complete registration and login

author: realtradam <[email protected]> 2024-07-13 04:23:01 -0400
committer: realtradam <[email protected]> 2024-07-13 04:23:01 -0400
commit: 2f91d2067e7da107a83225f063216c0c6dd7b7cc (patch)
tree: ec01de8f39b22c010e653f397de5f74d040259b2 /src/main/java
parent: ff63bacc647a20c59ce642a4d6b647c3a4290418 (diff)
download: spring-blog-2f91d2067e7da107a83225f063216c0c6dd7b7cc.tar.gz
spring-blog-2f91d2067e7da107a83225f063216c0c6dd7b7cc.zip
4 files changed, 69 insertions, 4 deletions
diff --git a/src/main/java/com/blog/web/repository/UserRepository.java b/src/main/java/com/blog/web/repository/UserRepository.java
index af67f58..c304fc0 100644
--- a/src/main/java/com/blog/web/repository/UserRepository.java
+++ b/src/main/java/com/blog/web/repository/UserRepository.java
@@ -6,4 +6,6 @@ import org.springframework.data.jpa.repository.JpaRepository;
 public interface UserRepository extends JpaRepository<UserEntity, Long> {
     UserEntity findByEmail(String email);
     UserEntity findByUsername(String username);
+
+    UserEntity findFirstByUsername(String username);
 }
diff --git a/src/main/java/com/blog/web/security/CustomUserDetailsService.java b/src/main/java/com/blog/web/security/CustomUserDetailsService.java
new file mode 100644
index 0000000..a7516f3
--- /dev/null
+++ b/src/main/java/com/blog/web/security/CustomUserDetailsService.java
@@ -0,0 +1,38 @@
+package com.blog.web.security;
+
+import com.blog.web.models.UserEntity;
+import com.blog.web.repository.UserRepository;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Service;
+
+import java.util.stream.Collectors;
+
+@Service
+public class CustomUserDetailsService implements UserDetailsService {
+    private UserRepository userRepository;
+
+    public CustomUserDetailsService(UserRepository userRepository) {
+        this.userRepository = userRepository;
+    }
+
+    @Override
+    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+        UserEntity user = userRepository.findFirstByUsername(username);
+        if(user != null) {
+            User authUser = new User(
+                    user.getEmail(),
+                    user.getPassword(),
+                    user.getRoles().stream().map((role) -> new SimpleGrantedAuthority(role.getName()))
+                            .collect(Collectors.toList())
+            );
+            return authUser;
+        }
+        else {
+            throw new UsernameNotFoundException("Invalid username or password");
+        }
+    }
+}
diff --git a/src/main/java/com/blog/web/security/SecurityConfig.java b/src/main/java/com/blog/web/security/SecurityConfig.java
index 1471d0f..49b3402 100644
--- a/src/main/java/com/blog/web/security/SecurityConfig.java
+++ b/src/main/java/com/blog/web/security/SecurityConfig.java
@@ -2,9 +2,12 @@ package com.blog.web.security;
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 
@@ -12,13 +15,24 @@ import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 @EnableWebSecurity
 @EnableMethodSecurity(securedEnabled = true)
 public class SecurityConfig {
+    private CustomUserDetailsService userDetailsService;
+
+    public SecurityConfig(CustomUserDetailsService userDetailsService) {
+        this.userDetailsService = userDetailsService;
+    }
+
+    @Bean
+    public static PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         // disabling csrf leaves us vulnerable, in a real production app do not do this
         http.csrf(c -> c.disable())
                 .cors(c -> c.disable())
                 .authorizeHttpRequests( auths -> auths
-                        .requestMatchers("/login", "/register", "/articles", "/css/**", "/js/**")
+                        .anyRequest()
                         .permitAll()
                 )
                 .formLogin(form -> form
@@ -35,4 +49,8 @@ public class SecurityConfig {
                                 .logoutSuccessUrl("/articles"));
         return http.build();
     }
+
+    public void configure(AuthenticationManagerBuilder builder) throws Exception {
+        builder.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
+    }
 }
diff --git a/src/main/java/com/blog/web/services/impl/UserServiceImpl.java b/src/main/java/com/blog/web/services/impl/UserServiceImpl.java
index 06dbc22..b197af6 100644
--- a/src/main/java/com/blog/web/services/impl/UserServiceImpl.java
+++ b/src/main/java/com/blog/web/services/impl/UserServiceImpl.java
@@ -6,6 +6,7 @@ import com.blog.web.models.UserEntity;
 import com.blog.web.repository.RoleRepository;
 import com.blog.web.repository.UserRepository;
 import com.blog.web.services.UserService;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 
 import java.util.Arrays;
@@ -14,10 +15,15 @@ import java.util.Arrays;
 public class UserServiceImpl implements UserService {
     private UserRepository userRepository;
     private RoleRepository roleRepository;
+    private PasswordEncoder passwordEncoder;
 
-    public UserServiceImpl(UserRepository userRepository, RoleRepository roleRepository) {
+    public UserServiceImpl(
+            UserRepository userRepository,
+            RoleRepository roleRepository,
+            PasswordEncoder passwordEncoder) {
         this.userRepository = userRepository;
         this.roleRepository = roleRepository;
+        this.passwordEncoder = passwordEncoder;
     }
 
     @Override
@@ -27,8 +33,9 @@ public class UserServiceImpl implements UserService {
         user.setEmail(registrationDto.getEmail());
         // this is an unsafe way to store passwords in production
         // it is left this way only because this is a practice project
-        user.setPassword(registrationDto.getPassword());
-        
+        //user.setPassword(registrationDto.getPassword());
+        user.setPassword(passwordEncoder.encode(registrationDto.getPassword()));
+
         Role role = roleRepository.findByName("User");
         user.setRoles(Arrays.asList(role));
         userRepository.save(user);
author	realtradam <[email protected]>	2024-07-13 04:23:01 -0400
committer	realtradam <[email protected]>	2024-07-13 04:23:01 -0400
commit	2f91d2067e7da107a83225f063216c0c6dd7b7cc (patch)
tree	ec01de8f39b22c010e653f397de5f74d040259b2 /src/main/java
parent	ff63bacc647a20c59ce642a4d6b647c3a4290418 (diff)
download	spring-blog-2f91d2067e7da107a83225f063216c0c6dd7b7cc.tar.gz spring-blog-2f91d2067e7da107a83225f063216c0c6dd7b7cc.zip