Added new endpoints for checking status and security (#94)

Author: ValentinTyhonov

src/main/java/com/ericsson/ei/EndpointSecurity.java

@@ -23,6 +23,7 @@
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -35,7 +36,7 @@ public class EndpointSecurity extends WebSecurityConfigurerAdapter {
 
     private static Logger LOGGER = (Logger) LoggerFactory.getLogger(EndpointSecurity.class);
 
-    @Value("${ldap.enabled}")
+    @Value("${ldap.enabled:false}")
     private boolean ldapEnabled;
 
     @Value("${ldap.url}")
@@ -59,10 +60,16 @@ protected void configure(HttpSecurity http) throws Exception {
             LOGGER.info("LDAP security configuration is enabled");
             http
             .authorizeRequests()
-                .anyRequest().authenticated()
+                .antMatchers("/auth/*").authenticated()
+                .antMatchers(HttpMethod.POST, "/subscriptions").authenticated()
+                .antMatchers(HttpMethod.PUT, "/subscriptions").authenticated()
+                .antMatchers(HttpMethod.DELETE, "/subscriptions/*").authenticated()
+                .anyRequest().permitAll()
             .and()
                 .sessionManagement()
                 .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
+            .and()
+                .logout().logoutUrl("/auth/logout").logoutSuccessUrl("/").deleteCookies("SESSION").invalidateHttpSession(true)
             .and()
                 .httpBasic()
             .and()

src/main/java/com/ericsson/ei/controller/AuthController.java

@@ -0,0 +1,41 @@
+
+package com.ericsson.ei.controller;
+
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RestController;
+
+
+/**
+ * No description
+ * (Generated with springmvc-raml-parser v.0.10.11)
+ * 
+ */
+@RestController
+@RequestMapping(value = "/auth", produces = "application/json")
+public interface AuthController {
+
+
+    /**
+     * This call for checking if security is enabled
+     * 
+     */
+    @RequestMapping(value = "", method = RequestMethod.GET)
+    public ResponseEntity<?> getAuth();
+
+    /**
+     * This call for getting logged in user
+     * 
+     */
+    @RequestMapping(value = "/login", method = RequestMethod.GET)
+    public ResponseEntity<?> getLogin();
+
+    /**
+     * This call for checking backend status
+     * 
+     */
+    @RequestMapping(value = "/checkStatus", method = RequestMethod.GET)
+    public ResponseEntity<?> getCheckStatus();
+
+}

src/main/java/com/ericsson/ei/controller/AuthControllerImpl.java

@@ -0,0 +1,81 @@
+/*
+   Copyright 2018 Ericsson AB.
+   For a full list of individual contributors, please see the commit history.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+package com.ericsson.ei.controller;
+
+import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiOperation;
+import org.json.JSONObject;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Component;
+import org.springframework.web.bind.annotation.CrossOrigin;
+
+/**
+ * Endpoints /auth/login and /auth/checkStatus should be secured in case LDAP is enabled
+ * Endpoint /auth should be not secured
+ */
+@Component
+@CrossOrigin
+@Api(value = "Auth", description = "REST endpoints for authentication and authorization")
+public class AuthControllerImpl implements AuthController {
+
+    private static final Logger LOGGER = (Logger) LoggerFactory.getLogger(AuthControllerImpl.class);
+
+    @Value("${ldap.enabled:false}")
+    private boolean ldapEnabled;
+
+    @Override
+    @CrossOrigin
+    @ApiOperation(value = "To check is security enabled", response = String.class)
+    public ResponseEntity<?> getAuth() {
+        try {
+            return new ResponseEntity<>(new JSONObject().put("security", ldapEnabled).toString(), HttpStatus.OK);
+        } catch (Exception e) {
+            LOGGER.error(e.getMessage(), e);
+            return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR);
+        }
+    }
+
+    @Override
+    @CrossOrigin
+    @ApiOperation(value = "To get login of current user", response = String.class)
+    public ResponseEntity<?> getLogin() {
+        try {
+            String currentUser = SecurityContextHolder.getContext().getAuthentication().getName();
+            return new ResponseEntity<>(new JSONObject().put("user", currentUser).toString(), HttpStatus.OK);
+        } catch (Exception e) {
+            LOGGER.error(e.getMessage(), e);
+            return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR);
+        }
+    }
+
+    @Override
+    @CrossOrigin
+    @ApiOperation(value = "To check backend status", response = String.class)
+    public ResponseEntity<?> getCheckStatus() {
+        try {
+            return new ResponseEntity<>(HttpStatus.OK);
+        } catch (Exception e) {
+            LOGGER.error(e.getMessage(), e);
+            return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR);
+        }
+    }
+}

src/main/java/com/ericsson/ei/controller/LoginController.java

@@ -1,6 +1,7 @@
 
 package com.ericsson.ei.controller;
 
+import com.ericsson.ei.controller.model.QueryResponse;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;

src/main/java/com/ericsson/ei/controller/LoginControllerImpl.java

@@ -1,6 +1,7 @@
 
 package com.ericsson.ei.controller;
 
+import com.ericsson.ei.controller.model.QueryResponse;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;

src/main/java/com/ericsson/ei/controller/QueryAggregatedObjectController.java

@@ -2,6 +2,7 @@
 package com.ericsson.ei.controller;
 
 import javax.validation.Valid;
+import com.ericsson.ei.controller.model.RuleCheckBody;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;

src/main/java/com/ericsson/ei/controller/QueryMissedNotificationController.java

@@ -26,7 +26,7 @@ public interface SubscriptionController {
      * 
      */
     @RequestMapping(value = "", method = RequestMethod.GET)
-    public ResponseEntity<List<String>> getSubscriptions();
+    public ResponseEntity<List<com.ericsson.ei.controller.model.Subscription>> getSubscriptions();
 
     /**
      * Takes the subscription rules, the name for subscription and the user name of the person registering this subscription and saves the subscription in subscription database. The name needs to be unique.
@@ -36,34 +36,34 @@ public interface SubscriptionController {
     public ResponseEntity<?> createSubscription(
         @Valid
         @RequestBody
-        List<String> string);
+        List<com.ericsson.ei.controller.model.Subscription> subscription);
 
     /**
      * Modify an existing Subscription.
      * 
      */
     @RequestMapping(value = "", method = RequestMethod.PUT)
-    public ResponseEntity<SubscriptionResponse> updateSubscriptions(
+    public ResponseEntity<com.ericsson.ei.controller.model.SubscriptionResponse> updateSubscriptions(
         @Valid
         @RequestBody
-        List<String> string);
+        List<com.ericsson.ei.controller.model.Subscription> subscription);
 
     /**
      * Returns the subscription rules for given subscription name.
      * 
      */
     @RequestMapping(value = "/{subscriptionName}", method = RequestMethod.GET)
-    public ResponseEntity<List<String>> getSubscriptionById(
+    public ResponseEntity<List<com.ericsson.ei.controller.model.Subscription>> getSubscriptionById(
         @PathVariable(required = false)
-        java.lang.String subscriptionName);
+        String subscriptionName);
 
     /**
      * Removes the subscription from the database.
      * 
      */
     @RequestMapping(value = "/{subscriptionName}", method = RequestMethod.DELETE)
-    public ResponseEntity<SubscriptionResponse> deleteSubscriptionById(
+    public ResponseEntity<com.ericsson.ei.controller.model.SubscriptionResponse> deleteSubscriptionById(
         @PathVariable(required = false)
-        java.lang.String subscriptionName);
+        String subscriptionName);
 
 }

src/main/java/com/ericsson/ei/controller/RuleCheckController.java

@@ -133,6 +133,7 @@ public ResponseEntity<SubscriptionResponse> updateSubscriptions(@RequestBody Lis
             user = currentUser();
         }
         Subscription subscription = subscriptions.get(0);
+        subscription.setUserName(user);
         String subscriptionName = subscription.getSubscriptionName();
         LOG.info("Subscription :" + subscriptionName + " update started");
         SubscriptionResponse subscriptionResponse = new SubscriptionResponse();