Skip to content

T
trismegisto-services
Commit b8ffb757 by Mauro Paolo Josue Zuñiga Mallqui
Options

[ADD] SPRING SECURITY ADDED

parent 3667c687
Showing with 204 additions and 11 deletions
pom.xml
......@@ -5,7 +5,7 @@
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.1.4</version>
<version>2.7.14</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>web.multitask</groupId>
......@@ -26,7 +26,17 @@
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
<version>3.2.0</version>
</dependency>
<!-- JPA -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
<version>2.5.6</version>
</dependency>
<dependency>
<groupId>com.mysql</groupId>
<artifactId>mysql-connector-j</artifactId>
......@@ -62,6 +72,24 @@
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-api</artifactId>
<version>0.11.2</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-impl</artifactId>
<version>0.11.2</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-jackson</artifactId>
<version>0.11.2</version>
<scope>runtime</scope>
</dependency>
</dependencies>
<build>
......
src/main/java/web/multitask/app/api/AppApi.java
......@@ -3,7 +3,6 @@ package web.multitask.app.api;
import org.json.JSONArray;
import org.json.JSONObject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.web.bind.annotation.*;
import web.multitask.app.mysql.ProcedureMysql;
......@@ -14,7 +13,6 @@ public class AppApi {
final ProcedureMysql procedureMysql;
@Autowired
public AppApi(ProcedureMysql procedureMysql) {
this.procedureMysql = procedureMysql;
}
......
src/main/java/web/multitask/app/config/FilterConfig.java 0 → 100644
package web.multitask.app.config;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import web.multitask.app.filter.JwtTokenFilter;
@Configuration
public class FilterConfig {
@Bean
public FilterRegistrationBean<JwtTokenFilter> filterRegistrationBean() {
FilterRegistrationBean<JwtTokenFilter> registrationBean = new FilterRegistrationBean<>();
registrationBean.setFilter(new JwtTokenFilter());
registrationBean.addUrlPatterns("/**");
registrationBean.setOrder(1);
return registrationBean;
}
}
\ No newline at end of file
src/main/java/web/multitask/app/config/SecurityConfig.java 0 → 100644
package web.multitask.app.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;
import org.springframework.web.filter.OncePerRequestFilter;
import web.multitask.app.filter.JwtTokenFilter;
import web.multitask.app.repository.UserRespository;
import web.multitask.app.utils.JwtTokenUtil;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private final UserRespository userRepo;
private final JwtTokenUtil jwtTokenUtil;
public SecurityConfig(UserRespository userRepo, JwtTokenUtil jwtTokenUtil) {
this.userRepo = userRepo;
this.jwtTokenUtil = jwtTokenUtil;
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userRepo::findByUsername);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.cors(AbstractHttpConfigurer::disable).csrf(AbstractHttpConfigurer::disable)
.authorizeHttpRequests(
authorizeRequests -> authorizeRequests.antMatchers("/test/admin").hasRole("ADMIN")
.antMatchers("/test/user").hasRole("USER")
.antMatchers(HttpMethod.GET, "/**").permitAll()
.antMatchers(HttpMethod.POST, "/**").permitAll()
.anyRequest()
.authenticated());
http.addFilterBefore(new JwtTokenFilter(jwtTokenUtil,userRepo), UsernamePasswordAuthenticationFilter.class);
}
@Bean
PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource source =
new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.addAllowedOrigin("*");
config.addAllowedHeader("*");
config.addAllowedMethod("*");
source.registerCorsConfiguration("/**", config);
return new CorsFilter(source);
}
}
\ No newline at end of file
src/main/java/web/multitask/app/controller/MessageController.java
package web.multitask.app.controller;
import org.springframework.messaging.handler.annotation.DestinationVariable;
import org.springframework.messaging.handler.annotation.MessageMapping;
import org.springframework.messaging.handler.annotation.SendTo;
import org.springframework.stereotype.Controller;
......
src/main/java/web/multitask/app/model/ERole.java 0 → 100644
package web.multitask.app.model;
public enum ERole {
ROLE_USER,
ROLE_MODERATOR,
ROLE_ADMIN
}
\ No newline at end of file
src/main/java/web/multitask/app/model/Role.java 0 → 100644
package web.multitask.app.model;
;
import lombok.Getter;
import lombok.Setter;
import javax.persistence.*;
@Getter
@Setter
@Entity
@Table(name = "roles")
public class Role {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Integer id;
@Enumerated(EnumType.STRING)
@Column(length = 20)
private ERole name;
public Role() {
}
public Role(ERole name) {
this.name = name;
}
}
\ No newline at end of file
src/main/java/web/multitask/app/mysql/ProcedureMysql.java
package web.multitask.app.mysql;
import org.json.JSONArray;
import org.json.JSONObject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.stereotype.Service;
......@@ -12,8 +11,9 @@ import java.util.logging.Logger;
@Service
public class ProcedureMysql {
private final JdbcTemplate jdbcTemplate;
@Autowired
public ProcedureMysql(JdbcTemplate jdbcTemplate) {
this.jdbcTemplate = jdbcTemplate;
}
......
src/main/java/web/multitask/app/provider/HeaderAuthenticationProvider.java 0 → 100644
package web.multitask.app.provider;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import java.util.ArrayList;
import org.springframework.stereotype.Component;
@Component
public class HeaderAuthenticationProvider implements AuthenticationProvider {
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String name = authentication.getName();
String password = authentication.getCredentials().toString();
return new UsernamePasswordAuthenticationToken(
name, password, new ArrayList<>());
}
@Override
public boolean supports(Class<?> authentication) {
return authentication.equals(UsernamePasswordAuthenticationToken.class);
}
}
\ No newline at end of file
src/main/resources/application.properties
spring.datasource.url=jdbc:mysql://13.59.147.125:3306/base
spring.datasource.url=jdbc:mysql://13.59.147.125:3306/security
spring.datasource.username=server
spring.datasource.password=asd123
spring.datasource.driverClassName=com.mysql.cj.jdbc.Driver
server.port=8080
server.address=0.0.0.0
\ No newline at end of file
server.address=0.0.0.0
app.jwtSecret=9a4f2c8d3b7a1e6f45c8a0b3f267d8b1d4e6f3c8a9d2b5f8e3a9c8b5f6v8a3d9
spring.security.filter.order=1
\ No newline at end of file
target/app.war
No preview for this file type
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment