Merge branch 'master' of github.com:esensar/steleks_backend

master
esensar 2018-01-17 21:39:41 +01:00
commit 2457f5d479
9 changed files with 90 additions and 11 deletions

View File

@ -28,7 +28,7 @@ dependencies {
compile('org.springframework.boot:spring-boot-starter-web') compile('org.springframework.boot:spring-boot-starter-web')
compile('org.springframework.cloud:spring-cloud-starter-eureka') compile('org.springframework.cloud:spring-cloud-starter-eureka')
testCompile('org.springframework.cloud:spring-cloud-starter-eureka-server') testCompile('org.springframework.cloud:spring-cloud-starter-eureka-server')
testCompile('rg.springframework.boot:spring-boot-starter-test') testCompile('org.springframework.boot:spring-boot-starter-test')
} }
dependencyManagement { dependencyManagement {

View File

@ -1,6 +1,6 @@
#Tue Mar 28 22:00:42 CEST 2017 #Sun Jan 14 12:04:15 CET 2018
distributionBase=GRADLE_USER_HOME distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists distributionPath=wrapper/dists
zipStoreBase=GRADLE_USER_HOME zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists zipStorePath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-3.3-bin.zip distributionUrl=https\://services.gradle.org/distributions/gradle-3.3-all.zip

View File

@ -3,6 +3,7 @@ package ba.steleks;
import ba.steleks.security.SteleksUsersDetailsService; import ba.steleks.security.SteleksUsersDetailsService;
import ba.steleks.security.token.HashTokenEncoder; import ba.steleks.security.token.HashTokenEncoder;
import ba.steleks.security.token.TokenEncoder; import ba.steleks.security.token.TokenEncoder;
import ba.steleks.security.AutowireHelper;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UserDetailsService;

View File

@ -0,0 +1,22 @@
package ba.steleks.controller;
import ba.steleks.model.User;
import org.bouncycastle.crypto.generators.BCrypt;
import org.springframework.data.rest.webmvc.RepositoryRestController;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import javax.ws.rs.HttpMethod;
@RepositoryRestController
public class UsersController {
// @RequestMapping(HttpMethod.POST)
// public ResponseEntity<?> register(@RequestBody User newUser){
// return null;
// }
}

View File

@ -0,0 +1,45 @@
package ba.steleks.security;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
/**
* Helper class which is able to autowire a specified class. It holds a static reference to the {@link org
* .springframework.context.ApplicationContext}.
*/
public final class AutowireHelper implements ApplicationContextAware {
private static final AutowireHelper INSTANCE = new AutowireHelper();
private static ApplicationContext applicationContext;
private AutowireHelper() {
}
/**
* Tries to autowire the specified instance of the class if one of the specified beans which need to be autowired
* are null.
*
* @param classToAutowire the instance of the class which holds @Autowire annotations
* @param beansToAutowireInClass the beans which have the @Autowire annotation in the specified {#classToAutowire}
*/
public static void autowire(Object classToAutowire, Object... beansToAutowireInClass) {
for (Object bean : beansToAutowireInClass) {
if (bean == null) {
applicationContext.getAutowireCapableBeanFactory().autowireBean(classToAutowire);
return;
}
}
}
@Override
public void setApplicationContext(final ApplicationContext applicationContext) {
AutowireHelper.applicationContext = applicationContext;
}
/**
* @return the singleton instance.
*/
public static AutowireHelper getInstance() {
return INSTANCE;
}
}

View File

@ -7,7 +7,6 @@ package ba.steleks.security;
import ba.steleks.repository.UsersJpaRepository; import ba.steleks.repository.UsersJpaRepository;
import ba.steleks.security.token.TokenStore; import ba.steleks.security.token.TokenStore;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod; import org.springframework.http.HttpMethod;
@ -17,6 +16,8 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UserDetailsService;
import java.lang.reflect.Method;
@Configuration @Configuration
@EnableWebSecurity @EnableWebSecurity
@ComponentScan("org.baeldung.security") @ComponentScan("org.baeldung.security")
@ -44,11 +45,14 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override @Override
protected void configure(HttpSecurity http) throws Exception { protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests() http.csrf().disable().authorizeRequests()
.antMatchers("/accesstoken", "/accesstoken/**", "/").permitAll() .antMatchers("/accesstoken", "/accesstoken/**", "/", "/register").permitAll()
.antMatchers(HttpMethod.POST, "/users").permitAll() .antMatchers(HttpMethod.POST,"/users").permitAll()
.anyRequest().authenticated() .anyRequest().authenticated()
.and() .and()
.addFilterBefore(new AuthenticationFilter(tokenStore, usersJpaRepository), CustomUrlUsernamePasswordAuthenticationFilter.class); .addFilterBefore(
new AuthenticationFilter(tokenStore, usersJpaRepository),
CustomUrlUsernamePasswordAuthenticationFilter.class
);
} }
} }

View File

@ -1,12 +1,18 @@
package ba.steleks.security; package ba.steleks.security;
import ba.steleks.model.User; import ba.steleks.model.User;
import ba.steleks.model.UserRole;
import ba.steleks.repository.UsersJpaRepository; import ba.steleks.repository.UsersJpaRepository;
import ba.steleks.security.token.TokenStore; import ba.steleks.security.token.TokenStore;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import java.lang.reflect.Array;
import java.util.Arrays;
import java.util.List;
import java.util.Set;
/** /**
* Created by ensar on 28/05/17. * Created by ensar on 28/05/17.
@ -30,6 +36,7 @@ public class TokenAuthenticationService {
User user = usersJpaRepository.findOne(userId); User user = usersJpaRepository.findOne(userId);
if(user != null) { if(user != null) {
System.out.println("Found token... userId: " + userId); System.out.println("Found token... userId: " + userId);
List<GrantedAuthority> userRole=UserRoleFactory.toGrantedAuthorities(user.getUserRoles());
return new UsernamePasswordAuthenticationToken(user.getUsername(), null, return new UsernamePasswordAuthenticationToken(user.getUsername(), null,
UserRoleFactory.toGrantedAuthorities(user.getUserRoles())); UserRoleFactory.toGrantedAuthorities(user.getUserRoles()));
} else { } else {

View File

@ -3,10 +3,8 @@ package ba.steleks.security;
import ba.steleks.AutowireHelper; import ba.steleks.AutowireHelper;
import ba.steleks.model.User; import ba.steleks.model.User;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import org.springframework.web.context.support.SpringBeanAutowiringSupport;
import javax.persistence.PrePersist; import javax.persistence.PrePersist;
import javax.persistence.PreUpdate; import javax.persistence.PreUpdate;
@ -21,11 +19,12 @@ public class UserPasswordEntityListener {
@Autowired @Autowired
private PasswordEncoder passwordEncoder; private PasswordEncoder passwordEncoder;
@PrePersist @PrePersist
@PreUpdate @PreUpdate
public void onUserUpdate(User user) { public void onUserUpdate(User user) {
AutowireHelper.autowire(this, passwordEncoder); AutowireHelper.autowire(this, this.passwordEncoder);
if(user.getPassword() != null) { if (user.getPassword() != null) {
user.setPasswordHash(passwordEncoder.encode(user.getPassword())); user.setPasswordHash(passwordEncoder.encode(user.getPassword()));
} }
} }

View File

@ -39,6 +39,7 @@ public class UserRoleFactory {
.stream() .stream()
// get role name // get role name
.map(UserRole::getRoleName) .map(UserRole::getRoleName)
.map(role -> role != null && role.isEmpty() ? "ROLE_" + role : role)
// create authority // create authority
.map(SimpleGrantedAuthority::new) .map(SimpleGrantedAuthority::new)
.collect(Collectors.toList()); .collect(Collectors.toList());