Changeset 8bcd64c for src/main/java/edu

Timestamp:

04/19/23 21:19:08 (19 months ago)

Author:

Gjoko Kostadinov <gjoko.kostadinov@…>

Branches:

master

Children:

950fa0d

Parents:

9050790

Message:

Add admin functionality and business admin functionality.

Location:

src/main/java/edu/gjoko/schedlr

Files:

• config/AppAuthenticationFailureHandler.java (added)
• config/AppConfig.java (modified) (2 diffs)
• config/AppFilter.java (modified) (4 diffs)
• config/AppSecurityConfig.java (modified) (5 diffs)
• config/MvcConfig.java (modified) (2 diffs)
• controllers/AdminController.java (modified) (2 diffs)
• controllers/HomePageController.java (modified) (1 diff)
• controllers/LoginController.java (modified) (2 diffs)
• controllers/RegisterController.java (modified) (1 diff)
• controllers/rest/BusinessController.java (modified) (2 diffs)
• entity/Business.java (modified) (2 diffs)
• entity/Service.java (modified) (3 diffs)
• entity/Stakeholder.java (modified) (2 diffs)
• repositories/BusinessRepository.java (modified) (2 diffs)
• services/BusinessService.java (modified) (3 diffs)
• services/PostgresUserDetailsService.java (modified) (4 diffs)

src/main/java/edu/gjoko/schedlr/config/AppConfig.java

@@ -5 +5 @@
 import org.springframework.security.config.core.GrantedAuthorityDefaults;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 
@@ -15 +16 @@
 
     @Bean
-    public AuthenticationSuccessHandler myApplicationAuthenticationSuccessHandler() {
+    public AuthenticationSuccessHandler appAuthenticationSuccessHandler() {
         return new AppAuthenticationSuccessHandler();
+    }
+
+    @Bean
+    public AuthenticationFailureHandler appAuthenticationFailureHandler() {
+        return new AppAuthenticationFailureHandler();
     }
 

src/main/java/edu/gjoko/schedlr/config/AppFilter.java

@@ -1 +1 @@
 package edu.gjoko.schedlr.config;
 
+import edu.gjoko.schedlr.services.PostgresUserDetailsService;
+import lombok.RequiredArgsConstructor;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.context.SecurityContextImpl;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.util.StringUtils;
+import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.filter.GenericFilterBean;
 
@@ -12 +15 @@
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 import java.io.IOException;
@@ -18 +22 @@
 import java.util.Map;
 
+@RequiredArgsConstructor
 public class AppFilter extends GenericFilterBean {
+
+    private final PostgresUserDetailsService userDetailsService;
     @Override
     public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
         HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
         HttpSession session = httpServletRequest.getSession(false);
+        HttpServletResponse response = (HttpServletResponse) servletResponse;
 
         if(httpServletRequest.getRequestURI().endsWith(".js")
-                || httpServletRequest.getRequestURI().endsWith(".css")
-                || httpServletRequest.getRequestURI().startsWith("/api")) {
+                || httpServletRequest.getRequestURI().endsWith(".css")) {
             filterChain.doFilter(servletRequest, servletResponse);
             return;
         }
+
+        if(httpServletRequest.getRequestURI().startsWith("/api")) {
+            session = ((HttpServletRequest) servletRequest).getSession(true);
+            SecurityContextImpl sci = (SecurityContextImpl) session.getAttribute("SPRING_SECURITY_CONTEXT");
+
+            if(sci != null && session.getAttribute("stakeholderId") == null) {
+                UserDetails userDetails = (UserDetails) sci.getAuthentication().getPrincipal();
+                Long stakeholderId = userDetailsService.loadStakeholderId(userDetails.getUsername());
+                session.setAttribute("stakeholderId", stakeholderId);
+            }
+            filterChain.doFilter(servletRequest, servletResponse);
+            return;
+        }
+
         if(session != null) {
-            Map<String, String> roleTargetUrlMap = new HashMap<>();
-            roleTargetUrlMap.put("ADMIN", "/admin");
-            roleTargetUrlMap.put("CUSTOMER", "/homepage");
-            roleTargetUrlMap.put("BUSINESS_OWNER", "/business_homepage");
             SecurityContextImpl sci = (SecurityContextImpl) session.getAttribute("SPRING_SECURITY_CONTEXT");
             if(sci != null) {
                 UserDetails userDetails = (UserDetails) sci.getAuthentication().getPrincipal();
+                Long stakeholderId = userDetailsService.loadStakeholderId(userDetails.getUsername());
+                session.setAttribute("stakeholderId", stakeholderId);
+
                 final Collection<? extends GrantedAuthority> authorities = userDetails.getAuthorities();
                 for (final GrantedAuthority grantedAuthority : authorities) {
@@ -47 +67 @@
                             break;
                         case "CUSTOMER":
+                            page = "/homepage";
+                            break;
                         case "BUSINESS_OWNER":
-                            page = "/homepage";
+                            page = "/business_admin";
                             break;
                         default:

src/main/java/edu/gjoko/schedlr/config/AppSecurityConfig.java

@@ -2 +2 @@
 
 import edu.gjoko.schedlr.services.PostgresUserDetailsService;
+import lombok.AllArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -11 +12 @@
 import org.springframework.security.config.core.GrantedAuthorityDefaults;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.web.access.AccessDeniedHandler;
+import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
@@ -16 +19 @@
 @Configuration
 @EnableWebSecurity
+@AllArgsConstructor
 public class AppSecurityConfig extends WebSecurityConfigurerAdapter {
 
@@ -24 +28 @@
     private final AuthenticationSuccessHandler authenticationSuccessHandler;
 
-    public AppSecurityConfig(PostgresUserDetailsService userDetailsService, BCryptPasswordEncoder passwordEncoder,
-                             AuthenticationSuccessHandler authenticationSuccessHandler) {
-        this.userDetailsService = userDetailsService;
-        this.passwordEncoder = passwordEncoder;
-        this.authenticationSuccessHandler = authenticationSuccessHandler;
-    }
+    private final AuthenticationFailureHandler authenticationFailureHandler;
 
     @Bean
@@ -48 +47 @@
                 .authenticationEntryPoint(new AppAuthenticationEntryPoint())
                 .and()
-                .addFilterBefore(new AppFilter(), BasicAuthenticationFilter.class)
+                .addFilterAfter(new AppFilter(userDetailsService), BasicAuthenticationFilter.class)
                 .formLogin()
                 .loginPage("/login")
                 .loginProcessingUrl("/login")
                 .successHandler(authenticationSuccessHandler)
+                .failureHandler(authenticationFailureHandler)
                 .defaultSuccessUrl("/homepage")
                 .and()

src/main/java/edu/gjoko/schedlr/config/MvcConfig.java

@@ -2 +2 @@
 
 import org.springframework.context.annotation.Configuration;
-import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
 import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@@ -16 +15 @@
         registry.addViewController("/homepage").setViewName("homepage");
         registry.addViewController("/admin").setViewName("admin");
-    }
-
-    @Override
-    public void addResourceHandlers(ResourceHandlerRegistry registry) {
-        registry.addResourceHandler("/resources/**")
-                .addResourceLocations("/resources/");
+        registry.addViewController("/business_admin").setViewName("business_admin");
     }
 }

src/main/java/edu/gjoko/schedlr/controllers/AdminController.java

@@ -1 +1 @@
 package edu.gjoko.schedlr.controllers;
 
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.GetMapping;
+
+import javax.servlet.http.HttpServletRequest;
+import java.security.Principal;
 
 @Controller
@@ -9 +14 @@
 
     @GetMapping(path = "/admin")
-    public String getAdminPageTemplate(Model model) {
+    public String getAdminPageTemplate(Model model, HttpServletRequest request) {
         return "admin";
     }
+
+    @GetMapping(path = "/business_admin")
+    public String getBusinessAdminPageTemplate(Model model, HttpServletRequest request) {
+        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+        String currentPrincipalName = authentication.getName();
+
+        return "business_admin";
+    }
+
+
 }

src/main/java/edu/gjoko/schedlr/controllers/HomePageController.java

@@ -6 +6 @@
 import org.springframework.web.bind.annotation.PostMapping;
 
-import java.security.Principal;
-
 @Controller
 public class HomePageController {
 
     @GetMapping(path = "/homepage")
-    public String getHomePageTemplate(Model model, Principal principal) {
-        System.out.println(principal);
+    public String getHomePageTemplate(Model model) {
         return "homepage";
     }

src/main/java/edu/gjoko/schedlr/controllers/LoginController.java

@@ -7 +7 @@
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+
+import java.security.Principal;
 
 @Controller
@@ -12 +15 @@
 
     @GetMapping(path = "/login")
-    public String getMapping(@ModelAttribute Stakeholder customer, Model model) {
+    public String getMapping(@RequestParam(value = "error", required = false) String error,
+                             @ModelAttribute Stakeholder customer, Model model) {
         return "login";
     }

src/main/java/edu/gjoko/schedlr/controllers/RegisterController.java

@@ -28 +28 @@
     @PostMapping(path = "/register_customer")
     public String registerCustomer(@ModelAttribute Stakeholder customer, Model model) {
-        Stakeholder user = stakeholderService.saveStakeholder(customer);
+        stakeholderService.saveStakeholder(customer);
         return "redirect:login";
     }

src/main/java/edu/gjoko/schedlr/controllers/rest/BusinessController.java

@@ -4 +4 @@
 import edu.gjoko.schedlr.services.BusinessService;
 import lombok.AllArgsConstructor;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.bind.annotation.*;
 
+import javax.servlet.http.HttpServletRequest;
 import java.util.List;
 
@@ -29 +32 @@
         businessService.updateBusinesses(businessList);
     }
+
+    @GetMapping(path = "/me")
+    public Business getPersonalInfo(HttpServletRequest request) {
+        Long businessOwnerId = (long) request.getSession(true).getAttribute("stakeholderId");
+        return businessService.findByOwner(businessOwnerId);
+    }
 }

src/main/java/edu/gjoko/schedlr/entity/Business.java

@@ -1 +1 @@
 package edu.gjoko.schedlr.entity;
 
+import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonManagedReference;
 import com.fasterxml.jackson.annotation.JsonProperty;
@@ -51 +52 @@
     @Column(name = "created")
     @CreatedDate
+    @JsonIgnore
     private LocalDateTime created;
 
     @Column(name = "modified")
     @LastModifiedDate
+    @JsonIgnore
     private LocalDateTime modified;
 

src/main/java/edu/gjoko/schedlr/entity/Service.java

@@ -2 +2 @@
 
 import com.fasterxml.jackson.annotation.JsonBackReference;
+import com.fasterxml.jackson.annotation.JsonIgnore;
 import lombok.AllArgsConstructor;
 import lombok.Getter;
@@ -29 +30 @@
     private Integer duration;
 
+    @Column(name = "price")
+    private Integer price;
+
     @OneToOne(cascade = CascadeType.MERGE)
     @JoinColumn(name = "service_type_id", referencedColumnName = "id")
@@ -40 +44 @@
     @Column(name = "created")
     @CreatedDate
+    @JsonIgnore
     private LocalDateTime created;
 
     @Column(name = "modified")
     @LastModifiedDate
+    @JsonIgnore
     private LocalDateTime modified;
 }

src/main/java/edu/gjoko/schedlr/entity/Stakeholder.java

@@ -1 +1 @@
 package edu.gjoko.schedlr.entity;
 
+import com.fasterxml.jackson.annotation.JsonIgnore;
 import lombok.AllArgsConstructor;
 import lombok.Getter;
@@ -42 +43 @@
 
     @Column(name = "password")
+    @JsonIgnore
     private String password;
 
     @Column(name = "created")
     @CreatedDate
+    @JsonIgnore
     private LocalDateTime created;
 
     @Column(name = "modified")
     @LastModifiedDate
+    @JsonIgnore
     private LocalDateTime modified;
 }

src/main/java/edu/gjoko/schedlr/repositories/BusinessRepository.java

@@ -3 +3 @@
 import edu.gjoko.schedlr.entity.Business;
 import edu.gjoko.schedlr.entity.BusinessStatus;
+import edu.gjoko.schedlr.entity.Stakeholder;
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.stereotype.Repository;
@@ -12 +13 @@
 
     List<Business> findBusinessesByBusinessStatus(BusinessStatus status);
+
+    Business findBusinessByOwner(Stakeholder owner);
 }

src/main/java/edu/gjoko/schedlr/services/BusinessService.java

@@ -3 +3 @@
 import edu.gjoko.schedlr.entity.Business;
 import edu.gjoko.schedlr.entity.ServiceType;
+import edu.gjoko.schedlr.entity.Stakeholder;
 import edu.gjoko.schedlr.entity.StakeholderType;
 import edu.gjoko.schedlr.repositories.BusinessRepository;
 import edu.gjoko.schedlr.repositories.ServiceTypeRepository;
 import lombok.AllArgsConstructor;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.stereotype.Service;
 
 import java.util.List;
 
-import static edu.gjoko.schedlr.entity.BusinessStatus.ACTIVE;
 import static edu.gjoko.schedlr.entity.BusinessStatus.NEW;
 
@@ -20 +21 @@
     private final BusinessRepository businessRepository;
     private final ServiceTypeRepository serviceTypeRepository;
+    private BCryptPasswordEncoder bCryptPasswordEncoder;
 
     public void saveBusiness(Business business) {
         saveNewServiceTypes(business);
         business.getOwner().setStakeholderType(StakeholderType.BUSINESS_OWNER);
+        business.getOwner().setPassword(bCryptPasswordEncoder.encode(business.getOwner().getPassword()));
         business.setBusinessStatus(NEW);
         businessRepository.save(business);
@@ -52 +55 @@
     }
 
+    public Business findByOwner(Long ownerId) {
+        var owner = new Stakeholder();
+        owner.setId(ownerId);
+        return businessRepository.findBusinessByOwner(owner);
+    }
 }

src/main/java/edu/gjoko/schedlr/services/PostgresUserDetailsService.java

@@ -1 +1 @@
 package edu.gjoko.schedlr.services;
 
+import edu.gjoko.schedlr.entity.Business;
+import edu.gjoko.schedlr.entity.BusinessStatus;
 import edu.gjoko.schedlr.entity.Stakeholder;
+import edu.gjoko.schedlr.entity.StakeholderType;
+import edu.gjoko.schedlr.repositories.BusinessRepository;
 import edu.gjoko.schedlr.repositories.StakeholderRepository;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
@@ -16 +22 @@
 
 @Service
+@RequiredArgsConstructor
 public class PostgresUserDetailsService implements UserDetailsService {
 
@@ -21 +28 @@
     private final BCryptPasswordEncoder bCryptPasswordEncoder;
 
-    public PostgresUserDetailsService(StakeholderRepository stakeholderRepository,
-                                      BCryptPasswordEncoder bCryptPasswordEncoder) {
-        this.stakeholderRepository = stakeholderRepository;
-        this.bCryptPasswordEncoder = bCryptPasswordEncoder;
-    }
+    private final BusinessRepository businessRepository;
 
     @Override
@@ -33 +36 @@
             throw new UsernameNotFoundException("Non existing user");
         }
+
+        if(user.getStakeholderType() == StakeholderType.BUSINESS_OWNER) {
+            Business business = businessRepository.findBusinessByOwner(user);
+            if (business.getBusinessStatus() != BusinessStatus.ACTIVE) {
+                throw new SecurityException("User not approved by admin");
+            }
+        }
         Set<GrantedAuthority> grantedAuthorities = new HashSet<>();
         grantedAuthorities.add(new SimpleGrantedAuthority(user.getStakeholderType().name()));
+
         return new User(user.getUsername(), user.getPassword(), grantedAuthorities);
     }
+
+    public Long loadStakeholderId(String username) {
+        return stakeholderRepository.findStakeholderByUsername(username).getId();
+    }
 }