Commit d6712ad6 authored by Selvakumar Kamatchinathan's avatar Selvakumar Kamatchinathan
Browse files

changes suggested by zl

parent c0e7dc70
......@@ -40,9 +40,9 @@ public class CustomAuthoritiesExtractor implements AuthoritiesExtractor {
String email = (String) map.get("email");
User user = userRepository.findByEmail(email);
if (user == null) {
user = new User(email, User.Roles.ROLE_USER);
user = new User(email, User.Role.ROLE_USER);
userRepository.save(user);
return Arrays.asList(new SimpleGrantedAuthority(User.Roles.ROLE_USER.name()));
return Arrays.asList(new SimpleGrantedAuthority(User.Role.ROLE_USER.name()));
}
return Arrays.asList(new SimpleGrantedAuthority(user.getRole().toString()));
}
......
......@@ -38,8 +38,6 @@ public class EnableSecurityConfig extends ResourceServerConfigurerAdapter {
"/v2/api-docs",
"/swagger-resources",
"/swagger-resources/**",
"/configuration/ui",
"/configuration/security",
"/swagger-ui.html",
"/webjars/**",
"/"
......
......@@ -27,7 +27,7 @@ import javax.persistence.Id;
@Entity
public class User {
public enum Roles {
public enum Role {
ROLE_USER,
......@@ -41,12 +41,12 @@ public class User {
private String email;
@Enumerated(EnumType.STRING)
private Roles role;
private Role role;
public User() {
}
public User(String email, Roles role) {
public User(String email, Role role) {
this.email = email;
this.role = role;
}
......@@ -59,11 +59,11 @@ public class User {
this.email = email;
}
public Roles getRole() {
public Role getRole() {
return role;
}
public void setRole(Roles role) {
public void setRole(Role role) {
this.role = role;
}
}
......@@ -10,15 +10,17 @@ management.context-path=/actuator
management.endpoint.health.show-details=always
endpoints.health.sensitive=false
spring.datasource.url=@ampt2d-property-registry-db.url@
spring.datasource.username=@ampt2d-property-registry-db.username@
spring.datasource.password=@ampt2d-property-registry-db.password@
#spring.datasource.url=@ampt2d-property-registry-db.url@
#spring.datasource.username=@ampt2d-property-registry-db.username@
#spring.datasource.password=@ampt2d-property-registry-db.password@
spring.jpa.hibernate.ddl-auto=none
spring.jpa.database-platform=org.hibernate.dialect.PostgreSQL94Dialect
spring.jpa.generate-ddl=true
#spring.jpa.database-platform=org.hibernate.dialect.PostgreSQL94Dialect
#spring.jpa.generate-ddl=true
security.enabled=true
security.oauth2.resource.userInfoUri=https://www.googleapis.com/userinfo/v2/me
security.oauth2.resource.filter-order=3
server.context-path=/ega/ampt2d/registry/
registry.protocols=https
server.port=8066
......@@ -261,21 +261,52 @@ public class PropertyRegistryServiceApplicationTests {
mockMvc.perform(get("/phenotypes")).andExpect(status().isUnauthorized());
mockMvc.perform(get("/properties")).andExpect(status().isUnauthorized());
mockMvc.perform(get("/")).andExpect(status().isOk()); // Root is not secured
mockMvc.perform(get("/swagger-ui.html")).andExpect(status().isOk()); // Swagger is not secured
String content = "{\"id\":\"CALL_RATE\"," +
//AUTH_WHITELIST URLs not secured
mockMvc.perform(get("/")).andExpect(status().isOk());
mockMvc.perform(get("/swagger-ui.html")).andExpect(status().isOk());
mockMvc.perform(get("/v2/api-docs")).andExpect(status().isOk());
mockMvc.perform(get("/swagger-resources/")).andExpect(status().isOk());
mockMvc.perform(get("/webjars/springfox-swagger-ui/fonts/open-sans-v15-latin-regular.woff2")).andExpect(status().isOk());
String propertyContent = "{\"id\":\"CALL_RATE\"," +
"\"type\":\"FLOAT\"," +
"\"meaning\":\"CALL_RATE\"," +
"\"description\":\"calling rate\"}";
//POST can be performed by EDITOR or ADMIN only
String phenotypeContent = "{\"id\":\"BMI\"," + "\"phenotypeGroup\":\"ANTHROPOMETRIC\"}";
//POST can be performed by EDITOR or ADMIN only
mockMvc.perform(post("/properties").with(oAuthHelper.bearerToken("testUser@gmail.com"))
.content(content)).andExpect(status().isForbidden());
.content(propertyContent)).andExpect(status().isForbidden());
mockMvc.perform(post("/properties").with(oAuthHelper.bearerToken("testEditor@gmail.com"))
.content(content)).andExpect(status().isCreated());
.content(propertyContent)).andExpect(status().isCreated());
mockMvc.perform(post("/phenotypes").with(oAuthHelper.bearerToken("testEditor@gmail.com"))
.content(phenotypeContent)).andExpect(status().isCreated());
//GET can be performed by any authenticated user
mockMvc.perform(get("/properties").with(oAuthHelper.bearerToken("testUser@gmail.com")))
.andExpect(status().isOk())
.andExpect(jsonPath("$._embedded.properties.length()").value(1));
mockMvc.perform(get("/phenotypes").with(oAuthHelper.bearerToken("testEditor@gmail.com")))
.andExpect(status().isOk())
.andExpect(jsonPath("$._embedded.phenotypes.length()").value(1));
mockMvc.perform(get("/phenotypes/BMI").with(oAuthHelper.bearerToken("testAdmin@gmail.com")))
.andExpect(status().isOk())
.andExpect(jsonPath("$.id").value("BMI"));
//PUT/PATCH/DELETE can be performed by EDITOR or ADMIN only
mockMvc.perform(patch("/phenotypes/BMI").with(oAuthHelper.bearerToken("testUser@gmail.com"))
.content("{\"phenotypeGroup\": \"GLYCEMIC\"}")).andExpect(status().isForbidden());
mockMvc.perform(patch("/phenotypes/BMI").with(oAuthHelper.bearerToken("testEditor@gmail.com"))
.content("{\"phenotypeGroup\": \"GLYCEMIC\"}")).andExpect(status().isNoContent());
mockMvc.perform(put("/phenotypes/BMI").with(oAuthHelper.bearerToken("testAdmin@gmail.com"))
.content("{\"phenotypeGroup\": \"GLYCEMIC\"}")).andExpect(status().isNoContent());
mockMvc.perform(delete("/properties/CALL_RATE").with(oAuthHelper.bearerToken("testUser@gmail.com")))
.andExpect(status().isForbidden());
mockMvc.perform(delete("/properties/CALL_RATE").with(oAuthHelper.bearerToken("testEditor@gmail.com")))
.andExpect(status().isNoContent());
//Change of Roles can be performed by ADMIN only
//Change of Role can be performed by ADMIN only
mockMvc.perform(put("/users/testUser@gmail.com")
.content("{\"role\": \"ROLE_EDITOR\"}").with(oAuthHelper.bearerToken("testEditor@gmail.com")))
.andExpect(status().isForbidden());
......@@ -284,7 +315,7 @@ public class PropertyRegistryServiceApplicationTests {
.andExpect(status().isNoContent());
mockMvc.perform(post("/properties").with(oAuthHelper.bearerToken("testUser@gmail.com"))
.content(content)).andExpect(status().isCreated());
.content(propertyContent)).andExpect(status().isCreated());
}
}
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment