Refactoring

Signed-off-by: Kvark900 <kvant800@gmail.com>

Author: Kvark900

pom.xml

@@ -11,7 +11,7 @@
 <parent>
 <groupId>org.springframework.boot</groupId>
 <artifactId>spring-boot-starter-parent</artifactId>
-<version>1.5.4.RELEASE</version>
+<version>2.1.8.RELEASE</version>
 </parent>
 
 <properties>
@@ -50,20 +50,14 @@
 <dependency>
 <groupId>org.springframework.boot</groupId>
 <artifactId>spring-boot-starter-security</artifactId>
-<version>1.5.9.RELEASE</version>
+<version>2.1.8.RELEASE</version>
 </dependency>
 <!-- https://mvnrepository.com/artifact/io.jsonwebtoken/jjwt -->
 <dependency>
 <groupId>io.jsonwebtoken</groupId>
 <artifactId>jjwt</artifactId>
 <version>0.9.0</version>
 </dependency>
-<dependency>
-<groupId>com.fasterxml.jackson.datatype</groupId>
-<artifactId>jackson-datatype-hibernate4</artifactId>
-</dependency>
-
-
 </dependencies>
 
 <build>

routes-test.http

@@ -0,0 +1,33 @@
+###
+GET http://localhost:8080/authors
+Content-Type: application/json
+Authorization: Bearer eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbiIsImV4cCI6MTU4NTQ4MTgzOSwiaWF0IjoxNTg0ODc3MDM5fQ.NwFdUKJqmyAvkLvX5g90Q-d1eL4i3lHOR0oK9SRDjwdI0i5I9G5D3T-P3grvteiCatZ3672Gd9Ojoq5hvJDJPA
+
+###
+GET http://localhost:8080/books
+Content-Type: application/json
+Authorization: Bearer eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbiIsImV4cCI6MTU4NTQ4MTgzOSwiaWF0IjoxNTg0ODc3MDM5fQ.NwFdUKJqmyAvkLvX5g90Q-d1eL4i3lHOR0oK9SRDjwdI0i5I9G5D3T-P3grvteiCatZ3672Gd9Ojoq5hvJDJPA
+
+
+### Bad credentials
+POST http://localhost:8080/auth
+Content-Type: application/json
+
+{
+ "username": "admin",
+ "password": "admin1"
+}
+
+###
+
+### Succces
+POST http://localhost:8080/auth
+Content-Type: application/json
+
+{
+ "username": "admin",
+ "password": "admin"
+}
+
+###
+

src/main/java/com/kvark900/BootifulApplication.java

@@ -1,7 +1,5 @@
 package com.kvark900;
 
-import com.fasterxml.jackson.databind.Module;
-import com.fasterxml.jackson.datatype.hibernate4.Hibernate4Module;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.context.annotation.Bean;
@@ -28,9 +26,4 @@ public void addCorsMappings(CorsRegistry registry) {
 };
 }
 
-@Bean
-public Module hibernate4Module()
-{
-return new Hibernate4Module();
-}
 }

src/main/java/com/kvark900/api/configuration/setupDataLoaders/TopicsAuthorsBooksLoader.java renamed to src/main/java/com/kvark900/api/configuration/dataLoaders/TopicsAuthorsBooksLoader.java

@@ -1,4 +1,4 @@
-package com.kvark900.api.configuration.setupDataLoaders;
+package com.kvark900.api.configuration.dataLoaders;
 
 import com.kvark900.api.model.Author;
 import com.kvark900.api.model.Book;

src/main/java/com/kvark900/api/configuration/dataLoaders/UsersLoader.java

@@ -0,0 +1,67 @@
+package com.kvark900.api.configuration.dataLoaders;
+
+import com.kvark900.api.configuration.security.user.*;
+import org.springframework.context.ApplicationListener;
+import org.springframework.context.event.ContextRefreshedEvent;
+import org.springframework.stereotype.Component;
+import org.springframework.transaction.annotation.Transactional;
+
+import java.util.Collections;
+import java.util.Date;
+import java.util.List;
+
+@Component
+public class UsersLoader implements ApplicationListener<ContextRefreshedEvent> {
+ private boolean dataLoaded = false;
+ private RoleService roleService;
+ private UserService userService;
+
+ public UsersLoader(RoleService roleService, UserService userService) {
+ this.roleService = roleService;
+ this.userService = userService;
+ }
+
+ @Override
+ @Transactional
+ public void onApplicationEvent(final ContextRefreshedEvent contextRefreshedEvent) {
+ if (dataLoaded) return;
+ List<Role> adminRoles = Collections.singletonList(createRoleIfNotFound(RoleName.ROLE_ADMIN));
+ List<Role> userRoles = Collections.singletonList(createRoleIfNotFound(RoleName.ROLE_USER));
+ createUserIfNotFound("admin", "$2a$08$lDnHPz7eUkSi6ao14Twuau08mzhWrL4kyZGGU5xfiGALO/Vxd5DOi",
+ "admin", "admin", "admin@admin.com",
+ true, new Date(1514764800000L), adminRoles);
+ createUserIfNotFound("user", "$2a$08$UkVvwpULis18S19S5pZFn.YHPZt3oaqHZnDwqbCW9pft6uFtkXKDC",
+ "user", "user", "enabled@user.com",
+ true, new Date(1514764800000L), userRoles);
+ createUserIfNotFound("disabled", "$2a$08$UkVvwpULis18S19S5pZFn.YHPZt3oaqHZnDwqbCW9pft6uFtkXKDC",
+ "user", "user", "disabled@user.com",
+ false, new Date(1514764800000L), userRoles);
+ dataLoaded = true;
+ }
+
+ @Transactional
+ Role createRoleIfNotFound(RoleName name) {
+ if (roleService.roleExists(name)) return null;
+ Role role = new Role(name);
+ roleService.save(role);
+ return role;
+ }
+
+ @Transactional
+ void createUserIfNotFound(String userName, String password, String firstName,
+ String lastName, String email, boolean enabled,
+ Date lastPasswordResetDate, List<Role> roles) {
+ if (userService.userExists(email)) return;
+ User user = new User();
+ user.setUsername(userName);
+ user.setPassword(password);
+ user.setFirstname(firstName);
+ user.setLastname(lastName);
+ user.setEmail(email);
+ user.setEnabled(enabled);
+ user.setLastPasswordResetDate(lastPasswordResetDate);
+ user.setRoles(roles);
+ userService.save(user);
+ }
+}
+

src/main/java/com/kvark900/api/configuration/security/JwtAuthenticationRequest.java renamed to src/main/java/com/kvark900/api/configuration/security/AuthenticationRequest.java

@@ -3,18 +3,18 @@
 import java.io.Serializable;
 
 
-public class JwtAuthenticationRequest implements Serializable {
+public class AuthenticationRequest implements Serializable {
 
  private static final long serialVersionUID = -8445943548965154778L;
 
  private String username;
  private String password;
 
- public JwtAuthenticationRequest() {
+ public AuthenticationRequest() {
  super();
  }
 
- public JwtAuthenticationRequest(String username, String password) {
+ public AuthenticationRequest(String username, String password) {
  this.setUsername(username);
  this.setPassword(password);
  }

src/main/java/com/kvark900/api/configuration/security/JwtAuthenticationResponse.java renamed to src/main/java/com/kvark900/api/configuration/security/AuthenticationResponse.java

@@ -3,13 +3,13 @@
 import java.io.Serializable;
 
 
-public class JwtAuthenticationResponse implements Serializable {
+public class AuthenticationResponse implements Serializable {
 
  private static final long serialVersionUID = 1250166508152483573L;
 
  private final String token;
 
- public JwtAuthenticationResponse(String token) {
+ public AuthenticationResponse(String token) {
  this.token = token;
  }
 

src/main/java/com/kvark900/api/configuration/security/JWTTokenFilter.java

@@ -0,0 +1,78 @@
+package com.kvark900.api.configuration.security;
+
+import io.jsonwebtoken.ExpiredJwtException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+public class JWTTokenFilter extends OncePerRequestFilter {
+
+ private final Logger logger = LoggerFactory.getLogger(this.getClass());
+
+ private UserDetailsService userDetailsService;
+ private JWTUtil jwtUtil;
+ private String tokenHeader;
+
+ public JWTTokenFilter(UserDetailsService userDetailsService, JWTUtil jwtUtil, String tokenHeader) {
+ this.userDetailsService = userDetailsService;
+ this.jwtUtil = jwtUtil;
+ this.tokenHeader = tokenHeader;
+ }
+
+ @Override
+ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
+ authorizeRequest(request);
+ chain.doFilter(request, response);
+ }
+
+ private void authorizeRequest(HttpServletRequest request) {
+ logger.debug("Processing authentication for '{}'", request.getRequestURL());
+
+ final String requestHeader = request.getHeader(this.tokenHeader);
+
+ if (requestHeader == null || !requestHeader.startsWith("Bearer ")) {
+ logger.warn("Authorization failed. No JWT token found");
+ return;
+ }
+
+ String username;
+ String authToken = requestHeader.substring(7);
+
+ try {
+ username = jwtUtil.getUsernameFromToken(authToken);
+ } catch (IllegalArgumentException e) {
+ logger.error("Error during getting username from token", e);
+ return;
+ } catch (ExpiredJwtException e) {
+ logger.warn("The token has expired", e);
+ return;
+ }
+
+ if (username == null || SecurityContextHolder.getContext().getAuthentication() != null) return;
+
+ logger.debug("Security context was null, so authorizing user '{}'...", username);
+
+ UserDetails userDetails = this.userDetailsService.loadUserByUsername(username);
+
+ if (!jwtUtil.validateToken(authToken, userDetails)) {
+ logger.error("Not a valid token!!!");
+ return;
+ }
+
+ UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
+ authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
+ logger.info("Authorized user '{}', setting security context...", username);
+ SecurityContextHolder.getContext().setAuthentication(authentication);
+ }
+}

src/main/java/com/kvark900/api/configuration/security/JwtTokenUtil.java renamed to src/main/java/com/kvark900/api/configuration/security/JWTUtil.java

@@ -16,7 +16,7 @@
 import java.util.function.Function;
 
 @Component
-public class JwtTokenUtil implements Serializable {
+public class JWTUtil implements Serializable {
 
  static final String CLAIM_KEY_USERNAME = "sub";
  static final String CLAIM_KEY_CREATED = "iat";