added security to picture upload resource

hartmann-foto-documentation-docker/src/main/docker/standalone-fotodocumentation.xml

@@ -144,6 +144,7 @@
         <subsystem xmlns="urn:jboss:domain:core-management:1.0"/>
         <subsystem xmlns="urn:jboss:domain:datasources:7.1">
             <datasources>
+            <!-- Patrick -->
                 <datasource jndi-name="java:/jdbc/fotoDocumentationDS" pool-name="fotoDocumentationDS" enabled="true" use-java-context="true" use-ccm="false">
                     <connection-url>jdbc:postgresql://hartmann_postgres:5432/fotodocumentation</connection-url>
                     <driver>postgres</driver>
@@ -168,6 +169,7 @@
                     <security user-name="sa" password="sa"/>
                 </datasource>
                 <drivers>
+                <!-- Patrick -->
                      <driver name="postgres" module="org.postgresql.jdbc">
                         <xa-datasource-class>org.postgresql.xa.PGXADataSource</xa-datasource-class>
                     </driver>
@@ -300,7 +302,7 @@
 
                 <!-- patrick -->
                 <jdbc-realm name="fotoDocumentationRealm"  >
-                    <principal-query data-source="fotoDocumentationDS" sql="select password, salt, ri.code as Role from x_user u left join role_to_right rtr on rtr.role_id_fk = u.role_id_fk left join x_right ri on rtr.right_id_fk = ri.right_id where username = ?;">
+                    <principal-query data-source="fotoDocumentationDS" sql="select password, salt, ri.code as Role from x_user u left join user_to_right rtr on rtr.user_id_fk = u.user_id left join x_right ri on rtr.right_id_fk = ri.right_id where username = ?;">
                         <salted-simple-digest-mapper algorithm="password-salt-digest-sha-256" password-index="1" salt-index="2" />
                         <attribute-mapping>
                             <attribute to="groups" index="3"/>

hartmann-foto-documentation-docker/src/test/java/marketing/heyday/hartmann/fotodocumentation/rest/CustomerPictureResourceTest.java

@@ -26,8 +26,8 @@ import org.junit.jupiter.api.TestMethodOrder;
  * created: 14 Nov 2024
  */
 @TestMethodOrder(OrderAnnotation.class)
-public class CustomerPictureTest extends AbstractRestTest {
-	private static final Log LOG = LogFactory.getLog(CustomerPictureTest.class);
+public class CustomerPictureResourceTest extends AbstractRestTest {
+	private static final Log LOG = LogFactory.getLog(CustomerPictureResourceTest.class);
 	private static final String PATH = "api/customer-picture";
 	private static final String BASE_UPLOAD = "src/test/resources/upload/";
 
@@ -50,4 +50,18 @@ public class CustomerPictureTest extends AbstractRestTest {
 		int code = httpResponse.getStatusLine().getStatusCode();
 		assertEquals(200, code);
 	}
+	
+	@Test
+	@Order(2)
+	public void doAddCustomerPictureNoAuth() throws IOException {
+		LOG.info("doAddCustomerPicture");
+		
+		String path = deploymentURL + PATH;
+		Request request = Request.Post(path).addHeader("Accept", "application/json; charset=utf-8")
+				.bodyFile(new File(BASE_UPLOAD + "add.json"), ContentType.APPLICATION_JSON);
+
+		HttpResponse httpResponse = executeRequest(request);
+		int code = httpResponse.getStatusLine().getStatusCode();
+		assertEquals(401, code);
+	}
 }