Merge pull request eugenp#101 from egmp777/master

Password Encoding

Author: Eugen

spring-security-login-and-registration/src/main/java/org/baeldung/persistence/model/User.java

@@ -1,6 +1,8 @@
 package org.baeldung.persistence.model;
 
 import javax.persistence.CascadeType;
+//ERASE
+import javax.persistence.Column;
 import javax.persistence.Entity;
 import javax.persistence.FetchType;
 import javax.persistence.GeneratedValue;
@@ -36,8 +38,6 @@ public User() {
         this.tokenExpired = false;
     }
 
-    //
-
     public Long getId() {
         return id;
     }
@@ -102,8 +102,6 @@ public void setTokenExpired(boolean expired) {
         this.tokenExpired = expired;
     }
 
-    //
-
     @Override
     public int hashCode() {
         final int prime = 31;

spring-security-login-and-registration/src/main/java/org/baeldung/persistence/model/VerificationToken.java

@@ -3,6 +3,8 @@
 import java.util.Calendar;
 import java.sql.Date;
 import java.sql.Timestamp;
+
+import javax.persistence.Column;
 import javax.persistence.Entity;
 import javax.persistence.FetchType;
 import javax.persistence.GeneratedValue;
@@ -47,7 +49,6 @@ public VerificationToken(String token, User user) {
         this.expiryDate = calculateExpiryDate(EXPIRATION);
     }
 
-    //
 
     public String getToken() {
         return token;

spring-security-login-and-registration/src/main/java/org/baeldung/security/MySimpleUrlAuthenticationSuccessHandler.java

@@ -15,7 +15,9 @@
 import org.springframework.security.web.RedirectStrategy;
 import org.springframework.security.web.WebAttributes;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+import org.springframework.stereotype.Component;
 
+@Component("myAuthenticationSuccessHandler")
 public class MySimpleUrlAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
     private final Logger logger = LoggerFactory.getLogger(getClass());
 

spring-security-login-and-registration/src/main/java/org/baeldung/security/MyUserDetailsService.java

@@ -17,7 +17,7 @@
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
-@Service
+@Service("userDetailsService")
 @Transactional
 public class MyUserDetailsService implements UserDetailsService {
 

spring-security-login-and-registration/src/main/java/org/baeldung/spring/SecSecurityConfig.java

@@ -1,14 +1,38 @@
 package org.baeldung.spring;
 
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.ImportResource;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 
 @Configuration
+@ComponentScan(basePackages = { "org.baeldung.security" })
 @ImportResource({ "classpath:webSecurityConfig.xml" })
 public class SecSecurityConfig {
 
+    @Autowired
+    UserDetailsService userDetailsService;
+
     public SecSecurityConfig() {
         super();
     }
 
-}
+    @Bean
+    public BCryptPasswordEncoder encoder() {
+        BCryptPasswordEncoder encoder = new BCryptPasswordEncoder(11);
+        return encoder;
+    }
+    
+    @Bean
+    public DaoAuthenticationProvider authProvider() {
+        DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
+        authProvider.setUserDetailsService(userDetailsService);
+        authProvider.setPasswordEncoder(encoder());
+        return authProvider;
+    }
+
+}

spring-security-login-and-registration/src/main/resources/webSecurityConfig.xml

@@ -19,7 +19,7 @@
 		<intercept-url pattern="/emailError*" access="permitAll" />
 		<intercept-url pattern="/resources/**" access="permitAll" />
 		<intercept-url pattern="/invalidSession*" access="isAnonymous()" />
-		<intercept-url pattern="/**" access="isAuthenticated()" />
+	<intercept-url pattern="/**" access="isAuthenticated()" />
 		<form-login login-page='/login.html'
 			authentication-failure-url="/login.html?error=true"
 			authentication-success-handler-ref="myAuthenticationSuccessHandler"
@@ -29,18 +29,7 @@
 		<logout invalidate-session="false" logout-success-url="/logout.html?logSucc=true"
 			logout-url="/j_spring_security_logout" delete-cookies="JSESSIONID" />
 	</http>
-
-	<beans:bean id="myAuthenticationSuccessHandler"
-		class="org.baeldung.security.MySimpleUrlAuthenticationSuccessHandler" />
 	<authentication-manager>
 		<authentication-provider ref="authProvider"/>
 	</authentication-manager>
-	<beans:bean id="authProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider"> 
-		<beans:property name="userDetailsService" ref="userDetailsService" /> <beans:property 
-		name="passwordEncoder" ref="encoder" /> </beans:bean>
-	<beans:bean id="userDetailsService" class="org.baeldung.security.MyUserDetailsService" />
-	<beans:bean id="encoder"
-		class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
-		<beans:constructor-arg name="strength" value="11" />
-	</beans:bean>
 </beans:beans>

src/main/java/org/baeldung/event/OnRegistrationCompleteEvent.java

@@ -0,0 +1,33 @@
+package org.baeldung.event;
+
+import java.util.Locale;
+
+import org.baeldung.persistence.model.User;
+import org.springframework.context.ApplicationEvent;
+
+@SuppressWarnings("serial")
+public class OnRegistrationCompleteEvent extends ApplicationEvent {
+
+    private final String appUrl;
+    private final Locale locale;
+    private final User user;
+
+    public OnRegistrationCompleteEvent(User user, Locale locale, String appUrl) {
+        super(user);
+        this.user = user;
+        this.locale = locale;
+        this.appUrl = appUrl;
+    }
+
+    public String getAppUrl() {
+        return appUrl;
+    }
+
+    public Locale getLocale() {
+        return locale;
+    }
+
+    public User getUser() {
+        return user;
+    }
+}

src/main/java/org/baeldung/event/listener/RegistrationListener.java

@@ -0,0 +1,46 @@
+package org.baeldung.event.listener;
+
+import java.util.UUID;
+
+import org.baeldung.event.OnRegistrationCompleteEvent;
+import org.baeldung.persistence.model.User;
+import org.baeldung.persistence.service.IUserService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationListener;
+import org.springframework.context.MessageSource;
+import org.springframework.mail.SimpleMailMessage;
+import org.springframework.mail.javamail.JavaMailSender;
+import org.springframework.stereotype.Component;
+
+@Component
+public class RegistrationListener implements ApplicationListener<OnRegistrationCompleteEvent> {
+    @Autowired
+    private IUserService service;
+
+    @Autowired
+    private MessageSource messages;
+
+    @Autowired
+    private JavaMailSender mailSender;
+
+    @Override
+    public void onApplicationEvent(OnRegistrationCompleteEvent event) {
+        this.confirmRegistration(event);
+    }
+
+    private void confirmRegistration(OnRegistrationCompleteEvent event) {
+        User user = event.getUser();
+        String token = UUID.randomUUID().toString();
+        service.createVerificationTokenForUser(user, token);
+
+        String recipientAddress = user.getEmail();
+        String subject = "Registration Confirmation";
+        String confirmationUrl = event.getAppUrl() + "/regitrationConfirm.html?token=" + token;
+        String message = messages.getMessage("message.regSucc", null, event.getLocale());
+        SimpleMailMessage email = new SimpleMailMessage();
+        email.setTo(recipientAddress);
+        email.setSubject(subject);
+        email.setText(message + " \r\n" + "http://localhost:8080" + confirmationUrl);
+        mailSender.send(email);
+    }
+}

src/main/java/org/baeldung/hashing/HashGenerator.java

@@ -0,0 +1,12 @@
+package org.baeldung.hashing;
+
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+
+public class HashGenerator {
+
+    public String getHashedPassword(String password) {
+        BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
+        String hashedPassword = passwordEncoder.encode(password);
+        return hashedPassword;
+    }
+}

src/main/java/org/baeldung/persistence/dao/UserRepository.java

@@ -0,0 +1,11 @@
+package org.baeldung.persistence.dao;
+
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.baeldung.persistence.model.User;
+
+public interface UserRepository extends JpaRepository<User, Long> {
+    public User findByEmail(String email);
+
+    public void delete(User user);
+
+}