Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- @Entity
- @Table(name="USERS")
- public class User {
- @Id
- @NotBlank
- private String username;
- @NotBlank
- private String password;
- @ElementCollection(fetch = FetchType.EAGER)
- private Set<String> roles;
- @NotNull
- private Boolean enabled;
- public User() {
- }
- public String getUsername() {
- return username;
- }
- public void setUsername(String username) {
- this.username = username;
- }
- public String getPassword() {
- return password;
- }
- public void setPassword(String password) {
- this.password = password;
- }
- public Set<String> getRoles() {
- return roles;
- }
- public void setRoles(Set<String> roles) {
- this.roles = roles;
- }
- public Boolean getEnabled() {
- return enabled;
- }
- public void setEnabled(Boolean enabled) {
- this.enabled = enabled;
- }
- }
- @Configuration
- @EnableWebSecurity
- public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
- @Autowired
- private DataSource dataSource;
- @Autowired
- private PasswordEncoder passwordEncoder;
- @Bean
- @Override
- public UserDetailsService userDetailsServiceBean() throws Exception{
- return super.userDetailsServiceBean();
- }
- @Override
- protected void configure(HttpSecurity http) {
- try {
- http.csrf().disable();
- http.authorizeRequests()
- .antMatchers("/admin/**").hasRole("ADMIN")
- .antMatchers("/", "/index.jsf", "/signup.jsf", "/assets/**").permitAll()
- .antMatchers("/javax.faces.resource/**").permitAll()
- .antMatchers("/ui/**").authenticated()
- .anyRequest().authenticated()
- .and()
- .formLogin()
- .loginPage("/login.jsf")
- .permitAll()
- .failureUrl("/login.jsf?error=true")
- .defaultSuccessUrl("/index.jsf")
- .and()
- .logout()
- .logoutSuccessUrl("/index.jsf");
- } catch (Exception ex) {
- throw new RuntimeException(ex);
- }
- }
- @Override
- protected void configure(AuthenticationManagerBuilder auth) {
- try {
- auth.jdbcAuthentication()
- .dataSource(dataSource)
- .usersByUsernameQuery(
- "SELECT username, password, enabled " +
- "FROM users " +
- "WHERE username = ?"
- )
- .authoritiesByUsernameQuery(
- "SELECT x.username, y.roles " +
- "FROM users x, user_roles y " +
- "WHERE x.username = ? and y.user_username = x.username "
- )
- /*
- Note: in BCrypt, the "password" field also contains the salt
- */
- .passwordEncoder(passwordEncoder);
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
- }
- }
- @Named
- @Autowired
- private UserService userService;
- @Autowired
- private AuthenticationManager authenticationManager;
- @Autowired
- private UserDetailsService userDetailsService;
- private String username;
- private String password;
- private boolean isAdmin;
- public String signUpUser(){
- boolean registered = false;
- try {
- registered = userService.createUser(username, password, isAdmin);
- }catch (Exception e){
- //nothing to do
- }
- if(registered){
- UserDetails userDetails = userDetailsService.loadUserByUsername(username);
- UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
- userDetails,
- password,
- userDetails.getAuthorities());
- authenticationManager.authenticate(token);
- if (token.isAuthenticated()) {
- SecurityContextHolder.getContext().setAuthentication(token);
- }
- return "/index.jsf?faces-redirect=true";
- } else {
- return "/signup.jsf?faces-redirect=true&error=true";
- }
- }
- public String getUsername() {
- return username;
- }
- public void setUsername(String username) {
- this.username = username;
- }
- public String getPassword() {
- return password;
- }
- public void setPassword(String password) {
- this.password = password;
- }
- public boolean isAdmin() {
- return isAdmin;
- }
- public void setAdmin(boolean admin) {
- isAdmin = admin;
- }
Add Comment
Please, Sign In to add comment