Compare commits

...

1 Commits

Author SHA1 Message Date
e4f427e9ff Propagate Roles from Repository 2020-05-09 18:37:26 +02:00
5 changed files with 44 additions and 13 deletions

View File

@ -18,6 +18,7 @@ dependencies {
implementation 'org.springframework.boot:spring-boot-starter-actuator'
implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
implementation 'org.springframework.boot:spring-boot-starter-data-rest'
compileOnly 'org.projectlombok:lombok'
annotationProcessor 'org.projectlombok:lombok'
implementation 'org.mariadb.jdbc:mariadb-java-client'

View File

@ -2,8 +2,11 @@ package de.hft.geotime.security;
import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import de.hft.geotime.user.TimetrackUser;
import de.hft.geotime.user.TimetrackUserRepository;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
@ -12,14 +15,18 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import static de.hft.geotime.security.SecurityConstants.*;
public class JWTAuthorizationFilter extends BasicAuthenticationFilter {
public JWTAuthorizationFilter(AuthenticationManager authManager) {
private final TimetrackUserRepository userRepository;
public JWTAuthorizationFilter(AuthenticationManager authManager, TimetrackUserRepository userRepository) {
super(authManager);
this.userRepository = userRepository;
}
@Override
@ -41,13 +48,17 @@ public class JWTAuthorizationFilter extends BasicAuthenticationFilter {
String token = request.getHeader(HEADER_STRING);
if (token != null) {
// parse the token.
String user = JWT.require(Algorithm.HMAC512(SECRET.getBytes()))
String username = JWT.require(Algorithm.HMAC512(SECRET.getBytes()))
.build()
.verify(token.replace(TOKEN_PREFIX, ""))
.getSubject();
if (user != null) {
return new UsernamePasswordAuthenticationToken(user, null, new ArrayList<>());
TimetrackUser user = userRepository.findFirstByUsername(username);
SimpleGrantedAuthority role = new SimpleGrantedAuthority(user.getRole().getName());
if (username != null) {
List<SimpleGrantedAuthority> authorityList = Collections.singletonList(role);
return new UsernamePasswordAuthenticationToken(username, null, authorityList);
}
return null;
}

View File

@ -1,5 +1,6 @@
package de.hft.geotime.security;
import de.hft.geotime.user.TimetrackUserRepository;
import de.hft.geotime.user.UserDetailsServiceImpl;
import org.springframework.context.annotation.Bean;
import org.springframework.http.HttpMethod;
@ -19,10 +20,12 @@ import static de.hft.geotime.security.SecurityConstants.SIGN_UP_URL;
public class WebSecurity extends WebSecurityConfigurerAdapter {
private final UserDetailsServiceImpl userDetailsService;
private final BCryptPasswordEncoder bCryptPasswordEncoder;
private final TimetrackUserRepository userRepository;
public WebSecurity(UserDetailsServiceImpl userDetailsService, BCryptPasswordEncoder bCryptPasswordEncoder) {
public WebSecurity(UserDetailsServiceImpl userDetailsService, BCryptPasswordEncoder bCryptPasswordEncoder, TimetrackUserRepository userRepository) {
this.userDetailsService = userDetailsService;
this.bCryptPasswordEncoder = bCryptPasswordEncoder;
this.userRepository = userRepository;
}
@Override
@ -32,7 +35,7 @@ public class WebSecurity extends WebSecurityConfigurerAdapter {
.anyRequest().authenticated()
.and()
.addFilter(new JWTAuthenticationFilter(authenticationManager()))
.addFilter(new JWTAuthorizationFilter(authenticationManager()))
.addFilter(new JWTAuthorizationFilter(authenticationManager(), userRepository))
// this disables session creation on Spring Security
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}

View File

@ -10,8 +10,8 @@ import java.util.HashMap;
@RequestMapping("/user")
public class UserController {
private TimetrackUserRepository userRepository;
private BCryptPasswordEncoder bCryptPasswordEncoder;
private final TimetrackUserRepository userRepository;
private final BCryptPasswordEncoder bCryptPasswordEncoder;
public UserController(TimetrackUserRepository userRepository, BCryptPasswordEncoder bCryptPasswordEncoder) {
this.userRepository = userRepository;
@ -21,7 +21,12 @@ public class UserController {
@GetMapping
public String getUsername(Authentication authentication) {
TimetrackUser timetrackUser = userRepository.findFirstByUsername(authentication.getName());
return "Welcome back " + timetrackUser.getFirstname() + " " + timetrackUser.getLastname();
return "Welcome back "
+ timetrackUser.getFirstname()
+ " "
+ timetrackUser.getLastname()
+ " roles from Auth: "
+ authentication.getAuthorities();
}
// TODO: implement register, maybe move to another class

View File

@ -1,12 +1,13 @@
package de.hft.geotime.user;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import java.util.Collections;
import java.util.Arrays;
@Service
public class UserDetailsServiceImpl implements UserDetailsService {
@ -23,7 +24,17 @@ public class UserDetailsServiceImpl implements UserDetailsService {
if (timetrackUser == null) {
throw new UsernameNotFoundException(username);
}
System.out.println("Loaded user " + timetrackUser.getFirstname() + " " + timetrackUser.getLastname());
return new User(timetrackUser.getUsername(), timetrackUser.getPassword(), Collections.emptyList());
System.out.println("Loaded user "
+ timetrackUser.getFirstname()
+ " "
+ timetrackUser.getLastname()
+ " with role: "
+ timetrackUser.getRole().getName()
);
return new User(
timetrackUser.getUsername(),
timetrackUser.getPassword(),
Arrays.asList(new SimpleGrantedAuthority(timetrackUser.getRole().getName()))
);
}
}