Remove unused AzureMapsController, clean up commented decode logic, and introduce @PreAuthorize annotations in controllers to enforce role-based access controls.

src/main/java/de/avatic/lcc/controller/calculation/DashboardController.java

@@ -3,6 +3,7 @@ package de.avatic.lcc.controller.calculation;
 import de.avatic.lcc.dto.calculation.execution.CalculationProcessingOverviewDTO;
 import de.avatic.lcc.service.calculation.execution.CalculationJobProcessorManagementService;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
@@ -18,6 +19,7 @@ public class DashboardController {
     }
 
     @GetMapping({"/", ""})
+    @PreAuthorize("hasAnyRole('SUPER', 'CALCULATION')")
     public ResponseEntity<CalculationProcessingOverviewDTO> getDashboardData() {
         return ResponseEntity.ok(calculationJobProcessorManagementService.getCalculationOverview());
     }

src/main/java/de/avatic/lcc/controller/calculation/PremiseController.java

@@ -83,7 +83,6 @@ public class PremiseController {
     public ResponseEntity<PremiseSearchResultDTO> findMaterialsAndSuppliers(@RequestParam String search) {
 
         try {
-//            String decodedValue = URLDecoder.decode(search, StandardCharsets.UTF_8);
             return ResponseEntity.ok(premiseSearchStringAnalyzerService.findMaterialAndSuppliers(search));
         } catch (Exception e) {
             throw new BadRequestException("Bad string encoding", "Unable to decode request", e);
@@ -217,5 +216,4 @@ public class PremiseController {
     }
 
 
-
 }

src/main/java/de/avatic/lcc/controller/configuration/AppsController.java

@@ -4,6 +4,7 @@ import com.azure.core.annotation.BodyParam;
 import de.avatic.lcc.dto.configuration.apps.AppDTO;
 import de.avatic.lcc.service.apps.AppsService;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import java.util.List;
@@ -16,21 +17,23 @@ public class AppsController {
     private final AppsService appsService;
 
     public AppsController(AppsService appsService) {
-
         this.appsService = appsService;
     }
 
     @GetMapping({"", "/"})
+    @PreAuthorize("hasRole('SERVICE')")
     public ResponseEntity<List<AppDTO>> listApps() {
         return ResponseEntity.ok(appsService.listApps());
     }
 
     @PostMapping({"", "/"})
+    @PreAuthorize("hasRole('SERVICE')")
     public ResponseEntity<AppDTO> updateApp(@RequestBody AppDTO dto) {
         return ResponseEntity.ok(appsService.updateApp(dto));
     }
 
     @DeleteMapping({"/{id}", "/{id}/"})
+    @PreAuthorize("hasRole('SERVICE')")
     public ResponseEntity<Void> deleteApp(@PathVariable Integer id) {
         appsService.deleteApp(id);
         return ResponseEntity.ok().build();

src/main/java/de/avatic/lcc/controller/configuration/CalculationDumpController.java

@@ -5,6 +5,7 @@ import de.avatic.lcc.repositories.error.DumpRepository;
 import de.avatic.lcc.repositories.pagination.SearchQueryPagination;
 import jakarta.validation.constraints.Min;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import java.util.List;
@@ -20,11 +21,13 @@ public class CalculationDumpController {
     }
 
     @GetMapping({"/dump/{id}", "/dump/{id}/"})
+    @PreAuthorize("hasRole('SERVICE')")
     public ResponseEntity<CalculationJobDumpDTO> getDump(@PathVariable Integer id) {
         return ResponseEntity.ok(dumpRepository.getDump(id));
     }
 
     @GetMapping({"/dump/", "/dump"})
+    @PreAuthorize("hasRole('SERVICE')")
     public ResponseEntity<List<CalculationJobDumpDTO>> listDumps(
             @RequestParam(defaultValue = "20") @Min(1) int limit,
             @RequestParam(defaultValue = "1") @Min(1) int page) {

src/main/java/de/avatic/lcc/controller/maps/AzureMapsController.java

@@ -1,48 +0,0 @@
-package de.avatic.lcc.controller.maps;
-
-import com.azure.core.credential.AccessToken;
-import com.azure.identity.DefaultAzureCredentialBuilder;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.http.ResponseEntity;
-import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
-
-import java.time.OffsetDateTime;
-import java.util.HashMap;
-import java.util.Map;
-
-@RestController
-@RequestMapping("/api/maps")
-public class AzureMapsController {
-
-    @Value("${azure.maps.client.id}")
-    private String mapsClientId;
-
-    @Value("${azure.maps.subscription.key}")
-    private String mapsSubscriptionKey;
-
-    @GetMapping("/token")
-    @PreAuthorize("isAuthenticated()")
-    public ResponseEntity<Map<String, Object>> getAzureMapsToken() {
-        try {
-            // Verwende die DefaultAzureCredential für die Authentifizierung
-            var credential = new DefaultAzureCredentialBuilder().build();
-
-            // Fordere ein Token für Azure Maps an
-            AccessToken token = credential.getToken(
-                    new com.azure.core.credential.TokenRequestContext()
-                            .addScopes("https://atlas.microsoft.com/.default")
-            ).block();
-
-            Map<String, Object> response = new HashMap<>();
-            response.put("token", token.getToken());
-            response.put("expiresOn", token.getExpiresAt().toEpochSecond());
-
-            return ResponseEntity.ok(response);
-        } catch (Exception e) {
-            return ResponseEntity.internalServerError().build();
-        }
-    }
-}