Changeset 401a211

Timestamp:

10/17/22 00:30:31 (2 years ago)

Author:

Gjoko <goko_kostadinov@…>

Branches:

master

Children:

204464d

Parents:

cf9cdbf

Message:

Fixing security configuration

Location:

src/main

Files:

• java/edu/gjoko/schedlr/config/AppConfig.java (added)
• java/edu/gjoko/schedlr/config/AppFilter.java (modified) (1 diff)
• java/edu/gjoko/schedlr/config/AppSecurityConfig.java (modified) (2 diffs)
• java/edu/gjoko/schedlr/entity/Business.java (modified) (1 diff)
• resources/application.properties (modified) (1 diff)
• resources/data.sql (added)

src/main/java/edu/gjoko/schedlr/config/AppFilter.java

@@ -25 +25 @@
         if(session != null) {
             Map<String, String> roleTargetUrlMap = new HashMap<>();
-            roleTargetUrlMap.put("DATE", "/date");
-            roleTargetUrlMap.put("GUESS_NUMBER", "/number");
+            roleTargetUrlMap.put("ADMIN", "/date");
+            roleTargetUrlMap.put("CUSTOMER", "/number");
+            roleTargetUrlMap.put("BUSINESS_OWNER", "");
             SecurityContextImpl sci = (SecurityContextImpl) session.getAttribute("SPRING_SECURITY_CONTEXT");
             if(sci != null) {

src/main/java/edu/gjoko/schedlr/config/AppSecurityConfig.java

@@ -1 +1 @@
 package edu.gjoko.schedlr.config;
 
+import edu.gjoko.schedlr.services.PostgresUserDetailsService;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.core.GrantedAuthorityDefaults;
-import org.springframework.security.core.userdetails.User;
-import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
-import org.springframework.security.provisioning.InMemoryUserDetailsManager;
-import org.springframework.security.provisioning.UserDetailsManager;
-import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
 
 @Configuration
-public class AppSecurityConfig {
+@EnableWebSecurity
+public class AppSecurityConfig extends WebSecurityConfigurerAdapter {
+
+    private final PostgresUserDetailsService userDetailsService;
+
+    private final BCryptPasswordEncoder passwordEncoder;
+
+    private final AuthenticationSuccessHandler authenticationSuccessHandler;
+
+    public AppSecurityConfig(PostgresUserDetailsService userDetailsService, BCryptPasswordEncoder passwordEncoder,
+                             AuthenticationSuccessHandler authenticationSuccessHandler) {
+        this.userDetailsService = userDetailsService;
+        this.passwordEncoder = passwordEncoder;
+        this.authenticationSuccessHandler = authenticationSuccessHandler;
+    }
 
     @Bean
-    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        http
-                .csrf()
+    public AuthenticationManager customAuthenticationManager() throws Exception {
+        return authenticationManager();
+    }
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder);
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.csrf()
                 .disable()
-                .authorizeRequests(urlRegistry -> urlRegistry
-                        .antMatchers("/login*").permitAll()
-                        .antMatchers("/css/**").permitAll()
-                        .antMatchers("/anonymous*").permitAll()
-                        .anyRequest()
-                        .fullyAuthenticated()
-                )
+                .authorizeRequests()
+                .antMatchers("/login*").permitAll()
+                .antMatchers("/css/**").permitAll()
+                .antMatchers("/anonymous*").anonymous()
+                .anyRequest()
+                .fullyAuthenticated()
+                .and()
                 .httpBasic()
                 .authenticationEntryPoint(new AppAuthenticationEntryPoint())
@@ -35 +59 @@
                 .loginPage("/login")
                 .loginProcessingUrl("/login")
-                .successHandler(new AppAuthenticationSuccessHandler());
-
-        return http.build();
+                .successHandler(authenticationSuccessHandler);
     }
-
-    @Bean
-    public UserDetailsManager userDetailsService() {
-        return null;
-    }
-
-    @Bean
-    public BCryptPasswordEncoder bCryptPasswordEncoder() {
-        return new BCryptPasswordEncoder();
-    }
-
-    @Bean
-    public GrantedAuthorityDefaults grantedAuthorityDefaults() {
-        return new GrantedAuthorityDefaults("");
-    }
-
 }

src/main/java/edu/gjoko/schedlr/entity/Business.java

@@ -7 +7 @@
 
 import javax.persistence.*;
-import java.sql.Timestamp;
 import java.time.LocalDateTime;
 import java.util.List;

src/main/resources/application.properties

@@ -3 +3 @@
 spring.datasource.password=postgres
 
-spring.jpa.hibernate.ddl-auto=create
+spring.sql.init.mode=always
+
+spring.jpa.hibernate.ddl-auto=none
 spring.jpa.show-sql=true
 spring.jpa.properties.hibernate.format_sql=true