Pārlūkot izejas kodu

added some security configuration

Raymond Farria 6 gadus atpakaļ
vecāks
revīzija
84339296c2

+ 445
- 390
.idea/workspace.xml
Failā izmaiņas netiks attēlotas, jo tās ir par lielu
Parādīt failu


+ 31
- 0
Main/Main.iml Parādīt failu

@@ -65,5 +65,36 @@
65 65
       </library>
66 66
     </orderEntry>
67 67
     <orderEntry type="library" name="Maven: org.springframework:spring-tx:5.0.7.RELEASE" level="project" />
68
+    <orderEntry type="library" name="Maven: org.springframework.security.oauth:spring-security-oauth2:2.2.1.RELEASE" level="project" />
69
+    <orderEntry type="module-library">
70
+      <library name="spring-boot-starter-security">
71
+        <CLASSES>
72
+          <root url="jar://$MAVEN_REPOSITORY$/org/springframework/boot/spring-boot-starter-security/2.0.3.RELEASE/spring-boot-starter-security-2.0.3.RELEASE.jar!/" />
73
+          <root url="jar://$MAVEN_REPOSITORY$/org/springframework/boot/spring-boot-starter/2.0.3.RELEASE/spring-boot-starter-2.0.3.RELEASE.jar!/" />
74
+          <root url="jar://$MAVEN_REPOSITORY$/org/springframework/boot/spring-boot/2.0.3.RELEASE/spring-boot-2.0.3.RELEASE.jar!/" />
75
+          <root url="jar://$MAVEN_REPOSITORY$/org/springframework/boot/spring-boot-autoconfigure/2.0.3.RELEASE/spring-boot-autoconfigure-2.0.3.RELEASE.jar!/" />
76
+          <root url="jar://$MAVEN_REPOSITORY$/org/springframework/boot/spring-boot-starter-logging/2.0.3.RELEASE/spring-boot-starter-logging-2.0.3.RELEASE.jar!/" />
77
+          <root url="jar://$MAVEN_REPOSITORY$/ch/qos/logback/logback-classic/1.2.3/logback-classic-1.2.3.jar!/" />
78
+          <root url="jar://$MAVEN_REPOSITORY$/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar!/" />
79
+          <root url="jar://$MAVEN_REPOSITORY$/org/slf4j/slf4j-api/1.7.25/slf4j-api-1.7.25.jar!/" />
80
+          <root url="jar://$MAVEN_REPOSITORY$/org/apache/logging/log4j/log4j-to-slf4j/2.10.0/log4j-to-slf4j-2.10.0.jar!/" />
81
+          <root url="jar://$MAVEN_REPOSITORY$/org/apache/logging/log4j/log4j-api/2.10.0/log4j-api-2.10.0.jar!/" />
82
+          <root url="jar://$MAVEN_REPOSITORY$/org/slf4j/jul-to-slf4j/1.7.25/jul-to-slf4j-1.7.25.jar!/" />
83
+          <root url="jar://$MAVEN_REPOSITORY$/javax/annotation/javax.annotation-api/1.3.2/javax.annotation-api-1.3.2.jar!/" />
84
+          <root url="jar://$MAVEN_REPOSITORY$/org/springframework/spring-core/5.0.7.RELEASE/spring-core-5.0.7.RELEASE.jar!/" />
85
+          <root url="jar://$MAVEN_REPOSITORY$/org/springframework/spring-jcl/5.0.7.RELEASE/spring-jcl-5.0.7.RELEASE.jar!/" />
86
+          <root url="jar://$MAVEN_REPOSITORY$/org/springframework/spring-aop/5.0.7.RELEASE/spring-aop-5.0.7.RELEASE.jar!/" />
87
+          <root url="jar://$MAVEN_REPOSITORY$/org/springframework/spring-beans/5.0.7.RELEASE/spring-beans-5.0.7.RELEASE.jar!/" />
88
+          <root url="jar://$MAVEN_REPOSITORY$/org/springframework/security/spring-security-config/5.0.6.RELEASE/spring-security-config-5.0.6.RELEASE.jar!/" />
89
+          <root url="jar://$MAVEN_REPOSITORY$/org/springframework/security/spring-security-core/5.0.6.RELEASE/spring-security-core-5.0.6.RELEASE.jar!/" />
90
+          <root url="jar://$MAVEN_REPOSITORY$/org/springframework/spring-context/5.0.7.RELEASE/spring-context-5.0.7.RELEASE.jar!/" />
91
+          <root url="jar://$MAVEN_REPOSITORY$/org/springframework/security/spring-security-web/5.0.6.RELEASE/spring-security-web-5.0.6.RELEASE.jar!/" />
92
+          <root url="jar://$MAVEN_REPOSITORY$/org/springframework/spring-expression/5.0.7.RELEASE/spring-expression-5.0.7.RELEASE.jar!/" />
93
+          <root url="jar://$MAVEN_REPOSITORY$/org/springframework/spring-web/5.0.7.RELEASE/spring-web-5.0.7.RELEASE.jar!/" />
94
+        </CLASSES>
95
+        <JAVADOC />
96
+        <SOURCES />
97
+      </library>
98
+    </orderEntry>
68 99
   </component>
69 100
 </module>

+ 4
- 1
Main/src/Accounts/AccountDetails.java Parādīt failu

@@ -1,9 +1,12 @@
1 1
 package Accounts;
2 2
 
3
+import org.springframework.stereotype.Repository;
4
+
3 5
 import java.util.Collection;
4 6
 import java.util.Optional;
5 7
 
6
-public interface AccountDetails {
8
+
9
+public interface AccountDetails extends Repository {
7 10
 
8 11
         Collection<Account> findAll();
9 12
 

+ 16
- 0
Main/src/Security/AuthenticationMananagerProvider.java Parādīt failu

@@ -0,0 +1,16 @@
1
+package Security;
2
+
3
+import org.springframework.context.annotation.Bean;
4
+import org.springframework.context.annotation.Configuration;
5
+import org.springframework.security.authentication.AuthenticationManager;
6
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
7
+
8
+@Configuration
9
+public class AuthenticationMananagerProvider extends WebSecurityConfigurerAdapter {
10
+
11
+    @Bean("authenticationManager")
12
+    @Override
13
+    public AuthenticationManager authenticationManagerBean() throws Exception{
14
+        return super.authenticationManagerBean();
15
+    }
16
+}

+ 40
- 0
Main/src/Security/AuthorizationServerConfig.java Parādīt failu

@@ -0,0 +1,40 @@
1
+package Security;
2
+
3
+import Accounts.AccountService;
4
+import org.springframework.beans.factory.annotation.Value;
5
+import org.springframework.context.annotation.Bean;
6
+import org.springframework.context.annotation.Configuration;
7
+import org.springframework.security.core.userdetails.UserDetailsService;
8
+import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
9
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
10
+
11
+@Configuration
12
+@EnableAuthorizationServer
13
+public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
14
+
15
+    @Value("{security.oauth2.resource.id}")
16
+    private String resourceId;
17
+
18
+    @Value("${access_token.validity_period}")
19
+    private int accessTokenValiditySeconds;
20
+
21
+    @Value("${refresh_token.validity_period}")
22
+    private int refreshTokenValiditySeconds;
23
+
24
+//    @Autowired
25
+//    private AuthenticationManagerBuilder authenticationManager;
26
+//    @Autowired
27
+//    private AuthenticationManager authenticationManager;
28
+
29
+    @Bean
30
+    public UserDetailsService userDetailsService(){
31
+        return new AccountService();
32
+    }
33
+
34
+
35
+
36
+//    @Override
37
+//    public void configure(AuthorizationServerEndpointsConfiguration endpoints) throws Exception{
38
+//        endpoints.authenticationManager(this.authenticationManager);
39
+//    }
40
+}

+ 0
- 12
Main/src/Security/SecurityApplication.java Parādīt failu

@@ -1,12 +0,0 @@
1
-package Security;
2
-
3
-import org.springframework.boot.SpringApplication;
4
-import org.springframework.boot.autoconfigure.SpringBootApplication;
5
-
6
-@SpringBootApplication
7
-public class SecurityApplication {
8
-
9
-	public static void main(String[] args) {
10
-		SpringApplication.run(SecurityApplication.class, args);
11
-	}
12
-}

+ 61
- 0
Main/src/Security/SecurityConfig.java Parādīt failu

@@ -0,0 +1,61 @@
1
+package Security;
2
+
3
+
4
+import org.springframework.beans.factory.annotation.Autowired;
5
+import org.springframework.boot.autoconfigure.security.SecurityProperties;
6
+import org.springframework.context.annotation.Bean;
7
+import org.springframework.context.annotation.Configuration;
8
+import org.springframework.core.annotation.Order;
9
+import org.springframework.security.authentication.AuthenticationManager;
10
+import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
11
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
12
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
13
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
14
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
15
+import org.springframework.security.core.userdetails.UserDetailsService;
16
+import org.springframework.security.crypto.password.PasswordEncoder;
17
+
18
+@Configuration
19
+@EnableWebSecurity (debug = true)
20
+@Order(SecurityProperties.BASIC_AUTH_ORDER -2)
21
+public class SecurityConfig extends WebSecurityConfigurerAdapter{
22
+
23
+    @Autowired
24
+    public UserDetailsService userDetailsService;
25
+
26
+    @Autowired
27
+    private PasswordEncoder passwordEncoder;
28
+
29
+    @Bean
30
+    public DaoAuthenticationProvider authenticationProvider(){
31
+        DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
32
+        provider.setPasswordEncoder(passwordEncoder);
33
+        provider.setUserDetailsService(userDetailsService());
34
+        return provider;
35
+    }
36
+
37
+    @Override
38
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception{
39
+        auth
40
+                .userDetailsService(userDetailsService)
41
+                .passwordEncoder(passwordEncoder);
42
+    }
43
+
44
+    @Override
45
+    protected void configure(HttpSecurity http) throws Exception{
46
+        http
47
+                .authorizeRequests()
48
+                .anyRequest().authenticated()
49
+                .antMatchers("/","/**").permitAll()
50
+                .and().httpBasic().and()
51
+                .csrf().disable();
52
+    }
53
+
54
+    @Override
55
+    @Bean
56
+    public AuthenticationManager authenticationManagerBean() throws Exception{
57
+        return super.authenticationManagerBean();
58
+    }
59
+
60
+
61
+}

+ 33
- 0
pom.xml Parādīt failu

@@ -65,6 +65,7 @@
65 65
 			<artifactId>thymeleaf-extras-springsecurity4</artifactId>
66 66
 			<version>2.1.2.RELEASE</version>
67 67
 		</dependency>
68
+
68 69
 	</dependencies>
69 70
 
70 71
 	<dependencyManagement>
@@ -77,6 +78,38 @@
77 78
 				<scope>import</scope>
78 79
 			</dependency>
79 80
 		</dependencies>
81
+
82
+		<dependencies>
83
+			<dependency>
84
+				<groupId>org.springframework.cloud</groupId>
85
+				<artifactId>spring-cloud-starter-oauth2</artifactId>
86
+			</dependency>
87
+			<dependency>
88
+				<groupId>org.springframework.boot</groupId>
89
+				<artifactId>spring-boot-starter-data-jpa</artifactId>
90
+			</dependency>
91
+			<dependency>
92
+				<groupId>org.springframework.boot</groupId>
93
+				<artifactId>spring-boot-starter-security</artifactId>
94
+			</dependency>
95
+			<dependency>
96
+				<groupId>org.springframework.boot</groupId>
97
+				<artifactId>spring-boot-starter-web</artifactId>
98
+			</dependency>
99
+
100
+			<dependency>
101
+				<groupId>com.h2database</groupId>
102
+				<artifactId>h2</artifactId>
103
+				<scope>runtime</scope>
104
+			</dependency>
105
+			<dependency>
106
+				<groupId>org.springframework.boot</groupId>
107
+				<artifactId>spring-boot-starter-test</artifactId>
108
+				<scope>test</scope>
109
+			</dependency>
110
+		</dependencies>
111
+
112
+
80 113
 	</dependencyManagement>
81 114
 
82 115
 	<build>