Added some endpoints not protected

This commit is contained in:
Filip Izydorczyk 2020-09-15 11:31:30 +02:00
parent 82c4c9d0fe
commit b951f1f934
6 changed files with 59 additions and 31 deletions

View File

@ -1,11 +1,12 @@
# Dokumetacja API # Dokumetacja API
| Api | Zadania endpointa | | Api | Zadania endpointa |
| ---------------------------------------------- | ---------------------------------------------------------- | | ------------------------------------------------------------- | ---------------------------------------------------------------------------- |
| [/config](#config) | Załadowanie konfiguracji startowej do aplikacji PlanNaPlan | | [/api/v1/configurator/config](#config) | Załadowanie konfiguracji startowej do aplikacji PlanNaPlan |
| [/getCoursesWithGroups](#getcourseswithgroups) | Zwrócenie wszytskich kursów razem z grupami | | [/api/v1/courses/getCoursesWithGroups](#getcourseswithgroups) | Zwrócenie wszytskich kursów razem z grupami |
| [/getCourseGroups](#getcoursegroups) | Zwrócenie grup dla danego kursu | | [/api/v1/groups/getCourseGroups](#getcoursegroups) | Zwrócenie grup dla danego kursu |
| [/getCourses](#getcourses) | Zwrócenie wszystkich kursów | | [/api/v1/courses/getCourses](#getcourses) | Zwrócenie wszystkich kursów |
| [/token](#token) | Wymienia ticket z CAS-a na token ktorym beda autoryzowane chronione requesty |
## config ## config
@ -30,7 +31,7 @@ Endpoint konfigurujacy caly system i importujacy dane do bazy.
Source code: [link](../restservice/src/main/java/com/plannaplan/controllers/getCoursesWithGroups.java) Source code: [link](../restservice/src/main/java/com/plannaplan/controllers/getCoursesWithGroups.java)
``` ```
GET /getCoursesWithGroups GET /api/v1/courses/getCoursesWithGroups
``` ```
#### Opis #### Opis
@ -42,7 +43,7 @@ Zwraca wszystkie dostepne kursy wraz z listą grup.
Source code: [link](../restservice/src/main/java/com/plannaplan/controllers/GroupController.java) Source code: [link](../restservice/src/main/java/com/plannaplan/controllers/GroupController.java)
``` ```
GET /getCourseGroups GET /api/v1/groups/getCourseGroups
``` ```
#### Opis #### Opis
@ -61,9 +62,27 @@ Zwraca wszytskie grupy dla danego kursu.
Source code: [link](../restservice/src/main/java/com/plannaplan/controllers/CoursesController.java) Source code: [link](../restservice/src/main/java/com/plannaplan/controllers/CoursesController.java)
``` ```
GET /getCourses GET /api/v1/courses/getCourses
``` ```
#### Opis #### Opis
Zwraca wszystkie dostepne kursy. Zwraca wszystkie dostepne kursy.
## token
Source code: [link](../restservice/src/main/java/com/plannaplan/controllers/TokenController.java)
```
GET /token?ticket=ST-668405-W0gfvSVDRBdMUWLweKzv-cas.amu.edu.pl
```
#### Opis
Po odpytaniu tego endpointa z podanym ticketem system zrobi nma nim validate i dostanie uzytkownika dla ktorego zostal on wygenerowany. System utworzy dla niego access token i go zwroci w odpowiedzi
#### Parametry
| Type | Name | Consumes | Opis | Type |
| ----------- | ------------------------- | -------- | --------------------------------------- | ------ |
| Query Param | **ticket** </br> required | - | ticket uzyskany z logowania poprzez CAS | string |

View File

@ -13,6 +13,8 @@ import org.springframework.context.event.EventListener;
@SpringBootApplication @SpringBootApplication
public class App { public class App {
public final static String API_VERSION = "v1";
@Autowired @Autowired
UserService userService; UserService userService;

View File

@ -5,6 +5,7 @@ import org.springframework.web.bind.annotation.RestController;
import java.io.IOException; import java.io.IOException;
import com.plannaplan.App;
import com.plannaplan.Controller; import com.plannaplan.Controller;
import com.plannaplan.models.ConfigData; import com.plannaplan.models.ConfigData;
@ -12,11 +13,13 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus; import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity; import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.multipart.MultipartFile; import org.springframework.web.multipart.MultipartFile;
@RestController @RestController
@CrossOrigin @CrossOrigin
@RequestMapping("/api/" + App.API_VERSION + "/configurator")
public class ConfigController { public class ConfigController {
@Autowired @Autowired

View File

@ -5,6 +5,7 @@ import java.util.Dictionary;
import java.util.Hashtable; import java.util.Hashtable;
import java.util.List; import java.util.List;
import com.plannaplan.App;
import com.plannaplan.entities.Course; import com.plannaplan.entities.Course;
import com.plannaplan.entities.Groups; import com.plannaplan.entities.Groups;
import com.plannaplan.services.CourseService; import com.plannaplan.services.CourseService;
@ -15,9 +16,11 @@ import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.CrossOrigin; import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.RestController; import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
@RestController @RestController
@CrossOrigin @CrossOrigin
@RequestMapping("/api/" + App.API_VERSION + "/courses")
public class CoursesController { public class CoursesController {
@Autowired @Autowired
private CourseService courseService; private CourseService courseService;

View File

@ -5,6 +5,7 @@ import java.util.Dictionary;
import java.util.Hashtable; import java.util.Hashtable;
import java.util.List; import java.util.List;
import com.plannaplan.App;
import com.plannaplan.entities.Groups; import com.plannaplan.entities.Groups;
import com.plannaplan.services.GroupService; import com.plannaplan.services.GroupService;
@ -13,21 +14,23 @@ import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity; import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.CrossOrigin; import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController; import org.springframework.web.bind.annotation.RestController;
@RestController @RestController
@CrossOrigin @CrossOrigin
@RequestMapping("/api/" + App.API_VERSION + "/groups")
public class GroupController { public class GroupController {
@Autowired @Autowired
private GroupService groupService; private GroupService groupService;
@GetMapping("/getCourseGroups") @GetMapping("/getCourseGroups")
public ResponseEntity<List<Dictionary<String, Object>>> getCourses(@RequestParam("id") Long id, @RequestParam(name="capacity", defaultValue="true") Boolean capacity){ public ResponseEntity<List<Dictionary<String, Object>>> getCourses(@RequestParam("id") Long id,
@RequestParam(name = "capacity", defaultValue = "true") Boolean capacity) {
List<Groups> groups = this.groupService.getGroupsByCourse(id); List<Groups> groups = this.groupService.getGroupsByCourse(id);
List<Dictionary<String, Object>> response = new ArrayList<>(); List<Dictionary<String, Object>> response = new ArrayList<>();
for (Groups g : groups) { for (Groups g : groups) {
Dictionary<String, Object> group = new Hashtable<>(); Dictionary<String, Object> group = new Hashtable<>();
group.put("id", g.getId()); group.put("id", g.getId());

View File

@ -2,7 +2,6 @@ package com.plannaplan.security;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity;
@ -37,7 +36,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override @Override
public void configure(final WebSecurity webSecurity) { public void configure(final WebSecurity webSecurity) {
webSecurity.ignoring().antMatchers("/token**"); webSecurity.ignoring().antMatchers("/token**").antMatchers("/api/v1/courses/getCourses")
.antMatchers("/api/v1/groups/getCourseGroups").antMatchers("/api/v1/courses/getCoursesWithGroups");
} }
@Override @Override
@ -46,15 +46,13 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
.sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().exceptionHandling().and() .sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().exceptionHandling().and()
.authenticationProvider(provider) .authenticationProvider(provider)
.addFilterBefore(authenticationFilter(), AnonymousAuthenticationFilter.class).authorizeRequests() .addFilterBefore(authenticationFilter(), AnonymousAuthenticationFilter.class).authorizeRequests()
.antMatchers(HttpMethod.GET, "/token**").permitAll().anyRequest().authenticated(); .anyRequest().authenticated();
} }
@Bean
AuthenticationFilter authenticationFilter() throws Exception { AuthenticationFilter authenticationFilter() throws Exception {
final AuthenticationFilter filter = new AuthenticationFilter(PROTECTED_URLS); final AuthenticationFilter filter = new AuthenticationFilter(PROTECTED_URLS);
filter.setAuthenticationManager(authenticationManager()); filter.setAuthenticationManager(authenticationManager());
// filter.setAuthenticationSuccessHandler(successHandler());
return filter; return filter;
} }