[security] Add SpringSecurity with Basic authorization

2025-02-19 15:57:42 +03:00 · 2025-02-19 15:57:42 +03:00 · 604166fbf8
commit 604166fbf8
parent d6ba2d4c29
2 changed files with 89 additions and 0 deletions
--- a/src/main/java/com/example/nto/security/SecurityConfig.java
+++ b/src/main/java/com/example/nto/security/SecurityConfig.java
@ -0,0 +1,52 @@
+package com.example.nto.security;
+
+import com.example.nto.service.DatabaseUserDetailsService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.util.matcher.RequestMatcher;
+import org.springframework.util.AntPathMatcher;
+
+@EnableWebSecurity
+public class SecurityConfig {
+
+    @Autowired
+    DatabaseUserDetailsService userDetailsService;
+
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
+        httpSecurity
+                .authorizeRequests(auth -> auth
+                        .antMatchers("/swagger-ui/**",
+                                "/swagger-ui.html",
+                                "/v3/**",
+                                "/test/**",
+                                "/h2-console/**").permitAll()
+                        .antMatchers("/api/admin/**").hasRole("ADMIN")
+                        .anyRequest().authenticated()
+                )
+                .csrf(AbstractHttpConfigurer::disable)
+                .httpBasic(Customizer.withDefaults())
+                .userDetailsService(userDetailsService)
+                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
+
+        return httpSecurity.build();
+    }
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder(8);
+    }
+}
--- a/src/main/java/com/example/nto/service/DatabaseUserDetailsService.java
+++ b/src/main/java/com/example/nto/service/DatabaseUserDetailsService.java
@ -0,0 +1,37 @@
+package com.example.nto.service;
+
+import com.example.nto.entity.Employee;
+import com.example.nto.repository.EmployeeRepository;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Service;
+
+import java.util.Collections;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+@Service
+public class DatabaseUserDetailsService implements UserDetailsService {
+    @Autowired
+    private EmployeeRepository employeeRepository;
+
+    @Override
+    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+        Logger.getGlobal().log(Level.INFO, "[ASD] " + username);
+        if (!employeeRepository.existsByLogin(username)) {
+            throw new UsernameNotFoundException("User with username " + username + "not found!");
+        }
+        Employee employee = employeeRepository.findByLogin(username)
+                .orElseThrow(() -> new UsernameNotFoundException("User with username " + username + "not found!"));
+
+        return new User(
+                employee.getLogin(),
+                employee.getHashedPassword(),
+                Collections.singletonList(new SimpleGrantedAuthority("ROLE_" + employee.getRole()))
+        );
+    }
+}