Package com.skava.auth.web

Class AuthGroupController

java.lang.Object
org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler
com.skava.core.security.CommonExceptionHandler
com.skava.core.errorhandler.ExceptionResponseProcessor
com.skava.auth.helper.AuthExceptionHandler
com.skava.auth.web.AuthGroupController
All Implemented Interfaces:
org.springframework.beans.factory.Aware, org.springframework.context.MessageSourceAware
@RestController @RequestMapping("/authgroups") public class AuthGroupController extends AuthExceptionHandler
This class act as a controller to handle the auth group's manipulation.
List of operations handled by this controller are
  • Authorization group create
  • Authorization group retrieval by group identifier
  • Authorization group retrieval by collection identifier and search criteria
  • Authorization group update
  • Authorization group delete
  • Authorization group's role inclusion
  • Authorization group's role exclusion
  • Authorization group's role retrieval
  • Authorization group's user inclusion
  • Authorization group's user exclusion
  • Authorization group's user retrieval
Version:
$Id: $Id
Author:
Infosys Equinox

  • Field Summary

    Fields inherited from class com.skava.auth.helper.AuthExceptionHandler

    CONST_API_VERSION_DEFAULT, DEFAULT_LIMIT, X_TOTAL_COUNT

    Fields inherited from class org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler

    logger, PAGE_NOT_FOUND_LOG_CATEGORY, pageNotFoundLogger

  • Constructor Summary

    Constructors
    Constructor
    Description
    AuthGroupController()
    Constructs a AuthGroupController with default member variables and member functions.

  • Method Summary

    Modifier and Type
    Method
    Description
    org.springframework.http.ResponseEntity<Object>
    addRoles(String version, String authToken, long storeId, Long groupId, List<Long> roleIds, Long collectionId)
    This service adds the specified list of roles into the requested authgroup
    org.springframework.http.ResponseEntity<Object>
    addUsers(String version, String authToken, long storeId, Long groupId, List<Long> userIds, Long collectionId)
    This service adds a list of users into the requested authgroup.
    org.springframework.http.ResponseEntity<Object>
    createAuthGroup(String version, String authToken, long storeId, AuthGroupVO request, Long collectionId)
    This service is used to create authorization group and returns the created resource as response when the request is valid other wise validation error response will be return as a response with respective http status code using service implementation.
    org.springframework.http.ResponseEntity<Object>
    deleteAuthGroup(String version, String authToken, long storeId, Long groupId, Long collectionId)
    This service deletes the requested authgroup under the given collection.
    org.springframework.http.ResponseEntity<Object>
    deleteRoles(String version, String authToken, long storeId, Long groupId, List<Long> roleIds, Long collectionId)
    This service removes the specified list of roles from the requested authgroup.
    org.springframework.http.ResponseEntity<Object>
    deleteUsers(String version, String authToken, long storeId, Long groupId, List<Long> userIds, Long collectionId)
    This service deletes the list of users from the specified authgroup.
    org.springframework.http.ResponseEntity<Object>
    getAllAuthGroups(String version, String authToken, long storeId, int page, int size, String filter, Long collectionId)
    This service retrieves all the authgroups under the specified collection.
    org.springframework.http.ResponseEntity<Object>
    getAuthGroupById(String version, String authToken, long storeId, Long groupId, Long collectionId)
    This service retrieves the authgroup details based on the given authgroup identifier.
    org.springframework.http.ResponseEntity<Object>
    getRoles(String version, String authToken, long storeId, Long groupId, Long collectionId)
    This service retrieves the roles of the requested authgroup under the given collection.
    org.springframework.http.ResponseEntity<Object>
    getUsers(String version, String authToken, long storeId, Long groupId, Long collectionId)
    This service retrieves the user identifiers of the specified authgroup.
    static org.springframework.context.support.PropertySourcesPlaceholderConfigurer
    propertyConfigInDev()
     
    org.springframework.http.ResponseEntity<Object>
    updateAuthGroup(String version, String authToken, long storeId, Long groupId, AuthGroupVO request, Long collectionId)
    This service updates the requested authgroup.

    Methods inherited from class com.skava.auth.helper.AuthExceptionHandler

    getValidationResponse, handleAccessDeniedException, handleResourceNotFoundException, handleRunTimeException

    Methods inherited from class com.skava.core.errorhandler.ExceptionResponseProcessor

    getExceptionResponse, handleExceptionInternal, handleMethodArgumentNotValid

    Methods inherited from class com.skava.core.security.CommonExceptionHandler

    handleExceptionInternal, handleInternalException

    Methods inherited from class org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler

    createProblemDetail, createResponseEntity, getMessageSource, handleAsyncRequestNotUsableException, handleAsyncRequestTimeoutException, handleConversionNotSupported, handleErrorResponseException, handleException, handleHandlerMethodValidationException, handleHttpMediaTypeNotAcceptable, handleHttpMediaTypeNotSupported, handleHttpMessageNotReadable, handleHttpMessageNotWritable, handleHttpRequestMethodNotSupported, handleMaxUploadSizeExceededException, handleMethodValidationException, handleMissingPathVariable, handleMissingServletRequestParameter, handleMissingServletRequestPart, handleNoHandlerFoundException, handleNoResourceFoundException, handleServletRequestBindingException, handleTypeMismatch, setMessageSource

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • AuthGroupController

      public AuthGroupController()
      Constructs a AuthGroupController with default member variables and member functions.

  • Method Details

    • propertyConfigInDev

      @Bean public static org.springframework.context.support.PropertySourcesPlaceholderConfigurer propertyConfigInDev()

    • createAuthGroup

      @PostMapping("") @ResponseStatus(CREATED) @PreAuthorize("hasRoleForServiceAndCollection(\'ROLE_AUTH_ADMIN\', \'auth\', #collectionId) or hasPrivilegeForServiceAndCollection(\'auth/create/authgroups\', \'auth\', #collectionId)") @Audit(action="createAuthGroup", repository="authGroupRepository") public org.springframework.http.ResponseEntity<Object> createAuthGroup(@RequestHeader(value="x-version",required=false,defaultValue="8.19.7") @AuditField(field="VERSION") String version, @RequestHeader(value="x-auth-token",required=false) @AuditField(field="AUTH_TOKEN") String authToken, @RequestHeader(value="x-store-id",required=false,defaultValue="0") @AuditField(field="STORE_ID") long storeId, @RequestBody @AuditField(field="AUTH_GROUP") AuthGroupVO request, @RequestHeader(value="X-Collection-Id",required=true,defaultValue="0") @AuditField(field="COLLECTION_ID") Long collectionId)
      This service is used to create authorization group and returns the created resource as response when the request is valid other wise validation error response will be return as a response with respective http status code using service implementation. AuthGroup is the entity/resource to hold the any number of users with any number of roles. Name of the AuthGroupVO is mandatory in request to create and also this should be unique under given collection.
      Parameters:
      version - It hold the value of version number of API. Using this parameter we can access the different version of the API. It is currently unused.
      authToken - a String object. This field holds a valid authorization token generated using the Authorization microservice for an user. Auth token (JWT format) represents claims containing roles and privileges of the user accessing this API. JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. Since the token is a required field for this API it has to be generated before hand by invoking the /auth/sessions API provided by Authorization microservice. The output is three Base64 strings separated by dots that can be easily passed in HTML and HTTP environments, while being more compact when compared to XML-based standards such as SAML. Thus generated token has to be passed to this service and the request will be processed only if the following conditions are met:
      • Token validation against the secret key
      • Expiry time should be in the future
      • Necessary privileges are available for the user to perform the action on the subjected resource
      .
      storeId - Refers to the unique identifier of the store.
      request - a AuthGroupVO object. This request body holds a valid authgroup data of this microservice to create/update authgroup entity/resource's details. This end point only use the basic details of authgroup request.
      collectionId - a Long object. This field holds a valid collection identifier of this microservice and requested operation will be performed on this collection identifier. Collection is the top most entity of a microservice under which all the other entities/resources reside. Each collection represents an instance of the microservice with configured properties and these properties can be modified to bring in a different behavior per collection of the same microservice. Store association is the process of associating a microservice collection to a store along with its respective sub-entity. This way storefront can fetch/store the required information from that respective association.
      Returns:
      a AuthGroupVO object. Created resource details which will consists of auto generated details and requested details.

    • getAuthGroupById

      @GetMapping("/{authgroupId}") @PreAuthorize("hasRoleForServiceAndCollection(\'ROLE_AUTH_ADMIN\', \'auth\', #collectionId) or hasPrivilegeForServiceAndCollection(\'auth/view/authgroups\', \'auth\', #collectionId)") @Audit(action="getAuthGroup", repository="authGroupRepository") public org.springframework.http.ResponseEntity<Object> getAuthGroupById(@RequestHeader(value="x-version",required=false,defaultValue="8.19.7") @AuditField(field="VERSION") String version, @RequestHeader(value="x-auth-token",required=false) @AuditField(field="AUTH_TOKEN") String authToken, @RequestHeader(value="x-store-id",required=false,defaultValue="0") @AuditField(field="STORE_ID") long storeId, @PathVariable("authgroupId") @AuditField(field="AUTH_GROUP_ID") Long groupId, @RequestHeader(value="X-Collection-Id",required=true,defaultValue="0") @AuditField(field="COLLECTION_ID") Long collectionId)
      This service retrieves the authgroup details based on the given authgroup identifier.
      Parameters:
      version - It hold the value of version number of API. Using this parameter we can access the different version of the API. It is currently unused.
      authToken - a String object. This field holds a valid authorization token generated using the Authorization microservice for an user. Auth token (JWT format) represents claims containing roles and privileges of the user accessing this API. JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. Since the token is a required field for this API it has to be generated before hand by invoking the /auth/sessions API provided by Authorization microservice. The output is three Base64 strings separated by dots that can be easily passed in HTML and HTTP environments, while being more compact when compared to XML-based standards such as SAML. Thus generated token has to be passed to this service and the request will be processed only if the following conditions are met:
      • Token validation against the secret key
      • Expiry time should be in the future
      • Necessary privileges are available for the user to perform the action on the subjected resource
      .
      storeId - Refers to the unique identifier of the store.
      groupId - a Long object. This field holds a valid authgroup identifier of this microservice. AuthGroup is the entity of this microservice to handle set of users with set of same roles. Each authgroup can have a any number of users and also can have any number of roles.
      collectionId - a Long object. This field holds a valid collection identifier of this microservice and requested operation will be performed on this collection identifier. Collection is the top most entity of a microservice under which all the other entities/resources reside. Each collection represents an instance of the microservice with configured properties and these properties can be modified to bring in a different behavior per collection of the same microservice. Store association is the process of associating a microservice collection to a store along with its respective sub-entity. This way storefront can fetch/store the required information from that respective association.
      Returns:
      a AuthGroupVO object. Returns User Group based on the auth group id given.

    • getAllAuthGroups

      @GetMapping("") @PreAuthorize("hasRoleForServiceAndCollection(\'ROLE_AUTH_ADMIN\', \'auth\', #collectionId) or hasPrivilegeForServiceAndCollection(\'auth/viewall/authgroups\', \'auth\', #collectionId)") @Audit(action="getAuthGroups", repository="authGroupRepository") public org.springframework.http.ResponseEntity<Object> getAllAuthGroups(@RequestHeader(value="x-version",required=false,defaultValue="8.19.7") @AuditField(field="VERSION") String version, @RequestHeader(value="x-auth-token",required=false) @AuditField(field="AUTH_TOKEN") String authToken, @RequestHeader(value="x-store-id",required=false,defaultValue="0") @AuditField(field="STORE_ID") long storeId, @RequestParam(value="offset",required=false,defaultValue="0") @AuditField(field="PAGE") int page, @RequestParam(value="limit",required=false,defaultValue="100") @AuditField(field="SIZE") int size, @RequestParam(value="filter",required=false) @AuditField(field="FILTER") String filter, @RequestHeader(value="X-Collection-Id",required=true,defaultValue="0") @AuditField(field="COLLECTION_ID") Long collectionId)
      This service retrieves all the authgroups under the specified collection. AuthGroup is the entity which handles a set of users with the same set of roles. Each authgroup can have any number of users with any number of roles.
      Parameters:
      version - It hold the value of version number of API. Using this parameter we can access the different version of the API. It is currently unused.
      authToken - a String object. This field holds a valid authorization token generated using the Authorization microservice for an user. Auth token (JWT format) represents claims containing roles and privileges of the user accessing this API. JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. Since the token is a required field for this API it has to be generated before hand by invoking the /auth/sessions API provided by Authorization microservice. The output is three Base64 strings separated by dots that can be easily passed in HTML and HTTP environments, while being more compact when compared to XML-based standards such as SAML. Thus generated token has to be passed to this service and the request will be processed only if the following conditions are met:
      • Token validation against the secret key
      • Expiry time should be in the future
      • Necessary privileges are available for the user to perform the action on the subjected resource
      .
      storeId - Refers to the unique identifier of the store.
      page - a Long object. The page number to be retrieved where the size of the page must be specified by the size/offset/pageSize parameter. First page starts with value "0".
      size - a Long object. The number of documents being retrieved on the corresponding page specified by page parameter.
      filter - a String object. This field holds the simple query criteria (can be multiple) based on the available fields to limit returned results. Syntax of this parameter is FIELDNAME OP VALUE
      Example 1: field1:value, field2:value
      Example 2: field1>value
      where:
      • FIELDNAME is the entity's attribute name as represented in the response object
      • OP is the operation - Possible values includes
        • LIKE (:) - Loads everything similar (like operation) to the given value.
        • GREATERTHAN (>) - for integer values - loads rows whose column(field) value is greater than the given value
        • LESSTHAN (<) - for integer values - loads rows whose column value is lesser than the given value
      • VALUE is the value against which the operation has to be performed on the field
      Kindly note:
      • filters parameter can have multiple objects.
      • When multiple attributes are used in filter AND behavior is applied.
      collectionId - a Long object. This field holds a valid collection identifier of this microservice and requested operation will be performed on this collection identifier. Collection is the top most entity of a microservice under which all the other entities/resources reside. Each collection represents an instance of the microservice with configured properties and these properties can be modified to bring in a different behavior per collection of the same microservice. Store association is the process of associating a microservice collection to a store along with its respective sub-entity. This way storefront can fetch/store the required information from that respective association.
      Returns:
      a List object. Returns list of auth group.

    • updateAuthGroup

      @PutMapping("/{authgroupId}") @PreAuthorize("hasRoleForServiceAndCollection(\'ROLE_AUTH_ADMIN\', \'auth\', #collectionId) or hasPrivilegeForServiceAndCollection(\'auth/update/authgroups\', \'auth\', #collectionId)") @Audit(action="replaceAuthGroup", repository="authGroupRepository") public org.springframework.http.ResponseEntity<Object> updateAuthGroup(@RequestHeader(value="x-version",required=false,defaultValue="8.19.7") @AuditField(field="VERSION") String version, @RequestHeader(value="x-auth-token",required=false) @AuditField(field="AUTH_TOKEN") String authToken, @RequestHeader(value="x-store-id",required=false,defaultValue="0") @AuditField(field="STORE_ID") long storeId, @PathVariable("authgroupId") @AuditField(field="AUTH_GROUP_ID") Long groupId, @RequestBody @AuditField(field="AUTH_GROUP") AuthGroupVO request, @RequestHeader(value="X-Collection-Id",required=true,defaultValue="0") @AuditField(field="COLLECTION_ID") Long collectionId)
      This service updates the requested authgroup. The name and description of the authgroup can be updated. .
      Parameters:
      version - It hold the value of version number of API. Using this parameter we can access the different version of the API. It is currently unused.
      authToken - a String object. This field holds a valid authorization token generated using the Authorization microservice for an user. Auth token (JWT format) represents claims containing roles and privileges of the user accessing this API. JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. Since the token is a required field for this API it has to be generated before hand by invoking the /auth/sessions API provided by Authorization microservice. The output is three Base64 strings separated by dots that can be easily passed in HTML and HTTP environments, while being more compact when compared to XML-based standards such as SAML. Thus generated token has to be passed to this service and the request will be processed only if the following conditions are met:
      • Token validation against the secret key
      • Expiry time should be in the future
      • Necessary privileges are available for the user to perform the action on the subjected resource
      .
      storeId - Refers to the unique identifier of the store.
      groupId - a Long object. This field holds a valid authgroup identifier of this microservice. AuthGroup is the entity of this microservice to handle set of users with set of same roles. Each authgroup can have a any number of users and also can have any number of roles.
      request - a AuthGroupVO object. This request body holds a valid authgroup data of this microservice to create/update authgroup entity/resource's details. This end point only use the basic details of authgroup request.
      collectionId - a Long object. This field holds a valid collection identifier of this microservice and requested operation will be performed on this collection identifier. Collection is the top most entity of a microservice under which all the other entities/resources reside. Each collection represents an instance of the microservice with configured properties and these properties can be modified to bring in a different behavior per collection of the same microservice. Store association is the process of associating a microservice collection to a store along with its respective sub-entity. This way storefront can fetch/store the required information from that respective association.
      Returns:
      Returns User Group object.

    • deleteAuthGroup

      @DeleteMapping("/{authgroupId}") @PreAuthorize("hasRoleForServiceAndCollection(\'ROLE_AUTH_ADMIN\', \'auth\', #collectionId) or hasPrivilegeForServiceAndCollection(\'auth/delete/authgroups\', \'auth\', #collectionId)") @Audit(action="deleteAuthGroup", repository="authGroupRepository") public org.springframework.http.ResponseEntity<Object> deleteAuthGroup(@RequestHeader(value="x-version",required=false,defaultValue="8.19.7") @AuditField(field="VERSION") String version, @RequestHeader(value="x-auth-token",required=false) @AuditField(field="AUTH_TOKEN") String authToken, @RequestHeader(value="x-store-id",required=false,defaultValue="0") @AuditField(field="STORE_ID") long storeId, @PathVariable("authgroupId") @AuditField(field="AUTH_GROUP_ID") Long groupId, @RequestHeader(value="X-Collection-Id",required=true,defaultValue="0") @AuditField(field="COLLECTION_ID") Long collectionId)
      This service deletes the requested authgroup under the given collection.
      Parameters:
      version - It hold the value of version number of API. Using this parameter we can access the different version of the API. It is currently unused.
      authToken - a String object. This field holds a valid authorization token generated using the Authorization microservice for an user. Auth token (JWT format) represents claims containing roles and privileges of the user accessing this API. JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. Since the token is a required field for this API it has to be generated before hand by invoking the /auth/sessions API provided by Authorization microservice. The output is three Base64 strings separated by dots that can be easily passed in HTML and HTTP environments, while being more compact when compared to XML-based standards such as SAML. Thus generated token has to be passed to this service and the request will be processed only if the following conditions are met:
      • Token validation against the secret key
      • Expiry time should be in the future
      • Necessary privileges are available for the user to perform the action on the subjected resource
      .
      storeId - Refers to the unique identifier of the store.
      groupId - a Long object. This field holds a valid authgroup identifier of this microservice. AuthGroup is the entity of this microservice to handle set of users with set of same roles. Each authgroup can have a any number of users and also can have any number of roles.
      collectionId - a Long object. This field holds a valid collection identifier of this microservice and requested operation will be performed on this collection identifier. Collection is the top most entity of a microservice under which all the other entities/resources reside. Each collection represents an instance of the microservice with configured properties and these properties can be modified to bring in a different behavior per collection of the same microservice. Store association is the process of associating a microservice collection to a store along with its respective sub-entity. This way storefront can fetch/store the required information from that respective association.
      Returns:
      Returns Object.

    • addRoles

      @PostMapping("/{authgroupId}/roles") @PreAuthorize("hasRoleForServiceAndCollection(\'ROLE_AUTH_ADMIN\', \'auth\', #collectionId) or hasPrivilegeForServiceAndCollection(\'auth/update/authgroups\', \'auth\', #collectionId)") @Audit(action="addRolesToAuthGroup", repository="authGroupRepository") public org.springframework.http.ResponseEntity<Object> addRoles(@RequestHeader(value="x-version",required=false,defaultValue="8.19.7") @AuditField(field="VERSION") String version, @RequestHeader(value="x-auth-token",required=false) @AuditField(field="AUTH_TOKEN") String authToken, @RequestHeader(value="x-store-id",required=false,defaultValue="0") @AuditField(field="STORE_ID") long storeId, @PathVariable("authgroupId") @AuditField(field="AUTH_GROUP_ID") Long groupId, @RequestBody @AuditField(field="ROLE_IDS") List<Long> roleIds, @RequestHeader(value="X-Collection-Id",required=true,defaultValue="0") @AuditField(field="COLLECTION_ID") Long collectionId)
      This service adds the specified list of roles into the requested authgroup
      Parameters:
      version - It hold the value of version number of API. Using this parameter we can access the different version of the API. It is currently unused.
      authToken - a String object. This field holds a valid authorization token generated using the Authorization microservice for an user. Auth token (JWT format) represents claims containing roles and privileges of the user accessing this API. JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. Since the token is a required field for this API it has to be generated before hand by invoking the /auth/sessions API provided by Authorization microservice. The output is three Base64 strings separated by dots that can be easily passed in HTML and HTTP environments, while being more compact when compared to XML-based standards such as SAML. Thus generated token has to be passed to this service and the request will be processed only if the following conditions are met:
      • Token validation against the secret key
      • Expiry time should be in the future
      • Necessary privileges are available for the user to perform the action on the subjected resource
      .
      storeId - Refers to the unique identifier of the store.
      groupId - a Long object. This field holds a valid authgroup identifier of this microservice. AuthGroup is the entity of this microservice to handle set of users with set of same roles. Each authgroup can have a any number of users and also can have any number of roles.
      roleIds - a @List of Long objects. This field holds a list of valid role identifiers of this microservice for role inclusion/exclusion from the authgroup entity/resource. Role is the entity of this microservice to handle set of privilegesets. Each role can have a any number of privilegesets.
      collectionId - a Long object. This field holds a valid collection identifier of this microservice and requested operation will be performed on this collection identifier. Collection is the top most entity of a microservice under which all the other entities/resources reside. Each collection represents an instance of the microservice with configured properties and these properties can be modified to bring in a different behavior per collection of the same microservice. Store association is the process of associating a microservice collection to a store along with its respective sub-entity. This way storefront can fetch/store the required information from that respective association.
      Returns:
      Returns Object.

    • getRoles

      @GetMapping("/{authgroupId}/roles") @PreAuthorize("hasRoleForServiceAndCollection(\'ROLE_AUTH_ADMIN\', \'auth\', #collectionId) or hasPrivilegeForServiceAndCollection(\'auth/view/authgroups\', \'auth\', #collectionId)") @Audit(action="getRolesOfAuthGroup", repository="authGroupRepository") public org.springframework.http.ResponseEntity<Object> getRoles(@RequestHeader(value="x-version",required=false,defaultValue="8.19.7") @AuditField(field="VERSION") String version, @RequestHeader(value="x-auth-token",required=false) @AuditField(field="AUTH_TOKEN") String authToken, @RequestHeader(value="x-store-id",required=false,defaultValue="0") @AuditField(field="STORE_ID") long storeId, @PathVariable("authgroupId") @AuditField(field="AUTH_GROUP_ID") Long groupId, @RequestHeader(value="X-Collection-Id",required=true,defaultValue="0") @AuditField(field="COLLECTION_ID") Long collectionId)
      This service retrieves the roles of the requested authgroup under the given collection.
      Parameters:
      version - It hold the value of version number of API. Using this parameter we can access the different version of the API. It is currently unused.
      authToken - a String object. This field holds a valid authorization token generated using the Authorization microservice for an user. Auth token (JWT format) represents claims containing roles and privileges of the user accessing this API. JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. Since the token is a required field for this API it has to be generated before hand by invoking the /auth/sessions API provided by Authorization microservice. The output is three Base64 strings separated by dots that can be easily passed in HTML and HTTP environments, while being more compact when compared to XML-based standards such as SAML. Thus generated token has to be passed to this service and the request will be processed only if the following conditions are met:
      • Token validation against the secret key
      • Expiry time should be in the future
      • Necessary privileges are available for the user to perform the action on the subjected resource
      .
      storeId - Refers to the unique identifier of the store.
      groupId - a Long object. This field holds a valid authgroup identifier of this microservice. AuthGroup is the entity of this microservice to handle set of users with set of same roles. Each authgroup can have a any number of users and also can have any number of roles.
      collectionId - a Long object. This field holds a valid collection identifier of this microservice and requested operation will be performed on this collection identifier. Collection is the top most entity of a microservice under which all the other entities/resources reside. Each collection represents an instance of the microservice with configured properties and these properties can be modified to bring in a different behavior per collection of the same microservice. Store association is the process of associating a microservice collection to a store along with its respective sub-entity. This way storefront can fetch/store the required information from that respective association.
      Returns:
      Returns List of roles.

    • deleteRoles

      @DeleteMapping("/{authgroupId}/roles") @PreAuthorize("hasRoleForServiceAndCollection(\'ROLE_AUTH_ADMIN\', \'auth\', #collectionId) or hasPrivilegeForServiceAndCollection(\'auth/update/authgroups\', \'auth\', #collectionId)") @Audit(action="removeRolesOfAuthGroup", repository="authGroupRepository") public org.springframework.http.ResponseEntity<Object> deleteRoles(@RequestHeader(value="x-version",required=false,defaultValue="8.19.7") @AuditField(field="VERSION") String version, @RequestHeader(value="x-auth-token",required=false) @AuditField(field="AUTH_TOKEN") String authToken, @RequestHeader(value="x-store-id",required=false,defaultValue="0") @AuditField(field="STORE_ID") long storeId, @PathVariable("authgroupId") @AuditField(field="AUTH_GROUP_ID") Long groupId, @RequestParam("roleIds") @AuditField(field="ROLE_IDS") List<Long> roleIds, @RequestHeader(value="X-Collection-Id",required=true,defaultValue="0") @AuditField(field="COLLECTION_ID") Long collectionId)
      This service removes the specified list of roles from the requested authgroup.
      Parameters:
      version - It hold the value of version number of API. Using this parameter we can access the different version of the API. It is currently unused.
      authToken - a String object. This field holds a valid authorization token generated using the Authorization microservice for an user. Auth token (JWT format) represents claims containing roles and privileges of the user accessing this API. JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. Since the token is a required field for this API it has to be generated before hand by invoking the /auth/sessions API provided by Authorization microservice. The output is three Base64 strings separated by dots that can be easily passed in HTML and HTTP environments, while being more compact when compared to XML-based standards such as SAML. Thus generated token has to be passed to this service and the request will be processed only if the following conditions are met:
      • Token validation against the secret key
      • Expiry time should be in the future
      • Necessary privileges are available for the user to perform the action on the subjected resource
      .
      storeId - Refers to the unique identifier of the store.
      groupId - a Long object. This field holds a valid authgroup identifier of this microservice. AuthGroup is the entity of this microservice to handle set of users with set of same roles. Each authgroup can have a any number of users and also can have any number of roles.
      roleIds - a @List of Long objects. This field holds a list of valid role identifiers of this microservice for role inclusion/exclusion from the authgroup entity/resource. Role is the entity of this microservice to handle set of privilegesets. Each role can have a any number of privilegesets.
      collectionId - a Long object. This field holds a valid collection identifier of this microservice and requested operation will be performed on this collection identifier. Collection is the top most entity of a microservice under which all the other entities/resources reside. Each collection represents an instance of the microservice with configured properties and these properties can be modified to bring in a different behavior per collection of the same microservice. Store association is the process of associating a microservice collection to a store along with its respective sub-entity. This way storefront can fetch/store the required information from that respective association.
      Returns:
      Returns Object.

    • addUsers

      @PostMapping("/{authgroupId}/users") @PreAuthorize("hasRoleForServiceAndCollection(\'ROLE_AUTH_ADMIN\', \'auth\', #collectionId) or hasPrivilegeForServiceAndCollection(\'auth/update/authgroups\', \'auth\', #collectionId)") @Audit(action="addUsersToAuthGroup", repository="authGroupRepository") public org.springframework.http.ResponseEntity<Object> addUsers(@RequestHeader(value="x-version",required=false,defaultValue="8.19.7") @AuditField(field="VERSION") String version, @RequestHeader(value="x-auth-token",required=false) @AuditField(field="AUTH_TOKEN") String authToken, @RequestHeader(value="x-store-id",required=false,defaultValue="0") @AuditField(field="STORE_ID") long storeId, @PathVariable("authgroupId") @AuditField(field="AUTH_GROUP_ID") Long groupId, @RequestBody @AuditField(field="USER_IDS") List<Long> userIds, @RequestHeader(value="X-Collection-Id",required=true,defaultValue="0") @AuditField(field="COLLECTION_ID") Long collectionId)
      This service adds a list of users into the requested authgroup.
      Parameters:
      version - It hold the value of version number of API. Using this parameter we can access the different version of the API. It is currently unused.
      authToken - a String object. This field holds a valid authorization token generated using the Authorization microservice for an user. Auth token (JWT format) represents claims containing roles and privileges of the user accessing this API. JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. Since the token is a required field for this API it has to be generated before hand by invoking the /auth/sessions API provided by Authorization microservice. The output is three Base64 strings separated by dots that can be easily passed in HTML and HTTP environments, while being more compact when compared to XML-based standards such as SAML. Thus generated token has to be passed to this service and the request will be processed only if the following conditions are met:
      • Token validation against the secret key
      • Expiry time should be in the future
      • Necessary privileges are available for the user to perform the action on the subjected resource
      .
      storeId - Refers to the unique identifier of the store.
      groupId - a Long object. This field holds a valid authgroup identifier of this microservice. AuthGroup is the entity of this microservice to handle set of users with set of same roles. Each authgroup can have a any number of users and also can have any number of roles.
      userIds - a List of Long. This field holds a list of valid user identifiers from the user microservice for user inclusion/exclusion from the authgroup entity/resource. User the entity/resource of the user microservice. Each user can available in any number of authgroup.
      collectionId - a Long object. This field holds a valid collection identifier of this microservice and requested operation will be performed on this collection identifier. Collection is the top most entity of a microservice under which all the other entities/resources reside. Each collection represents an instance of the microservice with configured properties and these properties can be modified to bring in a different behavior per collection of the same microservice. Store association is the process of associating a microservice collection to a store along with its respective sub-entity. This way storefront can fetch/store the required information from that respective association.
      Returns:
      Returns Object.

    • getUsers

      @GetMapping("/{authgroupId}/users") @PreAuthorize("hasRoleForServiceAndCollection(\'ROLE_AUTH_ADMIN\', \'auth\', #collectionId) or hasPrivilegeForServiceAndCollection(\'auth/view/authgroups\', \'auth\', #collectionId)") @Audit(action="getUsersOfAuthGroup", repository="authGroupRepository") public org.springframework.http.ResponseEntity<Object> getUsers(@RequestHeader(value="x-version",required=false,defaultValue="8.19.7") @AuditField(field="VERSION") String version, @RequestHeader(value="x-auth-token",required=false) @AuditField(field="AUTH_TOKEN") String authToken, @RequestHeader(value="x-store-id",required=false,defaultValue="0") @AuditField(field="STORE_ID") long storeId, @PathVariable("authgroupId") @AuditField(field="AUTH_GROUP_ID") Long groupId, @RequestHeader(value="X-Collection-Id",required=true,defaultValue="0") @AuditField(field="COLLECTION_ID") Long collectionId)
      This service retrieves the user identifiers of the specified authgroup.
      Parameters:
      version - It hold the value of version number of API. Using this parameter we can access the different version of the API. It is currently unused.
      authToken - a String object. This field holds a valid authorization token generated using the Authorization microservice for an user. Auth token (JWT format) represents claims containing roles and privileges of the user accessing this API. JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. Since the token is a required field for this API it has to be generated before hand by invoking the /auth/sessions API provided by Authorization microservice. The output is three Base64 strings separated by dots that can be easily passed in HTML and HTTP environments, while being more compact when compared to XML-based standards such as SAML. Thus generated token has to be passed to this service and the request will be processed only if the following conditions are met:
      • Token validation against the secret key
      • Expiry time should be in the future
      • Necessary privileges are available for the user to perform the action on the subjected resource
      .
      storeId - Refers to the unique identifier of the store.
      groupId - a Long object. This field holds a valid authgroup identifier of this microservice. AuthGroup is the entity of this microservice to handle set of users with set of same roles. Each authgroup can have a any number of users and also can have any number of roles.
      collectionId - a Long object. This field holds a valid collection identifier of this microservice and requested operation will be performed on this collection identifier. Collection is the top most entity of a microservice under which all the other entities/resources reside. Each collection represents an instance of the microservice with configured properties and these properties can be modified to bring in a different behavior per collection of the same microservice. Store association is the process of associating a microservice collection to a store along with its respective sub-entity. This way storefront can fetch/store the required information from that respective association.
      Returns:
      Returns the Collection of strings.

    • deleteUsers

      @DeleteMapping("/{authgroupId}/users") @PreAuthorize("hasRoleForServiceAndCollection(\'ROLE_AUTH_ADMIN\', \'auth\', #collectionId) or hasPrivilegeForServiceAndCollection(\'auth/update/authgroups\', \'auth\', #collectionId)") @Audit(action="removeUsersOfAuthGroup", repository="authGroupRepository") public org.springframework.http.ResponseEntity<Object> deleteUsers(@RequestHeader(value="x-version",required=false,defaultValue="8.19.7") @AuditField(field="VERSION") String version, @RequestHeader(value="x-auth-token",required=false) @AuditField(field="AUTH_TOKEN") String authToken, @RequestHeader(value="x-store-id",required=false,defaultValue="0") @AuditField(field="STORE_ID") long storeId, @PathVariable("authgroupId") @AuditField(field="AUTH_GROUP_ID") Long groupId, @RequestParam("userIds") @AuditField(field="USER_IDS") List<Long> userIds, @RequestHeader(value="X-Collection-Id",required=true,defaultValue="0") @AuditField(field="COLLECTION_ID") Long collectionId)
      This service deletes the list of users from the specified authgroup.
      Parameters:
      version - It hold the value of version number of API. Using this parameter we can access the different version of the API. It is currently unused.
      authToken - a String object. This field holds a valid authorization token generated using the Authorization microservice for an user. Auth token (JWT format) represents claims containing roles and privileges of the user accessing this API. JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. Since the token is a required field for this API it has to be generated before hand by invoking the /auth/sessions API provided by Authorization microservice. The output is three Base64 strings separated by dots that can be easily passed in HTML and HTTP environments, while being more compact when compared to XML-based standards such as SAML. Thus generated token has to be passed to this service and the request will be processed only if the following conditions are met:
      • Token validation against the secret key
      • Expiry time should be in the future
      • Necessary privileges are available for the user to perform the action on the subjected resource
      .
      storeId - Refers to the unique identifier of the store.
      groupId - a Long object. This field holds a valid authgroup identifier of this microservice. AuthGroup is the entity of this microservice to handle set of users with set of same roles. Each authgroup can have a any number of users and also can have any number of roles.
      userIds - a List of Long. This field holds a list of valid user identifiers from the user microservice for user inclusion/exclusion from the authgroup entity/resource. User the entity/resource of the user microservice. Each user can available in any number of authgroup.
      collectionId - a Long object. This field holds a valid collection identifier of this microservice and requested operation will be performed on this collection identifier. Collection is the top most entity of a microservice under which all the other entities/resources reside. Each collection represents an instance of the microservice with configured properties and these properties can be modified to bring in a different behavior per collection of the same microservice. Store association is the process of associating a microservice collection to a store along with its respective sub-entity. This way storefront can fetch/store the required information from that respective association.
      Returns:
      a ResponseEntity object. This will consists of http status code and response data.