nova
/
Chatto
1
0
Fork 0
Code Issues 7 Pull Requests Releases Wiki Activity
Browse Source

change json api demo endpoint to only allow access to super user. Token is now obtained from chat endpoint

master
Rohan Sircar 5 years ago
parent
d26ea2749e
commit
493d3cd079
4 changed files with 29 additions and 24 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      chatto/src/main/java/org/ros/chatto/WebSecurityConfiguration.java
  2. 44
      chatto/src/main/java/org/ros/chatto/controller/ChatMessageController.java
  3. 2
      chatto/src/main/java/org/ros/chatto/controller/DemoRestController.java
  4. 3
      chatto/src/main/resources/static/js/login.js

4
chatto/src/main/java/org/ros/chatto/WebSecurityConfiguration.java
View File

@ -69,8 +69,12 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
.and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
// .cors().and()
.antMatcher("/api/**").authorizeRequests()
.antMatchers("/api/chat/**").hasAnyRole("USER", "ADMIN", "SUPER_USER")
.antMatchers("/api/demo/**").hasRole("SUPER_USER")
// .antMatchers("/perform-login").permitAll()
.anyRequest()
// .hasAnyRole("USER", "ADMIN", "SUPER_USER")
.authenticated().and().httpBasic().authenticationEntryPoint(authenticationEntryPoint)

44
chatto/src/main/java/org/ros/chatto/controller/ChatMessageController.java
View File

@ -44,10 +44,10 @@ public class ChatMessageController {
@PostMapping(value = "/post/message", consumes = { "application/json" })
@ResponseBody
public ResponseEntity<?> newMessage(@RequestBody @Valid ChatMessageDTO chatMessageDTO,
BindingResult bindingResult, Principal principal) {
public ResponseEntity<?> newMessage(@RequestBody @Valid ChatMessageDTO chatMessageDTO, BindingResult bindingResult,
Principal principal) {
if (bindingResult.hasErrors()) {
// return new ResponseEntity<List<FieldError>>(bindingResult.getFieldErrors(),HttpStatus.BAD_REQUEST);
return new ResponseEntity<ErrorResponse>(handleException(bindingResult), HttpStatus.BAD_REQUEST);
}
@ -58,38 +58,35 @@ public class ChatMessageController {
chatMessageDTO = chatService.saveNewMessage(fromUser, toUser, messageCipher);
return new ResponseEntity<ChatMessageDTO>(chatMessageDTO, HttpStatus.CREATED);
}
/**
* Method that check against {@code @Valid} Objects passed to controller endpoints
* Method that check against {@code @Valid} Objects passed to controller
* endpoints
*
* @param exception
* @return a {@code ErrorResponse}
* @see com.aroussi.util.validation.ErrorResponse
*/
@ExceptionHandler(value=MethodArgumentNotValidException.class)
@ExceptionHandler(value = MethodArgumentNotValidException.class)
@ResponseStatus(HttpStatus.BAD_REQUEST)
public ErrorResponse handleException(MethodArgumentNotValidException exception) {
List<ErrorModel> errorMessages = exception.getBindingResult().getFieldErrors().stream()
.map(err -> new ErrorModel(err.getField(), err.getRejectedValue(), err.getDefaultMessage()))
.distinct()
.collect(Collectors.toList());
return ErrorResponse.builder().errorMessage(errorMessages).build();
List<ErrorModel> errorMessages = exception.getBindingResult().getFieldErrors().stream()
.map(err -> new ErrorModel(err.getField(), err.getRejectedValue(), err.getDefaultMessage())).distinct()
.collect(Collectors.toList());
return ErrorResponse.builder().errorMessage(errorMessages).build();
}
@ExceptionHandler(value=MethodArgumentNotValidException.class)
@ExceptionHandler(value = MethodArgumentNotValidException.class)
@ResponseStatus(HttpStatus.BAD_REQUEST)
public ErrorResponse handleException(BindingResult bindingResult) {
List<ErrorModel> errorMessages = bindingResult.getFieldErrors().stream()
.map(err -> new ErrorModel(err.getField(), err.getRejectedValue(), err.getDefaultMessage()))
.distinct()
.collect(Collectors.toList());
return ErrorResponse.builder().errorMessage(errorMessages).build();
List<ErrorModel> errorMessages = bindingResult.getFieldErrors().stream()
.map(err -> new ErrorModel(err.getField(), err.getRejectedValue(), err.getDefaultMessage())).distinct()
.collect(Collectors.toList());
return ErrorResponse.builder().errorMessage(errorMessages).build();
}
@GetMapping(value = "/get/messages/{userName}")
@ResponseBody
public List<ChatMessageDTO> sendAllMessages(@PathVariable String userName, Principal principal) {
@ -131,11 +128,16 @@ public class ChatMessageController {
public List<String> getAllOtherUsers(Principal principal) {
return userService.findAllOtherUsers(principal.getName());
}
@GetMapping("/get/active-users")
public List<ActiveUserDTO> getAllOtherActiveUsers(Principal principal) {
return userService.getOtherActiveUsers(principal.getName());
}
@GetMapping("/get/token")
public ResponseEntity<?> getToken() {
return new ResponseEntity<String>(HttpStatus.OK);
}
}
//public ResponseEntity<List<ChatMessage>> getMessages(@PathVariable String userName, Principal principal) {

2
chatto/src/main/java/org/ros/chatto/controller/DemoRestController.java
View File

@ -33,7 +33,7 @@ import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.servlet.ModelAndView;
@RestController
@RequestMapping("/api")
@RequestMapping("/api/demo")
//@CrossOrigin(origins = "*", allowCredentials = "true", allowedHeaders = "*")
public class DemoRestController {

3
chatto/src/main/resources/static/js/login.js
View File

@ -10,8 +10,7 @@ function storeCredentials() {
var jqxhr = $.ajax({
type: 'GET',
url: `http://${hostAddress}/api/user`,
dataType: 'json',
url: `http://${hostAddress}/api/chat/get/token`,
headers: {
"Authorization": "Basic " + btoa(usernameInput.value + ":" + passwordInput.value)
},

Write Preview
Loading…
Cancel
Save