Added security configs

src/main/java/me/aski/catalogueservice/CatalogueServiceApplication.java

@@ -3,6 +3,7 @@ package me.aski.catalogueservice;
 import me.aski.catalogueservice.dao.CategoryRepository;
 import me.aski.catalogueservice.dao.ProductRepository;
 import me.aski.catalogueservice.entities.Category;
+import me.aski.catalogueservice.entities.Product;
 import org.springframework.boot.CommandLineRunner;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
@@ -23,12 +24,26 @@ public class CatalogueServiceApplication {
         return args -> {
 
             categoryRepository.deleteAll();
-            Stream.of("C1 Ordinateur", "C2 Imprimantes").forEach(c -> {
-                categoryRepository.save(new Category(c.split(" ")[0], c.split(" ")[1], new ArrayList<>()));
-
-            });
+            Stream.of("C1 Ordinateur", "C2 Imprimantes").forEach(c -> categoryRepository.save(new Category(c.split(" ")[0], c.split(" ")[1], new ArrayList<>())));
             categoryRepository.findAll().forEach(System.out::println);
 
+            Category c1 = categoryRepository.findById("C1").get();
+            productRepository.deleteAll();
+            Stream.of("P1", "P2", "P3").forEach(name -> {
+                Product p = productRepository.save(new Product(null, name, Math.random() * 1000, c1));
+                c1.getProducts().add(p);
+                categoryRepository.save(c1);
+            });
+
+            Category c2 = categoryRepository.findById("C2").get();
+            Stream.of("P4", "P5", "P6").forEach(name -> {
+                Product p = productRepository.save(new Product(null, name, Math.random() * 1000, c2));
+                c2.getProducts().add(p);
+                categoryRepository.save(c2);
+            });
+
+            productRepository.findAll().forEach(System.out::println);
+
         };
     }
 }

src/main/java/me/aski/catalogueservice/dao/ProductRepository.java

@@ -1,8 +1,9 @@
 package me.aski.catalogueservice.dao;
 
+import me.aski.catalogueservice.entities.Product;
 import org.springframework.data.mongodb.repository.MongoRepository;
 import org.springframework.data.rest.core.annotation.RepositoryRestResource;
 
 @RepositoryRestResource
-public interface ProductRepository extends MongoRepository<Process, String> {
+public interface ProductRepository extends MongoRepository<Product, String> {
 }

src/main/java/me/aski/catalogueservice/entities/Category.java

@@ -3,7 +3,6 @@ package me.aski.catalogueservice.entities;
 import lombok.AllArgsConstructor;
 import lombok.Data;
 import lombok.NoArgsConstructor;
-import lombok.ToString;
 import org.springframework.data.annotation.Id;
 import org.springframework.data.mongodb.core.mapping.DBRef;
 import org.springframework.data.mongodb.core.mapping.Document;
@@ -15,11 +14,19 @@ import java.util.Collection;
 @Data
 @AllArgsConstructor
 @NoArgsConstructor
-@ToString
+//@ToString
 public class Category {
     @Id
     private String id;
     private String name;
     @DBRef
     private Collection<Product> products = new ArrayList<>();
+
+    @Override
+    public String toString() {
+        return "Category{" +
+                "id='" + id + '\'' +
+                ", name='" + name + '\'' +
+                '}';
+    }
 }

src/main/java/me/aski/catalogueservice/sec/JWTAuthorizationFilter.java

@@ -0,0 +1,19 @@
+package me.aski.catalogueservice.sec;
+
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+public class JWTAuthorizationFilter extends OncePerRequestFilter {
+    @Override
+    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
+        System.out.println("**********");
+        String jwt = httpServletRequest.getHeader("Authorization");
+        if (jwt == null) throw new RuntimeException("Not Authorized");
+        filterChain.doFilter(httpServletRequest, httpServletResponse);
+    }
+}

src/main/java/me/aski/catalogueservice/sec/SecurityConfig.java

@@ -0,0 +1,42 @@
+package me.aski.catalogueservice.sec;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth.inMemoryAuthentication().
+                withUser("admin").password(passwordEncoder().encode("1234")).roles("ADMIN", "USER")
+                .and().
+                withUser("user").password(passwordEncoder().encode("1234")).roles("USER");
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        //super.configure(http);
+        http.csrf().disable();
+        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
+        http.authorizeRequests().antMatchers("/categories/**").hasAuthority("ADMIN");
+        http.authorizeRequests().antMatchers("/products/**").hasAuthority("USER");
+        http.authorizeRequests().anyRequest().authenticated();
+        http.addFilterBefore(new JWTAuthorizationFilter(), UsernamePasswordAuthenticationFilter.class);
+
+
+    }
+
+    @Bean
+    public BCryptPasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+}

src/main/resources/application.properties

@@ -0,0 +1 @@
+spring.data.mongodb.uri=mongodb://localhost:27017/CatalogueService