Spring Boot Security,DB Auth and Custom UserService.

manirDev · manirDev · commit 425ced43bf09 · 2022-11-14T13:26:52.000+03:00
diff --git a/src/main/java/com/manir/springbootecommercerestapi/config/SecurityConfig.java b/src/main/java/com/manir/springbootecommercerestapi/config/SecurityConfig.java
@@ -1,8 +1,11 @@
 package com.manir.springbootecommercerestapi.config;
 
+import com.manir.springbootecommercerestapi.security.CustomUserDetailsService;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -14,6 +17,8 @@
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 
+import javax.annotation.Resource;
+
 @Configuration
 @EnableWebSecurity
 /***
@@ -23,6 +28,9 @@
 @EnableGlobalMethodSecurity(prePostEnabled = true)
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
+    @Autowired
+    private CustomUserDetailsService customUserDetailsService;
+
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         http
@@ -38,13 +46,21 @@ protected void configure(HttpSecurity http) throws Exception {
     }
 
     //In memory Auth
-    @Override
-    @Bean
-    protected UserDetailsService userDetailsService() {
-        UserDetails user =  User.builder().username("user").password(passwordEncoder().encode("user")).roles("USER").build();
-        UserDetails admin =  User.builder().username("admin").password(passwordEncoder().encode("admin")).roles("ADMIN").build();
+    /**
+        @Override
+        @Bean
+        protected UserDetailsService userDetailsService() {
+            UserDetails user =  User.builder().username("customer").password(passwordEncoder().encode("customer")).roles("USER").build();
+            UserDetails admin =  User.builder().username("admin").password(passwordEncoder().encode("admin")).roles("ADMIN").build();
+
+            return new InMemoryUserDetailsManager(user, admin);
+        }
+    **/
 
-        return new InMemoryUserDetailsManager(user, admin);
+    //DB Auth
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth.userDetailsService(customUserDetailsService).passwordEncoder(passwordEncoder());
     }
 
     @Bean
diff --git a/src/main/java/com/manir/springbootecommercerestapi/controller/ShoppingCartController.java b/src/main/java/com/manir/springbootecommercerestapi/controller/ShoppingCartController.java
@@ -3,8 +3,10 @@
 import com.manir.springbootecommercerestapi.dto.CartItemDto;
 import com.manir.springbootecommercerestapi.response.CartItemResponse;
 import com.manir.springbootecommercerestapi.service.ShoppingCartService;
+import com.manir.springbootecommercerestapi.utils.isAuthenticatedAsAdminOrUser;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import javax.annotation.Resource;
@@ -18,6 +20,7 @@ public class ShoppingCartController {
     private ShoppingCartService shoppingCartService;
 
     //find by customer api
+    @isAuthenticatedAsAdminOrUser
     @GetMapping("/findByCustomer/{customerId}")
     public CartItemResponse findByCustomerId(@PathVariable Long customerId){
         CartItemResponse responseCartItems = shoppingCartService.findByCustomerId(customerId);
@@ -26,6 +29,7 @@ public CartItemResponse findByCustomerId(@PathVariable Long customerId){
     }
 
     //add item to the cart api
+    @isAuthenticatedAsAdminOrUser
     @PostMapping("/addItem/{customerId}/{productId}/{quantity}")
     public ResponseEntity<CartItemResponse> addCartItem(@PathVariable Long customerId,
                                                         @PathVariable Long productId,
@@ -36,6 +40,7 @@ public ResponseEntity<CartItemResponse> addCartItem(@PathVariable Long customerI
     }
 
     //update item quantity api
+    @isAuthenticatedAsAdminOrUser
     @PutMapping("/updateItemQuantity/{customerId}/{productId}/{quantity}")
     public ResponseEntity<CartItemResponse> updateItemQuantity(@PathVariable Long customerId,
                                                                @PathVariable Long productId,
@@ -47,6 +52,7 @@ public ResponseEntity<CartItemResponse> updateItemQuantity(@PathVariable Long cu
     }
 
     //delete item product api
+    @isAuthenticatedAsAdminOrUser
     @DeleteMapping("/deleteItemProduct/{customerId}/{productId}")
     public ResponseEntity<String> deleteItemProduct(@PathVariable Long customerId, @PathVariable Long productId){
         shoppingCartService.deleteItemProduct(customerId, productId);
diff --git a/src/main/java/com/manir/springbootecommercerestapi/model/CartItem.java b/src/main/java/com/manir/springbootecommercerestapi/model/CartItem.java
@@ -1,12 +1,10 @@
 package com.manir.springbootecommercerestapi.model;
 
-import com.fasterxml.jackson.annotation.JsonIgnore;
 import lombok.AllArgsConstructor;
 import lombok.Data;
 import lombok.NoArgsConstructor;
 
 import javax.persistence.*;
-import java.util.Set;
 
 @AllArgsConstructor
 @NoArgsConstructor
@@ -27,9 +25,9 @@ public class CartItem {
     @JoinColumn(name = "product_id")
     private Product product;
 
-    //relation with user
+    //relation with customer
     @ManyToOne()
     @JoinColumn(name = "customer_id")
-    private Customer customer;
+    private User customer;
 
 }
diff --git a/src/main/java/com/manir/springbootecommercerestapi/model/Role.java b/src/main/java/com/manir/springbootecommercerestapi/model/Role.java
@@ -0,0 +1,17 @@
+package com.manir.springbootecommercerestapi.model;
+
+import lombok.Data;
+
+import javax.persistence.*;
+
+@Data
+@Entity
+@Table(name = "roles")
+public class Role {
+
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id;
+    @Column(length = 60)
+    private String name;
+}
diff --git a/src/main/java/com/manir/springbootecommercerestapi/model/User.java b/src/main/java/com/manir/springbootecommercerestapi/model/User.java
@@ -1,17 +1,16 @@
 package com.manir.springbootecommercerestapi.model;
 
-import com.fasterxml.jackson.annotation.JsonIgnore;
 import lombok.Data;
 
 import javax.persistence.*;
 import java.util.Set;
 
 @Data
 @Entity
-@Table(name = "customers", uniqueConstraints = {@UniqueConstraint(columnNames = {"userName"}),
+@Table(name = "users", uniqueConstraints = {@UniqueConstraint(columnNames = {"userName"}),
         @UniqueConstraint(columnNames = {"email"})
 })
-public class Customer {
+public class User {
     @Id
     @GeneratedValue(strategy = GenerationType.IDENTITY)
     private Long id;
@@ -25,4 +24,11 @@ public class Customer {
             fetch = FetchType.LAZY, orphanRemoval = true,
             mappedBy = "customer")
     private Set<CartItem> cartItems;
-}
+
+    //relation with role
+    @ManyToMany(fetch = FetchType.EAGER, cascade = CascadeType.ALL)
+    @JoinTable(name = "user_roles",
+               joinColumns = @JoinColumn(name = "user_id", referencedColumnName = "id"),
+               inverseJoinColumns = @JoinColumn(name = "role_id", referencedColumnName = "id"))
+    private Set<Role> roles;
+ }
diff --git a/src/main/java/com/manir/springbootecommercerestapi/repository/CartItemRepository.java b/src/main/java/com/manir/springbootecommercerestapi/repository/CartItemRepository.java
@@ -11,7 +11,7 @@ public interface CartItemRepository extends JpaRepository<CartItem, Long> {
 
     List<CartItem> findByCustomerId(Long customerId);
 
-    //CartItem findByCustomerAndProduct(Customer customer, Product product);
+    //CartItem findByCustomerAndProduct(User customer, Product product);
     CartItem findByCustomerIdAndProductId(Long customerId, Long productId);
 
     @Query("UPDATE CartItem c SET c.quantity = ?3 WHERE c.product.id = ?2 AND c.customer.id = ?1")
diff --git a/src/main/java/com/manir/springbootecommercerestapi/repository/CustomerRepository.java b/src/main/java/com/manir/springbootecommercerestapi/repository/CustomerRepository.java
diff --git a/src/main/java/com/manir/springbootecommercerestapi/repository/RoleRepository.java b/src/main/java/com/manir/springbootecommercerestapi/repository/RoleRepository.java
@@ -0,0 +1,10 @@
+package com.manir.springbootecommercerestapi.repository;
+
+import com.manir.springbootecommercerestapi.model.Role;
+import org.springframework.data.jpa.repository.JpaRepository;
+
+import java.util.Optional;
+
+public interface RoleRepository extends JpaRepository<Role, Long> {
+    Optional<Role> findByName(String name);
+}
diff --git a/src/main/java/com/manir/springbootecommercerestapi/repository/UserRepository.java b/src/main/java/com/manir/springbootecommercerestapi/repository/UserRepository.java
@@ -0,0 +1,16 @@
+package com.manir.springbootecommercerestapi.repository;
+
+import com.manir.springbootecommercerestapi.model.User;
+import org.springframework.data.jpa.repository.JpaRepository;
+
+import java.util.Optional;
+
+public interface UserRepository extends JpaRepository<User, Long>{
+
+    Optional<User> findByEmail(String email);
+    Optional<User> findByUserNameOrEmail(String username, String email);
+    Optional<User> findByUserName(String username);
+    Boolean existsByUserName(String username);
+    Boolean existsByEmail(String email);
+
+}
diff --git a/src/main/java/com/manir/springbootecommercerestapi/security/CustomUserDetailsService.java b/src/main/java/com/manir/springbootecommercerestapi/security/CustomUserDetailsService.java
@@ -0,0 +1,43 @@
+package com.manir.springbootecommercerestapi.security;
+
+import com.manir.springbootecommercerestapi.model.Role;
+import com.manir.springbootecommercerestapi.model.User;
+import com.manir.springbootecommercerestapi.repository.UserRepository;
+import lombok.AllArgsConstructor;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Service;
+
+import javax.annotation.Resource;
+import java.util.Collection;
+import java.util.Set;
+import java.util.stream.Collectors;
+
+@Service
+@AllArgsConstructor
+public class CustomUserDetailsService implements UserDetailsService {
+    private final UserRepository userRepository;
+
+    @Override
+    public UserDetails loadUserByUsername(String userNameOrEmail) throws UsernameNotFoundException {
+        User user =  userRepository.findByUserNameOrEmail(userNameOrEmail, userNameOrEmail)
+                                   .orElseThrow(
+                                           () -> new UsernameNotFoundException("User not found with username or email: " + userNameOrEmail)
+                                   );
+        return new org.springframework.security.core.userdetails.User(
+                                    user.getEmail(),
+                                    user.getPassword(),
+                                    mapRolesToAuthorities(user.getRoles())
+                            );
+    }
+
+    private Collection<? extends GrantedAuthority> mapRolesToAuthorities(Set<Role> roles){
+        return roles.stream()
+                            .map(role -> new SimpleGrantedAuthority(role.getName()))
+                            .collect(Collectors.toList());
+    }
+}
diff --git a/src/main/java/com/manir/springbootecommercerestapi/service/Impl/ShoppingCartServiceImpl.java b/src/main/java/com/manir/springbootecommercerestapi/service/Impl/ShoppingCartServiceImpl.java
@@ -4,10 +4,10 @@
 import com.manir.springbootecommercerestapi.exception.EcommerceApiException;
 import com.manir.springbootecommercerestapi.exception.ResourceNotFoundException;
 import com.manir.springbootecommercerestapi.model.CartItem;
-import com.manir.springbootecommercerestapi.model.Customer;
+import com.manir.springbootecommercerestapi.model.User;
 import com.manir.springbootecommercerestapi.model.Product;
 import com.manir.springbootecommercerestapi.repository.CartItemRepository;
-import com.manir.springbootecommercerestapi.repository.CustomerRepository;
+import com.manir.springbootecommercerestapi.repository.UserRepository;
 import com.manir.springbootecommercerestapi.repository.ProductRepository;
 import com.manir.springbootecommercerestapi.response.CartItemResponse;
 import com.manir.springbootecommercerestapi.service.CommonService;
@@ -19,7 +19,6 @@
 
 import javax.annotation.Resource;
 import javax.transaction.Transactional;
-import java.util.ArrayList;
 import java.util.List;
 import java.util.stream.Collectors;
 import java.util.stream.DoubleStream;
@@ -35,7 +34,7 @@ public class ShoppingCartServiceImpl implements ShoppingCartService {
     @Resource
     private ProductRepository productRepository;
     @Resource
-    private CustomerRepository customerRepository;
+    private UserRepository userRepository;
     @Resource
     private CommonService commonService;
     @Override
@@ -44,7 +43,7 @@ public CartItemResponse findByCustomerId(Long customerId) {
         List<CartItem> cartItems = cartItemRepository.findByCustomerId(customerId);
 
         if (cartItems.size() == 0){
-            throw new EcommerceApiException("Customer has no product in cart item", HttpStatus.BAD_REQUEST);
+            throw new EcommerceApiException("User has no product in cart item", HttpStatus.BAD_REQUEST);
         }
 
         List<CartItemDto> cartItemDtoList = cartItems.stream()
@@ -61,7 +60,7 @@ public CartItemResponse findByCustomerId(Long customerId) {
     @Override
     public CartItemResponse addCartItem(Long customerId, Long productId, Integer quantity) {
         Integer addedQuantity = quantity;
-        Customer customer = findCustomerById(customerId);
+        User user = findCustomerById(customerId);
         Product product = findProductById(productId);
 
         CartItem cartItem = cartItemRepository.findByCustomerIdAndProductId(customerId, productId);
@@ -70,7 +69,7 @@ public CartItemResponse addCartItem(Long customerId, Long productId, Integer qua
             cartItem.setQuantity(addedQuantity);
         }else {
             cartItem = new CartItem();
-            cartItem.setCustomer(customer);
+            cartItem.setCustomer(user);
             cartItem.setProduct(product);
             cartItem.setQuantity(quantity);
         }
@@ -120,12 +119,12 @@ private CartItem mapToEntity(CartItemDto cartItemDto){
         return cartItem;
     }
 
-    private Customer findCustomerById(Long customerId){
-        Customer customer = customerRepository.findById(customerId)
+    private User findCustomerById(Long customerId){
+        User user = userRepository.findById(customerId)
                 .orElseThrow(
-                        () -> new ResourceNotFoundException("Customer", customerId)
+                        () -> new ResourceNotFoundException("User", customerId)
                 );
-        return customer;
+        return user;
     }
 
     private Product findProductById(Long productId){
diff --git a/src/main/java/com/manir/springbootecommercerestapi/utils/PasswordEncoderGenerator.java b/src/main/java/com/manir/springbootecommercerestapi/utils/PasswordEncoderGenerator.java
@@ -0,0 +1,12 @@
+package com.manir.springbootecommercerestapi.utils;
+
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+public class PasswordEncoderGenerator {
+    public static void main(String[] args) {
+        PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
+        System.out.println("ADMIN: " + passwordEncoder.encode("admin"));
+        System.out.println("USER: " + passwordEncoder.encode("user"));
+    }
+}
diff --git a/src/main/java/com/manir/springbootecommercerestapi/utils/isAuthenticatedAsAdminOrUser.java b/src/main/java/com/manir/springbootecommercerestapi/utils/isAuthenticatedAsAdminOrUser.java
@@ -0,0 +1,11 @@
+package com.manir.springbootecommercerestapi.utils;
+
+import org.springframework.security.access.prepost.PreAuthorize;
+
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+
+@Retention(RetentionPolicy.RUNTIME)
+@PreAuthorize("hasRole('ADMIN') || hasRole('USER')")
+public @interface isAuthenticatedAsAdminOrUser {
+}
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
@@ -9,7 +9,7 @@ spring.jpa.hibernate.ddl-auto=update
 #TO see security is working on the console
 logging.level.org.springframework.security=DEBUG
 #Spring security default auth credential
-#spring.security.user.password= user
-#spring.security.user.name= user
-#spring.security.user.roles= ADMIN
+#spring.security.customer.password= customer
+#spring.security.customer.name= customer
+#spring.security.customer.roles= ADMIN
 
