Security шаблон

src/main/java/ru/ldeloff/Main.java

@@ -1,7 +0,0 @@
-package ru.ldeloff;
-
-public class Main {
-    public static void main(String[] args) {
-        System.out.println("Hello world!");
-    }
-}

src/main/java/ru/ldeloff/hedgehogcloud/Main.java

@@ -0,0 +1,11 @@
+package ru.ldeloff.hedgehogcloud;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class Main {
+    public static void main(String[] args) {
+        SpringApplication.run(Main.class,args);
+    }
+}

src/main/java/ru/ldeloff/hedgehogcloud/config/AuthenticationSuccessUserHandler.java

@@ -0,0 +1,25 @@
+package ru.ldeloff.hedgehogcloud.config;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.Set;
+
+@Component
+public class AuthenticationSuccessUserHandler implements AuthenticationSuccessHandler {
+    @Override
+    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
+        Set<String> roles = AuthorityUtils.authorityListToSet(authentication.getAuthorities());
+        if (roles.contains("ROLE_ADMIN")) {
+            response.sendRedirect("/admin");
+        } else {
+            response.sendRedirect("/user");
+        }
+    }
+}

src/main/java/ru/ldeloff/hedgehogcloud/config/MvcConfig.java

@@ -0,0 +1,13 @@
+package ru.ldeloff.hedgehogcloud.config;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+@Configuration
+public class MvcConfig implements WebMvcConfigurer {
+    @Override
+    public void addViewControllers(ViewControllerRegistry registry) {
+        registry.addViewController("/login").setViewName("login");
+    }
+}

src/main/java/ru/ldeloff/hedgehogcloud/config/WebSecurityConfig.java

@@ -0,0 +1,61 @@
+package ru.ldeloff.hedgehogcloud.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.NoOpPasswordEncoder;
+import ru.ldeloff.hedgehogcloud.service.UserService;
+
+
+@Configuration
+@EnableWebSecurity
+public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+    UserService userService;
+    AuthenticationSuccessUserHandler authenticationSuccessUserHandler;
+
+    public WebSecurityConfig(UserService userService, AuthenticationSuccessUserHandler authenticationSuccessUserHandler) {
+        this.userService = userService;
+        this.authenticationSuccessUserHandler = authenticationSuccessUserHandler;
+    }
+
+    @Bean
+    public BCryptPasswordEncoder bCryptPasswordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.formLogin()
+                // указываем страницу с формой логина
+                .loginPage("/login")
+                //указываем логику обработки при логине
+                .successHandler(authenticationSuccessUserHandler)
+                // указываем action с формы логина
+                .loginProcessingUrl("/login")
+                // указываем параметры логина и пароля с формы логина
+                .usernameParameter("j_username")
+                .passwordParameter("j_password")
+                // даем доступ к форме логина всем
+                .permitAll();
+        http
+                // делаем страницу регистрации недоступной для авторизированных пользователей
+                .authorizeRequests()
+                //страницы аутентификации доступна всем
+                .antMatchers("/login").anonymous()
+                .antMatchers("/").authenticated()
+                // защищенные URL
+                .antMatchers("/admin/**").access("hasAnyRole('ROLE_ADMIN')")
+                .antMatchers("/user").permitAll()
+                .and().formLogin();
+    }
+
+    @Autowired
+    protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+        auth.userDetailsService(userService).passwordEncoder(NoOpPasswordEncoder.getInstance());
+    }
+}

src/main/java/ru/ldeloff/hedgehogcloud/controller/LoginController.java

@@ -0,0 +1,13 @@
+package ru.ldeloff.hedgehogcloud.controller;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
+
+@Controller
+public class LoginController {
+
+    @GetMapping(value = "/login")
+    public String loginPage() {
+        return "login";
+    }
+}

src/main/java/ru/ldeloff/hedgehogcloud/entity/RoleEntity.java

@@ -0,0 +1,31 @@
+package ru.ldeloff.hedgehogcloud.entity;
+
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.transaction.annotation.Transactional;
+
+import javax.persistence.Entity;
+import javax.persistence.Id;
+import javax.persistence.Table;
+import javax.persistence.Transient;
+import java.util.Set;
+
+@NoArgsConstructor
+@Getter
+@Setter
+@Entity
+@Table(name = "roles")
+public class RoleEntity implements GrantedAuthority {
+    @Id
+    private String id;
+    private String name;
+    @Transient
+    private Set<UserEntity> users;
+
+    @Override
+    public String getAuthority() {
+        return getName();
+    }
+}

src/main/java/ru/ldeloff/hedgehogcloud/entity/UserEntity.java

@@ -0,0 +1,63 @@
+package ru.ldeloff.hedgehogcloud.entity;
+
+import lombok.AccessLevel;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+
+import javax.persistence.*;
+import java.util.Collection;
+import java.util.Set;
+
+@NoArgsConstructor
+@Getter
+@Setter
+@Entity
+@Table(name = "users")
+public class UserEntity implements UserDetails {
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private String id;
+    private String username;
+    private String password;
+
+    @ManyToMany(fetch = FetchType.EAGER)
+    private Set<RoleEntity> roles;
+
+    @Override
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+        return null;
+    }
+
+    @Override
+    public String getPassword() {
+        return password;
+    }
+
+    @Override
+    public String getUsername() {
+        return username;
+    }
+
+    @Override
+    public boolean isAccountNonExpired() {
+        return true;
+    }
+
+    @Override
+    public boolean isAccountNonLocked() {
+        return true;
+    }
+
+    @Override
+    public boolean isCredentialsNonExpired() {
+        return true;
+    }
+
+    @Override
+    public boolean isEnabled() {
+        return true;
+    }
+}

src/main/java/ru/ldeloff/hedgehogcloud/repository/RoleRepository.java

@@ -0,0 +1,7 @@
+package ru.ldeloff.hedgehogcloud.repository;
+
+import org.springframework.data.jpa.repository.JpaRepository;
+import ru.ldeloff.hedgehogcloud.entity.RoleEntity;
+
+public interface RoleRepository extends JpaRepository<RoleEntity, String> {
+}

src/main/java/ru/ldeloff/hedgehogcloud/repository/UserRepository.java

@@ -0,0 +1,8 @@
+package ru.ldeloff.hedgehogcloud.repository;
+
+import org.springframework.data.jpa.repository.JpaRepository;
+import ru.ldeloff.hedgehogcloud.entity.UserEntity;
+
+public interface UserRepository extends JpaRepository<UserEntity, String> {
+    UserEntity findByUsername(String username);
+}

src/main/java/ru/ldeloff/hedgehogcloud/service/UserService.java

@@ -0,0 +1,38 @@
+package ru.ldeloff.hedgehogcloud.service;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.stereotype.Service;
+import ru.ldeloff.hedgehogcloud.entity.UserEntity;
+import ru.ldeloff.hedgehogcloud.repository.RoleRepository;
+import ru.ldeloff.hedgehogcloud.repository.UserRepository;
+
+import javax.persistence.Entity;
+import javax.persistence.EntityManager;
+import javax.persistence.PersistenceContext;
+
+
+@Service
+public class UserService implements UserDetailsService {
+    UserRepository userRepository;
+    RoleRepository roleRepository;
+
+    @Autowired
+    public UserService(UserRepository userRepository,
+                       RoleRepository roleRepository) {
+        this.userRepository = userRepository;
+        this.roleRepository = roleRepository;
+    }
+
+    @Override
+    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+        UserEntity user = userRepository.findByUsername(username);
+        if (user == null) {
+            throw new UsernameNotFoundException("User not found");
+        }
+        return user;
+    }
+}