Added security configs
This commit is contained in:
@@ -3,6 +3,7 @@ package me.aski.catalogueservice;
|
||||
import me.aski.catalogueservice.dao.CategoryRepository;
|
||||
import me.aski.catalogueservice.dao.ProductRepository;
|
||||
import me.aski.catalogueservice.entities.Category;
|
||||
import me.aski.catalogueservice.entities.Product;
|
||||
import org.springframework.boot.CommandLineRunner;
|
||||
import org.springframework.boot.SpringApplication;
|
||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||
@@ -23,12 +24,26 @@ public class CatalogueServiceApplication {
|
||||
return args -> {
|
||||
|
||||
categoryRepository.deleteAll();
|
||||
Stream.of("C1 Ordinateur", "C2 Imprimantes").forEach(c -> {
|
||||
categoryRepository.save(new Category(c.split(" ")[0], c.split(" ")[1], new ArrayList<>()));
|
||||
|
||||
});
|
||||
Stream.of("C1 Ordinateur", "C2 Imprimantes").forEach(c -> categoryRepository.save(new Category(c.split(" ")[0], c.split(" ")[1], new ArrayList<>())));
|
||||
categoryRepository.findAll().forEach(System.out::println);
|
||||
|
||||
Category c1 = categoryRepository.findById("C1").get();
|
||||
productRepository.deleteAll();
|
||||
Stream.of("P1", "P2", "P3").forEach(name -> {
|
||||
Product p = productRepository.save(new Product(null, name, Math.random() * 1000, c1));
|
||||
c1.getProducts().add(p);
|
||||
categoryRepository.save(c1);
|
||||
});
|
||||
|
||||
Category c2 = categoryRepository.findById("C2").get();
|
||||
Stream.of("P4", "P5", "P6").forEach(name -> {
|
||||
Product p = productRepository.save(new Product(null, name, Math.random() * 1000, c2));
|
||||
c2.getProducts().add(p);
|
||||
categoryRepository.save(c2);
|
||||
});
|
||||
|
||||
productRepository.findAll().forEach(System.out::println);
|
||||
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
@@ -3,7 +3,6 @@ package me.aski.catalogueservice.entities;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Data;
|
||||
import lombok.NoArgsConstructor;
|
||||
import lombok.ToString;
|
||||
import org.springframework.data.annotation.Id;
|
||||
import org.springframework.data.mongodb.core.mapping.DBRef;
|
||||
import org.springframework.data.mongodb.core.mapping.Document;
|
||||
@@ -15,11 +14,19 @@ import java.util.Collection;
|
||||
@Data
|
||||
@AllArgsConstructor
|
||||
@NoArgsConstructor
|
||||
@ToString
|
||||
//@ToString
|
||||
public class Category {
|
||||
@Id
|
||||
private String id;
|
||||
private String name;
|
||||
@DBRef
|
||||
private Collection<Product> products = new ArrayList<>();
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return "Category{" +
|
||||
"id='" + id + '\'' +
|
||||
", name='" + name + '\'' +
|
||||
'}';
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,19 @@
|
||||
package me.aski.catalogueservice.sec;
|
||||
|
||||
import org.springframework.web.filter.OncePerRequestFilter;
|
||||
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.io.IOException;
|
||||
|
||||
public class JWTAuthorizationFilter extends OncePerRequestFilter {
|
||||
@Override
|
||||
protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
|
||||
System.out.println("**********");
|
||||
String jwt = httpServletRequest.getHeader("Authorization");
|
||||
if (jwt == null) throw new RuntimeException("Not Authorized");
|
||||
filterChain.doFilter(httpServletRequest, httpServletResponse);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,42 @@
|
||||
package me.aski.catalogueservice.sec;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
||||
auth.inMemoryAuthentication().
|
||||
withUser("admin").password(passwordEncoder().encode("1234")).roles("ADMIN", "USER")
|
||||
.and().
|
||||
withUser("user").password(passwordEncoder().encode("1234")).roles("USER");
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
//super.configure(http);
|
||||
http.csrf().disable();
|
||||
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
|
||||
http.authorizeRequests().antMatchers("/categories/**").hasAuthority("ADMIN");
|
||||
http.authorizeRequests().antMatchers("/products/**").hasAuthority("USER");
|
||||
http.authorizeRequests().anyRequest().authenticated();
|
||||
http.addFilterBefore(new JWTAuthorizationFilter(), UsernamePasswordAuthenticationFilter.class);
|
||||
|
||||
|
||||
}
|
||||
|
||||
@Bean
|
||||
public BCryptPasswordEncoder passwordEncoder() {
|
||||
return new BCryptPasswordEncoder();
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1 @@
|
||||
spring.data.mongodb.uri=mongodb://localhost:27017/CatalogueService
|
||||
Reference in New Issue
Block a user