diff --git a/api/src/main/java/cz/muni/fi/pa165/skupina06/team01/libraryinformationsystem/dto/CustomerDTO.java b/api/src/main/java/cz/muni/fi/pa165/skupina06/team01/libraryinformationsystem/dto/CustomerDTO.java index 98b4a0a..012a6f4 100644 --- a/api/src/main/java/cz/muni/fi/pa165/skupina06/team01/libraryinformationsystem/dto/CustomerDTO.java +++ b/api/src/main/java/cz/muni/fi/pa165/skupina06/team01/libraryinformationsystem/dto/CustomerDTO.java @@ -25,6 +25,7 @@ public class CustomerDTO { private List books; @JsonIgnoreProperties("customer") private List loans; + private boolean isAdmin = false; // Getters and Setters @@ -83,6 +84,15 @@ public List getLoans() { public void setLoans(List loans) { this.loans = loans; } + + public boolean isIsAdmin() { + return isAdmin; + } + + public void setIsAdmin(boolean isAdmin) { + this.isAdmin = isAdmin; + } + //HashCode and Equals @@ -115,6 +125,12 @@ public boolean equals(Object obj) { @Override public String toString() { + String role = null; + if(isAdmin){ + role = "ADMIN"; + }else{ + role="USER"; + } return "CustomerDTO{" + "id=" + id + ", name=" @@ -123,7 +139,8 @@ public String toString() { + login + ", password=" + password + ", books=" + books + ", loans=" - + loans + '}'; + + loans + ", role=" + + role + '}'; } diff --git a/persistence/src/main/java/cz/muni/fi/pa165/skupina06/team01/libraryinformationsystem/entity/Customer.java b/persistence/src/main/java/cz/muni/fi/pa165/skupina06/team01/libraryinformationsystem/entity/Customer.java index 887c351..2d64111 100644 --- a/persistence/src/main/java/cz/muni/fi/pa165/skupina06/team01/libraryinformationsystem/entity/Customer.java +++ b/persistence/src/main/java/cz/muni/fi/pa165/skupina06/team01/libraryinformationsystem/entity/Customer.java @@ -42,6 +42,9 @@ public class Customer { @OneToMany(mappedBy = "customer") private List loans; + + @Column(name = "isAdmin", nullable = false) + private boolean isAdmin = false; public Customer(String name, String surname, String login, String password) { this.name = name; @@ -112,6 +115,15 @@ public List getLoans() { public void setLoans(List loans) { this.loans = loans; } + + public boolean isIsAdmin() { + return isAdmin; + } + + public void setIsAdmin(boolean isAdmin) { + this.isAdmin = isAdmin; + } + @Override diff --git a/rest/pom.xml b/rest/pom.xml index 4529d93..bd2c25f 100644 --- a/rest/pom.xml +++ b/rest/pom.xml @@ -69,8 +69,24 @@ com.fasterxml.jackson.core jackson-databind - 2.9.7 - + 2.4.6 + jar + + + org.springframework.security + spring-security-core + 5.1.2.RELEASE + + + org.springframework.security + spring-security-config + 5.1.2.RELEASE + + + org.springframework.security + spring-security-web + 5.1.2.RELEASE + \ No newline at end of file diff --git a/rest/src/main/java/cz/muni/fi/pa165/skupina06/team01/libraryinformationsystem/Config/Initializer.java b/rest/src/main/java/cz/muni/fi/pa165/skupina06/team01/libraryinformationsystem/Config/Initializer.java index 0455435..d4c84df 100644 --- a/rest/src/main/java/cz/muni/fi/pa165/skupina06/team01/libraryinformationsystem/Config/Initializer.java +++ b/rest/src/main/java/cz/muni/fi/pa165/skupina06/team01/libraryinformationsystem/Config/Initializer.java @@ -1,12 +1,9 @@ package cz.muni.fi.pa165.skupina06.team01.libraryinformationsystem.Config; -import javax.servlet.Filter; +import cz.muni.fi.pa165.skupina06.team01.libraryinformationsystem.ApiContract; import javax.servlet.ServletContext; import javax.servlet.ServletException; -import cz.muni.fi.pa165.skupina06.team01.libraryinformationsystem.ApiContract; import org.springframework.web.context.request.RequestContextListener; -import org.springframework.web.filter.CharacterEncodingFilter; -import org.springframework.web.filter.ShallowEtagHeaderFilter; import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer; public class Initializer extends AbstractAnnotationConfigDispatcherServletInitializer{ diff --git a/rest/src/main/java/cz/muni/fi/pa165/skupina06/team01/libraryinformationsystem/CustomAuthenticationProvider.java b/rest/src/main/java/cz/muni/fi/pa165/skupina06/team01/libraryinformationsystem/CustomAuthenticationProvider.java new file mode 100644 index 0000000..0b94cbf --- /dev/null +++ b/rest/src/main/java/cz/muni/fi/pa165/skupina06/team01/libraryinformationsystem/CustomAuthenticationProvider.java @@ -0,0 +1,60 @@ +/* + * To change this license header, choose License Headers in Project Properties. + * To change this template file, choose Tools | Templates + * and open the template in the editor. + */ +package cz.muni.fi.pa165.skupina06.team01.libraryinformationsystem; + +import cz.muni.fi.pa165.skupina06.team01.libraryinformationsystem.dto.CustomerDTO; +import cz.muni.fi.pa165.skupina06.team01.libraryinformationsystem.facade.CustomerFacade; +import java.util.ArrayList; +import java.util.List; +import javax.inject.Inject; +import org.springframework.stereotype.Component; +import org.springframework.security.authentication.AuthenticationProvider; +import org.springframework.security.authentication.BadCredentialsException; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; + +/** + * + * @author Anry + */ +@Component +public class CustomAuthenticationProvider implements AuthenticationProvider { + + @Inject + private CustomerFacade customerFacade; + + @Override + public Authentication authenticate(Authentication authentication) throws AuthenticationException { + String username = authentication.getName(); + String password = (String) authentication.getCredentials(); + + if (customerFacade.authenticate(username, password)) { + CustomerDTO user = customerFacade.findCustomerByLogin(username); + + List grantedAuths = new ArrayList<>(); + String str; + if(user.isIsAdmin()){ + str = "ADMIN"; + }else{ + str = "USER"; + } + grantedAuths.add(new SimpleGrantedAuthority("ROLE_" + str)); + + return new UsernamePasswordAuthenticationToken(username, password, grantedAuths); + } else { + throw new BadCredentialsException("Invalid password."); + } + } + + @Override + public boolean supports(Class authentication) { + return authentication.equals(UsernamePasswordAuthenticationToken.class); + } + +} \ No newline at end of file diff --git a/rest/src/main/java/cz/muni/fi/pa165/skupina06/team01/libraryinformationsystem/RestAuthenticationEntryPoint.java b/rest/src/main/java/cz/muni/fi/pa165/skupina06/team01/libraryinformationsystem/RestAuthenticationEntryPoint.java new file mode 100644 index 0000000..63e0a04 --- /dev/null +++ b/rest/src/main/java/cz/muni/fi/pa165/skupina06/team01/libraryinformationsystem/RestAuthenticationEntryPoint.java @@ -0,0 +1,27 @@ +/* + * To change this license header, choose License Headers in Project Properties. + * To change this template file, choose Tools | Templates + * and open the template in the editor. + */ +package cz.muni.fi.pa165.skupina06.team01.libraryinformationsystem; + +import java.io.IOException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.web.AuthenticationEntryPoint; +import org.springframework.stereotype.Component; + +/** + * + * @author Anry + */ +@Component +public class RestAuthenticationEntryPoint implements AuthenticationEntryPoint { + + @Override + public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException { + response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized!"); + } + +} diff --git a/rest/src/main/java/cz/muni/fi/pa165/skupina06/team01/libraryinformationsystem/RestConfiguration.java b/rest/src/main/java/cz/muni/fi/pa165/skupina06/team01/libraryinformationsystem/RestConfiguration.java new file mode 100644 index 0000000..6124610 --- /dev/null +++ b/rest/src/main/java/cz/muni/fi/pa165/skupina06/team01/libraryinformationsystem/RestConfiguration.java @@ -0,0 +1,74 @@ +/* + * To change this license header, choose License Headers in Project Properties. + * To change this template file, choose Tools | Templates + * and open the template in the editor. + */ +package cz.muni.fi.pa165.skupina06.team01.libraryinformationsystem; + +import com.fasterxml.jackson.databind.DeserializationFeature; +import com.fasterxml.jackson.databind.MapperFeature; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.SerializationFeature; +import cz.muni.fi.pa165.skupina06.team01.libraryinformationsystem.config.SampleDataConfiguration; +import cz.muni.fi.pa165.skupina06.team01.libraryinformationsystem.config.ServiceConfig; +import cz.muni.fi.pa165.skupina06.team01.libraryinformationsystem.controllers.LoansController; +import java.text.SimpleDateFormat; +import java.util.List; +import java.util.Locale; +import javax.validation.Validator; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.ComponentScan; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Import; +import org.springframework.http.converter.HttpMessageConverter; +import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter; +import org.springframework.validation.beanvalidation.LocalValidatorFactoryBean; +import org.springframework.web.servlet.config.annotation.DefaultServletHandlerConfigurer; +import org.springframework.web.servlet.config.annotation.EnableWebMvc; +import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; + +/** + * + * @author Anry + */ + +@Configuration +@EnableWebMvc +@Import({ServiceConfig.class, SampleDataConfiguration.class}) +@ComponentScan(basePackageClasses = {LoansController.class}) +public class RestConfiguration extends WebMvcConfigurerAdapter { + + @Override + public void configureDefaultServletHandling(DefaultServletHandlerConfigurer configurer) { + configurer.enable(); + } + + @Override + public void configureMessageConverters(List> converters) { + converters.add(customJackson2HttpMessageConverter()); + } + + private MappingJackson2HttpMessageConverter customJackson2HttpMessageConverter() { + MappingJackson2HttpMessageConverter jsonConverter = new MappingJackson2HttpMessageConverter(); + ObjectMapper objectMapper = new ObjectMapper(); + objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false); + objectMapper.disable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS); + objectMapper.setDateFormat(new SimpleDateFormat("yyyy-MM-dd HH:mm", Locale.ENGLISH)); + + /*objectMapper.addMixIn(AbilityDTO.class, AbilityDTOMixin.class); + objectMapper.addMixIn(GhostDTO.class, GhostDTOMixin.class); + objectMapper.addMixIn(HouseDTO.class, HouseDTOMixin.class); + objectMapper.addMixIn(PersonDTO.class, PersonDTOMixin.class);*/ + + objectMapper.disable(MapperFeature.DEFAULT_VIEW_INCLUSION); + + jsonConverter.setObjectMapper(objectMapper); + return jsonConverter; + } + + @Bean + public Validator validator() { + return new LocalValidatorFactoryBean(); + } + +} \ No newline at end of file diff --git a/rest/src/main/java/cz/muni/fi/pa165/skupina06/team01/libraryinformationsystem/controllers/CustomersController.java b/rest/src/main/java/cz/muni/fi/pa165/skupina06/team01/libraryinformationsystem/controllers/CustomersController.java index b9d8f74..1ee4f81 100644 --- a/rest/src/main/java/cz/muni/fi/pa165/skupina06/team01/libraryinformationsystem/controllers/CustomersController.java +++ b/rest/src/main/java/cz/muni/fi/pa165/skupina06/team01/libraryinformationsystem/controllers/CustomersController.java @@ -68,4 +68,26 @@ public final CustomerDTO getCustomer(@PathVariable("id") long id) throws Excepti } + /** + * + * getting customer according to id + * + * @param login user identifier + * @return CustomerDTO + * @throws ResourceNotFoundException + */ + @RequestMapping(value = "/{login}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) + public final CustomerDTO isAdmin(@PathVariable("login") String login) throws Exception { + + logger.debug("rest isAdmin({})", login); + + try { + CustomerDTO customerDTO = customerFacade.findCustomerByLogin(login); + return customerDTO; + } catch (Exception ex) { + throw new ResourceNotFoundException(); + } + + } + } diff --git a/sample-data/src/main/java/cz/muni/fi/pa165/skupina06/team01/libraryinformationsystem/data/InitializerImpl.java b/sample-data/src/main/java/cz/muni/fi/pa165/skupina06/team01/libraryinformationsystem/data/InitializerImpl.java index 33e73e1..d5b626f 100644 --- a/sample-data/src/main/java/cz/muni/fi/pa165/skupina06/team01/libraryinformationsystem/data/InitializerImpl.java +++ b/sample-data/src/main/java/cz/muni/fi/pa165/skupina06/team01/libraryinformationsystem/data/InitializerImpl.java @@ -3,7 +3,6 @@ import cz.muni.fi.pa165.skupina06.team01.libraryinformationsystem.entity.Book; import cz.muni.fi.pa165.skupina06.team01.libraryinformationsystem.entity.Customer; -import cz.muni.fi.pa165.skupina06.team01.libraryinformationsystem.entity.Loan; import cz.muni.fi.pa165.skupina06.team01.libraryinformationsystem.enums.BookCondition; import cz.muni.fi.pa165.skupina06.team01.libraryinformationsystem.exceptions.BookNotAvailableException; import cz.muni.fi.pa165.skupina06.team01.libraryinformationsystem.service.BookService; @@ -51,10 +50,10 @@ void loadBooks(){ } void loadCustomers(){ - createCustomer("Juraj", "Pokazil", "test123", "hunter2"); - createCustomer("Michal", "Opravil", "repairman", "logmein"); - createCustomer("Viktor", "Výmyselný", "uniquelogin", "asdf"); - createCustomer("Jaroslav", "Počítal", "counter", "password"); + createCustomer("Juraj", "Pokazil", "test123", "hunter2",false); + createCustomer("Michal", "Opravil", "repairman", "logmein",false); + createCustomer("Viktor", "Výmyselný", "uniquelogin", "asdf",false); + createCustomer("Jaroslav", "Počítal", "counter", "password",true); } void loadLoans(){ @@ -86,13 +85,14 @@ void createBook(String author, String title, String ISBN, BookCondition conditio bookService.createBook(book); } - void createCustomer(String name, String surname, String login, String password){ + void createCustomer(String name, String surname, String login, String password, boolean isAdmin){ Customer customer = new Customer(); customer.setName(name); customer.setSurname(surname); customer.setLogin(login); customer.setPassword(password); + customer.setIsAdmin(isAdmin); customerService.registerCustomer(customer); }