UserDetails kısmının veri tabanından yapılması sağlandı

fatih.dogmus · fatih.dogmus · commit 62b7ab595ce1 · 2020-08-21T16:54:27.000+03:00
diff --git a/src/main/java/yte/intern/security/SecurityApplication.java b/src/main/java/yte/intern/security/SecurityApplication.java
@@ -3,23 +3,15 @@
 import lombok.RequiredArgsConstructor;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
-import yte.intern.security.security.util.DatabasePopulator;
-
-import javax.annotation.PostConstruct;
 
 @SpringBootApplication
 @RequiredArgsConstructor
 public class SecurityApplication {
 
-	private final DatabasePopulator databasePopulator;
 
 	public static void main(String[] args) {
 		SpringApplication.run(SecurityApplication.class, args);
 	}
 
-	@PostConstruct
-	public void initSecurityData() {
-		databasePopulator.populateDatabaseAfterInit();
-	}
 
 }
diff --git a/src/main/java/yte/intern/security/controller/LoginController.java b/src/main/java/yte/intern/security/controller/LoginController.java
@@ -0,0 +1,22 @@
+package yte.intern.security.controller;
+
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RestController;
+import yte.intern.security.dto.LoginRequest;
+import yte.intern.security.service.LoginService;
+
+@RestController
+@RequiredArgsConstructor
+public class LoginController {
+
+	private final LoginService loginService;
+
+	@PostMapping("/customLogin")
+	@PreAuthorize("permitAll()")
+	public String login(@RequestBody LoginRequest loginRequest) {
+		return loginService.login(loginRequest);
+	}
+}
diff --git a/src/main/java/yte/intern/security/controller/TestController.java b/src/main/java/yte/intern/security/controller/TestController.java
@@ -19,7 +19,7 @@ public String user() {
 	}
 
 	@GetMapping("/admin")
-	@PreAuthorize("hasAuthority('ADMIN') && hasRole('ADMIN')")
+	@PreAuthorize("hasAuthority('ADMIN')")
 	public String admin() {
 		return "Ben adminim!";
 	}
diff --git a/src/main/java/yte/intern/security/controller/UserController.java b/src/main/java/yte/intern/security/controller/UserController.java
@@ -0,0 +1,22 @@
+package yte.intern.security.controller;
+
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RestController;
+import yte.intern.security.dto.AddUserDTO;
+import yte.intern.security.service.UserService;
+
+@RestController
+@RequiredArgsConstructor
+public class UserController {
+
+	private final UserService userService;
+
+	@PostMapping("/addUser")
+	@PreAuthorize("permitAll()")
+	public String addUser(@RequestBody AddUserDTO addUserDTO) {
+		return userService.addUser(addUserDTO);
+	}
+}
diff --git a/src/main/java/yte/intern/security/dto/AddUserDTO.java b/src/main/java/yte/intern/security/dto/AddUserDTO.java
@@ -0,0 +1,17 @@
+package yte.intern.security.dto;
+
+import lombok.Getter;
+import lombok.Setter;
+
+import java.util.List;
+
+@Getter
+@Setter
+public class AddUserDTO {
+
+	private String username;
+	private String password;
+
+	private List<String> authorities;
+
+}
diff --git a/src/main/java/yte/intern/security/dto/LoginRequest.java b/src/main/java/yte/intern/security/dto/LoginRequest.java
@@ -0,0 +1,12 @@
+package yte.intern.security.dto;
+
+import lombok.Getter;
+import lombok.Setter;
+
+@Getter
+@Setter
+public class LoginRequest {
+
+	private String username;
+	private String password;
+}
diff --git a/src/main/java/yte/intern/security/entity/Authority.java b/src/main/java/yte/intern/security/entity/Authority.java
@@ -0,0 +1,30 @@
+package yte.intern.security.entity;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+import org.springframework.security.core.GrantedAuthority;
+
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.Id;
+import javax.persistence.ManyToMany;
+import java.util.Set;
+
+@Entity
+@Getter
+@Setter
+@AllArgsConstructor
+@NoArgsConstructor
+public class Authority implements GrantedAuthority {
+
+	@Id
+	@GeneratedValue
+	private Long id;
+
+	@ManyToMany(mappedBy = "authorities")
+	private Set<Users> users;
+
+	private String authority;
+}
diff --git a/src/main/java/yte/intern/security/entity/Users.java b/src/main/java/yte/intern/security/entity/Users.java
@@ -0,0 +1,40 @@
+package yte.intern.security.entity;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+import org.springframework.security.core.userdetails.UserDetails;
+
+import javax.persistence.*;
+import java.util.Set;
+
+@Entity
+@AllArgsConstructor
+@Getter
+@Setter
+@NoArgsConstructor
+public class Users implements UserDetails {
+
+
+	@Id
+	@GeneratedValue
+	private Long id;
+
+	private String username;
+	private String password;
+
+	@ManyToMany(fetch = FetchType.EAGER)
+	@JoinTable(
+			name = "USER_AUTHORITIES",
+			joinColumns = @JoinColumn(name = "user_id"),
+			inverseJoinColumns = @JoinColumn(name = "authority_id")
+	)
+	private Set<Authority> authorities;
+
+	private boolean isAccountNonExpired;
+	private boolean isAccountNonLocked;
+	private boolean isCredentialsNonExpired;
+	private boolean isEnabled;
+
+}
diff --git a/src/main/java/yte/intern/security/repository/AuthorityRepository.java b/src/main/java/yte/intern/security/repository/AuthorityRepository.java
@@ -0,0 +1,7 @@
+package yte.intern.security.repository;
+
+import org.springframework.data.jpa.repository.JpaRepository;
+import yte.intern.security.entity.Authority;
+
+public interface AuthorityRepository extends JpaRepository<Authority, Long> {
+}
diff --git a/src/main/java/yte/intern/security/repository/UserRepository.java b/src/main/java/yte/intern/security/repository/UserRepository.java
@@ -0,0 +1,8 @@
+package yte.intern.security.repository;
+
+import org.springframework.data.jpa.repository.JpaRepository;
+import yte.intern.security.entity.Users;
+
+public interface UserRepository extends JpaRepository<Users, Long> {
+	Users findByUsername(String username);
+}
diff --git a/src/main/java/yte/intern/security/security/CustomUser.java b/src/main/java/yte/intern/security/security/CustomUser.java
diff --git a/src/main/java/yte/intern/security/security/config/SecurityConfig.java b/src/main/java/yte/intern/security/security/config/SecurityConfig.java
@@ -3,14 +3,16 @@
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.crypto.password.NoOpPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
-import yte.intern.security.security.CustomUserDetailsService;
+import yte.intern.security.service.CustomUserDetailsService;
 
 @EnableWebSecurity
 @Configuration
@@ -22,38 +24,41 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
 	@Override
 	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-//		PasswordEncoder passwordEncoder = passwordEncoder();
 //		auth.inMemoryAuthentication()
 //				.withUser("admin")
 //				.password(passwordEncoder.encode("admin"))
-//				.authorities("ADMIN")
-//				.roles("ADMIN")
+//				.authorities("ADMIN","ROLE_ADMIN")
 //				.and()
 //				.withUser("user")
 //				.password(passwordEncoder.encode("user"))
 //				.authorities("USER")
 //				.and()
 //				.passwordEncoder(passwordEncoder);
 //
-//		System.out.println(passwordEncoder.encode("hebele"));
-		auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
+		auth.authenticationProvider(authenticationProvider());
 	}
 
 	@Bean
 	public PasswordEncoder passwordEncoder() {
 		return NoOpPasswordEncoder.getInstance();
 	}
 
+	@Bean
+	public AuthenticationProvider authenticationProvider() {
+		var daoAuthenticationProvider = new DaoAuthenticationProvider();
+		daoAuthenticationProvider.setUserDetailsService(userDetailsService);
+		daoAuthenticationProvider.setPasswordEncoder(passwordEncoder());
+
+		return daoAuthenticationProvider;
+	}
+
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
-		super.configure(http);
-//		http
-//				.authorizeRequests()
-//				.antMatchers("/login").permitAll()
-//				.antMatchers("/user").hasAnyAuthority("ADMIN", "USER")
-//				.antMatchers("/admin").hasAuthority("ADMIN")
-//				.and()
-//				.formLogin();
+		http
+				.authorizeRequests()
+				.antMatchers("/login").permitAll()
+				.and()
+				.formLogin();
 	}
 
 }
diff --git a/src/main/java/yte/intern/security/service/CustomUserDetailsService.java b/src/main/java/yte/intern/security/service/CustomUserDetailsService.java
@@ -1,17 +1,20 @@
-package yte.intern.security.security;
+package yte.intern.security.service;
 
+import lombok.RequiredArgsConstructor;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.stereotype.Service;
-
-import java.util.ArrayList;
+import yte.intern.security.repository.UserRepository;
 
 @Service
+@RequiredArgsConstructor
 public class CustomUserDetailsService implements UserDetailsService {
 
+	private final UserRepository userRepository;
+
 	@Override
 	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
-		return new CustomUser(username,username,new ArrayList<>());
+		return userRepository.findByUsername(username);
 	}
 }
diff --git a/src/main/java/yte/intern/security/service/LoginService.java b/src/main/java/yte/intern/security/service/LoginService.java
@@ -0,0 +1,31 @@
+package yte.intern.security.service;
+
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.stereotype.Service;
+import yte.intern.security.dto.LoginRequest;
+
+@Service
+@RequiredArgsConstructor
+public class LoginService {
+
+	private final AuthenticationProvider authenticationProvider;
+
+	public String login(LoginRequest loginRequest) {
+		var authenticationToken = new UsernamePasswordAuthenticationToken(
+				loginRequest.getUsername(), loginRequest.getPassword());
+
+		try {
+			Authentication authenticaiton = authenticationProvider.authenticate(authenticationToken);
+
+			return "Başarıyla giriş yapıldı!";
+		} catch (AuthenticationException ex) {
+			ex.printStackTrace();
+		}
+
+		return "Girişte bir problem oldu!";
+	}
+}
diff --git a/src/main/java/yte/intern/security/service/UserService.java b/src/main/java/yte/intern/security/service/UserService.java
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties

Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,7 @@ public String user() {`
`19`	`19`	`}`
`20`	`20`
`21`	`21`	`@GetMapping("/admin")`
`22`		`- @PreAuthorize("hasAuthority('ADMIN') && hasRole('ADMIN')")`
	`22`	`+ @PreAuthorize("hasAuthority('ADMIN')")`
`23`	`23`	`public String admin() {`
`24`	`24`	`return "Ben adminim!";`
`25`	`25`	`}`