Merge branch 'master' of github.com:esensar/steleks_backend

master
esensar 2018-01-17 21:39:41 +01:00
commit 2457f5d479
9 changed files with 90 additions and 11 deletions

View File

@ -28,7 +28,7 @@ dependencies {
compile('org.springframework.boot:spring-boot-starter-web')
compile('org.springframework.cloud:spring-cloud-starter-eureka')
testCompile('org.springframework.cloud:spring-cloud-starter-eureka-server')
testCompile('rg.springframework.boot:spring-boot-starter-test')
testCompile('org.springframework.boot:spring-boot-starter-test')
}
dependencyManagement {

View File

@ -1,6 +1,6 @@
#Tue Mar 28 22:00:42 CEST 2017
#Sun Jan 14 12:04:15 CET 2018
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-3.3-bin.zip
distributionUrl=https\://services.gradle.org/distributions/gradle-3.3-all.zip

View File

@ -3,6 +3,7 @@ package ba.steleks;
import ba.steleks.security.SteleksUsersDetailsService;
import ba.steleks.security.token.HashTokenEncoder;
import ba.steleks.security.token.TokenEncoder;
import ba.steleks.security.AutowireHelper;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.core.userdetails.UserDetailsService;

View File

@ -0,0 +1,22 @@
package ba.steleks.controller;
import ba.steleks.model.User;
import org.bouncycastle.crypto.generators.BCrypt;
import org.springframework.data.rest.webmvc.RepositoryRestController;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import javax.ws.rs.HttpMethod;
@RepositoryRestController
public class UsersController {
// @RequestMapping(HttpMethod.POST)
// public ResponseEntity<?> register(@RequestBody User newUser){
// return null;
// }
}

View File

@ -0,0 +1,45 @@
package ba.steleks.security;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
/**
* Helper class which is able to autowire a specified class. It holds a static reference to the {@link org
* .springframework.context.ApplicationContext}.
*/
public final class AutowireHelper implements ApplicationContextAware {
private static final AutowireHelper INSTANCE = new AutowireHelper();
private static ApplicationContext applicationContext;
private AutowireHelper() {
}
/**
* Tries to autowire the specified instance of the class if one of the specified beans which need to be autowired
* are null.
*
* @param classToAutowire the instance of the class which holds @Autowire annotations
* @param beansToAutowireInClass the beans which have the @Autowire annotation in the specified {#classToAutowire}
*/
public static void autowire(Object classToAutowire, Object... beansToAutowireInClass) {
for (Object bean : beansToAutowireInClass) {
if (bean == null) {
applicationContext.getAutowireCapableBeanFactory().autowireBean(classToAutowire);
return;
}
}
}
@Override
public void setApplicationContext(final ApplicationContext applicationContext) {
AutowireHelper.applicationContext = applicationContext;
}
/**
* @return the singleton instance.
*/
public static AutowireHelper getInstance() {
return INSTANCE;
}
}

View File

@ -7,7 +7,6 @@ package ba.steleks.security;
import ba.steleks.repository.UsersJpaRepository;
import ba.steleks.security.token.TokenStore;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
@ -17,6 +16,8 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import java.lang.reflect.Method;
@Configuration
@EnableWebSecurity
@ComponentScan("org.baeldung.security")
@ -44,11 +45,14 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests()
.antMatchers("/accesstoken", "/accesstoken/**", "/").permitAll()
.antMatchers(HttpMethod.POST, "/users").permitAll()
.antMatchers("/accesstoken", "/accesstoken/**", "/", "/register").permitAll()
.antMatchers(HttpMethod.POST,"/users").permitAll()
.anyRequest().authenticated()
.and()
.addFilterBefore(new AuthenticationFilter(tokenStore, usersJpaRepository), CustomUrlUsernamePasswordAuthenticationFilter.class);
.addFilterBefore(
new AuthenticationFilter(tokenStore, usersJpaRepository),
CustomUrlUsernamePasswordAuthenticationFilter.class
);
}
}

View File

@ -1,12 +1,18 @@
package ba.steleks.security;
import ba.steleks.model.User;
import ba.steleks.model.UserRole;
import ba.steleks.repository.UsersJpaRepository;
import ba.steleks.security.token.TokenStore;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import javax.servlet.http.HttpServletRequest;
import java.lang.reflect.Array;
import java.util.Arrays;
import java.util.List;
import java.util.Set;
/**
* Created by ensar on 28/05/17.
@ -30,6 +36,7 @@ public class TokenAuthenticationService {
User user = usersJpaRepository.findOne(userId);
if(user != null) {
System.out.println("Found token... userId: " + userId);
List<GrantedAuthority> userRole=UserRoleFactory.toGrantedAuthorities(user.getUserRoles());
return new UsernamePasswordAuthenticationToken(user.getUsername(), null,
UserRoleFactory.toGrantedAuthorities(user.getUserRoles()));
} else {

View File

@ -3,10 +3,8 @@ package ba.steleks.security;
import ba.steleks.AutowireHelper;
import ba.steleks.model.User;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Component;
import org.springframework.web.context.support.SpringBeanAutowiringSupport;
import javax.persistence.PrePersist;
import javax.persistence.PreUpdate;
@ -21,11 +19,12 @@ public class UserPasswordEntityListener {
@Autowired
private PasswordEncoder passwordEncoder;
@PrePersist
@PreUpdate
public void onUserUpdate(User user) {
AutowireHelper.autowire(this, passwordEncoder);
if(user.getPassword() != null) {
AutowireHelper.autowire(this, this.passwordEncoder);
if (user.getPassword() != null) {
user.setPasswordHash(passwordEncoder.encode(user.getPassword()));
}
}

View File

@ -39,6 +39,7 @@ public class UserRoleFactory {
.stream()
// get role name
.map(UserRole::getRoleName)
.map(role -> role != null && role.isEmpty() ? "ROLE_" + role : role)
// create authority
.map(SimpleGrantedAuthority::new)
.collect(Collectors.toList());