Skip to content

implement /internal/applications endpoint #600

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 19 commits into
base: develop
Choose a base branch
from
Draft

implement /internal/applications endpoint #600

wants to merge 19 commits into from

Conversation

@ethaaalpha
Copy link
Contributor

@ethaaalpha ethaaalpha commented Oct 7, 2025
edited
Loading

This pull request depends on /internal/session pull request.

What's new !

Business Logic Changes

Implementation of the new "base" class of business components: CommonBusiness.
This class is supposed to be inherited from every business (the change will be progressive when will implement other endpoints). However, this class contain ConfigurationBusiness, for the moment that's the only "exception". (=ConfigurationBusiness cannot inherit CommonBusiness due to circular problem)

Permissions

The new CorePermissions (present in CommonBusiness) class implement few methods to check user roles and matching of privates users groups.

Annotations

Implementation of the VipExternalSafe annotation to mark methods that are considered "safe" to be used inside controller (=they perform permissions checks on returned values).

Application Controller

This new controller implement all of this methods:

  • GET /applications
  • GET/POST/UPDATE/DELETE /applications/{id}

The GET /applications support basic pagination and filtering using group, offset and limit query parameters. The implementation of pagination is made by the new PageBuilder and PrecisePage classes.

Related tests are also presents in ApplicationControllerIT.

Application permissions

Permission Admin Dev User
Read Yes based on user groups based on user groups
Create / Edit / Delete Yes only applications in user private groups No
Associate Group Yes only at application creation No

@ethaaalpha
basic session authentification for internal api
9d4f213 
- add new `InternalSecurityConfig` filter chain (defined as order: 2)
- created DELETE/POST/GET methods for /internal/session
- move some models from vip-api to vip-core
- create specific class for `CurrentUserProvider` service
@ethaaalpha
fix session authentication
513a571 
- add a new `SessionAuthenticationProvider` with associated Filter/Token
- refractor `ApikeyAuthenticationProvider` and
  `SessionAuthenticationProvider` into `AbstractAuthenticationProvider`
- POST /internal/session now return Session object as valid response
- rename `SpringApiUser` to `SpringPrincipalUser`
@ethaaalpha
fix new session cookie in new/old clients
ac3cb9a 
- make COOKIES_SESSION and COOKIES_USER `httpOnly`
-- adapt GWT code to support httpOnly on server implementation
- cookies will set as `secure` only if *apache.sslport* != 80
- edit sign-in.js/home.js endpoints from */rest/session* to */internal/session* for sign-in and retrieving current session instead of cookies (due to **httpOnly**)
@ethaaalpha
introduction of migration code annotations
98622ce 
- VIPRemoval and VIPCheckRemoval created annotations
@ethaaalpha
add csrf token support
d32f992 
- all unsafe methods are concerned under /internal/** except for
  /internal/session (which creates the token)
@ethaaalpha
delete csrf token on logout
58aa524
@ethaaalpha
code improvements
ce82c57 
- refactor `SessionControler` to handle http/cookie related objects
  instead of `SessionBusiness`
- make signIn define SecurityContextHolder
@ethaaalpha
SessionController integration tests
0aee007
@ethaaalpha
enable cors
2a9e298
@ethaaalpha
pr review
0ab16dd
@ethaaalpha
define user context for IT
f92af06 
- new method `setAdminContext` to define user context in "simple
  business" calls
- prepare others tests for ApplicationBusiness next update
@ethaaalpha
new CommonBusiness class
323a519 
- CommonBusiness will be used in the backend refactoring
- new CorePermission class to handle basic permissions (role checking..)
- SessionAuthenticationProvider fill user groups in
  SpringSecurityContext
@ethaaalpha
update/fix some integrations tests
2a6a07a
@ethaaalpha
add pagination tool
457d431 
- new `PageBuilder` that can generate `PrecisePage` objects for
  pagination
@ethaaalpha
add /internal/applications controller
618c366 
- update ApplicationBusiness to handle permissions
- add IT related
- new `VIPExternalSafe` annotation to precise method that can safely be
  used inside a controller
@ethaaalpha
filtering test
a677413
@ethaaalpha ethaaalpha mentioned this pull request Oct 20, 2025
Draft
@ethaaalpha
PR review
fabd723 
- add new "dev" property for https or http session cookies
- cookie renewal when reaching success GET /internal/session
- and some code cleaning
@ethaaalpha
add hash on Application
f0d3506
@ethaaalpha
fix and cleanup on Application permissions
4bcf859
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ethaaalpha