Security шаблон

2023-03-01 23:46:16 +03:00 · 2023-03-01 23:46:16 +03:00 · 9eebb2bfff
parent 74600740eb
commit 9eebb2bfff
14 changed files with 374 additions and 7 deletions
--- a/pom.xml
+++ b/pom.xml
@ -8,9 +8,73 @@
    <artifactId>HedgeHogCloud</artifactId>
    <version>1.0-SNAPSHOT</version>

+    <parent>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-starter-parent</artifactId>
+        <version>2.6.2</version>
+    </parent>
+
    <properties>
        <maven.compiler.source>17</maven.compiler.source>
        <maven.compiler.target>17</maven.compiler.target>
+        <java.version>17</java.version>
    </properties>

+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-thymeleaf</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-test</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-test</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>mysql</groupId>
+            <artifactId>mysql-connector-java</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-data-jpa</artifactId>
+        </dependency>
+        <!-- https://mvnrepository.com/artifact/org.projectlombok/lombok -->
+        <dependency>
+            <groupId>org.projectlombok</groupId>
+            <artifactId>lombok</artifactId>
+            <version>1.18.26</version>
+            <scope>provided</scope>
+        </dependency>
+        <!-- https://mvnrepository.com/artifact/org.liquibase/liquibase-core -->
+        <dependency>
+            <groupId>org.liquibase</groupId>
+            <artifactId>liquibase-core</artifactId>
+            <version>4.19.0</version>
+        </dependency>
+
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+                <version>${project.parent.version}</version>
+            </plugin>
+        </plugins>
+    </build>
+
 </project>
--- a/src/main/java/ru/ldeloff/Main.java
+++ b/src/main/java/ru/ldeloff/Main.java
@ -1,7 +0,0 @@
-package ru.ldeloff;
-
-public class Main {
-    public static void main(String[] args) {
-        System.out.println("Hello world!");
-    }
-}
--- a/src/main/java/ru/ldeloff/hedgehogcloud/Main.java
+++ b/src/main/java/ru/ldeloff/hedgehogcloud/Main.java
@ -0,0 +1,11 @@
+package ru.ldeloff.hedgehogcloud;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class Main {
+    public static void main(String[] args) {
+        SpringApplication.run(Main.class,args);
+    }
+}
--- a/src/main/java/ru/ldeloff/hedgehogcloud/config/AuthenticationSuccessUserHandler.java
+++ b/src/main/java/ru/ldeloff/hedgehogcloud/config/AuthenticationSuccessUserHandler.java
@ -0,0 +1,25 @@
+package ru.ldeloff.hedgehogcloud.config;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.Set;
+
+@Component
+public class AuthenticationSuccessUserHandler implements AuthenticationSuccessHandler {
+    @Override
+    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
+        Set<String> roles = AuthorityUtils.authorityListToSet(authentication.getAuthorities());
+        if (roles.contains("ROLE_ADMIN")) {
+            response.sendRedirect("/admin");
+        } else {
+            response.sendRedirect("/user");
+        }
+    }
+}
--- a/src/main/java/ru/ldeloff/hedgehogcloud/config/MvcConfig.java
+++ b/src/main/java/ru/ldeloff/hedgehogcloud/config/MvcConfig.java
@ -0,0 +1,13 @@
+package ru.ldeloff.hedgehogcloud.config;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+@Configuration
+public class MvcConfig implements WebMvcConfigurer {
+    @Override
+    public void addViewControllers(ViewControllerRegistry registry) {
+        registry.addViewController("/login").setViewName("login");
+    }
+}
--- a/src/main/java/ru/ldeloff/hedgehogcloud/config/WebSecurityConfig.java
+++ b/src/main/java/ru/ldeloff/hedgehogcloud/config/WebSecurityConfig.java
@ -0,0 +1,61 @@
+package ru.ldeloff.hedgehogcloud.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.NoOpPasswordEncoder;
+import ru.ldeloff.hedgehogcloud.service.UserService;
+
+
+@Configuration
+@EnableWebSecurity
+public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+    UserService userService;
+    AuthenticationSuccessUserHandler authenticationSuccessUserHandler;
+
+    public WebSecurityConfig(UserService userService, AuthenticationSuccessUserHandler authenticationSuccessUserHandler) {
+        this.userService = userService;
+        this.authenticationSuccessUserHandler = authenticationSuccessUserHandler;
+    }
+
+    @Bean
+    public BCryptPasswordEncoder bCryptPasswordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.formLogin()
+                // указываем страницу с формой логина
+                .loginPage("/login")
+                //указываем логику обработки при логине
+                .successHandler(authenticationSuccessUserHandler)
+                // указываем action с формы логина
+                .loginProcessingUrl("/login")
+                // указываем параметры логина и пароля с формы логина
+                .usernameParameter("j_username")
+                .passwordParameter("j_password")
+                // даем доступ к форме логина всем
+                .permitAll();
+        http
+                // делаем страницу регистрации недоступной для авторизированных пользователей
+                .authorizeRequests()
+                //страницы аутентификации доступна всем
+                .antMatchers("/login").anonymous()
+                .antMatchers("/").authenticated()
+                // защищенные URL
+                .antMatchers("/admin/**").access("hasAnyRole('ROLE_ADMIN')")
+                .antMatchers("/user").permitAll()
+                .and().formLogin();
+    }
+
+    @Autowired
+    protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+        auth.userDetailsService(userService).passwordEncoder(NoOpPasswordEncoder.getInstance());
+    }
+}
--- a/src/main/java/ru/ldeloff/hedgehogcloud/controller/LoginController.java
+++ b/src/main/java/ru/ldeloff/hedgehogcloud/controller/LoginController.java
@ -0,0 +1,13 @@
+package ru.ldeloff.hedgehogcloud.controller;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
+
+@Controller
+public class LoginController {
+
+    @GetMapping(value = "/login")
+    public String loginPage() {
+        return "login";
+    }
+}
--- a/src/main/java/ru/ldeloff/hedgehogcloud/entity/RoleEntity.java
+++ b/src/main/java/ru/ldeloff/hedgehogcloud/entity/RoleEntity.java
@ -0,0 +1,31 @@
+package ru.ldeloff.hedgehogcloud.entity;
+
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.transaction.annotation.Transactional;
+
+import javax.persistence.Entity;
+import javax.persistence.Id;
+import javax.persistence.Table;
+import javax.persistence.Transient;
+import java.util.Set;
+
+@NoArgsConstructor
+@Getter
+@Setter
+@Entity
+@Table(name = "roles")
+public class RoleEntity implements GrantedAuthority {
+    @Id
+    private String id;
+    private String name;
+    @Transient
+    private Set<UserEntity> users;
+
+    @Override
+    public String getAuthority() {
+        return getName();
+    }
+}
--- a/src/main/java/ru/ldeloff/hedgehogcloud/entity/UserEntity.java
+++ b/src/main/java/ru/ldeloff/hedgehogcloud/entity/UserEntity.java
@ -0,0 +1,63 @@
+package ru.ldeloff.hedgehogcloud.entity;
+
+import lombok.AccessLevel;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+
+import javax.persistence.*;
+import java.util.Collection;
+import java.util.Set;
+
+@NoArgsConstructor
+@Getter
+@Setter
+@Entity
+@Table(name = "users")
+public class UserEntity implements UserDetails {
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private String id;
+    private String username;
+    private String password;
+
+    @ManyToMany(fetch = FetchType.EAGER)
+    private Set<RoleEntity> roles;
+
+    @Override
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+        return null;
+    }
+
+    @Override
+    public String getPassword() {
+        return password;
+    }
+
+    @Override
+    public String getUsername() {
+        return username;
+    }
+
+    @Override
+    public boolean isAccountNonExpired() {
+        return true;
+    }
+
+    @Override
+    public boolean isAccountNonLocked() {
+        return true;
+    }
+
+    @Override
+    public boolean isCredentialsNonExpired() {
+        return true;
+    }
+
+    @Override
+    public boolean isEnabled() {
+        return true;
+    }
+}
--- a/src/main/java/ru/ldeloff/hedgehogcloud/repository/RoleRepository.java
+++ b/src/main/java/ru/ldeloff/hedgehogcloud/repository/RoleRepository.java
@ -0,0 +1,7 @@
+package ru.ldeloff.hedgehogcloud.repository;
+
+import org.springframework.data.jpa.repository.JpaRepository;
+import ru.ldeloff.hedgehogcloud.entity.RoleEntity;
+
+public interface RoleRepository extends JpaRepository<RoleEntity, String> {
+}
--- a/src/main/java/ru/ldeloff/hedgehogcloud/repository/UserRepository.java
+++ b/src/main/java/ru/ldeloff/hedgehogcloud/repository/UserRepository.java
@ -0,0 +1,8 @@
+package ru.ldeloff.hedgehogcloud.repository;
+
+import org.springframework.data.jpa.repository.JpaRepository;
+import ru.ldeloff.hedgehogcloud.entity.UserEntity;
+
+public interface UserRepository extends JpaRepository<UserEntity, String> {
+    UserEntity findByUsername(String username);
+}
--- a/src/main/java/ru/ldeloff/hedgehogcloud/service/UserService.java
+++ b/src/main/java/ru/ldeloff/hedgehogcloud/service/UserService.java
@ -0,0 +1,38 @@
+package ru.ldeloff.hedgehogcloud.service;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.stereotype.Service;
+import ru.ldeloff.hedgehogcloud.entity.UserEntity;
+import ru.ldeloff.hedgehogcloud.repository.RoleRepository;
+import ru.ldeloff.hedgehogcloud.repository.UserRepository;
+
+import javax.persistence.Entity;
+import javax.persistence.EntityManager;
+import javax.persistence.PersistenceContext;
+
+
+@Service
+public class UserService implements UserDetailsService {
+    UserRepository userRepository;
+    RoleRepository roleRepository;
+
+    @Autowired
+    public UserService(UserRepository userRepository,
+                       RoleRepository roleRepository) {
+        this.userRepository = userRepository;
+        this.roleRepository = roleRepository;
+    }
+
+    @Override
+    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+        UserEntity user = userRepository.findByUsername(username);
+        if (user == null) {
+            throw new UsernameNotFoundException("User not found");
+        }
+        return user;
+    }
+}
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@ -0,0 +1,14 @@
+spring:
+  datasource:
+    driver-class-name: com.mysql.cj.jdbc.Driver
+    url: jdbc:mysql://localhost:3306/hedgehogcloud?verifyServerCertificate=false&useSSL=false&requireSSL=false&useLegacyDatetimeCode=false&amp&serverTimezone=UTC&allowPublicKeyRetrieval=true
+    username: root
+    password: 123
+  liquibase:
+    enabled: true
+    change-log: classpath:db/scripts/changelog-master.xml
+    url: jdbc:mysql://localhost:3306/hedgehogcloud?verifyServerCertificate=false&useSSL=false&requireSSL=false&useLegacyDatetimeCode=false&amp&serverTimezone=UTC&allowPublicKeyRetrieval=true
+    user: root
+    password: 123
+    liquibase-schema: "liquibase"
+    default-schema: "hedgehogcloud"
--- a/src/main/resources/templates/login.html
+++ b/src/main/resources/templates/login.html
@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
+<head>
+    <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">
+    <meta charset="UTF-8">
+    <title>Login Page</title>
+</head>
+<body class="text-center">
+<body style="background-color:#f1efef">
+<div class="row">
+    <div class="col"></div>
+    <div class="col">
+        <form method="POST" action="/login">
+            <div class="text-center p-5">
+                <p class="h2 fw-bold" style="text-align: Left">Please sign in</p>
+                <input name="j_username" class="form-control" placeholder="Email address" size="45" type="email">
+                <input name="j_password" class="form-control" placeholder="Password" size="45" type="password">
+                <button class="w-100 btn btn-lg btn-primary" type="submit">Sign in</button>
+            </div>
+        </form>
+    </div>
+    <div class="col"></div>
+</div>
+</body>
+</body>
+</html>