From f6dfe1190e65d00881cc6126feecd941684f048e Mon Sep 17 00:00:00 2001
From: haerong22 <haerong22@naver.com>
Date: Wed, 22 Sep 2021 17:58:47 +0900
Subject: [PATCH] spring cloud : e-commerce(user-service) -
 AuthenticationFileter, UserDetailService

---
 .../repository/UserRepository.java            |  1 +
 .../security/AuthenticationFilter.java        | 43 +++++++++++++++++++
 .../userservice/security/WebSecurity.java     | 29 ++++++++++++-
 .../userservice/service/UserService.java      |  3 +-
 .../userservice/service/UserServiceImpl.java  | 12 ++++++
 .../example/userservice/vo/RequestLogin.java  | 19 ++++++++
 6 files changed, 104 insertions(+), 3 deletions(-)
 create mode 100644 springcloud/user-service/src/main/java/com/example/userservice/security/AuthenticationFilter.java
 create mode 100644 springcloud/user-service/src/main/java/com/example/userservice/vo/RequestLogin.java

diff --git a/springcloud/user-service/src/main/java/com/example/userservice/repository/UserRepository.java b/springcloud/user-service/src/main/java/com/example/userservice/repository/UserRepository.java
index a77b66d3..e3bb2d57 100644
--- a/springcloud/user-service/src/main/java/com/example/userservice/repository/UserRepository.java
+++ b/springcloud/user-service/src/main/java/com/example/userservice/repository/UserRepository.java
@@ -8,4 +8,5 @@ import java.util.Optional;
 public interface UserRepository extends JpaRepository<UserEntity, Long> {
 
     Optional<UserEntity> findByUserId(String userId);
+    Optional<UserEntity> findByEmail(String username);
 }
diff --git a/springcloud/user-service/src/main/java/com/example/userservice/security/AuthenticationFilter.java b/springcloud/user-service/src/main/java/com/example/userservice/security/AuthenticationFilter.java
new file mode 100644
index 00000000..b3d3b52a
--- /dev/null
+++ b/springcloud/user-service/src/main/java/com/example/userservice/security/AuthenticationFilter.java
@@ -0,0 +1,43 @@
+package com.example.userservice.security;
+
+import com.example.userservice.vo.RequestLogin;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.ArrayList;
+
+public class AuthenticationFilter extends UsernamePasswordAuthenticationFilter {
+
+    @Override
+    public Authentication attemptAuthentication(HttpServletRequest request,
+                                                HttpServletResponse response) throws AuthenticationException {
+        try {
+            RequestLogin cred = new ObjectMapper().readValue(request.getInputStream(), RequestLogin.class);
+
+            return getAuthenticationManager().authenticate(
+                    new UsernamePasswordAuthenticationToken(
+                            cred.getEmail(),
+                            cred.getPassword(),
+                            new ArrayList<>()
+                    )
+            );
+        } catch (IOException e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    @Override
+    protected void successfulAuthentication(HttpServletRequest request,
+                                            HttpServletResponse response,
+                                            FilterChain chain,
+                                            Authentication authResult) throws IOException, ServletException {
+    }
+}
diff --git a/springcloud/user-service/src/main/java/com/example/userservice/security/WebSecurity.java b/springcloud/user-service/src/main/java/com/example/userservice/security/WebSecurity.java
index 0a593eca..c895d532 100644
--- a/springcloud/user-service/src/main/java/com/example/userservice/security/WebSecurity.java
+++ b/springcloud/user-service/src/main/java/com/example/userservice/security/WebSecurity.java
@@ -1,24 +1,49 @@
 package com.example.userservice.security;
 
+import com.example.userservice.service.UserService;
+import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.core.env.Environment;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+
+import javax.servlet.Filter;
 
 @Configuration
 @EnableWebSecurity
+@RequiredArgsConstructor
 public class WebSecurity extends WebSecurityConfigurerAdapter {
 
+    private final UserService userService;
+    private final BCryptPasswordEncoder bCryptPasswordEncoder;
+    private final Environment env;
+
     @Override
     protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-        super.configure(auth);
+        auth.userDetailsService(userService).passwordEncoder(bCryptPasswordEncoder);
     }
 
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         http.csrf().disable().headers().frameOptions().disable();
 
-        http.authorizeRequests().antMatchers("/users/**").permitAll();
+//        http.authorizeRequests().antMatchers("/users/**").permitAll();
+        http.authorizeRequests().antMatchers("/**")
+                .hasIpAddress("172.30.1.7")
+                .and()
+                .addFilter(getAuthenticationFilter());
+
     }
+
+    private AuthenticationFilter getAuthenticationFilter() throws Exception {
+        AuthenticationFilter authenticationFilter = new AuthenticationFilter();
+        authenticationFilter.setAuthenticationManager(authenticationManager());
+
+        return authenticationFilter;
+    }
+
+
 }
diff --git a/springcloud/user-service/src/main/java/com/example/userservice/service/UserService.java b/springcloud/user-service/src/main/java/com/example/userservice/service/UserService.java
index 55843530..a1724b5a 100644
--- a/springcloud/user-service/src/main/java/com/example/userservice/service/UserService.java
+++ b/springcloud/user-service/src/main/java/com/example/userservice/service/UserService.java
@@ -2,10 +2,11 @@ package com.example.userservice.service;
 
 import com.example.userservice.dto.UserDto;
 import com.example.userservice.entity.UserEntity;
+import org.springframework.security.core.userdetails.UserDetailsService;
 
 import java.util.List;
 
-public interface UserService {
+public interface UserService extends UserDetailsService {
 
     void createUser(UserDto userDto);
     UserDto getUserByUserId(String userId);
diff --git a/springcloud/user-service/src/main/java/com/example/userservice/service/UserServiceImpl.java b/springcloud/user-service/src/main/java/com/example/userservice/service/UserServiceImpl.java
index 4357bcbf..d878687b 100644
--- a/springcloud/user-service/src/main/java/com/example/userservice/service/UserServiceImpl.java
+++ b/springcloud/user-service/src/main/java/com/example/userservice/service/UserServiceImpl.java
@@ -6,6 +6,8 @@ import com.example.userservice.repository.UserRepository;
 import lombok.RequiredArgsConstructor;
 import org.modelmapper.ModelMapper;
 import org.modelmapper.convention.MatchingStrategies;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.stereotype.Service;
@@ -48,4 +50,14 @@ public class UserServiceImpl implements UserService {
     public List<UserEntity> gerUserByAll() {
         return userRepository.findAll();
     }
+
+    @Override
+    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+        UserEntity userEntity = userRepository.findByEmail(username)
+                .orElseThrow(() -> new UsernameNotFoundException(username));
+
+        return new User(userEntity.getEmail(), userEntity.getEncryptedPwd(),
+                true, true, true, true,
+                new ArrayList<>());
+    }
 }
diff --git a/springcloud/user-service/src/main/java/com/example/userservice/vo/RequestLogin.java b/springcloud/user-service/src/main/java/com/example/userservice/vo/RequestLogin.java
new file mode 100644
index 00000000..78c2e89d
--- /dev/null
+++ b/springcloud/user-service/src/main/java/com/example/userservice/vo/RequestLogin.java
@@ -0,0 +1,19 @@
+package com.example.userservice.vo;
+
+import lombok.Data;
+
+import javax.validation.constraints.Email;
+import javax.validation.constraints.NotBlank;
+import javax.validation.constraints.Size;
+
+@Data
+public class RequestLogin {
+
+    @NotBlank(message = "Email can`t be null")
+    @Size(min = 2, message = "Email not be less than 2 characters")
+    @Email
+    private String email;
+    @NotBlank(message = "Password can`t be null")
+    @Size(min = 8, message = "Password must be equal or greater less than 8 characters")
+    private String password;
+}