[ADD] SPRING SECURITY ADDED

pom.xml

@@ -5,7 +5,7 @@
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
-		<version>3.1.4</version>
+		<version>2.7.14</version>
 		<relativePath/> <!-- lookup parent from repository -->
 	</parent>
 	<groupId>web.multitask</groupId>
@@ -26,7 +26,17 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-web</artifactId>
 		</dependency>
-
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-security</artifactId>
+			<version>3.2.0</version>
+		</dependency>
+		<!-- JPA -->
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-data-jpa</artifactId>
+			<version>2.5.6</version>
+		</dependency>
 		<dependency>
 			<groupId>com.mysql</groupId>
 			<artifactId>mysql-connector-j</artifactId>
@@ -62,6 +72,24 @@
 			<artifactId>lombok</artifactId>
 			<optional>true</optional>
 		</dependency>
+		<dependency>
+			<groupId>io.jsonwebtoken</groupId>
+			<artifactId>jjwt-api</artifactId>
+			<version>0.11.2</version>
+		</dependency>
+		<dependency>
+			<groupId>io.jsonwebtoken</groupId>
+			<artifactId>jjwt-impl</artifactId>
+			<version>0.11.2</version>
+			<scope>runtime</scope>
+		</dependency>
+		<dependency>
+			<groupId>io.jsonwebtoken</groupId>
+			<artifactId>jjwt-jackson</artifactId>
+			<version>0.11.2</version>
+			<scope>runtime</scope>
+		</dependency>
+
 	</dependencies>
 
 	<build>

src/main/java/web/multitask/app/api/AppApi.java

@@ -3,7 +3,6 @@ package web.multitask.app.api;
 import org.json.JSONArray;
 import org.json.JSONObject;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.jdbc.core.JdbcTemplate;
 import org.springframework.web.bind.annotation.*;
 import web.multitask.app.mysql.ProcedureMysql;
 
@@ -14,7 +13,6 @@ public class AppApi {
 
     final ProcedureMysql procedureMysql;
 
-    @Autowired
     public AppApi(ProcedureMysql procedureMysql) {
         this.procedureMysql = procedureMysql;
     }

src/main/java/web/multitask/app/config/FilterConfig.java

+package web.multitask.app.config;
+
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import web.multitask.app.filter.JwtTokenFilter;
+
+@Configuration
+public class FilterConfig {
+
+    @Bean
+    public FilterRegistrationBean<JwtTokenFilter> filterRegistrationBean() {
+        FilterRegistrationBean<JwtTokenFilter> registrationBean = new FilterRegistrationBean<>();
+        registrationBean.setFilter(new JwtTokenFilter());
+        registrationBean.addUrlPatterns("/**");
+        registrationBean.setOrder(1);
+        return registrationBean;
+    }
+
+}
\ No newline at end of file

src/main/java/web/multitask/app/config/SecurityConfig.java

+package web.multitask.app.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+import org.springframework.web.filter.CorsFilter;
+
+import org.springframework.web.filter.OncePerRequestFilter;
+import web.multitask.app.filter.JwtTokenFilter;
+import web.multitask.app.repository.UserRespository;
+import web.multitask.app.utils.JwtTokenUtil;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+    private final UserRespository userRepo;
+    private final JwtTokenUtil jwtTokenUtil;
+
+    public SecurityConfig(UserRespository userRepo, JwtTokenUtil jwtTokenUtil) {
+        this.userRepo = userRepo;
+        this.jwtTokenUtil = jwtTokenUtil;
+    }
+
+    @Bean
+    @Override
+    public AuthenticationManager authenticationManagerBean() throws Exception {
+        return super.authenticationManagerBean();
+    }
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth.userDetailsService(userRepo::findByUsername);
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http
+                 .cors(AbstractHttpConfigurer::disable).csrf(AbstractHttpConfigurer::disable)
+                .authorizeHttpRequests(
+                        authorizeRequests -> authorizeRequests.antMatchers("/test/admin").hasRole("ADMIN")
+                                .antMatchers("/test/user").hasRole("USER")
+                                 .antMatchers(HttpMethod.GET, "/**").permitAll()
+                                .antMatchers(HttpMethod.POST, "/**").permitAll()
+                                .anyRequest()
+                                .authenticated());
+        http.addFilterBefore(new JwtTokenFilter(jwtTokenUtil,userRepo), UsernamePasswordAuthenticationFilter.class);
+    }
+
+    @Bean
+    PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+
+        @Bean
+    public CorsFilter corsFilter() {
+        UrlBasedCorsConfigurationSource source =
+            new UrlBasedCorsConfigurationSource();
+        CorsConfiguration config = new CorsConfiguration();
+        config.setAllowCredentials(true);
+        config.addAllowedOrigin("*");
+        config.addAllowedHeader("*");
+        config.addAllowedMethod("*");
+        source.registerCorsConfiguration("/**", config);
+        return new CorsFilter(source);
+    }
+
+}
\ No newline at end of file

src/main/java/web/multitask/app/controller/MessageController.java

 package web.multitask.app.controller;
 
-import org.springframework.messaging.handler.annotation.DestinationVariable;
+
 import org.springframework.messaging.handler.annotation.MessageMapping;
 import org.springframework.messaging.handler.annotation.SendTo;
 import org.springframework.stereotype.Controller;

src/main/java/web/multitask/app/model/ERole.java

+package web.multitask.app.model;
+
+public enum ERole {
+    ROLE_USER,
+    ROLE_MODERATOR,
+    ROLE_ADMIN
+}
\ No newline at end of file

src/main/java/web/multitask/app/model/Role.java

+package web.multitask.app.model;
+;
+import lombok.Getter;
+import lombok.Setter;
+
+import javax.persistence.*;
+
+@Getter
+@Setter
+@Entity
+@Table(name = "roles")
+public class Role {
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Integer id;
+
+    @Enumerated(EnumType.STRING)
+    @Column(length = 20)
+    private ERole name;
+
+    public Role() {
+    }
+
+    public Role(ERole name) {
+        this.name = name;
+    }
+}
\ No newline at end of file

src/main/java/web/multitask/app/mysql/ProcedureMysql.java

 package web.multitask.app.mysql;
 
-import org.json.JSONArray;
+
 import org.json.JSONObject;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.jdbc.core.JdbcTemplate;
 import org.springframework.stereotype.Service;
 
@@ -12,8 +11,9 @@ import java.util.logging.Logger;
 
 @Service
 public class ProcedureMysql {
+    
     private final JdbcTemplate jdbcTemplate;
-    @Autowired
+
     public ProcedureMysql(JdbcTemplate jdbcTemplate) {
         this.jdbcTemplate = jdbcTemplate;
     }

src/main/java/web/multitask/app/provider/HeaderAuthenticationProvider.java

+package web.multitask.app.provider;
+
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import java.util.ArrayList;
+import org.springframework.stereotype.Component;
+
+@Component
+public class HeaderAuthenticationProvider implements AuthenticationProvider {
+
+    @Override
+    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+        String name = authentication.getName();
+        String password = authentication.getCredentials().toString();
+        return new UsernamePasswordAuthenticationToken(
+                name, password, new ArrayList<>());
+    }
+
+    @Override
+    public boolean supports(Class<?> authentication) {
+        return authentication.equals(UsernamePasswordAuthenticationToken.class);
+    }
+}
\ No newline at end of file

src/main/resources/application.properties

-spring.datasource.url=jdbc:mysql://13.59.147.125:3306/base
+spring.datasource.url=jdbc:mysql://13.59.147.125:3306/security
 spring.datasource.username=server
 spring.datasource.password=asd123
 spring.datasource.driverClassName=com.mysql.cj.jdbc.Driver
 server.port=8080
-server.address=0.0.0.0
+server.address=0.0.0.0
\ No newline at end of file
+
+app.jwtSecret=9a4f2c8d3b7a1e6f45c8a0b3f267d8b1d4e6f3c8a9d2b5f8e3a9c8b5f6v8a3d9
+
+spring.security.filter.order=1
\ No newline at end of file