@cerema/cadriciel 1.0.8 → 1.1.1

package/aaaa/api/aaaa-presentation/src/main/java/fr/cerema/dsi/aaaa/config/AuthenticationTokenFilter.java

@@ -0,0 +1,134 @@
+package fr.cerema.dsi.aaaa.config;
+
+import fr.cerema.dsi.commons.security.auth.jwt.exceptions.InvalidTokenException;
+import fr.cerema.dsi.aaaa.services.CustomUserDetailsService;
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Header;
+import io.jsonwebtoken.Jwt;
+import io.jsonwebtoken.Jwts;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.lang.NonNull;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+import org.springframework.core.env.Environment;
+
+import java.io.IOException;
+
+@Component
+public class AuthenticationTokenFilter extends OncePerRequestFilter {
+  @Autowired
+  private Environment env;
+
+  // Nommé différemment de "logger" car celui-ci existe déjà dans le GenericBeanFilter (JCL)
+  private static final Logger slfLogger = LoggerFactory.getLogger(AuthenticationTokenFilter.class);
+
+  private static final String JWT_EMAIL = "email";
+  private static final String JWT_ORIONID = "sub";
+  private static final String JWT_BEARER = "Bearer";
+  public static final String AUTHORIZATION_HEADER = "Authorization";
+
+  private static final String JWT_TYPE = "typ";
+
+  @Value("${info.app.issuer}")
+  private String urlSSO;
+
+  @Value("${info.app.audience}")
+  private String tokenAudience;
+
+
+  private final CustomUserDetailsService userDetailsService;
+
+  public AuthenticationTokenFilter(CustomUserDetailsService userDetailsService) {
+    this.userDetailsService = userDetailsService;
+  }
+
+
+  @Override
+  protected void doFilterInternal(HttpServletRequest request, @NonNull HttpServletResponse response,
+                                  @NonNull FilterChain filterChain) throws ServletException, IOException {
+    final String requestTokenHeader = request.getHeader(AUTHORIZATION_HEADER);
+    if (requestTokenHeader != null && !StringUtils.isEmpty(requestTokenHeader)) {
+      String jwtToken = this.resolveToken(requestTokenHeader);
+      if (jwtToken != null) {
+        String[] splitToken = jwtToken.split("\\.");
+        String unsignedToken = splitToken[0] + "." + splitToken[1] + ".";
+        Jwt<Header, Claims> jwsClaims = Jwts.parserBuilder().build().parseClaimsJwt(unsignedToken);
+        String username = (String) jwsClaims.getBody().get(JWT_EMAIL);
+        String orionId = (String) jwsClaims.getBody().get(JWT_ORIONID);
+
+        if (orionId != null && username != null) {
+          UserDetails userDetails = this.userDetailsService.loadAndMajInfoUser(orionId, username);
+          this.isValidToken(jwsClaims);
+          UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken =
+            new UsernamePasswordAuthenticationToken(
+              userDetails, null, userDetails.getAuthorities());
+          usernamePasswordAuthenticationToken
+            .setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
+          SecurityContextHolder.getContext()
+            .setAuthentication(usernamePasswordAuthenticationToken);
+        }
+      }
+    }
+
+    filterChain.doFilter(request, response);
+  }
+
+  private String resolveToken(String requestTokenHeader) {
+    if (requestTokenHeader.startsWith(JWT_BEARER)) {
+      return requestTokenHeader.substring(7);
+    }
+    return null;
+  }
+
+
+  private void isValidToken(Jwt<Header, Claims> jwtToken) {
+    /*String devMode = env.getProperty("CADRICIEL_DEV");
+    this.checkType(jwtToken.getBody());
+    if (devMode == null || !devMode.equalsIgnoreCase("true")) {
+      this.checkIssuer(jwtToken.getBody());
+      this.checkAudience(jwtToken.getBody());
+    }*/
+  }
+
+  private void checkType(Claims jwsClaims) {
+    String type = jwsClaims.get(JWT_TYPE, String.class);
+
+    if (!StringUtils.equalsIgnoreCase(type, JWT_BEARER)) {
+      slfLogger.warn("Type non conforme, type: {}, attendu: {}", type, JWT_BEARER);
+      throw new InvalidTokenException("Le jeton d'authentification n'est pas du bon type.");
+    }
+  }
+
+  private void checkIssuer(Claims jwsClaims) {
+    String issuer = jwsClaims.getIssuer();
+
+    if (!StringUtils.equalsIgnoreCase(issuer, urlSSO)) {
+      slfLogger.warn("Issuer non conforme, issuer: {}, attendu: {}", issuer, urlSSO);
+      throw new InvalidTokenException(
+        "Le jeton d'authentification ne provient pas de la bonne source.");
+    }
+  }
+
+  private void checkAudience(Claims jwsClaims) {
+    String audience = jwsClaims.getAudience();
+
+    if (!StringUtils.containsAnyIgnoreCase(audience, tokenAudience)) {
+      slfLogger.warn(
+        "Audience non conforme, attendue: {}, fournie: {}", tokenAudience, audience);
+      throw new InvalidTokenException("Le jeton d'authentification ne nous est pas destiné.");
+    }
+  }
+
+}

package/aaaa/api/aaaa-presentation/src/main/java/fr/cerema/dsi/aaaa/config/SecurityConfiguration.java

@@ -0,0 +1,71 @@
+package fr.cerema.dsi.aaaa.config;
+
+import fr.cerema.dsi.commons.security.filters.AppCorsFilter;
+import fr.cerema.dsi.aaaa.services.CustomUserDetailsService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+import java.util.Arrays;
+import java.util.List;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfiguration {
+
+  @Autowired
+  private CustomUserDetailsService userDetailsService;
+
+  @Autowired
+  private AuthenticationTokenFilter authenticationTokenFilter;
+
+
+  @Bean
+  private static CorsConfigurationSource configurationSource() {
+    CorsConfiguration config = new CorsConfiguration();
+    config.setAllowedOriginPatterns(List.of("*"));
+    config.setAllowCredentials(true);
+    //config.addAllowedOriginPattern("*");
+    config.setAllowedHeaders(List.of("*"));
+    config.setMaxAge(36000L);
+    config.setAllowedMethods(Arrays.asList("GET", "HEAD", "POST", "PUT", "DELETE", "OPTIONS"));
+    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+    source.registerCorsConfiguration("/**", config);
+    return source;
+  }
+
+  @Bean
+  public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+    http.cors().configurationSource(configurationSource())
+      .and()
+      .csrf().disable()
+      .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+      .and()
+      .anonymous()
+      .and()
+      .authorizeHttpRequests()
+      .requestMatchers("/api/**").authenticated()
+      .requestMatchers("/**").permitAll()
+      .and()
+      .addFilterBefore(new AppCorsFilter(), UsernamePasswordAuthenticationFilter.class)
+      .oauth2ResourceServer()
+      .jwt();
+
+    return http.build();
+  }
+
+  @Autowired
+  public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+    auth.userDetailsService(userDetailsService);
+  }
+}

package/aaaa/api/aaaa-presentation/src/main/java/fr/cerema/dsi/aaaa/config/StaticResourcesWebConfiguration.java

@@ -0,0 +1,41 @@
+package fr.cerema.dsi.aaaa.config;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistration;
+import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+@Configuration
+public class StaticResourcesWebConfiguration implements WebMvcConfigurer {
+
+  protected static final String[] RESOURCE_LOCATIONS = new String[]{
+    "classpath:/static/",
+    "classpath:/static/content/",
+    "classpath:/static/i18n/",
+  };
+  protected static final String[] RESOURCE_PATHS = new String[]{
+    "/*.js",
+    "/*.css",
+    "/*.svg",
+    "/*.png",
+    "*.ico",
+    "/content/**",
+    "/i18n/*",
+  };
+
+
+  @Override
+  public void addResourceHandlers(ResourceHandlerRegistry registry) {
+    ResourceHandlerRegistration resourceHandlerRegistration = appendResourceHandler(registry);
+    initializeResourceHandler(resourceHandlerRegistration);
+  }
+
+  protected ResourceHandlerRegistration appendResourceHandler(ResourceHandlerRegistry registry) {
+    return registry.addResourceHandler(RESOURCE_PATHS);
+  }
+
+  protected void initializeResourceHandler(
+    ResourceHandlerRegistration resourceHandlerRegistration) {
+    resourceHandlerRegistration.addResourceLocations(RESOURCE_LOCATIONS);
+  }
+}

package/aaaa/api/aaaa-presentation/src/main/java/fr/cerema/dsi/aaaa/config/WebConfiguration.java

@@ -0,0 +1,59 @@
+package fr.cerema.dsi.aaaa.config;
+
+import io.swagger.v3.oas.models.OpenAPI;
+import io.swagger.v3.oas.models.info.Info;
+import io.swagger.v3.oas.models.info.License;
+import io.swagger.v3.oas.models.servers.Server;
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.cache.annotation.EnableCaching;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.MediaType;
+import org.springframework.web.servlet.config.annotation.ContentNegotiationConfigurer;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+@Configuration
+@EnableCaching
+public class WebConfiguration implements WebMvcConfigurer {
+
+  private static Logger logger = LoggerFactory.getLogger(WebConfiguration.class);
+
+  @Value("${url.externe:}")
+  private String urlExterne;
+
+  @Value("${info.app.version:unknown}")
+  private String version;
+
+  @Override
+  public void configureContentNegotiation(ContentNegotiationConfigurer configurer) {
+
+    logger.info("Initialisation de la configuration de la négociation de contenu.");
+
+    configurer.
+      favorParameter(true).
+      parameterName("mediaType").
+      ignoreAcceptHeader(false).
+      defaultContentType(MediaType.APPLICATION_JSON).
+      mediaType("xml", MediaType.APPLICATION_XML).
+      mediaType("json", MediaType.APPLICATION_JSON);
+  }
+
+  @Bean
+  public OpenAPI infoOpenAPI() {
+    OpenAPI openAPI = new OpenAPI()
+      .info(new Info().title("aaaa")
+        .description("<b>mon premier projet</b>.")
+        .version(version)
+        .license(new License().name("Cecill 2.0")
+          .url("http://www.cecill.info/licences/Licence_CeCILL_V2-fr.html")));
+
+    if (StringUtils.isNotBlank(urlExterne)) {
+      openAPI.addServersItem(new Server().url(urlExterne));
+    }
+    return openAPI;
+  }
+
+}

package/aaaa/api/aaaa-presentation/src/main/java/fr/cerema/dsi/aaaa/controllers/AccountController.java

@@ -0,0 +1,59 @@
+package fr.cerema.dsi.aaaa.controllers;
+
+import fr.cerema.dsi.aaaa.dto.UserWithCurrentAuthorityDTO;
+import fr.cerema.dsi.aaaa.entities.User;
+import fr.cerema.dsi.aaaa.mapper.UserMapper;
+import fr.cerema.dsi.aaaa.services.UserService;
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.media.Content;
+import io.swagger.v3.oas.annotations.media.Schema;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.responses.ApiResponses;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.CrossOrigin;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.server.ResponseStatusException;
+
+import java.util.Optional;
+
+@Tag(name = "Account", description = "Permet d'interroger le niveau d'authorisation des utilisateurs")
+@RestController
+@RequestMapping("/api")
+@CrossOrigin
+public class AccountController {
+
+  private final UserService userService;
+
+  private final UserMapper userMapper;
+
+  public AccountController(UserService userService, UserMapper userMapper) {
+    this.userService = userService;
+    this.userMapper = userMapper;
+  }
+
+
+  @Operation(summary = "Récupère l'utilisateur actuellement connecté")
+  @ApiResponses(value = {
+    @ApiResponse(responseCode = "200", description = "L'utilisateur connecté", content = {
+      @Content(mediaType = MediaType.APPLICATION_JSON_VALUE,
+        schema = @Schema(implementation = UserWithCurrentAuthorityDTO.class)
+      )
+    }),
+    @ApiResponse(responseCode = "404", description = "L'utilisateur n'existe pas dans l'application", content = @Content)
+  })
+  @GetMapping("/user")
+  public ResponseEntity<UserWithCurrentAuthorityDTO> getCurrentUser() {
+    Optional<User> userOptional = this.userService.getCurrentUser();
+    if (userOptional.isPresent()) {
+      return new ResponseEntity<>(userMapper.toDtoWithCurrentAuthority(userOptional.get()),
+        HttpStatus.OK);
+    }
+    throw new ResponseStatusException(HttpStatus.NOT_FOUND,
+      "L'utilisateur n'existe pas dans l'application");
+  }
+}

package/aaaa/api/aaaa-presentation/src/main/java/fr/cerema/dsi/aaaa/controllers/ApiOpenController.java

@@ -0,0 +1,63 @@
+package fr.cerema.dsi.aaaa.controllers;
+
+import fr.cerema.dsi.aaaa.dto.UserDTO;
+import fr.cerema.dsi.aaaa.entities.User;
+import fr.cerema.dsi.aaaa.mapper.UserMapper;
+import fr.cerema.dsi.aaaa.services.UserService;
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.media.ArraySchema;
+import io.swagger.v3.oas.annotations.media.Content;
+import io.swagger.v3.oas.annotations.media.Schema;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.CrossOrigin;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.List;
+import java.util.stream.Collectors;
+
+@Tag(name = "API open", description = "Permet d'interroger et de parcourir les API sans authentification")
+@RestController
+@RequestMapping("/api-open")
+@CrossOrigin
+public class ApiOpenController {
+
+  private final Logger log = LoggerFactory.getLogger(ApiOpenController.class);
+
+  private final UserService userService;
+
+  private final UserMapper userMapper;
+
+  @Autowired
+  public ApiOpenController(UserService userService, UserMapper userMapper) {
+    this.userService = userService;
+    this.userMapper = userMapper;
+  }
+
+  @Operation(summary = "Récupère tous les administrateurs AAAA",
+    description =
+      "Permet d'obtenir la liste de tous les utilisateurs qui sont administrateurs AAAA")
+  @ApiResponse(responseCode = "200", description = "Les administrateurs AAAA demandés", content = {
+    @Content(mediaType = MediaType.APPLICATION_JSON_VALUE,
+      array = @ArraySchema(schema = @Schema(implementation = User.class))
+    )}
+  )
+
+  @GetMapping("/users/admin-aaaa")
+  public ResponseEntity<List<UserDTO>> getAllAdmin§§projectNS§§() {
+    log.debug("Requête REST pour obtenir tous les administrateurs AAAA");
+    List<UserDTO> userDTOList = this.userService.findAllAdmin§§projectNS§§()
+      .stream()
+      .map(this.userMapper::toDtoWithoutProfilSet)
+      .collect(Collectors.toList());
+    return new ResponseEntity<>(userDTOList, HttpStatus.OK);
+  }
+}

package/aaaa/api/aaaa-presentation/src/main/java/fr/cerema/dsi/aaaa/controllers/UserController.java

@@ -0,0 +1,63 @@
+package fr.cerema.dsi.aaaa.controllers;
+
+import fr.cerema.dsi.aaaa.dto.UserDTO;
+import fr.cerema.dsi.aaaa.entities.User;
+import fr.cerema.dsi.aaaa.mapper.UserMapper;
+import fr.cerema.dsi.aaaa.services.UserService;
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.media.ArraySchema;
+import io.swagger.v3.oas.annotations.media.Content;
+import io.swagger.v3.oas.annotations.media.Schema;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.CrossOrigin;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.List;
+import java.util.stream.Collectors;
+
+@Tag(name = "Account", description = "Permet d'interroger et de parcourir les utilisateurs")
+@RestController
+@RequestMapping("/api")
+@CrossOrigin
+public class UserController {
+
+  private final Logger log = LoggerFactory.getLogger(UserController.class);
+
+  private final UserService userService;
+
+  private final UserMapper userMapper;
+
+  @Autowired
+  public UserController(UserService userService, UserMapper userMapper) {
+    this.userService = userService;
+    this.userMapper = userMapper;
+  }
+
+  @Operation(summary = "Récupère tous les administrateurs AAAA",
+    description =
+      "Permet d'obtenir la liste de tous les utilisateurs qui sont administrateurs AAAA")
+  @ApiResponse(responseCode = "200", description = "Les administrateurs AAAA demandés", content = {
+    @Content(mediaType = MediaType.APPLICATION_JSON_VALUE,
+      array = @ArraySchema(schema = @Schema(implementation = User.class))
+    )}
+  )
+  @GetMapping("/users/admin-aaaa")
+  public ResponseEntity<List<UserDTO>> getAllAdmin§§projectNS§§() {
+    log.debug("Requête REST pour obtenir tous les administrateurs AAAA");
+    List<UserDTO> userDTOList = this.userService.findAllAdmin§§projectNS§§()
+      .stream()
+      .map(this.userMapper::toDtoWithoutProfilSet)
+      .collect(Collectors.toList());
+    return new ResponseEntity<>(userDTOList, HttpStatus.OK);
+  }
+
+}

package/aaaa/api/aaaa-presentation/src/main/java/fr/cerema/dsi/aaaa/dto/GenericDTO.java

@@ -0,0 +1,20 @@
+package fr.cerema.dsi.aaaa.dto;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+import java.io.Serializable;
+
+public abstract class GenericDTO implements Serializable {
+
+  @JsonProperty("id")
+  private Long id;
+
+  public Long getId() {
+    return id;
+  }
+
+  public void setId(Long id) {
+    this.id = id;
+  }
+
+}

package/aaaa/api/aaaa-presentation/src/main/java/fr/cerema/dsi/aaaa/dto/ProfilDTO.java

@@ -0,0 +1,26 @@
+package fr.cerema.dsi.aaaa.dto;
+
+import fr.cerema.dsi.aaaa.enums.Role;
+
+public class ProfilDTO extends GenericDTO {
+
+  private Role profilUtilisateur;
+
+
+  public Role getProfilUtilisateur() {
+    return profilUtilisateur;
+  }
+
+  public void setProfilUtilisateur(Role profilUtilisateur) {
+    this.profilUtilisateur = profilUtilisateur;
+  }
+
+
+  @Override
+  public String toString() {
+    return "ProfilDTO{" +
+      "id=" + this.getId() +
+      ", profilUtilisateur=" + profilUtilisateur +
+      '}';
+  }
+}

package/aaaa/api/aaaa-presentation/src/main/java/fr/cerema/dsi/aaaa/dto/UserDTO.java

@@ -0,0 +1,57 @@
+package fr.cerema.dsi.aaaa.dto;
+
+import java.util.Set;
+
+public class UserDTO extends GenericDTO {
+
+  private String email;
+
+  private String orionId;
+
+  private Set<ProfilDTO> profilSet;
+
+  private Long idDirectionCourante;
+
+  public String getEmail() {
+    return email;
+  }
+
+  public void setEmail(String email) {
+    this.email = email;
+  }
+
+  public String getOrionId() {
+    return orionId;
+  }
+
+  public void setOrionId(String orionId) {
+    this.orionId = orionId;
+  }
+
+  public Set<ProfilDTO> getProfilSet() {
+    return profilSet;
+  }
+
+  public void setProfilSet(Set<ProfilDTO> profilSet) {
+    this.profilSet = profilSet;
+  }
+
+  public Long getIdDirectionCourante() {
+    return idDirectionCourante;
+  }
+
+  public void setIdDirectionCourante(Long idDirectionCourante) {
+    this.idDirectionCourante = idDirectionCourante;
+  }
+
+
+  @Override
+  public String toString() {
+    return "UserDTO{" +
+      "email='" + email + '\'' +
+      ", orionId='" + orionId + '\'' +
+      ", profilSet=" + profilSet +
+      ", idDirectionCourante=" + idDirectionCourante +
+      '}';
+  }
+}

package/aaaa/api/aaaa-presentation/src/main/java/fr/cerema/dsi/aaaa/dto/UserWithCurrentAuthorityDTO.java

@@ -0,0 +1,31 @@
+package fr.cerema.dsi.aaaa.dto;
+
+import fr.cerema.dsi.aaaa.enums.Role;
+import lombok.Getter;
+import lombok.Setter;
+
+import java.io.Serializable;
+import java.util.List;
+
+@Getter
+@Setter
+public class UserWithCurrentAuthorityDTO implements Serializable {
+
+  private Long id;
+
+  private String email;
+
+  private String orionId;
+
+  private List<Role> roleActifList;
+
+  @Override
+  public String toString() {
+    return "UserWithCurrentAuthorityDTO{" +
+      "id=" + id +
+      ", email='" + email + '\'' +
+      ", orionId='" + orionId + '\'' +
+      ", roleActifList=" + roleActifList +
+      '}';
+  }
+}

package/aaaa/api/aaaa-presentation/src/main/java/fr/cerema/dsi/aaaa/mapper/UserMapper.java

@@ -0,0 +1,30 @@
+package fr.cerema.dsi.aaaa.mapper;
+
+import fr.cerema.dsi.aaaa.dto.UserDTO;
+import fr.cerema.dsi.aaaa.dto.UserWithCurrentAuthorityDTO;
+import fr.cerema.dsi.aaaa.entities.User;
+import fr.cerema.dsi.aaaa.services.ProfilService;
+import org.mapstruct.Mapper;
+import org.mapstruct.Mapping;
+import org.mapstruct.Named;
+
+import org.springframework.beans.factory.annotation.Autowired;
+
+@Mapper(componentModel = "spring", uses = {})
+public abstract class UserMapper {
+
+  @Autowired
+  public ProfilService profilService;
+  
+  @Named("toDto")
+  public abstract UserDTO toDto(User user);
+
+  @Named("toDtoWithoutProfilSet")
+  @Mapping(target = "profilSet", ignore = true)
+  public abstract UserDTO toDtoWithoutProfilSet(User user);
+
+  public abstract User toEntity(UserDTO userDTO);
+
+  @Mapping(target = "roleActifList", expression = "java(this.profilService.findAllCurrentRolesByUsername(user.getEmail()))")
+  public abstract UserWithCurrentAuthorityDTO toDtoWithCurrentAuthority(User user);
+}

package/aaaa/api/aaaa-presentation/src/main/java/fr/cerema/dsi/commons/beans/errors/ApiSubError.java

@@ -0,0 +1,5 @@
+package fr.cerema.dsi.commons.beans.errors;
+
+public abstract class ApiSubError {
+
+}

package/aaaa/api/aaaa-presentation/src/main/java/fr/cerema/dsi/commons/beans/errors/ApiValidationSubError.java

@@ -0,0 +1,13 @@
+package fr.cerema.dsi.commons.beans.errors;
+
+public class ApiValidationSubError extends ApiSubError {
+    private String object;
+    private String field;
+    private Object rejectedValue;
+    private String message;
+
+    ApiValidationSubError(String object, String message) {
+        this.object = object;
+        this.message = message;
+    }
+}