Role based Authentication

ravishanigarapu · ravishanigarapu · commit a2bc6240efb9 · 2025-07-07T09:56:50.000+05:30
diff --git a/src/main/java/com/iemr/ecd/controller/dataupload/DataTemplateController.java b/src/main/java/com/iemr/ecd/controller/dataupload/DataTemplateController.java
@@ -29,6 +29,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -49,6 +50,7 @@
 @RestController
 @RequestMapping(value = "/dataTemplate", headers = "Authorization")
 @CrossOrigin()
+@PreAuthorize("hasRole('SUPERVISOR')")
 public class DataTemplateController {
 
 	@Autowired
diff --git a/src/main/java/com/iemr/ecd/controller/outboundworklist/CallStatisticsController.java b/src/main/java/com/iemr/ecd/controller/outboundworklist/CallStatisticsController.java
@@ -25,6 +25,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -43,6 +44,7 @@
 @RestController
 @RequestMapping(value = "/agent", headers = "Authorization")
 @CrossOrigin()
+@PreAuthorize("hasRole('SUPERVISOR') || hasRole('QUALITY_SUPERVISOR') || hasRole('QUALITY_AUDITOR')")
 public class CallStatisticsController {
 
 	@Autowired
diff --git a/src/main/java/com/iemr/ecd/controller/outboundworklist/OutBoundWorklistController.java b/src/main/java/com/iemr/ecd/controller/outboundworklist/OutBoundWorklistController.java
@@ -28,6 +28,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -49,6 +50,7 @@
 @RestController
 @RequestMapping(value = "/outbound-worklist", headers = "Authorization")
 @CrossOrigin()
+@PreAuthorize("hasRole('ANM') || hasRole('MO') || hasRole('ASSOCIATE')")
 public class OutBoundWorklistController {
 
 	@Autowired
diff --git a/src/main/java/com/iemr/ecd/controller/quality/ChartsController.java b/src/main/java/com/iemr/ecd/controller/quality/ChartsController.java
@@ -27,6 +27,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -45,6 +46,7 @@
 @RestController
 @RequestMapping(value = "/charts", headers = "Authorization")
 @CrossOrigin()
+@PreAuthorize("hasRole('SUPERVISOR') || hasRole('QUALITY_SUPERVISOR') || hasRole('QUALITY_AUDITOR')")
 public class ChartsController {
 
 	@Autowired
diff --git a/src/main/java/com/iemr/ecd/controller/quality/GradeConfigurationController.java b/src/main/java/com/iemr/ecd/controller/quality/GradeConfigurationController.java
@@ -27,6 +27,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -48,6 +49,7 @@
 @RestController
 @RequestMapping(value = "/gradeConfiguration", headers = "Authorization")
 @CrossOrigin()
+@PreAuthorize("hasRole('QUALITY_SUPERVISOR')")
 public class GradeConfigurationController {
 
 	@Autowired
diff --git a/src/main/java/com/iemr/ecd/controller/quality/QualityAuditController.java b/src/main/java/com/iemr/ecd/controller/quality/QualityAuditController.java
@@ -27,6 +27,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -56,6 +57,7 @@
 @RestController
 @RequestMapping(value = "/qualityAudit", headers = "Authorization")
 @CrossOrigin()
+@PreAuthorize("hasRole('QUALITY_AUDITOR')")
 public class QualityAuditController {
 	@Autowired
 	private QualityAuditImpl qualityAuditImpl;
diff --git a/src/main/java/com/iemr/ecd/controller/quality/QualityAuditQuestionConfigurationController.java b/src/main/java/com/iemr/ecd/controller/quality/QualityAuditQuestionConfigurationController.java
@@ -27,6 +27,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -49,6 +50,7 @@
 @RestController
 @RequestMapping(value = "/questionnaireConfiguration", headers = "Authorization")
 @CrossOrigin()
+@PreAuthorize("hasRole('QUALITY_SUPERVISOR') || hasRole('QUALITY_AUDITOR')")
 public class QualityAuditQuestionConfigurationController {
 	@Autowired
 	private QualityAuditQuestionConfigurationImpl qualityAuditQuestionConfigurationImpl;
diff --git a/src/main/java/com/iemr/ecd/controller/quality/QualityAuditSectionConfigurationController.java b/src/main/java/com/iemr/ecd/controller/quality/QualityAuditSectionConfigurationController.java
@@ -27,6 +27,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -48,6 +49,7 @@
 @RestController
 @RequestMapping(value = "/sectionConfiguration", headers = "Authorization")
 @CrossOrigin()
+@PreAuthorize("hasRole('QUALITY_SUPERVISOR') || hasRole('QUALITY_AUDITOR')")
 public class QualityAuditSectionConfigurationController {
 	@Autowired
 	private QualityAuditSectionConfigurationImpl qualityAuditSectionConfigurationImpl;
diff --git a/src/main/java/com/iemr/ecd/controller/quality/SampleSelectionConfigurationController.java b/src/main/java/com/iemr/ecd/controller/quality/SampleSelectionConfigurationController.java
@@ -27,6 +27,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -48,6 +49,7 @@
 @RestController
 @RequestMapping(value = "/sampleSelectionConfiguration", headers = "Authorization")
 @CrossOrigin()
+@PreAuthorize("hasRole('QUALITY_SUPERVISOR') || hasRole('QUALITY_AUDITOR')")
 public class SampleSelectionConfigurationController {
 	@Autowired
 	private SampleSelectionConfigurationImpl sampleSelectionConfigurationImpl;
diff --git a/src/main/java/com/iemr/ecd/repository/masters/RoleRepo.java b/src/main/java/com/iemr/ecd/repository/masters/RoleRepo.java
@@ -35,5 +35,5 @@ public interface RoleRepo extends CrudRepository<Role, Integer> {
 	
 	List<Role> findByPsmIdAndDeleted(Integer psmId, Boolean deleted);
 	@Query(nativeQuery = true,value = "select rolename from m_role where roleid in (select roleid from m_userservicerolemapping where userid=:userID)")
-	String getRoleNamebyUserId(@Param("userID") Long userID);
+	List<String> getRoleNamebyUserId(@Param("userID") Long userID);
 }
diff --git a/src/main/java/com/iemr/ecd/service/masters/MasterServiceImpl.java b/src/main/java/com/iemr/ecd/service/masters/MasterServiceImpl.java
@@ -229,13 +229,13 @@ public List<V_GetUserlangmapping> getLanguageByUserId(Integer userId) throws ECD
 		return v_GetUserlangmappingRepo.findByUserId(userId);
 	}
 
-	public String getUserRole(Long userId) {
+	public List<String> getUserRoles(Long userId) {
 		if (null == userId || userId <= 0) {
 			throw new IllegalArgumentException("Invalid User ID : " + userId);
 		}
 		try {
-			String role = roleRepo.getRoleNamebyUserId(userId);
-			if (null == role || role.trim().isEmpty()) {
+			List<String> role = roleRepo.getRoleNamebyUserId(userId);
+			if (null == role || role.isEmpty()) {
 				throw new ECDException("No role found for userId : " + userId);
 			}
 			return role;
diff --git a/src/main/java/com/iemr/ecd/utils/mapper/RoleAuthenticationFilter.java b/src/main/java/com/iemr/ecd/utils/mapper/RoleAuthenticationFilter.java
@@ -1,6 +1,8 @@
 package com.iemr.ecd.utils.mapper;
 
 import java.util.List;
+import java.util.Objects;
+import java.util.stream.Collectors;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -39,6 +41,7 @@ public class RoleAuthenticationFilter extends OncePerRequestFilter {
 	@Override
 	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
 			throws ServletException, IOException, java.io.IOException {
+		List<String> authRoles = null;
 		try {
 			String jwtFromCookie = CookieUtil.getJwtTokenFromCookie(request);
 			String jwtFromHeader = request.getHeader(Constants.JWT_TOKEN);
@@ -56,17 +59,22 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
 			Object userIdObj = extractAllClaims.get("userId");
 			String userId = userIdObj != null ? userIdObj.toString() : null;
 
-			String authRole = redisService.getUserRoleFromCache(Long.valueOf(userId));
-			if (authRole == null) {
-				String role = userService.getUserRole(Long.valueOf(userId));
-				authRole = "ROLE_" + role.toUpperCase();
-				redisService.cacheUserRole(Long.valueOf(userId), authRole);
+			authRoles = redisService.getUserRoleFromCache(Long.valueOf(userId));
+			if (authRoles == null || authRoles.isEmpty()) {
+			    List<String> roles = userService.getUserRoles(Long.valueOf(userId)); // assuming this returns multiple roles
+			    authRoles = roles.stream()
+			    	    .filter(Objects::nonNull)
+			    	    .map(String::trim)
+			    	    .map(role -> "ROLE_" + role.toUpperCase().replace(" ", "_"))
+			    	    .collect(Collectors.toList());
+			    redisService.cacheUserRoles(Long.valueOf(userId), authRoles);
 			}
 
-			List<GrantedAuthority> authorities = List.of(new SimpleGrantedAuthority(authRole));
+			List<GrantedAuthority> authorities = authRoles.stream()
+			        .map(SimpleGrantedAuthority::new)
+			        .collect(Collectors.toList());
 
-			UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(userId, null,
-					authorities);
+			UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(userId, null, authorities);
 			SecurityContextHolder.getContext().setAuthentication(auth);
 		} catch (Exception e) {
 			logger.error("Authentication filter error for request {}: {}", request.getRequestURI(), e.getMessage());
diff --git a/src/main/java/com/iemr/ecd/utils/redis/RedisStorage.java b/src/main/java/com/iemr/ecd/utils/redis/RedisStorage.java
@@ -22,6 +22,7 @@
 package com.iemr.ecd.utils.redis;
 
 import java.time.Duration;
+import java.util.List;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -100,18 +101,20 @@ public void updateConcurrentSessionObject(String value) {
 	@Autowired
     private RedisTemplate<String, String> redisTemplate;
 
-	public void cacheUserRole(Long userId, String role) {
+	public void cacheUserRoles(Long userId, List<String> roles) {
 		try {
-			redisTemplate.opsForValue().set("role:" + userId, role, Duration.ofHours(1));
+			 String key = "roles:" + userId;
+		        redisTemplate.delete(key); // Clear previous cache
+		        redisTemplate.opsForList().rightPushAll(key, roles);
 		} catch (Exception e) {
 			logger.warn("Failed to cache role for user {} : {} ", userId, e.getMessage());
 		}
 
 	}
 
-	public String getUserRoleFromCache(Long userId) {
+	public List<String> getUserRoleFromCache(Long userId) {
 		try {
-			return redisTemplate.opsForValue().get("role:" + userId);
+			return redisTemplate.opsForList().range("roles:" + userId, 0, -1);
 		} catch (Exception e) {
 			logger.warn("Failed to retrieve cached role for user {} : {} ", userId, e.getMessage());
 			return null;

Original file line number	Diff line number	Diff line change
`@@ -35,5 +35,5 @@ public interface RoleRepo extends CrudRepository<Role, Integer> {`
`35`	`35`
`36`	`36`	`List<Role> findByPsmIdAndDeleted(Integer psmId, Boolean deleted);`
`37`	`37`	`@Query(nativeQuery = true,value = "select rolename from m_role where roleid in (select roleid from m_userservicerolemapping where userid=:userID)")`
`38`		`- String getRoleNamebyUserId(@Param("userID") Long userID);`
	`38`	`+ List<String> getRoleNamebyUserId(@Param("userID") Long userID);`
`39`	`39`	`}`