Commit 38d05540 authored by Spiros Koulouzis's avatar Spiros Koulouzis

implemented simpe auth

parent 614a14e2
......@@ -15,11 +15,15 @@
*/
package nl.uva.sne.drip.api.conf;
import nl.uva.sne.drip.api.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
/**
*
......@@ -29,10 +33,21 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
UserService userService;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("pwd").roles("USER");
// auth
// .inMemoryAuthentication()
// .withUser("user").password("pwd").roles("USER");
auth.userDetailsService(userService).passwordEncoder(passwordEncoder());
}
@Bean
public PasswordEncoder passwordEncoder() {
PasswordEncoder encoder = new BCryptPasswordEncoder();
return encoder;
}
}
......@@ -15,24 +15,42 @@
*/
package nl.uva.sne.drip.api.service;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import nl.uva.sne.drip.api.dao.UserDao;
import nl.uva.sne.drip.commons.types.User;
import nl.uva.sne.drip.commons.types.UserRole;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
/**
*
* @author S. Koulouzis
*/
//@Service
public class UserService {// implements UserDetailsService {
@Service
public class UserService implements UserDetailsService {
// @Autowired
// UserDao dao;
// @Override
// public UserDetails loadUserByUsername(String string) throws UsernameNotFoundException {
// throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
// }
@Autowired
UserDao dao;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
try {
User user = dao.findByUsername(username);
return user;
} catch (Exception ex) {
Logger.getLogger(UserService.class.getName()).log(Level.SEVERE, null, ex);
}
return null;
}
}
......@@ -15,16 +15,14 @@
*/
package nl.uva.sne.drip.commons.types;
import nl.uva.sne.drip.commons.utils.PasswordUtil;
import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import java.util.Collection;
import java.util.List;
import java.util.Set;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.annotation.Id;
import org.springframework.data.mongodb.core.mapping.Document;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
/**
*
......@@ -33,52 +31,39 @@ import org.springframework.security.core.userdetails.UserDetails;
@JsonIgnoreProperties({"password"})
@Document
public class User implements UserDetails {
@Id
private String id;
private String username;
@JsonIgnore
private Collection<? extends GrantedAuthority> athorities;
private String password;
private Set<UserRole> roles;
private boolean expired;
private boolean nonLocked;
private String username;
private boolean accountNonExpired;
private boolean accountNonLocked;
private boolean credentialsNonExpired;
private boolean enabled;
private Collection<? extends GrantedAuthority> authorities;
public void setPassword(String password) throws Exception {
this.password = PasswordUtil.hash(password);
}
public boolean isValide(String password) throws Exception {
if (this.password != null && password != null) {
return PasswordUtil.validate(this.password, password);
}
return false;
}
public Set<UserRole> getRoles() {
return roles;
}
public void setRoles(Set<UserRole> roles) {
this.roles = roles;
}
/**
* @return the id
*/
public String getId() {
return id;
}
/**
* @param id the id to set
*/
public void setId(String id) {
this.id = id;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return this.authorities;
return this.athorities;
}
@Override
public String getPassword() {
return this.password;
}
@Override
......@@ -88,12 +73,12 @@ public class User implements UserDetails {
@Override
public boolean isAccountNonExpired() {
return this.expired;
return this.accountNonExpired;
}
@Override
public boolean isAccountNonLocked() {
return this.nonLocked;
return this.accountNonLocked;
}
@Override
......@@ -106,8 +91,53 @@ public class User implements UserDetails {
return this.enabled;
}
@Override
public String getPassword() {
return this.password;
/**
* @param athorities the athorities to set
*/
public void setAthorities(Collection<? extends GrantedAuthority> athorities) {
this.athorities = athorities;
}
/**
* @param password the password to set
*/
public void setPassword(String password) {
this.password = password;
}
/**
* @param username the username to set
*/
public void setUsername(String username) {
this.username = username;
}
/**
* @param accountNonExpired the accountNonExpired to set
*/
public void setAccountNonExpired(boolean accountNonExpired) {
this.accountNonExpired = accountNonExpired;
}
/**
* @param accountNonLocked the accountNonLocked to set
*/
public void setAccountNonLocked(boolean accountNonLocked) {
this.accountNonLocked = accountNonLocked;
}
/**
* @param credentialsNonExpired the credentialsNonExpired to set
*/
public void setCredentialsNonExpired(boolean credentialsNonExpired) {
this.credentialsNonExpired = credentialsNonExpired;
}
/**
* @param enabled the enabled to set
*/
public void setEnabled(boolean enabled) {
this.enabled = enabled;
}
}
/*
* Copyright 2017 S. Koulouzis, Wang Junchao, Huan Zhou, Yang Hu
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package nl.uva.sne.drip.commons.utils;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
/**
*
* @author S. Koulouzis
*/
public class PasswordUtil {
public static String hash(String password) throws NoSuchAlgorithmException {
MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
messageDigest.update(password.getBytes());
return new String(messageDigest.digest());
}
public static boolean validate(String password, String password0) throws NoSuchAlgorithmException {
MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
messageDigest.update(password.getBytes());
String h1 = new String(messageDigest.digest());
messageDigest.update(password0.getBytes());
String h2 = new String(messageDigest.digest());
return h1.equals(h2);
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment