Added some endpoints not protected

This commit is contained in:
Filip Izydorczyk 2020-09-15 11:31:30 +02:00
parent 82c4c9d0fe
commit b951f1f934
6 changed files with 59 additions and 31 deletions

View File

@ -1,11 +1,12 @@
# Dokumetacja API
| Api | Zadania endpointa |
| ---------------------------------------------- | ---------------------------------------------------------- |
| [/config](#config) | Załadowanie konfiguracji startowej do aplikacji PlanNaPlan |
| [/getCoursesWithGroups](#getcourseswithgroups) | Zwrócenie wszytskich kursów razem z grupami |
| [/getCourseGroups](#getcoursegroups) | Zwrócenie grup dla danego kursu |
| [/getCourses](#getcourses) | Zwrócenie wszystkich kursów |
| ------------------------------------------------------------- | ---------------------------------------------------------------------------- |
| [/api/v1/configurator/config](#config) | Załadowanie konfiguracji startowej do aplikacji PlanNaPlan |
| [/api/v1/courses/getCoursesWithGroups](#getcourseswithgroups) | Zwrócenie wszytskich kursów razem z grupami |
| [/api/v1/groups/getCourseGroups](#getcoursegroups) | Zwrócenie grup dla danego kursu |
| [/api/v1/courses/getCourses](#getcourses) | Zwrócenie wszystkich kursów |
| [/token](#token) | Wymienia ticket z CAS-a na token ktorym beda autoryzowane chronione requesty |
## config
@ -30,7 +31,7 @@ Endpoint konfigurujacy caly system i importujacy dane do bazy.
Source code: [link](../restservice/src/main/java/com/plannaplan/controllers/getCoursesWithGroups.java)
```
GET /getCoursesWithGroups
GET /api/v1/courses/getCoursesWithGroups
```
#### Opis
@ -42,7 +43,7 @@ Zwraca wszystkie dostepne kursy wraz z listą grup.
Source code: [link](../restservice/src/main/java/com/plannaplan/controllers/GroupController.java)
```
GET /getCourseGroups
GET /api/v1/groups/getCourseGroups
```
#### Opis
@ -61,9 +62,27 @@ Zwraca wszytskie grupy dla danego kursu.
Source code: [link](../restservice/src/main/java/com/plannaplan/controllers/CoursesController.java)
```
GET /getCourses
GET /api/v1/courses/getCourses
```
#### Opis
Zwraca wszystkie dostepne kursy.
## token
Source code: [link](../restservice/src/main/java/com/plannaplan/controllers/TokenController.java)
```
GET /token?ticket=ST-668405-W0gfvSVDRBdMUWLweKzv-cas.amu.edu.pl
```
#### Opis
Po odpytaniu tego endpointa z podanym ticketem system zrobi nma nim validate i dostanie uzytkownika dla ktorego zostal on wygenerowany. System utworzy dla niego access token i go zwroci w odpowiedzi
#### Parametry
| Type | Name | Consumes | Opis | Type |
| ----------- | ------------------------- | -------- | --------------------------------------- | ------ |
| Query Param | **ticket** </br> required | - | ticket uzyskany z logowania poprzez CAS | string |

View File

@ -13,6 +13,8 @@ import org.springframework.context.event.EventListener;
@SpringBootApplication
public class App {
public final static String API_VERSION = "v1";
@Autowired
UserService userService;

View File

@ -5,6 +5,7 @@ import org.springframework.web.bind.annotation.RestController;
import java.io.IOException;
import com.plannaplan.App;
import com.plannaplan.Controller;
import com.plannaplan.models.ConfigData;
@ -12,11 +13,13 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.multipart.MultipartFile;
@RestController
@CrossOrigin
@RequestMapping("/api/" + App.API_VERSION + "/configurator")
public class ConfigController {
@Autowired

View File

@ -5,6 +5,7 @@ import java.util.Dictionary;
import java.util.Hashtable;
import java.util.List;
import com.plannaplan.App;
import com.plannaplan.entities.Course;
import com.plannaplan.entities.Groups;
import com.plannaplan.services.CourseService;
@ -15,9 +16,11 @@ import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
@RestController
@CrossOrigin
@RequestMapping("/api/" + App.API_VERSION + "/courses")
public class CoursesController {
@Autowired
private CourseService courseService;

View File

@ -5,6 +5,7 @@ import java.util.Dictionary;
import java.util.Hashtable;
import java.util.List;
import com.plannaplan.App;
import com.plannaplan.entities.Groups;
import com.plannaplan.services.GroupService;
@ -13,21 +14,23 @@ import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
@RestController
@CrossOrigin
@RequestMapping("/api/" + App.API_VERSION + "/groups")
public class GroupController {
@Autowired
private GroupService groupService;
@GetMapping("/getCourseGroups")
public ResponseEntity<List<Dictionary<String, Object>>> getCourses(@RequestParam("id") Long id, @RequestParam(name="capacity", defaultValue="true") Boolean capacity){
public ResponseEntity<List<Dictionary<String, Object>>> getCourses(@RequestParam("id") Long id,
@RequestParam(name = "capacity", defaultValue = "true") Boolean capacity) {
List<Groups> groups = this.groupService.getGroupsByCourse(id);
List<Dictionary<String, Object>> response = new ArrayList<>();
for (Groups g : groups) {
Dictionary<String, Object> group = new Hashtable<>();
group.put("id", g.getId());

View File

@ -2,7 +2,6 @@ package com.plannaplan.security;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
@ -37,7 +36,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure(final WebSecurity webSecurity) {
webSecurity.ignoring().antMatchers("/token**");
webSecurity.ignoring().antMatchers("/token**").antMatchers("/api/v1/courses/getCourses")
.antMatchers("/api/v1/groups/getCourseGroups").antMatchers("/api/v1/courses/getCoursesWithGroups");
}
@Override
@ -46,15 +46,13 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
.sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().exceptionHandling().and()
.authenticationProvider(provider)
.addFilterBefore(authenticationFilter(), AnonymousAuthenticationFilter.class).authorizeRequests()
.antMatchers(HttpMethod.GET, "/token**").permitAll().anyRequest().authenticated();
.anyRequest().authenticated();
}
@Bean
AuthenticationFilter authenticationFilter() throws Exception {
final AuthenticationFilter filter = new AuthenticationFilter(PROTECTED_URLS);
filter.setAuthenticationManager(authenticationManager());
// filter.setAuthenticationSuccessHandler(successHandler());
return filter;
}