Spring security based permission check will do this for us.

This sets current user and ARSnova session information in a session
scoped service bean. If the user connects with a websocket, the
websocket session ID will be set in addition to the user and session
object.

The aspects methods pointcut after returning from joinSession() method
in SessionService. So the UserSessionService will be set with all needed
data after a user successfully joins a session.

With this service available, it can be used to replace some usage of
Array/Map based application wide data structures that cause some trouble
when stopping or redeploying the application.

This bean holds user and session object of the current user after he
joins a session and could be used to access those objects within the
application.

Added two simple URIs to get a JSON representation of the referenced
objects.

API specification.
Changed StatisticsController to allow requests without a trailing slash
to be consistent with the other **/statistics paths.

If the current session is linked to a course and there are other sessions
for this course, add a number to the name and short name of the session,
indicating which session is ment since all sessions will have the same
name and short name.

/questionbylecturer/* => [/session/{sessionKey}]/lecturerquestion/*
/questionbyaudience/* => [/session/{sessionKey}]/audiencequestion/*

API changes:
- /session/visitedsessions => /session/?filter=visited
- /session/mysessions => /session/?filter=owned
Added changed routes to LegacyController.

This allows expecting those exceptions in test classes.

/socketurl => /socket/url
/authorize => /socket/assign
Changed status code for /socket/assign to 204 (this does not create).

* rename methods to clearify that this are sockets

cthelen recently

remove methods from session controller which are now in its own
controller

All relevant information about users (e.g. session mebership) are
accessible via UserService.
The method IUserService::getCurrentUser provides information about
the actual logged in user. If no user is logged in, this method will
throw a UnauthorizedException which will end up in 401 HTTP error.

This adds URI
"/session/mysessions"
in addition to the old URI which still can be used.

All feedback methods are available in class FeedbackController, all
question methods are available in class QuestionController.

None of the URIs are changed!

Added second URI for method QuestionController::getSkillQuestions that
matches common URI rules in ARSnova:
"/session/{sessionkey}/skillquestions"
Both, the old an the new URI can be used equally.

Currently, there is an issue with the response. It seems like Spring
is trying to resolve some view, but fails, and then displaying
a message stating POST is not allowed.

The properties are needed by the client and must not be ignored.

This checks if there is a user in current security context. If not, an
UnauthorizedException is thrown which will result in HTTP - 401.