spring-boot: fix sonar security issue

generators/spring-boot/templates/src/main/java/_package_/web/rest/AccountResource.java.ejs

@@ -41,6 +41,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.*;
 <%_ if (reactive) { _%>
 import java.util.Objects;
@@ -135,15 +136,15 @@ public class AccountResource {
 
   <%_ if (!authenticationTypeJwt) { _%>
     /**
-     * {@code GET  /authenticate} : check if the user is authenticated, and return its login.
+     * {@code GET  /authenticate} : check if the user is authenticated.
      *
-     * @param principal the authentication principal.
-     * @return the login if the user is authenticated.
+     * @return the {@link ResponseEntity} with status {@code 204 (No Content)},
+     * or with status {@code 401 (Unauthorized)} if not authenticated.
      */
-    @GetMapping(value = "/authenticate", produces = MediaType.TEXT_PLAIN_VALUE)
-    public String isAuthenticated(Principal principal) {
+    @GetMapping("/authenticate")
+    public ResponseEntity<Void> isAuthenticated(Principal principal) {
         LOG.debug("REST request to check if the current user is authenticated");
-        return principal == null ? null : principal.getName();
+        return ResponseEntity.status(principal == null ? HttpStatus.UNAUTHORIZED : HttpStatus.NO_CONTENT).build();
     }
 
   <%_ } _%>

generators/spring-boot/templates/src/main/java/_package_/web/rest/AccountResource_oauth2.java.ejs

@@ -24,7 +24,9 @@ import <%= packageName %>.service.dto.<%= user.adminUserDto %>;
 import java.security.Principal;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -74,14 +76,14 @@ public class AccountResource {
     }
 
     /**
-     * {@code GET  /authenticate} : check if the user is authenticated, and return its login.
+     * {@code GET  /authenticate} : check if the user is authenticated.
      *
-     * @param principal the authentication principal.
-     * @return the login if the user is authenticated.
+     * @return the {@link ResponseEntity} with status {@code 204 (No Content)},
+     * or with status {@code 401 (Unauthorized)} if not authenticated.
      */
-    @GetMapping(value = "/authenticate", produces = MediaType.TEXT_PLAIN_VALUE)
-    public String isAuthenticated(Principal principal) {
+    @GetMapping("/authenticate")
+    public ResponseEntity<Void> isAuthenticated(Principal principal) {
         LOG.debug("REST request to check if the current user is authenticated");
-        return principal == null ? null : principal.getName();
+        return ResponseEntity.status(principal == null ? HttpStatus.UNAUTHORIZED : HttpStatus.NO_CONTENT).build();
     }
 }

generators/spring-boot/templates/src/main/java/_package_/web/rest/AccountResource_skipUserManagement.java.ejs

@@ -48,7 +48,9 @@ import org.springframework.security.core.context.SecurityContextHolder;
 import com.fasterxml.jackson.annotation.JsonAnyGetter;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -139,15 +141,15 @@ public class AccountResource {
 <%_ if (!authenticationTypeJwt) { _%>
 
     /**
-     * {@code GET  /authenticate} : check if the user is authenticated, and return its login.
+     * {@code GET  /authenticate} : check if the user is authenticated.
      *
-     * @param principal the authentication principal.
-     * @return the login if the user is authenticated.
+     * @return the {@link ResponseEntity} with status {@code 204 (No Content)},
+     * or with status {@code 401 (Unauthorized)} if not authenticated.
      */
-    @GetMapping(value = "/authenticate", produces = MediaType.TEXT_PLAIN_VALUE)
-    public String isAuthenticated(Principal principal) {
+    @GetMapping("/authenticate")
+    public ResponseEntity<Void> isAuthenticated(Principal principal) {
         LOG.debug("REST request to check if the current user is authenticated");
-        return principal == null ? null : principal.getName();
+        return ResponseEntity.status(principal == null ? HttpStatus.UNAUTHORIZED : HttpStatus.NO_CONTENT).build();
     }
 <%_ } _%>
 

generators/spring-boot/templates/src/main/java/_package_/web/rest/AuthenticateController.java.ejs

@@ -117,15 +117,15 @@ public class AuthenticateController {
 <%_ } _%>
 
     /**
-     * {@code GET /authenticate} : check if the user is authenticated, and return its login.
+     * {@code GET /authenticate} : check if the user is authenticated.
      *
-     * @param principal the authentication principal.
-     * @return the login if the user is authenticated.
+     * @return the {@link ResponseEntity} with status {@code 204 (No Content)},
+     * or with status {@code 401 (Unauthorized)} if not authenticated.
      */
-    @GetMapping(value = "/authenticate", produces = MediaType.TEXT_PLAIN_VALUE)
-    public String isAuthenticated(Principal principal) {
+    @GetMapping("/authenticate")
+    public ResponseEntity<Void> isAuthenticated(Principal principal) {
         LOG.debug("REST request to check if the current user is authenticated");
-        return principal == null ? null : principal.getName();
+        return ResponseEntity.status(principal == null ? HttpStatus.UNAUTHORIZED : HttpStatus.NO_CONTENT).build();
     }
 
     public String createToken(Authentication authentication, boolean rememberMe) {

generators/spring-boot/templates/src/test/java/_package_/security/jwt/TestAuthenticationResource.java.ejs

@@ -1,6 +1,8 @@
 package <%= packageName %>.security.jwt;
 
+import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.*;
 
 /**
@@ -12,11 +14,9 @@ public class TestAuthenticationResource {
 
     /**
      * {@code GET  /authenticate} : check if the authentication token correctly validates
-     *
-     * @return ok.
      */
-    @GetMapping(value = "/authenticate", produces = MediaType.TEXT_PLAIN_VALUE)
-    public String isAuthenticated() {
-        return "ok";
+    @GetMapping("/authenticate")
+    public ResponseEntity<Void> isAuthenticated() {
+        return ResponseEntity.status(HttpStatus.NO_CONTENT).build();
     }
 }

generators/spring-boot/templates/src/test/java/_package_/security/jwt/TokenAuthenticationIT.java.ejs

@@ -57,7 +57,7 @@ class TokenAuthenticationIT {
 <%_ if (reactive) { %>
 
     private void expectOk(String token) {
-        webTestClient.get().uri("/api/authenticate").headers(headers -> headers.setBearerAuth(token)).exchange().expectStatus().isOk();
+        webTestClient.get().uri("/api/authenticate").headers(headers -> headers.setBearerAuth(token)).exchange().expectStatus().isNoContent();
     }
 
     private void expectUnauthorized(String token) {
@@ -72,7 +72,7 @@ class TokenAuthenticationIT {
 <%_ } else { _%>
 
     private void expectOk(String token) throws Exception {
-        mvc.perform(MockMvcRequestBuilders.get("/api/authenticate").header(AUTHORIZATION, BEARER + token)).andExpect(status().isOk());
+        mvc.perform(MockMvcRequestBuilders.get("/api/authenticate").header(AUTHORIZATION, BEARER + token)).andExpect(status().isNoContent());
     }
 
     private void expectUnauthorized(String token) throws Exception {

generators/spring-boot/templates/src/test/java/_package_/security/jwt/TokenAuthenticationSecurityMetersIT.java.ejs

@@ -97,10 +97,7 @@ class TokenAuthenticationSecurityMetersIT {
             .get()
             .uri("/api/authenticate")
             .headers(headers -> headers.setBearerAuth(token))
-            .exchange()
-            .returnResult(String.class)
-            .getResponseBody()
-            .blockLast();
+            .exchange();
     }
 <%_ } else { _%>
 

generators/spring-boot/templates/src/test/java/_package_/web/filter/SpaWebFilterIT_imperative.java.ejs

@@ -31,7 +31,7 @@ class SpaWebFilterIT {
     @Test
     void testFilterDoesNotForwardToIndexForApi() throws Exception {
         mockMvc.perform(get("/api/<% if (!applicationTypeMicroservice) { %>authenticate<% } else { %>users<% } %>"))
-            .andExpect(status().isOk())
+            .andExpect(status().is2xxSuccessful())
             .andExpect(forwardedUrl(null));
     }
 <%_ } _%>

generators/spring-boot/templates/src/test/java/_package_/web/filter/SpaWebFilterIT_reactive.java.ejs

@@ -37,8 +37,7 @@ class SpaWebFilterIT {
             .get()
             .uri("/api/<% if (!applicationTypeMicroservice) { %>authenticate<% } else { %>users<% } %>")
             .exchange()
-            .expectStatus().isOk()
-            .expectBody(String.class).isEqualTo("user");
+            .expectStatus().is2xxSuccessful();
     }
 <%_ } _%>
 

generators/spring-boot/templates/src/test/java/_package_/web/rest/AccountResourceIT.java.ejs

@@ -174,16 +174,13 @@ class AccountResourceIT {
 <%_ if (reactive) { _%>
     void testNonAuthenticatedUser() {
         accountWebTestClient.get().uri("/api/authenticate")
-            .accept(MediaType.TEXT_PLAIN)
             .exchange()
-            .expectStatus().isOk()
-            .expectBody().isEmpty();
+            .expectStatus().isUnauthorized();
 <%_ } else { _%>
     void testNonAuthenticatedUser() throws Exception {
         restAccountMockMvc
-            .perform(get("/api/authenticate").accept(MediaType.TEXT_PLAIN))
-            .andExpect(status().isOk())
-            .andExpect(content().string(""));
+            .perform(get("/api/authenticate"))
+            .andExpect(status().isUnauthorized());
 <%_ } _%>
     }
 
@@ -193,16 +190,13 @@ class AccountResourceIT {
     void testAuthenticatedUser() {
         accountWebTestClient
             .get().uri("/api/authenticate")
-            .accept(MediaType.TEXT_PLAIN)
             .exchange()
-            .expectStatus().isOk()
-            .expectBody(String.class).isEqualTo(TEST_USER_LOGIN);
+            .expectStatus().isNoContent();
 <%_ } else { _%>
     void testAuthenticatedUser() throws Exception {
         restAccountMockMvc
-            .perform(get("/api/authenticate").with(request -> request).accept(MediaType.TEXT_PLAIN))
-            .andExpect(status().isOk())
-            .andExpect(content().string(TEST_USER_LOGIN));
+            .perform(get("/api/authenticate").with(request -> request))
+            .andExpect(status().isNoContent());
 <%_ } _%>
     }
 

generators/spring-boot/templates/src/test/java/_package_/web/rest/AccountResourceIT_oauth2.java.ejs

@@ -185,15 +185,11 @@ class AccountResourceIT {
     void testNonAuthenticatedUser() <% if (!reactive) { %>throws Exception <% } %>{
 <%_ if (reactive) { _%>
         webTestClient.get().uri("/api/authenticate")
-            .accept(MediaType.TEXT_PLAIN)
             .exchange()
-            .expectStatus().isOk()
-            .expectBody().isEmpty();
+            .expectStatus().isUnauthorized();
 <%_ } else { _%>
-        restAccountMockMvc.perform(get("/api/authenticate")
-            .accept(MediaType.TEXT_PLAIN))
-            .andExpect(status().isOk())
-            .andExpect(content().string(""));
+        restAccountMockMvc.perform(get("/api/authenticate"))
+            .andExpect(status().isUnauthorized());
 <%_ } _%>
     }
 
@@ -203,16 +199,11 @@ class AccountResourceIT {
 <%_ if (reactive) { _%>
         webTestClient
             .get().uri("/api/authenticate")
-            .accept(MediaType.TEXT_PLAIN)
             .exchange()
-            .expectStatus().isOk()
-            .expectBody(String.class).isEqualTo(TEST_USER_LOGIN);
+            .expectStatus().isNoContent();
 <%_ } else { _%>
-        restAccountMockMvc.perform(get("/api/authenticate")
-            .with(request -> request)
-            .accept(MediaType.TEXT_PLAIN))
-            .andExpect(status().isOk())
-            .andExpect(content().string(TEST_USER_LOGIN));
+        restAccountMockMvc.perform(get("/api/authenticate").with(request -> request))
+            .andExpect(status().isNoContent());
 <%_ } _%>
     }
 }

generators/spring-boot/templates/src/test/java/_package_/web/rest/AccountResourceIT_skipUserManagement.java.ejs

@@ -116,15 +116,11 @@ class AccountResourceIT {
     void testNonAuthenticatedUser() <% if (!reactive) { %>throws Exception <% } %>{
 <%_ if (reactive) { _%>
         accountWebTestClient.get().uri("/api/authenticate")
-            .accept(MediaType.TEXT_PLAIN)
             .exchange()
-            .expectStatus().isOk()
-            .expectBody().isEmpty();
+            .expectStatus().isUnauthorized();
 <%_ } else { _%>
-        restAccountMockMvc.perform(get("/api/authenticate")
-            .accept(MediaType.TEXT_PLAIN))
-            .andExpect(status().isOk())
-            .andExpect(content().string(""));
+        restAccountMockMvc.perform(get("/api/authenticate"))
+            .andExpect(status().isUnauthorized());
 <%_ } _%>
     }
 
@@ -134,16 +130,11 @@ class AccountResourceIT {
 <%_ if (reactive) { _%>
         accountWebTestClient
             .get().uri("/api/authenticate")
-            .accept(MediaType.TEXT_PLAIN)
             .exchange()
-            .expectStatus().isOk()
-            .expectBody(String.class).isEqualTo(TEST_USER_LOGIN);
+            .expectStatus().isNoContent();
 <%_ } else { _%>
-        restAccountMockMvc.perform(get("/api/authenticate")
-            .with(request -> request)
-            .accept(MediaType.TEXT_PLAIN))
-            .andExpect(status().isOk())
-            .andExpect(content().string(TEST_USER_LOGIN));
+        restAccountMockMvc.perform(get("/api/authenticate").with(request -> request))
+            .andExpect(status().isNoContent());
 <%_ } _%>
     }
 }