4_04_db_security_auth_user

admin@javaops.ru · admin@javaops.ru · commit da060d905243 · 2020-11-24T18:19:38.000+03:00
diff --git a/src/main/java/ru/javaops/bootjava/AuthUser.java b/src/main/java/ru/javaops/bootjava/AuthUser.java
@@ -0,0 +1,22 @@
+package ru.javaops.bootjava;
+
+import lombok.Getter;
+import lombok.ToString;
+import org.springframework.lang.NonNull;
+import ru.javaops.bootjava.model.User;
+
+@Getter
+@ToString(of = "user")
+public class AuthUser extends org.springframework.security.core.userdetails.User {
+
+    private final User user;
+
+    public AuthUser(@NonNull User user) {
+        super(user.getEmail(), user.getPassword(), user.getRoles());
+        this.user = user;
+    }
+
+    public int id() {
+        return user.id();
+    }
+}
diff --git a/src/main/java/ru/javaops/bootjava/config/WebSecurityConfig.java b/src/main/java/ru/javaops/bootjava/config/WebSecurityConfig.java
@@ -1,21 +1,43 @@
 package ru.javaops.bootjava.config;
 
+import lombok.AllArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.crypto.factory.PasswordEncoderFactories;
+import ru.javaops.bootjava.AuthUser;
+import ru.javaops.bootjava.model.User;
+import ru.javaops.bootjava.repository.UserRepository;
+
+import java.util.Optional;
 
 @Configuration
 @EnableWebSecurity
+@Slf4j
+@AllArgsConstructor
 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
+    private final UserRepository userRepository;
+
+    @Bean
+    public UserDetailsService userDetailsService() {
+        return email -> {
+            log.debug("Authenticating '{}'", email);
+            Optional<User> optionalUser = userRepository.findByEmailIgnoreCase(email);
+            return new AuthUser(optionalUser.orElseThrow(
+                    () -> new UsernameNotFoundException("User '" + email + "' was not found")));
+        };
+    }
+
     @Autowired
     public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
-        auth.inMemoryAuthentication()
-                .passwordEncoder(PasswordEncoderFactories.createDelegatingPasswordEncoder())
-                .withUser("user@gmail.com").password("{noop}password").roles("USER").and()
-                .withUser("admin@javaops.ru").password("{noop}admin").roles("USER", "ADMIN");
+        auth.userDetailsService(userDetailsService())
+                .passwordEncoder(PasswordEncoderFactories.createDelegatingPasswordEncoder());
     }
 }
diff --git a/src/main/java/ru/javaops/bootjava/model/Role.java b/src/main/java/ru/javaops/bootjava/model/Role.java
@@ -1,6 +1,13 @@
 package ru.javaops.bootjava.model;
 
-public enum Role {
+import org.springframework.security.core.GrantedAuthority;
+
+public enum Role implements GrantedAuthority {
     ROLE_USER,
-    ROLE_ADMIN
+    ROLE_ADMIN;
+
+    @Override
+    public String getAuthority() {
+        return name();
+    }
 }
diff --git a/src/main/java/ru/javaops/bootjava/model/User.java b/src/main/java/ru/javaops/bootjava/model/User.java
@@ -6,6 +6,7 @@
 import javax.validation.constraints.Email;
 import javax.validation.constraints.NotEmpty;
 import javax.validation.constraints.Size;
+import java.io.Serializable;
 import java.util.Set;
 
 @Entity
@@ -15,7 +16,7 @@
 @NoArgsConstructor(access = AccessLevel.PROTECTED)
 @AllArgsConstructor
 @ToString(callSuper = true, exclude = {"password"})
-public class User extends BaseEntity {
+public class User extends BaseEntity implements Serializable {
 
     @Column(name = "email", nullable = false, unique = true)
     @Email
diff --git a/src/main/java/ru/javaops/bootjava/web/AccountController.java b/src/main/java/ru/javaops/bootjava/web/AccountController.java
@@ -5,13 +5,15 @@
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
+import ru.javaops.bootjava.AuthUser;
+import ru.javaops.bootjava.model.User;
 
 @RestController
 @RequestMapping(value = "/api/account")
 public class AccountController {
 
     @GetMapping(produces = MediaType.APPLICATION_JSON_VALUE)
-    public Object get(@AuthenticationPrincipal Object authUser) {
-        return authUser;
+    public User get(@AuthenticationPrincipal AuthUser authUser) {
+        return authUser.getUser();
     }
 }
diff --git a/src/main/resources/data.sql b/src/main/resources/data.sql
@@ -1,6 +1,6 @@
 INSERT INTO USERS (EMAIL, FIRST_NAME, LAST_NAME, PASSWORD)
-VALUES ('user@gmail.com', 'User_First', 'User_Last', 'password'),
-       ('admin@javaops.ru', 'Admin_First', 'Admin_Last', 'admin');
+VALUES ('user@gmail.com', 'User_First', 'User_Last', '{noop}password'),
+       ('admin@javaops.ru', 'Admin_First', 'Admin_Last', '{noop}admin');
 
 INSERT INTO USER_ROLE (ROLE, USER_ID)
 VALUES ('ROLE_USER', 1),
