configure auth

Author: HackMemory0

pom.xml

@@ -33,6 +33,12 @@
 			<artifactId>spring-boot-starter-web</artifactId>
 		</dependency>
 
+		<dependency>
+			<groupId>io.jsonwebtoken</groupId>
+			<artifactId>jjwt</artifactId>
+			<version>0.9.1</version>
+		</dependency>
+
 		<dependency>
 			<groupId>com.oracle.database.jdbc</groupId>
 			<artifactId>ojdbc8</artifactId>

src/main/java/ru/ifmo/web/SpringWeb/config/AuthConfiguration.java

@@ -1,26 +1,38 @@
 package ru.ifmo.web.SpringWeb.controller;
 
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.*;
 import ru.ifmo.web.SpringWeb.model.User;
-
-import javax.servlet.http.HttpServletRequest;
-import java.security.Principal;
-import java.util.Base64;
+import ru.ifmo.web.SpringWeb.payload.AuthResponse;
+import ru.ifmo.web.SpringWeb.payload.ErrorResponse;
+import ru.ifmo.web.SpringWeb.payload.MessageResponse;
+import ru.ifmo.web.SpringWeb.security.JwtProvider;
+import ru.ifmo.web.SpringWeb.service.UserService;
 
 @RestController
 @CrossOrigin
 public class UserController {
 
-    @RequestMapping("/login")
-    public boolean login(@RequestBody User user) {
-        return user.getUsername().equals("user") && user.getPassword().equals("password");
+    private final UserService userService;
+    private final JwtProvider jwtProvider;
+
+    public UserController(UserService userService, JwtProvider jwtProvider) {
+        this.userService = userService;
+        this.jwtProvider = jwtProvider;
     }
 
-    @RequestMapping("/user")
-    public Principal user(HttpServletRequest request) {
-        String authToken = request.getHeader("Authorization")
-                .substring("Basic".length()).trim();
-        return () ->  new String(Base64.getDecoder()
-                .decode(authToken)).split(":")[0];
+    @RequestMapping("/login")
+    public ResponseEntity<?> login(@RequestBody User request) {
+        User user = userService.findUserByUsernameAndPassword(request.getUsername(), request.getPassword());
+        if(user != null){
+            String token = jwtProvider.generateToken(request.getUsername());
+            return ResponseEntity.ok(new AuthResponse(token));
+        }
+
+        return ResponseEntity
+                .badRequest()
+                .body(new ErrorResponse("Incorrect username or password"));
     }
+
 }

src/main/java/ru/ifmo/web/SpringWeb/controller/UserController.java

@@ -11,7 +11,8 @@
 public class Point implements Serializable {
 
     @Id
-    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    @GeneratedValue(strategy=GenerationType.SEQUENCE, generator = "id_Sequence")
+    @SequenceGenerator(name = "id_Sequence", sequenceName = "ID_SEQ")
     private Long id;
 
     private Integer x;

src/main/java/ru/ifmo/web/SpringWeb/model/Point.java

@@ -2,23 +2,30 @@
 
 
 import lombok.Data;
+import lombok.Getter;
+import lombok.Setter;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
 
 import javax.persistence.*;
 import java.io.Serializable;
+import java.util.Collection;
 
 @Data
 @Entity
 @Table(name = "users")
-public class User implements Serializable {
+public class User implements Serializable, UserDetails {
 
-    @Id @GeneratedValue(strategy = GenerationType.IDENTITY)
-    private final Long id;
+    @Id
+    @GeneratedValue(strategy=GenerationType.SEQUENCE, generator = "id_Sequence")
+    @SequenceGenerator(name = "id_Sequence", sequenceName = "ID_SEQ")
+    private Long id;
 
     @Column(nullable = false, unique = true)
-    private final String username;
+    private String username;
 
     @Column(nullable = false)
-    private final String password;
+    private String password;
 
     public User() {
         id = null;
@@ -31,4 +38,38 @@ public User(Long id, String username, String password) {
         this.username = username;
         this.password = password;
     }
+
+    @Override
+    public String toString() {
+        return "User{" +
+                "id=" + id +
+                ", username='" + username + '\'' +
+                ", password='" + password + '\'' +
+                '}';
+    }
+
+    @Override
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+        return null;
+    }
+
+    @Override
+    public boolean isAccountNonExpired() {
+        return true;
+    }
+
+    @Override
+    public boolean isAccountNonLocked() {
+        return true;
+    }
+
+    @Override
+    public boolean isCredentialsNonExpired() {
+        return true;
+    }
+
+    @Override
+    public boolean isEnabled() {
+        return true;
+    }
 }

src/main/java/ru/ifmo/web/SpringWeb/model/User.java

@@ -0,0 +1,11 @@
+package ru.ifmo.web.SpringWeb.payload;
+
+import lombok.AllArgsConstructor;
+import lombok.Data;
+
+@Data
+@AllArgsConstructor
+public class AuthResponse {
+
+    private String token;
+}

src/main/java/ru/ifmo/web/SpringWeb/payload/AuthResponse.java

@@ -0,0 +1,10 @@
+package ru.ifmo.web.SpringWeb.payload;
+
+import lombok.AllArgsConstructor;
+import lombok.Data;
+
+@Data
+@AllArgsConstructor
+public class ErrorResponse {
+    private String error;
+}

src/main/java/ru/ifmo/web/SpringWeb/payload/ErrorResponse.java

@@ -0,0 +1,10 @@
+package ru.ifmo.web.SpringWeb.payload;
+
+import lombok.AllArgsConstructor;
+import lombok.Data;
+
+@Data
+@AllArgsConstructor
+public class MessageResponse {
+    private String message;
+}

src/main/java/ru/ifmo/web/SpringWeb/payload/MessageResponse.java

@@ -0,0 +1,10 @@
+package ru.ifmo.web.SpringWeb.repository;
+
+import org.springframework.data.jpa.repository.JpaRepository;
+import ru.ifmo.web.SpringWeb.model.Point;
+
+public interface PointRepository extends JpaRepository<Point, Long> {
+    void deleteAll();
+    void deleteAllById(Long id);
+
+}

src/main/java/ru/ifmo/web/SpringWeb/repository/PointRepository.java

@@ -0,0 +1,9 @@
+package ru.ifmo.web.SpringWeb.repository;
+
+import org.springframework.data.jpa.repository.JpaRepository;
+import ru.ifmo.web.SpringWeb.model.User;
+
+public interface UserRepository extends JpaRepository<User, Long> {
+    User findByUsername(String username);
+    User findByUsernameAndPassword(String username, String password);
+}

src/main/java/ru/ifmo/web/SpringWeb/repository/UserRepository.java

@@ -0,0 +1,58 @@
+package ru.ifmo.web.SpringWeb.security;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
+import org.springframework.util.StringUtils;
+import org.springframework.web.filter.OncePerRequestFilter;
+import ru.ifmo.web.SpringWeb.service.UserService;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+public class JwtFilter extends OncePerRequestFilter {
+
+    @Autowired
+    private JwtProvider jwtProvider;
+
+    @Autowired
+    private UserService userService;
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
+
+        try {
+            String jwt = parseJwt(httpServletRequest);
+            if (jwt != null && jwtProvider.validateToken(jwt)) {
+                String username = jwtProvider.getLoginFromToken(jwt);
+
+                UserDetails userDetails = userService.loadUserByUsername(username);
+                UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
+                        userDetails, null, userDetails.getAuthorities());
+                authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpServletRequest));
+
+                SecurityContextHolder.getContext().setAuthentication(authentication);
+            }
+        } catch (Exception e) {
+            System.err.println("Cannot set user authentication: " + e);
+        }
+
+        filterChain.doFilter(httpServletRequest, httpServletResponse);
+    }
+
+
+    private String parseJwt(HttpServletRequest request) {
+        String headerAuth = request.getHeader("Authorization");
+
+        if (StringUtils.hasText(headerAuth) && headerAuth.startsWith("Bearer ")) {
+            return headerAuth.substring(7, headerAuth.length());
+        }
+
+        return null;
+    }
+}

src/main/java/ru/ifmo/web/SpringWeb/security/JwtFilter.java

@@ -0,0 +1,43 @@
+package ru.ifmo.web.SpringWeb.security;
+
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+
+import java.time.LocalDate;
+import java.time.ZoneId;
+import java.util.Date;
+
+@Component
+public class JwtProvider {
+
+    @Value("$(jwt.secret)")
+    private String jwtSecret;
+
+    public String generateToken(String login) {
+        Date date = Date.from(LocalDate.now().plusDays(15).atStartOfDay(ZoneId.systemDefault()).toInstant());
+        return Jwts.builder()
+                .setSubject(login)
+                .setExpiration(date)
+                .signWith(SignatureAlgorithm.HS512, jwtSecret)
+                .compact();
+    }
+
+    public boolean validateToken(String token) {
+        try {
+            Jwts.parser().setSigningKey(jwtSecret).parseClaimsJws(token);
+            return true;
+        } catch (Exception ex) {
+            System.err.println("Token expired");
+        }
+
+        return false;
+    }
+
+    public String getLoginFromToken(String token) {
+        Claims claims = Jwts.parser().setSigningKey(jwtSecret).parseClaimsJws(token).getBody();
+        return claims.getSubject();
+    }
+}

src/main/java/ru/ifmo/web/SpringWeb/security/JwtProvider.java

@@ -0,0 +1,48 @@
+package ru.ifmo.web.SpringWeb.security.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import ru.ifmo.web.SpringWeb.security.JwtFilter;
+import ru.ifmo.web.SpringWeb.service.UserService;
+
+@Configuration
+@EnableWebSecurity
+public class AuthConfiguration extends WebSecurityConfigurerAdapter {
+
+    @Autowired
+    UserService userService;
+
+    @Bean
+    public BCryptPasswordEncoder bCryptPasswordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+
+    @Bean
+    public JwtFilter authJwtFilter() {
+        return new JwtFilter();
+    }
+
+
+
+    @Override
+    protected void configure(HttpSecurity httpSecurity) throws Exception {
+        httpSecurity
+                .httpBasic().disable()
+                .csrf().disable()
+                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                .and()
+                .authorizeRequests()
+                .antMatchers("/register", "/login").permitAll()
+                .anyRequest().authenticated()
+                .and()
+                .addFilterBefore(authJwtFilter(), UsernamePasswordAuthenticationFilter.class);
+    }
+
+}