Added method controll but we can't post with curl because: ">HTTP Status 403 -...

Added method controll but we can't post with curl because: ">HTTP Status 403 - Could not verify the provided CSRF token because your session was not found"

drip-api/src/main/java/nl/uva/sne/drip/api/conf/SecurityConfig.java

@@ -20,6 +20,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@@ -27,10 +28,11 @@ import org.springframework.security.crypto.password.PasswordEncoder;
 
 /**
  *
- * @author alogo
+ * @author S. Koulouzis
  */
 @Configuration
 @EnableWebSecurity
+@EnableGlobalMethodSecurity(jsr250Enabled = true)
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
     @Autowired
@@ -38,16 +40,17 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
     @Autowired
     public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
-//        auth
-//                .inMemoryAuthentication()
-//                .withUser("user").password("pwd").roles("USER");
         auth.userDetailsService(userService).passwordEncoder(passwordEncoder());
     }
 
+//    @Override
+//    protected void configure(HttpSecurity http) throws Exception {
+////        http.authorizeRequests().antMatchers("/**").hasRole("USER").and().formLogin();
+//        http.csrf().disable();
+//    }
     @Bean
     public PasswordEncoder passwordEncoder() {
         PasswordEncoder encoder = new BCryptPasswordEncoder();
         return encoder;
     }
-
 }

drip-api/src/main/java/nl/uva/sne/drip/api/rest/CloudConfigurationController.java

@@ -32,7 +32,7 @@ import org.springframework.web.bind.annotation.PathVariable;
  * @author S. Koulouzis
  */
 @RestController
-@RequestMapping("/rest/configuration")
+@RequestMapping("/configuration/cloud")
 @Component
 public class CloudConfigurationController {
 
@@ -40,7 +40,7 @@ public class CloudConfigurationController {
     private CloudCredentialsDao cloudCredentialsDao;
     
 
-//    curl -H "Content-Type: application/json" -X POST -d '{"key":"my_secret_password","keyIdAlias":"geni","logineKys":[{"attributes":null,"key":"-----BEGINRSAPUBLICKEY-----\nMIIBCgKCAQEA+xGZ/wcz9ugFpP07Nspo6U17l0YhFiFpxxU4pTk3Lifz9R3zsIsu\nERwta7+fWIfxOo208ett/jhskiVodSEt3QBGh4XBipyWopKwZ93HHaDVZAALi/2A\n+xTBtWdEo7XGUujKDvC2/aZKukfjpOiUI8AhLAfjmlcD/UZ1QPh0mHsglRNCmpCw\nmwSXA9VNmhz+PiB+Dml4WWnKW/VHo2ujTXxq7+efMU4H2fny3Se3KYOsFPFGZ1TN\nQSYlFuShWrHPtiLmUdPoP6CV2mML1tk+l7DIIqXrQhLUKDACeM5roMx0kLhUWB8P\n+0uj1CNlNN4JRZlC7xFfqiMbFRU9Z4N6YwIDAQAB\n-----ENDRSAPUBLICKEY-----","type":"PUBLIC"},{"attributes":null,"key":"-----BEGINRSAPRIVATEKEY-----\nMIICXAIBAAKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0FPqri0cb2JZfXJ/DgYSF6vUp\nwmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/3j+skZ6UtW+5u09lHNsj6tQ5\n1s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQABAoGAFijko56+qGyN8M0RVyaRAXz++xTqHBLh\n3tx4VgMtrQ+WEgCjhoTwo23KMBAuJGSYnRmoBZM3lMfTKevIkAidPExvYCdm5dYq3XToLkkLv5L2\npIIVOFMDG+KESnAFV7l2c+cnzRMW0+b6f8mR1CJzZuxVLL6Q02fvLi55/mbSYxECQQDeAw6fiIQX\nGukBI4eMZZt4nscy2o12KyYner3VpoeE+Np2q+Z3pvAMd/aNzQ/W9WaI+NRfcxUJrmfPwIGm63il\nAkEAxCL5HQb2bQr4ByorcMWm/hEP2MZzROV73yF41hPsRC9m66KrheO9HPTJuo3/9s5p+sqGxOlF\nL0NDt4SkosjgGwJAFklyR1uZ/wPJjj611cdBcztlPdqoxssQGnh85BzCj/u3WqBpE2vjvyyvyI5k\nX6zk7S0ljKtt2jny2+00VsBerQJBAJGC1Mg5Oydo5NwD6BiROrPxGo2bpTbu/fhrT8ebHkTz2epl\nU9VQQSQzY1oZMVX8i1m5WUTLPz2yLJIBQVdXqhMCQBGoiuSoSjafUhV7i1cEGpb88h5NBYZzWXGZ\n37sJ5QsW+sJyoNde3xH8vdXhzU7eT82D6X/scw9RZz+/6rCJ4p0=\n-----ENDRSAPRIVATEKEY-----","type":"PRIVATE"}],"cloudProviderName":"exogeni"}' http://localhost:8080/drip-api/rest/configuration
+//    curl -H "Content-Type: application/json" -X POST -d '{"key":"my_secret_password","keyIdAlias":"geni","logineKys":[{"attributes":null,"key":"-----BEGINRSAPUBLICKEY-----\nMIIBCgKCAQEA+xGZ/wcz9ugFpP07Nspo6U17l0YhFiFpxxU4pTk3Lifz9R3zsIsu\nERwta7+fWIfxOo208ett/jhskiVodSEt3QBGh4XBipyWopKwZ93HHaDVZAALi/2A\n+xTBtWdEo7XGUujKDvC2/aZKukfjpOiUI8AhLAfjmlcD/UZ1QPh0mHsglRNCmpCw\nmwSXA9VNmhz+PiB+Dml4WWnKW/VHo2ujTXxq7+efMU4H2fny3Se3KYOsFPFGZ1TN\nQSYlFuShWrHPtiLmUdPoP6CV2mML1tk+l7DIIqXrQhLUKDACeM5roMx0kLhUWB8P\n+0uj1CNlNN4JRZlC7xFfqiMbFRU9Z4N6YwIDAQAB\n-----ENDRSAPUBLICKEY-----","type":"PUBLIC"},{"attributes":null,"key":"-----BEGINRSAPRIVATEKEY-----\nMIICXAIBAAKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0FPqri0cb2JZfXJ/DgYSF6vUp\nwmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/3j+skZ6UtW+5u09lHNsj6tQ5\n1s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQABAoGAFijko56+qGyN8M0RVyaRAXz++xTqHBLh\n3tx4VgMtrQ+WEgCjhoTwo23KMBAuJGSYnRmoBZM3lMfTKevIkAidPExvYCdm5dYq3XToLkkLv5L2\npIIVOFMDG+KESnAFV7l2c+cnzRMW0+b6f8mR1CJzZuxVLL6Q02fvLi55/mbSYxECQQDeAw6fiIQX\nGukBI4eMZZt4nscy2o12KyYner3VpoeE+Np2q+Z3pvAMd/aNzQ/W9WaI+NRfcxUJrmfPwIGm63il\nAkEAxCL5HQb2bQr4ByorcMWm/hEP2MZzROV73yF41hPsRC9m66KrheO9HPTJuo3/9s5p+sqGxOlF\nL0NDt4SkosjgGwJAFklyR1uZ/wPJjj611cdBcztlPdqoxssQGnh85BzCj/u3WqBpE2vjvyyvyI5k\nX6zk7S0ljKtt2jny2+00VsBerQJBAJGC1Mg5Oydo5NwD6BiROrPxGo2bpTbu/fhrT8ebHkTz2epl\nU9VQQSQzY1oZMVX8i1m5WUTLPz2yLJIBQVdXqhMCQBGoiuSoSjafUhV7i1cEGpb88h5NBYZzWXGZ\n37sJ5QsW+sJyoNde3xH8vdXhzU7eT82D6X/scw9RZz+/6rCJ4p0=\n-----ENDRSAPRIVATEKEY-----","type":"PRIVATE"}],"cloudProviderName":"exogeni"}' http://localhost:8080/drip-api/configuration
 //    curl -H "Content-Type: application/json" -X POST -d '{"key":"AKISAKISAKIS","keyIdAlias":"6J76J76J76J76J76J76J7","logineKys":[{"attributes":{"domain_name":"California"},"type":"PUBLIC","key":"-----BEGINRSAPRIVATEKEY-----\nMIIEpQIBAAKCAQEA3Tz2mr7SZiAMfQyuvBjM9Oi..Z1BjP5CE/Wm/Rr500P\nRK+Lh9x5eJPo5CAZ3/ANBE0sTK0ZsDGMak2m1g7..3VHqIxFTz0Ta1d+NAj\nwnLe4nOb7/eEJbDPkk05ShhBrJGBKKxb8n104o/..PdzbFMIyNjJzBM2o5y\n5A13wiLitEO7nco2WfyYkQzaxCw0AwzlkVHiIyC..71pSzkv6sv+4IDMbT/\nXpCo8L6wTarzrywnQsh+etLD6FtTjYbbrvZ8RQM..Hg2qxraAV++HNBYmNW\ns0duEdjUbJK+ZarypXI9TtnS4o1Ckj7POfljiQI..IBAFyidxtqRQyv5KrD\nkbJ+q+rsJxQlaipn2M4lGuQJEfIxELFDyd3XpxP..Un/82NZNXlPmRIopXs\n2T91jiLZEUKQw+n73j26adTbteuEaPGSrTZxBLR..yssO0wWomUyILqVeti\n6AkL0NJAuKcucHGqWVgUIa4g1haE0ilcm6dWUDo..fd+PpzdCJf1s4NdUWK\nYV2GJcutGQb+jqT5DTUqAgST7N8M28rwjK6nVMI..BUpP0xpPnuYDyPOw6x\n4hBt8DZQYyduzIXBXRBKNiNdv8fum68/5klHxp6..4HRkMUL958UVeljUsT\nBFQlO9UCgYEA/VqzXVzlz8K36VSTMPEhB5zBATV..PRiXtYK1YpYV4/jSUj\nvvT4hP8uoYNC+BlEMi98LtnxZIh0V4rqHDsScAq..VyeSLH0loKMZgpwFEm\nbEIDnEOD0nKrfT/9K9sPYgvB43wsLEtUujaYw3W..Liy0WKmB8CgYEA34xn\n1QlOOhHBn9Z8qYjoDYhvcj+a89tD9eMPhesfQFw..rsfGcXIonFmWdVygbe\n6Doihc+GIYIq/QP4jgMksE1ADvczJSke92ZfE2i..fitBpQERNJO0BlabfP\nALs5NssKNmLkWS2U2BHCbv4DzDXwiQB37KPOL1c..kBHfF2/htIs20d1UVL\n+PK+aXKwguI6bxLGZ3of0UH+mGsSl0mkp7kYZCm..OTQtfeRqP8rDSC7DgA\nkHc5ajYqh04AzNFaxjRo+M3IGICUaOdKnXd0Fda..QwfoaX4QlRTgLqb7AN\nZTzM9WbmnYoXrx17kZlT3lsCgYEAm757XI3WJVj..WoLj1+v48WyoxZpcai\nuv9bT4Cj+lXRS+gdKHK+SH7J3x2CRHVS+WH/SVC..DxuybvebDoT0TkKiCj\nBWQaGzCaJqZa+POHK0klvS+9ln0/6k539p95tfX..X4TCzbVG6+gJiX0ysz\nYfehn5MCgYEAkMiKuWHCsVyCab3RUf6XA9gd3qY..fCTIGtS1tR5PgFIV+G\nengiVoWc/hkj8SBHZz1n1xLN7KDf8ySU06MDggB..hJ+gXJKy+gf3mF5Kmj\nDtkpjGHQzPF6vOe907y5NQLvVFGXUq/FIJZxB8k..fJdHEm2M4=\n-----ENDRSAPRIVATEKEY-----"},{"attributes":{"domain_name":"Virginia"},"type":"PUBLIC","key":"-----BEGINRSAPRIVATEKEY-----\nMIICXAIBAAKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0FPqri0cb2JZfXJ/DgYSF6vUp\nwmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/3j+skZ6UtW+5u09lHNsj6tQ5\n1s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQABAoGAFijko56+qGyN8M0RVyaRAXz++xTqHBLh\n3tx4VgMtrQ+WEgCjhoTwo23KMBAuJGSYnRmoBZM3lMfTKevIkAidPExvYCdm5dYq3XToLkkLv5L2\npIIVOFMDG+KESnAFV7l2c+cnzRMW0+b6f8mR1CJzZuxVLL6Q02fvLi55/mbSYxECQQDeAw6fiIQX\nGukBI4eMZZt4nscy2o12KyYner3VpoeE+Np2q+Z3pvAMd/aNzQ/W9WaI+NRfcxUJrmfPwIGm63il\nAkEAxCL5HQb2bQr4ByorcMWm/hEP2MZzROV73yF41hPsRC9m66KrheO9HPTJuo3/9s5p+sqGxOlF\nL0NDt4SkosjgGwJAFklyR1uZ/wPJjj611cdBcztlPdqoxssQGnh85BzCj/u3WqBpE2vjvyyvyI5k\nX6zk7S0ljKtt2jny2+00VsBerQJBAJGC1Mg5Oydo5NwD6BiROrPxGo2bpTbu/fhrT8ebHkTz2epl\nU9VQQSQzY1oZMVX8i1m5WUTLPz2yLJIBQVdXqhMCQBGoiuSoSjafUhV7i1cEGpb88h5NBYZzWXGZ\n37sJ5QsW+sJyoNde3xH8vdXhzU7eT82D6X/scw9RZz+/6rCJ4p0=\n-----ENDRSAPRIVATEKEY-----"}],"cloudProviderName":"ec2"}'
     @RequestMapping(method = RequestMethod.POST)
     public @ResponseBody
@@ -49,12 +49,12 @@ public class CloudConfigurationController {
         return cc.getId();
     }
 
-    @RequestMapping(value = "/cloud/{id}", method = RequestMethod.GET)
+    @RequestMapping(value = "/{id}", method = RequestMethod.GET)
     public CloudCredentials get(@PathVariable("id") String id) {
         return cloudCredentialsDao.findOne(id);
     }
 
-    @RequestMapping(value = "/cloud/ids")
+    @RequestMapping(value = "/ids")
     public @ResponseBody
     List<String> getIds() {
         List<CloudCredentials> all = cloudCredentialsDao.findAll();

drip-api/src/main/java/nl/uva/sne/drip/api/rest/PlannerController.java

@@ -49,7 +49,7 @@ import nl.uva.sne.drip.api.dao.ToscaDao;
  * @author S. Koulouzis
  */
 @RestController
-@RequestMapping("/rest/planner")
+@RequestMapping("/planner")
 @Component
 public class PlannerController {
 

drip-api/src/main/java/nl/uva/sne/drip/api/rest/ToscaController.java

@@ -42,7 +42,7 @@ import nl.uva.sne.drip.api.dao.ToscaDao;
  * @author S. Koulouzis
  */
 @RestController
-@RequestMapping("/rest/tosca")
+@RequestMapping("/tosca")
 @Component
 public class ToscaController {
 
@@ -51,7 +51,7 @@ public class ToscaController {
     @Autowired
     private ToscaDao dao;
 
-//    curl -X POST -F "file=@DRIP/input.yaml" localhost:8080/drip-api/rest/upload
+//    curl -X POST -F "file=@DRIP/input.yaml" localhost:8080/drip-api/upload
     @RequestMapping(value = "/upload", method = RequestMethod.POST)
     public @ResponseBody
     String toscaUpload(@RequestParam("file") MultipartFile file) {
@@ -87,7 +87,7 @@ public class ToscaController {
         return null;
     }
 
-//    curl http://localhost:8080/drip-api/rest/tosca/589e1160d9925f9dc127e882/?fromat=yaml
+//    curl http://localhost:8080/drip-api/tosca/589e1160d9925f9dc127e882/?fromat=yaml
     @RequestMapping(value = "/{id}", method = RequestMethod.GET, params = {"fromat"})
     public @ResponseBody
     String get(@PathVariable("id") String id, @RequestParam(value = "fromat") String fromat) {
@@ -112,7 +112,7 @@ public class ToscaController {
         return null;
     }
 
-//    http://localhost:8080/drip-api/rest/tosca/ids
+//    http://localhost:8080/drip-api/tosca/ids
     @RequestMapping(value = "/ids")
     public @ResponseBody
     List<String> getIds() {

drip-api/src/main/java/nl/uva/sne/drip/api/rest/UserController.java

@@ -17,6 +17,7 @@ package nl.uva.sne.drip.api.rest;
 
 import java.util.logging.Level;
 import java.util.logging.Logger;
+import javax.annotation.security.RolesAllowed;
 import nl.uva.sne.drip.commons.types.User;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
@@ -25,32 +26,35 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestController;
-import nl.uva.sne.drip.api.dao.UserDao;
+import nl.uva.sne.drip.api.service.UserService;
 
 /**
  *
  * @author S. Koulouzis
  */
+//@CrossOrigin(origins = "http://domain2.com", maxAge = 3600)
 @RestController
 @RequestMapping("/user/")
 @Component
 public class UserController {
 
     @Autowired
-    private UserDao userRepository;
+    private UserService service;
 
     @RequestMapping(value = "/register", method = RequestMethod.POST)
+    @RolesAllowed({UserService.ADMIN})
     public @ResponseBody
     String register(User user) {
-        userRepository.save(user);
-        return "registration";
+        service.getDao().save(user);
+        return user.getId();
     }
 
     @RequestMapping(value = "/{id}", method = RequestMethod.GET)
+    @RolesAllowed({UserService.ADMIN})
     public @ResponseBody
     User get(@PathVariable("id") String id) {
         try {
-            return userRepository.findOne(id);
+            return service.getDao().findOne(id);
         } catch (Exception ex) {
             Logger.getLogger(UserController.class.getName()).log(Level.SEVERE, null, ex);
         }

drip-api/src/main/java/nl/uva/sne/drip/api/rest/UserPublicKeysController.java

@@ -38,14 +38,14 @@ import org.springframework.web.bind.annotation.PathVariable;
  * @author S. Koulouzis
  */
 @RestController
-@RequestMapping("/rest/user_key")
+@RequestMapping("/user_key")
 @Component
 public class UserPublicKeysController {
 
     @Autowired
     private UserKeyDao dao;
 
-//    curl -v -X POST -F "file=@.ssh/id_dsa.pub" localhost:8080/drip-api/rest/user_key/upload
+//    curl -v -X POST -F "file=@.ssh/id_dsa.pub" localhost:8080/drip-api/user_key/upload
     @RequestMapping(value = "/upload", method = RequestMethod.POST)
     public @ResponseBody
     String uploadUserPublicKeys(@RequestParam("file") MultipartFile file) {
@@ -70,7 +70,7 @@ public class UserPublicKeysController {
     }
 
     
-//    curl -H "Content-Type: application/json" -X POST -d  '{"key":"ssh-rsa AAAAB3NzaDWBqs75i849MytgwgQcRYMcsXIki0yeYTKABH6JqoiyFBHtYlyh/EV1t6cujb9LyNP4J5EN4fPbtwKYvxecd0LojSPxl4wjQlfrHyg6iKUYB7hVzGqACMvgYZHrtHPfrdEmOGPplPVPpoaX2j+u0BZ0yYhrWMKjzyYZKa68yy5N18+Gq+1p83HfUDwIU9wWaUYdgEvDujqF6b8p3z6LDx9Ob+RanSMZSt+b8eZRcd+F2Oy/gieJEJ8kc152VIOv8UY1xB3hVEwVnSRGgrAsa+9PChfF6efXUGWiKf8KBlWgBOYsSTsOY4ks9zkXMnbcTdC+o7xspOkyIcWjv us@u\n","name":"id_rsa.pub"}' localhost:8080/drip-api/rest/user_key/
+//    curl -H "Content-Type: application/json" -X POST -d  '{"key":"ssh-rsa AAAAB3NzaDWBqs75i849MytgwgQcRYMcsXIki0yeYTKABH6JqoiyFBHtYlyh/EV1t6cujb9LyNP4J5EN4fPbtwKYvxecd0LojSPxl4wjQlfrHyg6iKUYB7hVzGqACMvgYZHrtHPfrdEmOGPplPVPpoaX2j+u0BZ0yYhrWMKjzyYZKa68yy5N18+Gq+1p83HfUDwIU9wWaUYdgEvDujqF6b8p3z6LDx9Ob+RanSMZSt+b8eZRcd+F2Oy/gieJEJ8kc152VIOv8UY1xB3hVEwVnSRGgrAsa+9PChfF6efXUGWiKf8KBlWgBOYsSTsOY4ks9zkXMnbcTdC+o7xspOkyIcWjv us@u\n","name":"id_rsa.pub"}' localhost:8080/drip-api/user_key/
     @RequestMapping(method = RequestMethod.POST)
     public @ResponseBody
     String postConf(UserPublicKey uk) throws JSONException {
@@ -80,13 +80,13 @@ public class UserPublicKeysController {
         return uk.getId();
     }
 
-    //curl localhost:8080/drip-api/rest/user_key/58a20be263d4a5898835676e
+    //curl localhost:8080/drip-api/user_key/58a20be263d4a5898835676e
     @RequestMapping(value = "/{id}", method = RequestMethod.GET)
     public UserPublicKey get(@PathVariable("id") String id) {
         return dao.findOne(id);
     }
 
-//    localhost:8080/drip-api/rest/user_key/ids
+//    localhost:8080/drip-api/user_key/ids
     @RequestMapping(value = "/ids")
     public @ResponseBody
     List<String> getIds() {

drip-api/src/main/java/nl/uva/sne/drip/api/service/UserService.java

@@ -15,22 +15,14 @@
  */
 package nl.uva.sne.drip.api.service;
 
-import java.util.Collection;
-import java.util.HashSet;
-import java.util.Set;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import nl.uva.sne.drip.api.dao.UserDao;
 import nl.uva.sne.drip.commons.types.User;
-import nl.uva.sne.drip.commons.types.UserRole;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
-import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 
 /**
@@ -40,12 +32,41 @@ import org.springframework.stereotype.Service;
 @Service
 public class UserService implements UserDetailsService {
 
+    public static final String ADMIN = "ADMIN";
+
     @Autowired
     UserDao dao;
 
     @Override
     public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
         try {
+//            dao.deleteAll();
+//            User u = new User();
+//            u.setAccountNonExpired(true);
+//            u.setAccountNonLocked(true);
+//            Collection<GrantedAuthority> athorities = new HashSet<>();
+//            GrantedAuthority ga = new SimpleGrantedAuthority("ROLE_USER");
+//            athorities.add(ga);
+//            u.setAthorities(athorities);
+//            u.setCredentialsNonExpired(true);
+//            u.setEnabled(true);
+//            u.setPassword(new BCryptPasswordEncoder().encode("123"));
+//            u.setUsername(username);
+//            dao.save(u);
+//
+//            User u2 = new User();
+//            u2.setAccountNonExpired(true);
+//            u2.setAccountNonLocked(true);
+//            athorities = new HashSet<>();
+//            ga = new SimpleGrantedAuthority("ROLE_ADMIN");
+//            athorities.add(ga);
+//            u2.setAthorities(athorities);
+//            u2.setCredentialsNonExpired(true);
+//            u2.setEnabled(true);
+//            u2.setPassword(new BCryptPasswordEncoder().encode("admin"));
+//            u2.setUsername("admin");
+//            dao.save(u2);
+
             User user = dao.findByUsername(username);
             return user;
         } catch (Exception ex) {
@@ -53,4 +74,8 @@ public class UserService implements UserDetailsService {
         }
         return null;
     }
+
+    public UserDao getDao() {
+        return dao;
+    }
 }

drip-api/src/test/java/nl/uva/sne/drip/rest/RESTTest.java

@@ -49,7 +49,7 @@ public class RESTTest {
 
     @BeforeClass
     public static void setUpClass() throws URISyntaxException {
-        url = new URI("http://localhost:8080/drip-api/rest/upload");
+        url = new URI("http://localhost:8080/drip-api/upload");
         toscaFile = new File("./etc/input.yaml");
     }
 

drip-commons/src/main/java/nl/uva/sne/drip/commons/types/User.java

@@ -17,12 +17,10 @@ package nl.uva.sne.drip.commons.types;
 
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import java.util.Collection;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.annotation.Id;
 import org.springframework.data.mongodb.core.mapping.Document;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 
 /**
  *