From 027805324a06a47ef39852dd5d4a2d7a583c54ea Mon Sep 17 00:00:00 2001
From: Julian Horner <julianhorner@web.de>
Date: Thu, 23 Jul 2020 14:12:29 +0200
Subject: [PATCH] Enable security

---
 .../services/DonationServiceBean.java         | 14 +++++------
 src/main/webapp/WEB-INF/jboss-web.xml         |  2 +-
 src/main/webapp/WEB-INF/web.xml               | 23 ++++++++-----------
 3 files changed, 18 insertions(+), 21 deletions(-)

diff --git a/src/main/java/de/dpunkt/myaktion/services/DonationServiceBean.java b/src/main/java/de/dpunkt/myaktion/services/DonationServiceBean.java
index 76b5720..7804287 100644
--- a/src/main/java/de/dpunkt/myaktion/services/DonationServiceBean.java
+++ b/src/main/java/de/dpunkt/myaktion/services/DonationServiceBean.java
@@ -40,7 +40,7 @@ public class DonationServiceBean implements DonationService {
 
     //----------------------------------------------------------------------------------------------
 
-    //@RolesAllowed("Organizer")
+    @RolesAllowed("Organizer")
     @Override
     public List<Donation> getDonationList(Long campaignId) {
         Campaign managedCampaign = entityManager.find(Campaign.class, campaignId);
@@ -51,8 +51,8 @@ public class DonationServiceBean implements DonationService {
         return donations;
     }
 
+    @PermitAll
     @Override
-    //@PermitAll
     public void addDonation(Long campaignId, Donation donation) {
         Campaign managedCampaign = entityManager.find(Campaign.class, campaignId);
         donation.setCampaign(managedCampaign);
@@ -60,8 +60,8 @@ public class DonationServiceBean implements DonationService {
         entityManager.persist(donation);
     }
 
+    @PermitAll
     @Override
-    //@PermitAll
     public void transferDonations() {
         logger.log(Level.INFO, "log.transferDonation.start");
 
@@ -75,23 +75,23 @@ public class DonationServiceBean implements DonationService {
         logger.log(Level.INFO, "log.transferDonation.done", new Object[] { donations.size() });
     }
 
+    @PermitAll
     @Override
-    //@PermitAll
     public List<Donation> getDonationListPublic(Long campaignId) throws ObjectNotFoundException {
         Campaign managedCampaign = entityManager.find(Campaign.class, campaignId);
         if (managedCampaign == null) {
             throw new ObjectNotFoundException();
         }
-        
+
         List<Donation> donations = managedCampaign.getDonations();
         final Function<Donation, Donation> donationFilter = donation -> {
             Donation filtered = new Donation();
             filtered.setAmount(donation.getAmount());
             filtered.setDonorName(donation.getDonorName());
-            
+
             return filtered;
         };
-        
+
         return donations.stream().map(donationFilter).collect(Collectors.toList());
     }
 
diff --git a/src/main/webapp/WEB-INF/jboss-web.xml b/src/main/webapp/WEB-INF/jboss-web.xml
index 508447c..91d6a72 100644
--- a/src/main/webapp/WEB-INF/jboss-web.xml
+++ b/src/main/webapp/WEB-INF/jboss-web.xml
@@ -1,3 +1,3 @@
 <jboss-web>
-	<security-domain>my-aktion</security-domain>
+    <security-domain>mongo-auth</security-domain>
 </jboss-web>
\ No newline at end of file
diff --git a/src/main/webapp/WEB-INF/web.xml b/src/main/webapp/WEB-INF/web.xml
index 33a4cb2..5309fcc 100644
--- a/src/main/webapp/WEB-INF/web.xml
+++ b/src/main/webapp/WEB-INF/web.xml
@@ -2,24 +2,21 @@
 <web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 	xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee 
-http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
+            http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
 	version="3.1">
-	<!-- <login-config>
-		<auth-method>FORM</auth-method>
-		<form-login-config>
-			<form-login-page>/login.jsf</form-login-page>
-			<form-error-page>/loginError.jsf</form-error-page>
-		</form-login-config>
+	<login-config>
+		<auth-method>BASIC</auth-method>
+		<realm-name>my-aktion authentification</realm-name>
 	</login-config>
 	<security-constraint>
 		<web-resource-collection>
 			<web-resource-name>organizer</web-resource-name>
 			<url-pattern>/organizer/*</url-pattern>
 		</web-resource-collection>
-        <web-resource-collection>
-            <web-resource-name>organizer access via REST</web-resource-name>
-            <url-pattern>/rest/organizer/*</url-pattern>
-        </web-resource-collection>
+		<web-resource-collection>
+			<web-resource-name>organizer access via REST</web-resource-name>
+			<url-pattern>/rest/organizer/*</url-pattern>
+		</web-resource-collection>
 		<auth-constraint>
 			<role-name>Organizer</role-name>
 		</auth-constraint>
@@ -29,9 +26,9 @@ http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
 	</security-constraint>
 	<security-role>
 		<role-name>Organizer</role-name>
-	</security-role> 
+	</security-role>
 	<servlet-mapping>
 		<servlet-name>javax.ws.rs.core.Application</servlet-name>
 		<url-pattern>/rest/*</url-pattern>
-	</servlet-mapping> -->
+	</servlet-mapping>
 </web-app>
\ No newline at end of file
-- 
GitLab