update for jwt decentralization, not yet stable

pom.xml

@@ -35,11 +35,6 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-security</artifactId>
 		</dependency>
-		<dependency>
-			<groupId>org.springframework.security</groupId>
-			<artifactId>spring-security-config</artifactId>
-			<scope>runtime</scope>
-		</dependency>
 		<dependency>
 			<groupId>org.projectlombok</groupId>
 			<artifactId>lombok</artifactId>
@@ -81,8 +76,17 @@
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-configuration-processor</artifactId>
-			<optional>true</optional>
+			<artifactId>spring-boot-starter-validation</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-config</artifactId>
+			<version>5.7.3</version>
+		</dependency>
+		<dependency>
+			<groupId>io.jsonwebtoken</groupId>
+			<artifactId>jjwt</artifactId>
+			<version>0.9.1</version>
 		</dependency>
 	</dependencies>
 

src/main/java/com/vnptt/tms/TmsApplication.java

@@ -2,13 +2,12 @@
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
-import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
 
-@SpringBootApplication(exclude = {SecurityAutoConfiguration.class })
+@SpringBootApplication//(exclude = {SecurityAutoConfiguration.class })
 public class TmsApplication {
 
-	public static void main(String[] args) {
-		SpringApplication.run(TmsApplication.class, args);
-	}
+    public static void main(String[] args) {
+        SpringApplication.run(TmsApplication.class, args);
+    }
 
 }

src/main/java/com/vnptt/tms/api/ApkApi.java

@@ -17,7 +17,6 @@
 import javax.servlet.http.HttpServletRequest;
 import java.io.IOException;
 
-@CrossOrigin
 @RestController
 @RequestMapping("TMS/api")
 public class ApkApi {

src/main/java/com/vnptt/tms/api/ApplicationApi.java

@@ -8,6 +8,7 @@
 import org.springframework.data.domain.Pageable;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 
@@ -91,6 +92,7 @@ public ApplicationOutput getAllApplicationByDeviceEntityId(@PathVariable(value =
 
     /**
      * unnecessary (only use to test)
+     * beacause device only use addApplicationToDevice
      * add new app to database
      *
      * @param model dto application
@@ -121,6 +123,7 @@ public ApplicationDTO addApplicationToDevice(@PathVariable(value = "deviceId") L
      * @param ids
      */
     @DeleteMapping(value = "/application")
+    @PreAuthorize("hasRole('MODERATOR')")
     public void deleteApplication(@RequestBody Long[] ids) {
         applicationService.delete(ids);
     }

src/main/java/com/vnptt/tms/api/CommandApi.java

@@ -6,6 +6,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.domain.PageRequest;
 import org.springframework.data.domain.Pageable;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 @CrossOrigin
@@ -69,6 +70,7 @@ public CommandDTO updateCommand(@RequestBody CommandDTO model, @PathVariable("id
     }
 
     @DeleteMapping(value = "/Command")
+    @PreAuthorize("hasRole('MODERATOR')")
     public void removeCommand(@RequestBody Long[] ids) {
         commandService.delete(ids);
     }

src/main/java/com/vnptt/tms/api/DeviceApi.java

@@ -7,6 +7,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.domain.PageRequest;
 import org.springframework.data.domain.Pageable;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import java.sql.Date;
@@ -29,10 +30,7 @@ public class DeviceApi {
      * @return
      */
     @GetMapping(value = "/device")
-    public DeviceOutput showDevice(@RequestParam(value = "page", required = false) Integer page,
-                                   @RequestParam(value = "limit", required = false) Integer limit,
-                                   @RequestParam(value = "model", required = false) String model,
-                                   @RequestParam(value = "firmware", required = false) String firmware) {
+    public DeviceOutput showDevice(@RequestParam(value = "page", required = false) Integer page, @RequestParam(value = "limit", required = false) Integer limit, @RequestParam(value = "model", required = false) String model, @RequestParam(value = "firmware", required = false) String firmware) {
         DeviceOutput result = new DeviceOutput();
         if (page != null && limit != null) {
             result.setPage(page);
@@ -193,7 +191,6 @@ public DeviceDTO createDevice(@RequestBody DeviceDTO model) {
         return deviceService.save(model);
     }
 
-
     /**
      * update device infor for Box
      *
@@ -214,6 +211,7 @@ public DeviceDTO updateDevice(@RequestBody DeviceDTO model, @PathVariable("id")
      * @param ids
      */
     @DeleteMapping(value = "/device")
+    @PreAuthorize("hasRole('MODERATOR')")
     public void deleteDevice(@RequestBody Long[] ids) {
         deviceService.delete(ids);
     }

src/main/java/com/vnptt/tms/api/DevicePolicyDetailApi.java

@@ -4,6 +4,7 @@
 import com.vnptt.tms.dto.DevicePolicyDetailDTO;
 import com.vnptt.tms.service.IDevicePolicyDetailnService;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 @CrossOrigin
@@ -148,6 +149,7 @@ public DevicePolicyDetailDTO updateDevicePolicyDetail(@RequestParam(value = "sta
      * @param ids
      */
     @DeleteMapping(value = "/devicePolicyDetail")
+    @PreAuthorize("hasRole('MODERATOR')")
     public void removeDevicePolicyDetail(@RequestBody Long[] ids) {
         devicePolicyDetailService.delete(ids);
     }

src/main/java/com/vnptt/tms/api/HistoryApplicationApi.java

@@ -6,6 +6,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.domain.PageRequest;
 import org.springframework.data.domain.Pageable;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 @CrossOrigin
@@ -107,6 +108,7 @@ public HistoryApplicationDTO updateHistoryApplication(@RequestBody HistoryApplic
     }
 
     @DeleteMapping(value = "/historyApplication")
+    @PreAuthorize("hasRole('MODERATOR')")
     public void removeHistoryApplication(@RequestBody Long[] ids) {
         historyApplicationService.delete(ids);
     }

src/main/java/com/vnptt/tms/api/HistoryPerformanceApi.java

@@ -6,6 +6,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.domain.PageRequest;
 import org.springframework.data.domain.Pageable;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 @CrossOrigin
@@ -94,6 +95,7 @@ public HistoryPerformanceDTO updateHistoryPerformance(@RequestBody HistoryPerfor
     }
 
     @DeleteMapping(value = "/historyPerformance")
+    @PreAuthorize("hasRole('MODERATOR')")
     public void removeHistoryPerformance(@RequestBody Long[] ids) {
         historyPerformanceService.delete(ids);
     }

src/main/java/com/vnptt/tms/api/PolicyApi.java

@@ -6,6 +6,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.domain.PageRequest;
 import org.springframework.data.domain.Pageable;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 @CrossOrigin
@@ -161,6 +162,7 @@ public PolicyDTO updateStatus(@PathVariable("id") Long id,
      * @param ids
      */
     @DeleteMapping(value = "/policy")
+    @PreAuthorize("hasRole('MODERATOR')")
     public void deletePolicy(@RequestBody Long[] ids) {
         policyService.delete(ids);
     }

src/main/java/com/vnptt/tms/api/RuleApi.java

@@ -3,28 +3,30 @@
 import com.vnptt.tms.dto.RuleDTO;
 import com.vnptt.tms.service.IRuleService;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import java.util.List;
 
-@CrossOrigin
 @RestController
 @RequestMapping("TMS/api")
 public class RuleApi {
     @Autowired
     private IRuleService ruleService;
 
     @GetMapping(value = "/rule")
-    public List<RuleDTO> showAllCategory() {
+    public List<RuleDTO> showAllRule() {
         return ruleService.findAll();
     }
 
     @PostMapping(value = "/rule")
+    @PreAuthorize("hasRole('MODERATOR')")
     public RuleDTO createRule(@RequestBody RuleDTO model) {
         return ruleService.save(model);
     }
 
     @DeleteMapping(value = "/rule")
+    @PreAuthorize("hasRole('MODERATOR')")
     public void removeRule(@RequestBody Long[] ids) {
         ruleService.delete(ids);
     }

src/main/java/com/vnptt/tms/api/UserApi.java

@@ -7,6 +7,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.domain.PageRequest;
 import org.springframework.data.domain.Pageable;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 @CrossOrigin
@@ -25,8 +26,8 @@ public class UserApi {
      * @return
      */
     @GetMapping(value = "/user")
-    public UserOutput showUser(@RequestParam(value = "page", required = false) Integer page,
-                               @RequestParam(value = "limit", required = false) Integer limit) {
+    @PreAuthorize("hasRole('MODERATOR') or hasRole('ADMIN')")
+    public UserOutput showUser(@RequestParam(value = "page", required = false) Integer page, @RequestParam(value = "limit", required = false) Integer limit) {
         UserOutput result = new UserOutput();
         if (page != null && limit != null) {
             result.setPage(page);
@@ -53,6 +54,7 @@ public UserOutput showUser(@RequestParam(value = "page", required = false) Integ
      * @return
      */
     @GetMapping(value = "/user/{id}")
+    @PreAuthorize("hasRole('MODERATOR') or hasRole('ADMIN')")
     public UserDTO showUser(@PathVariable("id") Long id) {
         return userService.findOne(id);
     }
@@ -64,6 +66,7 @@ public UserDTO showUser(@PathVariable("id") Long id) {
      * @return
      */
     @GetMapping(value = "/rule/{ruleId}/user")
+    @PreAuthorize("hasRole('MODERATOR') or hasRole('ADMIN')")
     public UserOutput showUserWithRule(@PathVariable(value = "ruleId") Long ruleId) {
         UserOutput result = new UserOutput();
         result.setListResult(userService.findAllWithRule(ruleId));
@@ -78,15 +81,15 @@ public UserOutput showUserWithRule(@PathVariable(value = "ruleId") Long ruleId)
     }
 
     /**
-     * create new user
+     * create new user (only use to test before token
      *
      * @param model
      * @return
      */
-    @PostMapping(value = "/user")
-    public UserDTO createUser(@RequestBody UserDTO model) {
-        return userService.save(model);
-    }
+//    @PostMapping(value = "/user")
+//    public UserDTO createUser(@RequestBody UserDTO model) {
+//        return userService.save(model);
+//    }
 
     /**
      * update infor user
@@ -96,12 +99,14 @@ public UserDTO createUser(@RequestBody UserDTO model) {
      * @return
      */
     @PutMapping(value = "/user/{id}")
+    @PreAuthorize("hasRole('MODERATOR') or hasRole('ADMIN')")
     public UserDTO updateUser(@RequestBody UserDTO model, @PathVariable("id") Long id) {
         model.setId(id);
-        return userService.save(model);
+        return userService.update(model);
     }
 
     @DeleteMapping(value = "/user")
+    @PreAuthorize("hasRole('MODERATOR')")
     public void removeUser(@RequestBody Long[] ids) {
         userService.delete(ids);
     }

src/main/java/com/vnptt/tms/config/JpaAuditingConfig.java

@@ -5,12 +5,10 @@
 import org.springframework.data.auditing.DateTimeProvider;
 import org.springframework.data.domain.AuditorAware;
 import org.springframework.data.jpa.repository.config.EnableJpaAuditing;
-import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 
 import java.time.LocalDateTime;
 import java.time.ZoneId;
-import java.time.ZoneOffset;
 import java.util.Optional;
 
 @Configuration
@@ -30,11 +28,15 @@ public DateTimeProvider utcDateTimeProvider() {
     public static class AuditorAwareImpl implements AuditorAware<String> {
         @Override
         public Optional<String> getCurrentAuditor() {
-            Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-            if (authentication == null || !authentication.isAuthenticated()) {
-                return null;
-            }
-            return Optional.ofNullable(authentication.getName());
+//            only use to test when not authorized
+//
+//            Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+//            if (authentication == null || !authentication.isAuthenticated()) {
+//                return null;
+//            }
+//            return Optional.ofNullable(authentication.getName());
+            String username = SecurityContextHolder.getContext().getAuthentication().getName();
+            return Optional.ofNullable(username);
         }
     }
 }

src/main/java/com/vnptt/tms/converter/RuleConverter.java

@@ -9,13 +9,13 @@ public class RuleConverter {
     public RuleDTO toDTO(RuleEntity entity) {
         RuleDTO dto = new RuleDTO();
         dto.setId(entity.getId());
-        dto.setName(entity.getName());
+        dto.setName(entity.getName().toString());
         return dto;
     }
 
-    public RuleEntity toEntity(RuleDTO dto) {
-        RuleEntity entity = new RuleEntity();
-        entity.setName(dto.getName());
-        return entity;
-    }
+//    public RuleEntity toEntity(RuleDTO dto) {
+//        RuleEntity entity = new RuleEntity();
+////        entity.setName(dto.getName();
+//        return entity;
+//    }
 }