Index: FullyStocked/pom.xml =================================================================== --- FullyStocked/pom.xml (revision f11774eff105c24771dd2a4e535b23a93ce00d42) +++ FullyStocked/pom.xml (revision 6489bb9ee7f5f68c2af6f82b08de1df69dca4034) @@ -34,5 +34,12 @@ postgresql - + + org.springframework.boot + spring-boot-starter-security + + + org.thymeleaf.extras + thymeleaf-extras-springsecurity5 + org.projectlombok Index: FullyStocked/src/main/java/com/bazi/fullystocked/Controller/LoginController.java =================================================================== --- FullyStocked/src/main/java/com/bazi/fullystocked/Controller/LoginController.java (revision 6489bb9ee7f5f68c2af6f82b08de1df69dca4034) +++ FullyStocked/src/main/java/com/bazi/fullystocked/Controller/LoginController.java (revision 6489bb9ee7f5f68c2af6f82b08de1df69dca4034) @@ -0,0 +1,48 @@ +package com.bazi.fullystocked.Controller; + +import com.bazi.fullystocked.Models.Exceptions.InvalidUserCredentialsException; +import com.bazi.fullystocked.Models.User; +import com.bazi.fullystocked.Services.AuthService; +import org.springframework.stereotype.Controller; +import org.springframework.ui.Model; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestMapping; + +import javax.servlet.http.HttpServletRequest; + +@Controller +@RequestMapping("/login") +public class LoginController { + + + private final AuthService authService; + + public LoginController(AuthService authService) { + this.authService = authService; + } + + @GetMapping + public String getLoginPage(Model m) { + m.addAttribute("bodycontent","login"); + + return "/login"; + } + + @PostMapping + public String login(HttpServletRequest request, Model model) { + User user = null; + try{ + user = this.authService.login(request.getParameter("username"), + request.getParameter("password")); + request.getSession().setAttribute("user", user); + return "redirect:/home"; + } + catch (InvalidUserCredentialsException exception) { + model.addAttribute("hasError", true); + model.addAttribute("error", exception.getMessage()); + + return "login"; + } + } +} Index: FullyStocked/src/main/java/com/bazi/fullystocked/Controller/RegisterController.java =================================================================== --- FullyStocked/src/main/java/com/bazi/fullystocked/Controller/RegisterController.java (revision 6489bb9ee7f5f68c2af6f82b08de1df69dca4034) +++ FullyStocked/src/main/java/com/bazi/fullystocked/Controller/RegisterController.java (revision 6489bb9ee7f5f68c2af6f82b08de1df69dca4034) @@ -0,0 +1,43 @@ +package com.bazi.fullystocked.Controller; + +import com.bazi.fullystocked.Models.Exceptions.UsernameAlreadyExistsException; +import com.bazi.fullystocked.Services.AuthService; +import org.springframework.stereotype.Controller; +import org.springframework.ui.Model; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestParam; + +@Controller +@RequestMapping("/register") +public class RegisterController { + private final AuthService authService; + + public RegisterController( AuthService authService) { + this.authService = authService; + } + @GetMapping + public String getRegisterPage(@RequestParam(required = false) String error, Model model) + { + return "register"; + } + @PostMapping + public String register(@RequestParam String ime, + @RequestParam String prezime, + @RequestParam String username, + @RequestParam String email + ,@RequestParam String password + ,@RequestParam String role) + { + if(role.equals("menadzer")) + { + authService.registerManager(ime,prezime,username,email,password); + } + else if(role.equals("magacioner")) + { + authService.registerWorker(ime,prezime,username,email,password); + } + return "redirect:/login"; + } +} Index: FullyStocked/src/main/java/com/bazi/fullystocked/Models/User.java =================================================================== --- FullyStocked/src/main/java/com/bazi/fullystocked/Models/User.java (revision f11774eff105c24771dd2a4e535b23a93ce00d42) +++ FullyStocked/src/main/java/com/bazi/fullystocked/Models/User.java (revision 6489bb9ee7f5f68c2af6f82b08de1df69dca4034) @@ -5,5 +5,8 @@ import lombok.Data; import lombok.NoArgsConstructor; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.userdetails.UserDetails; +import java.util.Collection; @@ -13,5 +16,5 @@ @NoArgsConstructor @Table(name="users") -public class User{ +public class User implements UserDetails { @Id @GeneratedValue(strategy = GenerationType.IDENTITY) @@ -46,3 +49,32 @@ } + @Override + public Collection getAuthorities() { + return null; + } + + @Override + public String getPassword() { + return userpassword; + } + + @Override + public boolean isAccountNonExpired() { + return true; + } + + @Override + public boolean isAccountNonLocked() { + return true; + } + + @Override + public boolean isCredentialsNonExpired() { + return true; + } + + @Override + public boolean isEnabled() { + return true; + } } Index: FullyStocked/src/main/java/com/bazi/fullystocked/Repositories/WorkersRepository.java =================================================================== --- FullyStocked/src/main/java/com/bazi/fullystocked/Repositories/WorkersRepository.java (revision f11774eff105c24771dd2a4e535b23a93ce00d42) +++ FullyStocked/src/main/java/com/bazi/fullystocked/Repositories/WorkersRepository.java (revision 6489bb9ee7f5f68c2af6f82b08de1df69dca4034) @@ -3,4 +3,5 @@ import com.bazi.fullystocked.Models.Invoices; import com.bazi.fullystocked.Models.Locations; +import com.bazi.fullystocked.Models.User; import com.bazi.fullystocked.Models.Workers; import org.springframework.data.jpa.repository.JpaRepository; @@ -13,3 +14,4 @@ List findAllByLocation(Locations location); List findAllByLocationIsNull(); + } Index: FullyStocked/src/main/java/com/bazi/fullystocked/Services/AuthService.java =================================================================== --- FullyStocked/src/main/java/com/bazi/fullystocked/Services/AuthService.java (revision f11774eff105c24771dd2a4e535b23a93ce00d42) +++ FullyStocked/src/main/java/com/bazi/fullystocked/Services/AuthService.java (revision 6489bb9ee7f5f68c2af6f82b08de1df69dca4034) @@ -5,6 +5,7 @@ import com.bazi.fullystocked.Models.User; import com.bazi.fullystocked.Models.Workers; +import org.springframework.security.core.userdetails.UserDetailsService; -public interface AuthService { +public interface AuthService extends UserDetailsService { User login(String username, String password); Workers registerWorker(String firstname, String lastname, String username, String email, String password); Index: FullyStocked/src/main/java/com/bazi/fullystocked/Services/Implementations/AuthServiceImpl.java =================================================================== --- FullyStocked/src/main/java/com/bazi/fullystocked/Services/Implementations/AuthServiceImpl.java (revision f11774eff105c24771dd2a4e535b23a93ce00d42) +++ FullyStocked/src/main/java/com/bazi/fullystocked/Services/Implementations/AuthServiceImpl.java (revision 6489bb9ee7f5f68c2af6f82b08de1df69dca4034) @@ -14,4 +14,5 @@ import com.bazi.fullystocked.Repositories.WorkersRepository; import com.bazi.fullystocked.Services.AuthService; +import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.stereotype.Service; @@ -25,5 +26,5 @@ private final PasswordEncoder passwordEncoder; - public AuthServiceImpl(UsersRepository usersRepository, WorkersRepository workersRepository, SuppliersRepository suppliersRepository, ManagersRepository managersRepository, PasswordEncoder passwordEncoder) { + public AuthServiceImpl( UsersRepository usersRepository, WorkersRepository workersRepository, SuppliersRepository suppliersRepository, ManagersRepository managersRepository, PasswordEncoder passwordEncoder) { this.usersRepository = usersRepository; this.workersRepository = workersRepository; @@ -35,14 +36,11 @@ @Override public User login(String username, String password) { - if (username==null || username.isEmpty() || password==null || password.isEmpty()) { + if (username == null || username.isEmpty() || password == null || password.isEmpty()) { throw new InvalidArgumentsException(); } - User user=usersRepository.findByUsername(username).orElseThrow(()->new UserNotFoundException(username)); - if(passwordEncoder.matches(password, user.getUserpassword())) - { + User user = usersRepository.findByUsername(username).orElseThrow(() -> new UserNotFoundException(username)); + if (passwordEncoder.matches(password, user.getUserpassword())) { return user; - } - else - { + } else { throw new InvalidUserCredentialsException(); } @@ -62,10 +60,8 @@ private void RegParamsCheck(String firstname, String lastname, String username, String email, String password) { - if(firstname==null || firstname.isEmpty() || lastname==null || lastname.isEmpty() || username==null || username.isEmpty() || email==null || email.isEmpty() || password==null || password.isEmpty()) - { + if (firstname == null || firstname.isEmpty() || lastname == null || lastname.isEmpty() || username == null || username.isEmpty() || email == null || email.isEmpty() || password == null || password.isEmpty()) { throw new InvalidArgumentsException(); } - if(usersRepository.findByUsername(username).isPresent()) - { + if (usersRepository.findByUsername(username).isPresent()) { throw new UsernameAlreadyExistsException(username); } @@ -74,17 +70,20 @@ @Override public Suppliers registerSupplier(String firstname, String lastname, String username, String email, String password, String supplierInfo, String phone, String street, int streetNumber, String city) { - if(firstname==null || firstname.isEmpty() || lastname==null || lastname.isEmpty() || username==null || username.isEmpty() || email==null || email.isEmpty() || password==null || password.isEmpty()) - { + if (firstname == null || firstname.isEmpty() || lastname == null || lastname.isEmpty() || username == null || username.isEmpty() || email == null || email.isEmpty() || password == null || password.isEmpty()) { throw new InvalidArgumentsException(); } - if(supplierInfo==null || supplierInfo.isEmpty() || phone==null || phone.isEmpty() || street==null || street.isEmpty() || city==null || city.isEmpty()) - { + if (supplierInfo == null || supplierInfo.isEmpty() || phone == null || phone.isEmpty() || street == null || street.isEmpty() || city == null || city.isEmpty()) { throw new InvalidArgumentsException(); } - if(usersRepository.findByUsername(username).isPresent()) - { + if (usersRepository.findByUsername(username).isPresent()) { throw new UsernameAlreadyExistsException(username); } return suppliersRepository.save(new Suppliers(firstname, lastname, username, email, passwordEncoder.encode(password), supplierInfo, phone, street, streetNumber, city)); } + + @Override + public UserDetails loadUserByUsername(String username) throws UserNotFoundException { + return usersRepository.findByUsername(username).orElseThrow(() -> new UserNotFoundException(username)); + + } } Index: FullyStocked/src/main/java/com/bazi/fullystocked/config/CustomUsernamePasswordAuthenticationProvider.java =================================================================== --- FullyStocked/src/main/java/com/bazi/fullystocked/config/CustomUsernamePasswordAuthenticationProvider.java (revision 6489bb9ee7f5f68c2af6f82b08de1df69dca4034) +++ FullyStocked/src/main/java/com/bazi/fullystocked/config/CustomUsernamePasswordAuthenticationProvider.java (revision 6489bb9ee7f5f68c2af6f82b08de1df69dca4034) @@ -0,0 +1,46 @@ +package com.bazi.fullystocked.config; + +import com.bazi.fullystocked.Models.Exceptions.InvalidUserCredentialsException; +import com.bazi.fullystocked.Models.Exceptions.UserNotFoundException; +import com.bazi.fullystocked.Services.AuthService; +import com.bazi.fullystocked.Services.WorkersService; +import org.springframework.security.authentication.AuthenticationProvider; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.stereotype.Component; + +@Component +public class CustomUsernamePasswordAuthenticationProvider implements AuthenticationProvider { + private final AuthService authService; + private final PasswordEncoder passwordEncoder; + + public CustomUsernamePasswordAuthenticationProvider(AuthService authService, PasswordEncoder passwordEncoder) { + this.authService = authService; + this.passwordEncoder = passwordEncoder; + + } + + @Override + public Authentication authenticate(Authentication authentication) throws AuthenticationException { + String username=authentication.getName(); + String password=authentication.getCredentials().toString(); + if("".equals(username) || "".equals(password)) + { + throw new UserNotFoundException(username); + } + UserDetails userDetails=this.authService.loadUserByUsername(username); + if(!passwordEncoder.matches(password, userDetails.getPassword())) + { + throw new InvalidUserCredentialsException(); + } + return new UsernamePasswordAuthenticationToken(userDetails,userDetails.getPassword(),userDetails.getAuthorities()); + } + + @Override + public boolean supports(Class authentication) { + return authentication.equals(UsernamePasswordAuthenticationToken.class); + } +} Index: FullyStocked/src/main/java/com/bazi/fullystocked/config/WebSecurityConfig.java =================================================================== --- FullyStocked/src/main/java/com/bazi/fullystocked/config/WebSecurityConfig.java (revision 6489bb9ee7f5f68c2af6f82b08de1df69dca4034) +++ FullyStocked/src/main/java/com/bazi/fullystocked/config/WebSecurityConfig.java (revision 6489bb9ee7f5f68c2af6f82b08de1df69dca4034) @@ -0,0 +1,49 @@ +package com.bazi.fullystocked.config; + +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.crypto.password.PasswordEncoder; + +@Configuration +@EnableWebSecurity +@EnableGlobalMethodSecurity(securedEnabled = true,prePostEnabled = true) +public class WebSecurityConfig extends WebSecurityConfigurerAdapter { + private final PasswordEncoder passwordEncoder; + private final CustomUsernamePasswordAuthenticationProvider passwordAuthenticationProvider; + + public WebSecurityConfig(PasswordEncoder passwordEncoder, CustomUsernamePasswordAuthenticationProvider passwordAuthenticationProvider) { + this.passwordEncoder = passwordEncoder; + this.passwordAuthenticationProvider = passwordAuthenticationProvider; + } + + @Override + protected void configure(HttpSecurity http) throws Exception{ + http.csrf().disable() + .authorizeRequests() + .antMatchers("/","/home","/register").permitAll() + .anyRequest().authenticated() + .and().formLogin().loginPage("/login").permitAll() + .failureUrl("/login?error=BadCredentials") + .defaultSuccessUrl("/home",true) + .and() + .logout() + .logoutUrl("/logout") + .clearAuthentication(true) + .invalidateHttpSession(true) + .deleteCookies("JESSEIONID") + .logoutSuccessUrl("/login") + .and() + .exceptionHandling().accessDeniedPage("/access_denied"); + + } + + @Override + protected void configure(AuthenticationManagerBuilder auth) throws Exception { + auth.authenticationProvider(passwordAuthenticationProvider); + + } +} Index: FullyStocked/src/main/resources/templates/login.html =================================================================== --- FullyStocked/src/main/resources/templates/login.html (revision f11774eff105c24771dd2a4e535b23a93ce00d42) +++ FullyStocked/src/main/resources/templates/login.html (revision 6489bb9ee7f5f68c2af6f82b08de1df69dca4034) @@ -1,10 +1,32 @@ - - - - - Title - - + + + + +
+
+
+
+ Phone image +
+
+

Најави се

+
+
+ + +
- - +
+ + +
+ + + +
+
+
+
+
+ Index: FullyStocked/src/main/resources/templates/register.html =================================================================== --- FullyStocked/src/main/resources/templates/register.html (revision f11774eff105c24771dd2a4e535b23a93ce00d42) +++ FullyStocked/src/main/resources/templates/register.html (revision 6489bb9ee7f5f68c2af6f82b08de1df69dca4034) @@ -3,4 +3,5 @@ +
@@ -14,10 +15,10 @@

Регистрација

-
+
- +
@@ -26,5 +27,5 @@
- +
@@ -33,5 +34,5 @@
- +
@@ -41,5 +42,5 @@
- +
@@ -49,5 +50,5 @@
- +
@@ -56,9 +57,9 @@
- - - - + + + @@ -66,5 +67,5 @@
- +
@@ -85,2 +86,3 @@
+