Revize c1016fab
Přidáno uživatelem Petr Urban před více než 1 rok
| db/spawn/db.spawn_createUsersTable.sql | ||
|---|---|---|
| 1 | 1 |
if not exists (select * from sysobjects where name='users' and xtype='U') |
| 2 | 2 |
create table users( |
| 3 | 3 |
id int identity(1,1), |
| 4 |
email nvarchar(255) not null,
|
|
| 4 |
email nvarchar(255) null, |
|
| 5 | 5 |
name nvarchar(255) not null, |
| 6 |
password varchar(255) not null,
|
|
| 6 |
password varchar(255) null, |
|
| 7 | 7 |
PRIMARY KEY(id) |
| 8 | 8 |
); |
| src/main/java/cz/zcu/fav/kiv/antipatterndetectionapp/v2/security/AuthConfiguration.java | ||
|---|---|---|
| 3 | 3 |
import com.nimbusds.jose.jwk.source.JWKSource; |
| 4 | 4 |
import com.nimbusds.jose.jwk.source.RemoteJWKSet; |
| 5 | 5 |
import com.nimbusds.jwt.proc.JWTProcessor; |
| 6 |
import org.springframework.beans.factory.annotation.Autowired; |
|
| 6 | 7 |
import org.springframework.context.annotation.Bean; |
| 7 | 8 |
import org.springframework.context.annotation.Configuration; |
| 8 | 9 |
import org.springframework.core.annotation.Order; |
| ... | ... | |
| 41 | 42 |
import org.springframework.security.oauth2.jwt.JwtDecoder; |
| 42 | 43 |
import org.springframework.security.oauth2.jwt.NimbusJwtDecoder; |
| 43 | 44 |
import org.springframework.security.web.SecurityFilterChain; |
| 45 |
import org.springframework.stereotype.Component; |
|
| 44 | 46 |
import org.springframework.web.cors.CorsConfiguration; |
| 45 | 47 |
import org.springframework.web.cors.CorsConfigurationSource; |
| 46 | 48 |
import org.springframework.web.cors.UrlBasedCorsConfigurationSource; |
| ... | ... | |
| 54 | 56 |
import static org.springframework.security.config.http.SessionCreationPolicy.STATELESS; |
| 55 | 57 |
|
| 56 | 58 |
@EnableWebSecurity |
| 59 |
@Component |
|
| 57 | 60 |
public class AuthConfiguration {
|
| 61 |
|
|
| 62 |
@Autowired |
|
| 63 |
private JwtAuthenticationTokenConverter jwtAuthenticationTokenConverter; |
|
| 64 |
|
|
| 58 | 65 |
@Bean |
| 59 | 66 |
public SecurityFilterChain oauth2SecurityFilterChain(HttpSecurity http) throws Exception {
|
| 60 | 67 |
http |
| ... | ... | |
| 65 | 72 |
.antMatchers("/v2/**").hasAnyRole("spade_basic")
|
| 66 | 73 |
.anyRequest().authenticated() |
| 67 | 74 |
) |
| 68 |
.oauth2ResourceServer(oauth2 -> oauth2.jwt(jwtConfigurer -> jwtConfigurer.jwtAuthenticationConverter(new JwtAuthenticationTokenConverter())))
|
|
| 75 |
.oauth2ResourceServer(oauth2 -> oauth2.jwt(jwtConfigurer -> jwtConfigurer.jwtAuthenticationConverter(jwtAuthenticationTokenConverter)))
|
|
| 69 | 76 |
.sessionManagement(session -> session.sessionCreationPolicy(STATELESS)); |
| 70 | 77 |
return http.build(); |
| 71 | 78 |
} |
| ... | ... | |
| 83 | 90 |
} |
| 84 | 91 |
}; |
| 85 | 92 |
} |
| 86 |
|
|
| 87 | 93 |
} |
| src/main/java/cz/zcu/fav/kiv/antipatterndetectionapp/v2/security/JwtAuthenticationTokenConverter.java | ||
|---|---|---|
| 1 | 1 |
package cz.zcu.fav.kiv.antipatterndetectionapp.v2.security; |
| 2 | 2 |
|
| 3 |
import cz.zcu.fav.kiv.antipatterndetectionapp.v2.model.User; |
|
| 4 |
import cz.zcu.fav.kiv.antipatterndetectionapp.v2.service.user.UserService; |
|
| 5 |
import cz.zcu.fav.kiv.antipatterndetectionapp.v2.service.user.UserServiceImpl; |
|
| 6 |
import lombok.RequiredArgsConstructor; |
|
| 7 |
import org.springframework.beans.factory.annotation.Autowired; |
|
| 3 | 8 |
import org.springframework.core.convert.converter.Converter; |
| 4 | 9 |
import org.springframework.security.authentication.AbstractAuthenticationToken; |
| 5 | 10 |
import org.springframework.security.core.GrantedAuthority; |
| ... | ... | |
| 8 | 13 |
import org.springframework.security.oauth2.jwt.JwtClaimNames; |
| 9 | 14 |
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken; |
| 10 | 15 |
import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter; |
| 16 |
import org.springframework.stereotype.Service; |
|
| 11 | 17 |
|
| 12 | 18 |
import java.util.Collection; |
| 13 | 19 |
import java.util.Collections; |
| ... | ... | |
| 15 | 21 |
import java.util.stream.Collectors; |
| 16 | 22 |
import java.util.stream.Stream; |
| 17 | 23 |
|
| 24 |
@Service |
|
| 18 | 25 |
public class JwtAuthenticationTokenConverter implements Converter<Jwt, AbstractAuthenticationToken> {
|
| 19 |
|
|
| 20 | 26 |
private static final JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter(); |
| 27 |
@Autowired |
|
| 28 |
private UserService userService; |
|
| 21 | 29 |
private String resourceId = "spade-client"; |
| 22 | 30 |
private String principalAttribute = "preferred_username"; |
| 23 | 31 |
|
| ... | ... | |
| 27 | 35 |
Stream.concat(jwtGrantedAuthoritiesConverter.convert(jwt).stream(), extractResourceRoles(jwt).stream()) |
| 28 | 36 |
.collect(Collectors.toSet()); |
| 29 | 37 |
String claimName = principalAttribute == null ? JwtClaimNames.SUB : principalAttribute; |
| 38 |
|
|
| 39 |
String preferredUsername = jwt.getClaim(claimName); |
|
| 40 |
userService.registerUserSSO(new User(preferredUsername)); |
|
| 41 |
|
|
| 30 | 42 |
return new JwtAuthenticationToken(jwt, authorities, jwt.getClaim(claimName)); |
| 31 | 43 |
} |
| 32 | 44 |
|
| src/main/java/cz/zcu/fav/kiv/antipatterndetectionapp/v2/service/user/UserService.java | ||
|---|---|---|
| 15 | 15 |
* @return Integer - status code of the operation, ie 1 - successful, 0 - name taken, ... |
| 16 | 16 |
*/ |
| 17 | 17 |
public UserModelStatusCodes registerUser(User user); |
| 18 |
|
|
| 19 |
void registerUserSSO(User user); |
|
| 20 |
|
|
| 18 | 21 |
/** |
| 19 | 22 |
* Method attempts to log in a user and returns status code indicating login result |
| 20 | 23 |
* @param user serialized JSON object representing user |
| src/main/java/cz/zcu/fav/kiv/antipatterndetectionapp/v2/service/user/UserServiceImpl.java | ||
|---|---|---|
| 5 | 5 |
import cz.zcu.fav.kiv.antipatterndetectionapp.v2.repository.UserRepository; |
| 6 | 6 |
import cz.zcu.fav.kiv.antipatterndetectionapp.v2.utils.Crypto; |
| 7 | 7 |
import org.springframework.beans.factory.annotation.Autowired; |
| 8 |
import org.springframework.context.annotation.Primary; |
|
| 8 | 9 |
import org.springframework.stereotype.Service; |
| 9 | 10 |
import java.util.regex.Pattern; |
| 10 | 11 |
|
| ... | ... | |
| 18 | 19 |
@Autowired |
| 19 | 20 |
private UserRepository userRepository; |
| 20 | 21 |
|
| 22 |
|
|
| 23 |
@Override |
|
| 24 |
public synchronized void registerUserSSO(User user) {
|
|
| 25 |
if (userRepository.findByName(user.getName()) == null) {
|
|
| 26 |
final String name = user.getName(); |
|
| 27 |
if (verifyUserParameters(name)) |
|
| 28 |
return; |
|
| 29 |
//save the user |
|
| 30 |
userRepository.save(new User(name)); |
|
| 31 |
} |
|
| 32 |
} |
|
| 33 |
|
|
| 21 | 34 |
/** |
| 22 | 35 |
* Method attempts to register a user |
| 23 | 36 |
* @param user serialized JSON object representing user |
| ... | ... | |
| 107 | 120 |
return (!passwordMatches ? UserModelStatusCodes.USER_LOGIN_FAILED : UserModelStatusCodes.USER_LOGGED_IN); |
| 108 | 121 |
} |
| 109 | 122 |
|
| 110 |
|
|
| 123 |
private boolean verifyUserParameters(String name) {
|
|
| 124 |
return (name == null || name.isEmpty() || name.isBlank()); |
|
| 125 |
} |
|
| 111 | 126 |
|
| 112 | 127 |
@Override |
| 113 | 128 |
public User getUserByName(String name) {
|
Také k dispozici: Unified diff
SSO automatic registration