Added basic authentication

ce2a5b04 · Spiros Koulouzis · 63ca2d65 · ce2a5b04 · ce2a5b04 · ce2a5b04
Commit ce2a5b04 authored Feb 15, 2017 by Spiros Koulouzis
10 changed files
--- a/drip-api/src/main/java/nl/uva/sne/drip/api/auth/AuthFilter.java
+++ b/drip-api/src/main/java/nl/uva/sne/drip/api/auth/AuthFilter.java
+/*
+ * Copyright 2017 S. Koulouzis, Wang Junchao, Huan Zhou, Yang Hu 
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package nl.uva.sne.drip.api.auth;
+
+import java.io.IOException;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import org.springframework.web.filter.GenericFilterBean;
+
+/**
+ *
+ * @author S. Koulouzis
+ */
+public class AuthFilter extends GenericFilterBean {
+
+    @Override
+    public void doFilter(
+            ServletRequest request,
+            ServletResponse response,
+            FilterChain chain) throws IOException, ServletException {
+        chain.doFilter(request, response);
+    }
+}
--- a/drip-api/src/main/java/nl/uva/sne/drip/api/auth/MyBasicAuthenticationEntryPoint.java
+++ b/drip-api/src/main/java/nl/uva/sne/drip/api/auth/MyBasicAuthenticationEntryPoint.java
+/*
+ * Copyright 2017 S. Koulouzis, Wang Junchao, Huan Zhou, Yang Hu 
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package nl.uva.sne.drip.api.auth;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
+import org.springframework.stereotype.Component;
+
+/**
+ *
+ * @author S. Koulouzis
+ */
+@Component
+public class MyBasicAuthenticationEntryPoint extends BasicAuthenticationEntryPoint {
+
+    @Override
+    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authEx)
+            throws IOException, ServletException {
+
+        response.addHeader("WWW-Authenticate", "Basic realm=" + getRealmName() + "");
+        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+        PrintWriter writer = response.getWriter();
+        writer.println("HTTP Status 401 - " + authEx.getMessage());
+    }
+
+    @Override
+    public void afterPropertiesSet() throws Exception {
+        setRealmName("DRIPs");
+        super.afterPropertiesSet();
+    }
+}
--- a/drip-api/src/main/java/nl/uva/sne/drip/api/conf/SecurityConfig.java
+++ b/drip-api/src/main/java/nl/uva/sne/drip/api/conf/SecurityConfig.java
@@ -15,16 +15,22 @@
 */
 package nl.uva.sne.drip.api.conf;

+import nl.uva.sne.drip.api.auth.MyBasicAuthenticationEntryPoint;
+import nl.uva.sne.drip.api.auth.AuthFilter;
 import nl.uva.sne.drip.api.service.UserService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.BeanIds;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;

 /**
 *
@@ -38,19 +44,43 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    UserService userService;

+//    @Autowired
+//    BasicAuthenticationFilter authenticationFilter;
+    @Autowired
+    private MyBasicAuthenticationEntryPoint authenticationEntryPoint;
+
    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userService).passwordEncoder(passwordEncoder());
    }

-//    @Override
-//    protected void configure(HttpSecurity http) throws Exception {
-////        http.authorizeRequests().antMatchers("/**").hasRole("USER").and().formLogin();
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+//        http.authorizeRequests().antMatchers("/**").hasRole("USER");
 //        http.csrf().disable();
-//    }
+        http
+                //                .addFilterBefore(authenticationFilter, BasicAuthenticationFilter.class)
+                .csrf().disable()
+                .authorizeRequests()
+                .antMatchers("/user/*").hasRole("USER")
+                .and()
+                .authorizeRequests()
+                .antMatchers("/manager/*").hasRole("ADMIN")
+                .and()
+                .formLogin()
+                .and()
+                .httpBasic()
+                .authenticationEntryPoint(authenticationEntryPoint);
+
+        http.addFilterAfter(new AuthFilter(), BasicAuthenticationFilter.class);
+
+    }
+
    @Bean
    public PasswordEncoder passwordEncoder() {
        PasswordEncoder encoder = new BCryptPasswordEncoder();
        return encoder;
    }
+
+
 }
--- a/drip-api/src/main/java/nl/uva/sne/drip/api/rest/CloudConfigurationController.java
+++ b/drip-api/src/main/java/nl/uva/sne/drip/api/rest/CloudConfigurationController.java
@@ -17,6 +17,7 @@ package nl.uva.sne.drip.api.rest;

 import java.util.ArrayList;
 import java.util.List;
+import javax.annotation.security.RolesAllowed;
 import nl.uva.sne.drip.commons.types.CloudCredentials;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
@@ -25,6 +26,7 @@ import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestController;
 import nl.uva.sne.drip.api.dao.CloudCredentialsDao;
+import nl.uva.sne.drip.api.service.UserService;
 import org.springframework.web.bind.annotation.PathVariable;

 /**
@@ -32,17 +34,17 @@ import org.springframework.web.bind.annotation.PathVariable;
 * @author S. Koulouzis
 */
 @RestController
-@RequestMapping("/configuration/cloud")
+@RequestMapping("/user/configuration/cloud")
 @Component
 public class CloudConfigurationController {

    @Autowired
    private CloudCredentialsDao cloudCredentialsDao;
-    

 //    curl -H "Content-Type: application/json" -X POST -d '{"key":"my_secret_password","keyIdAlias":"geni","logineKys":[{"attributes":null,"key":"-----BEGINRSAPUBLICKEY-----\nMIIBCgKCAQEA+xGZ/wcz9ugFpP07Nspo6U17l0YhFiFpxxU4pTk3Lifz9R3zsIsu\nERwta7+fWIfxOo208ett/jhskiVodSEt3QBGh4XBipyWopKwZ93HHaDVZAALi/2A\n+xTBtWdEo7XGUujKDvC2/aZKukfjpOiUI8AhLAfjmlcD/UZ1QPh0mHsglRNCmpCw\nmwSXA9VNmhz+PiB+Dml4WWnKW/VHo2ujTXxq7+efMU4H2fny3Se3KYOsFPFGZ1TN\nQSYlFuShWrHPtiLmUdPoP6CV2mML1tk+l7DIIqXrQhLUKDACeM5roMx0kLhUWB8P\n+0uj1CNlNN4JRZlC7xFfqiMbFRU9Z4N6YwIDAQAB\n-----ENDRSAPUBLICKEY-----","type":"PUBLIC"},{"attributes":null,"key":"-----BEGINRSAPRIVATEKEY-----\nMIICXAIBAAKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0FPqri0cb2JZfXJ/DgYSF6vUp\nwmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/3j+skZ6UtW+5u09lHNsj6tQ5\n1s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQABAoGAFijko56+qGyN8M0RVyaRAXz++xTqHBLh\n3tx4VgMtrQ+WEgCjhoTwo23KMBAuJGSYnRmoBZM3lMfTKevIkAidPExvYCdm5dYq3XToLkkLv5L2\npIIVOFMDG+KESnAFV7l2c+cnzRMW0+b6f8mR1CJzZuxVLL6Q02fvLi55/mbSYxECQQDeAw6fiIQX\nGukBI4eMZZt4nscy2o12KyYner3VpoeE+Np2q+Z3pvAMd/aNzQ/W9WaI+NRfcxUJrmfPwIGm63il\nAkEAxCL5HQb2bQr4ByorcMWm/hEP2MZzROV73yF41hPsRC9m66KrheO9HPTJuo3/9s5p+sqGxOlF\nL0NDt4SkosjgGwJAFklyR1uZ/wPJjj611cdBcztlPdqoxssQGnh85BzCj/u3WqBpE2vjvyyvyI5k\nX6zk7S0ljKtt2jny2+00VsBerQJBAJGC1Mg5Oydo5NwD6BiROrPxGo2bpTbu/fhrT8ebHkTz2epl\nU9VQQSQzY1oZMVX8i1m5WUTLPz2yLJIBQVdXqhMCQBGoiuSoSjafUhV7i1cEGpb88h5NBYZzWXGZ\n37sJ5QsW+sJyoNde3xH8vdXhzU7eT82D6X/scw9RZz+/6rCJ4p0=\n-----ENDRSAPRIVATEKEY-----","type":"PRIVATE"}],"cloudProviderName":"exogeni"}' http://localhost:8080/drip-api/configuration
 //    curl -H "Content-Type: application/json" -X POST -d '{"key":"AKISAKISAKIS","keyIdAlias":"6J76J76J76J76J76J76J7","logineKys":[{"attributes":{"domain_name":"California"},"type":"PUBLIC","key":"-----BEGINRSAPRIVATEKEY-----\nMIIEpQIBAAKCAQEA3Tz2mr7SZiAMfQyuvBjM9Oi..Z1BjP5CE/Wm/Rr500P\nRK+Lh9x5eJPo5CAZ3/ANBE0sTK0ZsDGMak2m1g7..3VHqIxFTz0Ta1d+NAj\nwnLe4nOb7/eEJbDPkk05ShhBrJGBKKxb8n104o/..PdzbFMIyNjJzBM2o5y\n5A13wiLitEO7nco2WfyYkQzaxCw0AwzlkVHiIyC..71pSzkv6sv+4IDMbT/\nXpCo8L6wTarzrywnQsh+etLD6FtTjYbbrvZ8RQM..Hg2qxraAV++HNBYmNW\ns0duEdjUbJK+ZarypXI9TtnS4o1Ckj7POfljiQI..IBAFyidxtqRQyv5KrD\nkbJ+q+rsJxQlaipn2M4lGuQJEfIxELFDyd3XpxP..Un/82NZNXlPmRIopXs\n2T91jiLZEUKQw+n73j26adTbteuEaPGSrTZxBLR..yssO0wWomUyILqVeti\n6AkL0NJAuKcucHGqWVgUIa4g1haE0ilcm6dWUDo..fd+PpzdCJf1s4NdUWK\nYV2GJcutGQb+jqT5DTUqAgST7N8M28rwjK6nVMI..BUpP0xpPnuYDyPOw6x\n4hBt8DZQYyduzIXBXRBKNiNdv8fum68/5klHxp6..4HRkMUL958UVeljUsT\nBFQlO9UCgYEA/VqzXVzlz8K36VSTMPEhB5zBATV..PRiXtYK1YpYV4/jSUj\nvvT4hP8uoYNC+BlEMi98LtnxZIh0V4rqHDsScAq..VyeSLH0loKMZgpwFEm\nbEIDnEOD0nKrfT/9K9sPYgvB43wsLEtUujaYw3W..Liy0WKmB8CgYEA34xn\n1QlOOhHBn9Z8qYjoDYhvcj+a89tD9eMPhesfQFw..rsfGcXIonFmWdVygbe\n6Doihc+GIYIq/QP4jgMksE1ADvczJSke92ZfE2i..fitBpQERNJO0BlabfP\nALs5NssKNmLkWS2U2BHCbv4DzDXwiQB37KPOL1c..kBHfF2/htIs20d1UVL\n+PK+aXKwguI6bxLGZ3of0UH+mGsSl0mkp7kYZCm..OTQtfeRqP8rDSC7DgA\nkHc5ajYqh04AzNFaxjRo+M3IGICUaOdKnXd0Fda..QwfoaX4QlRTgLqb7AN\nZTzM9WbmnYoXrx17kZlT3lsCgYEAm757XI3WJVj..WoLj1+v48WyoxZpcai\nuv9bT4Cj+lXRS+gdKHK+SH7J3x2CRHVS+WH/SVC..DxuybvebDoT0TkKiCj\nBWQaGzCaJqZa+POHK0klvS+9ln0/6k539p95tfX..X4TCzbVG6+gJiX0ysz\nYfehn5MCgYEAkMiKuWHCsVyCab3RUf6XA9gd3qY..fCTIGtS1tR5PgFIV+G\nengiVoWc/hkj8SBHZz1n1xLN7KDf8ySU06MDggB..hJ+gXJKy+gf3mF5Kmj\nDtkpjGHQzPF6vOe907y5NQLvVFGXUq/FIJZxB8k..fJdHEm2M4=\n-----ENDRSAPRIVATEKEY-----"},{"attributes":{"domain_name":"Virginia"},"type":"PUBLIC","key":"-----BEGINRSAPRIVATEKEY-----\nMIICXAIBAAKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0FPqri0cb2JZfXJ/DgYSF6vUp\nwmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/3j+skZ6UtW+5u09lHNsj6tQ5\n1s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQABAoGAFijko56+qGyN8M0RVyaRAXz++xTqHBLh\n3tx4VgMtrQ+WEgCjhoTwo23KMBAuJGSYnRmoBZM3lMfTKevIkAidPExvYCdm5dYq3XToLkkLv5L2\npIIVOFMDG+KESnAFV7l2c+cnzRMW0+b6f8mR1CJzZuxVLL6Q02fvLi55/mbSYxECQQDeAw6fiIQX\nGukBI4eMZZt4nscy2o12KyYner3VpoeE+Np2q+Z3pvAMd/aNzQ/W9WaI+NRfcxUJrmfPwIGm63il\nAkEAxCL5HQb2bQr4ByorcMWm/hEP2MZzROV73yF41hPsRC9m66KrheO9HPTJuo3/9s5p+sqGxOlF\nL0NDt4SkosjgGwJAFklyR1uZ/wPJjj611cdBcztlPdqoxssQGnh85BzCj/u3WqBpE2vjvyyvyI5k\nX6zk7S0ljKtt2jny2+00VsBerQJBAJGC1Mg5Oydo5NwD6BiROrPxGo2bpTbu/fhrT8ebHkTz2epl\nU9VQQSQzY1oZMVX8i1m5WUTLPz2yLJIBQVdXqhMCQBGoiuSoSjafUhV7i1cEGpb88h5NBYZzWXGZ\n37sJ5QsW+sJyoNde3xH8vdXhzU7eT82D6X/scw9RZz+/6rCJ4p0=\n-----ENDRSAPRIVATEKEY-----"}],"cloudProviderName":"ec2"}'
    @RequestMapping(method = RequestMethod.POST)
+    @RolesAllowed({UserService.USER, UserService.ADMIN})
    public @ResponseBody
    String postConf(CloudCredentials cc) {
        cloudCredentialsDao.save(cc);
@@ -50,11 +52,13 @@ public class CloudConfigurationController {
    }

    @RequestMapping(value = "/{id}", method = RequestMethod.GET)
+    @RolesAllowed({UserService.USER, UserService.ADMIN})
    public CloudCredentials get(@PathVariable("id") String id) {
        return cloudCredentialsDao.findOne(id);
    }

    @RequestMapping(value = "/ids")
+    @RolesAllowed({UserService.USER, UserService.ADMIN})
    public @ResponseBody
    List<String> getIds() {
        List<CloudCredentials> all = cloudCredentialsDao.findAll();

--- a/drip-api/src/main/java/nl/uva/sne/drip/api/rest/PlannerController.java
+++ b/drip-api/src/main/java/nl/uva/sne/drip/api/rest/PlannerController.java
@@ -29,6 +29,7 @@ import java.util.Map;
 import java.util.concurrent.TimeoutException;
 import java.util.logging.Level;
 import java.util.logging.Logger;
+import javax.annotation.security.RolesAllowed;
 import nl.uva.sne.drip.api.rpc.PlannerCaller;
 import nl.uva.sne.drip.commons.types.Message;
 import nl.uva.sne.drip.commons.types.Parameter;
@@ -43,13 +44,14 @@ import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestController;
 import nl.uva.sne.drip.api.dao.ToscaDao;
+import nl.uva.sne.drip.api.service.UserService;

 /**
 *
 * @author S. Koulouzis
 */
 @RestController
-@RequestMapping("/planner")
+@RequestMapping("/user/planner")
 @Component
 public class PlannerController {

@@ -59,6 +61,7 @@ public class PlannerController {
    private ToscaDao dao;

    @RequestMapping(value = "/plan/{tosca_id}", method = RequestMethod.POST)
+    @RolesAllowed({UserService.USER, UserService.ADMIN})
    public @ResponseBody
    String plann(@PathVariable("tosca_id") String toscaId) {
        PlannerCaller planner = null;
@@ -114,14 +117,12 @@ public class PlannerController {
    }

    @RequestMapping(value = "/get", method = RequestMethod.GET)
+    @RolesAllowed({UserService.USER, UserService.ADMIN})
    public Message get() {

        try {

            File tempFile1 = new File("/home/alogo/Downloads/DRIP/input.yaml");
-            
-            
-

            Message message1 = new Message();
            message1.setCreationDate((System.currentTimeMillis()));

--- a/drip-api/src/main/java/nl/uva/sne/drip/api/rest/ToscaController.java
+++ b/drip-api/src/main/java/nl/uva/sne/drip/api/rest/ToscaController.java
@@ -24,6 +24,7 @@ import java.util.Map;
 import java.util.concurrent.TimeoutException;
 import java.util.logging.Level;
 import java.util.logging.Logger;
+import javax.annotation.security.RolesAllowed;
 import nl.uva.sne.drip.commons.utils.Converter;
 import org.json.JSONException;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -36,13 +37,14 @@ import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.multipart.MultipartFile;
 import org.springframework.web.bind.annotation.PathVariable;
 import nl.uva.sne.drip.api.dao.ToscaDao;
+import nl.uva.sne.drip.api.service.UserService;

 /**
 *
 * @author S. Koulouzis
 */
 @RestController
-@RequestMapping("/tosca")
+@RequestMapping("/user/tosca")
 @Component
 public class ToscaController {

@@ -53,6 +55,7 @@ public class ToscaController {

 //    curl -X POST -F "file=@DRIP/input.yaml" localhost:8080/drip-api/upload
    @RequestMapping(value = "/upload", method = RequestMethod.POST)
+    @RolesAllowed({UserService.USER, UserService.ADMIN})
    public @ResponseBody
    String toscaUpload(@RequestParam("file") MultipartFile file) {
        PlannerCaller planner = null;
@@ -89,6 +92,7 @@ public class ToscaController {

 //    curl http://localhost:8080/drip-api/tosca/589e1160d9925f9dc127e882/?fromat=yaml
    @RequestMapping(value = "/{id}", method = RequestMethod.GET, params = {"fromat"})
+    @RolesAllowed({UserService.USER, UserService.ADMIN})
    public @ResponseBody
    String get(@PathVariable("id") String id, @RequestParam(value = "fromat") String fromat) {
        try {
@@ -114,6 +118,7 @@ public class ToscaController {

 //    http://localhost:8080/drip-api/tosca/ids
    @RequestMapping(value = "/ids")
+    @RolesAllowed({UserService.USER, UserService.ADMIN})
    public @ResponseBody
    List<String> getIds() {
        List<ToscaRepresentation> all = dao.findAll();

--- a/drip-api/src/main/java/nl/uva/sne/drip/api/rest/UserController.java
+++ b/drip-api/src/main/java/nl/uva/sne/drip/api/rest/UserController.java
@@ -34,7 +34,7 @@ import nl.uva.sne.drip.api.service.UserService;
 */
 //@CrossOrigin(origins = "http://domain2.com", maxAge = 3600)
 @RestController
-@RequestMapping("/user/")
+@RequestMapping("/manager/user/")
 @Component
 public class UserController {


--- a/drip-api/src/main/java/nl/uva/sne/drip/api/rest/UserPublicKeysController.java
+++ b/drip-api/src/main/java/nl/uva/sne/drip/api/rest/UserPublicKeysController.java
@@ -21,6 +21,7 @@ import java.util.ArrayList;
 import java.util.List;
 import java.util.logging.Level;
 import java.util.logging.Logger;
+import javax.annotation.security.RolesAllowed;
 import org.json.JSONException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
@@ -31,6 +32,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.multipart.MultipartFile;
 import nl.uva.sne.drip.api.dao.UserKeyDao;
+import nl.uva.sne.drip.api.service.UserService;
 import org.springframework.web.bind.annotation.PathVariable;

 /**
@@ -38,7 +40,7 @@ import org.springframework.web.bind.annotation.PathVariable;
 * @author S. Koulouzis
 */
 @RestController
-@RequestMapping("/user_key")
+@RequestMapping("/user/user_key")
 @Component
 public class UserPublicKeysController {

@@ -47,6 +49,7 @@ public class UserPublicKeysController {

 //    curl -v -X POST -F "file=@.ssh/id_dsa.pub" localhost:8080/drip-api/user_key/upload
    @RequestMapping(value = "/upload", method = RequestMethod.POST)
+    @RolesAllowed({UserService.USER, UserService.ADMIN})
    public @ResponseBody
    String uploadUserPublicKeys(@RequestParam("file") MultipartFile file) {
        if (!file.isEmpty()) {
@@ -69,9 +72,9 @@ public class UserPublicKeysController {
        return null;
    }

-    
 //    curl -H "Content-Type: application/json" -X POST -d  '{"key":"ssh-rsa AAAAB3NzaDWBqs75i849MytgwgQcRYMcsXIki0yeYTKABH6JqoiyFBHtYlyh/EV1t6cujb9LyNP4J5EN4fPbtwKYvxecd0LojSPxl4wjQlfrHyg6iKUYB7hVzGqACMvgYZHrtHPfrdEmOGPplPVPpoaX2j+u0BZ0yYhrWMKjzyYZKa68yy5N18+Gq+1p83HfUDwIU9wWaUYdgEvDujqF6b8p3z6LDx9Ob+RanSMZSt+b8eZRcd+F2Oy/gieJEJ8kc152VIOv8UY1xB3hVEwVnSRGgrAsa+9PChfF6efXUGWiKf8KBlWgBOYsSTsOY4ks9zkXMnbcTdC+o7xspOkyIcWjv us@u\n","name":"id_rsa.pub"}' localhost:8080/drip-api/user_key/
    @RequestMapping(method = RequestMethod.POST)
+    @RolesAllowed({UserService.USER, UserService.ADMIN})
    public @ResponseBody
    String postConf(UserPublicKey uk) throws JSONException {
        String name = System.currentTimeMillis() + "_" + uk.getName();
@@ -82,12 +85,14 @@ public class UserPublicKeysController {

    //curl localhost:8080/drip-api/user_key/58a20be263d4a5898835676e
    @RequestMapping(value = "/{id}", method = RequestMethod.GET)
+    @RolesAllowed({UserService.USER, UserService.ADMIN})
    public UserPublicKey get(@PathVariable("id") String id) {
        return dao.findOne(id);
    }

 //    localhost:8080/drip-api/user_key/ids
    @RequestMapping(value = "/ids")
+    @RolesAllowed({UserService.USER, UserService.ADMIN})
    public @ResponseBody
    List<String> getIds() {
        List<UserPublicKey> all = dao.findAll();

--- a/drip-api/src/main/java/nl/uva/sne/drip/api/rest/UserScriptController.java
+++ b/drip-api/src/main/java/nl/uva/sne/drip/api/rest/UserScriptController.java
@@ -15,7 +15,6 @@
 */
 package nl.uva.sne.drip.api.rest;

-import nl.uva.sne.drip.commons.types.UserPublicKey;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
@@ -39,7 +38,7 @@ import org.springframework.web.bind.annotation.PathVariable;
 * @author S. Koulouzis
 */
 @RestController
-@RequestMapping("/rest/user_script")
+@RequestMapping("/user/user_script")
 @Component
 public class UserScriptController {

@@ -70,7 +69,7 @@ public class UserScriptController {
        }
        return null;
    }
-    
+
 //    @RequestMapping(method = RequestMethod.POST)
 //    public @ResponseBody
 //    String postConf(UserScript us) {
@@ -79,7 +78,6 @@ public class UserScriptController {
 //        dao.save(us);
 //        return us.getId();
 //    }
-
    @RequestMapping(value = "/{id}", method = RequestMethod.GET)
    public UserScript get(@PathVariable("id") String id) {
        return dao.findOne(id);

--- a/drip-api/src/main/java/nl/uva/sne/drip/api/service/UserService.java
+++ b/drip-api/src/main/java/nl/uva/sne/drip/api/service/UserService.java
@@ -33,6 +33,7 @@ import org.springframework.stereotype.Service;
 public class UserService implements UserDetailsService {

    public static final String ADMIN = "ADMIN";
+    public static final String USER = "USER";

    @Autowired
    UserDao dao;