Part6

README.md

@@ -1,7 +1,8 @@
 # Spring Boot Web Application
-##Part 5
-This repository has the project files for a tutorial series on Spring Boot available from by website at [Spring Framework Guru](https://springframework.guru)
-##Part 4
-This repository has the project files for a tutorial series on Spring Boot available from by website at [Spring Framework Guru](https://springframework.guru/spring-boot-web-application-part-4-spring-mvc/)
 
-In this part of the tutorial series, I show how to setup a Spring MVC controller to suport CRUD operations, a Spring service facad over a Spring Data JPA repository, and Thymeleaf templates for the web application.
+##Part 6
+This repository has the project files for the post SPRING BOOT WEB APPLICATION, PART 6 – SPRING SECURITY WITH DAO Authentication Provider
+that is part of the tutorial series on Spring Boot available from by website at [Spring Framework Guru](https://springfrspringframework.guru)
+
+## Checkout the full tutorial here!
+[Spring Boot - making Spring Fun again!](https://springframework.guru/spring-boot-web-application-part-1-spring-initializr/)

pom.xml

@@ -14,13 +14,13 @@
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
-		<version>1.4.2.RELEASE</version>
+		<version>2.2.2.RELEASE</version>
 		<relativePath/> <!-- lookup parent from repository -->
 	</parent>
 
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-		<java.version>1.8</java.version>
+		<java.version>11</java.version>
 	</properties>
 
 	<dependencies>
@@ -47,17 +47,17 @@
 		</dependency>
 
 		<!--WebJars-->
+
 		<dependency>
 			<groupId>org.webjars</groupId>
-			<artifactId>bootstrap</artifactId>
-			<version>3.3.4</version>
+			<artifactId>jquery</artifactId>
+			<version>2.1.4</version>
 		</dependency>
 		<dependency>
 			<groupId>org.webjars</groupId>
-			<artifactId>jquery</artifactId>
-			<version>2.1.4</version>
+			<artifactId>bootstrap</artifactId>
+			<version>3.3.4</version>
 		</dependency>
-
 		<dependency>
 			<groupId>com.h2database</groupId>
 			<artifactId>h2</artifactId>
@@ -67,6 +67,20 @@
 			<artifactId>spring-boot-starter-test</artifactId>
 			<scope>test</scope>
 		</dependency>
+
+		<!--encryption lib-->
+	<dependency>
+			<groupId>org.jasypt</groupId>
+			<artifactId>jasypt</artifactId>
+			<version>1.9.2</version>
+		</dependency>
+
+		<dependency>
+			<groupId>org.jasypt</groupId>
+			<artifactId>jasypt-springsecurity3</artifactId>
+			<version>1.9.2</version>
+		</dependency>
+
 	</dependencies>
 
 	<build>

src/main/java/guru/springframework/bootstrap/SpringJpaBootstrap.java

@@ -0,0 +1,128 @@
+package guru.springframework.bootstrap;
+
+import guru.springframework.domain.Product;
+import guru.springframework.domain.Role;
+import guru.springframework.domain.User;
+import guru.springframework.repositories.ProductRepository;
+import guru.springframework.services.RoleService;
+import guru.springframework.services.UserService;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationListener;
+import org.springframework.context.event.ContextRefreshedEvent;
+import org.springframework.stereotype.Component;
+
+import java.math.BigDecimal;
+import java.util.List;
+
+@Component
+public class SpringJpaBootstrap implements ApplicationListener<ContextRefreshedEvent> {
+
+    private ProductRepository productRepository;
+    private UserService userService;
+    private RoleService roleService;
+
+    private Logger log = LoggerFactory.getLogger(SpringJpaBootstrap.class);
+
+    @Autowired
+    public void setProductRepository(ProductRepository productRepository) {
+        this.productRepository = productRepository;
+    }
+
+    @Autowired
+    public void setUserService(UserService userService) {
+        this.userService = userService;
+    }
+
+    @Autowired
+    public void setRoleService(RoleService roleService) {
+        this.roleService = roleService;
+    }
+
+
+    @Override
+    public void onApplicationEvent(ContextRefreshedEvent event) {
+        loadProducts();
+        loadUsers();
+        loadRoles();
+        assignUsersToUserRole();
+        assignUsersToAdminRole();
+    }
+
+    private void loadProducts() {
+        Product shirt = new Product();
+        shirt.setDescription("Spring Framework Guru Shirt");
+        shirt.setPrice(new BigDecimal("18.95"));
+        shirt.setImageUrl("https://springframework.guru/wp-content/uploads/2015/04/spring_framework_guru_shirt-rf412049699c14ba5b68bb1c09182bfa2_8nax2_512.jpg");
+        shirt.setProductId("235268845711068308");
+        productRepository.save(shirt);
+
+        log.info("Saved Shirt - id: " + shirt.getId());
+
+        Product mug = new Product();
+        mug.setDescription("Spring Framework Guru Mug");
+        mug.setImageUrl("https://springframework.guru/wp-content/uploads/2015/04/spring_framework_guru_coffee_mug-r11e7694903c348e1a667dfd2f1474d95_x7j54_8byvr_512.jpg");
+        mug.setProductId("168639393495335947");
+        mug.setPrice(new BigDecimal("11.95"));
+        productRepository.save(mug);
+
+        log.info("Saved Mug - id:" + mug.getId());
+    }
+
+    private void loadUsers() {
+        User user1 = new User();
+        user1.setUsername("user");
+        user1.setPassword("user");
+        userService.saveOrUpdate(user1);
+
+        User user2 = new User();
+        user2.setUsername("admin");
+        user2.setPassword("admin");
+        userService.saveOrUpdate(user2);
+
+    }
+
+    private void loadRoles() {
+        Role role = new Role();
+        role.setRole("USER");
+        roleService.saveOrUpdate(role);
+        log.info("Saved role" + role.getRole());
+        Role adminRole = new Role();
+        adminRole.setRole("ADMIN");
+        roleService.saveOrUpdate(adminRole);
+        log.info("Saved role" + adminRole.getRole());
+    }
+    private void assignUsersToUserRole() {
+        List<Role> roles = (List<Role>) roleService.listAll();
+        List<User> users = (List<User>) userService.listAll();
+
+        roles.forEach(role -> {
+            if (role.getRole().equalsIgnoreCase("USER")) {
+                users.forEach(user -> {
+                    if (user.getUsername().equals("user")) {
+                        user.addRole(role);
+                        userService.saveOrUpdate(user);
+                    }
+                });
+            }
+        });
+    }
+    private void assignUsersToAdminRole() {
+        List<Role> roles = (List<Role>) roleService.listAll();
+        List<User> users = (List<User>) userService.listAll();
+
+        roles.forEach(role -> {
+            if (role.getRole().equalsIgnoreCase("ADMIN")) {
+                users.forEach(user -> {
+                    if (user.getUsername().equals("admin")) {
+                        user.addRole(role);
+                        userService.saveOrUpdate(user);
+                    }
+                });
+            }
+        });
+    }
+}
+
+

src/main/java/guru/springframework/config/SpringSecConfig.java

@@ -0,0 +1,62 @@
+package guru.springframework.config;
+
+import org.jasypt.util.password.StrongPasswordEncryptor;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+@Configuration
+public class SpringSecConfig extends WebSecurityConfigurerAdapter {
+
+    private AuthenticationProvider authenticationProvider;
+
+    @Autowired
+    @Qualifier("daoAuthenticationProvider")
+    public void setAuthenticationProvider(AuthenticationProvider authenticationProvider) {
+        this.authenticationProvider = authenticationProvider;
+    }
+
+    @Bean
+    public PasswordEncoder passwordEncoder(){
+        PasswordEncoder passwordEncoder =new BCryptPasswordEncoder();
+        return passwordEncoder;
+    }
+@Bean("daoAuthenticationProvider")
+public AuthenticationProvider daoAuthenticationProvider(UserDetailsService userDetailsService) {
+    DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
+    provider.setPasswordEncoder(new BCryptPasswordEncoder());
+    provider.setUserDetailsService(userDetailsService);
+    return provider;
+}
+
+
+    @Autowired
+    public void configureAuthManager(AuthenticationManagerBuilder authenticationManagerBuilder){
+        authenticationManagerBuilder.authenticationProvider(authenticationProvider);
+    }
+    @Override
+    protected void configure(HttpSecurity httpSecurity) throws Exception {
+           httpSecurity
+                .authorizeRequests().antMatchers("/","/products","/product/show/*","/console/*","/h2-console/**").permitAll()
+                .anyRequest().authenticated()
+                .and()
+                .formLogin().loginPage("/login").permitAll()
+                .and()
+                .logout().permitAll();
+
+        httpSecurity.csrf().disable();
+        httpSecurity.headers().frameOptions().disable();
+    }
+
+
+}

src/main/java/guru/springframework/configuration/WebConfiguration.java → src/main/java/guru/springframework/config/WebConfig.java

@@ -1,12 +1,11 @@
-package guru.springframework.configuration;
-
+package guru.springframework.config;
 import org.h2.server.web.WebServlet;
 import org.springframework.boot.web.servlet.ServletRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 
 @Configuration
-public class WebConfiguration {
+public class WebConfig {
     @Bean
     ServletRegistrationBean h2servletRegistration(){
         ServletRegistrationBean registrationBean = new ServletRegistrationBean( new WebServlet());

src/main/java/guru/springframework/converters/UserToUserDetails.java

@@ -0,0 +1,31 @@
+package guru.springframework.converters;
+
+import guru.springframework.domain.User;
+import guru.springframework.services.security.UserDetailsImpl;
+import org.springframework.core.convert.converter.Converter;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.stereotype.Component;
+import java.util.ArrayList;
+import java.util.Collection;
+
+@Component
+public class UserToUserDetails implements Converter<User, UserDetails> {
+    @Override
+    public UserDetails convert(User user) {
+        UserDetailsImpl userDetails = new UserDetailsImpl();
+
+        if (user != null) {
+            userDetails.setUsername(user.getUsername());
+            userDetails.setPassword(user.getEncryptedPassword());
+            userDetails.setEnabled(user.getEnabled());
+            Collection<SimpleGrantedAuthority> authorities = new ArrayList<>();
+            user.getRoles().forEach(role -> {
+                authorities.add(new SimpleGrantedAuthority(role.getRole()));
+            });
+            userDetails.setAuthorities(authorities);
+        }
+
+        return userDetails;
+    }
+}