From c056c63733d0326406e04933ae24f8a87aca460b Mon Sep 17 00:00:00 2001 From: Dino Dizdarevic Date: Wed, 17 Jan 2018 20:24:42 +0100 Subject: [PATCH] auth neki --- common/build.gradle | 2 +- gradle/wrapper/gradle-wrapper.properties | 4 +- .../src/main/java/ba/steleks/UsersConfig.java | 1 + .../steleks/controller/UsersController.java | 22 +++++++++ .../ba/steleks/security/AutowireHelper.java | 45 +++++++++++++++++++ .../ba/steleks/security/SecurityConfig.java | 12 +++-- .../security/TokenAuthenticationService.java | 7 +++ .../security/UserPasswordEntityListener.java | 7 ++- .../ba/steleks/security/UserRoleFactory.java | 1 + 9 files changed, 90 insertions(+), 11 deletions(-) create mode 100644 users/src/main/java/ba/steleks/controller/UsersController.java create mode 100644 users/src/main/java/ba/steleks/security/AutowireHelper.java diff --git a/common/build.gradle b/common/build.gradle index 0ecb6b8..3310289 100644 --- a/common/build.gradle +++ b/common/build.gradle @@ -28,7 +28,7 @@ dependencies { compile('org.springframework.boot:spring-boot-starter-web') compile('org.springframework.cloud:spring-cloud-starter-eureka') testCompile('org.springframework.cloud:spring-cloud-starter-eureka-server') - testCompile('rg.springframework.boot:spring-boot-starter-test') + testCompile('org.springframework.boot:spring-boot-starter-test') } dependencyManagement { diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index 3330386..1e6d166 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,6 +1,6 @@ -#Tue Mar 28 22:00:42 CEST 2017 +#Sun Jan 14 12:04:15 CET 2018 distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists zipStoreBase=GRADLE_USER_HOME zipStorePath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-3.3-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-3.3-all.zip diff --git a/users/src/main/java/ba/steleks/UsersConfig.java b/users/src/main/java/ba/steleks/UsersConfig.java index bd460a2..c8ee20f 100644 --- a/users/src/main/java/ba/steleks/UsersConfig.java +++ b/users/src/main/java/ba/steleks/UsersConfig.java @@ -3,6 +3,7 @@ package ba.steleks; import ba.steleks.security.SteleksUsersDetailsService; import ba.steleks.security.token.HashTokenEncoder; import ba.steleks.security.token.TokenEncoder; +import ba.steleks.security.AutowireHelper; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.core.userdetails.UserDetailsService; diff --git a/users/src/main/java/ba/steleks/controller/UsersController.java b/users/src/main/java/ba/steleks/controller/UsersController.java new file mode 100644 index 0000000..d30c9d1 --- /dev/null +++ b/users/src/main/java/ba/steleks/controller/UsersController.java @@ -0,0 +1,22 @@ +package ba.steleks.controller; + +import ba.steleks.model.User; +import org.bouncycastle.crypto.generators.BCrypt; +import org.springframework.data.rest.webmvc.RepositoryRestController; +import org.springframework.http.ResponseEntity; +import org.springframework.web.bind.annotation.RequestBody; +import org.springframework.web.bind.annotation.RequestMapping; + +import javax.ws.rs.HttpMethod; + +@RepositoryRestController +public class UsersController { + + + +// @RequestMapping(HttpMethod.POST) +// public ResponseEntity register(@RequestBody User newUser){ +// return null; +// } + +} diff --git a/users/src/main/java/ba/steleks/security/AutowireHelper.java b/users/src/main/java/ba/steleks/security/AutowireHelper.java new file mode 100644 index 0000000..3cdb1a3 --- /dev/null +++ b/users/src/main/java/ba/steleks/security/AutowireHelper.java @@ -0,0 +1,45 @@ +package ba.steleks.security; + +import org.springframework.context.ApplicationContext; +import org.springframework.context.ApplicationContextAware; + +/** + * Helper class which is able to autowire a specified class. It holds a static reference to the {@link org + * .springframework.context.ApplicationContext}. + */ +public final class AutowireHelper implements ApplicationContextAware { + + private static final AutowireHelper INSTANCE = new AutowireHelper(); + private static ApplicationContext applicationContext; + + private AutowireHelper() { + } + + /** + * Tries to autowire the specified instance of the class if one of the specified beans which need to be autowired + * are null. + * + * @param classToAutowire the instance of the class which holds @Autowire annotations + * @param beansToAutowireInClass the beans which have the @Autowire annotation in the specified {#classToAutowire} + */ + public static void autowire(Object classToAutowire, Object... beansToAutowireInClass) { + for (Object bean : beansToAutowireInClass) { + if (bean == null) { + applicationContext.getAutowireCapableBeanFactory().autowireBean(classToAutowire); + return; + } + } + } + + @Override + public void setApplicationContext(final ApplicationContext applicationContext) { + AutowireHelper.applicationContext = applicationContext; + } + + /** + * @return the singleton instance. + */ + public static AutowireHelper getInstance() { + return INSTANCE; + } +} diff --git a/users/src/main/java/ba/steleks/security/SecurityConfig.java b/users/src/main/java/ba/steleks/security/SecurityConfig.java index 4ceec80..d86e8f9 100644 --- a/users/src/main/java/ba/steleks/security/SecurityConfig.java +++ b/users/src/main/java/ba/steleks/security/SecurityConfig.java @@ -7,7 +7,6 @@ package ba.steleks.security; import ba.steleks.repository.UsersJpaRepository; import ba.steleks.security.token.TokenStore; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpMethod; @@ -17,6 +16,8 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.UserDetailsService; +import java.lang.reflect.Method; + @Configuration @EnableWebSecurity @ComponentScan("org.baeldung.security") @@ -44,11 +45,14 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable().authorizeRequests() - .antMatchers("/accesstoken", "/accesstoken/**", "/").permitAll() - .antMatchers(HttpMethod.POST, "/users").permitAll() + .antMatchers("/accesstoken", "/accesstoken/**", "/", "/register").permitAll() + .antMatchers(HttpMethod.POST,"/users").permitAll() .anyRequest().authenticated() .and() - .addFilterBefore(new AuthenticationFilter(tokenStore, usersJpaRepository), CustomUrlUsernamePasswordAuthenticationFilter.class); + .addFilterBefore( + new AuthenticationFilter(tokenStore, usersJpaRepository), + CustomUrlUsernamePasswordAuthenticationFilter.class + ); } } \ No newline at end of file diff --git a/users/src/main/java/ba/steleks/security/TokenAuthenticationService.java b/users/src/main/java/ba/steleks/security/TokenAuthenticationService.java index c4fbd00..a210fb1 100644 --- a/users/src/main/java/ba/steleks/security/TokenAuthenticationService.java +++ b/users/src/main/java/ba/steleks/security/TokenAuthenticationService.java @@ -1,12 +1,18 @@ package ba.steleks.security; import ba.steleks.model.User; +import ba.steleks.model.UserRole; import ba.steleks.repository.UsersJpaRepository; import ba.steleks.security.token.TokenStore; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; +import org.springframework.security.core.GrantedAuthority; import javax.servlet.http.HttpServletRequest; +import java.lang.reflect.Array; +import java.util.Arrays; +import java.util.List; +import java.util.Set; /** * Created by ensar on 28/05/17. @@ -30,6 +36,7 @@ public class TokenAuthenticationService { User user = usersJpaRepository.findOne(userId); if(user != null) { System.out.println("Found token... userId: " + userId); + List userRole=UserRoleFactory.toGrantedAuthorities(user.getUserRoles()); return new UsernamePasswordAuthenticationToken(user.getUsername(), null, UserRoleFactory.toGrantedAuthorities(user.getUserRoles())); } else { diff --git a/users/src/main/java/ba/steleks/security/UserPasswordEntityListener.java b/users/src/main/java/ba/steleks/security/UserPasswordEntityListener.java index 3b80734..9257447 100644 --- a/users/src/main/java/ba/steleks/security/UserPasswordEntityListener.java +++ b/users/src/main/java/ba/steleks/security/UserPasswordEntityListener.java @@ -3,10 +3,8 @@ package ba.steleks.security; import ba.steleks.AutowireHelper; import ba.steleks.model.User; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.ApplicationContext; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.stereotype.Component; -import org.springframework.web.context.support.SpringBeanAutowiringSupport; import javax.persistence.PrePersist; import javax.persistence.PreUpdate; @@ -21,11 +19,12 @@ public class UserPasswordEntityListener { @Autowired private PasswordEncoder passwordEncoder; + @PrePersist @PreUpdate public void onUserUpdate(User user) { - AutowireHelper.autowire(this, passwordEncoder); - if(user.getPassword() != null) { + AutowireHelper.autowire(this, this.passwordEncoder); + if (user.getPassword() != null) { user.setPasswordHash(passwordEncoder.encode(user.getPassword())); } } diff --git a/users/src/main/java/ba/steleks/security/UserRoleFactory.java b/users/src/main/java/ba/steleks/security/UserRoleFactory.java index 976ce44..28a0e39 100644 --- a/users/src/main/java/ba/steleks/security/UserRoleFactory.java +++ b/users/src/main/java/ba/steleks/security/UserRoleFactory.java @@ -39,6 +39,7 @@ public class UserRoleFactory { .stream() // get role name .map(UserRole::getRoleName) + .map(role -> role != null && role.isEmpty() ? "ROLE_" + role : role) // create authority .map(SimpleGrantedAuthority::new) .collect(Collectors.toList());