Changeset 5a9c93b for src

Timestamp:

03/05/24 14:15:44 (15 months ago)

Author:

Aleksandar Panovski <apano77@…>

Branches:

main

Children:

db39d9e

Parents:

a2c6c2b

Message:

Authorization layer

Location:

src/main/java/com/example/rezevirajmasa/demo

Files:

• config/PasswordEncoder.java (added)
• config/RestExceptionHandler.java (added)
• config/SecurityConfig.java (modified) (4 diffs)
• config/UserAuthProvider.java (added)
• dto/CredentialsDto.java (added)
• dto/ErrorDto.java (added)
• dto/SignUpDto.java (added)
• dto/UserDto.java (added)
• mappers/UserMapper.java (added)
• mappers/UserMapperImpl.java (added)
• model/User.java (added)
• model/exceptions/AppException.java (added)
• model/exceptions/CustomerAuthenticationEntryPoint.java (added)
• repository/UserRepository.java (added)
• service/UserService.java (added)
• service/impl/UserServiceImpl.java (added)
• web/filters/AuthFilter.java (deleted)
• web/filters/JwtAuthFilter.java (added)
• web/rest/AuthController.java (modified) (2 diffs)

src/main/java/com/example/rezevirajmasa/demo/config/SecurityConfig.java

@@ -1 +1 @@
 package com.example.rezevirajmasa.demo.config;
 
+import com.example.rezevirajmasa.demo.model.exceptions.CustomerAuthenticationEntryPoint;
+import com.example.rezevirajmasa.demo.web.filters.JwtAuthFilter;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
@@ -9 +12 @@
 import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
-import org.springframework.web.cors.CorsConfiguration;
-import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
-import org.springframework.web.filter.CorsFilter;
+import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
 import org.springframework.web.servlet.config.annotation.CorsRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
-
 
 @Configuration
@@ -23 +23 @@
 public class SecurityConfig implements WebMvcConfigurer {
     private final UserDetailsService userDetailsService;
+    private final CustomerAuthenticationEntryPoint customerAuthenticationEntryPoint;
+    private final UserAuthProvider userAuthProvider;
 
-    public SecurityConfig(UserDetailsService userDetailsService) {
+    public SecurityConfig(UserDetailsService userDetailsService, CustomerAuthenticationEntryPoint customerAuthenticationEntryPoint, UserAuthProvider userAuthProvider) {
         this.userDetailsService = userDetailsService;
+        this.customerAuthenticationEntryPoint = customerAuthenticationEntryPoint;
+        this.userAuthProvider = userAuthProvider;
     }
 
@@ -43 +47 @@
     }
 
+//    @Bean
+//    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception  {
+//
+//        http
+//                .csrf(AbstractHttpConfigurer::disable)
+//                .authorizeHttpRequests( (requests) -> requests
+//                        .requestMatchers(AntPathRequestMatcher.antMatcher("/"), AntPathRequestMatcher.antMatcher("/restaurants"))
+//                        .permitAll()
+//                        .anyRequest()
+//                        .hasAnyRole("ADMIN", "USER")
+//                )
+//                .formLogin((form) -> form
+//                        .permitAll()
+//                        .failureUrl("/login?error=BadCredentials")
+//                        .defaultSuccessUrl("/restaurants", true)
+//                )
+//                .logout((logout) -> logout
+//                        .logoutUrl("/logout")
+//                        .clearAuthentication(true)
+//                        .invalidateHttpSession(true)
+//                        .deleteCookies("JSESSIONID")
+//                        .logoutSuccessUrl("/")
+//                );
+//
+//        return http.build();
+//    }
+
     @Bean
-    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception  {
-
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
         http
+                .exceptionHandling((exception) -> exception.authenticationEntryPoint(customerAuthenticationEntryPoint))
+                .addFilterBefore(new JwtAuthFilter(userAuthProvider), BasicAuthenticationFilter.class)
                 .csrf(AbstractHttpConfigurer::disable)
-                .authorizeHttpRequests( (requests) -> requests
-                        .requestMatchers(AntPathRequestMatcher.antMatcher("/"), AntPathRequestMatcher.antMatcher("/restaurants"))
-                        .permitAll()
-                        .anyRequest()
-                        .hasAnyRole("ADMIN", "USER")
-                )
-                .formLogin((form) -> form
-                        .permitAll()
-                        .failureUrl("/login?error=BadCredentials")
-                        .defaultSuccessUrl("/restaurants", true)
-                )
-                .logout((logout) -> logout
-                        .logoutUrl("/logout")
-                        .clearAuthentication(true)
-                        .invalidateHttpSession(true)
-                        .deleteCookies("JSESSIONID")
-                        .logoutSuccessUrl("/")
+                .sessionManagement(sess -> sess.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+                .authorizeHttpRequests((requests) -> requests
+                        .requestMatchers(HttpMethod.POST, "/api/login", "/api/register").permitAll()
+                        .anyRequest().authenticated()
                 );
-
         return http.build();
     }
-
     @Bean
     public AuthenticationManager authManager(HttpSecurity http) throws Exception {

src/main/java/com/example/rezevirajmasa/demo/web/rest/AuthController.java

@@ -1 +1 @@
 package com.example.rezevirajmasa.demo.web.rest;
 
+import com.example.rezevirajmasa.demo.config.UserAuthProvider;
+import com.example.rezevirajmasa.demo.dto.CredentialsDto;
+import com.example.rezevirajmasa.demo.dto.SignUpDto;
+import com.example.rezevirajmasa.demo.dto.UserDto;
 import com.example.rezevirajmasa.demo.model.Customer;
 import com.example.rezevirajmasa.demo.service.CustomerService;
+import com.example.rezevirajmasa.demo.service.UserService;
+import lombok.RequiredArgsConstructor;
 import org.apache.coyote.Response;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -14 +20 @@
 import org.springframework.web.bind.annotation.RestController;
 
-@CrossOrigin(origins = "http://localhost:3000/")
+import java.net.URI;
+
+@RequiredArgsConstructor
 @RestController
 public class AuthController {
-    private final CustomerService customerService;
-    private final PasswordEncoder passwordEncoder;
-
-    public AuthController(CustomerService customerService, PasswordEncoder passwordEncoder) {
-        this.customerService = customerService;
-        this.passwordEncoder = passwordEncoder;
+    private final UserService userService;
+    private final UserAuthProvider userAuthProvider;
+    @PostMapping("/api/login")
+    public ResponseEntity<UserDto> login(@RequestBody CredentialsDto credentialsDto) {
+        UserDto user = userService.login(credentialsDto);
+        user.setToken(userAuthProvider.createToken(user.getEmail()));
+        return ResponseEntity.ok(user);
     }
 
-    @PostMapping("/api/login")
-    public ResponseEntity<String> login(@RequestBody Customer customer) {
-        Customer exisitngCustomer = customerService.findByEmail(customer.getEmail());
-
-        if(passwordEncoder.matches(customer.getPassword(), exisitngCustomer.getPassword())) {
-            String token = generateToken(exisitngCustomer);
-            return ResponseEntity.ok(token);
-        } else {
-            return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
-        }
-    }
-
-    private String generateToken(Customer customer) {
-        // Implement your token generation logic here
-        return "dummy_token";
+    @PostMapping("/api/register")
+    public ResponseEntity<UserDto> register(@RequestBody SignUpDto signUpDto) {
+        UserDto user = userService.register(signUpDto);
+        user.setToken(userAuthProvider.createToken(user.getEmail()));
+        return ResponseEntity.created(URI.create("/users/" + user.getId()))
+                .body(user);
     }
 }