spring cloud : e-commerce(user-service) - AuthenticationFileter, UserDetailService

2021-09-22 17:58:47 +09:00
parent 4514d92bae
commit f6dfe1190e
6 changed files with 104 additions and 3 deletions
--- a/springcloud/user-service/src/main/java/com/example/userservice/repository/UserRepository.java
+++ b/springcloud/user-service/src/main/java/com/example/userservice/repository/UserRepository.java
@@ -8,4 +8,5 @@ import java.util.Optional;
 public interface UserRepository extends JpaRepository<UserEntity, Long> {

    Optional<UserEntity> findByUserId(String userId);
+    Optional<UserEntity> findByEmail(String username);
 }
--- a/springcloud/user-service/src/main/java/com/example/userservice/security/AuthenticationFilter.java
+++ b/springcloud/user-service/src/main/java/com/example/userservice/security/AuthenticationFilter.java
@@ -0,0 +1,43 @@
+package com.example.userservice.security;
+
+import com.example.userservice.vo.RequestLogin;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.ArrayList;
+
+public class AuthenticationFilter extends UsernamePasswordAuthenticationFilter {
+
+    @Override
+    public Authentication attemptAuthentication(HttpServletRequest request,
+                                                HttpServletResponse response) throws AuthenticationException {
+        try {
+            RequestLogin cred = new ObjectMapper().readValue(request.getInputStream(), RequestLogin.class);
+
+            return getAuthenticationManager().authenticate(
+                    new UsernamePasswordAuthenticationToken(
+                            cred.getEmail(),
+                            cred.getPassword(),
+                            new ArrayList<>()
+                    )
+            );
+        } catch (IOException e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    @Override
+    protected void successfulAuthentication(HttpServletRequest request,
+                                            HttpServletResponse response,
+                                            FilterChain chain,
+                                            Authentication authResult) throws IOException, ServletException {
+    }
+}
--- a/springcloud/user-service/src/main/java/com/example/userservice/security/WebSecurity.java
+++ b/springcloud/user-service/src/main/java/com/example/userservice/security/WebSecurity.java
@@ -1,24 +1,49 @@
 package com.example.userservice.security;

+import com.example.userservice.service.UserService;
+import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.core.env.Environment;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+
+import javax.servlet.Filter;

@Configuration
@EnableWebSecurity
+@RequiredArgsConstructor
 public class WebSecurity extends WebSecurityConfigurerAdapter {

+    private final UserService userService;
+    private final BCryptPasswordEncoder bCryptPasswordEncoder;
+    private final Environment env;
+
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-        super.configure(auth);
+        auth.userDetailsService(userService).passwordEncoder(bCryptPasswordEncoder);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable().headers().frameOptions().disable();

-        http.authorizeRequests().antMatchers("/users/**").permitAll();
+//        http.authorizeRequests().antMatchers("/users/**").permitAll();
+        http.authorizeRequests().antMatchers("/**")
+                .hasIpAddress("172.30.1.7")
+                .and()
+                .addFilter(getAuthenticationFilter());
+
    }
+
+    private AuthenticationFilter getAuthenticationFilter() throws Exception {
+        AuthenticationFilter authenticationFilter = new AuthenticationFilter();
+        authenticationFilter.setAuthenticationManager(authenticationManager());
+
+        return authenticationFilter;
+    }
+
+
 }
--- a/springcloud/user-service/src/main/java/com/example/userservice/service/UserService.java
+++ b/springcloud/user-service/src/main/java/com/example/userservice/service/UserService.java
@@ -2,10 +2,11 @@ package com.example.userservice.service;

 import com.example.userservice.dto.UserDto;
 import com.example.userservice.entity.UserEntity;
+import org.springframework.security.core.userdetails.UserDetailsService;

 import java.util.List;

-public interface UserService {
+public interface UserService extends UserDetailsService {

    void createUser(UserDto userDto);
    UserDto getUserByUserId(String userId);
--- a/springcloud/user-service/src/main/java/com/example/userservice/service/UserServiceImpl.java
+++ b/springcloud/user-service/src/main/java/com/example/userservice/service/UserServiceImpl.java
@@ -6,6 +6,8 @@ import com.example.userservice.repository.UserRepository;
 import lombok.RequiredArgsConstructor;
 import org.modelmapper.ModelMapper;
 import org.modelmapper.convention.MatchingStrategies;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.stereotype.Service;
@@ -48,4 +50,14 @@ public class UserServiceImpl implements UserService {
    public List<UserEntity> gerUserByAll() {
        return userRepository.findAll();
    }
+
+    @Override
+    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+        UserEntity userEntity = userRepository.findByEmail(username)
+                .orElseThrow(() -> new UsernameNotFoundException(username));
+
+        return new User(userEntity.getEmail(), userEntity.getEncryptedPwd(),
+                true, true, true, true,
+                new ArrayList<>());
+    }
 }
--- a/springcloud/user-service/src/main/java/com/example/userservice/vo/RequestLogin.java
+++ b/springcloud/user-service/src/main/java/com/example/userservice/vo/RequestLogin.java
@@ -0,0 +1,19 @@
+package com.example.userservice.vo;
+
+import lombok.Data;
+
+import javax.validation.constraints.Email;
+import javax.validation.constraints.NotBlank;
+import javax.validation.constraints.Size;
+
+@Data
+public class RequestLogin {
+
+    @NotBlank(message = "Email can`t be null")
+    @Size(min = 2, message = "Email not be less than 2 characters")
+    @Email
+    private String email;
+    @NotBlank(message = "Password can`t be null")
+    @Size(min = 8, message = "Password must be equal or greater less than 8 characters")
+    private String password;
+}