X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=webapp-backend%2Fsrc%2Fmain%2Fjava%2Forg%2Foransc%2Fric%2Fportal%2Fdashboard%2Fcontroller%2FAppManagerController.java;h=f71c6bd93cd61b6868206584239f52be9810b014;hb=3f812ea25d352ec33d07f5ffa4c2aa2a77e8e793;hp=ddef5b42efb1f1121d219cafa4cccee71d1cb9c7;hpb=3340ea073fd56431b2d1231bda17cd98765fd8eb;p=portal%2Fric-dashboard.git

diff --git a/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/controller/AppManagerController.java b/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/controller/AppManagerController.java
index ddef5b42..f71c6bd9 100644
--- a/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/controller/AppManagerController.java
+++ b/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/controller/AppManagerController.java
@@ -42,11 +42,15 @@ import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.MediaType;
+import org.springframework.security.access.annotation.Secured;
 import org.springframework.util.Assert;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.PutMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RestController;
 
 import io.swagger.annotations.ApiOperation;
@@ -71,6 +75,7 @@ public class AppManagerController {
 	public static final String CONFIG_METHOD = "/config";
 	public static final String XAPPS_METHOD = "/xapps";
 	public static final String XAPPS_LIST_METHOD = XAPPS_METHOD + "/list";
+	public static final String VERSION_METHOD = DashboardConstants.VERSION_METHOD;
 	// Path parameters
 	public static final String PP_XAPP_NAME = "xAppName";
 
@@ -90,13 +95,15 @@ public class AppManagerController {
 	}
 
 	@ApiOperation(value = "Gets the XApp manager client library MANIFEST.MF property Implementation-Version.", response = SuccessTransport.class)
-	@RequestMapping(value = DashboardConstants.VERSION_METHOD, method = RequestMethod.GET)
-	public SuccessTransport getXappManagerClientVersion() {
+	@GetMapping(VERSION_METHOD)
+	// No role required
+	public SuccessTransport getClientVersion() {
 		return new SuccessTransport(200, DashboardApplication.getImplementationVersion(HealthApi.class));
 	}
 
 	@ApiOperation(value = "Health check of xApp Manager - Liveness probe.")
-	@RequestMapping(value = HEALTH_ALIVE_METHOD, method = RequestMethod.GET)
+	@GetMapping(HEALTH_ALIVE_METHOD)
+	// No role required
 	public void getHealth(HttpServletResponse response) {
 		logger.debug("getHealthAlive");
 		healthApi.getHealthAlive();
@@ -104,7 +111,8 @@ public class AppManagerController {
 	}
 
 	@ApiOperation(value = "Readiness check of xApp Manager - Readiness probe.")
-	@RequestMapping(value = HEALTH_READY_METHOD, method = RequestMethod.GET)
+	@GetMapping(HEALTH_READY_METHOD)
+	// No role required
 	public void getHealthReady(HttpServletResponse response) {
 		logger.debug("getHealthReady");
 		healthApi.getHealthReady();
@@ -112,28 +120,32 @@ public class AppManagerController {
 	}
 
 	@ApiOperation(value = "Returns the configuration of all xapps.", response = AllXappConfig.class)
-	@RequestMapping(value = CONFIG_METHOD, method = RequestMethod.GET)
+	@GetMapping(CONFIG_METHOD)
+	@Secured({ DashboardConstants.ROLE_ADMIN, DashboardConstants.ROLE_STANDARD })
 	public AllXappConfig getAllXappConfig() {
 		logger.debug("getAllXappConfig");
 		return xappApi.getAllXappConfig();
 	}
 
 	@ApiOperation(value = "Create xApp config.", response = XAppConfig.class)
-	@RequestMapping(value = CONFIG_METHOD, method = RequestMethod.POST)
+	@PostMapping(CONFIG_METHOD)
+	@Secured({ DashboardConstants.ROLE_ADMIN })
 	public XAppConfig createXappConfig(@RequestBody XAppConfig xAppConfig) {
 		logger.debug("createXappConfig {}", xAppConfig);
 		return xappApi.createXappConfig(xAppConfig);
 	}
 
 	@ApiOperation(value = "Modify xApp config.", response = XAppConfig.class)
-	@RequestMapping(value = CONFIG_METHOD, method = RequestMethod.PUT)
+	@PutMapping(CONFIG_METHOD)
+	@Secured({ DashboardConstants.ROLE_ADMIN })
 	public XAppConfig modifyXappConfig(@RequestBody XAppConfig xAppConfig) {
 		logger.debug("modifyXappConfig {}", xAppConfig);
 		return xappApi.modifyXappConfig(xAppConfig);
 	}
 
 	@ApiOperation(value = "Delete xApp configuration.")
-	@RequestMapping(value = CONFIG_METHOD + "/{" + PP_XAPP_NAME + "}", method = RequestMethod.DELETE)
+	@DeleteMapping(CONFIG_METHOD + "/{" + PP_XAPP_NAME + "}")
+	@Secured({ DashboardConstants.ROLE_ADMIN })
 	public void deleteXappConfig(@RequestBody ConfigMetadata configMetadata, HttpServletResponse response) {
 		logger.debug("deleteXappConfig {}", configMetadata);
 		xappApi.deleteXappConfig(configMetadata);
@@ -141,7 +153,8 @@ public class AppManagerController {
 	}
 
 	@ApiOperation(value = "Returns a list of deployable xapps.", response = DashboardDeployableXapps.class)
-	@RequestMapping(value = XAPPS_LIST_METHOD, method = RequestMethod.GET)
+	@GetMapping(XAPPS_LIST_METHOD)
+	@Secured({ DashboardConstants.ROLE_ADMIN, DashboardConstants.ROLE_STANDARD })
 	public Object getAvailableXapps() {
 		logger.debug("getAvailableXapps");
 		AllDeployableXapps appNames = xappApi.listAllXapps();
@@ -155,28 +168,32 @@ public class AppManagerController {
 	}
 
 	@ApiOperation(value = "Returns the status of all deployed xapps.", response = AllDeployedXapps.class)
-	@RequestMapping(value = XAPPS_METHOD, method = RequestMethod.GET)
+	@GetMapping(XAPPS_METHOD)
+	@Secured({ DashboardConstants.ROLE_ADMIN, DashboardConstants.ROLE_STANDARD })
 	public AllDeployedXapps getDeployedXapps() {
 		logger.debug("getDeployedXapps");
 		return xappApi.getAllXapps();
 	}
 
 	@ApiOperation(value = "Returns the status of a given xapp.", response = Xapp.class)
-	@RequestMapping(value = XAPPS_METHOD + "/{" + PP_XAPP_NAME + "}", method = RequestMethod.GET)
+	@GetMapping(XAPPS_METHOD + "/{" + PP_XAPP_NAME + "}")
+	@Secured({ DashboardConstants.ROLE_ADMIN, DashboardConstants.ROLE_STANDARD })
 	public Xapp getXapp(@PathVariable("xAppName") String xAppName) {
 		logger.debug("getXapp {}", xAppName);
 		return xappApi.getXappByName(xAppName);
 	}
 
 	@ApiOperation(value = "Deploy a xapp.", response = Xapp.class)
-	@RequestMapping(value = XAPPS_METHOD, method = RequestMethod.POST)
+	@PostMapping(XAPPS_METHOD)
+	@Secured({ DashboardConstants.ROLE_ADMIN })
 	public Xapp deployXapp(@RequestBody XAppInfo xAppInfo) {
 		logger.debug("deployXapp {}", xAppInfo);
 		return xappApi.deployXapp(xAppInfo);
 	}
 
 	@ApiOperation(value = "Undeploy an existing xapp.")
-	@RequestMapping(value = XAPPS_METHOD + "/{" + PP_XAPP_NAME + "}", method = RequestMethod.DELETE)
+	@DeleteMapping(XAPPS_METHOD + "/{" + PP_XAPP_NAME + "}")
+	@Secured({ DashboardConstants.ROLE_ADMIN })
 	public void undeployXapp(@PathVariable("xAppName") String xAppName, HttpServletResponse response) {
 		logger.debug("undeployXapp {}", xAppName);
 		xappApi.undeployXapp(xAppName);