bugfix: use jsr250 annotations

SecurityCheckerBean not work
StatelessExceptionHandler
use jsr250 annotations

sep490-common/src/main/java/sep490/common/api/security/UserRole.java

@@ -17,9 +17,9 @@ public enum UserRole implements BaseEnum {
 
 
     public static final class RoleNameConstant {
-        public static final String ENTERPRISE_OWNER = "sep490.EnterpriseOwner";
-        public static final String ENTERPRISE_EMPLOYEE = "sep490.EnterpriseEmployee";
-        public static final String SYSTEM_ADMIN = "sep490.SystemAdmin";
+        public static final String ENTERPRISE_OWNER = "ENTERPRISE_OWNER";
+        public static final String ENTERPRISE_EMPLOYEE = "ENTERPRISE_EMPLOYEE";
+        public static final String SYSTEM_ADMIN = "SYSTEM_ADMIN";
 
         private RoleNameConstant() {
         }

sep490-idp/src/main/java/sep490/idp/configs/GenericSecurityConfig.java

@@ -0,0 +1,18 @@
+package sep490.idp.configs;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+@Configuration
+@EnableMethodSecurity(jsr250Enabled = true)
+public class GenericSecurityConfig {
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+
+}

sep490-idp/src/main/java/sep490/idp/configs/MvcSecurityConfig.java

@@ -5,8 +5,6 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.WebAuthnConfigurer;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
-import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import sep490.idp.security.CustomAuthenticationFailureHandler;
@@ -51,9 +49,4 @@ public AuthenticationFailureHandler authenticationFailureHandler() {
         return new CustomAuthenticationFailureHandler();
     }
 
-    @Bean
-    public PasswordEncoder passwordEncoder() {
-        return new BCryptPasswordEncoder();
-    }
-
 }

sep490-idp/src/main/java/sep490/idp/exceptions/handlers/StatelessExceptionHandler.java

@@ -4,6 +4,7 @@
 import org.slf4j.MDC;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.authorization.AuthorizationDeniedException;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.RestControllerAdvice;
 import sep490.common.api.exceptions.BusinessErrorResponse;
@@ -17,9 +18,7 @@
 public class StatelessExceptionHandler {
 
     private static TechnicalErrorResponse technicalError(Throwable exception, String errorMsg) {
-        var correlationId = MDC.get(MDCContext.CORRELATION_ID);
-        log.error("Unhandled exception occurred. Correlation ID: {}", correlationId, exception);
-        return new TechnicalErrorResponse(correlationId, errorMsg);
+        return new TechnicalErrorResponse(MDC.get(MDCContext.CORRELATION_ID), errorMsg);
     }
 
     private static BusinessErrorResponse businessError(BusinessException exception) {
@@ -33,6 +32,7 @@ private static BusinessErrorResponse businessError(BusinessException exception)
 
     @ExceptionHandler(Exception.class)
     public ResponseEntity<TechnicalErrorResponse> handleGenericException(Exception ex) {
+        log.error("Unhandled exception occurred. Correlation ID: {}", MDC.get(MDCContext.CORRELATION_ID), ex);
         return ResponseEntity
                 .status(HttpStatus.INTERNAL_SERVER_ERROR)
                 .body(technicalError(ex, ex.getMessage()));
@@ -51,4 +51,11 @@ public ResponseEntity<BusinessErrorResponse> handleBusinessException(BusinessExc
                 .status(ex.getHttpStatus())
                 .body(businessError(ex));
     }
+
+    @ExceptionHandler(AuthorizationDeniedException.class)
+    public ResponseEntity<TechnicalErrorResponse> handleAccessDeniedException(AuthorizationDeniedException ex) {
+        return ResponseEntity
+                .status(HttpStatus.FORBIDDEN)
+                .body(technicalError(ex, ex.getMessage()));
+    }
 }

sep490-idp/src/main/java/sep490/idp/rest/DevResource.java

@@ -1,8 +1,8 @@
 package sep490.idp.rest;
 
+import jakarta.annotation.security.RolesAllowed;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.ResponseEntity;
-import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -11,6 +11,7 @@
 import org.springframework.web.bind.annotation.RestController;
 import sep490.common.api.exceptions.BusinessException;
 import sep490.common.api.exceptions.TechnicalException;
+import sep490.common.api.security.UserRole;
 import sep490.idp.dto.EnterpriseUserDTO;
 
 import java.security.Principal;
@@ -42,8 +43,11 @@ public ResponseEntity<Void> throwBusinessException() {
         throw new BusinessException("field", "i18nKey", Collections.emptyList());
     }
 
-    @GetMapping("/secure")
-    @PreAuthorize("@securityCheckerBean.checkIfUserHasPermission(buildingId)")
+    @GetMapping("/secure/{buildingId}")
+    @RolesAllowed({
+            UserRole.RoleNameConstant.ENTERPRISE_OWNER,
+            UserRole.RoleNameConstant.ENTERPRISE_EMPLOYEE
+    })
     public ResponseEntity<String> secure(@PathVariable UUID buildingId) {
         return ResponseEntity.ok(buildingId.toString());
     }

sep490-idp/src/main/java/sep490/idp/security/SecurityCheckerBean.java

@@ -8,8 +8,6 @@
 
 @Component
 public class SecurityCheckerBean {
-
-
     public boolean checkIfUserHasPermission(UUID buildingId) {
         if (buildingId == null) {
             return false;

sep490-idp/src/main/java/sep490/idp/security/UserContextData.java

@@ -26,7 +26,7 @@ public UserContextData(@NotNull UserEntity userEntity) {
         // TODO: [Thong DANG HOANG] implement authorities
         this.authorities = Collections.emptyList();
     }
-
+    
     public UserContextData(@NotNull UserEntity userEntity,
                            List<BuildingPermissionEntity> permissions) {
         this(userEntity);