From b253aa55b0c2186295c9c7747ce3871b0b48cb8b Mon Sep 17 00:00:00 2001
From: jleroy <johan.leroy2023@campus-eni.fr>
Date: Tue, 23 Apr 2024 08:12:45 +0200
Subject: [PATCH] Connexion BDD v1

---
 .../controllers/AccueilController.java        |  1 -
 .../enchere/dal/ArticleRepositoryImpl.java    |  4 +-
 .../eni/enchere/dal/UserRepositoryImpl.java   |  3 ++
 .../enchere/security/WebSecurityConfig.java   | 41 +++++++++++++++++++
 4 files changed, 46 insertions(+), 3 deletions(-)
 create mode 100644 src/main/java/fr/eni/enchere/security/WebSecurityConfig.java

diff --git a/src/main/java/fr/eni/enchere/controllers/AccueilController.java b/src/main/java/fr/eni/enchere/controllers/AccueilController.java
index 8506b87..4e9b0bb 100644
--- a/src/main/java/fr/eni/enchere/controllers/AccueilController.java
+++ b/src/main/java/fr/eni/enchere/controllers/AccueilController.java
@@ -23,7 +23,6 @@ public class AccueilController {
     @GetMapping({"/", "/accueil"})
     public String viewAccueil(Model model) {
 
-        logger.info("Liste des articles : {}", articleService.findAllArticle().getLast());
         model.addAttribute("articles", articleService.findAllArticle());
 
         return "accueil";
diff --git a/src/main/java/fr/eni/enchere/dal/ArticleRepositoryImpl.java b/src/main/java/fr/eni/enchere/dal/ArticleRepositoryImpl.java
index ed52d6f..f588383 100644
--- a/src/main/java/fr/eni/enchere/dal/ArticleRepositoryImpl.java
+++ b/src/main/java/fr/eni/enchere/dal/ArticleRepositoryImpl.java
@@ -17,6 +17,7 @@ import java.util.List;
 @Repository
 @Primary
 public class ArticleRepositoryImpl implements ArticleRepository {
+
     private static final Logger logger = LoggerFactory.getLogger(ArticleRepositoryImpl.class);
     private JdbcTemplate jdbcTemplate;
     private NamedParameterJdbcTemplate namedJdbcTemplate;
@@ -37,17 +38,16 @@ public class ArticleRepositoryImpl implements ArticleRepository {
             return article;
         }
     }
+
     public ArticleRepositoryImpl(JdbcTemplate jdbcTemplate, NamedParameterJdbcTemplate namedJdbcTemplate) {
         this.jdbcTemplate = jdbcTemplate;
         this.namedJdbcTemplate = namedJdbcTemplate;
     }
 
-
     @Override
     public List<Article> findAllArticle() {
         String sql = "SELECT * FROM ARTICLES_VENDUS";
         List<Article> articles = jdbcTemplate.query(sql, new ArticleRowMapper());
-
         return articles;
     }
 
diff --git a/src/main/java/fr/eni/enchere/dal/UserRepositoryImpl.java b/src/main/java/fr/eni/enchere/dal/UserRepositoryImpl.java
index 0cad87d..4bd9213 100644
--- a/src/main/java/fr/eni/enchere/dal/UserRepositoryImpl.java
+++ b/src/main/java/fr/eni/enchere/dal/UserRepositoryImpl.java
@@ -2,6 +2,7 @@ package fr.eni.enchere.dal;
 
 import fr.eni.enchere.bo.User;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Primary;
 import org.springframework.jdbc.core.JdbcTemplate;
 import org.springframework.jdbc.core.namedparam.MapSqlParameterSource;
 import org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate;
@@ -12,10 +13,12 @@ import org.springframework.stereotype.Repository;
 import java.util.List;
 
 @Repository
+@Primary
 public class UserRepositoryImpl implements UserRepository {
 
     private final JdbcTemplate jdbcTemplate;
     private NamedParameterJdbcTemplate namedParameterJdbcTemplate;
+
     @Autowired
     public UserRepositoryImpl(JdbcTemplate jdbcTemplate, NamedParameterJdbcTemplate namedJdbcTemplate) {
         this.jdbcTemplate = jdbcTemplate;
diff --git a/src/main/java/fr/eni/enchere/security/WebSecurityConfig.java b/src/main/java/fr/eni/enchere/security/WebSecurityConfig.java
new file mode 100644
index 0000000..1862200
--- /dev/null
+++ b/src/main/java/fr/eni/enchere/security/WebSecurityConfig.java
@@ -0,0 +1,41 @@
+package fr.eni.enchere.security;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.crypto.factory.PasswordEncoderFactories;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+
+@Configuration
+@EnableWebSecurity
+public class WebSecurityConfig {
+
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        http.authorizeHttpRequests((requests) -> requests.requestMatchers("/", "/films", "/filmotheque", "/film").permitAll()
+                        .requestMatchers("/filmLogout", "/login").permitAll()
+                        .requestMatchers("/css/**", "/images/**").permitAll()
+                        .requestMatchers("/genres").hasRole("ADMIN")
+                        .requestMatchers("/ajoutFilm")
+                        .hasAnyRole("MEMBRE", "ADMIN")
+                        .anyRequest().authenticated())
+                .formLogin((form) -> form.loginPage("/login").defaultSuccessUrl("/", true))
+                .logout((logout) -> logout.clearAuthentication(true).invalidateHttpSession(true)
+                        .deleteCookies("JSESSIONID").logoutSuccessUrl("/filmLogout")
+                        .logoutRequestMatcher(new AntPathRequestMatcher("/logout")).permitAll());
+
+        return http.build();
+    }
+
+    @Bean
+    public PasswordEncoder encoder() {
+        // Production :
+        return PasswordEncoderFactories.createDelegatingPasswordEncoder();
+        // Dev/test
+        //return NoOpPasswordEncoder.getInstance();
+    }
+
+}