Returns roles on login

master
esensar 2018-01-17 21:37:05 +01:00
parent 636846bd55
commit a53c318aae
2 changed files with 4 additions and 1 deletions

View File

@ -33,6 +33,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
http.csrf().disable().authorizeRequests() http.csrf().disable().authorizeRequests()
.antMatchers(HttpMethod.OPTIONS).permitAll() .antMatchers(HttpMethod.OPTIONS).permitAll()
.antMatchers("/users/**", "/users", "/").permitAll() .antMatchers("/users/**", "/users", "/").permitAll()
.antMatchers("/users/users", "/users/users/**").hasRole("ADMIN")
.anyRequest().authenticated() .anyRequest().authenticated()
.and() .and()
.addFilterBefore(new AuthenticationFilter(restTemplateBuilder.build(), discoveryClient), UsernamePasswordAuthenticationFilter.class); .addFilterBefore(new AuthenticationFilter(restTemplateBuilder.build(), discoveryClient), UsernamePasswordAuthenticationFilter.class);

View File

@ -3,6 +3,7 @@ package ba.steleks.controller;
import ba.steleks.error.exception.CustomHttpStatusException; import ba.steleks.error.exception.CustomHttpStatusException;
import ba.steleks.model.AuthRequest; import ba.steleks.model.AuthRequest;
import ba.steleks.model.User; import ba.steleks.model.User;
import ba.steleks.model.UserRole;
import ba.steleks.repository.UsersJpaRepository; import ba.steleks.repository.UsersJpaRepository;
import ba.steleks.security.SessionIdentifierGenerator; import ba.steleks.security.SessionIdentifierGenerator;
import ba.steleks.security.UserRoleFactory; import ba.steleks.security.UserRoleFactory;
@ -51,9 +52,10 @@ public class AuthenticationController {
if (passwordEncoder.matches(body.getPassword(), user.getPasswordHash())) { if (passwordEncoder.matches(body.getPassword(), user.getPasswordHash())) {
String token = new SessionIdentifierGenerator().nextSessionId(); String token = new SessionIdentifierGenerator().nextSessionId();
tokenStore.saveToken(user.getId(), token); tokenStore.saveToken(user.getId(), token);
Map<String, String> response = new HashMap<>(); Map<String, Object> response = new HashMap<>();
response.put("token", token); response.put("token", token);
response.put("userId", String.valueOf(user.getId())); response.put("userId", String.valueOf(user.getId()));
response.put("roles", UserRoleFactory.toStringSet(user.getUserRoles()));
return ResponseEntity return ResponseEntity
.ok() .ok()
.body(response); .body(response);