From 48a55901cce7b364e1fc32478409397207a8cdd8 Mon Sep 17 00:00:00 2001
From: hashan <hashan.20@cse.mrt.ac.lk>
Date: Tue, 7 Jul 2020 11:47:56 +0530
Subject: [PATCH 1/9] Deliverable 2 : maven repo and aap client dependency

---
 pom.xml           | 23 +++++++++++++++++++++++
 storeroom/pom.xml | 16 ++++++++++++++++
 2 files changed, 39 insertions(+)

diff --git a/pom.xml b/pom.xml
index ff535fe..27ce8fb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -30,4 +30,27 @@
             <optional>true</optional>
         </dependency>
     </dependencies>
+
+    <repositories>
+        <repository>
+            <id>ossrh</id>
+            <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
+            <releases>
+                <enabled>true</enabled>
+            </releases>
+            <snapshots>
+                <enabled>false</enabled>
+            </snapshots>
+        </repository>
+        <repository>
+            <id>ossrh-snapshot</id>
+            <url>https://oss.sonatype.org/content/repositories/snapshots</url>
+            <releases>
+                <enabled>false</enabled>
+            </releases>
+            <snapshots>
+                <enabled>true</enabled>
+            </snapshots>
+        </repository>
+    </repositories>
 </project>
diff --git a/storeroom/pom.xml b/storeroom/pom.xml
index 017f9db..24a032a 100644
--- a/storeroom/pom.xml
+++ b/storeroom/pom.xml
@@ -50,6 +50,22 @@
             <artifactId>modelmapper</artifactId>
             <version>2.3.0</version>
         </dependency>
+        <!--Biosample AAP client-->
+        <dependency>
+            <groupId>uk.ac.ebi.tsc.aap.client</groupId>
+            <artifactId>aap-client-java</artifactId>
+            <version>0.1-SNAPSHOT</version>
+        </dependency>
+        <dependency>
+            <groupId>uk.ac.ebi.tsc.aap.client</groupId>
+            <artifactId>security</artifactId>
+            <version>2.0.1-SNAPSHOT</version>
+        </dependency>
+        <dependency>
+            <groupId>uk.ac.ebi.tsc.aap.client</groupId>
+            <artifactId>service</artifactId>
+            <version>2.0.1-SNAPSHOT</version>
+        </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-test</artifactId>

From ac096cddd1e72bf6f94911ac7e5e4c87e404d0b1 Mon Sep 17 00:00:00 2001
From: hashan <hashan.20@cse.mrt.ac.lk>
Date: Thu, 9 Jul 2020 12:23:19 +0530
Subject: [PATCH 2/9] Deliverable 3 : AAP Conf

---
 storeroom/src/main/resources/application-dev.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/storeroom/src/main/resources/application-dev.yml b/storeroom/src/main/resources/application-dev.yml
index bfdc847..64c3b5f 100644
--- a/storeroom/src/main/resources/application-dev.yml
+++ b/storeroom/src/main/resources/application-dev.yml
@@ -17,3 +17,9 @@ management:
 # Elixir Validator
 elixirValidator:
   hostUrl: http://localhost:3000/validate
+
+# BioSample AAP Conf
+aap:
+  url: https://api.aai.ebi.ac.uk
+jwt:
+  certificate: https://explore.api.aai.ebi.ac.uk/meta/public.der
\ No newline at end of file

From 995a9cfdc161681b0ec3c99809798ac79b3640e7 Mon Sep 17 00:00:00 2001
From: hashan <hashan.20@cse.mrt.ac.lk>
Date: Thu, 9 Jul 2020 12:24:28 +0530
Subject: [PATCH 3/9] Deliverable 3 : Spring security dependency pom.xml

---
 storeroom/pom.xml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/storeroom/pom.xml b/storeroom/pom.xml
index 24a032a..7e74da7 100644
--- a/storeroom/pom.xml
+++ b/storeroom/pom.xml
@@ -30,6 +30,10 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-web</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-actuator</artifactId>

From d1c262f1f9c509cb677a5110c1a77c6d2462b246 Mon Sep 17 00:00:00 2001
From: hashan <hashan.20@cse.mrt.ac.lk>
Date: Thu, 9 Jul 2020 21:44:33 +0530
Subject: [PATCH 4/9] Deliverable 3 : minimal authentication without checking
 domain

---
 storeroom/pom.xml                             | 22 +++++---
 .../auth/BioSamplesAAPWebSecurityConfig.java  | 51 +++++++++++++++++++
 .../src/main/resources/application-dev.yml    |  7 ++-
 3 files changed, 70 insertions(+), 10 deletions(-)
 create mode 100644 storeroom/src/main/java/uk/ac/ebi/biosamples/jsonschema/jsonschemastore/auth/BioSamplesAAPWebSecurityConfig.java

diff --git a/storeroom/pom.xml b/storeroom/pom.xml
index 7e74da7..2b82b7d 100644
--- a/storeroom/pom.xml
+++ b/storeroom/pom.xml
@@ -26,13 +26,13 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-data-mongodb</artifactId>
         </dependency>
-        <dependency>
+<!--        <dependency>
             <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-web</artifactId>
-        </dependency>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>-->
         <dependency>
             <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-security</artifactId>
+            <artifactId>spring-boot-starter-web</artifactId>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
@@ -55,21 +55,22 @@
             <version>2.3.0</version>
         </dependency>
         <!--Biosample AAP client-->
-        <dependency>
+<!--        <dependency>
             <groupId>uk.ac.ebi.tsc.aap.client</groupId>
             <artifactId>aap-client-java</artifactId>
             <version>0.1-SNAPSHOT</version>
-        </dependency>
+        </dependency>-->
         <dependency>
             <groupId>uk.ac.ebi.tsc.aap.client</groupId>
             <artifactId>security</artifactId>
             <version>2.0.1-SNAPSHOT</version>
         </dependency>
-        <dependency>
+<!--        <dependency>
             <groupId>uk.ac.ebi.tsc.aap.client</groupId>
             <artifactId>service</artifactId>
             <version>2.0.1-SNAPSHOT</version>
-        </dependency>
+        </dependency>-->
+
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-test</artifactId>
@@ -81,6 +82,11 @@
                 </exclusion>
             </exclusions>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-test</artifactId>
+            <scope>test</scope>
+        </dependency>
         <dependency>
             <groupId>org.springframework.restdocs</groupId>
             <artifactId>spring-restdocs-mockmvc</artifactId>
diff --git a/storeroom/src/main/java/uk/ac/ebi/biosamples/jsonschema/jsonschemastore/auth/BioSamplesAAPWebSecurityConfig.java b/storeroom/src/main/java/uk/ac/ebi/biosamples/jsonschema/jsonschemastore/auth/BioSamplesAAPWebSecurityConfig.java
new file mode 100644
index 0000000..9ba7213
--- /dev/null
+++ b/storeroom/src/main/java/uk/ac/ebi/biosamples/jsonschema/jsonschemastore/auth/BioSamplesAAPWebSecurityConfig.java
@@ -0,0 +1,51 @@
+//package uk.ac.ebi.biosamples.jsonschema.jsonschemastore.auth;
+//
+//import lombok.extern.slf4j.Slf4j;
+//import org.springframework.beans.factory.annotation.Autowired;
+//import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+//import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+//import org.springframework.security.config.http.SessionCreationPolicy;
+//import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+//import org.springframework.stereotype.Component;
+//import uk.ac.ebi.tsc.aap.client.security.AAPWebSecurityAutoConfiguration.AAPWebSecurityConfig;
+//import uk.ac.ebi.tsc.aap.client.security.StatelessAuthenticationEntryPoint;
+//import uk.ac.ebi.tsc.aap.client.security.StatelessAuthenticationFilter;
+//import uk.ac.ebi.tsc.aap.client.security.TokenAuthenticationService;
+//
+//@Slf4j
+//@Component
+//public class BioSamplesAAPWebSecurityConfig extends AAPWebSecurityConfig {
+//    private final StatelessAuthenticationEntryPoint unauthorizedHandler;
+//
+//    private TokenAuthenticationService tokenAuthenticationService;
+//
+//    public BioSamplesAAPWebSecurityConfig(StatelessAuthenticationEntryPoint unauthorizedHandler, TokenAuthenticationService tokenAuthenticationService) {
+//        this.unauthorizedHandler = unauthorizedHandler;
+//        this.tokenAuthenticationService = tokenAuthenticationService;
+//    }
+//
+//    private StatelessAuthenticationFilter statelessAuthenticationFilterBean() throws Exception {
+//        return new StatelessAuthenticationFilter(this.tokenAuthenticationService);
+//    }
+//
+//    @Override
+//    protected void configure(HttpSecurity httpSecurity) throws Exception {
+//        httpSecurity
+//                // we don't need CSRF because our token is invulnerable
+//                .csrf().disable()
+//                .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
+//                // don't create session
+//                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
+//
+//        httpSecurity.addFilterBefore(statelessAuthenticationFilterBean(),
+//                UsernamePasswordAuthenticationFilter.class);
+//
+//        //disable the no-cache header injectection, we'll manage this ourselves
+//        httpSecurity.headers().cacheControl().disable();
+//    }
+//
+//    @Autowired
+//    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+//        auth.userDetailsService(userDetailsService());
+//    }
+//}
diff --git a/storeroom/src/main/resources/application-dev.yml b/storeroom/src/main/resources/application-dev.yml
index 64c3b5f..7626379 100644
--- a/storeroom/src/main/resources/application-dev.yml
+++ b/storeroom/src/main/resources/application-dev.yml
@@ -20,6 +20,9 @@ elixirValidator:
 
 # BioSample AAP Conf
 aap:
-  url: https://api.aai.ebi.ac.uk
+  url: https://explore.api.aai.ebi.ac.uk
 jwt:
-  certificate: https://explore.api.aai.ebi.ac.uk/meta/public.der
\ No newline at end of file
+  certificate: https://explore.api.aai.ebi.ac.uk/meta/public.der
+aap-client:
+  cors:
+    enabled: true
\ No newline at end of file

From 4ee1be755012a24e9e9f483bd5f66bdab480afef Mon Sep 17 00:00:00 2001
From: hashan <hashan.20@cse.mrt.ac.lk>
Date: Thu, 9 Jul 2020 23:28:01 +0530
Subject: [PATCH 5/9] Deliverable 3 : integration test fixing

---
 .../src/main/resources/application-test.yml   |   6 ++
 ...chemaBlockControllerIntegrateFastTest.java | 101 ++++++++++++++++++
 .../SchemaBlockControllerIntegrateTest.java   |  66 +++---------
 .../integration/util/AppClientHelper.java     |  27 +++++
 4 files changed, 146 insertions(+), 54 deletions(-)
 create mode 100644 storeroom/src/test/java/uk/ac/ebi/biosamples/jsonschema/jsonschemastore/integration/schema/resource/SchemaBlockControllerIntegrateFastTest.java
 create mode 100644 storeroom/src/test/java/uk/ac/ebi/biosamples/jsonschema/jsonschemastore/integration/util/AppClientHelper.java

diff --git a/storeroom/src/main/resources/application-test.yml b/storeroom/src/main/resources/application-test.yml
index 1525079..8802dfb 100644
--- a/storeroom/src/main/resources/application-test.yml
+++ b/storeroom/src/main/resources/application-test.yml
@@ -10,3 +10,9 @@ spring:
 # Elixir Validator
 elixirValidator:
   hostUrl: http://localhost:3000/validate
+
+# BioSample AAP Conf
+aap:
+  url: https://explore.api.aai.ebi.ac.uk
+jwt:
+  certificate: https://explore.api.aai.ebi.ac.uk/meta/public.der
diff --git a/storeroom/src/test/java/uk/ac/ebi/biosamples/jsonschema/jsonschemastore/integration/schema/resource/SchemaBlockControllerIntegrateFastTest.java b/storeroom/src/test/java/uk/ac/ebi/biosamples/jsonschema/jsonschemastore/integration/schema/resource/SchemaBlockControllerIntegrateFastTest.java
new file mode 100644
index 0000000..036e9e7
--- /dev/null
+++ b/storeroom/src/test/java/uk/ac/ebi/biosamples/jsonschema/jsonschemastore/integration/schema/resource/SchemaBlockControllerIntegrateFastTest.java
@@ -0,0 +1,101 @@
+package uk.ac.ebi.biosamples.jsonschema.jsonschemastore.integration.schema.resource;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.modelmapper.ModelMapper;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.ActiveProfiles;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.MvcResult;
+import org.springframework.test.web.servlet.RequestBuilder;
+import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
+import uk.ac.ebi.biosamples.jsonschema.jsonschemastore.dto.SchemaBlockDocument;
+import uk.ac.ebi.biosamples.jsonschema.jsonschemastore.integration.util.AppClientHelper;
+import uk.ac.ebi.biosamples.jsonschema.jsonschemastore.integration.util.SchemaBlockFactoryUtil;
+import uk.ac.ebi.biosamples.jsonschema.jsonschemastore.schema.document.SchemaBlock;
+import uk.ac.ebi.biosamples.jsonschema.jsonschemastore.schema.repository.SchemaBlockRepository;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+@SpringBootTest
+@AutoConfigureMockMvc
+@ActiveProfiles(profiles = "test")
+class SchemaBlockControllerIntegrateFastTest {
+
+  private static final String jwt = AppClientHelper.getToken();
+
+  @Autowired private MockMvc mockMvc;
+  @Autowired private SchemaBlockRepository schemaBlockRepository;
+  @Autowired private ObjectMapper objectMapper;
+  @Autowired private ModelMapper modelMapper;
+  private SchemaBlock schemaBlock;
+
+  @BeforeEach
+  public void init() throws JsonProcessingException {
+    schemaBlockRepository.deleteAll();
+    schemaBlock = SchemaBlockFactoryUtil.getSchemaBlockObject();
+  }
+
+  @Test
+  public void testGetAllSchemaBlock() throws Exception {
+    schemaBlockRepository.save(schemaBlock);
+    RequestBuilder requestBuilder =
+        MockMvcRequestBuilders.get("/api/v1/schemas").header(AppClientHelper.AUTHORIZATION, jwt);
+    MvcResult mvcResult = mockMvc.perform(requestBuilder).andReturn();
+    assertEquals(200, mvcResult.getResponse().getStatus(), "status code is not equal.");
+    assertEquals(
+        modelMapper.map(schemaBlock, SchemaBlockDocument.class),
+        objectMapper
+            .readValue(mvcResult.getResponse().getContentAsString(), SchemaBlockDocument[].class)[
+            0],
+        "schemaBlock is not equal.");
+  }
+
+  @Test
+  public void testGetSchemaBlockById() throws Exception {
+    schemaBlockRepository.save(schemaBlock);
+    RequestBuilder requestBuilder =
+        MockMvcRequestBuilders.get("/api/v1/schemas/")
+            .param("id", schemaBlock.getId())
+            .header(AppClientHelper.AUTHORIZATION, jwt);
+    MvcResult mvcResult = mockMvc.perform(requestBuilder).andReturn();
+    assertEquals(200, mvcResult.getResponse().getStatus(), "status code is not equal.");
+    JsonNode jsonNode = objectMapper.readTree(mvcResult.getResponse().getContentAsString());
+    assertEquals(
+        modelMapper.map(schemaBlock, SchemaBlockDocument.class),
+        objectMapper.readValue(jsonNode.toPrettyString(), SchemaBlockDocument.class),
+        "schemaBlockDocument ids are not equal.");
+  }
+
+  @Test
+  public void testDeleteSchemaBlocks() throws Exception {
+    schemaBlockRepository.save(schemaBlock);
+    assertEquals(1, schemaBlockRepository.count());
+    RequestBuilder requestBuilder =
+        MockMvcRequestBuilders.delete("/api/v1/schemas")
+            .header(AppClientHelper.AUTHORIZATION, jwt)
+            .contentType("application/json")
+            .content(SchemaBlockFactoryUtil.SCHEMA);
+    MvcResult mvcResult = mockMvc.perform(requestBuilder).andReturn();
+    assertEquals(204, mvcResult.getResponse().getStatus(), "status code is not equal.");
+    assertEquals(0, schemaBlockRepository.count(), "count should be 0 after deleting");
+  }
+
+  @Test
+  public void testDeleteSchemaBlocksById() throws Exception {
+    schemaBlockRepository.save(schemaBlock);
+    assertEquals(1, schemaBlockRepository.count());
+    RequestBuilder requestBuilder =
+        MockMvcRequestBuilders.delete("/api/v1/schemas/")
+            .param("id", schemaBlock.getId())
+            .header(AppClientHelper.AUTHORIZATION, jwt);
+    MvcResult mvcResult = mockMvc.perform(requestBuilder).andReturn();
+    assertEquals(204, mvcResult.getResponse().getStatus(), "status code is not equal.");
+    assertEquals(0, schemaBlockRepository.count(), "count should be 0 after deleting");
+  }
+}
diff --git a/storeroom/src/test/java/uk/ac/ebi/biosamples/jsonschema/jsonschemastore/integration/schema/resource/SchemaBlockControllerIntegrateTest.java b/storeroom/src/test/java/uk/ac/ebi/biosamples/jsonschema/jsonschemastore/integration/schema/resource/SchemaBlockControllerIntegrateTest.java
index da074aa..ced1214 100644
--- a/storeroom/src/test/java/uk/ac/ebi/biosamples/jsonschema/jsonschemastore/integration/schema/resource/SchemaBlockControllerIntegrateTest.java
+++ b/storeroom/src/test/java/uk/ac/ebi/biosamples/jsonschema/jsonschemastore/integration/schema/resource/SchemaBlockControllerIntegrateTest.java
@@ -19,6 +19,7 @@
 import org.testcontainers.containers.DockerComposeContainer;
 import org.testcontainers.containers.wait.strategy.Wait;
 import uk.ac.ebi.biosamples.jsonschema.jsonschemastore.dto.SchemaBlockDocument;
+import uk.ac.ebi.biosamples.jsonschema.jsonschemastore.integration.util.AppClientHelper;
 import uk.ac.ebi.biosamples.jsonschema.jsonschemastore.integration.util.SchemaBlockFactoryUtil;
 import uk.ac.ebi.biosamples.jsonschema.jsonschemastore.schema.document.SchemaBlock;
 import uk.ac.ebi.biosamples.jsonschema.jsonschemastore.schema.repository.SchemaBlockRepository;
@@ -32,6 +33,8 @@
 @ActiveProfiles(profiles = "test")
 class SchemaBlockControllerIntegrateTest {
 
+  private static final String jwt = AppClientHelper.getToken();
+
   @ClassRule
   private static final DockerComposeContainer environment =
       new DockerComposeContainer(
@@ -52,55 +55,6 @@ public void init() throws JsonProcessingException {
     schemaBlock = SchemaBlockFactoryUtil.getSchemaBlockObject();
   }
 
-  @Test
-  public void testGetAllSchemaBlock() throws Exception {
-    schemaBlockRepository.save(schemaBlock);
-    RequestBuilder requestBuilder = MockMvcRequestBuilders.get("/api/v1/schemas");
-    MvcResult mvcResult = mockMvc.perform(requestBuilder).andReturn();
-    assertEquals(200, mvcResult.getResponse().getStatus(), "status code is not equal.");
-    assertEquals(
-        modelMapper.map(schemaBlock, SchemaBlockDocument.class),
-        objectMapper
-            .readValue(mvcResult.getResponse().getContentAsString(), SchemaBlockDocument[].class)[0],
-        "schemaBlock is not equal.");
-  }
-
-  @Test
-  public void testGetSchemaBlockById() throws Exception {
-    schemaBlockRepository.save(schemaBlock);
-    RequestBuilder requestBuilder =
-        MockMvcRequestBuilders.get("/api/v1/schemas/").param("id", schemaBlock.getId());
-    MvcResult mvcResult = mockMvc.perform(requestBuilder).andReturn();
-    assertEquals(200, mvcResult.getResponse().getStatus(), "status code is not equal.");
-    JsonNode jsonNode = objectMapper.readTree(mvcResult.getResponse().getContentAsString());
-    assertEquals(
-        modelMapper.map(schemaBlock, SchemaBlockDocument.class),
-        objectMapper.readValue(jsonNode.toPrettyString(), SchemaBlockDocument.class),
-        "schemaBlockDocument ids are not equal.");
-  }
-
-  @Test
-  public void testDeleteSchemaBlocks() throws Exception {
-    schemaBlockRepository.save(schemaBlock);
-    assertEquals(1, schemaBlockRepository.count());
-    RequestBuilder requestBuilder = MockMvcRequestBuilders.delete("/api/v1/schemas")
-            .contentType("application/json")
-            .content(SchemaBlockFactoryUtil.SCHEMA);
-    MvcResult mvcResult = mockMvc.perform(requestBuilder).andReturn();
-    assertEquals(204, mvcResult.getResponse().getStatus(), "status code is not equal.");
-    assertEquals(0, schemaBlockRepository.count(), "count should be 0 after deleting");
-  }
-
-  @Test
-  public void testDeleteSchemaBlocksById() throws Exception {
-    schemaBlockRepository.save(schemaBlock);
-    assertEquals(1, schemaBlockRepository.count());
-    RequestBuilder requestBuilder = MockMvcRequestBuilders.delete("/api/v1/schemas/").param("id", schemaBlock.getId());
-    MvcResult mvcResult = mockMvc.perform(requestBuilder).andReturn();
-    assertEquals(204, mvcResult.getResponse().getStatus(), "status code is not equal.");
-    assertEquals(0, schemaBlockRepository.count(), "count should be 0 after deleting");
-  }
-
   @Test
   public void testCreateSchemaBlock() throws Exception {
     try {
@@ -108,6 +62,7 @@ public void testCreateSchemaBlock() throws Exception {
       assertEquals(0L, schemaBlockRepository.count());
       RequestBuilder requestBuilder =
           MockMvcRequestBuilders.post("/api/v1/schemas")
+              .header(AppClientHelper.AUTHORIZATION, jwt)
               .contentType("application/json")
               .content(SchemaBlockFactoryUtil.SCHEMA);
       MvcResult mvcResult = mockMvc.perform(requestBuilder).andReturn();
@@ -131,14 +86,17 @@ public void testUpdateSchemaBlocks() throws Exception {
       schemaBlockRepository.save(schemaBlock);
       assertEquals(1, schemaBlockRepository.count());
       environment.start();
-      SchemaBlockDocument schemaBlockDocument = objectMapper.readValue(SchemaBlockFactoryUtil.SCHEMA, SchemaBlockDocument.class);
-      ObjectNode objectNode = (ObjectNode) objectMapper.readTree(schemaBlockDocument.getJsonSchema());
+      SchemaBlockDocument schemaBlockDocument =
+          objectMapper.readValue(SchemaBlockFactoryUtil.SCHEMA, SchemaBlockDocument.class);
+      ObjectNode objectNode =
+          (ObjectNode) objectMapper.readTree(schemaBlockDocument.getJsonSchema());
       String newTitle = "Disease new";
       objectNode.put("title", newTitle);
       RequestBuilder requestBuilder =
-              MockMvcRequestBuilders.put("/api/v1/schemas")
-                      .contentType("application/json")
-                      .content(objectNode.toPrettyString());
+          MockMvcRequestBuilders.put("/api/v1/schemas")
+              .header(AppClientHelper.AUTHORIZATION, jwt)
+              .contentType("application/json")
+              .content(objectNode.toPrettyString());
       MvcResult mvcResult = mockMvc.perform(requestBuilder).andReturn();
       assertEquals(201, mvcResult.getResponse().getStatus(), "Response status was not 201.");
       assertEquals(1L, schemaBlockRepository.count());
diff --git a/storeroom/src/test/java/uk/ac/ebi/biosamples/jsonschema/jsonschemastore/integration/util/AppClientHelper.java b/storeroom/src/test/java/uk/ac/ebi/biosamples/jsonschema/jsonschemastore/integration/util/AppClientHelper.java
new file mode 100644
index 0000000..d5c9ae2
--- /dev/null
+++ b/storeroom/src/test/java/uk/ac/ebi/biosamples/jsonschema/jsonschemastore/integration/util/AppClientHelper.java
@@ -0,0 +1,27 @@
+package uk.ac.ebi.biosamples.jsonschema.jsonschemastore.integration.util;
+
+import org.junit.jupiter.api.Assertions;
+import org.springframework.boot.test.web.client.TestRestTemplate;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+
+public class AppClientHelper {
+
+  public static final String AUTHORIZATION = "Authorization";
+  private static final String BEARER = "Bearer ";
+
+  private static final String appUrl = "https://explore.api.aai.ebi.ac.uk";
+  private static final String userName = "hrashmi";
+  private static final String password = "Tester123!";
+
+  public static String getToken() {
+    TestRestTemplate testRestTemplate = new TestRestTemplate();
+    ResponseEntity<String> response =
+        testRestTemplate
+            .withBasicAuth(userName, password)
+            .getForEntity(appUrl + "/auth", String.class);
+    Assertions.assertEquals(
+        HttpStatus.OK, response.getStatusCode(), "Getting Jwt was not succeed!");
+    return BEARER + response.getBody();
+  }
+}

From cb62bca3862c9a0ef4eb5b0e7aadae46eb8c2d8e Mon Sep 17 00:00:00 2001
From: hashan <hashan.20@cse.mrt.ac.lk>
Date: Fri, 10 Jul 2020 04:07:44 +0530
Subject: [PATCH 6/9] Deliverable 3 : Adding authorization for schemas crud

---
 .../auth/BioSamplesAAPWebSecurityConfig.java  | 121 ++++++++++--------
 .../src/main/resources/application-dev.yml    |   7 +-
 2 files changed, 74 insertions(+), 54 deletions(-)

diff --git a/storeroom/src/main/java/uk/ac/ebi/biosamples/jsonschema/jsonschemastore/auth/BioSamplesAAPWebSecurityConfig.java b/storeroom/src/main/java/uk/ac/ebi/biosamples/jsonschema/jsonschemastore/auth/BioSamplesAAPWebSecurityConfig.java
index 9ba7213..dd8059d 100644
--- a/storeroom/src/main/java/uk/ac/ebi/biosamples/jsonschema/jsonschemastore/auth/BioSamplesAAPWebSecurityConfig.java
+++ b/storeroom/src/main/java/uk/ac/ebi/biosamples/jsonschema/jsonschemastore/auth/BioSamplesAAPWebSecurityConfig.java
@@ -1,51 +1,70 @@
-//package uk.ac.ebi.biosamples.jsonschema.jsonschemastore.auth;
-//
-//import lombok.extern.slf4j.Slf4j;
-//import org.springframework.beans.factory.annotation.Autowired;
-//import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-//import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-//import org.springframework.security.config.http.SessionCreationPolicy;
-//import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
-//import org.springframework.stereotype.Component;
-//import uk.ac.ebi.tsc.aap.client.security.AAPWebSecurityAutoConfiguration.AAPWebSecurityConfig;
-//import uk.ac.ebi.tsc.aap.client.security.StatelessAuthenticationEntryPoint;
-//import uk.ac.ebi.tsc.aap.client.security.StatelessAuthenticationFilter;
-//import uk.ac.ebi.tsc.aap.client.security.TokenAuthenticationService;
-//
-//@Slf4j
-//@Component
-//public class BioSamplesAAPWebSecurityConfig extends AAPWebSecurityConfig {
-//    private final StatelessAuthenticationEntryPoint unauthorizedHandler;
-//
-//    private TokenAuthenticationService tokenAuthenticationService;
-//
-//    public BioSamplesAAPWebSecurityConfig(StatelessAuthenticationEntryPoint unauthorizedHandler, TokenAuthenticationService tokenAuthenticationService) {
-//        this.unauthorizedHandler = unauthorizedHandler;
-//        this.tokenAuthenticationService = tokenAuthenticationService;
-//    }
-//
-//    private StatelessAuthenticationFilter statelessAuthenticationFilterBean() throws Exception {
-//        return new StatelessAuthenticationFilter(this.tokenAuthenticationService);
-//    }
-//
-//    @Override
-//    protected void configure(HttpSecurity httpSecurity) throws Exception {
-//        httpSecurity
-//                // we don't need CSRF because our token is invulnerable
-//                .csrf().disable()
-//                .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
-//                // don't create session
-//                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
-//
-//        httpSecurity.addFilterBefore(statelessAuthenticationFilterBean(),
-//                UsernamePasswordAuthenticationFilter.class);
-//
-//        //disable the no-cache header injectection, we'll manage this ourselves
-//        httpSecurity.headers().cacheControl().disable();
-//    }
-//
-//    @Autowired
-//    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
-//        auth.userDetailsService(userDetailsService());
-//    }
-//}
+package uk.ac.ebi.biosamples.jsonschema.jsonschemastore.auth;
+
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.core.annotation.Order;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.stereotype.Component;
+import uk.ac.ebi.tsc.aap.client.security.AAPWebSecurityAutoConfiguration.AAPWebSecurityConfig;
+import uk.ac.ebi.tsc.aap.client.security.StatelessAuthenticationEntryPoint;
+import uk.ac.ebi.tsc.aap.client.security.StatelessAuthenticationFilter;
+import uk.ac.ebi.tsc.aap.client.security.TokenAuthenticationService;
+
+@Slf4j
+@Component
+@Order(99)
+public class BioSamplesAAPWebSecurityConfig extends AAPWebSecurityConfig {
+
+  // private static final String ROLE_SELF_JSON_SCHEMA_STORE = "ROLE_self.json-schema-store";
+  private final StatelessAuthenticationEntryPoint unauthorizedHandler;
+
+  private final TokenAuthenticationService tokenAuthenticationService;
+
+  @Value("${aap.schemaAuthority}")
+  private String schemaAuthority;
+
+  public BioSamplesAAPWebSecurityConfig(
+      StatelessAuthenticationEntryPoint unauthorizedHandler,
+      TokenAuthenticationService tokenAuthenticationService) {
+    this.unauthorizedHandler = unauthorizedHandler;
+    this.tokenAuthenticationService = tokenAuthenticationService;
+  }
+
+  private StatelessAuthenticationFilter statelessAuthenticationFilterBean() throws Exception {
+    return new StatelessAuthenticationFilter(this.tokenAuthenticationService);
+  }
+
+  @Override
+  protected void configure(HttpSecurity httpSecurity) throws Exception {
+    httpSecurity
+        // we don't need CSRF because our token is invulnerable
+        .csrf()
+        .disable()
+        .exceptionHandling()
+        .authenticationEntryPoint(unauthorizedHandler)
+        .and()
+        .authorizeRequests()
+        .antMatchers("/api/v1/schemas", "/api/v1/schemas/**")
+        // adding Authority to request for schema
+        .hasAuthority(schemaAuthority)
+        .and()
+        // don't create session
+        .sessionManagement()
+        .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
+
+    httpSecurity.addFilterBefore(
+        statelessAuthenticationFilterBean(), UsernamePasswordAuthenticationFilter.class);
+
+    // disable the no-cache header injectection, we'll manage this ourselves
+    httpSecurity.headers().cacheControl().disable();
+  }
+
+  @Autowired
+  public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+    auth.userDetailsService(userDetailsService());
+  }
+}
diff --git a/storeroom/src/main/resources/application-dev.yml b/storeroom/src/main/resources/application-dev.yml
index 7626379..cf11fa9 100644
--- a/storeroom/src/main/resources/application-dev.yml
+++ b/storeroom/src/main/resources/application-dev.yml
@@ -21,8 +21,9 @@ elixirValidator:
 # BioSample AAP Conf
 aap:
   url: https://explore.api.aai.ebi.ac.uk
+  schemaAuthority: ROLE_self.json-schema-store
 jwt:
   certificate: https://explore.api.aai.ebi.ac.uk/meta/public.der
-aap-client:
-  cors:
-    enabled: true
\ No newline at end of file
+#aap-client:
+#  cors:
+#    enabled: true
\ No newline at end of file

From 2f4c6efe629c554fdcb094239c407cf0414b0322 Mon Sep 17 00:00:00 2001
From: hashan <hashan.20@cse.mrt.ac.lk>
Date: Fri, 10 Jul 2020 04:44:39 +0530
Subject: [PATCH 7/9] Deliverable 3 : Adding authorization for schemas CRUD

---
 .../src/main/resources/application-test.yml      |  1 +
 .../SchemaBlockControllerIntegrateTest.java      | 16 ++++++----------
 2 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/storeroom/src/main/resources/application-test.yml b/storeroom/src/main/resources/application-test.yml
index 8802dfb..72658f7 100644
--- a/storeroom/src/main/resources/application-test.yml
+++ b/storeroom/src/main/resources/application-test.yml
@@ -14,5 +14,6 @@ elixirValidator:
 # BioSample AAP Conf
 aap:
   url: https://explore.api.aai.ebi.ac.uk
+  schemaAuthority: ROLE_self.json-schema-store
 jwt:
   certificate: https://explore.api.aai.ebi.ac.uk/meta/public.der
diff --git a/storeroom/src/test/java/uk/ac/ebi/biosamples/jsonschema/jsonschemastore/integration/schema/resource/SchemaBlockControllerIntegrateTest.java b/storeroom/src/test/java/uk/ac/ebi/biosamples/jsonschema/jsonschemastore/integration/schema/resource/SchemaBlockControllerIntegrateTest.java
index ced1214..414c7f0 100644
--- a/storeroom/src/test/java/uk/ac/ebi/biosamples/jsonschema/jsonschemastore/integration/schema/resource/SchemaBlockControllerIntegrateTest.java
+++ b/storeroom/src/test/java/uk/ac/ebi/biosamples/jsonschema/jsonschemastore/integration/schema/resource/SchemaBlockControllerIntegrateTest.java
@@ -5,6 +5,7 @@
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.node.ObjectNode;
 import org.junit.ClassRule;
+import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.modelmapper.ModelMapper;
@@ -49,6 +50,11 @@ class SchemaBlockControllerIntegrateTest {
   @Autowired private ModelMapper modelMapper;
   private SchemaBlock schemaBlock;
 
+  @BeforeAll
+  public static void setup() {
+    environment.start();
+  }
+
   @BeforeEach
   public void init() throws JsonProcessingException {
     schemaBlockRepository.deleteAll();
@@ -57,8 +63,6 @@ public void init() throws JsonProcessingException {
 
   @Test
   public void testCreateSchemaBlock() throws Exception {
-    try {
-      environment.start();
       assertEquals(0L, schemaBlockRepository.count());
       RequestBuilder requestBuilder =
           MockMvcRequestBuilders.post("/api/v1/schemas")
@@ -75,17 +79,12 @@ public void testCreateSchemaBlock() throws Exception {
           modelMapper.map(schemaBlock, SchemaBlockDocument.class),
           objectMapper.readValue(jsonNode.toPrettyString(), SchemaBlockDocument.class),
           "schemaBlockDocument ids are not equal.");
-    } finally {
-      environment.stop();
-    }
   }
 
   @Test
   public void testUpdateSchemaBlocks() throws Exception {
-    try {
       schemaBlockRepository.save(schemaBlock);
       assertEquals(1, schemaBlockRepository.count());
-      environment.start();
       SchemaBlockDocument schemaBlockDocument =
           objectMapper.readValue(SchemaBlockFactoryUtil.SCHEMA, SchemaBlockDocument.class);
       ObjectNode objectNode =
@@ -105,8 +104,5 @@ public void testUpdateSchemaBlocks() throws Exception {
       JsonNode jsonNode = objectMapper.readTree(mvcResult.getResponse().getContentAsString());
       assertEquals(schemaBlock.getId(), jsonNode.get("$id").asText());
       assertEquals(newTitle, jsonNode.get("title").asText());
-    } finally {
-      environment.stop();
-    }
   }
 }

From 705969e9c43551e8712c66a1067f3982f409b48f Mon Sep 17 00:00:00 2001
From: hashan <hashan.20@cse.mrt.ac.lk>
Date: Fri, 10 Jul 2020 04:53:19 +0530
Subject: [PATCH 8/9] Deliverable 3 : refactor storeroom pom.xml

---
 storeroom/pom.xml | 14 --------------
 1 file changed, 14 deletions(-)

diff --git a/storeroom/pom.xml b/storeroom/pom.xml
index 7d46ed1..0de50f0 100644
--- a/storeroom/pom.xml
+++ b/storeroom/pom.xml
@@ -31,10 +31,6 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-data-mongodb</artifactId>
         </dependency>
-<!--        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-security</artifactId>
-        </dependency>-->
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-web</artifactId>
@@ -60,21 +56,11 @@
             <version>2.3.0</version>
         </dependency>
         <!--Biosample AAP client-->
-<!--        <dependency>
-            <groupId>uk.ac.ebi.tsc.aap.client</groupId>
-            <artifactId>aap-client-java</artifactId>
-            <version>0.1-SNAPSHOT</version>
-        </dependency>-->
         <dependency>
             <groupId>uk.ac.ebi.tsc.aap.client</groupId>
             <artifactId>security</artifactId>
             <version>2.0.1-SNAPSHOT</version>
         </dependency>
-<!--        <dependency>
-            <groupId>uk.ac.ebi.tsc.aap.client</groupId>
-            <artifactId>service</artifactId>
-            <version>2.0.1-SNAPSHOT</version>
-        </dependency>-->
 
         <dependency>
             <groupId>org.springframework.boot</groupId>

From 4e22cb40048654dcdde7d577a60f59b6dc523981 Mon Sep 17 00:00:00 2001
From: hashan <hashan.20@cse.mrt.ac.lk>
Date: Fri, 10 Jul 2020 05:06:27 +0530
Subject: [PATCH 9/9] Deliverable 3 : application-docker.yml with  aap conf

---
 storeroom/src/main/resources/application-docker.yml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/storeroom/src/main/resources/application-docker.yml b/storeroom/src/main/resources/application-docker.yml
index 095d033..79ebf60 100644
--- a/storeroom/src/main/resources/application-docker.yml
+++ b/storeroom/src/main/resources/application-docker.yml
@@ -17,3 +17,10 @@ management:
 # Elixir Validator
 elixirValidator:
   hostUrl: http://validator:3020/validate
+
+# BioSample AAP Conf
+aap:
+  url: https://explore.api.aai.ebi.ac.uk
+  schemaAuthority: ROLE_self.json-schema-store
+jwt:
+  certificate: https://explore.api.aai.ebi.ac.uk/meta/public.der