diff --git a/README.md b/README.md new file mode 100644 index 0000000..b8f1aa1 --- /dev/null +++ b/README.md @@ -0,0 +1,9 @@ +# SauteWeb API with Spring Boot + +This is the backend of project SauteWeb. + +## Features + +- Using Spring Boot for Rest API (Java) +- Spring Security for Authentication and Authorization +- Implemented Basic Auth \ No newline at end of file diff --git a/src/main/java/ailtonbsj/sauteweb/sauteapi/controllers/AutorizacaoController.java b/src/main/java/ailtonbsj/sauteweb/sauteapi/controllers/AutorizacaoController.java index 1c56435..7c1ac27 100644 --- a/src/main/java/ailtonbsj/sauteweb/sauteapi/controllers/AutorizacaoController.java +++ b/src/main/java/ailtonbsj/sauteweb/sauteapi/controllers/AutorizacaoController.java @@ -5,6 +5,7 @@ import org.springframework.beans.BeanUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.CrossOrigin; import org.springframework.web.bind.annotation.DeleteMapping; import org.springframework.web.bind.annotation.GetMapping; @@ -28,27 +29,32 @@ public class AutorizacaoController { @Autowired AutorizacaoRepository rep; + @PreAuthorize("hasRole('editor')") @PostMapping public Long save(@RequestBody Autorizacao autorizacao) { return rep.save(autorizacao).getId(); } + @PreAuthorize("hasRole('viewer')") @GetMapping public Iterable findAll() { return rep.findAll(); } + @PreAuthorize("hasRole('viewer')") @GetMapping("/proc/{id}") public Iterable findAllByProcesso(@PathVariable Long id) { return rep.findAllByProcessoId(id); } + @PreAuthorize("hasRole('viewer')") @GetMapping("{id}") public Autorizacao findById(@PathVariable Long id) { return rep.findById(id).orElseThrow( () -> new ResponseStatusException(HttpStatus.NOT_FOUND)); } + @PreAuthorize("hasRole('editor')") @PatchMapping public Long update(@RequestBody Autorizacao autorizacao) { Autorizacao ent = this.findById(autorizacao.getId()); @@ -58,6 +64,7 @@ public Long update(@RequestBody Autorizacao autorizacao) { return rep.save(ent).getId(); } + @PreAuthorize("hasRole('admin')") @DeleteMapping("{id}") public void deleteById(@PathVariable Long id) { rep.deleteById(id); diff --git a/src/main/java/ailtonbsj/sauteweb/sauteapi/controllers/ProcessoController.java b/src/main/java/ailtonbsj/sauteweb/sauteapi/controllers/ProcessoController.java index b637571..b7242ac 100644 --- a/src/main/java/ailtonbsj/sauteweb/sauteapi/controllers/ProcessoController.java +++ b/src/main/java/ailtonbsj/sauteweb/sauteapi/controllers/ProcessoController.java @@ -6,6 +6,7 @@ import org.springframework.beans.BeanUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.CrossOrigin; import org.springframework.web.bind.annotation.DeleteMapping; import org.springframework.web.bind.annotation.GetMapping; @@ -30,11 +31,13 @@ public class ProcessoController { @Autowired ProcessoRepository rep; + @PreAuthorize("hasRole('editor')") @PostMapping public Long save(@RequestBody Processo processo) { return rep.save(processo).getId(); } + @PreAuthorize("hasRole('viewer')") @GetMapping public Iterable findAll(@RequestParam Optional q) { if (q.isEmpty()) { @@ -45,12 +48,14 @@ public Iterable findAll(@RequestParam Optional q) { } } + @PreAuthorize("hasRole('viewer')") @GetMapping("{id}") public Processo findById(@PathVariable Long id) { return rep.findById(id).orElseThrow( () -> new ResponseStatusException(HttpStatus.NOT_FOUND)); } + @PreAuthorize("hasRole('editor')") @PatchMapping public Long update(@RequestBody Processo processo) { Processo ent = rep.findById(processo.getId()) @@ -61,6 +66,7 @@ public Long update(@RequestBody Processo processo) { return rep.save(ent).getId(); } + @PreAuthorize("hasRole('admin')") @DeleteMapping("{id}") public void deleteById(@PathVariable Long id) { rep.deleteById(id);