DevFW-CICD/spring-petclinic
16
0
Fork 1
mirror of https://github.com/spring-projects/spring-petclinic.git synced 2025-07-22 15:25:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

add security in WebSocketConfig

Browse source
This commit is contained in:
PEDSF 2020-11-25 19:46:39 +01:00
parent bb5391bca9
commit e585452b73
8 changed files with 100 additions and 70 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/main/java/org/springframework/samples/petclinic/configuration/WebSecurityConfig.java
View file

@ -96,7 +96,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public ClientRegistrationRepository clientRegistrationRepository() {
List<String> clients = Arrays.asList("google", "facebook", "github");
List<String> clients = Arrays.asList("google", "facebook", "github", "twitter");
List<ClientRegistration> registrations = clients.stream().map(c -> getRegistration(c))
.filter(registration -> registration != null).collect(Collectors.toList());

8
src/main/java/org/springframework/samples/petclinic/controller/UserController.java
View file

@ -92,7 +92,7 @@ public class UserController extends WebSocketSender {
}
// set default role
user.addRole(roleService.findByName("ROLE_USER"));
user.addRole("ROLE_USER");
// encode password because we get clear password
user.encode(user.getPassword());
@ -175,7 +175,7 @@ public class UserController extends WebSocketSender {
user.setFirstName(firstName);
user.setLastName(lastName);
user.setEnabled(true);
user.addRole(roleService.findByName("ROLE_USER"));
user.addRole("ROLE_USER");
user = userService.save(user);
}
@ -293,7 +293,7 @@ public class UserController extends WebSocketSender {
UserDTO operator = (UserDTO) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
UserDTO user = userService.findById(userId);
if (user.equals(operator) || operator.getRoles().contains(roleService.findByName("ROLE_ADMIN"))) {
if (user.equals(operator) || operator.getRoles().contains("ROLE_ADMIN")) {
model.addAttribute(CommonAttribute.USER, user);
model.addAttribute(CommonAttribute.USER_ID, user.getId());
return CommonView.USER_CHANGE_PASSWORD;
@ -329,7 +329,7 @@ public class UserController extends WebSocketSender {
try {
UserDTO operator = (UserDTO) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
if (user.equals(operator) || operator.getRoles().contains(roleService.findByName("ROLE_ADMIN"))) {
if (user.equals(operator) || operator.getRoles().contains("ROLE_ADMIN")) {
// encode password
user.encode(newPassword);
user = userService.save(user);

5
src/main/java/org/springframework/samples/petclinic/dto/common/RoleDTO.java
View file

@ -11,9 +11,6 @@ import java.io.Serializable;
*/
public class RoleDTO extends NamedDTO implements Serializable {
@Override
public String toString() {
return super.toString();
}
}

35
src/main/java/org/springframework/samples/petclinic/dto/common/UserDTO.java
View file

@ -1,7 +1,5 @@
package org.springframework.samples.petclinic.dto.common;
import org.springframework.beans.support.MutableSortDefinition;
import org.springframework.beans.support.PropertyComparator;
import org.springframework.samples.petclinic.common.CommonError;
import org.springframework.samples.petclinic.common.CommonParameter;
import org.springframework.samples.petclinic.dto.PersonDTO;
@ -12,7 +10,6 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import javax.validation.constraints.Pattern;
import javax.validation.constraints.Size;
import javax.xml.bind.annotation.XmlElement;
import java.io.Serializable;
import java.util.*;
@ -40,7 +37,7 @@ public class UserDTO extends PersonDTO implements Serializable, UserDetails {
private boolean credentialsNonExpired;
private Set<RoleDTO> roles;
private List<String> roles;
@Size(max = CommonParameter.PHONE_MAX, message = CommonError.FORMAT_LESS + CommonParameter.PHONE_MAX)
// @Pattern(regexp = CommonParameter.PHONE_REGEXP, message = CommonError.PHONE_FORMAT)
@ -143,39 +140,29 @@ public class UserDTO extends PersonDTO implements Serializable, UserDetails {
public Collection<? extends GrantedAuthority> getAuthorities() {
Set<GrantedAuthority> grantedAuthorities = new HashSet<>();
this.roles.forEach(role -> grantedAuthorities.add(new SimpleGrantedAuthority(role.getName())));
this.roles.forEach(role -> grantedAuthorities.add(new SimpleGrantedAuthority(role)));
return grantedAuthorities;
}
protected Set<RoleDTO> getRolesInternal() {
if (this.roles == null) {
this.roles = new HashSet<>();
}
return this.roles;
public List<String> getRoles() {
return roles;
}
protected void setRolesInternal(Set<RoleDTO> roles) {
public void setRoles(List<String> roles) {
this.roles = roles;
}
@XmlElement
public List<RoleDTO> getRoles() {
List<RoleDTO> sortedRoles = new ArrayList<>(getRolesInternal());
PropertyComparator.sort(sortedRoles, new MutableSortDefinition("name", true, true));
return Collections.unmodifiableList(sortedRoles);
public void addRole(String role){
if(this.roles==null){
this.roles = new ArrayList<>();
}
public int getNrOfRoles() {
return getRolesInternal().size();
this.roles.add(role);
}
public void addRole(RoleDTO role) {
getRolesInternal().add(role);
}
public void setRoles(Set<RoleDTO> roles) {
this.roles = roles;
public void removeRole(String role){
this.roles.remove(role);
}
public String getTelephone() {

37
src/main/java/org/springframework/samples/petclinic/model/common/Role.java
View file

@ -1,26 +1,45 @@
package org.springframework.samples.petclinic.model.common;
import org.springframework.samples.petclinic.common.CommonParameter;
import javax.persistence.*;
import javax.validation.constraints.NotEmpty;
import javax.validation.constraints.NotNull;
import javax.validation.constraints.Size;
import java.io.Serializable;
import java.util.Collection;
import java.util.Set;
@Entity(name = "Role")
@Table(name = "roles")
public class Role implements Serializable {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
private Long id;
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Integer id;
@NotNull
@NotEmpty
@Size(max = CommonParameter.ROLE_MAX)
@Column(name = "name", length = CommonParameter.ROLE_MAX)
private String name;
@ManyToMany(mappedBy = "roles")
private Collection<User> users;
public Long getId() {
@ManyToMany(mappedBy = "roles", fetch = FetchType.LAZY)
private Set<User> users;
public Role(Integer id, @NotNull @NotEmpty @Size(max = CommonParameter.ROLE_MAX) String name) {
this.id = id;
this.name = name;
}
public Role() {
// empty constructor for creating empty role and add attribute after
}
public Integer getId() {
return id;
}
public void setId(Long id) {
public void setId(Integer id) {
this.id = id;
}
@ -32,11 +51,11 @@ public class Role implements Serializable {
this.name = name;
}
public Collection<User> getUsers() {
public Set<User> getUsers() {
return users;
}
public void setUsers(Collection<User> users) {
public void setUsers(Set<User> users) {
this.users = users;
}
}

24
src/main/java/org/springframework/samples/petclinic/model/common/User.java
View file

@ -53,10 +53,10 @@ public class User extends Person implements Serializable, UserDetails {
@Column(name = "credential_unexpired")
private boolean credentialsNonExpired;
@ManyToMany(fetch = FetchType.EAGER)
@ManyToMany(cascade=CascadeType.ALL,fetch=FetchType.EAGER)
@JoinTable(name = "users_roles", joinColumns = @JoinColumn(name = "user_id", referencedColumnName = "id"),
inverseJoinColumns = @JoinColumn(name = "role_id", referencedColumnName = "id"))
private Collection<Role> roles;
private Set<Role> roles;
@Size(max = CommonParameter.PHONE_MAX, message = CommonError.FORMAT_LESS + CommonParameter.PHONE_MAX)
// @Pattern(regexp = CommonParameter.PHONE_REGEXP, message = CommonError.PHONE_FORMAT)
@ -145,14 +145,29 @@ public class User extends Person implements Serializable, UserDetails {
this.credentialsNonExpired = credentialsNonExpired;
}
public Collection<Role> getRoles() {
public Set<Role> getRoles() {
return roles;
}
public void setRoles(Collection<Role> roles) {
public void setRoles(Set<Role> roles) {
this.roles = roles;
}
public void addRole(Role role) {
if(this.roles==null){
this.roles = new HashSet<>();
}
this.roles.add(role);
role.getUsers().add(this);
}
public void removeRole(Role role){
if(this.roles!=null){
this.roles.remove(role);
role.getUsers().remove(this);
}
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
Set<GrantedAuthority> grantedAuthorities = new HashSet<>();
@ -162,7 +177,6 @@ public class User extends Person implements Serializable, UserDetails {
return grantedAuthorities;
}
public String getTelephone() {
return telephone;
}

39
src/main/java/org/springframework/samples/petclinic/service/common/UserService.java
View file

@ -10,9 +10,7 @@ import org.springframework.samples.petclinic.repository.UserRepository;
import org.springframework.samples.petclinic.service.business.BaseService;
import org.springframework.stereotype.Service;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.*;
/**
* Simple Service between User entity and UserDTO Data Transfert Object.
@ -24,10 +22,13 @@ public class UserService implements BaseService<User, UserDTO> {
private final UserRepository userRepository;
private final RoleRepository roleRepository;
private final ModelMapper modelMapper = new ModelMapper();
public UserService(UserRepository userRepository) {
public UserService(UserRepository userRepository, RoleRepository roleRepository) {
this.userRepository = userRepository;
this.roleRepository = roleRepository;
}
@Override
@ -40,10 +41,16 @@ public class UserService implements BaseService<User, UserDTO> {
User user = modelMapper.map(dto, User.class);
user.setPassword(dto.getPassword());
/*
* if (dto.getRoles() != null) { for (RoleDTO roleDTO : dto.getRoles()) { Role
* role = modelMapper.map(roleDTO, Role.class); user.addRole(role); } }
*/
if( dto.getRoles()!= null) {
Set<Role> roles = new HashSet<>();
for (String role : dto.getRoles()) {
roles.add(roleRepository.findByName(role));
}
user.setRoles(roles);
}
return user;
}
@ -56,10 +63,17 @@ public class UserService implements BaseService<User, UserDTO> {
UserDTO userDto = modelMapper.map(entity, UserDTO.class);
userDto.setPassword(entity.getPassword());
userDto.setMatchingPassword(entity.getPassword());
/*
* if (entity.getRoles() != null) { for (Role role : entity.getRoles()) { RoleDTO
* roleDTO = modelMapper.map(role, RoleDTO.class); userDto.addRole(roleDTO); } }
*/
if( entity.getRoles()!= null) {
List<String> roles = new ArrayList<>();
for (Role role : entity.getRoles()) {
roles.add(role.getName());
}
userDto.setRoles(roles);
}
return userDto;
}
@ -112,7 +126,6 @@ public class UserService implements BaseService<User, UserDTO> {
public UserDTO findByEmail(String email) {
User user = userRepository.findByEmail(email);
return entityToDTO(user);
}

8
src/main/resources/application.properties
View file

@ -44,15 +44,15 @@ spring.h2.console.path=/h2-console
spring.security.oauth2.client.registration.google.client-id=${OAUTH2_GOOGLE_CLIENT_ID}
spring.security.oauth2.client.registration.google.client-secret=${OAUTH2_GOOGLE_CLIENT_SECRET}
#spring.security.oauth2.client.registration.github.client-id=${OAUTH2_GITHUB_CLIENT_ID}
#spring.security.oauth2.client.registration.github.client-secret=${OAUTH2_GITHUB_CLIENT_SECRET}
spring.security.oauth2.client.registration.github.client-id=${OAUTH2_GITHUB_CLIENT_ID}
spring.security.oauth2.client.registration.github.client-secret=${OAUTH2_GITHUB_CLIENT_SECRET}
#spring.security.oauth2.client.registration.facebook.client-id=<your client id>
#spring.security.oauth2.client.registration.facebook.client-secret=<your client secret>
#spring.security.oauth2.client.registration.twitter.client-id=<your client id>
#spring.security.oauth2.client.registration.twitter.client-secret=<your client secret>
spring.security.oauth2.client.registration.twitter.client-id=${OAUTH2_TWITTER_CLIENT_ID}
spring.security.oauth2.client.registration.twitter.client-secret=${OAUTH2_TWITTER_CLIENT_SECRET}
#################################################################### SPRING MAIL
spring.mail.host=smtp.mailtrap.io