Add basic authentication

master
esensar 2017-05-27 20:31:24 +02:00
parent 64c35991be
commit f14d1cbe55
5 changed files with 112 additions and 10 deletions

View File

@ -33,6 +33,7 @@ dependencies {
runtime('com.h2database:h2') runtime('com.h2database:h2')
compile('org.springframework.cloud:spring-cloud-starter-config') compile('org.springframework.cloud:spring-cloud-starter-config')
compile('org.springframework.boot:spring-boot-starter-actuator') compile('org.springframework.boot:spring-boot-starter-actuator')
compile('org.springframework.boot:spring-boot-starter-security')
testCompile('org.springframework.boot:spring-boot-starter-test') testCompile('org.springframework.boot:spring-boot-starter-test')
compile('mysql:mysql-connector-java') compile('mysql:mysql-connector-java')
compile('org.hibernate:hibernate-validator') compile('org.hibernate:hibernate-validator')

View File

@ -2,7 +2,6 @@ package ba.steleks.controller;
import ba.steleks.model.AuthRequest; import ba.steleks.model.AuthRequest;
import ba.steleks.repository.UsersJpaRepository; import ba.steleks.repository.UsersJpaRepository;
import org.bouncycastle.crypto.tls.HashAlgorithm;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestBody;
@ -10,8 +9,6 @@ import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController; import org.springframework.web.bind.annotation.RestController;
/** /**
* Created by admin on 13/05/2017. * Created by admin on 13/05/2017.
*/ */
@ -23,14 +20,13 @@ public class AuthenticationController {
@Autowired @Autowired
public AuthenticationController(UsersJpaRepository usersJpaRepository, PasswordEncoder passwordEncoder) { public AuthenticationController(UsersJpaRepository usersJpaRepository, PasswordEncoder passwordEncoder) {
this.passwordEncoder=passwordEncoder; this.passwordEncoder = passwordEncoder;
this.usersJpaRepository = usersJpaRepository; this.usersJpaRepository = usersJpaRepository;
} }
@RequestMapping(path = "/accesstoken" , method = RequestMethod.POST) @RequestMapping(path = "/accesstoken", method = RequestMethod.POST)
public String generateToken(@RequestBody AuthRequest body){ public String generateToken(@RequestBody AuthRequest body){
return passwordEncoder.matches(body.getPassword(),usersJpaRepository.findByUsername(body.getUsername()).getPasswordHash()) ? "true" : "false"; return passwordEncoder.matches(body.getPassword(), usersJpaRepository.findByUsername(body.getUsername()).getPasswordHash()) ? "true" : "false";
} }
} }

View File

@ -1,8 +1,5 @@
package ba.steleks.model; package ba.steleks.model;
import com.fasterxml.jackson.databind.annotation.JsonSerialize;
/** /**
* Created by admin on 13/05/2017. * Created by admin on 13/05/2017.
*/ */

View File

@ -0,0 +1,44 @@
package ba.steleks.security;/**
* Created by ensar on 16/05/17.
*/
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
@Configuration
@EnableWebSecurity
@ComponentScan("org.baeldung.security")
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public AuthenticationProvider provideAuthenticationProvider() {
DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
authenticationProvider.setUserDetailsService(new SteleksUsersDetailsService());
return authenticationProvider;
}
@Autowired
private AuthenticationProvider authProvider;
@Override
protected void configure(
AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(authProvider);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().authenticated();
}
}

View File

@ -0,0 +1,64 @@
package ba.steleks.security;/**
* Created by ensar on 16/05/17.
*/
import ba.steleks.model.User;
import ba.steleks.repository.UsersJpaRepository;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import java.util.Collection;
import java.util.logging.Logger;
public class SteleksUsersDetailsService implements UserDetailsService {
private static final Logger logger =
Logger.getLogger(SteleksUsersDetailsService.class.getName());
@Autowired
private UsersJpaRepository usersJpaRepository;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User user = usersJpaRepository.findByUsername(username);
UserDetails userDetails = new UserDetails() {
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return null;
}
@Override
public String getPassword() {
return null;
}
@Override
public String getUsername() {
return null;
}
@Override
public boolean isAccountNonExpired() {
return false;
}
@Override
public boolean isAccountNonLocked() {
return false;
}
@Override
public boolean isCredentialsNonExpired() {
return false;
}
@Override
public boolean isEnabled() {
return false;
}
};
return userDetails;
}
}