Package com.skava.auth.web

Class FeaturesRoleMappingController

java.lang.Object
org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler
com.skava.core.security.CommonExceptionHandler
com.skava.core.errorhandler.ExceptionResponseProcessor
com.skava.auth.helper.AuthExceptionHandler
com.skava.auth.web.FeaturesRoleMappingController
All Implemented Interfaces:
org.springframework.beans.factory.Aware, org.springframework.context.MessageSourceAware
@RestController @RequestMapping("/") public class FeaturesRoleMappingController extends AuthExceptionHandler

  • Constructor Details

    • FeaturesRoleMappingController

      @Autowired public FeaturesRoleMappingController(AuthCommonServices authCommonServices)

  • Method Details

    • createFeatureRoleMapping

      @PostMapping("/{roleId}/accesscontrol") @PreAuthorize("hasRoleForServiceAndCollection(\'ROLE_AUTH_ADMIN\', \'auth\', #collectionId) or hasPrivilegeForServiceAndCollection(\'auth/create/roles\', \'auth\', #collectionId)") public org.springframework.http.ResponseEntity<Object> createFeatureRoleMapping(@RequestHeader(value="x-version",required=false,defaultValue="8.19.7") @AuditField(field="VERSION") String version, @RequestHeader(value="x-auth-token",required=true) @AuditField(field="AUTH_TOKEN") String authToken, @RequestHeader(value="X-Collection-Id",required=true,defaultValue="0") @AuditField(field="COLLECTION_ID") Long collectionId, @PathVariable("roleId") @AuditField(field="FEATURE_ROLE_ID") Long roleId, @RequestBody FeaturesRoleMappingVO request)

    • getFeatureByRoleId

      @GetMapping("/{roleId}/accesscontrol") @Audit(action="getFeatureByRoleId", repository="FeatureRoleMappingRepository") @PreAuthorize("hasRoleForServiceAndCollection(\'ROLE_AUTH_ADMIN\', \'auth\', #collectionId) or hasPrivilegeForServiceAndCollection(\'auth/create/roles\', \'auth\', #collectionId)") public org.springframework.http.ResponseEntity<Object> getFeatureByRoleId(@RequestHeader(value="x-version",required=false,defaultValue="8.19.7") @AuditField(field="VERSION") String version, @RequestHeader(value="x-auth-token",required=true) @AuditField(field="AUTH_TOKEN") String authToken, @PathVariable("roleId") @AuditField(field="FEATURE_ROLE_ID") Long roleId, @RequestHeader(value="X-Collection-Id",defaultValue="0") @AuditField(field="COLLECTION_ID") Long collectionId)
      This service loads the feature privilege using the roleID.
      Parameters:
      version - It hold the value of version number of API. Using this parameter we can access the different version of the API. It is currently unused.
      authToken - a String object. This field holds a valid authorization token generated using the Authorization microservice for an user. Auth token (JWT format) represents claims containing roles and privileges of the user accessing this API. JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. Since the token is a required field for this API it has to be generated before hand by invoking the /auth/sessions API provided by Authorization microservice. The output is three Base64 strings separated by dots that can be easily passed in HTML and HTTP environments, while being more compact when compared to XML-based standards such as SAML. Thus generated token has to be passed to this service and the request will be processed only if the following conditions are met:
      • Token validation against the secret key
      • Expiry time should be in the future
      • Necessary privileges are available for the user to perform the action on the subjected resource
      Feature - roleId Indicates id of the feature privilege need to load from the system.
      collectionId - a Long object. This field holds a valid collection identifier of this microservice and requested operation will be performed on this collection identifier. Collection is the top most entity of a microservice under which all the other entities/resources reside. Each collection represents an instance of the microservice with configured properties and these properties can be modified to bring in a different behavior per collection of the same microservice. Store association is the process of associating a microservice collection to a store along with its respective sub-entity. This way storefront can fetch/store the required information from that respective association.
      Returns:
      Returns Feature Privilege based on the given roleId.

    • deleteFeatureRoleMapping

      @DeleteMapping("/{roleId}/accesscontrol") @Audit(action="deleteFeaturesRoleMapping", repository="FeatureRoleMappingRepository") @PreAuthorize("hasRoleForServiceAndCollection(\'ROLE_AUTH_ADMIN\', \'auth\', #collectionId) or hasPrivilegeForServiceAndCollection(\'auth/create/roles\', \'auth\', #collectionId)") public org.springframework.http.ResponseEntity<Object> deleteFeatureRoleMapping(@RequestHeader(value="x-version",required=false,defaultValue="8.19.7") @AuditField(field="VERSION") String version, @RequestHeader(value="x-auth-token",required=true) @AuditField(field="AUTH_TOKEN") String authToken, @PathVariable("roleId") @AuditField(field="FEATURE_ROLE_ID") Long roleId, @RequestHeader(value="X-Collection-Id",defaultValue="0") @AuditField(field="COLLECTION_ID") Long collectionId, @RequestParam(value="featuresPrivilegeMappingId",defaultValue="0") @AuditField(field="FEATURES_PRIVILEGE_MAPPING_ID") Long featuresPrivilegeMappingId)
      This service deletes the feature privilege using the roleID.
      Parameters:
      version - It hold the value of version number of API. Using this parameter we can access the different version of the API. It is currently unused.
      authToken - a String object. This field holds a valid authorization token generated using the Authorization microservice for an user. Auth token (JWT format) represents claims containing roles and privileges of the user accessing this API. JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. Since the token is a required field for this API it has to be generated before hand by invoking the /auth/sessions API provided by Authorization microservice. The output is three Base64 strings separated by dots that can be easily passed in HTML and HTTP environments, while being more compact when compared to XML-based standards such as SAML. Thus generated token has to be passed to this service and the request will be processed only if the following conditions are met:
      • Token validation against the secret key
      • Expiry time should be in the future
      • Necessary privileges are available for the user to perform the action on the subjected resource
      Feature - roleId Indicates id of the feature privilege need to load from the system.
      collectionId - a Long object. This field holds a valid collection identifier of this microservice and requested operation will be performed on this collection identifier. Collection is the top most entity of a microservice under which all the other entities/resources reside. Each collection represents an instance of the microservice with configured properties and these properties can be modified to bring in a different behavior per collection of the same microservice. Store association is the process of associating a microservice collection to a store along with its respective sub-entity. This way storefront can fetch/store the required information from that respective association.
      Returns:
      Returns Object.

    • updateFeatureRoleMapping

      @PutMapping("/{roleId}/accesscontrol") @PreAuthorize("hasRoleForServiceAndCollection(\'ROLE_AUTH_ADMIN\', \'auth\', #collectionId) or hasPrivilegeForServiceAndCollection(\'auth/create/roles\', \'auth\', #collectionId)") public org.springframework.http.ResponseEntity<Object> updateFeatureRoleMapping(@RequestHeader(value="x-version",required=false,defaultValue="8.19.7") @AuditField(field="VERSION") String version, @RequestHeader(value="x-auth-token",required=true) @AuditField(field="AUTH_TOKEN") String authToken, @RequestHeader(value="X-Collection-Id",required=true,defaultValue="0") @AuditField(field="COLLECTION_ID") Long collectionId, @PathVariable("roleId") @AuditField(field="FEATURE_ROLE_ID") Long roleId, @RequestBody FeaturesRoleMappingVO request)