Changeset 763289e


Ignore:
Timestamp:
10/31/22 23:42:15 (2 years ago)
Author:
Gjoko <goko_kostadinov@…>
Branches:
master
Children:
044bd76
Parents:
204464d
Message:

Fix security

Location:
src/main
Files:
7 edited

Legend:

Unmodified
Added
Removed
  • src/main/java/edu/gjoko/schedlr/config/AppSecurityConfig.java

    r204464d r763289e  
    4646                .disable()
    4747                .authorizeRequests()
    48                 .antMatchers("/login*").permitAll()
     48                .antMatchers("/login").permitAll()
    4949                .antMatchers("/register_customer").permitAll()
    5050                .antMatchers("/register_business").permitAll()
     51                .antMatchers("/homepage").permitAll()
    5152                .antMatchers("/css/**").permitAll()
    5253                .antMatchers("/anonymous*").anonymous()
     
    6162                .loginPage("/login")
    6263                .loginProcessingUrl("/login")
    63                 .successHandler(authenticationSuccessHandler);
     64                .successHandler(authenticationSuccessHandler)
     65                .defaultSuccessUrl("/homepage");
    6466    }
    6567}
  • src/main/java/edu/gjoko/schedlr/controllers/HomePageController.java

    r204464d r763289e  
    44import org.springframework.ui.Model;
    55import org.springframework.web.bind.annotation.GetMapping;
     6import org.springframework.web.bind.annotation.PostMapping;
     7import org.springframework.web.bind.annotation.RestController;
    68
    7 @Controller
     9@RestController(value = "/homepage")
    810public class HomePageController {
    911
    10     @GetMapping(value = "/homepage")
     12    @GetMapping
    1113    public String getHomePageTemplate(Model model) {
    1214        return "homepage";
    1315    }
     16
     17    @PostMapping
     18    public String postHomePageTemplate(Model model) {
     19        return "homepage";
     20    }
    1421}
  • src/main/java/edu/gjoko/schedlr/controllers/LoginController.java

    r204464d r763289e  
    11package edu.gjoko.schedlr.controllers;
    22
     3import edu.gjoko.schedlr.entity.Stakeholder;
    34import org.springframework.stereotype.Controller;
    45import org.springframework.ui.Model;
    56import org.springframework.web.bind.annotation.GetMapping;
     7import org.springframework.web.bind.annotation.ModelAttribute;
     8import org.springframework.web.bind.annotation.PostMapping;
    69
    710@Controller
    811public class LoginController {
    912
    10     @GetMapping(value = "/login")
     13    @GetMapping(path = "/login")
    1114    public String getMapping(Model model) {
     15        model.addAttribute("stakeholder", new Stakeholder());
    1216        return "login";
    1317    }
     18
     19    @PostMapping(path = "/login")
     20    public String loginCustomer(@ModelAttribute Stakeholder customer, Model model) {
     21        return "redirect:homepage";
     22    }
    1423}
  • src/main/java/edu/gjoko/schedlr/controllers/RegisterController.java

    r204464d r763289e  
    2020    }
    2121
    22     @GetMapping("/register_customer")
     22    @GetMapping(value ="/register_customer")
    2323    public String getCustomerRegisterPage(Model model) {
    2424        model.addAttribute("stakeholder", new Stakeholder());
     
    3030        Stakeholder user = stakeholderService.saveStakeholder(customer);
    3131        model.addAttribute("user", user);
    32         return "homepage";
     32        return "redirect:homepage";
    3333    }
    3434
    35     @GetMapping("/register_business")
     35    @GetMapping(value = "/register_business")
    3636    public String getBusinessRegisterPage(Model model) {
    3737        return "register_business";
    3838    }
    3939
    40     @PostMapping("/register_business")
     40    @PostMapping(value = "/register_business")
    4141    public String registerBusiness(Model model) {
    4242        return "register_business";
  • src/main/java/edu/gjoko/schedlr/services/PostgresUserDetailsService.java

    r204464d r763289e  
    99import org.springframework.security.core.userdetails.UserDetailsService;
    1010import org.springframework.security.core.userdetails.UsernameNotFoundException;
     11import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
    1112import org.springframework.stereotype.Service;
    1213
     
    1819
    1920    private final StakeholderRepository stakeholderRepository;
     21    private final BCryptPasswordEncoder bCryptPasswordEncoder;
    2022
    21     public PostgresUserDetailsService(StakeholderRepository stakeholderRepository) {
     23    public PostgresUserDetailsService(StakeholderRepository stakeholderRepository,
     24                                      BCryptPasswordEncoder bCryptPasswordEncoder) {
    2225        this.stakeholderRepository = stakeholderRepository;
     26        this.bCryptPasswordEncoder = bCryptPasswordEncoder;
    2327    }
    2428
  • src/main/resources/templates/homepage.html

    r204464d r763289e  
    33<head>
    44    <meta charset="UTF-8">
    5     <title>Title</title>
     5    <title>Homepage</title>
    66</head>
    77<body>
  • src/main/resources/templates/login.html

    r204464d r763289e  
    4040                <div class="card">
    4141                    <div class="card-body py-5 px-md-5">
    42                         <form>
     42                        <form action="#" th:action="@{/login}" th:object="${stakeholder}" method="post">
    4343                            <!-- Email input -->
    4444                            <div class="form-outline mb-4">
    45                                 <input type="email" id="email" class="form-control"/>
    46                                 <label class="form-label" for="email">Email address</label>
     45                                <input type="text" id="username" class="form-control" required th:field="*{username}" />
     46                                <label class="form-label" for="username">Username</label>
    4747                            </div>
    4848
    4949                            <!-- Password input -->
    5050                            <div class="form-outline mb-4">
    51                                 <input type="password" id="password" class="form-control"/>
     51                                <input type="password" id="password" class="form-control" th:field="*{password}" />
    5252                                <label class="form-label" for="password">Password</label>
    5353                            </div>
Note: See TracChangeset for help on using the changeset viewer.