feat: use Spring Security

CubeWhyMC · Oct 3, 2024 · c004ca2 · c004ca2
1 parent 8ceae04
commit c004ca2
Show file tree

Hide file tree

Showing 9 changed files with 133 additions and 13 deletions.
diff --git a/src/main/java/fuck/manthe/nmsl/config/SecurityConfig.java b/src/main/java/fuck/manthe/nmsl/config/SecurityConfig.java
@@ -3,8 +3,11 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.config.annotation.web.configurers.LogoutConfigurer;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
 
 @Configuration
@@ -13,15 +16,24 @@ public class SecurityConfig {
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
         http
                 .authorizeHttpRequests((conf) -> conf
-                        .anyRequest().permitAll() // TODO Replace admin password with Spring Security
-                )
-                .formLogin((form) -> form
-                        .loginPage("/login")
-                        .permitAll()
+                        .requestMatchers("/dashboard**").authenticated()
+                        .requestMatchers("/admin/**").hasRole("ADMIN")
+                        .anyRequest().permitAll()
                 )
+//                .formLogin((form) -> form
+//                        .loginPage("/dashboard/login")
+//                        .loginProcessingUrl("/dashboard/login")
+//                        .permitAll()
+//                )
+                .formLogin(AbstractAuthenticationFilterConfigurer::permitAll)
                 .csrf(AbstractHttpConfigurer::disable)
                 .logout(LogoutConfigurer::permitAll);
 
         return http.build();
     }
+
+    @Bean
+    PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
 }
diff --git a/src/main/java/fuck/manthe/nmsl/controller/DashboardController.java b/src/main/java/fuck/manthe/nmsl/controller/DashboardController.java
@@ -9,10 +9,10 @@
 @Controller
 @RequestMapping("dashboard")
 public class DashboardController {
-    @GetMapping("login")
-    public String login() {
-        return "dashboard/login";
-    }
+//    @GetMapping("login")
+//    public String login() {
+//        return "dashboard/login";
+//    }
 
     @GetMapping("add-user")
     public String addUser() {

diff --git a/src/main/java/fuck/manthe/nmsl/entity/Admin.java b/src/main/java/fuck/manthe/nmsl/entity/Admin.java
@@ -0,0 +1,19 @@
+package fuck.manthe.nmsl.entity;
+
+import jakarta.persistence.Entity;
+import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.GenerationType;
+import jakarta.persistence.Id;
+import lombok.Data;
+
+@Data
+@Entity
+public class Admin {
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private long id;
+
+    private String username;
+    private String password;
+    private String role;
+}
diff --git a/src/main/java/fuck/manthe/nmsl/entity/UserDetailsImpl.java b/src/main/java/fuck/manthe/nmsl/entity/UserDetailsImpl.java
@@ -0,0 +1,27 @@
+package fuck.manthe.nmsl.entity;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+
+import java.util.Collection;
+import java.util.List;
+
+@Data
+@AllArgsConstructor
+@NoArgsConstructor
+@Builder
+public class UserDetailsImpl implements UserDetails {
+    private String username;
+    private String password;
+    private String role;
+
+    @Override
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+        return List.of(new SimpleGrantedAuthority(role));
+    }
+}
diff --git a/src/main/java/fuck/manthe/nmsl/filter/AdminFilter.java b/src/main/java/fuck/manthe/nmsl/filter/AdminFilter.java
@@ -5,14 +5,12 @@
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.extern.log4j.Log4j2;
-import org.springframework.core.annotation.Order;
-import org.springframework.stereotype.Component;
 
 import java.io.IOException;
 import java.util.UUID;
 
-@Component
-@Order(1)
+//@Component
+//@Order(1)
 @Log4j2
 public class AdminFilter implements Filter {
     String adminPassword = System.getProperty("adminPassword", UUID.randomUUID().toString());

diff --git a/src/main/java/fuck/manthe/nmsl/repository/AdminRepository.java b/src/main/java/fuck/manthe/nmsl/repository/AdminRepository.java
@@ -0,0 +1,12 @@
+package fuck.manthe.nmsl.repository;
+
+import fuck.manthe.nmsl.entity.Admin;
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.stereotype.Repository;
+
+import java.util.Optional;
+
+@Repository
+public interface AdminRepository extends JpaRepository<Admin, Long> {
+    Optional<Admin> findByUsername(String username);
+}
diff --git a/src/main/java/fuck/manthe/nmsl/service/AdminService.java b/src/main/java/fuck/manthe/nmsl/service/AdminService.java
@@ -0,0 +1,7 @@
+package fuck.manthe.nmsl.service;
+
+import fuck.manthe.nmsl.entity.Admin;
+
+public interface AdminService {
+    Admin findByUsername(String username);
+}
diff --git a/src/main/java/fuck/manthe/nmsl/service/impl/AdminServiceImpl.java b/src/main/java/fuck/manthe/nmsl/service/impl/AdminServiceImpl.java
@@ -0,0 +1,18 @@
+package fuck.manthe.nmsl.service.impl;
+
+import fuck.manthe.nmsl.entity.Admin;
+import fuck.manthe.nmsl.repository.AdminRepository;
+import fuck.manthe.nmsl.service.AdminService;
+import jakarta.annotation.Resource;
+import org.springframework.stereotype.Service;
+
+@Service
+public class AdminServiceImpl implements AdminService {
+    @Resource
+    AdminRepository adminRepository;
+
+    @Override
+    public Admin findByUsername(String username) {
+        return adminRepository.findByUsername(username).orElse(null);
+    }
+}
diff --git a/src/main/java/fuck/manthe/nmsl/service/impl/UserDetailsServiceImpl.java b/src/main/java/fuck/manthe/nmsl/service/impl/UserDetailsServiceImpl.java
@@ -0,0 +1,27 @@
+package fuck.manthe.nmsl.service.impl;
+
+import fuck.manthe.nmsl.entity.Admin;
+import fuck.manthe.nmsl.entity.UserDetailsImpl;
+import fuck.manthe.nmsl.service.AdminService;
+import jakarta.annotation.Resource;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Service;
+
+@Service
+public class UserDetailsServiceImpl implements UserDetailsService {
+    @Resource
+    AdminService adminService;
+
+    @Override
+    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+        Admin admin = adminService.findByUsername(username);
+        if (admin == null) return null;
+        return UserDetailsImpl.builder()
+                .username(admin.getUsername())
+                .password(admin.getPassword())
+                .role(admin.getRole())
+                .build();
+    }
+}