Propagate Roles from Repository
This commit is contained in:
parent
46262af668
commit
e4f427e9ff
@ -18,6 +18,7 @@ dependencies {
|
||||
implementation 'org.springframework.boot:spring-boot-starter-actuator'
|
||||
|
||||
implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
|
||||
implementation 'org.springframework.boot:spring-boot-starter-data-rest'
|
||||
compileOnly 'org.projectlombok:lombok'
|
||||
annotationProcessor 'org.projectlombok:lombok'
|
||||
implementation 'org.mariadb.jdbc:mariadb-java-client'
|
||||
|
@ -2,8 +2,11 @@ package de.hft.geotime.security;
|
||||
|
||||
import com.auth0.jwt.JWT;
|
||||
import com.auth0.jwt.algorithms.Algorithm;
|
||||
import de.hft.geotime.user.TimetrackUser;
|
||||
import de.hft.geotime.user.TimetrackUserRepository;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
|
||||
|
||||
@ -12,14 +15,18 @@ import javax.servlet.ServletException;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.io.IOException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
|
||||
import static de.hft.geotime.security.SecurityConstants.*;
|
||||
|
||||
public class JWTAuthorizationFilter extends BasicAuthenticationFilter {
|
||||
|
||||
public JWTAuthorizationFilter(AuthenticationManager authManager) {
|
||||
private final TimetrackUserRepository userRepository;
|
||||
|
||||
public JWTAuthorizationFilter(AuthenticationManager authManager, TimetrackUserRepository userRepository) {
|
||||
super(authManager);
|
||||
this.userRepository = userRepository;
|
||||
}
|
||||
|
||||
@Override
|
||||
@ -41,13 +48,17 @@ public class JWTAuthorizationFilter extends BasicAuthenticationFilter {
|
||||
String token = request.getHeader(HEADER_STRING);
|
||||
if (token != null) {
|
||||
// parse the token.
|
||||
String user = JWT.require(Algorithm.HMAC512(SECRET.getBytes()))
|
||||
String username = JWT.require(Algorithm.HMAC512(SECRET.getBytes()))
|
||||
.build()
|
||||
.verify(token.replace(TOKEN_PREFIX, ""))
|
||||
.getSubject();
|
||||
|
||||
if (user != null) {
|
||||
return new UsernamePasswordAuthenticationToken(user, null, new ArrayList<>());
|
||||
TimetrackUser user = userRepository.findFirstByUsername(username);
|
||||
SimpleGrantedAuthority role = new SimpleGrantedAuthority(user.getRole().getName());
|
||||
|
||||
if (username != null) {
|
||||
List<SimpleGrantedAuthority> authorityList = Collections.singletonList(role);
|
||||
return new UsernamePasswordAuthenticationToken(username, null, authorityList);
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
@ -1,5 +1,6 @@
|
||||
package de.hft.geotime.security;
|
||||
|
||||
import de.hft.geotime.user.TimetrackUserRepository;
|
||||
import de.hft.geotime.user.UserDetailsServiceImpl;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.http.HttpMethod;
|
||||
@ -19,10 +20,12 @@ import static de.hft.geotime.security.SecurityConstants.SIGN_UP_URL;
|
||||
public class WebSecurity extends WebSecurityConfigurerAdapter {
|
||||
private final UserDetailsServiceImpl userDetailsService;
|
||||
private final BCryptPasswordEncoder bCryptPasswordEncoder;
|
||||
private final TimetrackUserRepository userRepository;
|
||||
|
||||
public WebSecurity(UserDetailsServiceImpl userDetailsService, BCryptPasswordEncoder bCryptPasswordEncoder) {
|
||||
public WebSecurity(UserDetailsServiceImpl userDetailsService, BCryptPasswordEncoder bCryptPasswordEncoder, TimetrackUserRepository userRepository) {
|
||||
this.userDetailsService = userDetailsService;
|
||||
this.bCryptPasswordEncoder = bCryptPasswordEncoder;
|
||||
this.userRepository = userRepository;
|
||||
}
|
||||
|
||||
@Override
|
||||
@ -32,7 +35,7 @@ public class WebSecurity extends WebSecurityConfigurerAdapter {
|
||||
.anyRequest().authenticated()
|
||||
.and()
|
||||
.addFilter(new JWTAuthenticationFilter(authenticationManager()))
|
||||
.addFilter(new JWTAuthorizationFilter(authenticationManager()))
|
||||
.addFilter(new JWTAuthorizationFilter(authenticationManager(), userRepository))
|
||||
// this disables session creation on Spring Security
|
||||
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
|
||||
}
|
||||
|
@ -10,8 +10,8 @@ import java.util.HashMap;
|
||||
@RequestMapping("/user")
|
||||
public class UserController {
|
||||
|
||||
private TimetrackUserRepository userRepository;
|
||||
private BCryptPasswordEncoder bCryptPasswordEncoder;
|
||||
private final TimetrackUserRepository userRepository;
|
||||
private final BCryptPasswordEncoder bCryptPasswordEncoder;
|
||||
|
||||
public UserController(TimetrackUserRepository userRepository, BCryptPasswordEncoder bCryptPasswordEncoder) {
|
||||
this.userRepository = userRepository;
|
||||
@ -21,7 +21,12 @@ public class UserController {
|
||||
@GetMapping
|
||||
public String getUsername(Authentication authentication) {
|
||||
TimetrackUser timetrackUser = userRepository.findFirstByUsername(authentication.getName());
|
||||
return "Welcome back " + timetrackUser.getFirstname() + " " + timetrackUser.getLastname();
|
||||
return "Welcome back "
|
||||
+ timetrackUser.getFirstname()
|
||||
+ " "
|
||||
+ timetrackUser.getLastname()
|
||||
+ " roles from Auth: "
|
||||
+ authentication.getAuthorities();
|
||||
}
|
||||
|
||||
// TODO: implement register, maybe move to another class
|
||||
|
@ -1,12 +1,13 @@
|
||||
package de.hft.geotime.user;
|
||||
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.Arrays;
|
||||
|
||||
@Service
|
||||
public class UserDetailsServiceImpl implements UserDetailsService {
|
||||
@ -23,7 +24,17 @@ public class UserDetailsServiceImpl implements UserDetailsService {
|
||||
if (timetrackUser == null) {
|
||||
throw new UsernameNotFoundException(username);
|
||||
}
|
||||
System.out.println("Loaded user " + timetrackUser.getFirstname() + " " + timetrackUser.getLastname());
|
||||
return new User(timetrackUser.getUsername(), timetrackUser.getPassword(), Collections.emptyList());
|
||||
System.out.println("Loaded user "
|
||||
+ timetrackUser.getFirstname()
|
||||
+ " "
|
||||
+ timetrackUser.getLastname()
|
||||
+ " with role: "
|
||||
+ timetrackUser.getRole().getName()
|
||||
);
|
||||
return new User(
|
||||
timetrackUser.getUsername(),
|
||||
timetrackUser.getPassword(),
|
||||
Arrays.asList(new SimpleGrantedAuthority(timetrackUser.getRole().getName()))
|
||||
);
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user