/** * This is an example of some different kinds of granular restriction for endpoints. You can use the built-in SPEL expressions * in @PreAuthorize such as 'hasRole()' to determine if a user has access. Remember that the hasRole expression assumes a * 'ROLE_' prefix on all role names. So 'ADMIN' here is actually stored as 'ROLE_ADMIN' in database! **/ @RequestMapping(method = RequestMethod.GET) @PreAuthorize("hasRole('ADMIN')") public ResponseEntity<?> getProtectedGreeting() { return ResponseEntity.ok("Greetings from admin protected method!"); }
@GET @Path("{claimType}") @PreAuthorize("hasRole('CLAIM_READ')") Claim getClaim(@PathParam("claimType") String claimType);
@DELETE @Path("{claimType}") @PreAuthorize("hasRole('CLAIM_DELETE')") Response deleteClaim(@PathParam("claimType") String claimType);
/** * Pyytää lähetettävän ryhmäsähköpostin tilannetiedot * * @param sendId Ryhmäsähköpostin tunnus * @return Lähetettävän ryhmäsähköpostin tilannetiedot */ @POST @Consumes("application/json") @Produces("application/json") @Path("sendEmailStatus") @PreAuthorize(SecurityConstants.SEND) @ApiOperation(value = "Palauttaa halutun ryhmäsähköpostin lähetyksen tilannetiedot", response = SendingStatusDTO.class) public Response sendEmailStatus(@ApiParam(value = "Ryhmäsähköpostin avain", required = true) String sendId);
@GET @Path("/config/cluster") @PreAuthorize("permitAll") @ApiOperation(value = "Get cluster configuration", notes = "Returns information about cluster (Kafka, Zookeeper etc.)", response = ClusterConfigVO.class) @ApiResponses(value = { @ApiResponse(code = 200, message = "Returns information about cluster (Kafka, Zookeeper etc.)", response = ClusterConfigVO.class) }) Response getClusterConfig(); }
/** * Get all users. * * @return */ @GET @Produces(MediaType.APPLICATION_JSON) @PreAuthorize("hasAuthority('ADMIN')") public Response getUsers() { Iterable<User> iterable = userService.findAllUsers(); List<QueryUserResult> queryDetailsList = StreamSupport.stream(iterable.spliterator(), false) .map(this::toQueryResult) .collect(Collectors.toList()); return Response.ok(queryDetailsList).build(); }
@GET @PreAuthorize("hasRole('CLAIM_LIST')") Response getClaims(@QueryParam("start") int start, @QueryParam("size") @DefaultValue("2") int size, @Context UriInfo uriInfo);
@POST @Path("/siirra") @PreAuthorize("isAuthenticated()") @ApiOperation( value = "Kopioi tai siirtää monta koulutusta", notes = "Operaatio kopioi tai siirtää monta koulutusta") public ResultV1RDTO copyOrMoveMultiple(KoulutusMultiCopyV1RDTO koulutusMultiCopy);
@POST @PreAuthorize("isAuthenticated()") @Produces(MediaType.APPLICATION_JSON + ";charset=UTF-8") @Consumes(MediaType.APPLICATION_JSON + ";charset=UTF-8") @ApiOperation( value = "Luo uuden koulutuksen", notes = "Operaatio luo uuden koulutuksen", response = KoulutusV1RDTO.class) @ApiResponses(value = { @ApiResponse(code = 200, message = "Operation successful"), @ApiResponse(code = 400, message = "Invalid request payload"), @ApiResponse(code = 401, message = "Unauthorized request"), @ApiResponse(code = 403, message = "Permission denied") }) public Response postKoulutus(KoulutusV1RDTO koulutus);
@GET @Path("{realm}") @PreAuthorize("hasRole('TRUSTEDIDP_READ')") TrustedIdp getTrustedIDP(@PathParam("realm") String realm);
@PreAuthorize("#oauth2.hasScope('server') or #accountName.equals('demo')") @RequestMapping(value = "/{accountName}", method = RequestMethod.GET) public List<DataPoint> getStatisticsByAccountName(@PathVariable String accountName) { return statisticsService.findByAccountName(accountName); }
@POST @Path("{realm}/applications") @PreAuthorize("hasRole('IDP_UPDATE')") Response addApplicationToIdp(@Context UriInfo ui, @PathParam("realm") String realm, Application application);
/** * Lisää ryhmäshköpostin liitteen * * @param request Http pyyntö * @param response Http vastaus * @return Lisätyn liitteen tiedot * @throws IOException * @throws URISyntaxException * @throws ServletException */ @POST @Consumes(MediaType.MULTIPART_FORM_DATA) @Produces("text/plain") @Path("addAttachment") @PreAuthorize(SecurityConstants.SEND) @ApiOperation(value = "Lisää käyttäjän valitsemat liitetiedostot tietokantaan", notes = "Käytäjän valitsemat liitetiedosto pitää olla multipart-tyyppisiä", response = String.class) @ApiResponses({@ApiResponse(code = 400, message = "Not a multipart request")}) public String addAttachment(@Context HttpServletRequest request, @Context HttpServletResponse response) throws IOException, URISyntaxException, ServletException ;
@GET @Path("/cache") @PreAuthorize("permitAll") @ApiOperation(value = "Get cache info", notes = "Returns cache info") @ApiResponses(value = { @ApiResponse(code = 200, message = "Returns cache info", response = CacheInfoVO.class), }) Response getApiInfoCache(@Context UriInfo uriInfo);
@GET @PreAuthorize("hasRole('ENTITLEMENT_LIST')") Entitlements getEntitlements(@QueryParam("start") int start, @QueryParam("size") @DefaultValue("5") int size, @Context UriInfo uriInfo);
@GET @Path("{name}") @PreAuthorize("hasRole('ENTITLEMENT_READ')") Entitlement getEntitlement(@PathParam("name") String name);
@PreAuthorize("#oauth2.hasScope('server') or #name.equals('demo')") @RequestMapping(path = "/{name}", method = RequestMethod.GET) public Account getAccountByName(@PathVariable String name) { return accountService.findByName(name); }
@POST @Path("{realm}/claims") @PreAuthorize("hasRole('IDP_UPDATE')") Response addClaimToIdp(@Context UriInfo ui, @PathParam("realm") String realm, Claim claim);
/** * Pyytää tiedot raportoittavista ryhmäsähköposteista * * @param sendId Ryhmäsähköpostin tunnus * @return Raportoitavan ryhmäsähköpostin tiedot */ @POST @Consumes("application/json") @Produces("application/json") @Path("sendResult") @PreAuthorize(SecurityConstants.SEND) @ApiOperation(value = "Palauttaa lähetetyn ryhmäsähköpostin raportin", response = ReportedMessageDTO.class) @ApiResponses({@ApiResponse(code = 500, message = "Internal service error tai liittymävirhe")}) public Response sendResult(@ApiParam(value = "Ryhmäsähköpostiviestin avain", required = true) String sendId); }
@GET @Path("/plugin/authenticate") @PreAuthorize("permitAll") @ApiOperation(value = "Plugin authentication", notes = "Authenticates a plugin and JWT Plugin payload.") @ApiResponses(value = { @ApiResponse(code = 200, message = "If successful, this method returns the JwtPluginPayload.", response = JwtPluginPayload.class), @ApiResponse(code = 401, message = "If authentication is not allowed") }) Response authenticatePlugin( @ApiParam(name = "token", value = "Jwt Plugin Token", required = true) @QueryParam("token") String jwtPluginToken); }