romanov73/ng-tracker
1
0
Fork 0
Code Issues 18 Pull Requests 4 Projects Releases Wiki Activity

add oauth2 google

Browse Source
This commit is contained in:
Anton Romanov 2019-11-27 19:41:10 +04:00
parent 71448364d7
commit ac55481bc6
12 changed files with 620 additions and 585 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
build.gradle
View File

@ -105,6 +105,9 @@ dependencies {
compile group: 'org.thymeleaf.extras', name: 'thymeleaf-extras-springsecurity5' compile group: 'org.thymeleaf.extras', name: 'thymeleaf-extras-springsecurity5'
compile group: 'com.fasterxml.jackson.module', name: 'jackson-module-afterburner' compile group: 'com.fasterxml.jackson.module', name: 'jackson-module-afterburner'
compile group: 'com.fasterxml.jackson.datatype', name: 'jackson-datatype-hibernate5' compile group: 'com.fasterxml.jackson.datatype', name: 'jackson-datatype-hibernate5'
compile group: 'org.springframework.security', name: 'spring-security-oauth2-client'
compile group: 'org.springframework.security', name: 'spring-security-oauth2-jose'
compile group: 'org.springframework.security.oauth.boot', name: 'spring-security-oauth2-autoconfigure'
compile group: 'org.postgresql', name: 'postgresql', version: '42.2.5' compile group: 'org.postgresql', name: 'postgresql', version: '42.2.5'

2
src/main/java/ru/ulstu/configuration/MvcConfiguration.java
View File

@ -9,7 +9,5 @@ public class MvcConfiguration implements WebMvcConfigurer {
@Override @Override
public void addViewControllers(ViewControllerRegistry registry) { public void addViewControllers(ViewControllerRegistry registry) {
registry.addRedirectViewController("/", "/index.xhtml"); registry.addRedirectViewController("/", "/index.xhtml");
registry.addRedirectViewController("/default", "/index.xhtml");
} }
} }

143
src/main/java/ru/ulstu/configuration/SecurityConfiguration.java
View File

@ -5,27 +5,48 @@ import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.BeanInitializationException; import org.springframework.beans.factory.BeanInitializationException;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value; import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.core.env.Environment;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.oauth2.client.CommonOAuth2Provider;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository;
import org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
import org.springframework.security.web.authentication.AuthenticationFailureHandler; import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler; import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler; import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import ru.ulstu.core.model.AuthFailureHandler; import ru.ulstu.core.model.AuthFailureHandler;
import ru.ulstu.user.controller.UserController;
import ru.ulstu.user.model.UserRoleConstants; import ru.ulstu.user.model.UserRoleConstants;
import ru.ulstu.user.service.UserService; import ru.ulstu.user.service.UserService;
import java.util.Arrays;
import java.util.List;
import java.util.stream.Collectors;
@Configuration @Configuration
@EnableWebSecurity @EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true) @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter { public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class); private final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class);
private static List<String> clients = Arrays.asList("google");
private static String CLIENT_PROPERTY_KEY
= "spring.security.oauth2.client.registration.";
@Autowired
private Environment env;
@Value("${server.http.port}") @Value("${server.http.port}")
private int httpPort; private int httpPort;
@ -54,6 +75,124 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
} }
@Override @Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf()
.disable();
if (applicationProperties.isDevMode()) {
log.debug("Security disabled");
http.authorizeRequests()
.anyRequest()
.permitAll();
http.anonymous()
.principal("admin")
.authorities(UserRoleConstants.ADMIN);
} else {
http.authorizeRequests()
.antMatchers("/login.xhtml", "/logout")
.permitAll()
.anyRequest()
.authenticated()
.and()
.formLogin()
.loginPage("/login.xhtml")
.successHandler(authenticationSuccessHandler)
.failureHandler(authenticationFailureHandler)
.permitAll()
.and()
.oauth2Login()
.loginPage("/login.xhtml")
.authorizationEndpoint()
.baseUri("/oauth2/authorize-client")
.authorizationRequestRepository(authorizationRequestRepository())
.and()
.tokenEndpoint()
.accessTokenResponseClient(accessTokenResponseClient())
.and()
.defaultSuccessUrl("/index.xhtml")
.failureUrl("/loginFailure")
.and()
.logout()
.logoutSuccessHandler(logoutSuccessHandler)
.logoutSuccessUrl(Constants.LOGOUT_URL)
.invalidateHttpSession(true)
.clearAuthentication(true)
.deleteCookies(Constants.COOKIES_NAME)
.permitAll();
http.csrf().disable();
}
if (applicationProperties.isUseHttps()) {
http.portMapper()
.http(httpPort)
.mapsTo(httpsPort)
.and()
.requiresChannel()
.anyRequest()
.requiresSecure();
}
}
@Bean
public AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository() {
return new HttpSessionOAuth2AuthorizationRequestRepository();
}
@Bean
public OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient() {
DefaultAuthorizationCodeTokenResponseClient accessTokenResponseClient = new DefaultAuthorizationCodeTokenResponseClient();
return accessTokenResponseClient;
}
//@Bean
public ClientRegistrationRepository clientRegistrationRepository() {
List<ClientRegistration> registrations = clients.stream()
.map(c -> getRegistration(c))
.filter(registration -> registration != null)
.collect(Collectors.toList());
return new InMemoryClientRegistrationRepository(registrations);
}
private ClientRegistration getRegistration(String client) {
String clientId = env.getProperty(CLIENT_PROPERTY_KEY + client + ".client-id");
if (clientId == null) {
return null;
}
String clientSecret = env.getProperty(CLIENT_PROPERTY_KEY + client + ".client-secret");
if (client.equals("google")) {
return CommonOAuth2Provider.GOOGLE.getBuilder(client)
.clientId(clientId)
.clientSecret(clientSecret)
.build();
}
return null;
}
@Override
public void configure(WebSecurity web) {
web.ignoring()
.antMatchers("/css/**")
.antMatchers("/javax.faces.resource/**")
.antMatchers("/js/**")
.antMatchers("/templates/**")
.antMatchers("/webjars/**")
.antMatchers("/img/**");
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) {
if (applicationProperties.isDevMode()) {
return;
}
try {
auth.userDetailsService(userService).passwordEncoder(bCryptPasswordEncoder);
} catch (Exception e) {
throw new BeanInitializationException("Security configuration failed", e);
}
}
/* @Override
protected void configure(HttpSecurity http) throws Exception { protected void configure(HttpSecurity http) throws Exception {
http.csrf() http.csrf()
.disable(); .disable();
@ -126,5 +265,5 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
} catch (Exception e) { } catch (Exception e) {
throw new BeanInitializationException("Security configuration failed", e); throw new BeanInitializationException("Security configuration failed", e);
} }
} }*/
} }

120
src/main/java/ru/ulstu/core/controller/AdviceController.java
View File

@ -1,120 +0,0 @@
package ru.ulstu.core.controller;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.validation.FieldError;
import org.springframework.web.bind.MethodArgumentNotValidException;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.ModelAttribute;
import ru.ulstu.core.error.EntityIdIsNullException;
import ru.ulstu.core.model.ErrorConstants;
import ru.ulstu.core.model.response.Response;
import ru.ulstu.core.model.response.ResponseExtended;
import ru.ulstu.user.error.UserActivationError;
import ru.ulstu.user.error.UserEmailExistsException;
import ru.ulstu.user.error.UserIdExistsException;
import ru.ulstu.user.error.UserIsUndeadException;
import ru.ulstu.user.error.UserLoginExistsException;
import ru.ulstu.user.error.UserNotActivatedException;
import ru.ulstu.user.error.UserPasswordsNotValidOrNotMatchException;
import ru.ulstu.user.error.UserResetKeyError;
import ru.ulstu.user.error.UserSendingMailException;
import ru.ulstu.user.service.UserService;
import java.util.Set;
import java.util.stream.Collectors;
@ControllerAdvice
public class AdviceController {
private final Logger log = LoggerFactory.getLogger(AdviceController.class);
private final UserService userService;
public AdviceController(UserService userService) {
this.userService = userService;
}
@ModelAttribute("currentUser")
public String getCurrentUser() {
return userService.getCurrentUser().getUserAbbreviate();
}
@ModelAttribute("flashMessage")
public String getFlashMessage() {
return null;
}
private Response<Void> handleException(ErrorConstants error) {
log.warn(error.toString());
return new Response<>(error);
}
private <E> ResponseExtended<E> handleException(ErrorConstants error, E errorData) {
log.warn(error.toString());
return new ResponseExtended<>(error, errorData);
}
@ExceptionHandler(EntityIdIsNullException.class)
public Response<Void> handleEntityIdIsNullException(Throwable e) {
return handleException(ErrorConstants.ID_IS_NULL);
}
@ExceptionHandler(MethodArgumentNotValidException.class)
public ResponseExtended<Set<String>> handleMethodArgumentNotValidException(MethodArgumentNotValidException e) {
final Set<String> errors = e.getBindingResult().getAllErrors().stream()
.filter(error -> error instanceof FieldError)
.map(error -> ((FieldError) error).getField())
.collect(Collectors.toSet());
return handleException(ErrorConstants.VALIDATION_ERROR, errors);
}
@ExceptionHandler(UserIdExistsException.class)
public Response<Void> handleUserIdExistsException(Throwable e) {
return handleException(ErrorConstants.USER_ID_EXISTS);
}
@ExceptionHandler(UserActivationError.class)
public ResponseExtended<String> handleUserActivationError(Throwable e) {
return handleException(ErrorConstants.USER_ACTIVATION_ERROR, e.getMessage());
}
@ExceptionHandler(UserLoginExistsException.class)
public ResponseExtended<String> handleUserLoginExistsException(Throwable e) {
return handleException(ErrorConstants.USER_LOGIN_EXISTS, e.getMessage());
}
@ExceptionHandler(UserEmailExistsException.class)
public ResponseExtended<String> handleUserEmailExistsException(Throwable e) {
return handleException(ErrorConstants.USER_EMAIL_EXISTS, e.getMessage());
}
@ExceptionHandler(UserPasswordsNotValidOrNotMatchException.class)
public Response<Void> handleUserPasswordsNotValidOrNotMatchException(Throwable e) {
return handleException(ErrorConstants.USER_PASSWORDS_NOT_VALID_OR_NOT_MATCH);
}
// @ExceptionHandler(UserNotFoundException.class)
// public ResponseExtended<String> handleUserNotFoundException(Throwable e) {
// return handleException(ErrorConstants.USER_NOT_FOUND, e.getMessage());
// }
@ExceptionHandler(UserNotActivatedException.class)
public Response<Void> handleUserNotActivatedException(Throwable e) {
return handleException(ErrorConstants.USER_NOT_ACTIVATED);
}
@ExceptionHandler(UserResetKeyError.class)
public ResponseExtended<String> handleUserResetKeyError(Throwable e) {
return handleException(ErrorConstants.USER_RESET_ERROR, e.getMessage());
}
@ExceptionHandler(UserIsUndeadException.class)
public ResponseExtended<String> handleUserIsUndeadException(Throwable e) {
return handleException(ErrorConstants.USER_UNDEAD_ERROR, e.getMessage());
}
@ExceptionHandler(UserSendingMailException.class)
public ResponseExtended<String> handleUserSendingMailException(Throwable e) {
return handleException(ErrorConstants.USER_SENDING_MAIL_EXCEPTION, e.getMessage());
}
}

23
src/main/java/ru/ulstu/index/controller/IndexController.java
View File

@ -1,23 +0,0 @@
package ru.ulstu.index.controller;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import ru.ulstu.core.controller.AdviceController;
import ru.ulstu.user.service.UserService;
import springfox.documentation.annotations.ApiIgnore;
@Controller()
@RequestMapping(value = "/index")
@ApiIgnore
public class IndexController extends AdviceController {
public IndexController(UserService userService) {
super(userService);
}
@GetMapping
public void currentUser(ModelMap modelMap) {
//нужен здесь для добавления параметров на стартовой странице
}
}

9
src/main/java/ru/ulstu/user/service/UserService.java
View File

@ -341,10 +341,13 @@ public class UserService implements UserDetailsService {
} }
public User getCurrentUser() { public User getCurrentUser() {
String login = UserUtils.getCurrentUserLogin(SecurityContextHolder.getContext()); String loginOrEmail = UserUtils.getCurrentUserLoginOrEmail(SecurityContextHolder.getContext());
User user = userRepository.findOneByLoginIgnoreCase(login); User user = userRepository.findOneByLoginIgnoreCase(loginOrEmail);
if (user == null) { if (user == null) {
throw new UserNotFoundException(login); user = userRepository.findOneByEmailIgnoreCase(loginOrEmail);
}
if (user == null) {
throw new UserNotFoundException(loginOrEmail);
} }
return user; return user;
} }

7
src/main/java/ru/ulstu/user/util/UserUtils.java
View File

@ -4,6 +4,7 @@ import org.apache.commons.lang3.RandomStringUtils;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext; import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
import ru.ulstu.configuration.Constants; import ru.ulstu.configuration.Constants;
public class UserUtils { public class UserUtils {
@ -17,7 +18,7 @@ public class UserUtils {
return RandomStringUtils.randomNumeric(DEF_COUNT); return RandomStringUtils.randomNumeric(DEF_COUNT);
} }
public static String getCurrentUserLogin(SecurityContext securityContext) { public static String getCurrentUserLoginOrEmail(SecurityContext securityContext) {
if (securityContext == null) { if (securityContext == null) {
return null; return null;
} }
@ -27,6 +28,10 @@ public class UserUtils {
final UserDetails springSecurityUser = (UserDetails) authentication.getPrincipal(); final UserDetails springSecurityUser = (UserDetails) authentication.getPrincipal();
return springSecurityUser.getUsername(); return springSecurityUser.getUsername();
} }
if (authentication.getPrincipal() instanceof DefaultOidcUser) {
final DefaultOidcUser oauth2User = (DefaultOidcUser) authentication.getPrincipal();
return oauth2User.getEmail();
}
if (authentication.getPrincipal() instanceof String) { if (authentication.getPrincipal() instanceof String) {
return (String) authentication.getPrincipal(); return (String) authentication.getPrincipal();
} }

2
src/main/resources/META-INF/resources/basicTemplate.xhtml
View File

@ -38,7 +38,7 @@
<p:menuitem value="Quit" url="http://www.primefaces.org" icon="pi pi-times"/> <p:menuitem value="Quit" url="http://www.primefaces.org" icon="pi pi-times"/>
<f:facet name="options"> <f:facet name="options">
<p:link href="/logout" value="Logout"/> <p:link href="/logout" value="Выход"/>
</f:facet> </f:facet>
</p:menubar> </p:menubar>
<div class="ui-fluid"> <div class="ui-fluid">

2
src/main/resources/META-INF/resources/login.xhtml
View File

@ -45,6 +45,8 @@
</tr> </tr>
<tr> <tr>
<td> <td>
<a href="oauth2/authorize-client/google"
class="list-group-item active">Войти с учетной записью Google</a>
</td> </td>
</tr> </tr>
</tbody> </tbody>

2
src/main/resources/application.properties
View File

@ -45,3 +45,5 @@ ng-tracker.debug_email=romanov73@gmail.com
ng-tracker.use-https=false ng-tracker.use-https=false
ng-tracker.check-run=false ng-tracker.check-run=false
ng-tracker.driver-path= ng-tracker.driver-path=
spring.security.oauth2.client.registration.google.client-id=128435862215-4ltm7dr6enb6sfll0qhkt6a1op9juve6.apps.googleusercontent.com
spring.security.oauth2.client.registration.google.client-secret=W_B-KMpqsSdKahqFxpuK4OoT

4
src/main/resources/templates/login.html
View File

@ -34,6 +34,10 @@
</div> </div>
</fieldset> </fieldset>
</form> </form>
<h3>Login with:</h3>
<p th:each="url : ${urls}">
<a th:text="${url.key}" th:href="${url.value}">Client</a>
</p>
</div> </div>
</div> </div>
</div> </div>

22
src/main/resources/templates/oauth_login.html Normal file
View File

@ -0,0 +1,22 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<title>Oauth2 Login</title>
<link rel="stylesheet"
href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.2/css/bootstrap.min.css"/>
</head>
<body>
<div class="container">
<div class="col-sm-3 well">
<h3>Login with:</h3>
<div class="list-group">
<p th:each="url : ${urls}">
<a th:text="${url.key}" th:href="${url.value}" class="list-group-item active">Client</a>
</p>
</div>
</div>
</div>
</body>
</html>