Secure endpoints and services that require authentication

WE2-860

Signed-off-by: Mart Somermaa <[email protected]>

Author: mrts

example/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java

@@ -42,7 +42,7 @@
 
 @Configuration
 @EnableWebSecurity
-@EnableMethodSecurity(securedEnabled = true, jsr250Enabled = true)
+@EnableMethodSecurity(securedEnabled = true)
 public class ApplicationConfiguration implements WebMvcConfigurer {
     final AuthTokenDTOAuthenticationProvider authTokenDTOAuthenticationProvider;
     final SecurityContextRepository securityContextRepository;

example/src/main/java/eu/webeid/example/service/SigningService.java

@@ -29,6 +29,8 @@
 import eu.webeid.example.service.dto.FileDTO;
 import eu.webeid.example.service.dto.SignatureDTO;
 import eu.webeid.security.certificate.CertificateData;
+import jakarta.servlet.http.HttpSession;
+import jakarta.xml.bind.DatatypeConverter;
 import org.apache.commons.io.FilenameUtils;
 import org.digidoc4j.Configuration;
 import org.digidoc4j.Container;
@@ -44,18 +46,20 @@
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.ObjectFactory;
 import org.springframework.core.io.ByteArrayResource;
+import org.springframework.security.access.annotation.Secured;
 import org.springframework.stereotype.Service;
 
-import jakarta.servlet.http.HttpSession;
-import jakarta.xml.bind.DatatypeConverter;
 import java.io.IOException;
 import java.io.InputStream;
 import java.security.NoSuchAlgorithmException;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 import java.util.Objects;
 
+import static eu.webeid.example.security.AuthTokenDTOAuthenticationProvider.ROLE_USER;
+
 @Service
+@Secured(ROLE_USER)
 public class SigningService {
 
     private static final String SESSION_ATTR_FILE = "file-to-sign";

example/src/main/java/eu/webeid/example/web/WelcomeController.java

@@ -24,7 +24,7 @@
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.access.annotation.Secured;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -35,10 +35,10 @@
 import static eu.webeid.example.security.AuthTokenDTOAuthenticationProvider.ROLE_USER;
 
 @Controller
+@Secured(ROLE_USER)
 public class WelcomeController {
     private static final Logger LOG = LoggerFactory.getLogger(WelcomeController.class);
 
-    @PreAuthorize("hasAuthority('" + ROLE_USER + "')")
     @GetMapping("welcome")
     public String welcome(Model model, Principal principal) {
         Objects.requireNonNull(principal);

example/src/main/java/eu/webeid/example/web/rest/SigningController.java

@@ -32,14 +32,22 @@
 import org.springframework.core.io.Resource;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.*;
+import org.springframework.security.access.annotation.Secured;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
 
 import java.io.IOException;
 import java.security.NoSuchAlgorithmException;
 import java.security.cert.CertificateException;
 
+import static eu.webeid.example.security.AuthTokenDTOAuthenticationProvider.ROLE_USER;
+
 @RestController
 @RequestMapping("sign")
+@Secured(ROLE_USER)
 public class SigningController {
 
     private final SigningService signingService;