<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8" /> <title

1. <!DOCTYPE html>
2. <html lang="en">
3.  
4. <head>
5. <meta charset="UTF-8" />
6. <title>Login</title>
7. <link rel="stylesheet" type="text/css" href="stylesheets/bootstrap.min.css" />
8. <script src="scripts/angular.min.js"></script>
9. <script src="scripts/login.js"></script>
10. <style>
11. body {
12. position: relative;
13. }
14. </style>
15. </head>
16.  
17. <body ng-app="LoginApp">
18. <div class="modal show" ng-controller="LoginController">
19. <div class="modal-header">
20. <h1 class="text-center">Login</h1>
21. </div>
22. <div class="modal-body">
23. <form>
24. <div class="control-group">
25. <div class="controls">
26. <input class="input-block-level" type="text" placeholder="Username" ng-model="username" ng-change="checkValid()" ng-disabled="requesting">
27. </div>
28. </div>
29. <div class="control-group">
30. <div class="controls">
31. <input class="input-block-level" type="password" placeholder="Password" ng-model="password" ng-change="checkValid()" ng-disabled="requesting">
32. </div>
33. </div>
34. <span class="error" ng-bind="errormessage" ng-show="error"></span>
35. <!--
36. <div class="control-group">
37. <label class="checkbox">
38. <input type="checkbox">Remember me</label>
39. </div>
40. -->
41. </form>
42. </div>
43. <div class="modal-footer">
44. <!--
45. <button class="btn btn-link">Forgot password?</button>
46. -->
47. <button class="btn btnExtra btn-large btn-primary" ng-click="submitLogin()" ng-disabled="requesting || !valid">Login</button>
48. </div>
49. </div>
50. </body>
51.  
52. </html>
53.  
54. (function(angular) {
55. const app = angular.module("LoginApp",[]);
56. app.controller("LoginController", ["$scope", "$http", function($scope, $http){
57. $scope.username = "";
58. $scope.password = "";
59. $scope.errormessage = "";
60. $scope.error = false;
61. $scope.valid = false;
62. $scope.requesting = false;
63. $scope.submitLogin = function() {
64. $scope.requesting = true;
65. $scope.error = false;
66. const credentials = {
67. username: $scope.username,
68. password: $scope.password
69. };
70. const headers = credentials ? {authorization : "Basic "
71. + btoa(credentials.username + ":" + credentials.password)
72. } : {};
73. $http.get("user", { headers: headers }).then(function(data){
74. if(data.data.name) {
75. window.location.href = "/";
76. }
77. else {
78. $scope.error = true;
79. $scope.requesting = false;
80. $scope.errormessage = "Username / Passwort ist falsch!";
81. }
82. },
83. function(reason) {
84. $scope.error = true;
85. $scope.requesting = false;
86. if(reason.status === 404 || reason.status === 408){
87. $scope.errormessage = "Verbindung zum Server konnte nicht hergestellt werden!";
88. }else if (reason.status === 403){
89. $scope.errormessage = "Username / Passwort ist falsch!";
90. }else{
91. $scope.errormessage = "Unbekannter Fehler ist bei der Anfrage aufgetreten! Bitte versuchen Sie es erneut";
92. }
93. })
94. };
95. $scope.checkValid = function(){
96. if($scope.username != undefined && $scope.username != null && $scope.username.length > 1 &&
97. $scope.password != undefined && $scope.password != null && $scope.password.length > 1){
98. $scope.valid = true;
99. }else{
100. $scope.valid = false;
101. }
102. };
103. }
104. ]);
105. })(window.angular);
106.  
107. @RestController
108. public class UserController {
109. @RequestMapping(value = "/user")
110. public Principal user(Principal user) {
111. return user;
112. }
113. }
114.  
115. @Order(2)
116. public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {
117. @Override
118. protected void afterSpringSecurityFilterChain(ServletContext servletContext) {
119. super.beforeSpringSecurityFilterChain(servletContext);
120. insertFilters(servletContext,new MultipartFilter(),new MDCFilter());
121. }
122. }
123.  
124. import javax.sql.DataSource;
125.  
126. import org.springframework.beans.factory.annotation.Autowired;
127. import org.springframework.boot.autoconfigure.security.SecurityProperties;
128. import org.springframework.context.annotation.Configuration;
129. import org.springframework.core.annotation.Order;
130. import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
131. import org.springframework.security.config.annotation.web.builders.HttpSecurity;
132. import org.springframework.security.config.annotation.web.builders.WebSecurity;
133. import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
134. import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
135. import org.springframework.security.web.csrf.CsrfFilter;
136. import org.springframework.security.web.csrf.CsrfTokenRepository;
137. import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
138.  
139. @Configuration
140. @EnableWebSecurity(debug=true)
141. @Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
142. public class SecurityConfig extends WebSecurityConfigurerAdapter {
143.  
144. @Autowired
145. DataSource dataSource;
146.  
147. @Autowired
148. public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
149. auth
150. .jdbcAuthentication()
151. .dataSource(dataSource)
152. .usersByUsernameQuery(
153. "select email,pwHash,true from user where email = ?")
154. .authoritiesByUsernameQuery(
155. "select email, rolle_rollenname from user where email = ?");
156. }
157.  
158. @Override
159. protected void configure(HttpSecurity http) throws Exception {
160. http
161. .authorizeRequests()
162. .antMatchers("/user", "/login", "/logout", "login.html").permitAll()
163. .anyRequest().authenticated()
164. .and()
165. .csrf().csrfTokenRepository(csrfTokenRepository())
166. .and()
167. .addFilterAfter(new CsrfHeaderFilter(), CsrfFilter.class)
168. .formLogin()
169. .loginPage("/login")
170. //.logoutSuccessHandler(new customLogoutSuccessHandler())
171. .and()
172. .logout()
173. .logoutUrl("/logout");
174. }
175. @Override
176. public void configure(WebSecurity web) throws Exception {
177. web
178. .ignoring()
179. .antMatchers("/scripts/**")
180. .antMatchers("/stylesheets/**");
181. }
182.  
183. private CsrfTokenRepository csrfTokenRepository()
184. {
185. HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
186. repository.setHeaderName("X-XSRF-TOKEN");
187. return repository;
188. }
189. }
190.  
191. .factory('AuthFactory', ['$http', 'contextPath', '$q', '$timeout', function ($http, contextPath, $q, $timeout) {
192.  
193. function User() {
194. };
195.  
196. var currentUser = null;
197.  
198. var userChangeCallbacks = [];
199.  
200. var notifyUserChange = function (newUser) {
201. angular.forEach(userChangeCallbacks, function (callback) {
202. $timeout(function () {
203. callback(newUser);
204. });
205. });
206. };
207.  
208. var exported = {
209. getCurrentUser: function () {
210. return currentUser;
211. },
212. refresh: function () {
213. return $q(function (resolve, reject) {
214. //Get the current user
215. $http.get(contextPath + '/rest/user/current')
216. .success(function (data) {
217. currentUser = new User();
218. for (var key in data) {
219. currentUser[key] = data[key];
220. }
221. notifyUserChange(currentUser);
222. resolve(currentUser);
223. })
224. });
225. },
226. registerUserChangeHandler: function (callback) {
227. console.log("registered handler: " + callback);
228. userChangeCallbacks.push(callback);
229. }
230. };
231.  
232. return exported;
233. }]);