johanleroy/ENI-Ludotheque
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

spring security config v1

Browse Source
This commit is contained in:
jleroy2023
2025-07-16 11:35:28 +02:00
parent bb927ff282
commit c3902ffc2f
10 changed files with 227 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
src/main/java/fr/eni/demo/bll/JwtService.java Normal file
View File

@@ -0,0 +1,40 @@
package fr.eni.demo.bll;
import io.jsonwebtoken.JwtException;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.security.Keys;
import org.springframework.stereotype.Service;
import java.security.Key;
import java.util.Date;
@Service
public class JwtService {
private static final long EXPIRATION_TIME = 86400000; // 1j
private final Key key = Keys.secretKeyFor(SignatureAlgorithm.HS256);
public String generateToken(String username) {
return Jwts.builder()
.setSubject(username)
.setIssuedAt(new Date())
.setExpiration(new Date(System.currentTimeMillis() + EXPIRATION_TIME))
.signWith(key)
.compact();
}
public String extractUsername(String token) {
return Jwts.parserBuilder().setSigningKey(key).build()
.parseClaimsJws(token).getBody().getSubject();
}
public boolean isTokenValid(String token) {
try {
Jwts.parserBuilder().setSigningKey(key).build().parseClaimsJws(token);
return true;
} catch (JwtException e) {
return false;
}
}
}

25
src/main/java/fr/eni/demo/bo/User.java Normal file
View File

@@ -0,0 +1,25 @@
package fr.eni.demo.bo;
import lombok.*;
import org.springframework.data.annotation.Id;
import org.springframework.data.mongodb.core.mapping.Document;
import org.springframework.data.mongodb.core.mapping.Field;
@AllArgsConstructor
@NoArgsConstructor
@Getter
@Setter
@Builder
@Document(collection = "stock")
public class User {
@Id
private String id;
@Field(name = "USERNAME")
private String username;
@Field(name = "PASSWORD")
private String pasword;
}

3
src/main/java/fr/eni/demo/controller/AddressController.java
View File

@@ -1,16 +1,13 @@
package fr.eni.demo.controller;
import fr.eni.demo.bll.AdresseService;
import fr.eni.demo.bll.StockService;
import fr.eni.demo.bo.Adresse;
import fr.eni.demo.bo.Stock;
import lombok.RequiredArgsConstructor;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.*;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
@RestController
@RequestMapping("/api/address")

43
src/main/java/fr/eni/demo/controller/AuthenticationController.java Normal file
View File

@@ -0,0 +1,43 @@
package fr.eni.demo.controller;
import fr.eni.demo.bll.JwtService;
import fr.eni.demo.bo.User;
import lombok.Getter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
@RequestMapping("/api/auth")
public class AuthenticationController {
private final AuthenticationManager authManager;
private final JwtService jwtService;
public AuthenticationController(AuthenticationManager authManager, JwtService jwtService) {
this.authManager = authManager;
this.jwtService = jwtService;
}
@PostMapping("/login")
public ResponseEntity<?> login(@RequestBody User user) {
try {
Authentication auth = authManager.authenticate(
new UsernamePasswordAuthenticationToken(user.getUsername(), user.getPasword())
);
String token = jwtService.generateToken(user.getUsername());
return ResponseEntity.ok(token);
} catch (AuthenticationException e) {
return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
}
}
}

1
src/main/java/fr/eni/demo/controller/FactureController.java
View File

@@ -2,7 +2,6 @@ package fr.eni.demo.controller;
import fr.eni.demo.bll.FactureService;
import fr.eni.demo.bo.Facture;
import fr.eni.demo.bo.Location;
import lombok.RequiredArgsConstructor;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.*;

1
src/main/java/fr/eni/demo/controller/GameTypeController.java
View File

@@ -2,7 +2,6 @@ package fr.eni.demo.controller;
import fr.eni.demo.bll.GameTypeService;
import fr.eni.demo.bo.GameType;
import fr.eni.demo.bo.Stock;
import lombok.RequiredArgsConstructor;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.PostMapping;

2
src/main/java/fr/eni/demo/controller/LocationController.java
View File

@@ -1,8 +1,6 @@
package fr.eni.demo.controller;
import fr.eni.demo.bll.ClientService;
import fr.eni.demo.bll.LocationService;
import fr.eni.demo.bo.Client;
import fr.eni.demo.bo.Location;
import lombok.RequiredArgsConstructor;
import org.springframework.http.ResponseEntity;

50
src/main/java/fr/eni/demo/security/JwtAuthFilter.java Normal file
View File

@@ -0,0 +1,50 @@
package fr.eni.demo.security;
import fr.eni.demo.bll.JwtService;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.web.filter.OncePerRequestFilter;
import java.io.IOException;
public class JwtAuthFilter extends OncePerRequestFilter {
private final JwtService jwtService;
private final UserDetailsService userDetailsService;
public JwtAuthFilter(JwtService jwtService, UserDetailsService userDetailsService) {
this.jwtService = jwtService;
this.userDetailsService = userDetailsService;
}
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
throws IOException, ServletException {
final String authHeader = request.getHeader("Authorization");
if (authHeader == null || !authHeader.startsWith("Bearer ")) {
chain.doFilter(request, response);
return;
}
String token = authHeader.substring(7);
String username = jwtService.extractUsername(token);
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
UserDetails userDetails = userDetailsService.loadUserByUsername(username);
if (jwtService.isTokenValid(token)) {
UsernamePasswordAuthenticationToken authToken =
new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(authToken);
}
}
chain.doFilter(request, response);
}
}

63
src/main/java/fr/eni/demo/security/SecurityConfig.java Normal file
View File

@@ -0,0 +1,63 @@
package fr.eni.demo.security;
import fr.eni.demo.bll.JwtService;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
@Configuration
@EnableWebSecurity
public class SecurityConfig {
private final JwtService jwtService;
public SecurityConfig(JwtService jwtService) {
this.jwtService = jwtService;
}
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests(auth -> auth
.requestMatchers("/api/auth").permitAll()
.requestMatchers("/user/**").hasAnyRole("ADMIN")
.anyRequest().denyAll()
)
.formLogin(Customizer.withDefaults());
return http.build();
}
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration config) throws Exception {
return config.getAuthenticationManager();
}
@Bean
public PasswordEncoder encoder() {
return new BCryptPasswordEncoder();
}
@Bean
public UserDetailsService userDetailsService(PasswordEncoder encoder) {
UserDetails user = User.builder()
.username("user")
.password(encoder.encode("password"))
.roles("USER")
.build();
return new InMemoryUserDetailsManager(user);
}
}