Ignore:
Timestamp:
04/19/23 21:19:08 (15 months ago)
Author:
Gjoko Kostadinov <gjoko.kostadinov@…>
Branches:
master
Children:
950fa0d
Parents:
9050790
Message:

Add admin functionality and business admin functionality.

Location:
src/main/java/edu/gjoko/schedlr/config
Files:
1 added
4 edited

Legend:

Unmodified
Added
Removed

  • src/main/java/edu/gjoko/schedlr/config/AppConfig.java

    r9050790 r8bcd64c  
    55import org.springframework.security.config.core.GrantedAuthorityDefaults;
    66import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
     7import org.springframework.security.web.authentication.AuthenticationFailureHandler;
    78import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
    89
     
    1516
    1617    @Bean
    17     public AuthenticationSuccessHandler myApplicationAuthenticationSuccessHandler() {
     18    public AuthenticationSuccessHandler appAuthenticationSuccessHandler() {
    1819        return new AppAuthenticationSuccessHandler();
     20    }
     21
     22    @Bean
     23    public AuthenticationFailureHandler appAuthenticationFailureHandler() {
     24        return new AppAuthenticationFailureHandler();
    1925    }
    2026

  • src/main/java/edu/gjoko/schedlr/config/AppFilter.java

    r9050790 r8bcd64c  
    11package edu.gjoko.schedlr.config;
    22
     3import edu.gjoko.schedlr.services.PostgresUserDetailsService;
     4import lombok.RequiredArgsConstructor;
    35import org.springframework.security.core.GrantedAuthority;
    46import org.springframework.security.core.context.SecurityContextImpl;
    57import org.springframework.security.core.userdetails.UserDetails;
    68import org.springframework.util.StringUtils;
     9import org.springframework.web.bind.annotation.RequestBody;
    710import org.springframework.web.filter.GenericFilterBean;
    811
     
    1215import javax.servlet.ServletResponse;
    1316import javax.servlet.http.HttpServletRequest;
     17import javax.servlet.http.HttpServletResponse;
    1418import javax.servlet.http.HttpSession;
    1519import java.io.IOException;
     
    1822import java.util.Map;
    1923
     24@RequiredArgsConstructor
    2025public class AppFilter extends GenericFilterBean {
     26
     27    private final PostgresUserDetailsService userDetailsService;
    2128    @Override
    2229    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
    2330        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
    2431        HttpSession session = httpServletRequest.getSession(false);
     32        HttpServletResponse response = (HttpServletResponse) servletResponse;
    2533
    2634        if(httpServletRequest.getRequestURI().endsWith(".js")
    27                 || httpServletRequest.getRequestURI().endsWith(".css")
    28                 || httpServletRequest.getRequestURI().startsWith("/api")) {
     35                || httpServletRequest.getRequestURI().endsWith(".css")) {
    2936            filterChain.doFilter(servletRequest, servletResponse);
    3037            return;
    3138        }
     39
     40        if(httpServletRequest.getRequestURI().startsWith("/api")) {
     41            session = ((HttpServletRequest) servletRequest).getSession(true);
     42            SecurityContextImpl sci = (SecurityContextImpl) session.getAttribute("SPRING_SECURITY_CONTEXT");
     43
     44            if(sci != null && session.getAttribute("stakeholderId") == null) {
     45                UserDetails userDetails = (UserDetails) sci.getAuthentication().getPrincipal();
     46                Long stakeholderId = userDetailsService.loadStakeholderId(userDetails.getUsername());
     47                session.setAttribute("stakeholderId", stakeholderId);
     48            }
     49            filterChain.doFilter(servletRequest, servletResponse);
     50            return;
     51        }
     52
    3253        if(session != null) {
    33             Map<String, String> roleTargetUrlMap = new HashMap<>();
    34             roleTargetUrlMap.put("ADMIN", "/admin");
    35             roleTargetUrlMap.put("CUSTOMER", "/homepage");
    36             roleTargetUrlMap.put("BUSINESS_OWNER", "/business_homepage");
    3754            SecurityContextImpl sci = (SecurityContextImpl) session.getAttribute("SPRING_SECURITY_CONTEXT");
    3855            if(sci != null) {
    3956                UserDetails userDetails = (UserDetails) sci.getAuthentication().getPrincipal();
     57                Long stakeholderId = userDetailsService.loadStakeholderId(userDetails.getUsername());
     58                session.setAttribute("stakeholderId", stakeholderId);
     59
    4060                final Collection<? extends GrantedAuthority> authorities = userDetails.getAuthorities();
    4161                for (final GrantedAuthority grantedAuthority : authorities) {
     
    4767                            break;
    4868                        case "CUSTOMER":
     69                            page = "/homepage";
     70                            break;
    4971                        case "BUSINESS_OWNER":
    50                             page = "/homepage";
     72                            page = "/business_admin";
    5173                            break;
    5274                        default:

  • src/main/java/edu/gjoko/schedlr/config/AppSecurityConfig.java

    r9050790 r8bcd64c  
    22
    33import edu.gjoko.schedlr.services.PostgresUserDetailsService;
     4import lombok.AllArgsConstructor;
    45import org.springframework.context.annotation.Bean;
    56import org.springframework.context.annotation.Configuration;
     
    1112import org.springframework.security.config.core.GrantedAuthorityDefaults;
    1213import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
     14import org.springframework.security.web.access.AccessDeniedHandler;
     15import org.springframework.security.web.authentication.AuthenticationFailureHandler;
    1316import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
    1417import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
     
    1619@Configuration
    1720@EnableWebSecurity
     21@AllArgsConstructor
    1822public class AppSecurityConfig extends WebSecurityConfigurerAdapter {
    1923
     
    2428    private final AuthenticationSuccessHandler authenticationSuccessHandler;
    2529
    26     public AppSecurityConfig(PostgresUserDetailsService userDetailsService, BCryptPasswordEncoder passwordEncoder,
    27                              AuthenticationSuccessHandler authenticationSuccessHandler) {
    28         this.userDetailsService = userDetailsService;
    29         this.passwordEncoder = passwordEncoder;
    30         this.authenticationSuccessHandler = authenticationSuccessHandler;
    31     }
     30    private final AuthenticationFailureHandler authenticationFailureHandler;
    3231
    3332    @Bean
     
    4847                .authenticationEntryPoint(new AppAuthenticationEntryPoint())
    4948                .and()
    50                 .addFilterBefore(new AppFilter(), BasicAuthenticationFilter.class)
     49                .addFilterAfter(new AppFilter(userDetailsService), BasicAuthenticationFilter.class)
    5150                .formLogin()
    5251                .loginPage("/login")
    5352                .loginProcessingUrl("/login")
    5453                .successHandler(authenticationSuccessHandler)
     54                .failureHandler(authenticationFailureHandler)
    5555                .defaultSuccessUrl("/homepage")
    5656                .and()

  • src/main/java/edu/gjoko/schedlr/config/MvcConfig.java

    r9050790 r8bcd64c  
    22
    33import org.springframework.context.annotation.Configuration;
    4 import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
    54import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
    65import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
     
    1615        registry.addViewController("/homepage").setViewName("homepage");
    1716        registry.addViewController("/admin").setViewName("admin");
    18     }
    19 
    20     @Override
    21     public void addResourceHandlers(ResourceHandlerRegistry registry) {
    22         registry.addResourceHandler("/resources/**")
    23                 .addResourceLocations("/resources/");
     17        registry.addViewController("/business_admin").setViewName("business_admin");
    2418    }
    2519}
Note: See TracChangeset for help on using the changeset viewer.