SearchDomainForm (org.nhindirect.config.ui.form.SearchDomainForm)14
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial