try to add AA

drip-api/src/main/java/nl/uva/sne/drip/api/conf/HelloWebSecurityConfiguration.java

+/*
+ * Copyright 2017 S. Koulouzis, Wang Junchao, Huan Zhou, Yang Hu 
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package nl.uva.sne.drip.api.conf;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+@Configuration
+@EnableWebSecurity
+public class HelloWebSecurityConfiguration
+        extends WebSecurityConfigurerAdapter {
+
+    @Autowired
+    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+        auth
+                .inMemoryAuthentication()
+                .withUser("user").password("password").roles("USER");
+    }
+}

drip-api/src/main/java/nl/uva/sne/drip/api/conf/MongoConfig.java

@@ -17,18 +17,12 @@ package nl.uva.sne.drip.api.conf;
 
 import com.mongodb.Mongo;
 import com.mongodb.MongoClient;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
-import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.PropertySource;
 import org.springframework.context.annotation.PropertySources;
-import org.springframework.data.mongodb.MongoDbFactory;
 import org.springframework.data.mongodb.config.AbstractMongoConfiguration;
-import org.springframework.data.mongodb.core.convert.DbRefResolver;
-import org.springframework.data.mongodb.core.convert.DefaultDbRefResolver;
-import org.springframework.data.mongodb.core.convert.MappingMongoConverter;
-import org.springframework.data.mongodb.core.mapping.MongoMappingContext;
 import org.springframework.data.mongodb.repository.config.EnableMongoRepositories;
 
 /**
@@ -41,6 +35,7 @@ import org.springframework.data.mongodb.repository.config.EnableMongoRepositorie
     @PropertySource(value = "classpath:drip.properties", ignoreResourceNotFound = true),
     @PropertySource(value = "file:etc/drip.properties", ignoreResourceNotFound = true)
 })
+@ComponentScan("nl.uva.sne.drip")
 public class MongoConfig extends AbstractMongoConfiguration {
 
     @Value("${db.name}")
@@ -54,7 +49,6 @@ public class MongoConfig extends AbstractMongoConfiguration {
 //    private MongoDbFactory mongoFactory;
 //    @Autowired
 //    private MongoMappingContext mongoMappingContext;
-
     @Override
     protected String getDatabaseName() {
         return dbName;
@@ -69,14 +63,4 @@ public class MongoConfig extends AbstractMongoConfiguration {
     protected String getMappingBasePackage() {
         return "nl.uva.sne.drip";
     }
-
-//    @Bean
-//    public MappingMongoConverter mongoConverter() throws Exception {
-//        DbRefResolver dbRefResolver = new DefaultDbRefResolver(mongoFactory);
-//        MappingMongoConverter mongoConverter = new MappingMongoConverter(dbRefResolver, mongoMappingContext);
-//        mongoConverter.setMapKeyDotReplacement('\uff0E');
-//        mongoConverter.afterPropertiesSet();
-//        return mongoConverter;
-//    }
-
 }

drip-api/src/main/java/nl/uva/sne/drip/api/conf/Config.java → drip-api/src/main/java/nl/uva/sne/drip/api/conf/MultipartConfig.java

@@ -30,7 +30,7 @@ import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 })
 
 @EnableWebMvc
-public class Config {
+public class MultipartConfig {
 
     @Bean(name = "multipartResolver")
     public CommonsMultipartResolver createMultipartResolver() {

drip-api/src/main/java/nl/uva/sne/drip/api/conf/SecurityConfig.java

@@ -15,34 +15,77 @@
  */
 package nl.uva.sne.drip.api.conf;
 
+import nl.uva.sne.drip.api.service.UserService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
-import nl.uva.sne.drip.api.dao.UserDao;
 
 /**
  *
+ * @author S. Koulouzis
  */
+@Configuration
 @EnableWebSecurity
+@ComponentScan("nl.uva.sne.drip")
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
-    @Autowired
-    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
-//        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
+//    @Autowired
+//    private UserService userService;
 
-        auth.inMemoryAuthentication()
-                .withUser("user").password("password").roles("USER");
+//    @Autowired
+//    private AuthenticationFailureHandlerImpl authFailureHandler;
+//
+//    @Autowired
+//    private AuthenticationSuccessHandlerImpl authSuccessHandler;
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+//        auth
+//                .userDetailsService(userService).passwordEncoder(passwordEncoder());
+        auth.inMemoryAuthentication().withUser("mkyong").password("123456").roles("USER");
+        auth.inMemoryAuthentication().withUser("admin").password("123456").roles("ADMIN");
+        auth.inMemoryAuthentication().withUser("dba").password("123456").roles("DBA");
     }
 
-    @Bean
-    public PasswordEncoder passwordEncoder() {
-        PasswordEncoder encoder = new BCryptPasswordEncoder();
-        return encoder;
-    }
+//    @Override
+//    protected void configure(HttpSecurity http) throws Exception {
+//        http
+//                .sessionManagement()
+//                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+//                .and()
+//                .exceptionHandling()
+//                .authenticationEntryPoint(authenticationEntryPoint())
+//                .accessDeniedHandler(accessDeniedHandler())
+//                .and();
+//    }
+//
+//    @Bean(name = BeanIds.AUTHENTICATION_MANAGER)
+//    @Override
+//    public AuthenticationManager authenticationManagerBean() throws Exception {
+//        return super.authenticationManagerBean();
+//    }
+////
+//    @Bean
+//    public PasswordEncoder passwordEncoder() {
+//        PasswordEncoder encoder = new BCryptPasswordEncoder();
+//        return encoder;
+//    }
+////
+//    @Bean
+//    public AuthenticationEntryPoint authenticationEntryPoint() {
+//        AuthenticationEntryPoint authEp = new LoginUrlAuthenticationEntryPoint("/login.jsp");
+//        return authEp;
+//    }
+//
+//    @Bean
+//    public AccessDeniedHandler accessDeniedHandler() {
+//        AccessDeniedHandler accessDenied = new org.springframework.security.web.access.AccessDeniedHandlerImpl();
+//        return accessDenied;
+//    }
 
 }

drip-api/src/main/java/nl/uva/sne/drip/api/conf/WebAppInitializer.java

@@ -25,7 +25,7 @@ public class WebAppInitializer implements WebApplicationInitializer {
     @Override
     public void onStartup(ServletContext servletContext) throws ServletException {
         AnnotationConfigWebApplicationContext ctx = new AnnotationConfigWebApplicationContext();
-        ctx.register(Config.class);
+        ctx.register(MultipartConfig.class);
         ctx.register(MongoConfig.class);
 //        ctx.register(SecurityConfig.class);
 

drip-api/src/main/java/nl/uva/sne/drip/api/dao/UserDao.java

@@ -24,4 +24,6 @@ import org.springframework.data.mongodb.repository.MongoRepository;
  */
 public interface UserDao extends MongoRepository<User, String> {
 
+    public User findByUsername(String username);
+
 }

drip-api/src/main/java/nl/uva/sne/drip/api/rest/UserService.java → drip-api/src/main/java/nl/uva/sne/drip/api/service/UserService.java

@@ -13,14 +13,14 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package nl.uva.sne.drip.api.rest;
+package nl.uva.sne.drip.api.service;
 
+import nl.uva.sne.drip.api.dao.UserDao;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.stereotype.Service;
-import nl.uva.sne.drip.api.dao.UserDao;
 
 /**
  *
@@ -30,13 +30,11 @@ import nl.uva.sne.drip.api.dao.UserDao;
 public class UserService implements UserDetailsService {
 
     @Autowired
-    private UserDao userRepository;
+    UserDao dao;
 
     @Override
     public UserDetails loadUserByUsername(String string) throws UsernameNotFoundException {
-        
-        
-        return null;
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
     }
 
 }

drip-commons/src/main/java/nl/uva/sne/drip/commons/types/User.java

@@ -20,6 +20,7 @@ import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import java.util.Collection;
 import java.util.List;
+import java.util.Set;
 import org.springframework.data.annotation.Id;
 import org.springframework.data.mongodb.core.mapping.Document;
 import org.springframework.security.core.GrantedAuthority;
@@ -41,7 +42,7 @@ public class User implements UserDetails {
     @JsonIgnore
     private String password;
 
-    private List<String> roles;
+    private Set<UserRole> roles;
     private boolean expired;
     private boolean nonLocked;
     private boolean credentialsNonExpired;
@@ -59,11 +60,11 @@ public class User implements UserDetails {
         return false;
     }
 
-    public List<String> getRoles() {
+    public Set<UserRole> getRoles() {
         return roles;
     }
 
-    public void setRoles(List<String> roles) {
+    public void setRoles(Set<UserRole> roles) {
         this.roles = roles;
     }
 

drip-api/src/main/java/nl/uva/sne/drip/api/conf/MessageSecurityWebApplicationInitializer.java → drip-commons/src/main/java/nl/uva/sne/drip/commons/types/UserRole.java

@@ -13,8 +13,46 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package nl.uva.sne.drip.api.conf;
+package nl.uva.sne.drip.commons.types;
+
+import org.springframework.data.mongodb.core.mapping.Document;
+
+/**
+ *
+ * @author S. Koulouzis
+ */
+@Document
+public class UserRole {
+
+    private Integer userRoleId;
+    private String role;
+
+    /**
+     * @return the userRoleId
+     */
+    public Integer getUserRoleId() {
+        return userRoleId;
+    }
+
+    /**
+     * @param userRoleId the userRoleId to set
+     */
+    public void setUserRoleId(Integer userRoleId) {
+        this.userRoleId = userRoleId;
+    }
+
+    /**
+     * @return the role
+     */
+    public String getRole() {
+        return role;
+    }
+
+    /**
+     * @param role the role to set
+     */
+    public void setRole(String role) {
+        this.role = role;
+    }
 
-public class MessageSecurityWebApplicationInitializer{
-        //extends AbstractSecurityWebApplicationInitializer {
 }