murat/skamp
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit with basic CRUD functionality:

Browse Source 
* GET all properties
* GET one property by id
* CREATE one property
* DELETE one property by id
This commit is contained in:
Murat Özkorkmaz
2025-08-28 12:57:36 +02:00
parent 32e41f710b
commit 9735f1f398
14 changed files with 241 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/main/java/de/iwomm/propify_api/controller/PropertyController.java
View File

@@ -3,6 +3,7 @@ package de.iwomm.propify_api.controller;
import de.iwomm.propify_api.entity.Property;
import de.iwomm.propify_api.service.PropertyService;
import org.springframework.http.HttpStatus;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;
import java.util.List;
@@ -18,24 +19,34 @@ public class PropertyController {
this.propertyService = propertyService;
}
@GetMapping("/info")
@PreAuthorize("isAuthenticated()")
public String infoEndpoint() {
return "Hello, you are authenticated!";
}
@GetMapping
@PreAuthorize("hasAnyRole('ROLE_ADMIN', 'ROLE_USER')")
public List<Property> getAllProperties() {
return propertyService.findAll();
}
@GetMapping("/{id}")
@PreAuthorize("hasAnyRole('ADMIN', 'USER')")
public Property getPropertyById(@PathVariable UUID id) {
return propertyService.findById(id).orElse(null);
}
@PostMapping
@ResponseStatus(HttpStatus.CREATED)
@PreAuthorize("hasRole('ADMIN')")
public Property createProperty(@RequestBody Property property) {
return propertyService.save(property);
}
@DeleteMapping("/{id}")
@ResponseStatus(HttpStatus.NO_CONTENT)
@PreAuthorize("hasRole('ADMIN')")
public void deleteProperty(@PathVariable UUID id) {
Optional<Property> property = propertyService.findById(id);
if (property.isEmpty()) {

28
src/main/java/de/iwomm/propify_api/security/CorsConfig.java Normal file
View File

@@ -0,0 +1,28 @@
package de.iwomm.propify_api.security;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import java.util.ArrayList;
import java.util.List;
@Configuration
public class CorsConfig implements WebMvcConfigurer {
private final CorsProperties corsProperties;
public CorsConfig(CorsProperties corsProperties) {
this.corsProperties = corsProperties;
}
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**") // Apply rules to all endpoints
.allowedOrigins(corsProperties.getAllowedOrigins().toArray(new String[0])) // This targets the frontend app's URLs (you can allow multiple URLs, e.g. "http://localhost:4200,http://example.com"
.allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
.allowedHeaders(corsProperties.getAllowedHeaders())
.allowCredentials(true); // Allow cookies and authentication headers
}
}

29
src/main/java/de/iwomm/propify_api/security/CorsProperties.java Normal file
View File

@@ -0,0 +1,29 @@
package de.iwomm.propify_api.security;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Configuration;
import java.util.List;
@Configuration
@ConfigurationProperties(prefix = "cors")
public class CorsProperties {
private List<String> allowedOrigins;
private String allowedHeaders;
public List<String> getAllowedOrigins() {
return allowedOrigins;
}
public void setAllowedOrigins(List<String> allowedOrigins) {
this.allowedOrigins = allowedOrigins;
}
public String getAllowedHeaders() {
return allowedHeaders;
}
public void setAllowedHeaders(String allowedHeaders) {
this.allowedHeaders = allowedHeaders;
}
}

33
src/main/java/de/iwomm/propify_api/security/KeycloakRoleConverter.java Normal file
View File

@@ -0,0 +1,33 @@
package de.iwomm.propify_api.security;
import org.springframework.core.convert.converter.Converter;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.oauth2.jwt.Jwt;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
public class KeycloakRoleConverter implements Converter<Jwt, Collection<GrantedAuthority>> {
@Override
public Collection<GrantedAuthority> convert(Jwt jwt) {
// Holen Sie sich das "realm_access" Feld aus dem Token
Map<String, Object> realmAccess = (Map<String, Object>) jwt.getClaims().get("realm_access");
if (realmAccess == null || realmAccess.isEmpty()) {
return List.of();
}
// Holen Sie sich die Liste der Rollen
List<String> roles = (List<String>) realmAccess.get("roles");
// Konvertieren Sie die Rollen in Spring Security GrantedAuthority-Objekte
return roles.stream()
.map(roleName -> "ROLE_" + roleName.toUpperCase()) // Empfohlene Namenskonvention
.map(SimpleGrantedAuthority::new)
.collect(Collectors.toList());
}
}

35
src/main/java/de/iwomm/propify_api/security/SecurityConfig.java
View File

@@ -2,27 +2,44 @@ package de.iwomm.propify_api.security;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
@Configuration
@EnableWebSecurity
@EnableMethodSecurity // Wichtig für die Verwendung von @PreAuthorize
public class SecurityConfig {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.csrf(csrf -> csrf.disable()) // CSRF deaktivieren für APIs
.authorizeHttpRequests(auth -> auth
.requestMatchers("/api/**").permitAll() // API ist offen
.anyRequest().permitAll() // Alles andere auch offen
.csrf(AbstractHttpConfigurer::disable)
.cors(cors -> {})
.authorizeHttpRequests(authorize -> authorize
.requestMatchers("/api/**").authenticated()
.anyRequest().permitAll()
)
.httpBasic(httpBasic -> httpBasic.disable()) // Kein Basic Auth
.formLogin(form -> form.disable()); // Kein Login-Formular
.oauth2ResourceServer(oauth2 -> oauth2
.jwt(jwt -> jwt.jwtAuthenticationConverter(jwtAuthenticationConverter()))
)
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
return http.build();
}
}
// Konvertiert die Keycloak-Rollen (im JWT) in Spring Security Authorities
private JwtAuthenticationConverter jwtAuthenticationConverter() {
JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(new KeycloakRoleConverter());
return jwtAuthenticationConverter;
}
}

17
src/main/resources/application.yml
View File

@@ -13,3 +13,20 @@ spring:
h2:
console:
enabled: true
security:
oauth2:
resourceserver:
jwt:
issuer-uri: http://localhost:8280/realms/propify
jwk-set-uri: ${spring.security.oauth2.resourceserver.jwt.issuer-uri}/protocol/openid-connect/certs
logging:
level:
org:
springframework:
security: DEBUG
cors:
allowed-origins:
- http://localhost:4200
- http://localhost:8080
allowed-headers: "*"