From 68cee54a256a6ce34d35a6c2fb717a0b8363f3cb Mon Sep 17 00:00:00 2001
From: Lubos Racansky <lubos.racansky@gmail.com>
Date: Tue, 6 Aug 2024 07:02:17 +0200
Subject: [PATCH] Fix #540: Cleanup usage of RequestMapping annotations

---
 docs/RESTful-API-for-Spring.md                | 41 +++++++++----------
 .../controller/ActivationController.java      |  2 +-
 .../spring/controller/RecoveryController.java |  2 +-
 .../controller/SecureVaultController.java     |  2 +-
 .../controller/SignatureController.java       |  2 +-
 5 files changed, 23 insertions(+), 26 deletions(-)

diff --git a/docs/RESTful-API-for-Spring.md b/docs/RESTful-API-for-Spring.md
index 99c67405..42a44ae6 100644
--- a/docs/RESTful-API-for-Spring.md
+++ b/docs/RESTful-API-for-Spring.md
@@ -231,13 +231,12 @@ Note: Controllers that establish a session must not be on a context that is prot
 <!-- end -->
 
 ```java
-@Controller
-@RequestMapping(value = "session")
+@RestController
+@RequestMapping("session")
 public class AuthenticationController {
 
-    @RequestMapping(value = "login", method = RequestMethod.POST)
+    @PostMapping("login")
     @PowerAuth(resourceId = "/session/login")
-    @ResponseBody
     public MyApiResponse login(PowerAuthApiAuthentication auth) {
         if (auth == null) {
             // handle authentication failure
@@ -265,13 +264,12 @@ In case both `@RequestParam` and `@PathVariable` with the same name exist, the v
 Example of using dynamic resource ID:
 
 ```java
-@Controller
-@RequestMapping(value = "secured")
+@RestController
+@RequestMapping("secured")
 public class AuthenticationController {
 
-    @RequestMapping(value = "account/{id}", method = RequestMethod.POST)
+    @PostMapping("account/{id}")
     @PowerAuth(resourceId = "/secured/account/${id}?filter=${filter}")
-    @ResponseBody
     public MyAccountApiResponse changeAccountSettings(
             @PathVariable("id") String accountId, @RequestParam("filter") String filter,  PowerAuthApiAuthentication auth, PowerAuthActivation activation) {
         
@@ -296,15 +294,14 @@ public class AuthenticationController {
 In case you need a more low-level access to the signature verification, you can verify the signature manually using the `PowerAuthAuthenticationProvider` like this:
 
 ```java
-@Controller
-@RequestMapping(value = "session")
+@RestController
+@RequestMapping("session")
 public class AuthenticationController {
 
     @Autowired
     private PowerAuthAuthenticationProvider authenticationProvider;
 
-    @RequestMapping(value = "login", method = RequestMethod.POST)
-    @ResponseBody
+    @PostMapping("login")
     public ObjectResponse<String> login(
             @RequestHeader(value = PowerAuthSignatureHttpHeader.HEADER_NAME, required = true) String signatureHeader,
             HttpServletRequest servletRequest) throws Exception {
@@ -357,16 +354,16 @@ This sample `@Controller` implementation illustrates how to use `@PowerAuthToken
 Please note that token based authentication should be used only for endpoints with lower sensitivity, such as simplified account information for widgets or smart watch, that are also not prone to replay attack.
 
 ```java
-@Controller
-@RequestMapping(value = "secure/account")
+@RestController
+@RequestMapping("secure/account")
 public class AuthenticationController {
 
     @Autowired
     private CustomService service;
 
-    @RequestMapping(value = "widget/balance", method = RequestMethod.GET)
+    @GetMapping("widget/balance")
     @PowerAuthToken
-    public @ResponseBody ObjectResponse<String> getBalance(PowerAuthApiAuthentication apiAuthentication) throws PowerAuthAuthenticationException {
+    public ObjectResponse<String> getBalance(PowerAuthApiAuthentication apiAuthentication) throws PowerAuthAuthenticationException {
         if (apiAuthentication == null) {
             throw new PowerAuthTokenInvalidException();
         } else {
@@ -391,10 +388,10 @@ You can encrypt data in `application` scope (non-personalized) using following p
 
 ```java
 @RestController
-@RequestMapping(value = "/exchange")
+@RequestMapping("/exchange")
 public class EncryptedDataExchangeController {
 
-    @RequestMapping(value = "application", method = RequestMethod.POST)
+    @PostMapping("application")
     @PowerAuthEncryption(scope = EncryptionScope.APPLICATION_SCOPE)
     public DataExchangeResponse exchangeInApplicationScope(@EncryptedRequestBody DataExchangeRequest request,
                                                            EncryptionContext encryptionContext) throws PowerAuthEncryptionException {
@@ -419,10 +416,10 @@ You can encrypt data in `activation` scope (personalized) using following patter
 
 ```java
 @RestController
-@RequestMapping(value = "/exchange")
+@RequestMapping("/exchange")
 public class EncryptedDataExchangeController {
 
-    @RequestMapping(value = "activation", method = RequestMethod.POST)
+    @PostMapping("activation")
     @PowerAuthEncryption(scope = EncryptionScope.ACTIVATION_SCOPE)
     public DataExchangeResponse exchangeInActivationScope(@EncryptedRequestBody DataExchangeRequest request,
                                                           EncryptionContext encryptionContext) throws PowerAuthEncryptionException {
@@ -447,10 +444,10 @@ You can also sign the data before encryption and perform signature verification
 
 ```java
 @RestController
-@RequestMapping(value = "/exchange")
+@RequestMapping("/exchange")
 public class EncryptedDataExchangeController {
 
-    @RequestMapping(value = "signed", method = RequestMethod.POST)
+    @PostMapping("signed")
     @PowerAuth(resourceId = "/exchange/signed")
     @PowerAuthEncryption(scope = EncryptionScope.ACTIVATION_SCOPE)
     public DataExchangeResponse exchangeSignedAndEncryptedData(@EncryptedRequestBody DataExchangeRequest request,
diff --git a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/ActivationController.java b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/ActivationController.java
index 19613619..72853684 100644
--- a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/ActivationController.java
+++ b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/ActivationController.java
@@ -66,7 +66,7 @@
  *
  */
 @RestController("activationControllerV3")
-@RequestMapping(value = "/pa/v3/activation")
+@RequestMapping("/pa/v3/activation")
 public class ActivationController {
 
     private static final Logger logger = LoggerFactory.getLogger(ActivationController.class);
diff --git a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/RecoveryController.java b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/RecoveryController.java
index 0e97c72c..fb208457 100644
--- a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/RecoveryController.java
+++ b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/RecoveryController.java
@@ -50,7 +50,7 @@
  *
  */
 @RestController
-@RequestMapping(value = "/pa/v3/recovery")
+@RequestMapping("/pa/v3/recovery")
 public class RecoveryController {
 
     private static final Logger logger = LoggerFactory.getLogger(RecoveryController.class);
diff --git a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/SecureVaultController.java b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/SecureVaultController.java
index 875c6cc6..72089db0 100644
--- a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/SecureVaultController.java
+++ b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/SecureVaultController.java
@@ -49,7 +49,7 @@
  * @author Roman Strobl, roman.strobl@wultra.com
  */
 @RestController("secureVaultControllerV3")
-@RequestMapping(value = "/pa/v3/vault")
+@RequestMapping("/pa/v3/vault")
 public class SecureVaultController {
 
     private static final Logger logger = LoggerFactory.getLogger(SecureVaultController.class);
diff --git a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/SignatureController.java b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/SignatureController.java
index c54a8645..a3f3b7a8 100644
--- a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/SignatureController.java
+++ b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/SignatureController.java
@@ -42,7 +42,7 @@
  *
  */
 @RestController("signatureControllerV3")
-@RequestMapping(value = "/pa/v3/signature")
+@RequestMapping("/pa/v3/signature")
 public class SignatureController {
 
     /**