Index: src/main/java/edu/gjoko/schedlr/config/AppConfig.java =================================================================== --- src/main/java/edu/gjoko/schedlr/config/AppConfig.java (revision 401a2118e63f6e3ad1e95c29a07a9d48a239bc3b) +++ src/main/java/edu/gjoko/schedlr/config/AppConfig.java (revision 401a2118e63f6e3ad1e95c29a07a9d48a239bc3b) @@ -0,0 +1,25 @@ +package edu.gjoko.schedlr.config; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.core.GrantedAuthorityDefaults; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.web.authentication.AuthenticationSuccessHandler; + +@Configuration +public class AppConfig { + @Bean + public BCryptPasswordEncoder bCryptPasswordEncoder() { + return new BCryptPasswordEncoder(); + } + + @Bean + public AuthenticationSuccessHandler myApplicationAuthenticationSuccessHandler() { + return new AppAuthenticationSuccessHandler(); + } + + @Bean + GrantedAuthorityDefaults grantedAuthorityDefaults() { + return new GrantedAuthorityDefaults(""); + } +} Index: src/main/java/edu/gjoko/schedlr/config/AppFilter.java =================================================================== --- src/main/java/edu/gjoko/schedlr/config/AppFilter.java (revision cf9cdbf9e2bef95a0adc1db2bc845ef45bf080d8) +++ src/main/java/edu/gjoko/schedlr/config/AppFilter.java (revision 401a2118e63f6e3ad1e95c29a07a9d48a239bc3b) @@ -25,6 +25,7 @@ if(session != null) { Map roleTargetUrlMap = new HashMap<>(); - roleTargetUrlMap.put("DATE", "/date"); - roleTargetUrlMap.put("GUESS_NUMBER", "/number"); + roleTargetUrlMap.put("ADMIN", "/date"); + roleTargetUrlMap.put("CUSTOMER", "/number"); + roleTargetUrlMap.put("BUSINESS_OWNER", ""); SecurityContextImpl sci = (SecurityContextImpl) session.getAttribute("SPRING_SECURITY_CONTEXT"); if(sci != null) { Index: src/main/java/edu/gjoko/schedlr/config/AppSecurityConfig.java =================================================================== --- src/main/java/edu/gjoko/schedlr/config/AppSecurityConfig.java (revision cf9cdbf9e2bef95a0adc1db2bc845ef45bf080d8) +++ src/main/java/edu/gjoko/schedlr/config/AppSecurityConfig.java (revision 401a2118e63f6e3ad1e95c29a07a9d48a239bc3b) @@ -1,31 +1,55 @@ package edu.gjoko.schedlr.config; +import edu.gjoko.schedlr.services.PostgresUserDetailsService; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.core.GrantedAuthorityDefaults; -import org.springframework.security.core.userdetails.User; -import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; -import org.springframework.security.provisioning.InMemoryUserDetailsManager; -import org.springframework.security.provisioning.UserDetailsManager; -import org.springframework.security.web.SecurityFilterChain; +import org.springframework.security.web.authentication.AuthenticationSuccessHandler; import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; @Configuration -public class AppSecurityConfig { +@EnableWebSecurity +public class AppSecurityConfig extends WebSecurityConfigurerAdapter { + + private final PostgresUserDetailsService userDetailsService; + + private final BCryptPasswordEncoder passwordEncoder; + + private final AuthenticationSuccessHandler authenticationSuccessHandler; + + public AppSecurityConfig(PostgresUserDetailsService userDetailsService, BCryptPasswordEncoder passwordEncoder, + AuthenticationSuccessHandler authenticationSuccessHandler) { + this.userDetailsService = userDetailsService; + this.passwordEncoder = passwordEncoder; + this.authenticationSuccessHandler = authenticationSuccessHandler; + } @Bean - public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { - http - .csrf() + public AuthenticationManager customAuthenticationManager() throws Exception { + return authenticationManager(); + } + + @Override + protected void configure(AuthenticationManagerBuilder auth) throws Exception { + auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder); + } + + @Override + protected void configure(HttpSecurity http) throws Exception { + http.csrf() .disable() - .authorizeRequests(urlRegistry -> urlRegistry - .antMatchers("/login*").permitAll() - .antMatchers("/css/**").permitAll() - .antMatchers("/anonymous*").permitAll() - .anyRequest() - .fullyAuthenticated() - ) + .authorizeRequests() + .antMatchers("/login*").permitAll() + .antMatchers("/css/**").permitAll() + .antMatchers("/anonymous*").anonymous() + .anyRequest() + .fullyAuthenticated() + .and() .httpBasic() .authenticationEntryPoint(new AppAuthenticationEntryPoint()) @@ -35,23 +59,5 @@ .loginPage("/login") .loginProcessingUrl("/login") - .successHandler(new AppAuthenticationSuccessHandler()); - - return http.build(); + .successHandler(authenticationSuccessHandler); } - - @Bean - public UserDetailsManager userDetailsService() { - return null; - } - - @Bean - public BCryptPasswordEncoder bCryptPasswordEncoder() { - return new BCryptPasswordEncoder(); - } - - @Bean - public GrantedAuthorityDefaults grantedAuthorityDefaults() { - return new GrantedAuthorityDefaults(""); - } - } Index: src/main/java/edu/gjoko/schedlr/entity/Business.java =================================================================== --- src/main/java/edu/gjoko/schedlr/entity/Business.java (revision cf9cdbf9e2bef95a0adc1db2bc845ef45bf080d8) +++ src/main/java/edu/gjoko/schedlr/entity/Business.java (revision 401a2118e63f6e3ad1e95c29a07a9d48a239bc3b) @@ -7,5 +7,4 @@ import javax.persistence.*; -import java.sql.Timestamp; import java.time.LocalDateTime; import java.util.List; Index: src/main/resources/application.properties =================================================================== --- src/main/resources/application.properties (revision cf9cdbf9e2bef95a0adc1db2bc845ef45bf080d8) +++ src/main/resources/application.properties (revision 401a2118e63f6e3ad1e95c29a07a9d48a239bc3b) @@ -3,5 +3,7 @@ spring.datasource.password=postgres -spring.jpa.hibernate.ddl-auto=create +spring.sql.init.mode=always + +spring.jpa.hibernate.ddl-auto=none spring.jpa.show-sql=true spring.jpa.properties.hibernate.format_sql=true Index: src/main/resources/data.sql =================================================================== --- src/main/resources/data.sql (revision 401a2118e63f6e3ad1e95c29a07a9d48a239bc3b) +++ src/main/resources/data.sql (revision 401a2118e63f6e3ad1e95c29a07a9d48a239bc3b) @@ -0,0 +1,5 @@ +insert into stakeholder (id, created, email, first_name, last_name, modified, password, stakeholder_type, username) +values (nextval('hibernate_sequence'), current_timestamp, 'admin@schedlr.com', 'admin', 'admin', current_timestamp, 'admin','ADMIN', 'admin'); + +insert into stakeholder (id, created, email, first_name, last_name, modified, password, stakeholder_type, username) +values (nextval('hibernate_sequence'), current_timestamp, 'user1@schedlr.com', 'gjoko', 'kostadinov', current_timestamp, 'user','CUSTOMER', 'user');