user:userpassword:password @Configuration@EnableWebSecurity@EnableGlobalM

1. user:user
2. password:password
3.  
4. @Configuration
5. @EnableWebSecurity
6. @EnableGlobalMethodSecurity(prePostEnabled = true)
7. public class SecurityConfig extends WebSecurityConfigurerAdapter{
8. @Autowired
9. private UserService userService;
10.  
11. @Autowired
12. public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception{
13. auth.userDetailsService(userService).passwordEncoder(User.PASSWORD_ENCODER);
14. }
15.  
16. @Override
17. public void configure(WebSecurity web) throws Exception{
18. web.ignoring().antMatchers("/css/**");
19. web.ignoring().antMatchers("/images/**");
20. web.ignoring().antMatchers("/js/**");
21. }
22.  
23. @Override
24. protected void configure(HttpSecurity http) throws Exception{
25. http.authorizeRequests()
26. .antMatchers("/sign-up").permitAll()
27. .anyRequest()
28. .hasRole("USER")
29. .and()
30. .formLogin()
31. .loginPage("/login")
32. .permitAll()
33. .successHandler(loginSuccessHandler())
34. .failureHandler(loginFailureHandler())
35. .and()
36. .logout()
37. .permitAll()
38. .logoutSuccessUrl("/login")
39. .and()
40. .csrf().disable();
41. }
42.  
43. public AuthenticationSuccessHandler loginSuccessHandler(){
44. return (request, response, authentication) ->{
45. response.sendRedirect("/recipes/");
46. };
47. }
48.  
49. public AuthenticationFailureHandler loginFailureHandler(){
50. return (request, response, exception) ->{
51. request.getSession().setAttribute("flash",
52. new FlashMessage("Incorrect username and/or password. Try again.",
53. FlashMessage.Status.FAILURE));
54. response.sendRedirect("/login");
55. };
56. }
57.  
58. @Bean
59. public EvaluationContextExtension securityExtension(){
60. return new EvaluationContextExtensionSupport() {
61. @Override
62. public String getExtensionId() {
63. return "security";
64. }
65.  
66. @Override
67. public Object getRootObject(){
68. Authentication authentication =
69. SecurityContextHolder.getContext().getAuthentication();
70. return new SecurityExpressionRoot(authentication) {
71. };
72. }
73. };
74. }
75. }
76.  
77. @Entity
78. public class User implements UserDetails{
79. public static final PasswordEncoder PASSWORD_ENCODER =
80. new BCryptPasswordEncoder();
81.  
82. @Id
83. @GeneratedValue(strategy = GenerationType.IDENTITY)
84. private Long id;
85.  
86. @NotNull
87. @Column(unique = true)
88. @Size(min = 2, max = 20)
89. private String username;
90.  
91. @NotNull
92. @Column(length = 100)
93. @JsonIgnore
94. private String password;
95.  
96. @NotNull
97. @Column(length = 100)
98. @JsonIgnore
99. private String matchingPassword;
100.  
101. @Column(nullable = false)
102. private boolean enabled;
103.  
104. @OneToOne
105. @JoinColumn(name = "role_id")
106. @JsonIgnore
107. private Role role;
108.  
109. @ManyToMany(targetEntity = Recipe.class, fetch = FetchType.EAGER)
110. @JoinTable(name = "users_favorite_recipes",
111. joinColumns = @JoinColumn(name="user_id"),
112. inverseJoinColumns = @JoinColumn(name = "recipe_id"))
113. private List<Recipe> favoritedRecipes = new ArrayList<>();
114.  
115. @JsonIgnore
116. @OneToMany(mappedBy = "user", cascade = CascadeType.ALL)
117. private List<Recipe> ownedRecipes = new ArrayList<>();
118.  
119. //constructor ...
120. //getters and setters ...
121.  
122. public void encryptPasswords(){
123. password = PASSWORD_ENCODER.encode(password);
124. matchingPassword = PASSWORD_ENCODER.encode(matchingPassword);
125. }
126.  
127. @Override
128. public Collection<? extends GrantedAuthority> getAuthorities() {
129. List<GrantedAuthority> authorities = new ArrayList<>();
130. authorities.add(new SimpleGrantedAuthority(role.getName()));
131. return authorities;
132. }
133.  
134. @Override
135. public String getPassword() {
136. return password;
137. }
138.  
139. @Override
140. public String getUsername() {
141. return username;
142. }
143.  
144. @Override
145. public boolean isAccountNonExpired() {
146. return true;
147. }
148.  
149. @Override
150. public boolean isAccountNonLocked() {
151. return true;
152. }
153.  
154. @Override
155. public boolean isCredentialsNonExpired() {
156. return true;
157. }
158.  
159. @Override
160. public boolean isEnabled() {
161. return enabled;
162. }
163. }
164.  
165. public interface UserService extends UserDetailsService{
166. UserDetails loadUserByUsername(String username);
167. User findByUsername(String username);
168. User registerNewUser(String username, boolean enabled, String password, String matchingPassword);
169. void save(User user);
170. List<User> findAll();
171. }
172.  
173. @Component
174. @ComponentScan
175. public class UserServiceImpl implements UserService{
176. @Autowired
177. private UserDao userDao;
178.  
179. @Autowired
180. private RoleDao roleDao;
181.  
182. @Override
183. public User findByUsername(String username) {
184. User user = userDao.findByUsername(username);
185. Hibernate.initialize(user.getFavoritedRecipes());
186. return user;
187. }
188.  
189. @Override
190. public UserDetails loadUserByUsername(String username)
191. throws UsernameNotFoundException{
192. User user = userDao.findByUsername(username);
193. if(user == null){
194. throw new UsernameNotFoundException(
195. username + " was not found"
196. );
197. }
198.  
199. return user;
200. }
201.  
202. @Override
203. public void save(User user) {
204. userDao.save(user);
205. }
206.  
207. @Override
208. public User registerNewUser(String username, boolean enabled, String password, String matchingPassword) {
209. return userDao.save(new User(username, enabled, password, matchingPassword));
210. }
211.  
212. @Override
213. public List<User> findAll() {
214. return userDao.findAll();
215. }
216. }