Context Navigation

← Previous Changeset
Next Changeset →

Changeset 5a9c93b

Timestamp:

03/05/24 14:15:44 (15 months ago)

Author:

Aleksandar Panovski <apano77@…>

Branches:

Children:

Parents:

Message:

Authorization layer

Files:

: 18 added
: 1 deleted
: 5 edited

Legend:

: Unmodified
: Added
: Removed

my-react-app/src/axios_helper.js

-              ra2c6c2b
+              r5a9c93b
 axios.defaults.headers.post["Content-Type"] = 'application/json'
+export const getAuthToken = () => {
+    return window.localStorage.getItem("auth_token");
+}
+export const setAuthToken = (token) => {
+    window.localStorage.setItem("auth_token", token);
+}
 export const request = (method, url, data) => {
+    let headers = {};
+    if(getAuthToken() !== null && getAuthToken() !== "null") {
+        headers = {"Authorization" : `Bearer ${getAuthToken()}`};
+    }
     return axios({
         method: method,

my-react-app/src/components/AppContent.js

-              ra2c6c2b
+              r5a9c93b
 import WelcomeContent from "./WelcomeContent";
 import AuthContent from "./AuthContent";
+import LoginForm from "./LoginForm";
+import { request, setAuthToken } from "../axios_helper";
+import Buttons from './Buttons'
 export default class AppContent extends React.Component {
+    constructor(props) {
+        super(props);
+        this.state = {
+            componentToShow: "welcome"
+        };
+    };
+    login = () => {
+        this.setState({componentToShow: "login"})
+    }
+    logout = () => {
+        this.setState({componentToShow: "welcome"})
+    }
+    onLogin = (e, email, password) => {
+        e.preventDefault();
+        request(
+            "POST",
+            "/api/login",
+            {login: email, password: password}
+        ).then((response) => {
+            this.setState({componentToShow: "restaurants"})
+            setAuthToken(response.data.token);
+        }).catch((error) => {
+            this.setState({componentToShow: "welcome"})
+        });
+    };
+    onRegister = (e, firstName, lastName, email, password) => {
+        e.preventDefault();
+        request(
+            "POST",
+            "/api/register",
+            {
+                firstName: firstName,
+                lastName: lastName,
+                login: email,
+                password: password
+            }
+        ).then((response) => {
+            this.setState({componentToShow: "restaurants"})
+            setAuthToken(response.data.token);
+        }).catch((error) => {
+            this.setState({componentToShow: "welcome"})
+        });
+    };
     render() {
         return (
             <div>
+                <WelcomeContent/>
+                <AuthContent/>
+                <Buttons login={this.login} logout={this.logout}></Buttons>
+                {this.state.componentToShow === "welcome" && <WelcomeContent/>}
+                {this.state.componentToShow === "restaurants" && <AuthContent/>}
+                {this.state.componentToShow === "login" && <LoginForm onLogin={this.onLogin} onRegister={this.onRegister}/>}
             </div>
+        )

pom.xml

-              ra2c6c2b
+              r5a9c93b
                 <dependency>
                         <groupId>org.mapstruct</groupId>
+                        <artifactId>mapstruct-processor</artifactId>
+                        <version>1.5.3.Final</version>
+                        <artifactId>mapstruct</artifactId>
+                        <version>1.4.2.Final</version> <!-- Replace with the latest version -->
+                </dependency>
+                <dependency>
+                        <groupId>com.auth0</groupId>
+                        <artifactId>java-jwt</artifactId>
+                        <version>4.3.0</version>
                 </dependency>
         </dependencies>

src/main/java/com/example/rezevirajmasa/demo/config/SecurityConfig.java

-              ra2c6c2b
+              r5a9c93b
 package com.example.rezevirajmasa.demo.config;
+import com.example.rezevirajmasa.demo.model.exceptions.CustomerAuthenticationEntryPoint;
+import com.example.rezevirajmasa.demo.web.filters.JwtAuthFilter;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 …
 import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+import org.springframework.web.filter.CorsFilter;
+import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
 import org.springframework.web.servlet.config.annotation.CorsRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 @Configuration
 …
 public class SecurityConfig implements WebMvcConfigurer {
     private final UserDetailsService userDetailsService;
+    private final CustomerAuthenticationEntryPoint customerAuthenticationEntryPoint;
+    private final UserAuthProvider userAuthProvider;
     public SecurityConfig(UserDetailsService userDetailsService) {
+    public SecurityConfig(UserDetailsService userDetailsService, CustomerAuthenticationEntryPoint customerAuthenticationEntryPoint, UserAuthProvider userAuthProvider) {
         this.userDetailsService = userDetailsService;
+        this.customerAuthenticationEntryPoint = customerAuthenticationEntryPoint;
+        this.userAuthProvider = userAuthProvider;
+    }
 …
+    }
+//    @Bean
+//    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception  {
+//
+//        http
+//                .csrf(AbstractHttpConfigurer::disable)
+//                .authorizeHttpRequests( (requests) -> requests
+//                        .requestMatchers(AntPathRequestMatcher.antMatcher("/"), AntPathRequestMatcher.antMatcher("/restaurants"))
+//                        .permitAll()
+//                        .anyRequest()
+//                        .hasAnyRole("ADMIN", "USER")
+//                )
+//                .formLogin((form) -> form
+//                        .permitAll()
+//                        .failureUrl("/login?error=BadCredentials")
+//                        .defaultSuccessUrl("/restaurants", true)
+//                )
+//                .logout((logout) -> logout
+//                        .logoutUrl("/logout")
+//                        .clearAuthentication(true)
+//                        .invalidateHttpSession(true)
+//                        .deleteCookies("JSESSIONID")
+//                        .logoutSuccessUrl("/")
+//                );
+//
+//        return http.build();
+//    }
     @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception  {
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
         http
+                .exceptionHandling((exception) -> exception.authenticationEntryPoint(customerAuthenticationEntryPoint))
+                .addFilterBefore(new JwtAuthFilter(userAuthProvider), BasicAuthenticationFilter.class)
                 .csrf(AbstractHttpConfigurer::disable)
+                .authorizeHttpRequests( (requests) -> requests
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/"), AntPathRequestMatcher.antMatcher("/restaurants"))
+                        .permitAll()
+                        .anyRequest()
+                        .hasAnyRole("ADMIN", "USER")
+                )
+                .formLogin((form) -> form
+                        .permitAll()
+                        .failureUrl("/login?error=BadCredentials")
+                        .defaultSuccessUrl("/restaurants", true)
+                )
+                .logout((logout) -> logout
+                        .logoutUrl("/logout")
+                        .clearAuthentication(true)
+                        .invalidateHttpSession(true)
+                        .deleteCookies("JSESSIONID")
+                        .logoutSuccessUrl("/")
+                .sessionManagement(sess -> sess.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+                .authorizeHttpRequests((requests) -> requests
+                        .requestMatchers(HttpMethod.POST, "/api/login", "/api/register").permitAll()
+                        .anyRequest().authenticated()
                 );
         return http.build();
+    }
     @Bean
     public AuthenticationManager authManager(HttpSecurity http) throws Exception {

src/main/java/com/example/rezevirajmasa/demo/web/rest/AuthController.java

-              ra2c6c2b
+              r5a9c93b
 package com.example.rezevirajmasa.demo.web.rest;
+import com.example.rezevirajmasa.demo.config.UserAuthProvider;
+import com.example.rezevirajmasa.demo.dto.CredentialsDto;
+import com.example.rezevirajmasa.demo.dto.SignUpDto;
+import com.example.rezevirajmasa.demo.dto.UserDto;
 import com.example.rezevirajmasa.demo.model.Customer;
 import com.example.rezevirajmasa.demo.service.CustomerService;
+import com.example.rezevirajmasa.demo.service.UserService;
+import lombok.RequiredArgsConstructor;
 import org.apache.coyote.Response;
 import org.springframework.beans.factory.annotation.Autowired;
 …
 import org.springframework.web.bind.annotation.RestController;
+@CrossOrigin(origins = "http://localhost:3000/")
+import java.net.URI;
+@RequiredArgsConstructor
 @RestController
 public class AuthController {
+    private final CustomerService customerService;
+    private final PasswordEncoder passwordEncoder;
+    public AuthController(CustomerService customerService, PasswordEncoder passwordEncoder) {
+        this.customerService = customerService;
+        this.passwordEncoder = passwordEncoder;
+    private final UserService userService;
+    private final UserAuthProvider userAuthProvider;
+    @PostMapping("/api/login")
+    public ResponseEntity<UserDto> login(@RequestBody CredentialsDto credentialsDto) {
+        UserDto user = userService.login(credentialsDto);
+        user.setToken(userAuthProvider.createToken(user.getEmail()));
+        return ResponseEntity.ok(user);
+    }
+    @PostMapping("/api/login")
+    public ResponseEntity<String> login(@RequestBody Customer customer) {
+        Customer exisitngCustomer = customerService.findByEmail(customer.getEmail());
+        if(passwordEncoder.matches(customer.getPassword(), exisitngCustomer.getPassword())) {
+            String token = generateToken(exisitngCustomer);
+            return ResponseEntity.ok(token);
+        } else {
+            return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
+        }
+    }
+    private String generateToken(Customer customer) {
+        // Implement your token generation logic here
+        return "dummy_token";
+    @PostMapping("/api/register")
+    public ResponseEntity<UserDto> register(@RequestBody SignUpDto signUpDto) {
+        UserDto user = userService.register(signUpDto);
+        user.setToken(userAuthProvider.createToken(user.getEmail()));
+        return ResponseEntity.created(URI.create("/users/" + user.getId()))
+                .body(user);
+    }
+}

Note: See TracChangeset for help on using the changeset viewer.

Download in other formats: