Security

api/src/main/java/cz/muni/fi/pa165/skupina06/team01/libraryinformationsystem/dto/CustomerDTO.java

@@ -25,6 +25,7 @@ public class CustomerDTO {
     private List<BookDTO> books;
     @JsonIgnoreProperties("customer")
     private List<LoanDTO> loans;
+    private boolean isAdmin = false;
 
     // Getters and Setters
 
@@ -83,6 +84,15 @@ public List<LoanDTO> getLoans() {
     public void setLoans(List<LoanDTO> loans) {
         this.loans = loans;
     }
+
+    public boolean isIsAdmin() {
+        return isAdmin;
+    }
+
+    public void setIsAdmin(boolean isAdmin) {
+        this.isAdmin = isAdmin;
+    }
+
 
     //HashCode and Equals
 
@@ -115,6 +125,12 @@ public boolean equals(Object obj) {
 
     @Override
     public String toString() {
+        String role = null;
+        if(isAdmin){
+            role = "ADMIN";
+        }else{
+            role="USER";
+        }
         return "CustomerDTO{" 
                 + "id=" + id 
                 + ", name=" 
@@ -123,7 +139,8 @@ public String toString() {
                 + login + ", password=" 
                 + password + ", books=" 
                 + books + ", loans=" 
-                + loans + '}';
+                + loans + ", role="
+                + role + '}';
     }
 
 

persistence/src/main/java/cz/muni/fi/pa165/skupina06/team01/libraryinformationsystem/entity/Customer.java

@@ -42,6 +42,9 @@ public class Customer {
 
     @OneToMany(mappedBy = "customer")
     private List<Loan> loans;
+
+    @Column(name = "isAdmin", nullable = false)
+    private boolean isAdmin = false;
 
     public Customer(String name, String surname, String login, String password) {
         this.name = name;
@@ -112,6 +115,15 @@ public List<Loan> getLoans() {
     public void setLoans(List<Loan> loans) {
         this.loans = loans;
     }
+
+    public boolean isIsAdmin() {
+        return isAdmin;
+    }
+
+    public void setIsAdmin(boolean isAdmin) {
+        this.isAdmin = isAdmin;
+    }
+
 
 
     @Override

rest/pom.xml

@@ -69,8 +69,24 @@
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
-            <version>2.9.7</version>
-</dependency>
+            <version>2.4.6</version>
+            <type>jar</type>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-core</artifactId>
+            <version>5.1.2.RELEASE</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-config</artifactId>
+            <version>5.1.2.RELEASE</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-web</artifactId>
+            <version>5.1.2.RELEASE</version>
+        </dependency>
     </dependencies>
 
 </project>

rest/src/main/java/cz/muni/fi/pa165/skupina06/team01/libraryinformationsystem/Config/Initializer.java

@@ -1,12 +1,9 @@
 package cz.muni.fi.pa165.skupina06.team01.libraryinformationsystem.Config;
-import javax.servlet.Filter;
+import cz.muni.fi.pa165.skupina06.team01.libraryinformationsystem.ApiContract;
 import javax.servlet.ServletContext;
 import javax.servlet.ServletException;
 
-import cz.muni.fi.pa165.skupina06.team01.libraryinformationsystem.ApiContract;
 import org.springframework.web.context.request.RequestContextListener;
-import org.springframework.web.filter.CharacterEncodingFilter;
-import org.springframework.web.filter.ShallowEtagHeaderFilter;
 import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;
 
 public class Initializer extends AbstractAnnotationConfigDispatcherServletInitializer{

rest/src/main/java/cz/muni/fi/pa165/skupina06/team01/libraryinformationsystem/CustomAuthenticationProvider.java

@@ -0,0 +1,60 @@
+/*
+ * To change this license header, choose License Headers in Project Properties.
+ * To change this template file, choose Tools | Templates
+ * and open the template in the editor.
+ */
+package cz.muni.fi.pa165.skupina06.team01.libraryinformationsystem;
+
+import cz.muni.fi.pa165.skupina06.team01.libraryinformationsystem.dto.CustomerDTO;
+import cz.muni.fi.pa165.skupina06.team01.libraryinformationsystem.facade.CustomerFacade;
+import java.util.ArrayList;
+import java.util.List;
+import javax.inject.Inject;
+import org.springframework.stereotype.Component;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+
+/**
+ *
+ * @author Anry
+ */
+@Component
+public class CustomAuthenticationProvider implements AuthenticationProvider {
+
+    @Inject
+    private CustomerFacade customerFacade;
+
+    @Override
+    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+        String username = authentication.getName();
+        String password = (String) authentication.getCredentials();
+
+        if (customerFacade.authenticate(username, password)) {
+            CustomerDTO user = customerFacade.findCustomerByLogin(username);
+
+            List<GrantedAuthority> grantedAuths = new ArrayList<>();
+            String str;
+            if(user.isIsAdmin()){
+                str = "ADMIN";
+            }else{
+                str = "USER";
+            }
+            grantedAuths.add(new SimpleGrantedAuthority("ROLE_" + str));
+
+            return new UsernamePasswordAuthenticationToken(username, password, grantedAuths);
+        } else {
+            throw new BadCredentialsException("Invalid password.");
+        }
+    }
+
+    @Override
+    public boolean supports(Class<?> authentication) {
+        return authentication.equals(UsernamePasswordAuthenticationToken.class);
+    }
+
+}

rest/src/main/java/cz/muni/fi/pa165/skupina06/team01/libraryinformationsystem/RestAuthenticationEntryPoint.java

@@ -0,0 +1,27 @@
+/*
+ * To change this license header, choose License Headers in Project Properties.
+ * To change this template file, choose Tools | Templates
+ * and open the template in the editor.
+ */
+package cz.muni.fi.pa165.skupina06.team01.libraryinformationsystem;
+
+import java.io.IOException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.stereotype.Component;
+
+/**
+ *
+ * @author Anry
+ */
+@Component
+public class RestAuthenticationEntryPoint implements AuthenticationEntryPoint {
+
+    @Override
+    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException {
+        response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized!");
+    }
+
+}

rest/src/main/java/cz/muni/fi/pa165/skupina06/team01/libraryinformationsystem/RestConfiguration.java

@@ -0,0 +1,74 @@
+/*
+ * To change this license header, choose License Headers in Project Properties.
+ * To change this template file, choose Tools | Templates
+ * and open the template in the editor.
+ */
+package cz.muni.fi.pa165.skupina06.team01.libraryinformationsystem;
+
+import com.fasterxml.jackson.databind.DeserializationFeature;
+import com.fasterxml.jackson.databind.MapperFeature;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.SerializationFeature;
+import cz.muni.fi.pa165.skupina06.team01.libraryinformationsystem.config.SampleDataConfiguration;
+import cz.muni.fi.pa165.skupina06.team01.libraryinformationsystem.config.ServiceConfig;
+import cz.muni.fi.pa165.skupina06.team01.libraryinformationsystem.controllers.LoansController;
+import java.text.SimpleDateFormat;
+import java.util.List;
+import java.util.Locale;
+import javax.validation.Validator;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Import;
+import org.springframework.http.converter.HttpMessageConverter;
+import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
+import org.springframework.validation.beanvalidation.LocalValidatorFactoryBean;
+import org.springframework.web.servlet.config.annotation.DefaultServletHandlerConfigurer;
+import org.springframework.web.servlet.config.annotation.EnableWebMvc;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
+
+/**
+ *
+ * @author Anry
+ */
+
+@Configuration
+@EnableWebMvc
+@Import({ServiceConfig.class, SampleDataConfiguration.class})
+@ComponentScan(basePackageClasses = {LoansController.class})
+public class RestConfiguration extends WebMvcConfigurerAdapter {
+
+    @Override
+    public void configureDefaultServletHandling(DefaultServletHandlerConfigurer configurer) {
+        configurer.enable();
+    }
+
+    @Override
+    public void configureMessageConverters(List<HttpMessageConverter<?>> converters) {
+        converters.add(customJackson2HttpMessageConverter());
+    }
+
+    private MappingJackson2HttpMessageConverter customJackson2HttpMessageConverter() {
+        MappingJackson2HttpMessageConverter jsonConverter = new MappingJackson2HttpMessageConverter();
+        ObjectMapper objectMapper = new ObjectMapper();
+        objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
+        objectMapper.disable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS);
+        objectMapper.setDateFormat(new SimpleDateFormat("yyyy-MM-dd HH:mm", Locale.ENGLISH));
+
+        /*objectMapper.addMixIn(AbilityDTO.class, AbilityDTOMixin.class);
+        objectMapper.addMixIn(GhostDTO.class, GhostDTOMixin.class);
+        objectMapper.addMixIn(HouseDTO.class, HouseDTOMixin.class);
+        objectMapper.addMixIn(PersonDTO.class, PersonDTOMixin.class);*/
+
+        objectMapper.disable(MapperFeature.DEFAULT_VIEW_INCLUSION);
+
+        jsonConverter.setObjectMapper(objectMapper);
+        return jsonConverter;
+    }
+
+    @Bean
+    public Validator validator() {
+        return new LocalValidatorFactoryBean();
+    }
+
+}

rest/src/main/java/cz/muni/fi/pa165/skupina06/team01/libraryinformationsystem/controllers/CustomersController.java

@@ -68,4 +68,26 @@ public final CustomerDTO getCustomer(@PathVariable("id") long id) throws Excepti
 
     }
 
+     /**
+     *
+     * getting customer according to id
+     * 
+     * @param login user identifier
+     * @return CustomerDTO
+     * @throws ResourceNotFoundException
+     */
+    @RequestMapping(value = "/{login}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE)
+    public final CustomerDTO isAdmin(@PathVariable("login") String login) throws Exception {
+
+        logger.debug("rest isAdmin({})", login);
+
+        try {
+            CustomerDTO customerDTO = customerFacade.findCustomerByLogin(login);
+            return customerDTO;
+        } catch (Exception ex) {
+            throw new ResourceNotFoundException();
+        }
+
+    }
+
 }

sample-data/src/main/java/cz/muni/fi/pa165/skupina06/team01/libraryinformationsystem/data/InitializerImpl.java

@@ -3,7 +3,6 @@
 
 import cz.muni.fi.pa165.skupina06.team01.libraryinformationsystem.entity.Book;
 import cz.muni.fi.pa165.skupina06.team01.libraryinformationsystem.entity.Customer;
-import cz.muni.fi.pa165.skupina06.team01.libraryinformationsystem.entity.Loan;
 import cz.muni.fi.pa165.skupina06.team01.libraryinformationsystem.enums.BookCondition;
 import cz.muni.fi.pa165.skupina06.team01.libraryinformationsystem.exceptions.BookNotAvailableException;
 import cz.muni.fi.pa165.skupina06.team01.libraryinformationsystem.service.BookService;
@@ -51,10 +50,10 @@ void loadBooks(){
     }
 
     void loadCustomers(){
-        createCustomer("Juraj", "Pokazil", "test123", "hunter2");
-        createCustomer("Michal", "Opravil", "repairman", "logmein");
-        createCustomer("Viktor", "Výmyselný", "uniquelogin", "asdf");
-        createCustomer("Jaroslav", "Počítal", "counter", "password");
+        createCustomer("Juraj", "Pokazil", "test123", "hunter2",false);
+        createCustomer("Michal", "Opravil", "repairman", "logmein",false);
+        createCustomer("Viktor", "Výmyselný", "uniquelogin", "asdf",false);
+        createCustomer("Jaroslav", "Počítal", "counter", "password",true);
     }
 
     void loadLoans(){
@@ -86,13 +85,14 @@ void createBook(String author, String title, String ISBN, BookCondition conditio
         bookService.createBook(book);
     }
 
-    void createCustomer(String name, String surname, String login, String password){
+    void createCustomer(String name, String surname, String login, String password, boolean isAdmin){
         Customer customer = new Customer();
 
         customer.setName(name);
         customer.setSurname(surname);
         customer.setLogin(login);
         customer.setPassword(password);
+        customer.setIsAdmin(isAdmin);
 
         customerService.registerCustomer(customer);
     }