diff --git a/java-spring/common-auth-web/build.gradle b/java-spring/common-auth-web/build.gradle index 39dbd32..77d888d 100644 --- a/java-spring/common-auth-web/build.gradle +++ b/java-spring/common-auth-web/build.gradle @@ -7,7 +7,6 @@ dependencies { compile "org.springframework.boot:spring-boot-starter-web:$springBootVersion" compile "org.springframework.boot:spring-boot-starter-security:$springBootVersion" - compile "org.springframework.boot:spring-boot-starter-data-mongodb:$springBootVersion" testCompile "junit:junit:4.11" } diff --git a/java-spring/common-auth-web/src/main/java/net/chrisrichardson/eventstore/javaexamples/banking/commonauth/CustomerAuthConfiguration.java b/java-spring/common-auth-web/src/main/java/net/chrisrichardson/eventstore/javaexamples/banking/commonauth/CustomerAuthConfiguration.java deleted file mode 100644 index a16f3ba..0000000 --- a/java-spring/common-auth-web/src/main/java/net/chrisrichardson/eventstore/javaexamples/banking/commonauth/CustomerAuthConfiguration.java +++ /dev/null @@ -1,21 +0,0 @@ -package net.chrisrichardson.eventstore.javaexamples.banking.commonauth; - -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.ComponentScan; -import org.springframework.context.annotation.Configuration; -import org.springframework.data.mongodb.repository.config.EnableMongoRepositories; - -/** - * Created by Main on 04.02.2016. - */ -@Configuration -@EnableMongoRepositories -@ComponentScan -public class CustomerAuthConfiguration { - - @Bean - public CustomerAuthService customerAuthService(CustomerAuthRepository customerAuthRepository) { - return new CustomerAuthService(customerAuthRepository); - } - -} diff --git a/java-spring/common-auth-web/src/main/java/net/chrisrichardson/eventstore/javaexamples/banking/commonauth/controller/AuthController.java b/java-spring/common-auth-web/src/main/java/net/chrisrichardson/eventstore/javaexamples/banking/commonauth/controller/AuthController.java index c1b668f..6eb0983 100644 --- a/java-spring/common-auth-web/src/main/java/net/chrisrichardson/eventstore/javaexamples/banking/commonauth/controller/AuthController.java +++ b/java-spring/common-auth-web/src/main/java/net/chrisrichardson/eventstore/javaexamples/banking/commonauth/controller/AuthController.java @@ -8,7 +8,6 @@ import net.chrisrichardson.eventstore.javaexamples.banking.commonauth.model.Auth import net.chrisrichardson.eventstore.javaexamples.banking.commonauth.model.ErrorResponse; import net.chrisrichardson.eventstore.javaexamples.banking.commonauth.model.User; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.dao.EmptyResultDataAccessException; import org.springframework.dao.IncorrectResultSizeDataAccessException; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; @@ -49,6 +48,6 @@ public class AuthController { @ResponseStatus(value = HttpStatus.NOT_FOUND) @ExceptionHandler(IncorrectResultSizeDataAccessException.class) public ErrorResponse customersNotFound() { - return new ErrorResponse("customers not found"); + return new ErrorResponse("Customer not found"); } } diff --git a/java-spring/common-auth/build.gradle b/java-spring/common-auth/build.gradle index a6d3704..5c316e9 100644 --- a/java-spring/common-auth/build.gradle +++ b/java-spring/common-auth/build.gradle @@ -1,7 +1,10 @@ apply plugin: 'java' dependencies { + compile project(":common-customers") + compile "org.springframework.boot:spring-boot-starter-web:$springBootVersion" + compile "org.springframework.boot:spring-boot-starter-data-mongodb:$springBootVersion" compile "org.springframework.security:spring-security-config:4.0.2.RELEASE" compile "org.springframework.security:spring-security-web:4.0.2.RELEASE" diff --git a/java-spring/common-auth/src/main/java/net/chrisrichardson/eventstore/javaexamples/banking/commonauth/AuthConfiguration.java b/java-spring/common-auth/src/main/java/net/chrisrichardson/eventstore/javaexamples/banking/commonauth/AuthConfiguration.java index 232cfa9..4de2fa5 100755 --- a/java-spring/common-auth/src/main/java/net/chrisrichardson/eventstore/javaexamples/banking/commonauth/AuthConfiguration.java +++ b/java-spring/common-auth/src/main/java/net/chrisrichardson/eventstore/javaexamples/banking/commonauth/AuthConfiguration.java @@ -1,20 +1,26 @@ package net.chrisrichardson.eventstore.javaexamples.banking.commonauth; +import net.chrisrichardson.eventstore.javaexamples.banking.common.customers.QuerySideCustomer; import net.chrisrichardson.eventstore.javaexamples.banking.commonauth.filter.StatelessAuthenticationFilter; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.context.properties.EnableConfigurationProperties; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.Configuration; +import org.springframework.data.mongodb.repository.config.EnableMongoRepositories; import org.springframework.http.HttpMethod; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.token.KeyBasedPersistenceTokenService; import org.springframework.security.core.token.TokenService; -import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.core.userdetails.UsernameNotFoundException; +import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; import java.security.SecureRandom; @@ -24,6 +30,7 @@ import java.security.SecureRandom; @Configuration @ComponentScan @EnableWebSecurity +@EnableMongoRepositories @EnableConfigurationProperties({AuthProperties.class}) public class AuthConfiguration extends WebSecurityConfigurerAdapter { @@ -33,25 +40,48 @@ public class AuthConfiguration extends WebSecurityConfigurerAdapter { @Autowired private TokenAuthenticationService tokenAuthenticationService; + @Autowired + CustomerAuthService customerAuthService; + + @Override + protected void configure(AuthenticationManagerBuilder auth) throws Exception { + //auth.inMemoryAuthentication(); + auth.userDetailsService(userDetailsServiceBean()); + } + + @Override + public UserDetailsService userDetailsServiceBean() { + return email -> { + QuerySideCustomer customer = customerAuthService.findByEmail(email); + if (customer != null) { + return new User(email, "", true, true, true, true, + AuthorityUtils.createAuthorityList("USER")); + } else { + throw new UsernameNotFoundException(String.format("could not find the customer '%s'", email)); + } + }; + } + + @Bean + public CustomerAuthService customerAuthService(CustomerAuthRepository customerAuthRepository) { + return new CustomerAuthService(customerAuthRepository); + } + @Bean @Override public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } - @Override - protected void configure(AuthenticationManagerBuilder auth) throws Exception { - auth.inMemoryAuthentication(); - } - @Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable() + .httpBasic().and() .authorizeRequests() .antMatchers("/index.html", "/", "/**.js", "/**.css").permitAll() .antMatchers(HttpMethod.POST, "/customers", "/login").permitAll() .anyRequest().authenticated().and() - .addFilterBefore(new StatelessAuthenticationFilter(tokenAuthenticationService), UsernamePasswordAuthenticationFilter.class); + .addFilterAfter(new StatelessAuthenticationFilter(tokenAuthenticationService), BasicAuthenticationFilter.class); } @Bean diff --git a/java-spring/common-auth-web/src/main/java/net/chrisrichardson/eventstore/javaexamples/banking/commonauth/CustomerAuthRepository.java b/java-spring/common-auth/src/main/java/net/chrisrichardson/eventstore/javaexamples/banking/commonauth/CustomerAuthRepository.java similarity index 100% rename from java-spring/common-auth-web/src/main/java/net/chrisrichardson/eventstore/javaexamples/banking/commonauth/CustomerAuthRepository.java rename to java-spring/common-auth/src/main/java/net/chrisrichardson/eventstore/javaexamples/banking/commonauth/CustomerAuthRepository.java diff --git a/java-spring/common-auth-web/src/main/java/net/chrisrichardson/eventstore/javaexamples/banking/commonauth/CustomerAuthService.java b/java-spring/common-auth/src/main/java/net/chrisrichardson/eventstore/javaexamples/banking/commonauth/CustomerAuthService.java similarity index 100% rename from java-spring/common-auth-web/src/main/java/net/chrisrichardson/eventstore/javaexamples/banking/commonauth/CustomerAuthService.java rename to java-spring/common-auth/src/main/java/net/chrisrichardson/eventstore/javaexamples/banking/commonauth/CustomerAuthService.java diff --git a/java-spring/common-auth/src/main/java/net/chrisrichardson/eventstore/javaexamples/banking/commonauth/filter/StatelessAuthenticationFilter.java b/java-spring/common-auth/src/main/java/net/chrisrichardson/eventstore/javaexamples/banking/commonauth/filter/StatelessAuthenticationFilter.java index 327cfb1..9225a80 100755 --- a/java-spring/common-auth/src/main/java/net/chrisrichardson/eventstore/javaexamples/banking/commonauth/filter/StatelessAuthenticationFilter.java +++ b/java-spring/common-auth/src/main/java/net/chrisrichardson/eventstore/javaexamples/banking/commonauth/filter/StatelessAuthenticationFilter.java @@ -23,10 +23,11 @@ public class StatelessAuthenticationFilter extends GenericFilterBean { } @Override - public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, - ServletException { - SecurityContextHolder.getContext().setAuthentication( - tokenAuthenticationService.getAuthentication((HttpServletRequest) req)); + public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { + if (!SecurityContextHolder.getContext().getAuthentication().isAuthenticated()) { + SecurityContextHolder.getContext().setAuthentication( + tokenAuthenticationService.getAuthentication((HttpServletRequest) req)); + } chain.doFilter(req, res); } } \ No newline at end of file diff --git a/java-spring/monolithic-service/src/main/java/net/chrisrichardson/eventstore/javaexamples/banking/web/BankingWebConfiguration.java b/java-spring/monolithic-service/src/main/java/net/chrisrichardson/eventstore/javaexamples/banking/web/BankingWebConfiguration.java index 0308639..fb5f951 100644 --- a/java-spring/monolithic-service/src/main/java/net/chrisrichardson/eventstore/javaexamples/banking/web/BankingWebConfiguration.java +++ b/java-spring/monolithic-service/src/main/java/net/chrisrichardson/eventstore/javaexamples/banking/web/BankingWebConfiguration.java @@ -1,6 +1,6 @@ package net.chrisrichardson.eventstore.javaexamples.banking.web; -import net.chrisrichardson.eventstore.javaexamples.banking.commonauth.CustomerAuthConfiguration; +import net.chrisrichardson.eventstore.javaexamples.banking.commonauth.AuthConfiguration; import net.chrisrichardson.eventstore.javaexamples.banking.web.commandside.accounts.CommandSideWebAccountsConfiguration; import net.chrisrichardson.eventstore.javaexamples.banking.web.commandside.customers.CustomersCommandSideWebConfiguration; import net.chrisrichardson.eventstore.javaexamples.banking.web.commandside.transactions.CommandSideWebTransactionsConfiguration; @@ -19,7 +19,7 @@ import org.springframework.web.servlet.config.annotation.ViewControllerRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; @Configuration -@Import({CommandSideWebAccountsConfiguration.class, CommandSideWebTransactionsConfiguration.class, JdbcEventStoreConfiguration.class, QuerySideWebConfiguration.class, CustomersQuerySideWebConfiguration.class, CustomersCommandSideWebConfiguration.class, CustomerAuthConfiguration.class}) +@Import({CommandSideWebAccountsConfiguration.class, CommandSideWebTransactionsConfiguration.class, JdbcEventStoreConfiguration.class, QuerySideWebConfiguration.class, CustomersQuerySideWebConfiguration.class, CustomersCommandSideWebConfiguration.class, AuthConfiguration.class}) @EnableAutoConfiguration @ComponentScan public class BankingWebConfiguration extends WebMvcConfigurerAdapter {