dev en cours

bin/main/application.properties

@@ -10,4 +10,4 @@ spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect
 
 logging.level.org.springframework=INFO
 
-server.servlet.context-path=/
+server.servlet.context-path=/demovote-api/v1

build.gradle

@@ -18,6 +18,7 @@ dependencies {
 
   implementation 'org.springframework.boot:spring-boot-starter-actuator'
   implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
+	implementation 'org.springframework.boot:spring-boot-starter-security'
   implementation 'org.springframework.boot:spring-boot-starter-web'
 
   implementation 'io.hypersistence:hypersistence-utils-hibernate-63:3.9.0'
@@ -31,6 +32,7 @@ dependencies {
   providedRuntime 'org.springframework.boot:spring-boot-starter-tomcat'
 	
   testImplementation 'org.springframework.boot:spring-boot-starter-test'
+	testImplementation 'org.springframework.security:spring-security-test'
 
   testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
 }

src/main/java/fr/triplea/demovote/DemovoteApplication.java

@@ -3,9 +3,9 @@ package fr.triplea.demovote;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 
-@SpringBootApplication(exclude = {
+@SpringBootApplication( /*exclude = {
     org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration.class,
-    org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration.class}
+    org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration.class}*/
     )
 public class DemovoteApplication 
 {

src/main/java/fr/triplea/demovote/persistence/dao/PrivilegeRepository.java

@@ -1,27 +0,0 @@
-package fr.triplea.demovote.persistence.dao;
-
-import java.util.List;
-
-import org.springframework.data.jpa.repository.JpaRepository;
-import org.springframework.data.jpa.repository.NativeQuery;
-import org.springframework.data.repository.query.Param;
-
-import fr.triplea.demovote.persistence.model.Privilege;
-import fr.triplea.demovote.persistence.model.Role;
-
-public interface PrivilegeRepository extends JpaRepository<Privilege, Integer> 
-{
-  
-  @NativeQuery("SELECT DISTINCT p.* FROM vote.privileges AS p WHERE p.numero_privilege = :id ")
-  Privilege findById(@Param("id") int id);
-
-  @NativeQuery("SELECT DISTINCT p.* FROM vote.privileges AS p WHERE p.libelle = :libelle ")
-  Privilege findByLibelle(@Param("libelle") String libelle);
-  
-  @NativeQuery("SELECT DISTINCT p.* FROM vote.roles_privileges AS rp INNER JOIN vote.roles AS r ON rp.numero_role = r.numero_role INNER JOIN vote.privileges AS p ON rp.numero_privilege = r.numero_privilege WHERE r.flag_actif IS TRUE AND r.numero_role = :role ")
-  List<Privilege> findbyRole(@Param("role") Role role);
-
-  @Override
-  void delete(Privilege privilege);
-  
-}

src/main/java/fr/triplea/demovote/persistence/dao/RoleRepository.java

@@ -6,24 +6,20 @@ import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.data.jpa.repository.NativeQuery;
 import org.springframework.data.repository.query.Param;
 
-import fr.triplea.demovote.persistence.model.Privilege;
 import fr.triplea.demovote.persistence.model.Role;
 
 public interface RoleRepository extends JpaRepository<Role, Integer> 
 {
 
-  @NativeQuery("SELECT DISTINCT r.* FROM vote.roles AS r WHERE r.numero_role = :id AND r.flag_actif IS TRUE ")
+  @NativeQuery("SELECT DISTINCT r.* FROM vote.roles AS r WHERE r.numero_role = :id ")
   Role findById(@Param("id") int id);
   
-  @NativeQuery("SELECT DISTINCT r.* FROM vote.roles AS r WHERE r.libelle = :libelle AND  r.flag_actif IS TRUE ")
+  @NativeQuery("SELECT DISTINCT r.* FROM vote.roles AS r WHERE r.libelle = :libelle ")
   Role findByLibelle(@Param("libelle") String libelle);
   
-  @NativeQuery("SELECT DISTINCT r.* FROM vote.roles AS r WHERE r.flag_actif IS TRUE ")
+  @NativeQuery("SELECT DISTINCT r.* FROM vote.roles AS r ")
   List<Role> findAll();
   
-  @NativeQuery("SELECT DISTINCT r.* FROM vote.roles_privileges AS rp INNER JOIN vote.roles AS r ON rp.numero_role = r.numero_role INNER JOIN vote.privileges AS p ON rp.numero_privilege = r.numero_privilege WHERE r.flag_actif IS TRUE AND p.numero_privilege = :privilege ")
-  List<Role> findbyPrivilege(@Param("privilege") Privilege privilege);
-
   @Override
   void delete(Role role);
 

src/main/java/fr/triplea/demovote/persistence/dto/LoginTransfer.java

@@ -0,0 +1,45 @@
+package fr.triplea.demovote.persistence.dto;
+
+public class LoginTransfer
+{
+  
+  private String username;
+  public void setUsername(String s) { this.username = new String(s); }
+  public String getUsername() { return this.username; }
+  
+  private String password;
+  public void setPassword(String s) { this.password = new String(s); }
+  public String getPassword() { return this.password; }
+  
+  private String token;
+  public void setToken(String s) { this.token = new String(s); }
+  public String getToken() { return this.token; }
+    
+  private Integer id;
+  public void setId(int i) { this.id = i; }
+  public Integer getId() { return this.id; }
+  
+  private String nom;
+  public void setNom(String s) { this.nom = new String(s); }
+  public String getNom() { return this.nom; }
+  
+  private String prenom;
+  public void setPrenom(String s) { this.prenom = new String(s); }
+  public String getPrenom() { return this.prenom; }
+  
+  private String role;
+  public void setRole(String s) { this.role = new String(s); }
+  public String getRole() { return this.role; }
+
+  
+  @Override
+  public String toString() 
+  {
+    final StringBuilder builder = new StringBuilder();
+      
+    builder.append("UserTransfer [username=").append(this.username).append(", role=").append(role).append("]");
+      
+    return builder.toString();
+  }
+ 
+}

src/main/java/fr/triplea/demovote/persistence/model/Participant.java

@@ -302,30 +302,6 @@ public class Participant
     return _roles.containsAll(roles);
   }
 
-  @Transient
-  public boolean hasAnyPrivileges(String... privileges) { return hasAnyPrivileges(Arrays.asList(privileges)); }
-
-  @Transient
-  public boolean hasAnyPrivileges(List<String> privileges) 
-  {
-    Set<String> _privileges = this.getRoles().stream().flatMap(s -> s.getPrivileges().stream()).map(Privilege::getLibelle).collect(Collectors.toSet());
-      
-    Sets.SetView<String> intersection = Sets.intersection(_privileges, Sets.newHashSet(privileges));
-    
-    return !intersection.isEmpty();
-  }
-
-  @Transient
-  public boolean hasPrivileges(String... privileges) { return hasPrivileges(Arrays.asList(privileges)); }
-
-  @Transient
-  public boolean hasPrivileges(List<String> privileges) 
-  {
-    Set<String> _privileges = this.getRoles().stream().flatMap(s -> s.getPrivileges().stream()).map(Privilege::getLibelle).collect(Collectors.toSet());
-    
-    return _privileges.containsAll(privileges);
-  }
-
   
   @Override
   public int hashCode() 

src/main/java/fr/triplea/demovote/persistence/model/Privilege.java

@@ -1,115 +0,0 @@
-package fr.triplea.demovote.persistence.model;
-
-import java.time.LocalDateTime;
-import java.time.format.DateTimeFormatter;
-import java.util.List;
-import java.util.Locale;
-
-import org.hibernate.annotations.CreationTimestamp;
-import org.hibernate.annotations.UpdateTimestamp;
-import org.springframework.util.StringUtils;
-
-import com.fasterxml.jackson.annotation.JsonFormat;
-
-import jakarta.persistence.Column;
-import jakarta.persistence.Entity;
-import jakarta.persistence.GeneratedValue;
-import jakarta.persistence.GenerationType;
-import jakarta.persistence.Id;
-import jakarta.persistence.ManyToMany;
-import jakarta.persistence.Table;
-import jakarta.persistence.Temporal;
-import jakarta.persistence.TemporalType;
-import jakarta.persistence.Transient;
-
-@Entity(name = "vote.privileges")
-@Table(name = "privileges")
-public class Privilege
-{
-  
-  @Temporal(TemporalType.TIMESTAMP)
-  @CreationTimestamp
-  @JsonFormat(shape=JsonFormat.Shape.STRING, pattern="dd/MM/yyyy HH:mm:ss", timezone="Europe/Paris")
-  private LocalDateTime dateCreation;
-  
-  @Temporal(TemporalType.TIMESTAMP)
-  @UpdateTimestamp
-  @JsonFormat(shape=JsonFormat.Shape.STRING, pattern="dd/MM/yyyy HH:mm:ss", timezone="Europe/Paris")
-  private LocalDateTime dateModification;
-  
-  @Id
-  @GeneratedValue(strategy = GenerationType.IDENTITY)
-  @Column(name = "numero_privilege", nullable = false)
-  private Integer numeroPrivilege;
- 
-  @Column(length = 128, nullable = false)
-  private String libelle;
-  
-  @ManyToMany(mappedBy = "privileges")
-  private List<Role> roles;
- 
-  
-  public Privilege() { super(); }
-
-  
-  @Transient
-  DateTimeFormatter df = DateTimeFormatter.ofPattern("dd/MM/yyyy HH:mm:ss", Locale.FRANCE);
-  
-  public void setDateCreation(LocalDateTime d) { this.dateCreation = d; }
-  public void setDateCreation(String s) { this.dateCreation = LocalDateTime.parse(s, df); }
-  public LocalDateTime getDateCreation() { return this.dateCreation; }
-  
-  public void setDateModification(LocalDateTime d) { this.dateModification = d; }
-  public void setDateModification(String s) { this.dateModification = LocalDateTime.parse(s, df); }
-  public LocalDateTime getDateModification() { return this.dateModification; }
-  
-  public void setNumeroPrivilege(Integer numeroPrivilege) { this.numeroPrivilege = numeroPrivilege; }
-  public Integer getNumeroPrivilege() { return this.numeroPrivilege; }
-  
-  public void setLibelle(String str) { if (str != null) { this.libelle = StringUtils.truncate(str, 128); } }
-  public String getLibelle() { return this.libelle; }
-  
-  public List<Role> getRoles() { return roles; }
-  public void setRoles(final List<Role> roles) { this.roles = roles; }
-  
-  
-
-  @Override
-  public int hashCode() 
-  {
-    final int prime = 42;
-    int result = 1;
-    result = (prime * result) + ((getLibelle() == null) ? 0 : getLibelle().hashCode());
-    return result;
-  }
-
-  @Override
-  public boolean equals(final Object obj) 
-  {
-    if (this == obj) { return true; }
-    if (obj == null) { return false; }
-    if (getClass() != obj.getClass()) { return false; }
-      
-    final Privilege p = (Privilege) obj;
-    if (getNumeroPrivilege() == null) { if (p.getNumeroPrivilege() == null) { return false; } } else if (!getNumeroPrivilege().equals(p.getNumeroPrivilege())) { return false; }
-    if (getLibelle() == null) { if (p.getLibelle() == null) { return false; } } else if (!getLibelle().equals(p.getLibelle())) { return false; }
-    
-    return true;
-  }
-
-  @Override
-  public String toString() 
-  {
-    final StringBuilder builder = new StringBuilder();
-    
-    builder.append("Privilege [id=")
-           .append(numeroPrivilege)
-           .append(", libelle=").append(libelle)
-           .append(", créé=").append(dateCreation)
-           .append(", modifié=").append(dateModification)
-           .append("]");
-
-    return builder.toString();
-  }
-
-}

src/main/java/fr/triplea/demovote/persistence/model/Role.java

@@ -16,8 +16,6 @@ import jakarta.persistence.Entity;
 import jakarta.persistence.GeneratedValue;
 import jakarta.persistence.GenerationType;
 import jakarta.persistence.Id;
-import jakarta.persistence.JoinColumn;
-import jakarta.persistence.JoinTable;
 import jakarta.persistence.ManyToMany;
 import jakarta.persistence.Table;
 import jakarta.persistence.Temporal;
@@ -50,12 +48,6 @@ public class Role
   @Column(length = 64, nullable = false)
   private String libelle;
 
-  @ManyToMany
-  @JoinTable(name = "roles_privileges", 
-             joinColumns = @JoinColumn(name = "numero_role", referencedColumnName = "numero_role"), 
-             inverseJoinColumns = @JoinColumn(name = "numero_privilege", referencedColumnName = "numero_privilege"))
-  private List<Privilege> privileges;
-
   @ManyToMany(mappedBy = "roles")
   private List<Participant> participants;
 
@@ -84,10 +76,7 @@ public class Role
   
   public void setLibelle(String str) { if (str != null) { this.libelle = StringUtils.truncate(str, 64); } }
   public String getLibelle() { return this.libelle; }
-
-  public List<Privilege> getPrivileges() { return this.privileges; }
-  public void setPrivileges(final List<Privilege> privileges) { this.privileges = privileges; }
-  
+ 
   public List<Participant> getParticipants() { return participants; }
   public void setUsers(final List<Participant> participants) { this.participants = participants; }
 

src/main/java/fr/triplea/demovote/security/MyRememberMeServices.java

@@ -0,0 +1,71 @@
+package fr.triplea.demovote.security;
+
+import java.util.Date;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.AuthenticationDetailsSource;
+import org.springframework.security.authentication.RememberMeAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
+import org.springframework.security.core.authority.mapping.NullAuthoritiesMapper;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
+import org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken;
+import org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices;
+import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
+
+import fr.triplea.demovote.persistence.dao.ParticipantRepository;
+import fr.triplea.demovote.persistence.model.Participant;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
+public class MyRememberMeServices extends PersistentTokenBasedRememberMeServices 
+{
+
+  @Autowired
+  private ParticipantRepository participantRepository;
+
+  private String key;
+  private PersistentTokenRepository tokenRepository;
+
+  private GrantedAuthoritiesMapper authoritiesMapper = new NullAuthoritiesMapper();
+  private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource();
+
+  public MyRememberMeServices(String key, UserDetailsService userDetailsService, PersistentTokenRepository tokenRepository) 
+  {
+    super(key, userDetailsService, tokenRepository);
+    this.key = key;
+    this.tokenRepository = tokenRepository;
+  }
+
+
+  @Override
+  protected void onLoginSuccess(HttpServletRequest request, HttpServletResponse response, Authentication successfulAuthentication) 
+  {
+    String pseudonyme = ((Participant) successfulAuthentication.getPrincipal()).getPseudonyme();
+
+    PersistentRememberMeToken persistentToken = new PersistentRememberMeToken(pseudonyme, generateSeriesData(), generateTokenData(), new Date());
+
+    try 
+    {
+      tokenRepository.createNewToken(persistentToken);
+      
+      this.setCookie(new String[] { persistentToken.getSeries(), persistentToken.getTokenValue() }, this.getTokenValiditySeconds(), request, response);
+    } 
+    catch (Exception e) {}
+  }
+
+  @Override
+  protected Authentication createSuccessfulAuthentication(HttpServletRequest request, UserDetails user) 
+  {
+    Participant participant = participantRepository.findByPseudonyme(user.getUsername());
+    
+    RememberMeAuthenticationToken auth = new RememberMeAuthenticationToken(key, participant, authoritiesMapper.mapAuthorities(user.getAuthorities()));
+    
+    auth.setDetails(authenticationDetailsSource.buildDetails(request));
+    
+    return auth;
+  }
+
+}

src/main/java/fr/triplea/demovote/security/MyUserDetailsService.java

@@ -0,0 +1,46 @@
+package fr.triplea.demovote.security;
+
+import java.util.Set;
+import java.util.stream.Collectors;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import fr.triplea.demovote.persistence.dao.ParticipantRepository;
+import fr.triplea.demovote.persistence.model.Participant;
+
+@Service("userDetailsService")
+@Transactional
+public class MyUserDetailsService implements UserDetailsService 
+{
+
+  @Autowired
+  private ParticipantRepository participantRepository;
+
+  
+  public MyUserDetailsService() { }
+
+  
+  @Override
+  public UserDetails loadUserByUsername(final String pseudonyme) throws UsernameNotFoundException 
+  {
+    try 
+    {
+      final Participant participant = participantRepository.findByPseudonyme(pseudonyme);
+      
+      if (participant == null) { throw new UsernameNotFoundException("Pseudonyme non trouvé : " + pseudonyme); }
+
+      Set<GrantedAuthority> authorities = participant.getRoles().stream().map((role) -> new SimpleGrantedAuthority(role.getLibelle())).collect(Collectors.toSet());
+
+      return new org.springframework.security.core.userdetails.User(participant.getEmail(), participant.getMotDePasse(), authorities);
+    } 
+    catch (final Exception e) { throw new RuntimeException(e); }
+   }
+
+}

src/main/java/fr/triplea/demovote/spring/CreateDefaultValues.java

@@ -10,11 +10,9 @@ import org.springframework.stereotype.Component;
 import org.springframework.transaction.annotation.Transactional;
 
 import fr.triplea.demovote.persistence.dao.ParticipantRepository;
-import fr.triplea.demovote.persistence.dao.PrivilegeRepository;
 import fr.triplea.demovote.persistence.dao.RoleRepository;
 import fr.triplea.demovote.persistence.dao.VariableRepository;
 import fr.triplea.demovote.persistence.model.Participant;
-import fr.triplea.demovote.persistence.model.Privilege;
 import fr.triplea.demovote.persistence.model.Role;
 import fr.triplea.demovote.persistence.model.Variable;
 
@@ -32,9 +30,6 @@ public class CreateDefaultValues implements ApplicationListener<ContextRefreshed
   @Autowired
   private RoleRepository roleRepository;
 
-  @Autowired
-  private PrivilegeRepository privilegeRepository;
-
   @Autowired
   private VariableRepository variableRepository;
 
@@ -44,73 +39,45 @@ public class CreateDefaultValues implements ApplicationListener<ContextRefreshed
   {
     if (initialise) { return; } 
     
-    Privilege listeVariablesPrivilege = addPrivilegeIfMissing("LISTE_VARIABLES");
-
-    Privilege donneesPersonnellesPrivilege = addPrivilegeIfMissing("PAGE_DONNEES_PERSONNELLES");
-
-    Privilege listeParticipantsPrivilege = addPrivilegeIfMissing("LISTE_PARTICIPANTS");
-    Privilege modificationMotsDePasses = addPrivilegeIfMissing("MODIFICATION_MOTS_DE_PASSES");
-
-    Privilege listeProductionsPrivilegeAdmin = addPrivilegeIfMissing("LISTE_PRODUCTIONS_ADMIN");
-    Privilege listeProductionsPrivilegeUser = addPrivilegeIfMissing("LISTE_PRODUCTIONS_USER");
-    
-    Privilege listeCategoriesPrivilege = addPrivilegeIfMissing("LISTE_CATEGORIES");
-
-    Privilege listePresentationsPrivilege = addPrivilegeIfMissing("LISTE_PRESENTATIONS");
-
-    Privilege pageVoterPrivilege = addPrivilegeIfMissing("PAGE_VOTER");
-
-    Privilege pageResultatsPrivilege = addPrivilegeIfMissing("PAGE_RESULTATS");
-
-    Privilege pageMessageriePrivilege = addPrivilegeIfMissing("PAGE_MESSAGERIE");
-
-   
-    List<Privilege> adminPrivileges = Arrays.asList(listeVariablesPrivilege, modificationMotsDePasses, listeCategoriesPrivilege, listePresentationsPrivilege, listeProductionsPrivilegeAdmin);
-    List<Privilege> orgaPrivileges = Arrays.asList(listeParticipantsPrivilege);
-    List<Privilege> userPrivileges = Arrays.asList(donneesPersonnellesPrivilege, pageMessageriePrivilege, listeProductionsPrivilegeUser, pageVoterPrivilege, pageResultatsPrivilege);
-   
-    Role adminRole = addRoleIfMissing("Administrateur", adminPrivileges);
-    Role orgaRole = addRoleIfMissing("Organisateur", orgaPrivileges);
-    Role userRole = addRoleIfMissing("Participant", userPrivileges);
+    Role adminRole = addRoleIfMissing("Administrateur");
+    Role orgaRole = addRoleIfMissing("Organisateur");
+    Role userRole = addRoleIfMissing("Participant");
     
     
     List<Participant> participants = participantRepository.findAll();
     
     for (Participant participant : participants)
     {
+      boolean changed = false;
+      
       List<Role> roles = participant.getRoles();
       
       if (roles == null) 
       { 
-        participant.setRoles(Arrays.asList(userRole)); 
-        participantRepository.saveAndFlush(participant);
+        roles = Arrays.asList(userRole);
+        changed = true;
       } 
       else 
       { 
         if (!roles.contains(userRole)) 
         { 
-          participant.setRoles(roles); 
-          participantRepository.saveAndFlush(participant);
+          roles.add(userRole);
+          changed = true;
         }
       }
       
       if (participant.getEmail().equalsIgnoreCase(CreateDefaultValues.EMAIL_ADMIN))
       {
-        if (!roles.contains(adminRole)) 
-        { 
-          roles.add(adminRole);
-          participant.setRoles(roles); 
-          participantRepository.saveAndFlush(participant);
-        }
-        if (!roles.contains(orgaRole)) 
-        { 
-          roles.add(orgaRole);
-          participant.setRoles(roles); 
-          participantRepository.saveAndFlush(participant);
-        }
+        if (!roles.contains(adminRole)) { roles.add(adminRole); changed = true; }
+        if (!roles.contains(orgaRole)) { roles.add(orgaRole); changed = true; }
+      }
+      
+      if (changed)
+      {
+        participant.setRoles(roles); 
+        participantRepository.saveAndFlush(participant);
       }
     }
-
     
     addVariableIfMissing("Application", "TIME_ZONE", "Europe/Paris");
     addVariableIfMissing("Application", "LIBELLE_COURT_JOUR1", "Ven1");
@@ -162,24 +129,7 @@ public class CreateDefaultValues implements ApplicationListener<ContextRefreshed
   }
 
   @Transactional
-  public Privilege addPrivilegeIfMissing(final String libelle) 
-  {
-    Privilege privilege = privilegeRepository.findByLibelle(libelle);
-    
-    if (privilege == null) 
-    {
-      privilege = new Privilege();
-      
-      privilege.setLibelle(libelle);
-      
-      privilege = privilegeRepository.save(privilege);
-    }
-    
-    return privilege;
-  }
-
-  @Transactional
-  public Role addRoleIfMissing(final String libelle, final List<Privilege> privileges) 
+  public Role addRoleIfMissing(final String libelle) 
   {
     Role role = roleRepository.findByLibelle(libelle);
     
@@ -188,7 +138,6 @@ public class CreateDefaultValues implements ApplicationListener<ContextRefreshed
       role = new Role(); 
       
       role.setLibelle(libelle); 
-      role.setPrivileges(privileges);
 
       role = roleRepository.save(role);
     }

src/main/java/fr/triplea/demovote/spring/SecurityConfig.java

@@ -0,0 +1,73 @@
+package fr.triplea.demovote.spring;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.core.session.SessionRegistry;
+import org.springframework.security.core.session.SessionRegistryImpl;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl;
+
+import fr.triplea.demovote.security.MyRememberMeServices;
+import fr.triplea.demovote.security.MyUserDetailsService;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig
+{
+
+  @Autowired
+  private MyUserDetailsService userDetailsService;
+  
+  @Bean
+  AuthenticationManager authenticationManager(AuthenticationConfiguration authConfig) throws Exception { return authConfig.getAuthenticationManager(); }
+
+  
+  @Bean
+  SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception 
+  {
+    http.csrf((csrf) -> csrf.disable());
+    
+    http.authorizeHttpRequests((authorizeHttpRequests) -> authorizeHttpRequests
+      .requestMatchers("/auth/**").permitAll()
+      .requestMatchers("/divers/**").permitAll()
+      .requestMatchers("/account/**").hasAuthority("Participant")
+      .requestMatchers("/preference/**").hasAuthority("Participant")
+      .requestMatchers("/message/**").hasAuthority("Participant")
+      .requestMatchers("/urne/**").hasAuthority("Participant")
+      .requestMatchers("/resultats/**").hasAuthority("Participant")
+      .requestMatchers("/variable/**").hasAuthority("Administrateur")
+      .requestMatchers("/categorie/**").hasAuthority("Administrateur")
+      .requestMatchers("/participant/**").hasAnyAuthority("Administrateur", "Organisateur")
+      .requestMatchers("/production/**").hasAuthority("Administrateur")
+      .requestMatchers("/presentation/**").hasAuthority("Administrateur")
+      .anyRequest().authenticated()
+    );
+
+    http.sessionManagement((sessionManagement) -> sessionManagement.maximumSessions(2).sessionRegistry(sessionRegistry()));
+
+    http.rememberMe((remember) -> remember.rememberMeServices(rememberMeServices()));
+
+    return http.build();
+  }
+
+  @Bean
+  MyRememberMeServices rememberMeServices() 
+  {
+    MyRememberMeServices rememberMeServices = new MyRememberMeServices("Alr34dy", userDetailsService, new InMemoryTokenRepositoryImpl());
+    return rememberMeServices;
+  }
+
+  @Bean
+  SessionRegistry sessionRegistry() { return new SessionRegistryImpl(); }
+
+  @Bean
+  PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(11); }
+
+}

src/main/java/fr/triplea/demovote/web/controller/AccountController.java

@@ -0,0 +1,22 @@
+package fr.triplea.demovote.web.controller;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.CrossOrigin;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import fr.triplea.demovote.persistence.dao.ParticipantRepository;
+
+
+@CrossOrigin(origins = "http://localhost:4200")
+@RestController
+@RequestMapping("/account")
+public class AccountController 
+{
+
+  @Autowired
+  private ParticipantRepository participantRepository;
+
+  // TODO 
+ 
+}

src/main/java/fr/triplea/demovote/web/controller/AuthController.java

@@ -0,0 +1,72 @@
+package fr.triplea.demovote.web.controller;
+
+import java.util.List;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.web.bind.annotation.CrossOrigin;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import fr.triplea.demovote.persistence.dao.ParticipantRepository;
+import fr.triplea.demovote.persistence.dto.LoginTransfer;
+import fr.triplea.demovote.persistence.model.Participant;
+import fr.triplea.demovote.persistence.model.Role;
+
+
+@CrossOrigin(origins = "http://localhost:4200")
+@RestController
+@RequestMapping("/auth")
+public class AuthController 
+{
+
+  @Autowired
+  private AuthenticationManager authenticationManager;
+
+  @Autowired
+  private ParticipantRepository participantRepository;
+  
+  @PostMapping("/signin")
+  public ResponseEntity<LoginTransfer> authenticateUser(@RequestBody LoginTransfer loginTransfer)
+  {
+    Participant found = participantRepository.findByPseudonyme(loginTransfer.getUsername());
+    
+    if (found != null)
+    {      
+      UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(loginTransfer.getUsername(), loginTransfer.getPassword());
+      
+      Authentication authentication = authenticationManager.authenticate(token);
+     
+      SecurityContextHolder.getContext().setAuthentication(authentication);
+      
+      loginTransfer.setPassword("xxx");
+      loginTransfer.setToken(token.toString());
+      loginTransfer.setId(found.getNumeroParticipant());
+      loginTransfer.setNom(found.getNom());
+      loginTransfer.setPrenom(found.getPrenom());
+
+      List<Role> roles = found.getRoles();
+      
+      loginTransfer.setRole("Participant");
+      
+      for (Role role : roles) 
+      {  
+        if (role.getLibelle().equals("Administrateur")) { loginTransfer.setRole("Administrateur"); break; }
+        else 
+        if (role.getLibelle().equals("Organisateur")) { loginTransfer.setRole("Organisateur"); break; }
+      }
+       
+      return ResponseEntity.ok(loginTransfer);
+    }
+    
+    return ResponseEntity.notFound().build();
+  }
+
+  
+}

src/main/java/fr/triplea/demovote/web/controller/BulletinController.java

@@ -6,7 +6,7 @@ import java.util.Map;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
-//import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -26,7 +26,7 @@ import fr.triplea.demovote.persistence.model.Production;
 
 @CrossOrigin(origins = "http://localhost:4200")
 @RestController
-@RequestMapping("/demovote-api/v1/urne")
+@RequestMapping("/urne")
 public class BulletinController 
 {
 
@@ -43,7 +43,7 @@ public class BulletinController
   private ProductionRepository productionRepository;
 
   @PostMapping(value = "/create")
-  //@PreAuthorize("hasRole('PAGE_VOTER')")
+  @PreAuthorize("hasAuthority('Participant')")
   public ResponseEntity<Object> add(@RequestParam(required = true) int cat_id, @RequestParam(required = true) int part_id, @RequestParam(required = true) int prod_id) 
   { 
     Bulletin bul = bulletinRepository.findByCategorieAndParticipant(cat_id, part_id);
@@ -127,7 +127,7 @@ public class BulletinController
   }
 
   @DeleteMapping(value = "/delete/{id}")
-  //@PreAuthorize("hasRole('PAGE_VOTER')")
+  @PreAuthorize("hasAuthority('Participant')")
   public ResponseEntity<Map<String, Boolean>> remove(@PathVariable int id) 
   { 
     if (id > 0) { bulletinRepository.deleteById(id); }

src/main/java/fr/triplea/demovote/web/controller/CategorieController.java

@@ -6,7 +6,7 @@ import java.util.Map;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
-//import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -22,7 +22,7 @@ import fr.triplea.demovote.persistence.model.Categorie;
 
 @CrossOrigin(origins = "http://localhost:4200")
 @RestController
-@RequestMapping("/demovote-api/v1/categorie")
+@RequestMapping("/categorie")
 public class CategorieController 
 {
 
@@ -31,14 +31,14 @@ public class CategorieController
 
 
   @GetMapping(value = "/list")
-  //@PreAuthorize("hasRole('LISTE_CATEGORIES')")
+  @PreAuthorize("hasAuthority('Administrateur')")
   public List<Categorie> getList() 
   { 
     return categorieRepository.findAll(); 
   }
 
   @GetMapping(value = "/form/{id}")
-  //@PreAuthorize("hasRole('LISTE_CATEGORIES')")
+  @PreAuthorize("hasAuthority('Administrateur')")
   public ResponseEntity<Categorie> getForm(@PathVariable int id)
   { 
     Categorie c = categorieRepository.findById(id);
@@ -49,7 +49,7 @@ public class CategorieController
   }
 
   @PostMapping(value = "/create")
-  //@PreAuthorize("hasRole('LISTE_CATEGORIES')")
+  @PreAuthorize("hasAuthority('Administrateur')")
   public Categorie create(@RequestBody(required = true) Categorie categorie) 
   { 
     Categorie found = categorieRepository.findById(0);
@@ -62,7 +62,7 @@ public class CategorieController
   }
 
   @PutMapping(value = "/update/{id}")
-  //@PreAuthorize("hasRole('LISTE_CATEGORIES')")
+  @PreAuthorize("hasAuthority('Administrateur')")
   public ResponseEntity<Object> update(@PathVariable int id, @RequestBody(required = true) Categorie categorie) 
   { 
     Categorie found = categorieRepository.findById(id);
@@ -88,7 +88,7 @@ public class CategorieController
   }
 
   @DeleteMapping(value = "/delete/{id}")
-  //@PreAuthorize("hasRole('LISTE_CATEGORIES')")
+  @PreAuthorize("hasAuthority('Administrateur')")
   public ResponseEntity<Map<String, Boolean>> disableCategorie(@PathVariable int id) 
   { 
     Categorie c = categorieRepository.getReferenceById(id);

src/main/java/fr/triplea/demovote/web/controller/DiversController.java

@@ -14,7 +14,7 @@ import fr.triplea.demovote.persistence.dto.MessagesTransfer;
 
 @CrossOrigin(origins = "http://localhost:4200")
 @RestController
-@RequestMapping("/demovote-api/v1/divers")
+@RequestMapping("/divers")
 public class DiversController 
 {
 
@@ -22,7 +22,6 @@ public class DiversController
   private VariableRepository variableRepository;
  
   @GetMapping(value = "/welcome")
-  //@PreAuthorize("hasRole('LISTE_VARIABLES')")
   public ResponseEntity<MessagesTransfer> getWelcomeMessage() 
   { 
     MessagesTransfer mt = new MessagesTransfer();

src/main/java/fr/triplea/demovote/web/controller/MessageController.java

@@ -3,7 +3,7 @@ package fr.triplea.demovote.web.controller;
 import java.util.List;
 
 import org.springframework.beans.factory.annotation.Autowired;
-//import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -15,7 +15,7 @@ import fr.triplea.demovote.persistence.model.Message;
 
 @CrossOrigin(origins = "http://localhost:4200")
 @RestController
-@RequestMapping("/demovote-api/v1/message")
+@RequestMapping("/message")
 public class MessageController 
 {
 
@@ -24,7 +24,7 @@ public class MessageController
   
   
   @GetMapping(value = "/list/{id}")
-  //@PreAuthorize("hasRole('PAGE_MESSAGERIE')")
+  @PreAuthorize("hasAuthority('Participant')")
   public List<Message> getList(@PathVariable int id)
   { 
     return messageRepository.findAll(id, id); 

src/main/java/fr/triplea/demovote/web/controller/ParticipantController.java

@@ -9,7 +9,7 @@ import java.util.UUID;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
-//import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -31,7 +31,7 @@ import fr.triplea.demovote.persistence.model.ParticipantStatut;
 
 @CrossOrigin(origins = "http://localhost:4200")
 @RestController
-@RequestMapping("/demovote-api/v1/participant")
+@RequestMapping("/participant")
 public class ParticipantController 
 {
 
@@ -41,7 +41,7 @@ public class ParticipantController
   
 
   @GetMapping(value = "/list")
-  //@PreAuthorize("hasRole('LISTE_PARTICIPANTS')")
+  @PreAuthorize("hasAnyAuthority('Participant', 'Organisateur')")
   public List<ParticipantList> getList() 
   { 
     return participantRepository.getList(); 
@@ -49,14 +49,14 @@ public class ParticipantController
 
   
   @GetMapping(value = "/option-list")
-  //@PreAuthorize("hasRole('LISTE_PARTICIPANTS')")
+  @PreAuthorize("hasAnyAuthority('Participant', 'Organisateur')")
   public List<ParticipantOptionList> getOptionList() 
   { 
     return participantRepository.getOptionList(); 
   }
 
   @GetMapping(value = "/form/{id}")
-  //@PreAuthorize("hasRole('LISTE_PARTICIPANTS')")
+  @PreAuthorize("hasAnyAuthority('Participant', 'Organisateur')")
   public ResponseEntity<ParticipantTransfer> getForm(@PathVariable int id) 
   { 
     ParticipantTransfer p = participantRepository.searchById(id);
@@ -67,7 +67,7 @@ public class ParticipantController
   }
 
   @PostMapping(value = "/create")
-  //@PreAuthorize("hasRole('LISTE_PARTICIPANTS')")
+  @PreAuthorize("hasAnyAuthority('Participant', 'Organisateur')")
   public ResponseEntity<Object> create(@RequestBody(required = true) ParticipantTransfer participant) 
   { 
     Participant found = participantRepository.findById(0);
@@ -133,7 +133,7 @@ public class ParticipantController
   }
 
   @PutMapping(value = "/update/{id}")
-  //@PreAuthorize("hasRole('LISTE_PARTICIPANTS')")
+  @PreAuthorize("hasAnyAuthority('Participant', 'Organisateur')")
   public ResponseEntity<Object> update(@PathVariable int id, @RequestBody(required = true) ParticipantTransfer participant) 
   { 
     Participant found = participantRepository.findById(id);
@@ -189,7 +189,7 @@ public class ParticipantController
   }
 
   @DeleteMapping(value = "/delete/{id}")
-  //@PreAuthorize("hasRole('LISTE_PARTICIPANTS')")
+  @PreAuthorize("hasAnyAuthority('Participant', 'Organisateur')")
   public ResponseEntity<Map<String, Boolean>> disableParticipant(@PathVariable int id) 
   { 
     Participant found = participantRepository.getReferenceById(id);

src/main/java/fr/triplea/demovote/web/controller/PreferenceController.java

@@ -4,7 +4,7 @@ import java.util.List;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
-//import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -20,7 +20,7 @@ import fr.triplea.demovote.persistence.model.Preference;
 
 @CrossOrigin(origins = "http://localhost:4200")
 @RestController
-@RequestMapping("/demovote-api/v1/preference")
+@RequestMapping("/preference")
 public class PreferenceController 
 {
 
@@ -29,14 +29,14 @@ public class PreferenceController
 
   
   @PostMapping(value = "/list")
-  //@PreAuthorize("hasRole('LISTE_PREFERENCES')")
+  @PreAuthorize("hasAuthority('Participant')")
   public List<Preference> get(@RequestParam(required = true) Participant numParticipant, @RequestParam(required = false) int numTraitement) 
   { 
     return preferenceRepository.findByParticipantAndTraitement(numParticipant, numTraitement); 
   }
 
   @PostMapping(value = "/create")
-  //@PreAuthorize("hasRole('LISTE_PREFERENCES')")
+  @PreAuthorize("hasAuthority('Participant')")
   public Preference create(@RequestBody(required = true) Preference preference) 
   { 
     Preference found = preferenceRepository.findById(0);
@@ -47,7 +47,7 @@ public class PreferenceController
   }
 
   @PutMapping(value = "/update/{id}")
-  //@PreAuthorize("hasRole('LISTE_PREFERENCES')")
+  @PreAuthorize("hasAuthority('Participant')")
   public ResponseEntity<Preference> update(@PathVariable int id, @RequestBody(required = true) Preference preference) 
   { 
     Preference found = preferenceRepository.findById(id);

src/main/java/fr/triplea/demovote/web/controller/PresentationController.java

@@ -4,7 +4,7 @@ package fr.triplea.demovote.web.controller;
 import java.util.List;
 
 import org.springframework.beans.factory.annotation.Autowired;
-//import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -15,7 +15,7 @@ import fr.triplea.demovote.persistence.model.Presentation;
 
 @CrossOrigin(origins = "http://localhost:4200")
 @RestController
-@RequestMapping("/demovote-api/v1/presentation")
+@RequestMapping("/presentation")
 public class PresentationController 
 {
 
@@ -23,7 +23,7 @@ public class PresentationController
   private PresentationRepository presentationRepository;
  
   @GetMapping(value = "/list")
-  //@PreAuthorize("hasRole('LISTE_PRESENTATIONS')")
+  @PreAuthorize("hasAuthority('Administrateur')")
   public List<Presentation> getList() 
   {
     return presentationRepository.findAll(); 

src/main/java/fr/triplea/demovote/web/controller/ProductionController.java

@@ -11,7 +11,7 @@ import org.springframework.core.io.ByteArrayResource;
 import org.springframework.core.io.Resource;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.ResponseEntity;
-//import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -38,7 +38,7 @@ import jakarta.servlet.http.HttpServletRequest;
 
 @CrossOrigin(origins = "http://localhost:4200")
 @RestController
-@RequestMapping("/demovote-api/v1/production")
+@RequestMapping("/production")
 public class ProductionController 
 {
 
@@ -53,7 +53,7 @@ public class ProductionController
 
   
   @GetMapping(value = "/list")
-  //@PreAuthorize("hasAnyRole('LISTE_PRODUCTIONS_ADMIN', 'LISTE_PRODUCTIONS_USER')")
+  @PreAuthorize("hasAuthority('Administrateur')")
   public List<Production> getList(@RequestParam(required = false) String type) 
   { 
     List<ProductionShort> prods = productionRepository.findAllWithoutArchive();
@@ -66,6 +66,7 @@ public class ProductionController
   }
 
   @GetMapping(value = "/file/{id}")
+  @PreAuthorize("hasAuthority('Administrateur')")
   @ResponseBody
   public ResponseEntity<Resource> getFile(@PathVariable int id) 
   {
@@ -86,7 +87,7 @@ public class ProductionController
   }
 
   @GetMapping(value = "/form/{id}")
-  //@PreAuthorize("hasAnyRole('LISTE_PRODUCTIONS_ADMIN', 'LISTE_PRODUCTIONS_USER')")
+  @PreAuthorize("hasAuthority('Administrateur')")
   public ResponseEntity<Production> getForm(@PathVariable int id)
   { 
     ProductionShort p = productionRepository.findByIdWithoutArchive(id);
@@ -97,7 +98,7 @@ public class ProductionController
   }
 
   @GetMapping(value = "/formfile/{id}")
-  //@PreAuthorize("hasAnyRole('LISTE_PRODUCTIONS_ADMIN', 'LISTE_PRODUCTIONS_USER')")
+  @PreAuthorize("hasAuthority('Administrateur')")
   public ResponseEntity<ProductionFile> getFormFile(@PathVariable int id)
   { 
     ProductionFile p = productionRepository.findByIdForUpload(id);
@@ -108,7 +109,7 @@ public class ProductionController
   }
 
   @PostMapping(value = "/create")
-  //@PreAuthorize("hasAnyRole('LISTE_PRODUCTIONS_ADMIN', 'LISTE_PRODUCTIONS_USER')")
+  @PreAuthorize("hasAuthority('Administrateur')")
   public ResponseEntity<Map<String, Boolean>> create(@RequestBody(required = true) ProductionTransfer production, HttpServletRequest request) 
   { 
     Participant participant = participantRepository.findById(production.numeroParticipant());
@@ -152,7 +153,7 @@ public class ProductionController
   }
  
   @PutMapping(value = "/update/{id}")
-  //@PreAuthorize("hasAnyRole('LISTE_PRODUCTIONS_ADMIN', 'LISTE_PRODUCTIONS_USER')")
+  @PreAuthorize("hasAuthority('Administrateur')")
   public ResponseEntity<Map<String, Boolean>> update(@PathVariable int id, @RequestBody(required = true) ProductionUpdate production) 
   { 
     Production found = productionRepository.findById(id);
@@ -197,7 +198,7 @@ public class ProductionController
   }
   
   @PutMapping(value = "/upload/{id}")
-  //@PreAuthorize("hasAnyRole('LISTE_PRODUCTIONS_ADMIN', 'LISTE_PRODUCTIONS_USER')")
+  @PreAuthorize("hasAuthority('Administrateur')")
   public ResponseEntity<Map<String, Boolean>> update(@PathVariable int id, @RequestBody(required = true) ProductionFile production) 
   { 
     Production found = productionRepository.findById(id);
@@ -234,7 +235,7 @@ public class ProductionController
   }
 
   @DeleteMapping(value = "/delete/{id}")
-  //@PreAuthorize("hasAnyRole('LISTE_PRODUCTIONS_ADMIN', 'LISTE_PRODUCTIONS_USER')")
+  @PreAuthorize("hasAuthority('Administrateur')")
   public ResponseEntity<Map<String, Boolean>> disableProduction(@PathVariable int id) 
   { 
     Production found = productionRepository.getReferenceById(id);

src/main/java/fr/triplea/demovote/web/controller/VariableController.java

@@ -7,7 +7,7 @@ import java.util.Map;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
-//import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -25,7 +25,7 @@ import fr.triplea.demovote.persistence.model.Variable;
 
 @CrossOrigin(origins = "http://localhost:4200")
 @RestController
-@RequestMapping("/demovote-api/v1/variable")
+@RequestMapping("/variable")
 public class VariableController 
 {
 
@@ -34,7 +34,7 @@ public class VariableController
 
 
   @GetMapping(value = "/list")
-  //@PreAuthorize("hasRole('LISTE_VARIABLES')")
+  @PreAuthorize("hasAuthority('Administrateur')")
   public List<Variable> getList(@RequestParam(required = false) String type) 
   { 
     if (type == null) { return variableRepository.findAll(); }
@@ -45,14 +45,14 @@ public class VariableController
   }
   
   @GetMapping(value = "/option-list")
-  //@PreAuthorize("hasRole('LISTE_VARIABLES')")
+  @PreAuthorize("hasAuthority('Administrateur')")
   public List<VariableTypeOptionList> getOptionList() 
   { 
     return variableRepository.getTypes(); 
   }
  
   @GetMapping(value = "/form/{id}")
-  //@PreAuthorize("hasRole('LISTE_VARIABLES')")
+  @PreAuthorize("hasAuthority('Administrateur')")
   public ResponseEntity<Variable> getForm(@PathVariable int id) 
   { 
     Variable v = variableRepository.findById(id);
@@ -63,7 +63,7 @@ public class VariableController
   }
 
   @PostMapping(value = "/create")
-  //@PreAuthorize("hasRole('LISTE_VARIABLES')")
+  @PreAuthorize("hasAuthority('Administrateur')")
   public Variable create(@RequestBody(required = true) Variable variable) 
   { 
     Variable found = variableRepository.findById(0);
@@ -76,7 +76,7 @@ public class VariableController
   }
  
   @PutMapping(value = "/update/{id}")
-  //@PreAuthorize("hasRole('LISTE_VARIABLES')")
+  @PreAuthorize("hasAuthority('Administrateur')")
   public ResponseEntity<Variable> update(@PathVariable int id, @RequestBody(required = true) Variable variable) 
   { 
     Variable found = variableRepository.findById(id);
@@ -97,7 +97,7 @@ public class VariableController
   }
 
   @DeleteMapping(value = "/delete/{id}")
-  //@PreAuthorize("hasRole('LISTE_VARIABLES')")
+  @PreAuthorize("hasAuthority('Administrateur')")
   public ResponseEntity<Map<String, Boolean>> deleteVariable(@PathVariable int id) 
   { 
     Variable found = variableRepository.findById(id);

src/main/resources/application.properties

@@ -10,4 +10,4 @@ spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect
 
 logging.level.org.springframework=INFO
 
-server.servlet.context-path=/
+server.servlet.context-path=/demovote-api/v1