security basics

.gitignore

@@ -6,4 +6,4 @@
 target/
 build/
 ajcore*
-
+.springBeans

pom.xml

@@ -25,6 +25,7 @@
 <!-- 		<spring.neo4j.version>2.1.0.M1</spring.neo4j.version> -->
 		<hibernate.validator.version>4.2.0.Final</hibernate.validator.version>
 		<joda.version>2.1</joda.version>
+		<spring.security.version>3.1.0.RELEASE</spring.security.version>
 
 	</properties>
 
@@ -210,6 +211,28 @@
 			<artifactId>hibernate-validator</artifactId>
 			<version>${hibernate.validator.version}</version>
 		</dependency>
+
+		<!-- Security -->
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-web</artifactId>
+			<version>${spring.security.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-taglibs</artifactId>
+			<version>${spring.security.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-config</artifactId>
+			<version>${spring.security.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-aspects</artifactId>
+			<version>${spring.security.version}</version>
+		</dependency>
 
 		<!-- TEST -->
 		<dependency>
@@ -224,6 +247,11 @@
 			<version>${spring.version}</version>
 			<scope>test</scope>
 		</dependency>
+		<dependency>
+			<groupId>org.mockito</groupId>
+			<artifactId>mockito-all</artifactId>
+			<version>1.9.0</version>
+		</dependency>
 
 
 	</dependencies>

src/main/java/eu/enhan/timelord/domain/core/TimelordUser.java

@@ -19,6 +19,7 @@
 import org.joda.time.DateTime;
 import org.springframework.data.neo4j.annotation.GraphId;
 import org.springframework.data.neo4j.annotation.NodeEntity;
+import org.springframework.security.core.GrantedAuthority;
 
 /**
  * Represents a user for the Timelord application.
@@ -36,13 +37,17 @@ public class TimelordUser {
     private String password;
     private String email;
     private DateTime registrationDate;
+
+    private TimelordRoles roles[];
 
     public TimelordUser(String login, String password, String email) {
 	super();
 	this.login = login;
 	this.password = password;
 	this.email = email;
 	registrationDate = new DateTime();
+	this.roles = new TimelordRoles[1];
+	this.roles[0] = TimelordRoles.ROLE_USER;
     }
 
     public TimelordUser() {
@@ -129,5 +134,15 @@ public String toString() {
     }
 
 
+
+    public enum TimelordRoles implements GrantedAuthority{
+	ROLE_ADMIN, ROLE_USER;
+
+	@Override
+	public String getAuthority() {
+	    return name();
+	}
+
+    }
 
 }

src/main/java/eu/enhan/timelord/domain/core/UserRepository.java

@@ -0,0 +1,27 @@
+/*
+ *   This file is part of Timelord.
+ *
+ *   Timelord is free software: you can redistribute it and/or modify
+ *   it under the terms of the GNU Affero General Public License as published by
+ *   the Free Software Foundation, either version 3 of the License, or
+ *   (at your option) any later version.
+ *
+ *   Timelord is distributed in the hope that it will be useful,
+ *   but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *   GNU Affero General Public License for more details.
+ *
+ *   You should have received a copy of the Affero GNU General Public License
+ *   along with Timemord.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package eu.enhan.timelord.domain.core;
+
+import org.springframework.data.neo4j.repository.GraphRepository;
+
+/**
+ * @author Emmanuel Nhan
+ *
+ */
+public interface UserRepository extends GraphRepository<TimelordUser> {
+
+}

src/main/java/eu/enhan/timelord/domain/security/TimelordUserDetails.java

@@ -0,0 +1,107 @@
+/*
+ *   This file is part of Timelord.
+ *
+ *   Timelord is free software: you can redistribute it and/or modify
+ *   it under the terms of the GNU Affero General Public License as published by
+ *   the Free Software Foundation, either version 3 of the License, or
+ *   (at your option) any later version.
+ *
+ *   Timelord is distributed in the hope that it will be useful,
+ *   but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *   GNU Affero General Public License for more details.
+ *
+ *   You should have received a copy of the Affero GNU General Public License
+ *   along with Timemord.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package eu.enhan.timelord.domain.security;
+
+import java.util.Collection;
+
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+
+import eu.enhan.timelord.domain.core.TimelordUser;
+
+/**
+ * @author Emmanuel Nhan
+ *
+ */
+public class TimelordUserDetails implements UserDetails {
+
+    /**
+     * 
+     */
+    private static final long serialVersionUID = 4750182611003623369L;
+
+    private final TimelordUser user;
+
+    public TimelordUserDetails(TimelordUser user) {
+	super();
+	this.user = user;
+    }
+
+    /* (non-Javadoc)
+     * @see org.springframework.security.core.userdetails.UserDetails#getAuthorities()
+     */
+    @Override
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+	// TODO Auto-generated method stub
+	return null;
+    }
+
+    /* (non-Javadoc)
+     * @see org.springframework.security.core.userdetails.UserDetails#getPassword()
+     */
+    @Override
+    public String getPassword() {
+	// TODO Auto-generated method stub
+	return null;
+    }
+
+    /* (non-Javadoc)
+     * @see org.springframework.security.core.userdetails.UserDetails#getUsername()
+     */
+    @Override
+    public String getUsername() {
+	// TODO Auto-generated method stub
+	return null;
+    }
+
+    /* (non-Javadoc)
+     * @see org.springframework.security.core.userdetails.UserDetails#isAccountNonExpired()
+     */
+    @Override
+    public boolean isAccountNonExpired() {
+	// TODO Auto-generated method stub
+	return false;
+    }
+
+    /* (non-Javadoc)
+     * @see org.springframework.security.core.userdetails.UserDetails#isAccountNonLocked()
+     */
+    @Override
+    public boolean isAccountNonLocked() {
+	// TODO Auto-generated method stub
+	return false;
+    }
+
+    /* (non-Javadoc)
+     * @see org.springframework.security.core.userdetails.UserDetails#isCredentialsNonExpired()
+     */
+    @Override
+    public boolean isCredentialsNonExpired() {
+	// TODO Auto-generated method stub
+	return false;
+    }
+
+    /* (non-Javadoc)
+     * @see org.springframework.security.core.userdetails.UserDetails#isEnabled()
+     */
+    @Override
+    public boolean isEnabled() {
+	// TODO Auto-generated method stub
+	return false;
+    }
+
+}

src/main/java/eu/enhan/timelord/domain/security/TimelordUserDetailsService.java

@@ -0,0 +1,40 @@
+/*
+ *   This file is part of Timelord.
+ *
+ *   Timelord is free software: you can redistribute it and/or modify
+ *   it under the terms of the GNU Affero General Public License as published by
+ *   the Free Software Foundation, either version 3 of the License, or
+ *   (at your option) any later version.
+ *
+ *   Timelord is distributed in the hope that it will be useful,
+ *   but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *   GNU Affero General Public License for more details.
+ *
+ *   You should have received a copy of the Affero GNU General Public License
+ *   along with Timemord.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package eu.enhan.timelord.domain.security;
+
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Service;
+
+/**
+ * @author Emmanuel Nhan
+ *
+ */
+@Service
+public class TimelordUserDetailsService implements UserDetailsService {
+
+    /* (non-Javadoc)
+     * @see org.springframework.security.core.userdetails.UserDetailsService#loadUserByUsername(java.lang.String)
+     */
+    @Override
+    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+
+	return null;
+    }
+
+}

src/main/java/eu/enhan/timelord/web/config/WebConfig.java

@@ -19,6 +19,7 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.ImportResource;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
@@ -31,6 +32,7 @@
 @Configuration
 @EnableWebMvc
 @ComponentScan(basePackages = "eu.enhan.timelord.web")
+@ImportResource(value={"classpath:/spring/security.xml"})
 public class WebConfig extends WebMvcConfigurerAdapter {
 
     @Bean

src/main/java/eu/enhan/timelord/web/controller/TimelordUserController.java

@@ -18,7 +18,6 @@
 
 import java.util.List;
 
-import org.neo4j.graphdb.Transaction;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;

src/main/resources/spring/security.xml

@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:security="http://www.springframework.org/schema/security"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+		http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
+
+	<security:global-method-security mode="aspectj" secured-annotations="enabled" />
+
+	<security:http auto-config="true" >
+		<security:intercept-url pattern="/admin/**" access="ROLE_ADMIN"/>
+		<security:form-login login-page="/"/>
+	</security:http>
+
+	<security:authentication-manager>
+		<security:authentication-provider user-service-ref="timelordUserDetailsService">
+			<security:password-encoder hash="sha"></security:password-encoder>
+		</security:authentication-provider>
+	</security:authentication-manager>
+
+</beans>

src/main/webapp/WEB-INF/view/common/header.jspf

@@ -5,12 +5,19 @@
 <div class="navbar navbar-fixed-top">
 	<div class="navbar-inner">
 		<div class="container">
+			<a class="brand" href="/">Timelord</a>
 			<ul class="nav">
-				<li class="active"><a class="brand" href="#">Timelord</a></li>
-				<li><a href="#">Home</a></li>
+				<li class="active"><a href="/">Home</a></li>
 				<li><a href="#">Register</a></li>
 				<li><a href="#">About</a></li>
 			</ul>
+
+			<form action="/auth/login" method="post" class="navbar-form pull-right">
+				<input type="text" class="span2" placeholder="login" id="j_username" name="j_username"/>
+				<input type="password" class="span2" placeholder="password" id="j_password" name="j_password" />
+				<button type="submit" class="btn btn-primary">Login</button>
+			</form>
+
 		</div>
 	</div>
 </div>