From 26a7a2d9098ca344bae1766f4d556506d865c200 Mon Sep 17 00:00:00 2001 From: Vanitha Date: Tue, 25 Nov 2025 14:38:39 +0530 Subject: [PATCH 1/5] fix: rebase to resolve the conflicts --- pom.xml | 4 + .../mmu/controller/anc/ANCController.java | 17 ++- .../CancerScreeningController.java | 17 +++ .../common/main/CommonController.java | 41 ++++++- .../common/main/InsertCommonController.java | 2 + .../common/master/CommonMasterController.java | 7 ++ .../controller/covid19/CovidController.java | 11 +- .../dataSyncActivity/StartSyncActivity.java | 2 + .../MMUDataSyncVanToServer.java | 2 + .../fileSync/FileSyncController.java | 2 + .../generalOPD/GeneralOPDController.java | 15 ++- .../LabTechnicianController.java | 2 + .../location/LocationController.java | 3 +- .../login/IemrMmuLoginController.java | 2 + .../controller/ncdCare/NCDCareController.java | 11 +- .../ncdscreening/NCDController.java | 18 ++- .../vitals/AnthropometryVitalsController.java | 2 + .../pnc/PostnatalCareController.java | 16 ++- .../quickconsult/QuickConsultController.java | 7 ++ .../registrar/main/RegistrarController.java | 19 ++- .../mmu/controller/reports/ReportGateway.java | 2 + .../controller/snomedct/SnomedController.java | 2 + .../TeleConsultationController.java | 2 + .../iemr/mmu/repo/login/UserLoginRepo.java | 5 + .../iemr/mmu/utils/JwtAuthenticationUtil.java | 19 +++ src/main/java/com/iemr/mmu/utils/JwtUtil.java | 13 ++- .../exception/CustomAccessDeniedHandler.java | 28 +++++ .../CustomAuthenticationEntryPoint.java | 23 ++++ .../mapper/RoleAuthenticationFilter.java | 110 ++++++++++++++++++ .../iemr/mmu/utils/mapper/SecurityConfig.java | 55 +++++++++ .../iemr/mmu/utils/redis/RedisStorage.java | 28 +++++ 31 files changed, 472 insertions(+), 15 deletions(-) create mode 100644 src/main/java/com/iemr/mmu/utils/exception/CustomAccessDeniedHandler.java create mode 100644 src/main/java/com/iemr/mmu/utils/exception/CustomAuthenticationEntryPoint.java create mode 100644 src/main/java/com/iemr/mmu/utils/mapper/RoleAuthenticationFilter.java create mode 100644 src/main/java/com/iemr/mmu/utils/mapper/SecurityConfig.java diff --git a/pom.xml b/pom.xml index 5fac3076..223fc771 100644 --- a/pom.xml +++ b/pom.xml @@ -64,6 +64,10 @@ slf4j-simple ${slf4j.version} + + org.springframework.boot + spring-boot-starter-security + co.elastic.logging logback-ecs-encoder diff --git a/src/main/java/com/iemr/mmu/controller/anc/ANCController.java b/src/main/java/com/iemr/mmu/controller/anc/ANCController.java index 178f080b..7c135c67 100644 --- a/src/main/java/com/iemr/mmu/controller/anc/ANCController.java +++ b/src/main/java/com/iemr/mmu/controller/anc/ANCController.java @@ -26,6 +26,7 @@ import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.data.repository.query.Param; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.transaction.annotation.Transactional; import org.springframework.web.bind.annotation.PostMapping; @@ -59,6 +60,7 @@ public class ANCController { */ @Operation(summary = "Save ANC nurse data") @PostMapping(value = { "/save/nurseData" }) + @PreAuthorize("hasRole('NURSE')") public String saveBenANCNurseData(@RequestBody String requestObj) { OutputResponse response = new OutputResponse(); try { @@ -91,6 +93,7 @@ public String saveBenANCNurseData(@RequestBody String requestObj) { */ @Operation(summary = "Save ANC doctor data") @PostMapping(value = { "/save/doctorData" }) + @PreAuthorize(" hasRole('DOCTOR')") public String saveBenANCDoctorData(@RequestBody String requestObj, @RequestHeader(value = "Authorization") String authorization) { OutputResponse response = new OutputResponse(); @@ -116,6 +119,7 @@ public String saveBenANCDoctorData(@RequestBody String requestObj, @Operation(summary = "Get beneficiary visit details from nurse ANC") @PostMapping(value = { "/getBenVisitDetailsFrmNurseANC" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") @Transactional(rollbackFor = Exception.class) public String getBenVisitDetailsFrmNurseANC( @Param(value = "{\"benRegID\":\"Long\", \"visitCode\":\"Long\"}") @RequestBody String comingRequest) { @@ -147,6 +151,7 @@ public String getBenVisitDetailsFrmNurseANC( @Operation(summary = "Get beneficiary ANC care details from nurse ANC") @PostMapping(value = { "/getBenANCDetailsFrmNurseANC" }) @Transactional(rollbackFor = Exception.class) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getBenANCDetailsFrmNurseANC( @Param(value = "{\"benRegID\":\"Long\", \"visitCode\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -178,7 +183,7 @@ public String getBenANCDetailsFrmNurseANC( */ @Operation(summary = "Get beneficiary ANC history details from nurse to doctor ") @PostMapping(value = { "/getBenANCHistoryDetails" }) - + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getBenANCHistoryDetails( @Param(value = "{\"benRegID\":\"Long\", \"visitCode\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -209,6 +214,7 @@ public String getBenANCHistoryDetails( */ @Operation(summary = "Get beneficiary ANC vital details from nurse ANC") @PostMapping(value = { "/getBenANCVitalDetailsFrmNurseANC" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getBenANCVitalDetailsFrmNurseANC( @Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -240,7 +246,7 @@ public String getBenANCVitalDetailsFrmNurseANC( */ @Operation(summary = "Get beneficiary ANC examination details from nurse to doctor ") @PostMapping(value = { "/getBenExaminationDetailsANC" }) - + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getBenExaminationDetailsANC( @Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -272,6 +278,7 @@ public String getBenExaminationDetailsANC( @Operation(summary = "Get beneficiary doctor entered details") @PostMapping(value = { "/getBenCaseRecordFromDoctorANC" }) @Transactional(rollbackFor = Exception.class) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getBenCaseRecordFromDoctorANC( @Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -298,6 +305,7 @@ public String getBenCaseRecordFromDoctorANC( @Operation(summary = "Check high risk pregnancy status for ANC beneficiary") @PostMapping(value = { "/getHRPStatus" }) @Transactional(rollbackFor = Exception.class) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getHRPStatus( @Param(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -326,6 +334,7 @@ public String getHRPStatus( @Operation(summary = "Update ANC care data in doctor screen") @PostMapping(value = { "/update/ANCScreen" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String updateANCCareNurse(@RequestBody String requestObj) { OutputResponse response = new OutputResponse(); @@ -356,6 +365,7 @@ public String updateANCCareNurse(@RequestBody String requestObj) { */ @Operation(summary = "Update ANC history data in doctor screen") @PostMapping(value = { "/update/historyScreen" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String updateANCHistoryNurse(@RequestBody String requestObj) { OutputResponse response = new OutputResponse(); @@ -385,6 +395,7 @@ public String updateANCHistoryNurse(@RequestBody String requestObj) { */ @Operation(summary = "Update ANC vital data in doctor screen") @PostMapping(value = { "/update/vitalScreen" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String updateANCVitalNurse(@RequestBody String requestObj) { OutputResponse response = new OutputResponse(); @@ -415,6 +426,7 @@ public String updateANCVitalNurse(@RequestBody String requestObj) { */ @Operation(summary = "Update ANC examination data in doctor screen") @PostMapping(value = { "/update/examinationScreen" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String updateANCExaminationNurse(@RequestBody String requestObj) { OutputResponse response = new OutputResponse(); @@ -445,6 +457,7 @@ public String updateANCExaminationNurse(@RequestBody String requestObj) { */ @Operation(summary = "Update ANC doctor data") @PostMapping(value = { "/update/doctorData" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String updateANCDoctorData(@RequestBody String requestObj, @RequestHeader(value = "Authorization") String authorization) { diff --git a/src/main/java/com/iemr/mmu/controller/cancerscreening/CancerScreeningController.java b/src/main/java/com/iemr/mmu/controller/cancerscreening/CancerScreeningController.java index 99428f89..99ede1ef 100644 --- a/src/main/java/com/iemr/mmu/controller/cancerscreening/CancerScreeningController.java +++ b/src/main/java/com/iemr/mmu/controller/cancerscreening/CancerScreeningController.java @@ -25,6 +25,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.transaction.annotation.Transactional; import org.springframework.web.bind.annotation.PostMapping; @@ -67,6 +68,7 @@ public void setCancerScreeningServiceImpl(CSServiceImpl cSServiceImpl) { */ @Operation(summary = "Save cancer screening nurse data") @PostMapping(value = { "/save/nurseData" }) + @PreAuthorize("hasRole('DOCTOR')") public String saveBenCancerScreeningNurseData(@RequestBody String requestObj, @RequestHeader(value = "Authorization") String authorization) { OutputResponse response = new OutputResponse(); @@ -106,6 +108,7 @@ else if (nurseDataSaveSuccessFlag == 2) */ @Operation(summary = "Save cancer screening doctor data") @PostMapping(value = { "/save/doctorData" }) + @PreAuthorize("hasRole('DOCTOR')") public String saveBenCancerScreeningDoctorData(@RequestBody String requestObj, @RequestHeader String authorization) { OutputResponse response = new OutputResponse(); @@ -132,6 +135,7 @@ public String saveBenCancerScreeningDoctorData(@RequestBody String requestObj, @Operation(summary = "Get beneficiary visit details from nurse screen") @PostMapping(value = { "/getBenDataFrmNurseToDocVisitDetailsScreen" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getBenDataFrmNurseScrnToDocScrnVisitDetails( @ApiParam(value = "{\"benRegID\":\"Long\", \"visitCode\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -161,6 +165,7 @@ public String getBenDataFrmNurseScrnToDocScrnVisitDetails( */ @Operation(summary = "Get beneficiary cancer history details from nurse screen") @PostMapping(value = { "/getBenDataFrmNurseToDocHistoryScreen" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getBenDataFrmNurseScrnToDocScrnHistory( @ApiParam(value = "{\"benRegID\":\"Long\", \"visitCode\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -189,6 +194,7 @@ public String getBenDataFrmNurseScrnToDocScrnHistory( */ @Operation(summary = "Get beneficiary vital details from nurse screen") @PostMapping(value = { "/getBenDataFrmNurseToDocVitalScreen" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getBenDataFrmNurseScrnToDocScrnVital( @ApiParam(value = "{\"benRegID\":\"Long\", \"visitCode\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -218,6 +224,7 @@ public String getBenDataFrmNurseScrnToDocScrnVital( */ @Operation(summary = "Get beneficiary examination details from nurse screen") @PostMapping(value = { "/getBenDataFrmNurseToDocExaminationScreen" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getBenDataFrmNurseScrnToDocScrnExamination( @ApiParam(value = "{\"benRegID\":\"Long\", \"visitCode\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -247,6 +254,7 @@ public String getBenDataFrmNurseScrnToDocScrnExamination( */ @Operation(summary = "Get beneficiary cancer family history") @PostMapping(value = { "/getBenCancerFamilyHistory" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getBenCancerFamilyHistory( @ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -278,6 +286,7 @@ public String getBenCancerFamilyHistory( */ @Operation(summary = "Get beneficiary cancer personal history") @PostMapping(value = { "/getBenCancerPersonalHistory" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getBenCancerPersonalHistory( @ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -309,6 +318,7 @@ public String getBenCancerPersonalHistory( */ @Operation(summary = "Get beneficiary cancer personal diet history") @PostMapping(value = { "/getBenCancerPersonalDietHistory" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getBenCancerPersonalDietHistory( @ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -340,6 +350,7 @@ public String getBenCancerPersonalDietHistory( */ @Operation(summary = "Get beneficiary cancer obstetric history") @PostMapping(value = { "/getBenCancerObstetricHistory" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getBenCancerObstetricHistory( @ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -370,6 +381,7 @@ public String getBenCancerObstetricHistory( */ @Operation(summary = "Get beneficiary doctor entered details") @PostMapping(value = { "/getBenCaseRecordFromDoctorCS" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") @Transactional(rollbackFor = Exception.class) public String getBenCaseRecordFromDoctorCS( @ApiParam(value = "{\"benRegID\":\"Long\", \"visitCode\":\"Long\"}") @RequestBody String comingRequest) { @@ -396,6 +408,7 @@ public String getBenCaseRecordFromDoctorCS( @Operation(summary = "Update cancer screening history nurse data in doctor screen") @PostMapping(value = { "/update/historyScreen" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String updateCSHistoryNurse( @ApiParam(value = "{\"historyDetails\": {\"familyHistory\":{\"diseases\": [{\"beneficiaryRegID\":\"Long\", \"benVisitID\":\"Long\", " + "\"providerServiceMapID\":\"Integer\", \"cancerDiseaseType\":\"String\", \"otherDiseaseType\":\"String\", \"familyMemberList\":\"List\", " @@ -440,6 +453,7 @@ public String updateCSHistoryNurse( */ @Operation(summary = "Update beneficiary vital detail") @PostMapping(value = { "/update/vitalScreen" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String upodateBenVitalDetail( @ApiParam(value = "{\"ID\": \"Long\", \"beneficiaryRegID\":\"Long\",\"benVisitID\":\"Long\"," + "\"weight_Kg\":\"Double\", \"height_cm\":\"Double\", \"waistCircumference_cm\":\"Double\", \"bloodGlucose_Fasting\":\"Short\"," @@ -476,6 +490,7 @@ public String upodateBenVitalDetail( */ @Operation(summary = "Update beneficiary examination detail") @PostMapping(value = { "/update/examinationScreen" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String upodateBenExaminationDetail(@RequestBody String requestObj) { OutputResponse response = new OutputResponse(); @@ -505,6 +520,7 @@ public String upodateBenExaminationDetail(@RequestBody String requestObj) { */ @Operation(summary = "Update cancer diagnosis details by oncologist") @PostMapping(value = { "/update/examinationScreen/diagnosis" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('ONCOLOGIST')") public String updateCancerDiagnosisDetailsByOncologist( @ApiParam(value = "{\"beneficiaryRegID\":\"Long\", \"benVisitID\":\"Long\", \"visitCode\":\"Long\", " + "\"provisionalDiagnosisOncologist\":\"String\", \"modifiedBy\":\"string\"}") @RequestBody String requestObj) { @@ -536,6 +552,7 @@ public String updateCancerDiagnosisDetailsByOncologist( */ @Operation(summary = "Update cancer screening doctor data") @PostMapping(value = { "/update/doctorData" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String updateCancerScreeningDoctorData(@RequestBody String requestObj) { OutputResponse response = new OutputResponse(); diff --git a/src/main/java/com/iemr/mmu/controller/common/main/CommonController.java b/src/main/java/com/iemr/mmu/controller/common/main/CommonController.java index d05c4655..feaaac71 100644 --- a/src/main/java/com/iemr/mmu/controller/common/main/CommonController.java +++ b/src/main/java/com/iemr/mmu/controller/common/main/CommonController.java @@ -32,6 +32,7 @@ import org.springframework.http.HttpHeaders; import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PathVariable; @@ -95,6 +96,7 @@ public void setCommonNurseServiceImpl(CommonNurseServiceImpl commonNurseServiceI @Operation(summary = "Provides doctor worklist") @GetMapping(value = { "/getDocWorklistNew/{providerServiceMapID}/{serviceID}/{vanID}" }) + @PreAuthorize("hasRole('DOCTOR')") public String getDocWorkListNew(@PathVariable("providerServiceMapID") Integer providerServiceMapID, @PathVariable("serviceID") Integer serviceID, @PathVariable("vanID") Integer vanID) { OutputResponse response = new OutputResponse(); @@ -118,6 +120,7 @@ public String getDocWorkListNew(@PathVariable("providerServiceMapID") Integer pr @Operation(summary = "Provides doctor worklist future scheduled for TM") @GetMapping(value = { "/getDocWorkListNewFutureScheduledForTM/{providerServiceMapID}/{serviceID}" }) + @PreAuthorize("hasRole('DOCTOR')") public String getDocWorkListNewFutureScheduledForTM( @PathVariable("providerServiceMapID") Integer providerServiceMapID, @PathVariable("serviceID") Integer serviceID) { @@ -143,6 +146,7 @@ public String getDocWorkListNewFutureScheduledForTM( @Operation(summary = "Get nurse worklist new") @GetMapping(value = { "/getNurseWorklistNew/{providerServiceMapID}/{serviceID}/{vanID}" }) + @PreAuthorize("hasRole('NURSE')") public String getNurseWorkListNew(@PathVariable("providerServiceMapID") Integer providerServiceMapID, @PathVariable("vanID") Integer vanID) { OutputResponse response = new OutputResponse(); @@ -166,6 +170,7 @@ public String getNurseWorkListNew(@PathVariable("providerServiceMapID") Integer */ @Operation(summary = "Get nurse worklist TM referred") @GetMapping(value = { "/getNurseWorklistTMreferred/{providerServiceMapID}/{serviceID}/{vanID}" }) + @PreAuthorize("hasRole('NURSE')") public String getNurseWorklistTMreferred(@PathVariable("providerServiceMapID") Integer providerServiceMapID, @PathVariable("vanID") Integer vanID) { OutputResponse response = new OutputResponse(); @@ -184,6 +189,7 @@ public String getNurseWorklistTMreferred(@PathVariable("providerServiceMapID") I @Operation(summary = "Get doctor entered previous significant Ffindings") @PostMapping(value = { "/getDoctorPreviousSignificantFindings" }) + @PreAuthorize("hasRole('DOCTOR')") public String getDoctorPreviousSignificantFindings( @ApiParam(value = "{\"beneficiaryRegID\": \"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -208,6 +214,7 @@ public String getDoctorPreviousSignificantFindings( @Operation(summary = "Get lab technician worklist new") @GetMapping(value = { "/getLabWorklistNew/{providerServiceMapID}/{serviceID}/{vanID}" }) + @PreAuthorize("hasRole('LAB_TECHNICIAN') || hasRole('LABTECHNICIAN')") public String getLabWorkListNew(@PathVariable("providerServiceMapID") Integer providerServiceMapID, @PathVariable("vanID") Integer vanID) { OutputResponse response = new OutputResponse(); @@ -226,6 +233,7 @@ public String getLabWorkListNew(@PathVariable("providerServiceMapID") Integer pr @Operation(summary = "Get radiologist worklist new") @GetMapping(value = { "/getRadiologist-worklist-New/{providerServiceMapID}/{serviceID}/{vanID}" }) + @PreAuthorize("hasRole('RADIOLOGIST')") public String getRadiologistWorklistNew(@PathVariable("providerServiceMapID") Integer providerServiceMapID, @PathVariable("vanID") Integer vanID) { OutputResponse response = new OutputResponse(); @@ -244,6 +252,7 @@ public String getRadiologistWorklistNew(@PathVariable("providerServiceMapID") In @Operation(summary = "Get oncologist worklist new") @GetMapping(value = { "/getOncologist-worklist-New/{providerServiceMapID}/{serviceID}/{vanID}" }) + @PreAuthorize("hasRole('ONCOLOGIST')") public String getOncologistWorklistNew(@PathVariable("providerServiceMapID") Integer providerServiceMapID, @PathVariable("vanID") Integer vanID) { OutputResponse response = new OutputResponse(); @@ -262,6 +271,7 @@ public String getOncologistWorklistNew(@PathVariable("providerServiceMapID") Int @Operation(summary = "Get pharma worklist new") @GetMapping(value = { "/getPharma-worklist-New/{providerServiceMapID}/{serviceID}/{vanID}" }) + @PreAuthorize("hasRole('PHARMACIST')") public String getPharmaWorklistNew(@PathVariable("providerServiceMapID") Integer providerServiceMapID, @PathVariable("vanID") Integer vanID) { OutputResponse response = new OutputResponse(); @@ -280,6 +290,7 @@ public String getPharmaWorklistNew(@PathVariable("providerServiceMapID") Integer @Operation(summary = "Get case-sheet print data for beneficiary.") @PostMapping(value = { "/get/Case-sheet/printData" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getCasesheetPrintData(@RequestBody String comingReq, @RequestHeader(value = "Authorization") String authorization) { OutputResponse response = new OutputResponse(); @@ -299,6 +310,7 @@ public String getCasesheetPrintData(@RequestBody String comingReq, @Operation(summary = "Get beneficiary past history") @PostMapping(value = { "/getBenPastHistory" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getBenPastHistory(@ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -323,6 +335,7 @@ public String getBenPastHistory(@ApiParam(value = "{\"benRegID\":\"Long\"}") @Re @Operation(summary = "Get beneficiary tobacco history") @PostMapping(value = { "/getBenTobaccoHistory" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getBenTobaccoHistory(@ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -347,6 +360,7 @@ public String getBenTobaccoHistory(@ApiParam(value = "{\"benRegID\":\"Long\"}") @Operation(summary = "Get beneficiary alcohol history") @PostMapping(value = { "/getBenAlcoholHistory" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getBenAlcoholHistory(@ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -371,6 +385,7 @@ public String getBenAlcoholHistory(@ApiParam(value = "{\"benRegID\":\"Long\"}") @Operation(summary = "Get beneficiary allergy history") @PostMapping(value = { "/getBenAllergyHistory" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getBenANCAllergyHistory( @ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -396,6 +411,7 @@ public String getBenANCAllergyHistory( @Operation(summary = "Get beneficiary medication history") @PostMapping(value = { "/getBenMedicationHistory" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getBenMedicationHistory( @ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -421,6 +437,7 @@ public String getBenMedicationHistory( @Operation(summary = "Get beneficiary family history") @PostMapping(value = { "/getBenFamilyHistory" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getBenFamilyHistory(@ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -445,6 +462,7 @@ public String getBenFamilyHistory(@ApiParam(value = "{\"benRegID\":\"Long\"}") @ @Operation(summary = "Get beneficiary menstrual history") @PostMapping(value = { "/getBenMenstrualHistory" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getBenMenstrualHistory( @ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -470,7 +488,8 @@ public String getBenMenstrualHistory( @Operation(summary = "Get beneficiary past obstetric history") @PostMapping(value = { "/getBenPastObstetricHistory" }) - public String getBenPastObstetricHistory( + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") + public String getBenPastObstetricHistory( @ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -495,6 +514,7 @@ public String getBenPastObstetricHistory( @Operation(summary = "Get beneficiary comorbidity condition details") @PostMapping(value = { "/getBenComorbidityConditionHistory" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getBenANCComorbidityConditionHistory( @ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -520,6 +540,7 @@ public String getBenANCComorbidityConditionHistory( @Operation(summary = "Get beneficiary optional vaccine details") @PostMapping(value = { "/getBenOptionalVaccineHistory" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getBenOptionalVaccineHistory( @ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -545,6 +566,7 @@ public String getBenOptionalVaccineHistory( @Operation(summary = "Get beneficiary child vaccine(Immunization) details") @PostMapping(value = { "/getBenChildVaccineHistory" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getBenImmunizationHistory( @ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -570,6 +592,7 @@ public String getBenImmunizationHistory( @Operation(summary = "Get beneficiary perinatal history details") @PostMapping(value = { "/getBenPerinatalHistory" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getBenPerinatalHistory( @ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -595,6 +618,7 @@ public String getBenPerinatalHistory( @Operation(summary = "Get beneficiary child feeding history details") @PostMapping(value = { "/getBenFeedingHistory" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getBenFeedingHistory(@ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -619,6 +643,7 @@ public String getBenFeedingHistory(@ApiParam(value = "{\"benRegID\":\"Long\"}") @Operation(summary = "Get beneficiary child development history details") @PostMapping(value = { "/getBenDevelopmentHistory" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getBenDevelopmentHistory( @ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -647,6 +672,7 @@ public String getBenDevelopmentHistory( */ @Operation(summary = "Get casesheet history of beneficiary") @PostMapping(value = { "/getBeneficiaryCaseSheetHistory" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getBeneficiaryCaseSheetHistory( @ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -665,6 +691,7 @@ public String getBeneficiaryCaseSheetHistory( @Operation(summary = "TC specialist") @GetMapping(value = { "/getTCSpecialistWorklist/{providerServiceMapID}/{serviceID}" }) + @PreAuthorize("hasRole('TC_SPECIALIST') || hasRole('TCSPECIALIST')") public String getTCSpecialistWorkListNew(@PathVariable("providerServiceMapID") Integer providerServiceMapID, @PathVariable("serviceID") Integer serviceID,HttpServletRequest request) { OutputResponse response = new OutputResponse(); @@ -698,6 +725,7 @@ public String getTCSpecialistWorkListNew(@PathVariable("providerServiceMapID") I @Operation(summary = "TC specialist future scheduled") @GetMapping(value = { "/getTCSpecialistWorklistFutureScheduled/{providerServiceMapID}/{serviceID}" }) + @PreAuthorize("hasRole('TC_SPECIALIST') || hasRole('TCSPECIALIST')") public String getTCSpecialistWorklistFutureScheduled( @PathVariable("providerServiceMapID") Integer providerServiceMapID, @PathVariable("serviceID") Integer serviceID, HttpServletRequest request) { @@ -730,6 +758,7 @@ public String getTCSpecialistWorklistFutureScheduled( @Operation(summary = "Download file from file system") @PostMapping(value = { "/downloadFile" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public ResponseEntity downloadFile(@RequestBody String requestOBJ, HttpServletRequest request) throws Exception { JSONObject obj = new JSONObject(requestOBJ); @@ -760,6 +789,7 @@ public ResponseEntity downloadFile(@RequestBody String requ @Operation(summary = "Get beneficiary physical history") @PostMapping(value = { "/getBenPhysicalHistory" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getBenPhysicalHistory( @ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -785,6 +815,7 @@ public String getBenPhysicalHistory( @Operation(summary = "Get beneficiary symptomatic questionnaire answer details") @PostMapping(value = { "/getBenSymptomaticQuestionnaireDetails" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getBenSymptomaticQuestionnaireDetails( @ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -810,6 +841,7 @@ public String getBenSymptomaticQuestionnaireDetails( @Operation(summary = "Get beneficiary previous diabetes history") @PostMapping(value = { "/getBenPreviousDiabetesHistoryDetails" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getBenPreviousDiabetesHistoryDetails( @ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -840,6 +872,7 @@ public String getBenPreviousDiabetesHistoryDetails( */ @Operation(summary = "Get beneficiary TM case record") @PostMapping(value = { "/get/Case-sheet/TMReferredprintData" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getTMReferredPrintData(@RequestBody String comingRequest, @RequestHeader(value = "Authorization") String authorization, @RequestHeader(value = "ServerAuthorization") String serverAuthorization) { @@ -877,6 +910,7 @@ public String getTMReferredPrintData(@RequestBody String comingRequest, @Operation(summary = "Get beneficiary previous referral history") @PostMapping(value = { "/getBenPreviousReferralHistoryDetails" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getBenPreviousReferralHistoryDetails( @ApiParam(value = "{\"benRegID\":\"Long\"}") @RequestBody String comingRequest) { @@ -903,6 +937,7 @@ public String getBenPreviousReferralHistoryDetails( @Operation(summary = "Get beneficiary TM case record") @PostMapping(value = { "/get/Case-sheet/centralServerTMCaseSheet" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getTMCaseSheetFromCentralServer(@RequestBody String comingRequest, @RequestHeader(value = "Authorization") String authorization) { OutputResponse response = new OutputResponse(); @@ -940,6 +975,7 @@ public String getTMCaseSheetFromCentralServer(@RequestBody String comingRequest, */ @Operation(summary = "Calculate beneficiary BMI status") @PostMapping(value = { "/calculateBMIStatus" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String calculateBMIStatus( @ApiParam(value = "{\"bmi\":\"double\",\"yearMonth\":\"String\",\"gender\":\"String\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -957,6 +993,7 @@ public String calculateBMIStatus( @Operation(summary = "Update beneficiary status flag") @PostMapping(value = { "/update/benDetailsAndSubmitToNurse" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String saveBeneficiaryVisitDetail( @ApiParam(value = "{\"beneficiaryRegID\": \"Long\"}") @RequestBody String comingRequest) { @@ -991,6 +1028,7 @@ public String saveBeneficiaryVisitDetail( @Operation(summary = "Extend redis session for 30 minutes") @PostMapping(value = { "/extend/redisSession" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('PHARMACIST') || hasRole('LAB_TECHNICIAN') || hasRole('RADIOLOGIST') || hasRole('ONCOLOGIST') || hasRole('TC_SPECIALIST') || hasRole('TCSPECIALIST') || hasRole('REGISTRAR')") public String extendRedisSession() { OutputResponse response = new OutputResponse(); try { @@ -1003,6 +1041,7 @@ public String extendRedisSession() { @Operation(summary = "Soft delete prescribed medicine") @PostMapping(value = { "/doctor/delete/prescribedMedicine" }) + @PreAuthorize("hasRole('DOCTOR')") public String deletePrescribedMedicine(@RequestBody String requestOBJ) { OutputResponse response = new OutputResponse(); try { diff --git a/src/main/java/com/iemr/mmu/controller/common/main/InsertCommonController.java b/src/main/java/com/iemr/mmu/controller/common/main/InsertCommonController.java index cd3a7576..faa6b0dc 100644 --- a/src/main/java/com/iemr/mmu/controller/common/main/InsertCommonController.java +++ b/src/main/java/com/iemr/mmu/controller/common/main/InsertCommonController.java @@ -27,6 +27,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; @@ -42,6 +43,7 @@ @RestController @RequestMapping(value = "/commonInsert", headers = "Authorization") +@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public class InsertCommonController { private Logger logger = LoggerFactory.getLogger(this.getClass().getSimpleName()); @Autowired diff --git a/src/main/java/com/iemr/mmu/controller/common/master/CommonMasterController.java b/src/main/java/com/iemr/mmu/controller/common/master/CommonMasterController.java index 89e816d1..d37dcdaf 100644 --- a/src/main/java/com/iemr/mmu/controller/common/master/CommonMasterController.java +++ b/src/main/java/com/iemr/mmu/controller/common/master/CommonMasterController.java @@ -24,6 +24,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PathVariable; @@ -55,6 +56,7 @@ public void setCommonMasterServiceImpl(CommonMasterServiceImpl commonMasterServi */ @Operation(summary = "Master data for visit reasons & categories") @GetMapping(value = "/get/visitReasonAndCategories", consumes = "application/json", produces = "application/json") + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getVisitReasonAndCategories() { logger.info("getVisitReasonAndCategories ..."); OutputResponse response = new OutputResponse(); @@ -68,8 +70,10 @@ public String getVisitReasonAndCategories() { * @param visitCategoryID * @return nurse master data for the provided visitCategoryID */ + @Operation(summary = "Master data API for nurse") @GetMapping(value = "/nurse/masterData/{visitCategoryID}/{providerServiceMapID}/{gender}", consumes = "application/json", produces = "application/json") + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String nurseMasterData(@PathVariable("visitCategoryID") Integer visitCategoryID, @PathVariable("providerServiceMapID") Integer providerServiceMapID, @PathVariable("gender") String gender) { logger.info("Nurse master Data for categoryID:" + visitCategoryID + " and providerServiceMapID:" @@ -87,8 +91,10 @@ public String nurseMasterData(@PathVariable("visitCategoryID") Integer visitCate * @param visitCategoryID * @return doctor master data for the provided visitCategoryID */ + @Operation(summary = "Master data API for doctor") @GetMapping(value = "/doctor/masterData/{visitCategoryID}/{providerServiceMapID}/{gender}/{facilityID}/{vanID}", produces = "application/json") + @PreAuthorize("hasRole('DOCTOR')") public String doctorMasterData(@PathVariable("visitCategoryID") Integer visitCategoryID, @PathVariable("providerServiceMapID") Integer providerServiceMapID, @PathVariable("gender") String gender, @PathVariable("facilityID") Integer facilityID, @PathVariable("vanID") Integer vanID) { @@ -103,6 +109,7 @@ public String doctorMasterData(@PathVariable("visitCategoryID") Integer visitCat @Operation(summary = "Get ECG abnormalities") @GetMapping(value = "/ecgAbnormalities", consumes = "application/json", produces = "application/json") + @PreAuthorize("hasRole('LAB_TECHNICIAN') || hasRole('LABTECHNICIAN')") public String getECGAbnormalities() { OutputResponse response = new OutputResponse(); diff --git a/src/main/java/com/iemr/mmu/controller/covid19/CovidController.java b/src/main/java/com/iemr/mmu/controller/covid19/CovidController.java index 959c9cc7..7eff6468 100644 --- a/src/main/java/com/iemr/mmu/controller/covid19/CovidController.java +++ b/src/main/java/com/iemr/mmu/controller/covid19/CovidController.java @@ -28,6 +28,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.transaction.annotation.Transactional; import org.springframework.web.bind.annotation.PostMapping; @@ -65,6 +66,7 @@ public class CovidController { @Operation(summary = "Save covid nurse data") @PostMapping(value = { "/save/nurseData" }) + @PreAuthorize("hasRole('NURSE')") public String saveBenCovid19NurseData(@RequestBody String requestObj, @RequestHeader(value = "Authorization") String authorization) { OutputResponse outputResponse = new OutputResponse(); @@ -100,6 +102,7 @@ public String saveBenCovid19NurseData(@RequestBody String requestObj, */ @Operation(summary = "Save covid doctor data") @PostMapping(value = { "/save/doctorData" }) + @PreAuthorize("hasRole('DOCTOR')") public String saveBenCovidDoctorData(@RequestBody String requestObj, @RequestHeader(value = "Authorization") String authorization) { OutputResponse response = new OutputResponse(); @@ -126,6 +129,7 @@ public String saveBenCovidDoctorData(@RequestBody String requestObj, @Operation(summary = "Get beneficiary visit details from nurse covid 19") @PostMapping(value = { "/getBenVisitDetailsFrmNurseCovid" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") @Transactional(rollbackFor = Exception.class) public String getBenVisitDetailsFrmNurseCovid19( @ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) { @@ -158,7 +162,7 @@ public String getBenVisitDetailsFrmNurseCovid19( */ @Operation(summary = "Get beneficiary covid 19 history details from nurse to doctor ") @PostMapping(value = { "/getBenCovid19HistoryDetails" }) - + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getBenCovid19HistoryDetails( @ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -189,6 +193,7 @@ public String getBenCovid19HistoryDetails( */ @Operation(summary = "Get beneficiary covid 19 vital details from nurse NCD care") @PostMapping(value = { "/getBenVitalDetailsFrmNurseCovid" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getBenVitalDetailsFrmNurseNCDCare( @ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -217,6 +222,7 @@ public String getBenVitalDetailsFrmNurseNCDCare( @Operation(summary = "Get beneficiary doctor entered details") @PostMapping(value = { "/getBenCaseRecordFromDoctorCovid" }) @Transactional(rollbackFor = Exception.class) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getBenCaseRecordFromDoctorCovid19( @ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -243,6 +249,7 @@ public String getBenCaseRecordFromDoctorCovid19( @Operation(summary = "Update history data in doctor screen") @PostMapping(value = { "/update/historyScreen" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String updateHistoryNurse(@RequestBody String requestObj) { OutputResponse response = new OutputResponse(); @@ -275,6 +282,7 @@ public String updateHistoryNurse(@RequestBody String requestObj) { */ @Operation(summary = "Update covid vital data in doctor screen") @PostMapping(value = { "/update/vitalScreen" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String updateVitalNurse(@RequestBody String requestObj) { OutputResponse response = new OutputResponse(); @@ -304,6 +312,7 @@ public String updateVitalNurse(@RequestBody String requestObj) { */ @Operation(summary = "Update covid 19 doctor data") @PostMapping(value = { "/update/doctorData" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String updateCovid19DoctorData(@RequestBody String requestObj, @RequestHeader(value = "Authorization") String authorization) { diff --git a/src/main/java/com/iemr/mmu/controller/dataSyncActivity/StartSyncActivity.java b/src/main/java/com/iemr/mmu/controller/dataSyncActivity/StartSyncActivity.java index 1e43ed66..83c5dcfe 100644 --- a/src/main/java/com/iemr/mmu/controller/dataSyncActivity/StartSyncActivity.java +++ b/src/main/java/com/iemr/mmu/controller/dataSyncActivity/StartSyncActivity.java @@ -25,6 +25,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; @@ -47,6 +48,7 @@ */ @RestController @RequestMapping(value = "/dataSyncActivity", headers = "Authorization", consumes = "application/json", produces = "application/json") +@PreAuthorize("hasRole('DATASYNC') || hasRole('DATA_SYNC') ") public class StartSyncActivity { private Logger logger = LoggerFactory.getLogger(this.getClass().getSimpleName()); diff --git a/src/main/java/com/iemr/mmu/controller/dataSyncLayerCentral/MMUDataSyncVanToServer.java b/src/main/java/com/iemr/mmu/controller/dataSyncLayerCentral/MMUDataSyncVanToServer.java index 524094e5..2a9f3450 100644 --- a/src/main/java/com/iemr/mmu/controller/dataSyncLayerCentral/MMUDataSyncVanToServer.java +++ b/src/main/java/com/iemr/mmu/controller/dataSyncLayerCentral/MMUDataSyncVanToServer.java @@ -24,6 +24,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; @@ -47,6 +48,7 @@ */ @RestController @RequestMapping(value = "/dataSync", headers = "Authorization") +@PreAuthorize("hasRole('DATASYNC') || hasRole('DATA_SYNC') ") public class MMUDataSyncVanToServer { private Logger logger = LoggerFactory.getLogger(this.getClass().getSimpleName()); diff --git a/src/main/java/com/iemr/mmu/controller/fileSync/FileSyncController.java b/src/main/java/com/iemr/mmu/controller/fileSync/FileSyncController.java index b5b1a34a..d902af0d 100644 --- a/src/main/java/com/iemr/mmu/controller/fileSync/FileSyncController.java +++ b/src/main/java/com/iemr/mmu/controller/fileSync/FileSyncController.java @@ -24,6 +24,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestHeader; @@ -38,6 +39,7 @@ @RequestMapping("/fileSyncController") @RestController +@PreAuthorize("hasRole('DATASYNC') || hasRole('DATA_SYNC') ") public class FileSyncController { private final Logger logger = LoggerFactory.getLogger(this.getClass().getName()); diff --git a/src/main/java/com/iemr/mmu/controller/generalOPD/GeneralOPDController.java b/src/main/java/com/iemr/mmu/controller/generalOPD/GeneralOPDController.java index b7fa65a0..18eeef9b 100644 --- a/src/main/java/com/iemr/mmu/controller/generalOPD/GeneralOPDController.java +++ b/src/main/java/com/iemr/mmu/controller/generalOPD/GeneralOPDController.java @@ -25,6 +25,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.transaction.annotation.Transactional; import org.springframework.web.bind.annotation.PostMapping; @@ -64,6 +65,7 @@ public void setGeneralOPDServiceImpl(GeneralOPDServiceImpl generalOPDServiceImpl */ @Operation(summary = "Save general OPD nurse data") @PostMapping(value = { "/save/nurseData" }) + @PreAuthorize("hasRole('NURSE') ") public String saveBenGenOPDNurseData(@RequestBody String requestObj) { OutputResponse response = new OutputResponse(); try { @@ -96,6 +98,7 @@ public String saveBenGenOPDNurseData(@RequestBody String requestObj) { */ @Operation(summary = "Save general OPD doctor data") @PostMapping(value = { "/save/doctorData" }) + @PreAuthorize("hasRole('DOCTOR') ") public String saveBenGenOPDDoctorData(@RequestBody String requestObj, @RequestHeader(value = "Authorization") String authorization) { OutputResponse response = new OutputResponse(); @@ -122,6 +125,7 @@ public String saveBenGenOPDDoctorData(@RequestBody String requestObj, @Operation(summary = "Get beneficiary visit details from nurse general OPD") @PostMapping(value = { "/getBenVisitDetailsFrmNurseGOPD" }) @Transactional(rollbackFor = Exception.class) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ") public String getBenVisitDetailsFrmNurseGOPD( @ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -153,7 +157,7 @@ public String getBenVisitDetailsFrmNurseGOPD( */ @Operation(summary = "Get beneficiary general OPD history details from nurse to doctor ") @PostMapping(value = { "/getBenHistoryDetails" }) - + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ") public String getBenHistoryDetails( @ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -184,6 +188,7 @@ public String getBenHistoryDetails( */ @Operation(summary = "Get beneficiary vital details from nurse general OPD") @PostMapping(value = { "/getBenVitalDetailsFrmNurse" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ") public String getBenVitalDetailsFrmNurse( @ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -215,7 +220,7 @@ public String getBenVitalDetailsFrmNurse( */ @Operation(summary = "Get beneficiary general OPD examination details from nurse to doctor ") @PostMapping(value = { "/getBenExaminationDetails" }) - + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ") public String getBenExaminationDetails( @ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -247,6 +252,7 @@ public String getBenExaminationDetails( @Operation(summary = "Get beneficiary doctor entered details") @PostMapping(value = { "/getBenCaseRecordFromDoctorGeneralOPD" }) @Transactional(rollbackFor = Exception.class) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ") public String getBenCaseRecordFromDoctorGeneralOPD( @ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -273,6 +279,7 @@ public String getBenCaseRecordFromDoctorGeneralOPD( @Operation(summary = "Update general OPD visit screen nurse data in doctor screen") @PostMapping(value = { "/update/visitDetailsScreen" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ") public String updateVisitNurse(@RequestBody String requestObj) { OutputResponse response = new OutputResponse(); @@ -303,6 +310,7 @@ public String updateVisitNurse(@RequestBody String requestObj) { */ @Operation(summary = "Update history data in doctor Screen") @PostMapping(value = { "/update/historyScreen" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ") public String updateHistoryNurse(@RequestBody String requestObj) { OutputResponse response = new OutputResponse(); @@ -333,6 +341,7 @@ public String updateHistoryNurse(@RequestBody String requestObj) { */ @Operation(summary = "Update general OPD vital data in doctor screen") @PostMapping(value = { "/update/vitalScreen" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ") public String updateVitalNurse(@RequestBody String requestObj) { OutputResponse response = new OutputResponse(); @@ -363,6 +372,7 @@ public String updateVitalNurse(@RequestBody String requestObj) { */ @Operation(summary = "Update general OPD examination data in doctor screen") @PostMapping(value = { "/update/examinationScreen" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ") public String updateGeneralOPDExaminationNurse(@RequestBody String requestObj) { OutputResponse response = new OutputResponse(); @@ -392,6 +402,7 @@ public String updateGeneralOPDExaminationNurse(@RequestBody String requestObj) { */ @Operation(summary = "Update general OPD doctor data") @PostMapping(value = { "/update/doctorData" }) + @PreAuthorize("hasRole('DOCTOR') ") public String updateGeneralOPDDoctorData(@RequestBody String requestObj, @RequestHeader(value = "Authorization") String authorization) { diff --git a/src/main/java/com/iemr/mmu/controller/labtechnician/LabTechnicianController.java b/src/main/java/com/iemr/mmu/controller/labtechnician/LabTechnicianController.java index f30dce3b..152f5029 100644 --- a/src/main/java/com/iemr/mmu/controller/labtechnician/LabTechnicianController.java +++ b/src/main/java/com/iemr/mmu/controller/labtechnician/LabTechnicianController.java @@ -24,6 +24,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; @@ -44,6 +45,7 @@ @RestController @RequestMapping(value = "/labTechnician", headers = "Authorization", consumes = "application/json", produces = "application/json") +@PreAuthorize("hasRole('LABTECHNICIAN') || hasRole('LAB_TECHNICIAN') ") public class LabTechnicianController { private Logger logger = LoggerFactory.getLogger(this.getClass().getSimpleName()); diff --git a/src/main/java/com/iemr/mmu/controller/location/LocationController.java b/src/main/java/com/iemr/mmu/controller/location/LocationController.java index 6559182b..5a51c90a 100644 --- a/src/main/java/com/iemr/mmu/controller/location/LocationController.java +++ b/src/main/java/com/iemr/mmu/controller/location/LocationController.java @@ -25,6 +25,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.access.prepost.PreAuthorize; import com.iemr.mmu.utils.JwtUtil; import org.springframework.web.bind.annotation.GetMapping; @@ -45,10 +46,10 @@ @RestController @RequestMapping(value = "/location", headers = "Authorization") +@PreAuthorize("hasRole('NURSE') || hasRole('PHARMACIST') || hasRole('LABTECHNICIAN') || hasRole('REGISTRAR') || hasRole('DATASYNC') || hasRole('DATA_SYNC') || hasRole('DOCTOR') || hasRole('LAB_TECHNICIAN') || hasRole('TC_SPECIALIST') || hasRole('ONCOLOGIST') || hasRole('RADIOLOGIST')") public class LocationController { private OutputResponse response; private Logger logger = LoggerFactory.getLogger(CommonMasterController.class); - private LocationServiceImpl locationServiceImpl; @Autowired diff --git a/src/main/java/com/iemr/mmu/controller/login/IemrMmuLoginController.java b/src/main/java/com/iemr/mmu/controller/login/IemrMmuLoginController.java index a3fe4869..f2e0f576 100644 --- a/src/main/java/com/iemr/mmu/controller/login/IemrMmuLoginController.java +++ b/src/main/java/com/iemr/mmu/controller/login/IemrMmuLoginController.java @@ -25,6 +25,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PathVariable; @@ -47,6 +48,7 @@ @RequestMapping(value = "/user", headers = "Authorization") @RestController +@PreAuthorize("hasRole('NURSE') || hasRole('PHARMACIST') || hasRole('LABTECHNICIAN') || hasRole('REGISTRAR') || hasRole('DATASYNC') || hasRole('DATA_SYNC') || hasRole('DOCTOR') || hasRole('LAB_TECHNICIAN') || hasRole('TC_SPECIALIST') || hasRole('ONCOLOGIST') || hasRole('RADIOLOGIST')") public class IemrMmuLoginController { private Logger logger = LoggerFactory.getLogger(RegistrarController.class); diff --git a/src/main/java/com/iemr/mmu/controller/ncdCare/NCDCareController.java b/src/main/java/com/iemr/mmu/controller/ncdCare/NCDCareController.java index 03c4cecc..0e8dd35d 100644 --- a/src/main/java/com/iemr/mmu/controller/ncdCare/NCDCareController.java +++ b/src/main/java/com/iemr/mmu/controller/ncdCare/NCDCareController.java @@ -28,6 +28,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.transaction.annotation.Transactional; import org.springframework.web.bind.annotation.PostMapping; @@ -66,6 +67,7 @@ public void setNcdCareServiceImpl(NCDCareServiceImpl ncdCareServiceImpl) { */ @Operation(summary = "Save NCD care data collected by nurse") @PostMapping(value = { "/save/nurseData" }) + @PreAuthorize("hasRole('NURSE') ") public String saveBenNCDCareNurseData(@RequestBody String requestObj) { OutputResponse response = new OutputResponse(); try { @@ -99,6 +101,7 @@ public String saveBenNCDCareNurseData(@RequestBody String requestObj) { */ @Operation(summary = "Save NCD care beneficiary case record and referral") @PostMapping(value = { "/save/doctorData" }) + @PreAuthorize("hasRole('DOCTOR') ") public String saveBenNCDCareDoctorData(@RequestBody String requestObj, @RequestHeader(value = "Authorization") String authorization) { OutputResponse response = new OutputResponse(); @@ -125,6 +128,7 @@ public String saveBenNCDCareDoctorData(@RequestBody String requestObj, @Operation(summary = "Get NCD care beneficiary visit details") @PostMapping(value = { "/getBenVisitDetailsFrmNurseNCDCare" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") @Transactional(rollbackFor = Exception.class) public String getBenVisitDetailsFrmNurseNCDCare( @ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) { @@ -157,7 +161,7 @@ public String getBenVisitDetailsFrmNurseNCDCare( */ @Operation(summary = "Get NCD care beneficiary history") @PostMapping(value = { "/getBenNCDCareHistoryDetails" }) - + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getBenNCDCareHistoryDetails( @ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -188,6 +192,7 @@ public String getBenNCDCareHistoryDetails( */ @Operation(summary = "Get NCD care beneficiary vitals") @PostMapping(value = { "/getBenVitalDetailsFrmNurseNCDCare" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getBenVitalDetailsFrmNurseNCDCare( @ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -220,6 +225,7 @@ public String getBenVitalDetailsFrmNurseNCDCare( @Operation(summary = "Get NCD care beneficiary case record and referral") @PostMapping(value = { "/getBenCaseRecordFromDoctorNCDCare" }) @Transactional(rollbackFor = Exception.class) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getBenCaseRecordFromDoctorNCDCare( @ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -246,6 +252,7 @@ public String getBenCaseRecordFromDoctorNCDCare( @Operation(summary = "Update NCD care beneficiary history") @PostMapping(value = { "/update/historyScreen" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String updateHistoryNurse(@RequestBody String requestObj) { OutputResponse response = new OutputResponse(); @@ -278,6 +285,7 @@ public String updateHistoryNurse(@RequestBody String requestObj) { */ @Operation(summary = "Update NCD care beneficiary vitals") @PostMapping(value = { "/update/vitalScreen" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String updateVitalNurse(@RequestBody String requestObj) { OutputResponse response = new OutputResponse(); @@ -307,6 +315,7 @@ public String updateVitalNurse(@RequestBody String requestObj) { */ @Operation(summary = "Update NCD care beneficiary case record and referral") @PostMapping(value = { "/update/doctorData" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String updateNCDCareDoctorData(@RequestBody String requestObj, @RequestHeader(value = "Authorization") String authorization) { diff --git a/src/main/java/com/iemr/mmu/controller/ncdscreening/NCDController.java b/src/main/java/com/iemr/mmu/controller/ncdscreening/NCDController.java index 39d3531b..24cb3cb0 100644 --- a/src/main/java/com/iemr/mmu/controller/ncdscreening/NCDController.java +++ b/src/main/java/com/iemr/mmu/controller/ncdscreening/NCDController.java @@ -25,6 +25,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.transaction.annotation.Transactional; import org.springframework.web.bind.annotation.GetMapping; @@ -73,8 +74,8 @@ public void setNcdScreeningServiceImpl(NCDScreeningServiceImpl ncdScreeningServi * @return success or failure response */ @Operation(summary = "Save beneficiary NCD screening details") - @PostMapping(value = { "/save/nurseData" }) + @PreAuthorize("hasRole('NURSE')") public String saveBeneficiaryNCDScreeningDetails(@RequestBody String requestObj, @RequestHeader(value = "Authorization") String authorization) { @@ -109,6 +110,7 @@ public String saveBeneficiaryNCDScreeningDetails(@RequestBody String requestObj, */ @Operation(summary = "Save NCD screening doctor data") @PostMapping(value = { "/save/doctorData" }) + @PreAuthorize("hasRole('DOCTOR')") public String saveBenNCDScreeningDoctorData(@RequestBody String requestObj, @RequestHeader(value = "Authorization") String authorization) { OutputResponse response = new OutputResponse(); @@ -135,8 +137,8 @@ public String saveBenNCDScreeningDoctorData(@RequestBody String requestObj, } @Operation(summary = "Get NCD screening visit details") - @PostMapping(value = { "/get/nurseData" }) + @PreAuthorize("hasRole('NURSE')") public String getNCDScreenigDetails( @ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) { @@ -162,6 +164,7 @@ public String getNCDScreenigDetails( @Operation(summary = "Get NCD screening visit count for beneficiary registration id") @GetMapping(value = { "/getNcdScreeningVisitCount/{beneficiaryRegID}" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getNcdScreeningVisitCount(@PathVariable("beneficiaryRegID") Long beneficiaryRegID) { OutputResponse response = new OutputResponse(); try { @@ -185,6 +188,7 @@ public String getNcdScreeningVisitCount(@PathVariable("beneficiaryRegID") Long b @Operation(summary = "Get beneficiary visit details from nurse NCD screening") @PostMapping(value = { "/getBenVisitDetailsFrmNurseNCDScreening" }) @Transactional(rollbackFor = Exception.class) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getBenVisitDetailsFrmNurseGOPD( @ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -211,7 +215,7 @@ public String getBenVisitDetailsFrmNurseGOPD( @Operation(summary = "Get beneficiary general OPD history details from nurse to doctor ") @PostMapping(value = { "/getBenHistoryDetails" }) - + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getBenHistoryDetails( @ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -237,6 +241,7 @@ public String getBenHistoryDetails( @Operation(summary = "Get beneficiary vital details from nurse general OPD") @PostMapping(value = { "/getBenVitalDetailsFrmNurse" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getBenVitalDetailsFrmNurse( @ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -263,6 +268,7 @@ public String getBenVitalDetailsFrmNurse( @Operation(summary = "Get beneficiary vital details from nurse general OPD") @PostMapping(value = { "/getBenIdrsDetailsFrmNurse" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String getBenIdrsDetailsFrmNurse( @ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -294,6 +300,7 @@ public String getBenIdrsDetailsFrmNurse( */ @Operation(summary = "Get beneficiary doctor entered details") @PostMapping(value = { "/getBenCaseRecordFromDoctorNCDScreening" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") @Transactional(rollbackFor = Exception.class) public String getBenCaseRecordFromDoctorNCDCare( @ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) { @@ -321,6 +328,7 @@ public String getBenCaseRecordFromDoctorNCDCare( @Operation(summary = "Update beneficiary NCD screening details") @PostMapping(value = { "/update/nurseData" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String updateBeneficiaryNCDScreeningDetails(@RequestBody String requestObj) { OutputResponse response = new OutputResponse(); @@ -348,6 +356,7 @@ public String updateBeneficiaryNCDScreeningDetails(@RequestBody String requestOb @Operation(summary = "Update history data in doctor screen") @PostMapping(value = { "/update/historyScreen" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String updateHistoryNurse(@RequestBody String requestObj) { OutputResponse response = new OutputResponse(); @@ -372,6 +381,7 @@ public String updateHistoryNurse(@RequestBody String requestObj) { @Operation(summary = "Update NCD screening vital data in doctor screen") @PostMapping(value = { "/update/vitalScreen" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String updateVitalNurse(@RequestBody String requestObj) { OutputResponse response = new OutputResponse(); @@ -395,6 +405,7 @@ public String updateVitalNurse(@RequestBody String requestObj) { @Operation(summary = "Update history data in doctor screen") @PostMapping(value = { "/update/idrsScreen" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public String updateIDRSScreen(@RequestBody String requestObj) { OutputResponse response = new OutputResponse(); @@ -418,6 +429,7 @@ public String updateIDRSScreen(@RequestBody String requestObj) { @Operation(summary = "Update doctor data") @PostMapping(value = { "/update/doctorData" }) + @PreAuthorize("hasRole('DOCTOR')") public String updateDoctorData(@RequestBody String requestObj) { OutputResponse response = new OutputResponse(); diff --git a/src/main/java/com/iemr/mmu/controller/nurse/vitals/AnthropometryVitalsController.java b/src/main/java/com/iemr/mmu/controller/nurse/vitals/AnthropometryVitalsController.java index f5677647..ef3a5a5a 100644 --- a/src/main/java/com/iemr/mmu/controller/nurse/vitals/AnthropometryVitalsController.java +++ b/src/main/java/com/iemr/mmu/controller/nurse/vitals/AnthropometryVitalsController.java @@ -5,6 +5,7 @@ import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.data.repository.query.Param; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; @@ -18,6 +19,7 @@ @RestController @RequestMapping(value = "/anthropometryVitals", headers = "Authorization", consumes = "application/json", produces = "application/json") +@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR')") public class AnthropometryVitalsController { private Logger logger = LoggerFactory.getLogger(this.getClass().getSimpleName()); diff --git a/src/main/java/com/iemr/mmu/controller/pnc/PostnatalCareController.java b/src/main/java/com/iemr/mmu/controller/pnc/PostnatalCareController.java index 0e15e43a..ebc01325 100644 --- a/src/main/java/com/iemr/mmu/controller/pnc/PostnatalCareController.java +++ b/src/main/java/com/iemr/mmu/controller/pnc/PostnatalCareController.java @@ -25,6 +25,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.transaction.annotation.Transactional; import org.springframework.web.bind.annotation.PostMapping; @@ -63,6 +64,7 @@ public void setPncServiceImpl(PNCServiceImpl pncServiceImpl) { */ @Operation(summary = "Save PNC nurse data") @PostMapping(value = { "/save/nurseData" }) + @PreAuthorize("hasRole('NURSE')") public String saveBenPNCNurseData(@RequestBody String requestObj) { OutputResponse response = new OutputResponse(); try { @@ -96,6 +98,7 @@ public String saveBenPNCNurseData(@RequestBody String requestObj) { */ @Operation(summary = "Save PNC doctor data") @PostMapping(value = { "/save/doctorData" }) + @PreAuthorize("hasRole('DOCTOR') ") public String saveBenPNCDoctorData(@RequestBody String requestObj, @RequestHeader(value = "Authorization") String authorization) { OutputResponse response = new OutputResponse(); @@ -121,6 +124,7 @@ public String saveBenPNCDoctorData(@RequestBody String requestObj, @Operation(summary = "Get PNC beneficiary visit details from nurse") @PostMapping(value = { "/getBenVisitDetailsFrmNursePNC" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ") @Transactional(rollbackFor = Exception.class) public String getBenVisitDetailsFrmNursePNC( @ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) { @@ -154,6 +158,7 @@ public String getBenVisitDetailsFrmNursePNC( @Operation(summary = "Get PNC beneficiary care details from nurse") @PostMapping(value = { "/getBenPNCDetailsFrmNursePNC" }) @Transactional(rollbackFor = Exception.class) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ") public String getBenPNCDetailsFrmNursePNC( @ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -185,7 +190,7 @@ public String getBenPNCDetailsFrmNursePNC( */ @Operation(summary = "Get PNC beneficiary history details from nurse to doctor ") @PostMapping(value = { "/getBenHistoryDetails" }) - + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ") public String getBenHistoryDetails( @ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -216,6 +221,7 @@ public String getBenHistoryDetails( */ @Operation(summary = "Get PNC beneficiary vital details from nurse") @PostMapping(value = { "/getBenVitalDetailsFrmNurse" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ") public String getBenVitalDetailsFrmNurse( @ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -247,7 +253,7 @@ public String getBenVitalDetailsFrmNurse( */ @Operation(summary = "Get PNC beneficiary examination details from nurse to doctor ") @PostMapping(value = { "/getBenExaminationDetailsPNC" }) - + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ") public String getBenExaminationDetailsPNC( @ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -279,6 +285,7 @@ public String getBenExaminationDetailsPNC( @Operation(summary = "Get PNC beneficiary case record") @PostMapping(value = { "/getBenCaseRecordFromDoctorPNC" }) @Transactional(rollbackFor = Exception.class) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ") public String getBenCaseRecordFromDoctorPNC( @ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -305,6 +312,7 @@ public String getBenCaseRecordFromDoctorPNC( @Operation(summary = "Update PNC care data in doctor screen") @PostMapping(value = { "/update/PNCScreen" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ") public String updatePNCCareNurse(@RequestBody String requestObj) { OutputResponse response = new OutputResponse(); @@ -335,6 +343,7 @@ public String updatePNCCareNurse(@RequestBody String requestObj) { */ @Operation(summary = "Update PNC beneficiary history in doctor screen") @PostMapping(value = { "/update/historyScreen" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ") public String updateHistoryNurse(@RequestBody String requestObj) { OutputResponse response = new OutputResponse(); @@ -365,6 +374,7 @@ public String updateHistoryNurse(@RequestBody String requestObj) { */ @Operation(summary = "Update PNC beneficiary vitals in doctor screen") @PostMapping(value = { "/update/vitalScreen" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ") public String updateVitalNurse(@RequestBody String requestObj) { OutputResponse response = new OutputResponse(); @@ -395,6 +405,7 @@ public String updateVitalNurse(@RequestBody String requestObj) { */ @Operation(summary = "Update PNC beneficiary examination data in doctor screen") @PostMapping(value = { "/update/examinationScreen" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ") public String updateGeneralOPDExaminationNurse(@RequestBody String requestObj) { OutputResponse response = new OutputResponse(); @@ -418,6 +429,7 @@ public String updateGeneralOPDExaminationNurse(@RequestBody String requestObj) { @Operation(summary = "Update PNC doctor data") @PostMapping(value = { "/update/doctorData" }) + @PreAuthorize("hasRole('DOCTOR') ") public String updatePNCDoctorData(@RequestBody String requestObj, @RequestHeader(value = "Authorization") String authorization) { diff --git a/src/main/java/com/iemr/mmu/controller/quickconsult/QuickConsultController.java b/src/main/java/com/iemr/mmu/controller/quickconsult/QuickConsultController.java index 5b672df5..24df556c 100644 --- a/src/main/java/com/iemr/mmu/controller/quickconsult/QuickConsultController.java +++ b/src/main/java/com/iemr/mmu/controller/quickconsult/QuickConsultController.java @@ -25,6 +25,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.transaction.annotation.Transactional; import org.springframework.web.bind.annotation.PostMapping; @@ -70,6 +71,7 @@ public void setQuickConsultationServiceImpl(QuickConsultationServiceImpl quickCo */ @Operation(summary = "Save quick consult nurse data") @PostMapping(value = { "/save/nurseData" }) + @PreAuthorize("hasRole('NURSE') ") public String saveBenQuickConsultDataNurse(@RequestBody String requestObj) { OutputResponse response = new OutputResponse(); try { @@ -102,6 +104,7 @@ public String saveBenQuickConsultDataNurse(@RequestBody String requestObj) { */ @Operation(summary = "Save quick consultation detail for doctor") @PostMapping(value = { "/save/doctorData" }) + @PreAuthorize("hasRole('DOCTOR') ") public String saveQuickConsultationDetail( @ApiParam(value = "{\"quickConsultation\":{\"beneficiaryRegID\":\"Long\",\"providerServiceMapID\": \"Integer\", \"benVisitID\":\"Long\", \"benChiefComplaint\":[{\"chiefComplaintID\":\"Integer\", " + "\"chiefComplaint\":\"String\", \"duration\":\"Integer\", \"unitOfDuration\":\"String\"}], \"description\":\"String\"" @@ -139,6 +142,7 @@ public String saveQuickConsultationDetail( @Operation(summary = "Get quick consult beneficiary visit details") @PostMapping(value = { "/getBenDataFrmNurseToDocVisitDetailsScreen" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ") public String getBenDataFrmNurseScrnToDocScrnVisitDetails( @ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -169,6 +173,7 @@ public String getBenDataFrmNurseScrnToDocScrnVisitDetails( */ @Operation(summary = "Get quick consult beneficiary vital details") @PostMapping(value = { "/getBenVitalDetailsFrmNurse" }) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ") public String getBenVitalDetailsFrmNurse( @ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -201,6 +206,7 @@ public String getBenVitalDetailsFrmNurse( @Operation(summary = "Get quick consult beneficiary case record") @PostMapping(value = { "/getBenCaseRecordFromDoctorQuickConsult" }) @Transactional(rollbackFor = Exception.class) + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ") public String getBenCaseRecordFromDoctorQuickConsult( @ApiParam(value = "{\"benRegID\":\"Long\",\"visitCode\":\"Long\"}") @RequestBody String comingRequest) { OutputResponse response = new OutputResponse(); @@ -227,6 +233,7 @@ public String getBenCaseRecordFromDoctorQuickConsult( @Operation(summary = "Update quick consult doctor data") @PostMapping(value = { "/update/doctorData" }) + @PreAuthorize("hasRole('DOCTOR') ") public String updateGeneralOPDQCDoctorData(@RequestBody String requestObj, @RequestHeader(value = "Authorization") String authorization) { diff --git a/src/main/java/com/iemr/mmu/controller/registrar/main/RegistrarController.java b/src/main/java/com/iemr/mmu/controller/registrar/main/RegistrarController.java index 89261c5b..ac6cf9c5 100644 --- a/src/main/java/com/iemr/mmu/controller/registrar/main/RegistrarController.java +++ b/src/main/java/com/iemr/mmu/controller/registrar/main/RegistrarController.java @@ -29,6 +29,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; @@ -82,6 +83,7 @@ public void setNurseServiceImpl(NurseServiceImpl nurseServiceImpl) { this.nurseServiceImpl = nurseServiceImpl; } + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('REGISTRAR')") @Operation(summary = "Get registrar worklist data") @PostMapping(value = { "/registrarWorkListData" }) public String getRegistrarWorkList(@ApiParam(value = "{\"spID\": \"Integer\"}") @RequestBody String comingRequest) @@ -100,6 +102,7 @@ public String getRegistrarWorkList(@ApiParam(value = "{\"spID\": \"Integer\"}") return response.toString(); } + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('REGISTRAR')") @Operation(summary = "Search for the beneficiary by beneficiary id") @PostMapping(value = { "/quickSearch" }) public String quickSearchBeneficiary( @@ -118,6 +121,7 @@ public String quickSearchBeneficiary( return response.toString(); } + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('REGISTRAR')") @Operation(summary = "Search for the beneficiary based on provided data") @PostMapping(value = { "/advanceSearch" }) public String advanceSearch( @@ -138,6 +142,7 @@ public String advanceSearch( return response.toString(); } + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('REGISTRAR')") @Operation(summary = "Get beneficiary details of given beneficiary registration id") @PostMapping(value = { "/get/benDetailsByRegID" }) public String getBenDetailsByRegID( @@ -167,6 +172,7 @@ public String getBenDetailsByRegID( return response.toString(); } + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('LABTECHNICIAN') || hasRole('LAB_TECHNICIAN') || hasRole('PHARMACIST') || hasRole('REGISTRAR')") @Operation(summary = "Get beneficiary details") @PostMapping(value = { "/get/beneficiaryDetails" }) public String getBeneficiaryDetails( @@ -201,6 +207,7 @@ public String getBeneficiaryDetails( return response.toString(); } + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('LABTECHNICIAN') || hasRole('LAB_TECHNICIAN') || hasRole('PHARMACIST')") @Operation(summary = "Get beneficiary image") @PostMapping(value = { "/get/beneficiaryImage" }) public String getBeneficiaryImage( @@ -226,6 +233,7 @@ public String getBeneficiaryImage( return response.toString(); } + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('REGISTRAR')") @Operation(summary = "Search beneficiary for beneficiary id or beneficiary phone no") @PostMapping(value = { "/quickSearchNew" }) public String quickSearchNew(@RequestBody String requestObj, @@ -249,6 +257,7 @@ public String quickSearchNew(@RequestBody String requestObj, } + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('REGISTRAR')") @Operation(summary = "Search beneficiary advance search new") @PostMapping(value = { "/advanceSearchNew" }) public String advanceSearchNew(@RequestBody String requestObj, @@ -272,6 +281,7 @@ public String advanceSearchNew(@RequestBody String requestObj, } + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('LABTECHNICIAN') || hasRole('LAB_TECHNICIAN') || hasRole('PHARMACIST')") @Operation(summary = "Get beneficiary details for left side panel of given beneficiary registration id") @PostMapping(value = { "/get/benDetailsByRegIDForLeftPanelNew" }) public String getBenDetailsForLeftSidePanelByRegID( @@ -301,7 +311,8 @@ public String getBenDetailsForLeftSidePanelByRegID( } return response.toString(); } - + + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('LABTECHNICIAN') || hasRole('LAB_TECHNICIAN') || hasRole('PHARMACIST')") @Operation(summary = "Get beneficiary image") @PostMapping(value = { "/getBenImage" }) public String getBenImage(@RequestBody String requestObj, @@ -319,6 +330,7 @@ public String getBenImage(@RequestBody String requestObj, } + @PreAuthorize("hasRole('NURSE') || hasRole('REGISTRAR')") @Operation(summary = "Register a new beneficiary") @PostMapping(value = { "/registrarBeneficaryRegistration" }) public String createBeneficiary( @@ -381,6 +393,7 @@ public String createBeneficiary( return response.toString(); } + @PreAuthorize("hasRole('NURSE') || hasRole('REGISTRAR')") @Operation(summary = "Register a new beneficiary API") @PostMapping(value = { "/registrarBeneficaryRegistrationNew" }) public String registrarBeneficaryRegistrationNew(@RequestBody String comingReq, @@ -399,6 +412,7 @@ public String registrarBeneficaryRegistrationNew(@RequestBody String comingReq, } + @PreAuthorize("hasRole('NURSE') || hasRole('REGISTRAR') || hasRole('DOCTOR')") @Operation(summary = "Update registered beneficiary data") @PostMapping(value = { "/update/BeneficiaryDetails" }) public String updateBeneficiary( @@ -457,6 +471,7 @@ public String updateBeneficiary( return response.toString(); } + @PreAuthorize("hasRole('NURSE') || hasRole('REGISTRAR')") @Operation(summary = "Registrar will submit a beneficiary to nurse for revisit") @PostMapping(value = { "/create/BenReVisitToNurse" }) public String createReVisitForBenToNurse(@RequestBody String requestOBJ) { @@ -478,6 +493,7 @@ public String createReVisitForBenToNurse(@RequestBody String requestOBJ) { return response.toString(); } + @PreAuthorize("hasRole('NURSE') || hasRole('REGISTRAR')") @Operation(summary = "Beneficiary edit, save or submit") @PostMapping(value = { "/update/BeneficiaryUpdate" }) public String beneficiaryUpdate(@RequestBody String requestOBJ, @@ -502,6 +518,7 @@ public String beneficiaryUpdate(@RequestBody String requestOBJ, return response.toString(); } + @PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') || hasRole('REGISTRAR')") @Operation(summary = "Get master data for registrar") @PostMapping(value = { "/registrarMasterData" }) public String masterDataForRegistration( diff --git a/src/main/java/com/iemr/mmu/controller/reports/ReportGateway.java b/src/main/java/com/iemr/mmu/controller/reports/ReportGateway.java index 87d5c0de..8792b8c3 100644 --- a/src/main/java/com/iemr/mmu/controller/reports/ReportGateway.java +++ b/src/main/java/com/iemr/mmu/controller/reports/ReportGateway.java @@ -24,6 +24,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PathVariable; @@ -41,6 +42,7 @@ @RestController @RequestMapping(value = "/report", headers = "Authorization") +@PreAuthorize("hasRole('NURSE') || hasRole('PHARMACIST') || hasRole('LABTECHNICIAN') || hasRole('DOCTOR') || hasRole('LAB_TECHNICIAN') || hasRole('TC_SPECIALIST') || hasRole('ONCOLOGIST') || hasRole('RADIOLOGIST')") public class ReportGateway { private Logger logger = LoggerFactory.getLogger(RegistrarController.class); diff --git a/src/main/java/com/iemr/mmu/controller/snomedct/SnomedController.java b/src/main/java/com/iemr/mmu/controller/snomedct/SnomedController.java index 8b79db37..38077310 100644 --- a/src/main/java/com/iemr/mmu/controller/snomedct/SnomedController.java +++ b/src/main/java/com/iemr/mmu/controller/snomedct/SnomedController.java @@ -24,6 +24,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; @@ -41,6 +42,7 @@ @RequestMapping(value = "/snomed") @RestController +@PreAuthorize("hasRole('NURSE') || hasRole('DOCTOR') ") public class SnomedController { private Logger logger = LoggerFactory.getLogger(SnomedController.class); diff --git a/src/main/java/com/iemr/mmu/controller/teleconsultation/TeleConsultationController.java b/src/main/java/com/iemr/mmu/controller/teleconsultation/TeleConsultationController.java index 5a5eea00..6dea0f71 100644 --- a/src/main/java/com/iemr/mmu/controller/teleconsultation/TeleConsultationController.java +++ b/src/main/java/com/iemr/mmu/controller/teleconsultation/TeleConsultationController.java @@ -24,6 +24,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.access.prepost.PreAuthorize; import com.iemr.mmu.utils.JwtUtil; import org.springframework.web.bind.annotation.PostMapping; @@ -44,6 +45,7 @@ @RestController @RequestMapping(value = "/tc", headers = "Authorization", consumes = "application/json", produces = "application/json") +@PreAuthorize("hasRole('TCSPECIALIST') || hasRole('TC_SPECIALIST') ") public class TeleConsultationController { private Logger logger = LoggerFactory.getLogger(this.getClass().getSimpleName()); diff --git a/src/main/java/com/iemr/mmu/repo/login/UserLoginRepo.java b/src/main/java/com/iemr/mmu/repo/login/UserLoginRepo.java index b4cc7fa0..6f6390ee 100644 --- a/src/main/java/com/iemr/mmu/repo/login/UserLoginRepo.java +++ b/src/main/java/com/iemr/mmu/repo/login/UserLoginRepo.java @@ -1,5 +1,7 @@ package com.iemr.mmu.repo.login; +import java.util.List; + import org.springframework.data.jpa.repository.Query; import org.springframework.data.repository.CrudRepository; import org.springframework.data.repository.query.Param; @@ -13,4 +15,7 @@ public interface UserLoginRepo extends CrudRepository { @Query(" SELECT u FROM Users u WHERE u.userID = :userID AND u.deleted = false ") public Users getUserByUserID(@Param("userID") Long userID); + @Query(nativeQuery = true,value = "select rolename from m_role where roleid in (select roleid from m_userservicerolemapping where userid=:userID)") + List getRoleNamebyUserId(@Param("userID") Long userID); + } diff --git a/src/main/java/com/iemr/mmu/utils/JwtAuthenticationUtil.java b/src/main/java/com/iemr/mmu/utils/JwtAuthenticationUtil.java index 83711a10..a4879e7f 100644 --- a/src/main/java/com/iemr/mmu/utils/JwtAuthenticationUtil.java +++ b/src/main/java/com/iemr/mmu/utils/JwtAuthenticationUtil.java @@ -2,6 +2,7 @@ import java.util.Optional; import java.util.concurrent.TimeUnit; +import java.util.List; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -76,6 +77,9 @@ public boolean validateUserIdAndJwtToken(String jwtToken) throws IEMRException { // Check if user data is present in Redis Users user = getUserFromCache(userId); + if(user != null) { + List roles = getUserRoles(user.getUserID()); + } if (user == null) { // If not in Redis, fetch from DB and cache the result user = fetchUserFromDB(userId); @@ -129,4 +133,19 @@ private Users fetchUserFromDB(String userId) { return null; } + + public List getUserRoles(Long userId) throws Exception { + if (null == userId || userId <= 0) { + throw new IllegalArgumentException("Invalid User ID : " + userId); + } + try { + List role = userLoginRepo.getRoleNamebyUserId(userId); + if (null == role || role.isEmpty()) { + throw new Exception("No role found for userId : " + userId); + } + return role; + } catch (Exception e) { + throw new Exception("Failed to retrieverole for usedId : " + userId + " error : " + e.getMessage()); + } + } } diff --git a/src/main/java/com/iemr/mmu/utils/JwtUtil.java b/src/main/java/com/iemr/mmu/utils/JwtUtil.java index ee6ee025..81673611 100644 --- a/src/main/java/com/iemr/mmu/utils/JwtUtil.java +++ b/src/main/java/com/iemr/mmu/utils/JwtUtil.java @@ -1,11 +1,17 @@ package com.iemr.mmu.utils; +import java.util.List; import java.util.function.Function; + import javax.crypto.SecretKey; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Component; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import com.iemr.mmu.repo.login.UserLoginRepo; import io.jsonwebtoken.Claims; import io.jsonwebtoken.Jwts; @@ -14,12 +20,17 @@ @Component public class JwtUtil { + private final Logger logger = LoggerFactory.getLogger(this.getClass().getName()); + @Value("${jwt.secret}") private String SECRET_KEY; @Autowired private TokenDenylist tokenDenylist; + @Autowired + private UserLoginRepo userLoginRepo; + // Generate a key using the secret private SecretKey getSigningKey() { if (SECRET_KEY == null || SECRET_KEY.isEmpty()) { @@ -59,7 +70,7 @@ public T extractClaim(String token, Function claimsResolver) { return claims != null ? claimsResolver.apply(claims) : null; } - private Claims extractAllClaims(String token) { + public Claims extractAllClaims(String token) { return Jwts.parser() .verifyWith(getSigningKey()) .build() diff --git a/src/main/java/com/iemr/mmu/utils/exception/CustomAccessDeniedHandler.java b/src/main/java/com/iemr/mmu/utils/exception/CustomAccessDeniedHandler.java new file mode 100644 index 00000000..4a53a12f --- /dev/null +++ b/src/main/java/com/iemr/mmu/utils/exception/CustomAccessDeniedHandler.java @@ -0,0 +1,28 @@ +package com.iemr.mmu.utils.exception; + +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; +import org.springframework.security.access.AccessDeniedException; +import org.springframework.security.web.access.AccessDeniedHandler; +import org.springframework.stereotype.Component; + +import com.fasterxml.jackson.databind.ObjectMapper; + +import java.io.IOException; +import java.util.Map; + +@Component +public class CustomAccessDeniedHandler implements AccessDeniedHandler { + + private static final ObjectMapper mapper = new ObjectMapper(); + @Override + public void handle(HttpServletRequest request, + HttpServletResponse response, + AccessDeniedException accessDeniedException) throws IOException { + response.setStatus(HttpServletResponse.SC_FORBIDDEN); // 403 + response.setContentType("application/json"); + Map errorResponse = Map.of("error" , "Forbidden", + "message","Access denied"); + response.getWriter().write(mapper.writeValueAsString(errorResponse)); + } +} \ No newline at end of file diff --git a/src/main/java/com/iemr/mmu/utils/exception/CustomAuthenticationEntryPoint.java b/src/main/java/com/iemr/mmu/utils/exception/CustomAuthenticationEntryPoint.java new file mode 100644 index 00000000..420f75a2 --- /dev/null +++ b/src/main/java/com/iemr/mmu/utils/exception/CustomAuthenticationEntryPoint.java @@ -0,0 +1,23 @@ +package com.iemr.mmu.utils.exception; + +import java.io.IOException; + +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.web.AuthenticationEntryPoint; +import org.springframework.stereotype.Component; + +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; + +@Component +public class CustomAuthenticationEntryPoint implements AuthenticationEntryPoint { + + @Override + public void commence(HttpServletRequest request, + HttpServletResponse response, + AuthenticationException authException) throws IOException { + response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); // 401 + response.setContentType("application/json"); + response.getWriter().write("{\"error\": \"Unauthorized\", \"message\": \"" + authException.getMessage() + "\"}"); + } +} \ No newline at end of file diff --git a/src/main/java/com/iemr/mmu/utils/mapper/RoleAuthenticationFilter.java b/src/main/java/com/iemr/mmu/utils/mapper/RoleAuthenticationFilter.java new file mode 100644 index 00000000..08c47e9c --- /dev/null +++ b/src/main/java/com/iemr/mmu/utils/mapper/RoleAuthenticationFilter.java @@ -0,0 +1,110 @@ +package com.iemr.mmu.utils.mapper; + +import java.util.List; +import java.util.Objects; +import java.util.stream.Collectors; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.stereotype.Component; +import org.springframework.web.filter.OncePerRequestFilter; + +import com.iemr.mmu.service.common.transaction.CommonServiceImpl; +import com.iemr.mmu.service.login.IemrMmuLoginServiceImpl; +import com.iemr.mmu.utils.CookieUtil; +import com.iemr.mmu.utils.JwtAuthenticationUtil; +import com.iemr.mmu.utils.JwtUserIdValidationFilter; +import com.iemr.mmu.utils.JwtUtil; +import com.iemr.mmu.utils.redis.RedisStorage; + +import io.jsonwebtoken.Claims; +import io.jsonwebtoken.io.IOException; +import jakarta.servlet.FilterChain; +import jakarta.servlet.ServletException; +import jakarta.servlet.http.Cookie; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; + +@Component +public class RoleAuthenticationFilter extends OncePerRequestFilter { + Logger logger = LoggerFactory.getLogger(this.getClass().getSimpleName()); + + @Autowired + private JwtUtil jwtUtil; + + @Autowired + private RedisStorage redisService; + + @Autowired + private JwtAuthenticationUtil userService; + + @Override + protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) + throws ServletException, IOException, java.io.IOException { + logger.info(">>> RoleAuthenticationFilter STARTED for URI: {}", request.getRequestURI()); + System.out.println(">>> RoleAuthenticationFilter STARTED for URI: " + request.getRequestURI()); + + List authRoles = null; + try { + String jwtFromCookie = CookieUtil.getJwtTokenFromCookie(request); + String jwtFromHeader = request.getHeader("Jwttoken"); + + String jwtToken = jwtFromCookie != null ? jwtFromCookie : jwtFromHeader; + if(null == jwtToken || jwtToken.trim().isEmpty()) { + filterChain.doFilter(request, response); + return; + } + Claims extractAllClaims = jwtUtil.extractAllClaims(jwtToken); + if(null == extractAllClaims) { + filterChain.doFilter(request, response); + return; + } + Object userIdObj = extractAllClaims.get("userId"); + String userId = userIdObj != null ? userIdObj.toString() : null; + logger.info("Extracted userId from JWT: {}", userId.toString()); + System.out.println("Extracted userId from JWT: " + userId.toString()); + if (null == userId || userId.trim().isEmpty()) { + filterChain.doFilter(request, response); + return; + } + Long userIdLong; + try { + userIdLong=Long.valueOf(userId); + }catch (NumberFormatException ex) { + logger.warn("Invalid userId format: {}",userId); + filterChain.doFilter(request, response); + return; + } + authRoles = redisService.getUserRoleFromCache(userIdLong); + System.out.println("Roles fetched from Redis for userId " + userId + ": " + authRoles); + logger.info("Roles fetched from Redis for userId {}: {}", userId, authRoles); + if (authRoles == null || authRoles.isEmpty()) { + List roles = userService.getUserRoles(Long.valueOf(userId)); // assuming this returns multiple roles + authRoles = roles.stream() + .filter(Objects::nonNull) + .map(String::trim) + .map(role -> "ROLE_" + role.toUpperCase().replace(" ", "_")) + .collect(Collectors.toList()); + redisService.cacheUserRoles(Long.valueOf(userId), authRoles); + } + + List authorities = authRoles.stream() + .map(SimpleGrantedAuthority::new) + .collect(Collectors.toList()); + + UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(userId, null, authorities); + SecurityContextHolder.getContext().setAuthentication(auth); + } catch (Exception e) { + logger.error("Authentication filter error for request {}: {}", request.getRequestURI(), e.getMessage()); + SecurityContextHolder.clearContext(); + } finally { + filterChain.doFilter(request, response); + } + + } +} \ No newline at end of file diff --git a/src/main/java/com/iemr/mmu/utils/mapper/SecurityConfig.java b/src/main/java/com/iemr/mmu/utils/mapper/SecurityConfig.java new file mode 100644 index 00000000..49714b5d --- /dev/null +++ b/src/main/java/com/iemr/mmu/utils/mapper/SecurityConfig.java @@ -0,0 +1,55 @@ +package com.iemr.mmu.utils.mapper; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.http.SessionCreationPolicy; +import org.springframework.security.web.SecurityFilterChain; +import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; +import org.springframework.security.web.csrf.CookieCsrfTokenRepository; + +import com.iemr.mmu.utils.exception.CustomAuthenticationEntryPoint; +import com.iemr.mmu.utils.exception.CustomAccessDeniedHandler; + + +@Configuration +@EnableMethodSecurity +@EnableWebSecurity +public class SecurityConfig { + private final RoleAuthenticationFilter roleAuthenticationFilter; + private final CustomAuthenticationEntryPoint customAuthenticationEntryPoint; + private final CustomAccessDeniedHandler customAccessDeniedHandler; + + public SecurityConfig(RoleAuthenticationFilter roleAuthenticationFilter, + CustomAuthenticationEntryPoint customAuthenticationEntryPoint, + CustomAccessDeniedHandler customAccessDeniedHandler) { + this.roleAuthenticationFilter = roleAuthenticationFilter; + this.customAuthenticationEntryPoint = customAuthenticationEntryPoint; + this.customAccessDeniedHandler = customAccessDeniedHandler; + } + +@Bean +public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { + System.out.println("Inside SecurityConfig - securityFilterChain"); + CookieCsrfTokenRepository csrfTokenRepository = new CookieCsrfTokenRepository(); + csrfTokenRepository.setCookieHttpOnly(true); + csrfTokenRepository.setCookiePath("/"); + http + // .csrf(csrf -> csrf.csrfTokenRepository(csrfTokenRepository)) + .csrf(csrf -> csrf.disable()) + .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) + .authorizeHttpRequests(auth -> auth + .requestMatchers("/user/**").permitAll() + .anyRequest().authenticated() + ) + .exceptionHandling(ex -> ex + .authenticationEntryPoint(customAuthenticationEntryPoint) + .accessDeniedHandler(customAccessDeniedHandler) + ) + .addFilterBefore(roleAuthenticationFilter, UsernamePasswordAuthenticationFilter.class); + + return http.build(); +} +} diff --git a/src/main/java/com/iemr/mmu/utils/redis/RedisStorage.java b/src/main/java/com/iemr/mmu/utils/redis/RedisStorage.java index 5e80ac6d..f6ce792c 100644 --- a/src/main/java/com/iemr/mmu/utils/redis/RedisStorage.java +++ b/src/main/java/com/iemr/mmu/utils/redis/RedisStorage.java @@ -21,12 +21,15 @@ */ package com.iemr.mmu.utils.redis; +import java.util.List; + import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.data.redis.connection.RedisConnection; import org.springframework.data.redis.connection.RedisStringCommands.SetOption; import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory; +import org.springframework.data.redis.core.RedisTemplate; import org.springframework.data.redis.core.types.Expiration; import org.springframework.stereotype.Component; @@ -106,4 +109,29 @@ public String updateObject(String key, String value , int expirationTime) throws return key; } + @Autowired + private RedisTemplate redisTemplate; + + public void cacheUserRoles(Long userId, List roles) { + try { + logger.info("Caching roles for user {} : {} ", userId, roles); + String key = "roles:" + userId; + redisTemplate.delete(key); // Clear previous cache + redisTemplate.opsForList().rightPushAll(key, roles); + } catch (Exception e) { + logger.warn("Failed to cache role for user {} : {} ", userId, e.getMessage()); + } + + } + + public List getUserRoleFromCache(Long userId) { + try { + logger.info("get user role from cache",userId); + return redisTemplate.opsForList().range("roles:" + userId, 0, -1); + } catch (Exception e) { + logger.warn("Failed to retrieve cached role for user {} : {} ", userId, e.getMessage()); + return null; + } + } + } From 8ac2d5fb6897e873b72ef8e336d6c634dec1669d Mon Sep 17 00:00:00 2001 From: Vanitha Date: Tue, 25 Nov 2025 14:17:46 +0530 Subject: [PATCH 2/5] fix: coderabbit comments --- .../cancerscreening/CancerScreeningController.java | 2 +- .../com/iemr/mmu/utils/JwtAuthenticationUtil.java | 9 +++++---- src/main/java/com/iemr/mmu/utils/JwtUtil.java | 8 -------- .../exception/CustomAuthenticationEntryPoint.java | 7 ++++++- .../mmu/utils/mapper/RoleAuthenticationFilter.java | 13 +++---------- .../com/iemr/mmu/utils/mapper/SecurityConfig.java | 2 -- 6 files changed, 15 insertions(+), 26 deletions(-) diff --git a/src/main/java/com/iemr/mmu/controller/cancerscreening/CancerScreeningController.java b/src/main/java/com/iemr/mmu/controller/cancerscreening/CancerScreeningController.java index 99ede1ef..f06acd5d 100644 --- a/src/main/java/com/iemr/mmu/controller/cancerscreening/CancerScreeningController.java +++ b/src/main/java/com/iemr/mmu/controller/cancerscreening/CancerScreeningController.java @@ -68,7 +68,7 @@ public void setCancerScreeningServiceImpl(CSServiceImpl cSServiceImpl) { */ @Operation(summary = "Save cancer screening nurse data") @PostMapping(value = { "/save/nurseData" }) - @PreAuthorize("hasRole('DOCTOR')") + @PreAuthorize("hasRole('NURSE')") public String saveBenCancerScreeningNurseData(@RequestBody String requestObj, @RequestHeader(value = "Authorization") String authorization) { OutputResponse response = new OutputResponse(); diff --git a/src/main/java/com/iemr/mmu/utils/JwtAuthenticationUtil.java b/src/main/java/com/iemr/mmu/utils/JwtAuthenticationUtil.java index a4879e7f..9733900e 100644 --- a/src/main/java/com/iemr/mmu/utils/JwtAuthenticationUtil.java +++ b/src/main/java/com/iemr/mmu/utils/JwtAuthenticationUtil.java @@ -78,6 +78,7 @@ public boolean validateUserIdAndJwtToken(String jwtToken) throws IEMRException { // Check if user data is present in Redis Users user = getUserFromCache(userId); if(user != null) { + // Store roles in security context or cache for authorization List roles = getUserRoles(user.getUserID()); } if (user == null) { @@ -134,18 +135,18 @@ private Users fetchUserFromDB(String userId) { return null; } - public List getUserRoles(Long userId) throws Exception { + public List getUserRoles(Long userId) throws IEMRException { if (null == userId || userId <= 0) { - throw new IllegalArgumentException("Invalid User ID : " + userId); + throw new IEMRException("Invalid User ID : " + userId); } try { List role = userLoginRepo.getRoleNamebyUserId(userId); if (null == role || role.isEmpty()) { - throw new Exception("No role found for userId : " + userId); + throw new IEMRException("No role found for userId : " + userId); } return role; } catch (Exception e) { - throw new Exception("Failed to retrieverole for usedId : " + userId + " error : " + e.getMessage()); + throw new IEMRException("Failed to retrieverole for usedId : " + userId + " error : " + e.getMessage()); } } } diff --git a/src/main/java/com/iemr/mmu/utils/JwtUtil.java b/src/main/java/com/iemr/mmu/utils/JwtUtil.java index 81673611..dfec616b 100644 --- a/src/main/java/com/iemr/mmu/utils/JwtUtil.java +++ b/src/main/java/com/iemr/mmu/utils/JwtUtil.java @@ -1,18 +1,13 @@ package com.iemr.mmu.utils; -import java.util.List; import java.util.function.Function; - import javax.crypto.SecretKey; - import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Component; import org.slf4j.Logger; import org.slf4j.LoggerFactory; - import com.iemr.mmu.repo.login.UserLoginRepo; - import io.jsonwebtoken.Claims; import io.jsonwebtoken.Jwts; import io.jsonwebtoken.security.Keys; @@ -28,9 +23,6 @@ public class JwtUtil { @Autowired private TokenDenylist tokenDenylist; - @Autowired - private UserLoginRepo userLoginRepo; - // Generate a key using the secret private SecretKey getSigningKey() { if (SECRET_KEY == null || SECRET_KEY.isEmpty()) { diff --git a/src/main/java/com/iemr/mmu/utils/exception/CustomAuthenticationEntryPoint.java b/src/main/java/com/iemr/mmu/utils/exception/CustomAuthenticationEntryPoint.java index 420f75a2..9a297fa2 100644 --- a/src/main/java/com/iemr/mmu/utils/exception/CustomAuthenticationEntryPoint.java +++ b/src/main/java/com/iemr/mmu/utils/exception/CustomAuthenticationEntryPoint.java @@ -6,6 +6,8 @@ import org.springframework.security.web.AuthenticationEntryPoint; import org.springframework.stereotype.Component; +import com.google.gson.JsonObject; + import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; @@ -18,6 +20,9 @@ public void commence(HttpServletRequest request, AuthenticationException authException) throws IOException { response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); // 401 response.setContentType("application/json"); - response.getWriter().write("{\"error\": \"Unauthorized\", \"message\": \"" + authException.getMessage() + "\"}"); + JsonObject json = new JsonObject(); + json.addProperty("error", "Unauthorized"); + json.addProperty("message", authException.getMessage()); + response.getWriter().write(json.toString()); } } \ No newline at end of file diff --git a/src/main/java/com/iemr/mmu/utils/mapper/RoleAuthenticationFilter.java b/src/main/java/com/iemr/mmu/utils/mapper/RoleAuthenticationFilter.java index 08c47e9c..a28035e3 100644 --- a/src/main/java/com/iemr/mmu/utils/mapper/RoleAuthenticationFilter.java +++ b/src/main/java/com/iemr/mmu/utils/mapper/RoleAuthenticationFilter.java @@ -46,13 +46,10 @@ public class RoleAuthenticationFilter extends OncePerRequestFilter { @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException, java.io.IOException { - logger.info(">>> RoleAuthenticationFilter STARTED for URI: {}", request.getRequestURI()); - System.out.println(">>> RoleAuthenticationFilter STARTED for URI: " + request.getRequestURI()); - List authRoles = null; try { String jwtFromCookie = CookieUtil.getJwtTokenFromCookie(request); - String jwtFromHeader = request.getHeader("Jwttoken"); + String jwtFromHeader = request.getHeader("Jwttoken"); String jwtToken = jwtFromCookie != null ? jwtFromCookie : jwtFromHeader; if(null == jwtToken || jwtToken.trim().isEmpty()) { @@ -66,8 +63,6 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse } Object userIdObj = extractAllClaims.get("userId"); String userId = userIdObj != null ? userIdObj.toString() : null; - logger.info("Extracted userId from JWT: {}", userId.toString()); - System.out.println("Extracted userId from JWT: " + userId.toString()); if (null == userId || userId.trim().isEmpty()) { filterChain.doFilter(request, response); return; @@ -81,16 +76,14 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse return; } authRoles = redisService.getUserRoleFromCache(userIdLong); - System.out.println("Roles fetched from Redis for userId " + userId + ": " + authRoles); - logger.info("Roles fetched from Redis for userId {}: {}", userId, authRoles); if (authRoles == null || authRoles.isEmpty()) { - List roles = userService.getUserRoles(Long.valueOf(userId)); // assuming this returns multiple roles + List roles = userService.getUserRoles(userIdLong); // assuming this returns multiple roles authRoles = roles.stream() .filter(Objects::nonNull) .map(String::trim) .map(role -> "ROLE_" + role.toUpperCase().replace(" ", "_")) .collect(Collectors.toList()); - redisService.cacheUserRoles(Long.valueOf(userId), authRoles); + redisService.cacheUserRoles(userIdLong, authRoles); } List authorities = authRoles.stream() diff --git a/src/main/java/com/iemr/mmu/utils/mapper/SecurityConfig.java b/src/main/java/com/iemr/mmu/utils/mapper/SecurityConfig.java index 49714b5d..3fe096d2 100644 --- a/src/main/java/com/iemr/mmu/utils/mapper/SecurityConfig.java +++ b/src/main/java/com/iemr/mmu/utils/mapper/SecurityConfig.java @@ -32,12 +32,10 @@ public SecurityConfig(RoleAuthenticationFilter roleAuthenticationFilter, @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { - System.out.println("Inside SecurityConfig - securityFilterChain"); CookieCsrfTokenRepository csrfTokenRepository = new CookieCsrfTokenRepository(); csrfTokenRepository.setCookieHttpOnly(true); csrfTokenRepository.setCookiePath("/"); http - // .csrf(csrf -> csrf.csrfTokenRepository(csrfTokenRepository)) .csrf(csrf -> csrf.disable()) .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) .authorizeHttpRequests(auth -> auth From 71666b20a623e50c1af1a4eca353e8b5d9e587db Mon Sep 17 00:00:00 2001 From: Vanitha S <116701245+vanitha1822@users.noreply.github.com> Date: Wed, 19 Nov 2025 16:05:14 +0530 Subject: [PATCH 3/5] Fix the WASA Issue : IDOR Vulnerability (#137) * fix: wasa-IDOR Vulnerability * fix: coderabbit comments * fix: remove userid from payload --- .../com/iemr/mmu/controller/location/LocationController.java | 1 + .../controller/teleconsultation/TeleConsultationController.java | 1 + 2 files changed, 2 insertions(+) diff --git a/src/main/java/com/iemr/mmu/controller/location/LocationController.java b/src/main/java/com/iemr/mmu/controller/location/LocationController.java index 5a51c90a..9861d9d7 100644 --- a/src/main/java/com/iemr/mmu/controller/location/LocationController.java +++ b/src/main/java/com/iemr/mmu/controller/location/LocationController.java @@ -25,6 +25,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import com.iemr.mmu.utils.JwtUtil; import org.springframework.security.access.prepost.PreAuthorize; import com.iemr.mmu.utils.JwtUtil; diff --git a/src/main/java/com/iemr/mmu/controller/teleconsultation/TeleConsultationController.java b/src/main/java/com/iemr/mmu/controller/teleconsultation/TeleConsultationController.java index 6dea0f71..0482979d 100644 --- a/src/main/java/com/iemr/mmu/controller/teleconsultation/TeleConsultationController.java +++ b/src/main/java/com/iemr/mmu/controller/teleconsultation/TeleConsultationController.java @@ -24,6 +24,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import com.iemr.mmu.utils.JwtUtil; import org.springframework.security.access.prepost.PreAuthorize; import com.iemr.mmu.utils.JwtUtil; From 2f558b06bf92072e6b30ad4b9050823a9ee4c475 Mon Sep 17 00:00:00 2001 From: Vanitha Date: Tue, 25 Nov 2025 14:32:33 +0530 Subject: [PATCH 4/5] fix: resolve the conflicts --- .../com/iemr/mmu/controller/common/main/CommonController.java | 1 - .../com/iemr/mmu/controller/location/LocationController.java | 1 - .../teleconsultation/TeleConsultationController.java | 3 +-- 3 files changed, 1 insertion(+), 4 deletions(-) diff --git a/src/main/java/com/iemr/mmu/controller/common/main/CommonController.java b/src/main/java/com/iemr/mmu/controller/common/main/CommonController.java index feaaac71..c0df03d6 100644 --- a/src/main/java/com/iemr/mmu/controller/common/main/CommonController.java +++ b/src/main/java/com/iemr/mmu/controller/common/main/CommonController.java @@ -33,7 +33,6 @@ import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; import org.springframework.security.access.prepost.PreAuthorize; - import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.PostMapping; diff --git a/src/main/java/com/iemr/mmu/controller/location/LocationController.java b/src/main/java/com/iemr/mmu/controller/location/LocationController.java index 9861d9d7..e7bab71a 100644 --- a/src/main/java/com/iemr/mmu/controller/location/LocationController.java +++ b/src/main/java/com/iemr/mmu/controller/location/LocationController.java @@ -34,7 +34,6 @@ import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RestController; import jakarta.servlet.http.HttpServletRequest; import com.iemr.mmu.utils.CookieUtil; diff --git a/src/main/java/com/iemr/mmu/controller/teleconsultation/TeleConsultationController.java b/src/main/java/com/iemr/mmu/controller/teleconsultation/TeleConsultationController.java index 0482979d..842f1dca 100644 --- a/src/main/java/com/iemr/mmu/controller/teleconsultation/TeleConsultationController.java +++ b/src/main/java/com/iemr/mmu/controller/teleconsultation/TeleConsultationController.java @@ -24,7 +24,6 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import com.iemr.mmu.utils.JwtUtil; import org.springframework.security.access.prepost.PreAuthorize; import com.iemr.mmu.utils.JwtUtil; @@ -33,7 +32,7 @@ import org.springframework.web.bind.annotation.RequestHeader; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; - +import com.iemr.mmu.utils.JwtUtil; import com.google.gson.JsonElement; import com.google.gson.JsonObject; import com.google.gson.JsonParser; From 81edd8ee0e0ce01482381fe484295c4bb52550c8 Mon Sep 17 00:00:00 2001 From: Vanitha Date: Tue, 25 Nov 2025 14:44:03 +0530 Subject: [PATCH 5/5] fix: remove unwanted codes --- src/main/java/com/iemr/mmu/utils/JwtUtil.java | 5 ----- src/main/java/com/iemr/mmu/utils/redis/RedisStorage.java | 2 -- 2 files changed, 7 deletions(-) diff --git a/src/main/java/com/iemr/mmu/utils/JwtUtil.java b/src/main/java/com/iemr/mmu/utils/JwtUtil.java index dfec616b..4774233c 100644 --- a/src/main/java/com/iemr/mmu/utils/JwtUtil.java +++ b/src/main/java/com/iemr/mmu/utils/JwtUtil.java @@ -5,9 +5,6 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Component; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import com.iemr.mmu.repo.login.UserLoginRepo; import io.jsonwebtoken.Claims; import io.jsonwebtoken.Jwts; import io.jsonwebtoken.security.Keys; @@ -15,8 +12,6 @@ @Component public class JwtUtil { - private final Logger logger = LoggerFactory.getLogger(this.getClass().getName()); - @Value("${jwt.secret}") private String SECRET_KEY; diff --git a/src/main/java/com/iemr/mmu/utils/redis/RedisStorage.java b/src/main/java/com/iemr/mmu/utils/redis/RedisStorage.java index f6ce792c..ed8d170e 100644 --- a/src/main/java/com/iemr/mmu/utils/redis/RedisStorage.java +++ b/src/main/java/com/iemr/mmu/utils/redis/RedisStorage.java @@ -114,7 +114,6 @@ public String updateObject(String key, String value , int expirationTime) throws public void cacheUserRoles(Long userId, List roles) { try { - logger.info("Caching roles for user {} : {} ", userId, roles); String key = "roles:" + userId; redisTemplate.delete(key); // Clear previous cache redisTemplate.opsForList().rightPushAll(key, roles); @@ -126,7 +125,6 @@ public void cacheUserRoles(Long userId, List roles) { public List getUserRoleFromCache(Long userId) { try { - logger.info("get user role from cache",userId); return redisTemplate.opsForList().range("roles:" + userId, 0, -1); } catch (Exception e) { logger.warn("Failed to retrieve cached role for user {} : {} ", userId, e.getMessage());