implemented simpe auth

38d05540 · Spiros Koulouzis · 614a14e2 · 38d05540 · 38d05540 · 38d05540
Commit 38d05540 authored Feb 14, 2017 by Spiros Koulouzis
4 changed files
--- a/drip-api/src/main/java/nl/uva/sne/drip/api/conf/SecurityConfig.java
+++ b/drip-api/src/main/java/nl/uva/sne/drip/api/conf/SecurityConfig.java
@@ -15,11 +15,15 @@
 */
 package nl.uva.sne.drip.api.conf;

+import nl.uva.sne.drip.api.service.UserService;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;

 /**
 *
@@ -29,10 +33,21 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 @EnableWebSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {

+    @Autowired
+    UserService userService;
+
    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
-        auth
-                .inMemoryAuthentication()
-                .withUser("user").password("pwd").roles("USER");
+//        auth
+//                .inMemoryAuthentication()
+//                .withUser("user").password("pwd").roles("USER");
+        auth.userDetailsService(userService).passwordEncoder(passwordEncoder());
    }
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        PasswordEncoder encoder = new BCryptPasswordEncoder();
+        return encoder;
+    }
+
 }
--- a/drip-api/src/main/java/nl/uva/sne/drip/api/service/UserService.java
+++ b/drip-api/src/main/java/nl/uva/sne/drip/api/service/UserService.java
@@ -15,24 +15,42 @@
 */
 package nl.uva.sne.drip.api.service;

+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Set;
+import java.util.logging.Level;
+import java.util.logging.Logger;
 import nl.uva.sne.drip.api.dao.UserDao;
+import nl.uva.sne.drip.commons.types.User;
+import nl.uva.sne.drip.commons.types.UserRole;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;

 /**
 *
 * @author S. Koulouzis
 */
-//@Service
-public class UserService {// implements UserDetailsService {
+@Service
+public class UserService implements UserDetailsService {

-//    @Autowired
-//    UserDao dao;
-//    @Override
-//    public UserDetails loadUserByUsername(String string) throws UsernameNotFoundException {
-//        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
-//    }
+    @Autowired
+    UserDao dao;
+
+    @Override
+    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+        try {
+            User user = dao.findByUsername(username);
+            return user;
+        } catch (Exception ex) {
+            Logger.getLogger(UserService.class.getName()).log(Level.SEVERE, null, ex);
+        }
+        return null;
+    }
 }
--- a/drip-commons/src/main/java/nl/uva/sne/drip/commons/types/User.java
+++ b/drip-commons/src/main/java/nl/uva/sne/drip/commons/types/User.java
@@ -15,16 +15,14 @@
 */
 package nl.uva.sne.drip.commons.types;

-import nl.uva.sne.drip.commons.utils.PasswordUtil;
-import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import java.util.Collection;
-import java.util.List;
-import java.util.Set;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.annotation.Id;
 import org.springframework.data.mongodb.core.mapping.Document;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

 /**
 *
@@ -33,52 +31,39 @@ import org.springframework.security.core.userdetails.UserDetails;
 @JsonIgnoreProperties({"password"})
 @Document
 public class User implements UserDetails {
-
+    
    @Id
    private String id;
-
-    private String username;
-
-    @JsonIgnore
+    private Collection<? extends GrantedAuthority> athorities;
    private String password;
-
-    private Set<UserRole> roles;
-    private boolean expired;
-    private boolean nonLocked;
+    private String username;
+    private boolean accountNonExpired;
+    private boolean accountNonLocked;
    private boolean credentialsNonExpired;
    private boolean enabled;
-    private Collection<? extends GrantedAuthority> authorities;
-
-    public void setPassword(String password) throws Exception {
-        this.password = PasswordUtil.hash(password);
-    }
-
-    public boolean isValide(String password) throws Exception {
-        if (this.password != null && password != null) {
-            return PasswordUtil.validate(this.password, password);
-        }
-        return false;
-    }
-
-    public Set<UserRole> getRoles() {
-        return roles;
-    }
-
-    public void setRoles(Set<UserRole> roles) {
-        this.roles = roles;
-    }

+    /**
+     * @return the id
+     */
    public String getId() {
        return id;
    }

+    /**
+     * @param id the id to set
+     */
    public void setId(String id) {
        this.id = id;
    }

    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
-        return this.authorities;
+        return this.athorities;
+    }
+
+    @Override
+    public String getPassword() {
+        return this.password;
    }

    @Override
@@ -88,12 +73,12 @@ public class User implements UserDetails {

    @Override
    public boolean isAccountNonExpired() {
-        return this.expired;
+        return this.accountNonExpired;
    }

    @Override
    public boolean isAccountNonLocked() {
-        return this.nonLocked;
+        return this.accountNonLocked;
    }

    @Override
@@ -106,8 +91,53 @@ public class User implements UserDetails {
        return this.enabled;
    }

-    @Override
-    public String getPassword() {
-        return this.password;
+    /**
+     * @param athorities the athorities to set
+     */
+    public void setAthorities(Collection<? extends GrantedAuthority> athorities) {
+        this.athorities = athorities;
    }
+
+    /**
+     * @param password the password to set
+     */
+    public void setPassword(String password) {
+        this.password = password;
+    }
+
+    /**
+     * @param username the username to set
+     */
+    public void setUsername(String username) {
+        this.username = username;
+    }
+
+    /**
+     * @param accountNonExpired the accountNonExpired to set
+     */
+    public void setAccountNonExpired(boolean accountNonExpired) {
+        this.accountNonExpired = accountNonExpired;
+    }
+
+    /**
+     * @param accountNonLocked the accountNonLocked to set
+     */
+    public void setAccountNonLocked(boolean accountNonLocked) {
+        this.accountNonLocked = accountNonLocked;
+    }
+
+    /**
+     * @param credentialsNonExpired the credentialsNonExpired to set
+     */
+    public void setCredentialsNonExpired(boolean credentialsNonExpired) {
+        this.credentialsNonExpired = credentialsNonExpired;
+    }
+
+    /**
+     * @param enabled the enabled to set
+     */
+    public void setEnabled(boolean enabled) {
+        this.enabled = enabled;
+    }
+
 }
--- a/drip-commons/src/main/java/nl/uva/sne/drip/commons/utils/PasswordUtil.java
+++ b/drip-commons/src/main/java/nl/uva/sne/drip/commons/utils/PasswordUtil.java
-/*
- * Copyright 2017 S. Koulouzis, Wang Junchao, Huan Zhou, Yang Hu 
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package nl.uva.sne.drip.commons.utils;
-
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-
-/**
- *
- * @author S. Koulouzis
- */
-public class PasswordUtil {
-
-    public static String hash(String password) throws NoSuchAlgorithmException {
-        MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
-        messageDigest.update(password.getBytes());
-        return new String(messageDigest.digest());
-    }
-
-    public static boolean validate(String password, String password0) throws NoSuchAlgorithmException {
-        MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
-        messageDigest.update(password.getBytes());
-        String h1 = new String(messageDigest.digest());
-
-        messageDigest.update(password0.getBytes());
-        String h2 = new String(messageDigest.digest());
-
-        return h1.equals(h2);
-    }
-
-}