Changeset 84d0fbb for trip-planner

Timestamp:

12/19/21 19:39:00 (2 years ago)

Author:

Ema <ema_spirova@…>

Branches:

master

Children:

bdd6491

Parents:

1ad8e64

Message:

spring security 2.0

Location:

trip-planner/src

Files:

• main/java/finki/diplomska/tripplanner/TripPlannerApplication.java (modified) (2 diffs)
• main/java/finki/diplomska/tripplanner/models/Planner.java (modified) (3 diffs)
• main/java/finki/diplomska/tripplanner/models/User.java (modified) (2 diffs)
• main/java/finki/diplomska/tripplanner/models/dto/PlannerDto.java (modified) (1 diff)
• main/java/finki/diplomska/tripplanner/models/dto/UserDto.java (modified) (1 diff)
• main/java/finki/diplomska/tripplanner/payload/JWTLoginSucessReponse.java (added)
• main/java/finki/diplomska/tripplanner/payload/LoginRequest.java (added)
• main/java/finki/diplomska/tripplanner/repository/jpa/JpaPlannerRepository.java (modified) (2 diffs)
• main/java/finki/diplomska/tripplanner/repository/jpa/JpaUserRepository.java (modified) (1 diff)
• main/java/finki/diplomska/tripplanner/security/JwtAuthenticationFilter.java (added)
• main/java/finki/diplomska/tripplanner/security/JwtTokenProvider.java (added)
• main/java/finki/diplomska/tripplanner/security/SecurityConfig.java (modified) (4 diffs)
• main/java/finki/diplomska/tripplanner/security/SecurityConstants.java (added)
• main/java/finki/diplomska/tripplanner/service/PlannerService.java (modified) (1 diff)
• main/java/finki/diplomska/tripplanner/service/UserService.java (modified) (1 diff)
• main/java/finki/diplomska/tripplanner/service/impl/CustomUserDetailsServiceImpl.java (added)
• main/java/finki/diplomska/tripplanner/service/impl/PlannerServiceImpl.java (modified) (7 diffs)
• main/java/finki/diplomska/tripplanner/service/impl/UserServiceImpl.java (modified) (2 diffs)
• main/java/finki/diplomska/tripplanner/web/rest/PlannerRestController.java (modified) (6 diffs)
• main/java/finki/diplomska/tripplanner/web/rest/UserController.java (modified) (4 diffs)
• main/resources/application.properties (modified) (1 diff)
• test/api.http (modified) (1 diff)

trip-planner/src/main/java/finki/diplomska/tripplanner/TripPlannerApplication.java

@@ -6 +6 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+import java.util.Arrays;
 
 @SpringBootApplication
@@ -15 +20 @@
         return new BCryptPasswordEncoder();
     }
+
+
     public static void main(String[] args) {
         SpringApplication.run(TripPlannerApplication.class, args);

trip-planner/src/main/java/finki/diplomska/tripplanner/models/Planner.java

@@ -1 +1 @@
 package finki.diplomska.tripplanner.models;
 
+import com.fasterxml.jackson.annotation.JsonIgnore;
 import lombok.*;
-import reactor.util.annotation.Nullable;
 
 import javax.persistence.*;
@@ -10 +10 @@
 @Data
 @Table(name = "planners")
-@NoArgsConstructor
 @AllArgsConstructor
 @Getter
@@ -34 +33 @@
     private List<Location> locationList;
 
+    @ManyToOne(fetch = FetchType.EAGER)
+    private User user;
 
-    public Planner(String name, String description, List<Location> locationList){
+    public Planner(){
+    }
+
+    public Planner(String name, String description, List<Location> locationList, User user){
             this.name = name;
             this.description = description;
             this.locationList = locationList;
+            this.user = user;
     }
 

trip-planner/src/main/java/finki/diplomska/tripplanner/models/User.java

@@ -11 +11 @@
 import javax.validation.constraints.Email;
 import javax.validation.constraints.NotBlank;
+import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Date;
+import java.util.List;
 
 @Entity
@@ -38 +40 @@
     private Date update_At;
 
-    //OneToMany with Project
+    //OneToMany with Planners
+    @OneToMany(cascade = CascadeType.REFRESH, fetch = FetchType.EAGER, mappedBy = "user", orphanRemoval = true)
+    @JsonIgnore
+    private List<Planner> planners = new ArrayList<>();
 
     public User() {
     }
 
+    public User(String username, String fullName, String password, String confirmPassword) {
+        this.username = username;
+        this.fullName = fullName;
+        this.password = password;
+        this.confirmPassword = confirmPassword;
+    }
 
     @PrePersist

trip-planner/src/main/java/finki/diplomska/tripplanner/models/dto/PlannerDto.java

@@ -9 +9 @@
     private String name;
     private String description;
+    private String user;
 
-    public PlannerDto(String name, String description) {
+    public PlannerDto(String name, String description, String user) {
         this.name = name;
         this.description = description;
+        this.user = user;
     }
 }

trip-planner/src/main/java/finki/diplomska/tripplanner/models/dto/UserDto.java

@@ -20 +20 @@
     private Date update_At;
 
-    public UserDto(String username, String fullName, String password, String confirmPassword, Date create_At, Date update_At) {
+    public UserDto(String username, String fullName, String password, String confirmPassword) {
         this.username = username;
         this.fullName = fullName;
         this.password = password;
         this.confirmPassword = confirmPassword;
-        this.create_At = create_At;
-        this.update_At = update_At;
+
     }
 }

trip-planner/src/main/java/finki/diplomska/tripplanner/repository/jpa/JpaPlannerRepository.java

@@ -4 +4 @@
 import finki.diplomska.tripplanner.models.Planner;
 import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.jpa.repository.Query;
+import org.springframework.data.repository.query.Param;
 import org.springframework.stereotype.Repository;
 
@@ -11 +13 @@
 public interface JpaPlannerRepository extends JpaRepository<Planner, Long> {
 
-
+        @Query(value = "SELECT * FROM planners AS p left JOIN users AS u ON p.user_id = u.id WHERE u.username like :username", nativeQuery = true)
+        List<Planner> getPlannersByUser(@Param("username") String username );
 }

trip-planner/src/main/java/finki/diplomska/tripplanner/repository/jpa/JpaUserRepository.java

@@ -7 +7 @@
 @Repository
 public interface JpaUserRepository extends CrudRepository<User, Long> {
+    User findByUsername(String username);
+    User getById(Long id);
 }

trip-planner/src/main/java/finki/diplomska/tripplanner/security/SecurityConfig.java

@@ -2 +2 @@
 
 
+import finki.diplomska.tripplanner.service.impl.CustomUserDetailsServiceImpl;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.BeanIds;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -9 +14 @@
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+
+import static finki.diplomska.tripplanner.security.SecurityConstants.MARIADB_URL;
+import static finki.diplomska.tripplanner.security.SecurityConstants.SIGN_UP_URLS;
 
 @Configuration
@@ -21 +31 @@
     @Autowired
     private JwtAuthenticationEntryPoint unauthorizedHandler;
+
+    @Autowired
+    private CustomUserDetailsServiceImpl customUserDetailsService;
+
+    @Bean
+    public JwtAuthenticationFilter jwtAuthenticationFilter() {return  new JwtAuthenticationFilter();}
+
+
+    @Autowired
+    private BCryptPasswordEncoder bCryptPasswordEncoder;
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
+        authenticationManagerBuilder.userDetailsService(customUserDetailsService).passwordEncoder(bCryptPasswordEncoder);
+    }
+
+    @Override
+    @Bean(BeanIds.AUTHENTICATION_MANAGER)
+    protected AuthenticationManager authenticationManager() throws Exception {
+        return super.authenticationManager();
+    }
 
     @Override
@@ -43 +74 @@
                         "/**/*.js"
                 ).permitAll()
-                .antMatchers("/api/users/**").permitAll()
+                .antMatchers(SIGN_UP_URLS).permitAll()
+                .antMatchers(MARIADB_URL).permitAll()
                 .anyRequest().authenticated();
+        http.addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
+
     }
 }

trip-planner/src/main/java/finki/diplomska/tripplanner/service/PlannerService.java

@@ -11 +11 @@
 
         Planner createPlannerWithRequestParams(String description, String name, List<Location> locationList);
-        Optional<Planner> editPlanner(Long id, PlannerDto plannerDto);
+        Optional<Planner> editPlanner(Long id, PlannerDto plannerDto, String username);
         List<Planner> getAllPlaners();
+        List<Planner> getPlannersByUser(String username);
         Optional<Planner> findById(Long id);
         Planner editPlannerWithRequestParams(Long id, String description, String name, List<Location> locationList);
-        Optional<Planner> newPlanner(PlannerDto plannerDto);
+        Optional<Planner> newPlanner(PlannerDto plannerDto, String username);
 }

trip-planner/src/main/java/finki/diplomska/tripplanner/service/UserService.java

@@ -2 +2 @@
 
 import finki.diplomska.tripplanner.models.User;
+import finki.diplomska.tripplanner.models.dto.UserDto;
 
+import java.util.Optional;
 
 

trip-planner/src/main/java/finki/diplomska/tripplanner/service/impl/PlannerServiceImpl.java

@@ -3 +3 @@
 import finki.diplomska.tripplanner.models.Location;
 import finki.diplomska.tripplanner.models.Planner;
+import finki.diplomska.tripplanner.models.User;
 import finki.diplomska.tripplanner.models.dto.PlannerDto;
 import finki.diplomska.tripplanner.models.exceptions.LocationNotFoundException;
@@ -8 +9 @@
 import finki.diplomska.tripplanner.repository.jpa.JpaLocationRepository;
 import finki.diplomska.tripplanner.repository.jpa.JpaPlannerRepository;
-import finki.diplomska.tripplanner.service.LocationService;
+import finki.diplomska.tripplanner.repository.jpa.JpaUserRepository;
 import finki.diplomska.tripplanner.service.PlannerService;
 import org.springframework.stereotype.Service;
-import reactor.util.annotation.Nullable;
 
-import java.util.ArrayList;
+import javax.jws.soap.SOAPBinding;
 import java.util.List;
 import java.util.Optional;
@@ -22 +22 @@
     private final JpaPlannerRepository plannerRepository;
     private final JpaLocationRepository locationRepository;
+    private final JpaUserRepository userRepository;
 
-    public PlannerServiceImpl(JpaPlannerRepository plannerRepository, JpaLocationRepository locationRepository) {
+    public PlannerServiceImpl(JpaPlannerRepository plannerRepository, JpaLocationRepository locationRepository, JpaUserRepository userRepository) {
         this.plannerRepository = plannerRepository;
         this.locationRepository = locationRepository;
+        this.userRepository = userRepository;
     }
 
@@ -31 +33 @@
     public List<Planner> getAllPlaners() {
         return this.plannerRepository.findAll();
+    }
+
+    @Override
+    public List<Planner> getPlannersByUser(String username) {
+        User user = this.userRepository.findByUsername(username);
+        return this.plannerRepository.getPlannersByUser(user.getUsername());
     }
 
@@ -40 +48 @@
 
     @Override
-    public Optional<Planner> newPlanner(PlannerDto plannerDto) {
+    public Optional<Planner> newPlanner(PlannerDto plannerDto, String username) {
         /*
         List<Location> locationList  = new ArrayList<>();
@@ -48 +56 @@
             locationList.add(loc);
         }
-
          */
-           return Optional.of(this.plannerRepository.save(new Planner(plannerDto.getName(), plannerDto.getDescription(), null)));
+        User user = this.userRepository.findByUsername(username);
+        plannerDto.setUser(user.getUsername());
+        return Optional.of(this.plannerRepository.save(new Planner(plannerDto.getName(), plannerDto.getDescription(), null, user)));
     }
 
@@ -69 +78 @@
 
     @Override
-    public Optional<Planner> editPlanner(Long id, PlannerDto plannerDto) {
+    public Optional<Planner> editPlanner(Long id, PlannerDto plannerDto, String username) {
         Planner planner = this.plannerRepository.findById(id).orElseThrow(() -> new PlannerNotFoundException(id));
+        User user = this.userRepository.findByUsername(username);
 
         planner.setName(plannerDto.getName());
         planner.setDescription(plannerDto.getDescription());
+        plannerDto.setUser(user.getUsername());
+        planner.setUser(user);
 /*
         List<Location> locationList  = new ArrayList<>();

trip-planner/src/main/java/finki/diplomska/tripplanner/service/impl/UserServiceImpl.java

@@ -9 +9 @@
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.stereotype.Service;
+
+import java.util.Optional;
 
 
@@ -28 +30 @@
             // We don't persist or show the confirmPassword
             newUser.setConfirmPassword("");
-            return this.userRepository.save(newUser);
+             return this.userRepository.save(newUser);
         }catch(Exception e){
             throw new UsernameAlreadyExistsException("Username '"+newUser.getUsername()+ "' already exists");

trip-planner/src/main/java/finki/diplomska/tripplanner/web/rest/PlannerRestController.java

@@ -3 +3 @@
 import finki.diplomska.tripplanner.models.Location;
 import finki.diplomska.tripplanner.models.Planner;
+import finki.diplomska.tripplanner.models.User;
 import finki.diplomska.tripplanner.models.dto.PlannerDto;
 import finki.diplomska.tripplanner.service.LocationService;
@@ -9 +10 @@
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.Authentication;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.bind.annotation.RestController;
 
+import javax.validation.Valid;
 import java.util.ArrayList;
 import java.util.List;
@@ -17 +20 @@
 
 @RestController
-@CrossOrigin(origins = "http://localhost:4200")
+@CrossOrigin(origins = "http://localhost:4200",  exposedHeaders = "token")
 @RequestMapping(value = "/api")
 public class PlannerRestController {
@@ -31 +34 @@
     public List<Planner> getAllPlanners(){
         return this.plannerService.getAllPlaners();
+    }
+
+
+    @GetMapping(value = "/planners/user")
+    public List<Planner> getPlannersByUser(Authentication authentication){
+        User user = (User) authentication.getPrincipal();
+        return this.plannerService.getPlannersByUser(user.getUsername());
     }
 
@@ -57 +67 @@
     @PostMapping(value = "/planner/new", consumes= MediaType.APPLICATION_JSON_VALUE)
     @ResponseStatus(HttpStatus.CREATED)
-    public ResponseEntity<Planner> newPlanner(@RequestBody PlannerDto plannerDto)  {
-        return this.plannerService.newPlanner(plannerDto)
+    public ResponseEntity<?> newPlanner(@Valid @RequestBody PlannerDto plannerDto, Authentication authentication)  {
+
+        User user = (User) authentication.getPrincipal();
+        return this.plannerService.newPlanner(plannerDto, user.getUsername())
                 .map(planner -> ResponseEntity.ok().body(planner))
                 .orElseGet(() -> ResponseEntity.badRequest().build());
@@ -65 +77 @@
 
     @PutMapping(value ="edit/planner/{id}", consumes= MediaType.APPLICATION_JSON_VALUE)
-    public ResponseEntity<Planner> editPlanner(@PathVariable Long id, @RequestBody PlannerDto plannerDto){
-        return this.plannerService.editPlanner(id, plannerDto)
+    public ResponseEntity<Planner> editPlanner(@PathVariable Long id, @Valid @RequestBody PlannerDto plannerDto, Authentication authentication){
+        User user = (User) authentication.getPrincipal();
+        return this.plannerService.editPlanner(id, plannerDto, user.getUsername())
                 .map(planner -> ResponseEntity.ok().body(planner))
                 .orElseGet(()-> ResponseEntity.badRequest().build());

trip-planner/src/main/java/finki/diplomska/tripplanner/web/rest/UserController.java

@@ -3 +3 @@
 import finki.diplomska.tripplanner.models.User;
 import finki.diplomska.tripplanner.models.dto.UserDto;
+import finki.diplomska.tripplanner.payload.JWTLoginSucessReponse;
+import finki.diplomska.tripplanner.payload.LoginRequest;
+import finki.diplomska.tripplanner.security.JwtTokenProvider;
+import finki.diplomska.tripplanner.security.SecurityConstants;
 import finki.diplomska.tripplanner.service.UserService;
 import finki.diplomska.tripplanner.service.impl.MapValidationErrorService;
@@ -9 +13 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.validation.BindingResult;
 import org.springframework.web.bind.annotation.*;
-
+import org.springframework.security.core.Authentication;
 import javax.validation.Valid;
 
@@ -28 +35 @@
     private UserValidator userValidator;
 
-    @PostMapping("/register")
+    @Autowired
+    private JwtTokenProvider tokenProvider;
+
+    @Autowired
+    private AuthenticationManager authenticationManager;
+
+    @PostMapping(value = "/login")
+    public ResponseEntity<?> authenticateUser(@Valid @RequestBody LoginRequest loginRequest, BindingResult result){
+        ResponseEntity<?> errorMap = mapValidationErrorService.MapValidationService(result);
+        if(errorMap != null) return errorMap;
+
+        Authentication authentication = authenticationManager.authenticate(
+                new UsernamePasswordAuthenticationToken(
+                        loginRequest.getUsername(),
+                        loginRequest.getPassword()
+                )
+        );
+
+        SecurityContextHolder.getContext().setAuthentication(authentication);
+        String jwt = SecurityConstants.TOKEN_PREFIX +  tokenProvider.generateToken(authentication);
+
+        return ResponseEntity.ok(new JWTLoginSucessReponse(true, jwt));
+    }
+
+    @PostMapping(value = "/register")
     public ResponseEntity<?> registerUser(@Valid @RequestBody User user, BindingResult result){
         // Validate passwords match
@@ -38 +69 @@
 
         return  new ResponseEntity<User>(newUser, HttpStatus.CREATED);
+
     }
 }

trip-planner/src/main/resources/application.properties

@@ -6 +6 @@
 jasypt.encryptor.iv-generator-classname=org.jasypt.iv.NoIvGenerator
 jasypt.encryptor.algorithm=PBEWithMD5AndDES
+spring.jpa.properties.hibernate.enable_lazy_load_no_trans=true
 
 spring.jpa.show-sql=true

trip-planner/src/test/api.http

@@ -75 +75 @@
 GET http://localhost:8080/api/images?locationId=1
 Content-Type: application/x-www-form-urlencoded
+
+###
+POST http://localhost:8080/api/users/register
+Content-Type: application/json
+
+{"username": "teshht@test.com", "fullName": "nikola", "password" : "nikolce", "confirmPassword": "nikolce"}
+
+###
+POST http://localhost:8080/api/users/login
+Content-Type: application/json
+
+{"username": "test@test.com", "password" : "nikolce"}
+
+
+###
+GET http://localhost:8080/api/planners/user
+Content-Type: application/json