added simultaneous token-based and http basic authentication

java-spring/common-auth-web/build.gradle

@@ -7,7 +7,6 @@ dependencies {
 
     compile "org.springframework.boot:spring-boot-starter-web:$springBootVersion"
     compile "org.springframework.boot:spring-boot-starter-security:$springBootVersion"
-    compile "org.springframework.boot:spring-boot-starter-data-mongodb:$springBootVersion"
 
     testCompile "junit:junit:4.11"
 }

java-spring/common-auth-web/src/main/java/net/chrisrichardson/eventstore/javaexamples/banking/commonauth/CustomerAuthConfiguration.java

@@ -1,21 +0,0 @@
-package net.chrisrichardson.eventstore.javaexamples.banking.commonauth;
-
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.ComponentScan;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.data.mongodb.repository.config.EnableMongoRepositories;
-
-/**
- * Created by Main on 04.02.2016.
- */
-@Configuration
-@EnableMongoRepositories
-@ComponentScan
-public class CustomerAuthConfiguration {
-
-    @Bean
-    public CustomerAuthService customerAuthService(CustomerAuthRepository customerAuthRepository) {
-        return new CustomerAuthService(customerAuthRepository);
-    }
-
-}

java-spring/common-auth-web/src/main/java/net/chrisrichardson/eventstore/javaexamples/banking/commonauth/controller/AuthController.java

@@ -8,7 +8,6 @@ import net.chrisrichardson.eventstore.javaexamples.banking.commonauth.model.Auth
 import net.chrisrichardson.eventstore.javaexamples.banking.commonauth.model.ErrorResponse;
 import net.chrisrichardson.eventstore.javaexamples.banking.commonauth.model.User;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.dao.EmptyResultDataAccessException;
 import org.springframework.dao.IncorrectResultSizeDataAccessException;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -49,6 +48,6 @@ public class AuthController {
     @ResponseStatus(value = HttpStatus.NOT_FOUND)
     @ExceptionHandler(IncorrectResultSizeDataAccessException.class)
     public ErrorResponse customersNotFound() {
-        return new ErrorResponse("customers not found");
+        return new ErrorResponse("Customer not found");
     }
 }

java-spring/common-auth/build.gradle

@@ -1,7 +1,10 @@
 apply plugin: 'java'
 
 dependencies {
+    compile project(":common-customers")
+
     compile "org.springframework.boot:spring-boot-starter-web:$springBootVersion"
+    compile "org.springframework.boot:spring-boot-starter-data-mongodb:$springBootVersion"
 
     compile "org.springframework.security:spring-security-config:4.0.2.RELEASE"
     compile "org.springframework.security:spring-security-web:4.0.2.RELEASE"

java-spring/common-auth/src/main/java/net/chrisrichardson/eventstore/javaexamples/banking/commonauth/AuthConfiguration.java

@@ -1,20 +1,26 @@
 package net.chrisrichardson.eventstore.javaexamples.banking.commonauth;
 
+import net.chrisrichardson.eventstore.javaexamples.banking.common.customers.QuerySideCustomer;
 import net.chrisrichardson.eventstore.javaexamples.banking.commonauth.filter.StatelessAuthenticationFilter;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.data.mongodb.repository.config.EnableMongoRepositories;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.token.KeyBasedPersistenceTokenService;
 import org.springframework.security.core.token.TokenService;
-import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
 
 import java.security.SecureRandom;
 
@@ -24,6 +30,7 @@ import java.security.SecureRandom;
 @Configuration
 @ComponentScan
 @EnableWebSecurity
+@EnableMongoRepositories
 @EnableConfigurationProperties({AuthProperties.class})
 public class AuthConfiguration extends WebSecurityConfigurerAdapter {
 
@@ -33,25 +40,48 @@ public class AuthConfiguration extends WebSecurityConfigurerAdapter {
     @Autowired
     private TokenAuthenticationService tokenAuthenticationService;
 
+    @Autowired
+    CustomerAuthService customerAuthService;
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        //auth.inMemoryAuthentication();
+        auth.userDetailsService(userDetailsServiceBean());
+    }
+
+    @Override
+    public UserDetailsService userDetailsServiceBean() {
+        return email -> {
+            QuerySideCustomer customer = customerAuthService.findByEmail(email);
+            if (customer != null) {
+                return new User(email, "", true, true, true, true,
+                        AuthorityUtils.createAuthorityList("USER"));
+            } else {
+                throw new UsernameNotFoundException(String.format("could not find the customer '%s'", email));
+            }
+        };
+    }
+
+    @Bean
+    public CustomerAuthService customerAuthService(CustomerAuthRepository customerAuthRepository) {
+        return new CustomerAuthService(customerAuthRepository);
+    }
+
     @Bean
     @Override
     public AuthenticationManager authenticationManagerBean() throws Exception {
         return super.authenticationManagerBean();
     }
 
-    @Override
-    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-        auth.inMemoryAuthentication();
-    }
-
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         http.csrf().disable()
+                .httpBasic().and()
                 .authorizeRequests()
                 .antMatchers("/index.html", "/", "/**.js", "/**.css").permitAll()
                 .antMatchers(HttpMethod.POST, "/customers", "/login").permitAll()
                 .anyRequest().authenticated().and()
-                .addFilterBefore(new StatelessAuthenticationFilter(tokenAuthenticationService), UsernamePasswordAuthenticationFilter.class);
+                .addFilterAfter(new StatelessAuthenticationFilter(tokenAuthenticationService), BasicAuthenticationFilter.class);
     }
 
     @Bean

java-spring/common-auth/src/main/java/net/chrisrichardson/eventstore/javaexamples/banking/commonauth/filter/StatelessAuthenticationFilter.java

@@ -23,10 +23,11 @@ public class StatelessAuthenticationFilter extends GenericFilterBean {
     }
 
     @Override
-    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException,
+    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
-            ServletException {
+        if (!SecurityContextHolder.getContext().getAuthentication().isAuthenticated()) {
-        SecurityContextHolder.getContext().setAuthentication(
+            SecurityContextHolder.getContext().setAuthentication(
-                tokenAuthenticationService.getAuthentication((HttpServletRequest) req));
+                    tokenAuthenticationService.getAuthentication((HttpServletRequest) req));
+        }
         chain.doFilter(req, res);
     }
 }

java-spring/monolithic-service/src/main/java/net/chrisrichardson/eventstore/javaexamples/banking/web/BankingWebConfiguration.java

@@ -1,6 +1,6 @@
 package net.chrisrichardson.eventstore.javaexamples.banking.web;
 
-import net.chrisrichardson.eventstore.javaexamples.banking.commonauth.CustomerAuthConfiguration;
+import net.chrisrichardson.eventstore.javaexamples.banking.commonauth.AuthConfiguration;
 import net.chrisrichardson.eventstore.javaexamples.banking.web.commandside.accounts.CommandSideWebAccountsConfiguration;
 import net.chrisrichardson.eventstore.javaexamples.banking.web.commandside.customers.CustomersCommandSideWebConfiguration;
 import net.chrisrichardson.eventstore.javaexamples.banking.web.commandside.transactions.CommandSideWebTransactionsConfiguration;
@@ -19,7 +19,7 @@ import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
 
 @Configuration
-@Import({CommandSideWebAccountsConfiguration.class, CommandSideWebTransactionsConfiguration.class, JdbcEventStoreConfiguration.class, QuerySideWebConfiguration.class, CustomersQuerySideWebConfiguration.class, CustomersCommandSideWebConfiguration.class, CustomerAuthConfiguration.class})
+@Import({CommandSideWebAccountsConfiguration.class, CommandSideWebTransactionsConfiguration.class, JdbcEventStoreConfiguration.class, QuerySideWebConfiguration.class, CustomersQuerySideWebConfiguration.class, CustomersCommandSideWebConfiguration.class, AuthConfiguration.class})
 @EnableAutoConfiguration
 @ComponentScan
 public class BankingWebConfiguration extends WebMvcConfigurerAdapter {