stepus53/y
1
0
Fork 0
mirror of https://github.com/usatiuk/y.git synced 2025-10-28 10:37:47 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

require auth for everything

Browse Source 
seems popular these days
This commit is contained in:
Stepan Usatiuk
2023-12-30 14:24:24 +01:00
parent d83bed9edd
commit 3165137475
5 changed files with 15 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
server/src/main/java/com/usatiuk/tjv/y/server/security/User.java
View File

@@ -1,13 +0,0 @@
package com.usatiuk.tjv.y.server.security;
import org.springframework.security.core.GrantedAuthority;
import java.util.Collection;
public class User extends org.springframework.security.core.userdetails.User {
public User(String uuid, String hash,
Collection<? extends GrantedAuthority> authorities) {
super(uuid, hash, authorities);
}
}

1
server/src/main/java/com/usatiuk/tjv/y/server/security/UserDetailsService.java
View File

@@ -3,6 +3,7 @@ package com.usatiuk.tjv.y.server.security;
import com.usatiuk.tjv.y.server.entity.Person;
import com.usatiuk.tjv.y.server.repository.PersonRepository;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;

32
server/src/main/java/com/usatiuk/tjv/y/server/security/WebSecurityConfig.java
View File

@@ -1,14 +1,11 @@
package com.usatiuk.tjv.y.server.security;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.usatiuk.tjv.y.server.dto.ErrorTo;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -24,10 +21,9 @@ import org.springframework.stereotype.Component;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.servlet.HandlerExceptionResolver;
import org.springframework.web.servlet.handler.HandlerMappingIntrospector;
import java.io.IOException;
import java.io.OutputStream;
import java.util.List;
@Configuration
@@ -42,17 +38,16 @@ public class WebSecurityConfig {
@Component
class ErrorAuthenticationEntryPoint implements AuthenticationEntryPoint {
@Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException)
throws IOException {
var err = new ErrorTo(List.of("Authentication failed"), HttpStatus.UNAUTHORIZED.value());
response.setContentType(MediaType.APPLICATION_JSON_VALUE);
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
OutputStream responseStream = response.getOutputStream();
ObjectMapper mapper = new ObjectMapper();
mapper.writeValue(responseStream, err);
responseStream.flush();
private final HandlerExceptionResolver resolver;
ErrorAuthenticationEntryPoint(@Qualifier("handlerExceptionResolver") HandlerExceptionResolver resolver) {
this.resolver = resolver;
}
@Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) {
resolver.resolveException(request, response, null, authException);
}
}
@@ -62,12 +57,7 @@ public class WebSecurityConfig {
return http.cors(Customizer.withDefaults())
.csrf(AbstractHttpConfigurer::disable)
.authorizeHttpRequests((authorize) -> authorize
.requestMatchers(mvc.pattern(HttpMethod.GET, "/post/**")).permitAll()
.requestMatchers(mvc.pattern(HttpMethod.GET, "/post*")).permitAll()
.requestMatchers(mvc.pattern(HttpMethod.POST, "/person")).permitAll()
.requestMatchers(mvc.pattern(HttpMethod.GET, "/person")).permitAll()
.requestMatchers(mvc.pattern(HttpMethod.GET, "/person/by-username/*")).permitAll()
.requestMatchers(mvc.pattern(HttpMethod.GET, "/person/by-uuid/*")).permitAll()
.requestMatchers(mvc.pattern(HttpMethod.POST, "/token")).permitAll()
.requestMatchers(mvc.pattern("/error")).permitAll()
.anyRequest().hasAuthority(UserRoles.ROLE_USER.name()))

2
server/src/test/java/com/usatiuk/tjv/y/server/controller/PersonControllerTest.java
View File

@@ -41,7 +41,7 @@ public class PersonControllerTest extends DemoDataDbTest {
@Test
void shouldGet() {
var response = restTemplate.exchange(addr + "/person/by-username/" + person1.getUsername(),
HttpMethod.GET, HttpEntity.EMPTY, PersonTo.class);
HttpMethod.GET, new HttpEntity<>(createAuthHeaders(person1Auth)), PersonTo.class);
Assertions.assertNotNull(response);
Assertions.assertEquals(HttpStatus.OK, response.getStatusCode());

4
server/src/test/java/com/usatiuk/tjv/y/server/controller/PostControllerTest.java
View File

@@ -51,7 +51,7 @@ public class PostControllerTest extends DemoDataDbTest {
@Test
void shouldGetPost() {
var response = restTemplate.exchange(addr + "/post/" + post1.getId(), HttpMethod.GET,
HttpEntity.EMPTY, PostTo.class);
new HttpEntity<>(createAuthHeaders(person1Auth)), PostTo.class);
Assertions.assertEquals(HttpStatus.OK, response.getStatusCode());
var parsedResponse = response.getBody();
@@ -64,7 +64,7 @@ public class PostControllerTest extends DemoDataDbTest {
@Test
void shouldGetByAuthor() {
var response = restTemplate.exchange(addr + "/post/by-author-uuid/" + person1.getUuid(), HttpMethod.GET,
HttpEntity.EMPTY, PostTo[].class);
new HttpEntity<>(createAuthHeaders(person1Auth)), PostTo[].class);
Assertions.assertEquals(HttpStatus.OK, response.getStatusCode());
var parsedResponse = response.getBody();