Registration and authorization with spring security

Cupcake-master · Cupcake-master · commit bc182ac5d407 · 2020-07-25T12:56:50.000+03:00
diff --git a/Job_Board/src/main/java/com/bulat/jobboard/JobboardApplication.java b/Job_Board/src/main/java/com/bulat/jobboard/JobboardApplication.java
@@ -2,10 +2,17 @@
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.context.annotation.Bean;
+import org.springframework.web.client.RestTemplate;
 
 @SpringBootApplication
 public class JobboardApplication {
 
+    @Bean
+    public RestTemplate restTemplate(){
+        return new RestTemplate();
+    }
+
     public static void main(String[] args) {
         SpringApplication.run(JobboardApplication.class, args);
     }
diff --git a/Job_Board/src/main/java/com/bulat/jobboard/config/WebSecurityConfiguration.java b/Job_Board/src/main/java/com/bulat/jobboard/config/WebSecurityConfiguration.java
@@ -0,0 +1,47 @@
+package com.bulat.jobboard.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+@Configuration
+@EnableWebSecurity
+public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+
+    @Bean
+    @Override
+    public AuthenticationManager authenticationManagerBean() throws Exception {
+        return super.authenticationManagerBean();
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.httpBasic().disable()
+                .csrf().disable();
+
+        http.formLogin()
+                .loginPage("/signIn")
+                .loginProcessingUrl("/signIn")
+                .usernameParameter("email")
+                .defaultSuccessUrl("/blog");
+
+        http.logout()
+                .logoutUrl("/logout")
+                .logoutSuccessUrl("/signIn");
+
+        http.authorizeRequests()
+                .antMatchers("/css/**","/img/**","/fonts/**","/js/**","/scss/**","/token/**").permitAll()
+                .antMatchers("/signIn", "/signUp").anonymous()
+                .antMatchers("/**").authenticated();
+    }
+}
diff --git a/Job_Board/src/main/java/com/bulat/jobboard/controller/SignInController.java b/Job_Board/src/main/java/com/bulat/jobboard/controller/SignInController.java
@@ -1,15 +1,32 @@
 package com.bulat.jobboard.controller;
 
+import com.bulat.jobboard.utils.Attributes;
+import org.springframework.security.web.WebAttributes;
 import org.springframework.stereotype.Controller;
+import org.springframework.ui.ModelMap;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+
+import javax.naming.AuthenticationException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+import java.util.logging.LogManager;
 
 @Controller
 @RequestMapping("/signIn")
 public class SignInController {
 
     @GetMapping
-    public String getEntrance(){
+    public String getSignIn(HttpServletRequest request, ModelMap modelMap, @RequestParam(value = "error", required = false) String error){
+        LogManager.getLogManager().reset();
+        HttpSession session = request.getSession(false);
+        if (session != null && error != null){
+            AuthenticationException ex = (AuthenticationException) session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
+            if (ex != null) {
+                Attributes.addErrorAttributes(modelMap, ex.getMessage());
+            }
+        }
         return "signIn";
     }
 }
diff --git a/Job_Board/src/main/java/com/bulat/jobboard/controller/SignUpController.java b/Job_Board/src/main/java/com/bulat/jobboard/controller/SignUpController.java
@@ -1,15 +1,72 @@
 package com.bulat.jobboard.controller;
 
+import com.bulat.jobboard.dto.CaptchaResponseDto;
+import com.bulat.jobboard.model.User;
+import com.bulat.jobboard.service.UserService;
+import com.bulat.jobboard.utils.Attributes;
+import com.bulat.jobboard.utils.UserValidator;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Controller;
+import org.springframework.ui.ModelMap;
+import org.springframework.validation.BindingResult;
 import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.client.RestTemplate;
+
+import java.util.Collections;
+import java.util.Objects;
 
 @Controller
 @RequestMapping("/signUp")
 public class SignUpController {
+    private final static String CAPTCHA_URL = "https://www.google.com/recaptcha/api/siteverify?secret=%s&response=%s";
+
+    private final UserValidator userValidator;
+    private final RestTemplate restTemplate;
+    private final UserService userService;
+
+    @Value("${recaptcha.secret}")
+    private String secret;
+
+    @Autowired
+    public SignUpController(UserValidator userValidator, RestTemplate restTemplate, UserService userService) {
+        this.userValidator = userValidator;
+        this.restTemplate = restTemplate;
+        this.userService = userService;
+    }
 
     @GetMapping
     public String getRegistration(){
         return "signUp";
     }
+
+    @PostMapping
+    public String signUp(User user, BindingResult result, ModelMap model,
+                         @RequestParam("g-recaptcha-response") String captchaResponse){
+        userValidator.validate(user, result);
+        StringBuilder error = errorChecking(captchaResponse, result);
+        if (error.length() == 0){
+            Attributes.addSuccessAttributes(model, "Success!");
+            userService.signUp(user);
+        }else{
+            Attributes.addErrorAttributes(model, String.valueOf(error));
+        }
+        return "/signUp";
+    }
+
+    private StringBuilder errorChecking(String captchaResponse, BindingResult result){
+        StringBuilder builder = new StringBuilder();
+        String url = String.format(CAPTCHA_URL, secret, captchaResponse);
+        CaptchaResponseDto response = restTemplate.postForObject(url, Collections.emptyList(), CaptchaResponseDto.class);
+        if (!Objects.requireNonNull(response).isSuccess()) {
+            builder.append("Fill captcha! ");
+        }
+        if (result.hasErrors()) {
+            builder.append("This mail is already taken! ");
+        }
+        return builder;
+    }
 }
diff --git a/Job_Board/src/main/java/com/bulat/jobboard/dto/CaptchaResponseDto.java b/Job_Board/src/main/java/com/bulat/jobboard/dto/CaptchaResponseDto.java
@@ -0,0 +1,22 @@
+package com.bulat.jobboard.dto;
+
+import com.fasterxml.jackson.annotation.JsonAlias;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+import java.util.Set;
+
+@Data
+@NoArgsConstructor
+@AllArgsConstructor
+@Builder
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class CaptchaResponseDto {
+    private boolean success;
+
+    @JsonAlias("error-codes")
+    private Set<String> errorCodes;
+}
diff --git a/Job_Board/src/main/java/com/bulat/jobboard/model/BaseEntity.java b/Job_Board/src/main/java/com/bulat/jobboard/model/BaseEntity.java
@@ -9,7 +9,7 @@
 
 @MappedSuperclass
 @Data
-public class BaseEntity {
+class BaseEntity {
 
     @Id
     @GeneratedValue(strategy = GenerationType.IDENTITY)
diff --git a/Job_Board/src/main/java/com/bulat/jobboard/model/Role.java b/Job_Board/src/main/java/com/bulat/jobboard/model/Role.java
@@ -2,6 +2,7 @@
 
 import lombok.Data;
 import lombok.EqualsAndHashCode;
+import org.springframework.security.core.GrantedAuthority;
 
 import javax.persistence.*;
 import java.util.List;
@@ -10,11 +11,16 @@
 @Data
 @Entity
 @Table(name = "roles")
-public class Role extends BaseEntity{
+public class Role extends BaseEntity implements GrantedAuthority {
 
     @Column(name = "name")
     private String name;
 
     @ManyToMany(mappedBy = "roles", fetch = FetchType.LAZY)
     private List<User> users;
+
+    @Override
+    public String getAuthority() {
+        return name;
+    }
 }
diff --git a/Job_Board/src/main/java/com/bulat/jobboard/repository/RoleRepository.java b/Job_Board/src/main/java/com/bulat/jobboard/repository/RoleRepository.java
@@ -0,0 +1,12 @@
+package com.bulat.jobboard.repository;
+
+import com.bulat.jobboard.model.Role;
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.stereotype.Repository;
+
+import java.util.Optional;
+
+@Repository
+public interface RoleRepository extends JpaRepository<Role, Long> {
+    Optional<Role> findByName(String name);
+}
diff --git a/Job_Board/src/main/java/com/bulat/jobboard/repository/UserRepository.java b/Job_Board/src/main/java/com/bulat/jobboard/repository/UserRepository.java
@@ -0,0 +1,10 @@
+package com.bulat.jobboard.repository;
+
+import com.bulat.jobboard.model.User;
+import org.springframework.data.jpa.repository.JpaRepository;
+
+import java.util.Optional;
+
+public interface UserRepository extends JpaRepository<User, Long> {
+    Optional<User> findByEmail(String email);
+}
diff --git a/Job_Board/src/main/java/com/bulat/jobboard/security/details/UserDetailsImpl.java b/Job_Board/src/main/java/com/bulat/jobboard/security/details/UserDetailsImpl.java
@@ -0,0 +1,52 @@
+package com.bulat.jobboard.security.details;
+
+import com.bulat.jobboard.model.State;
+import com.bulat.jobboard.model.User;
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+
+import java.util.Collection;
+
+@AllArgsConstructor
+public class UserDetailsImpl implements UserDetails {
+
+    @Getter
+    private User user;
+
+    @Override
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+        return user.getRoles();
+    }
+
+    @Override
+    public String getPassword() {
+        return user.getPassword();
+    }
+
+    @Override
+    public String getUsername() {
+        return user.getEmail();
+    }
+
+    @Override
+    public boolean isAccountNonExpired() {
+        return true;
+    }
+
+    @Override
+    public boolean isAccountNonLocked() {
+        return true;
+    }
+
+    @Override
+    public boolean isCredentialsNonExpired() {
+        return true;
+    }
+
+    @Override
+    public boolean isEnabled() {
+        return user.getStatus().equals(State.ACTIVE);
+    }
+}
diff --git a/Job_Board/src/main/java/com/bulat/jobboard/security/service/UserDetailsServiceImpl.java b/Job_Board/src/main/java/com/bulat/jobboard/security/service/UserDetailsServiceImpl.java
@@ -0,0 +1,33 @@
+package com.bulat.jobboard.security.service;
+
+import com.bulat.jobboard.model.User;
+import com.bulat.jobboard.security.details.UserDetailsImpl;
+import com.bulat.jobboard.service.UserService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Service;
+
+import java.util.Optional;
+
+@Service
+public class UserDetailsServiceImpl implements UserDetailsService {
+
+    private final UserService userService;
+
+    @Autowired
+    public UserDetailsServiceImpl(UserService userService) {
+        this.userService = userService;
+    }
+
+    @Override
+    public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
+        Optional<User> userOptional = userService.findByEmail(s);
+        if (userOptional.isPresent()){
+            User user = userOptional.get();
+            return new UserDetailsImpl(user);
+        }
+        throw new UsernameNotFoundException("User not found");
+    }
+}
diff --git a/Job_Board/src/main/java/com/bulat/jobboard/service/RoleService.java b/Job_Board/src/main/java/com/bulat/jobboard/service/RoleService.java
@@ -0,0 +1,14 @@
+package com.bulat.jobboard.service;
+
+import com.bulat.jobboard.model.Role;
+import org.springframework.stereotype.Service;
+
+import java.util.Optional;
+
+@Service
+public interface RoleService {
+
+    Role save(Role role);
+
+    Optional<Role> findByName(String name);
+}
diff --git a/Job_Board/src/main/java/com/bulat/jobboard/service/UserService.java b/Job_Board/src/main/java/com/bulat/jobboard/service/UserService.java
@@ -0,0 +1,15 @@
+package com.bulat.jobboard.service;
+
+import com.bulat.jobboard.model.User;
+import org.springframework.stereotype.Service;
+
+import java.util.Optional;
+
+@Service
+public interface UserService {
+    Optional<User> findByEmail(String email);
+
+    void signUp(User user);
+
+    User save(User user);
+}
diff --git a/Job_Board/src/main/java/com/bulat/jobboard/service/impl/RoleServiceImpl.java b/Job_Board/src/main/java/com/bulat/jobboard/service/impl/RoleServiceImpl.java
diff --git a/Job_Board/src/main/java/com/bulat/jobboard/service/impl/UserServiceImpl.java b/Job_Board/src/main/java/com/bulat/jobboard/service/impl/UserServiceImpl.java
diff --git a/Job_Board/src/main/java/com/bulat/jobboard/utils/Attributes.java b/Job_Board/src/main/java/com/bulat/jobboard/utils/Attributes.java
diff --git a/Job_Board/src/main/java/com/bulat/jobboard/utils/UserValidator.java b/Job_Board/src/main/java/com/bulat/jobboard/utils/UserValidator.java
diff --git a/Job_Board/src/main/resources/application.properties b/Job_Board/src/main/resources/application.properties
