Finished PreAuth

README.md

@@ -0,0 +1,9 @@
+# SauteWeb API with Spring Boot
+
+This is the backend of project SauteWeb.
+
+## Features
+
+- Using Spring Boot for Rest API (Java)
+- Spring Security for Authentication and Authorization
+- Implemented Basic Auth

src/main/java/ailtonbsj/sauteweb/sauteapi/controllers/AutorizacaoController.java

@@ -5,6 +5,7 @@
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -28,27 +29,32 @@ public class AutorizacaoController {
     @Autowired
     AutorizacaoRepository rep;
 
+    @PreAuthorize("hasRole('editor')")
     @PostMapping
     public Long save(@RequestBody Autorizacao autorizacao) {
         return rep.save(autorizacao).getId();
     }
 
+    @PreAuthorize("hasRole('viewer')")
     @GetMapping
     public Iterable<Autorizacao> findAll() {
         return rep.findAll();
     }
 
+    @PreAuthorize("hasRole('viewer')")
     @GetMapping("/proc/{id}")
     public Iterable<Autorizacao> findAllByProcesso(@PathVariable Long id) {
         return rep.findAllByProcessoId(id);
     }
 
+    @PreAuthorize("hasRole('viewer')")
     @GetMapping("{id}")
     public Autorizacao findById(@PathVariable Long id) {
         return rep.findById(id).orElseThrow(
                 () -> new ResponseStatusException(HttpStatus.NOT_FOUND));
     }
 
+    @PreAuthorize("hasRole('editor')")
     @PatchMapping
     public Long update(@RequestBody Autorizacao autorizacao) {
         Autorizacao ent = this.findById(autorizacao.getId());
@@ -58,6 +64,7 @@ public Long update(@RequestBody Autorizacao autorizacao) {
         return rep.save(ent).getId();
     }
 
+    @PreAuthorize("hasRole('admin')")
     @DeleteMapping("{id}")
     public void deleteById(@PathVariable Long id) {
         rep.deleteById(id);

src/main/java/ailtonbsj/sauteweb/sauteapi/controllers/ProcessoController.java

@@ -6,6 +6,7 @@
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -30,11 +31,13 @@ public class ProcessoController {
     @Autowired
     ProcessoRepository rep;
 
+    @PreAuthorize("hasRole('editor')")
     @PostMapping
     public Long save(@RequestBody Processo processo) {
         return rep.save(processo).getId();
     }
 
+    @PreAuthorize("hasRole('viewer')")
     @GetMapping
     public Iterable<Processo> findAll(@RequestParam Optional<String> q) {
         if (q.isEmpty()) {
@@ -45,12 +48,14 @@ public Iterable<Processo> findAll(@RequestParam Optional<String> q) {
         }
     }
 
+    @PreAuthorize("hasRole('viewer')")
     @GetMapping("{id}")
     public Processo findById(@PathVariable Long id) {
         return rep.findById(id).orElseThrow(
                 () -> new ResponseStatusException(HttpStatus.NOT_FOUND));
     }
 
+    @PreAuthorize("hasRole('editor')")
     @PatchMapping
     public Long update(@RequestBody Processo processo) {
         Processo ent = rep.findById(processo.getId())
@@ -61,6 +66,7 @@ public Long update(@RequestBody Processo processo) {
         return rep.save(ent).getId();
     }
 
+    @PreAuthorize("hasRole('admin')")
     @DeleteMapping("{id}")
     public void deleteById(@PathVariable Long id) {
         rep.deleteById(id);