add oauth2 google

build.gradle

@@ -105,6 +105,9 @@ dependencies {
     compile group: 'org.thymeleaf.extras', name: 'thymeleaf-extras-springsecurity5'
     compile group: 'com.fasterxml.jackson.module', name: 'jackson-module-afterburner'
     compile group: 'com.fasterxml.jackson.datatype', name: 'jackson-datatype-hibernate5'
+    compile group: 'org.springframework.security', name: 'spring-security-oauth2-client'
+    compile group: 'org.springframework.security', name: 'spring-security-oauth2-jose'
+    compile group: 'org.springframework.security.oauth.boot', name: 'spring-security-oauth2-autoconfigure'
 
     compile group: 'org.postgresql', name: 'postgresql', version: '42.2.5'
 

src/main/java/ru/ulstu/configuration/MvcConfiguration.java

@@ -9,7 +9,5 @@ public class MvcConfiguration implements WebMvcConfigurer {
     @Override
     public void addViewControllers(ViewControllerRegistry registry) {
         registry.addRedirectViewController("/", "/index.xhtml");
-        registry.addRedirectViewController("/default", "/index.xhtml");
-
     }
 }

src/main/java/ru/ulstu/configuration/SecurityConfiguration.java

@@ -5,27 +5,48 @@ import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.BeanInitializationException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.core.env.Environment;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.oauth2.client.CommonOAuth2Provider;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient;
+import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
+import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
+import org.springframework.security.oauth2.client.registration.ClientRegistration;
+import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
+import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
+import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository;
+import org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository;
+import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
 import ru.ulstu.core.model.AuthFailureHandler;
-import ru.ulstu.user.controller.UserController;
 import ru.ulstu.user.model.UserRoleConstants;
 import ru.ulstu.user.service.UserService;
 
+import java.util.Arrays;
+import java.util.List;
+import java.util.stream.Collectors;
+
 @Configuration
 @EnableWebSecurity
 @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
 public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
     private final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class);
+    private static List<String> clients = Arrays.asList("google");
+    private static String CLIENT_PROPERTY_KEY
+            = "spring.security.oauth2.client.registration.";
+
+    @Autowired
+    private Environment env;
 
     @Value("${server.http.port}")
     private int httpPort;
@@ -54,6 +75,124 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
     }
 
     @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.csrf()
+                .disable();
+        if (applicationProperties.isDevMode()) {
+            log.debug("Security disabled");
+            http.authorizeRequests()
+                    .anyRequest()
+                    .permitAll();
+            http.anonymous()
+                    .principal("admin")
+                    .authorities(UserRoleConstants.ADMIN);
+        } else {
+            http.authorizeRequests()
+                    .antMatchers("/login.xhtml", "/logout")
+                    .permitAll()
+                    .anyRequest()
+                    .authenticated()
+                    .and()
+                    .formLogin()
+                    .loginPage("/login.xhtml")
+                    .successHandler(authenticationSuccessHandler)
+                    .failureHandler(authenticationFailureHandler)
+                    .permitAll()
+                    .and()
+                    .oauth2Login()
+                    .loginPage("/login.xhtml")
+                    .authorizationEndpoint()
+                    .baseUri("/oauth2/authorize-client")
+                    .authorizationRequestRepository(authorizationRequestRepository())
+                    .and()
+                    .tokenEndpoint()
+                    .accessTokenResponseClient(accessTokenResponseClient())
+                    .and()
+                    .defaultSuccessUrl("/index.xhtml")
+                    .failureUrl("/loginFailure")
+                    .and()
+                    .logout()
+                    .logoutSuccessHandler(logoutSuccessHandler)
+                    .logoutSuccessUrl(Constants.LOGOUT_URL)
+                    .invalidateHttpSession(true)
+                    .clearAuthentication(true)
+                    .deleteCookies(Constants.COOKIES_NAME)
+                    .permitAll();
+            http.csrf().disable();
+        }
+        if (applicationProperties.isUseHttps()) {
+            http.portMapper()
+                    .http(httpPort)
+                    .mapsTo(httpsPort)
+                    .and()
+                    .requiresChannel()
+                    .anyRequest()
+                    .requiresSecure();
+        }
+    }
+
+    @Bean
+    public AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository() {
+        return new HttpSessionOAuth2AuthorizationRequestRepository();
+    }
+
+    @Bean
+    public OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient() {
+        DefaultAuthorizationCodeTokenResponseClient accessTokenResponseClient = new DefaultAuthorizationCodeTokenResponseClient();
+        return accessTokenResponseClient;
+    }
+
+    //@Bean
+    public ClientRegistrationRepository clientRegistrationRepository() {
+        List<ClientRegistration> registrations = clients.stream()
+                .map(c -> getRegistration(c))
+                .filter(registration -> registration != null)
+                .collect(Collectors.toList());
+
+        return new InMemoryClientRegistrationRepository(registrations);
+    }
+
+    private ClientRegistration getRegistration(String client) {
+        String clientId = env.getProperty(CLIENT_PROPERTY_KEY + client + ".client-id");
+
+        if (clientId == null) {
+            return null;
+        }
+
+        String clientSecret = env.getProperty(CLIENT_PROPERTY_KEY + client + ".client-secret");
+        if (client.equals("google")) {
+            return CommonOAuth2Provider.GOOGLE.getBuilder(client)
+                    .clientId(clientId)
+                    .clientSecret(clientSecret)
+                    .build();
+        }
+        return null;
+    }
+
+    @Override
+    public void configure(WebSecurity web) {
+        web.ignoring()
+                .antMatchers("/css/**")
+                .antMatchers("/javax.faces.resource/**")
+                .antMatchers("/js/**")
+                .antMatchers("/templates/**")
+                .antMatchers("/webjars/**")
+                .antMatchers("/img/**");
+    }
+
+    @Autowired
+    public void configureGlobal(AuthenticationManagerBuilder auth) {
+        if (applicationProperties.isDevMode()) {
+            return;
+        }
+        try {
+            auth.userDetailsService(userService).passwordEncoder(bCryptPasswordEncoder);
+        } catch (Exception e) {
+            throw new BeanInitializationException("Security configuration failed", e);
+        }
+    }
+
+   /* @Override
     protected void configure(HttpSecurity http) throws Exception {
         http.csrf()
                 .disable();
@@ -126,5 +265,5 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
         } catch (Exception e) {
             throw new BeanInitializationException("Security configuration failed", e);
         }
-    }
+    }*/
 }

src/main/java/ru/ulstu/core/controller/AdviceController.java

@@ -1,120 +0,0 @@
-package ru.ulstu.core.controller;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.validation.FieldError;
-import org.springframework.web.bind.MethodArgumentNotValidException;
-import org.springframework.web.bind.annotation.ControllerAdvice;
-import org.springframework.web.bind.annotation.ExceptionHandler;
-import org.springframework.web.bind.annotation.ModelAttribute;
-import ru.ulstu.core.error.EntityIdIsNullException;
-import ru.ulstu.core.model.ErrorConstants;
-import ru.ulstu.core.model.response.Response;
-import ru.ulstu.core.model.response.ResponseExtended;
-import ru.ulstu.user.error.UserActivationError;
-import ru.ulstu.user.error.UserEmailExistsException;
-import ru.ulstu.user.error.UserIdExistsException;
-import ru.ulstu.user.error.UserIsUndeadException;
-import ru.ulstu.user.error.UserLoginExistsException;
-import ru.ulstu.user.error.UserNotActivatedException;
-import ru.ulstu.user.error.UserPasswordsNotValidOrNotMatchException;
-import ru.ulstu.user.error.UserResetKeyError;
-import ru.ulstu.user.error.UserSendingMailException;
-import ru.ulstu.user.service.UserService;
-
-import java.util.Set;
-import java.util.stream.Collectors;
-
-@ControllerAdvice
-public class AdviceController {
-    private final Logger log = LoggerFactory.getLogger(AdviceController.class);
-    private final UserService userService;
-
-    public AdviceController(UserService userService) {
-        this.userService = userService;
-    }
-
-    @ModelAttribute("currentUser")
-    public String getCurrentUser() {
-        return userService.getCurrentUser().getUserAbbreviate();
-    }
-
-    @ModelAttribute("flashMessage")
-    public String getFlashMessage() {
-        return null;
-    }
-
-    private Response<Void> handleException(ErrorConstants error) {
-        log.warn(error.toString());
-        return new Response<>(error);
-    }
-
-    private <E> ResponseExtended<E> handleException(ErrorConstants error, E errorData) {
-        log.warn(error.toString());
-        return new ResponseExtended<>(error, errorData);
-    }
-
-    @ExceptionHandler(EntityIdIsNullException.class)
-    public Response<Void> handleEntityIdIsNullException(Throwable e) {
-        return handleException(ErrorConstants.ID_IS_NULL);
-    }
-
-    @ExceptionHandler(MethodArgumentNotValidException.class)
-    public ResponseExtended<Set<String>> handleMethodArgumentNotValidException(MethodArgumentNotValidException e) {
-        final Set<String> errors = e.getBindingResult().getAllErrors().stream()
-                .filter(error -> error instanceof FieldError)
-                .map(error -> ((FieldError) error).getField())
-                .collect(Collectors.toSet());
-        return handleException(ErrorConstants.VALIDATION_ERROR, errors);
-    }
-
-    @ExceptionHandler(UserIdExistsException.class)
-    public Response<Void> handleUserIdExistsException(Throwable e) {
-        return handleException(ErrorConstants.USER_ID_EXISTS);
-    }
-
-    @ExceptionHandler(UserActivationError.class)
-    public ResponseExtended<String> handleUserActivationError(Throwable e) {
-        return handleException(ErrorConstants.USER_ACTIVATION_ERROR, e.getMessage());
-    }
-
-    @ExceptionHandler(UserLoginExistsException.class)
-    public ResponseExtended<String> handleUserLoginExistsException(Throwable e) {
-        return handleException(ErrorConstants.USER_LOGIN_EXISTS, e.getMessage());
-    }
-
-    @ExceptionHandler(UserEmailExistsException.class)
-    public ResponseExtended<String> handleUserEmailExistsException(Throwable e) {
-        return handleException(ErrorConstants.USER_EMAIL_EXISTS, e.getMessage());
-    }
-
-    @ExceptionHandler(UserPasswordsNotValidOrNotMatchException.class)
-    public Response<Void> handleUserPasswordsNotValidOrNotMatchException(Throwable e) {
-        return handleException(ErrorConstants.USER_PASSWORDS_NOT_VALID_OR_NOT_MATCH);
-    }
-
-//    @ExceptionHandler(UserNotFoundException.class)
-//    public ResponseExtended<String> handleUserNotFoundException(Throwable e) {
-//        return handleException(ErrorConstants.USER_NOT_FOUND, e.getMessage());
-//    }
-
-    @ExceptionHandler(UserNotActivatedException.class)
-    public Response<Void> handleUserNotActivatedException(Throwable e) {
-        return handleException(ErrorConstants.USER_NOT_ACTIVATED);
-    }
-
-    @ExceptionHandler(UserResetKeyError.class)
-    public ResponseExtended<String> handleUserResetKeyError(Throwable e) {
-        return handleException(ErrorConstants.USER_RESET_ERROR, e.getMessage());
-    }
-
-    @ExceptionHandler(UserIsUndeadException.class)
-    public ResponseExtended<String> handleUserIsUndeadException(Throwable e) {
-        return handleException(ErrorConstants.USER_UNDEAD_ERROR, e.getMessage());
-    }
-
-    @ExceptionHandler(UserSendingMailException.class)
-    public ResponseExtended<String> handleUserSendingMailException(Throwable e) {
-        return handleException(ErrorConstants.USER_SENDING_MAIL_EXCEPTION, e.getMessage());
-    }
-}

src/main/java/ru/ulstu/index/controller/IndexController.java

@@ -1,23 +0,0 @@
-package ru.ulstu.index.controller;
-
-import org.springframework.stereotype.Controller;
-import org.springframework.ui.ModelMap;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.RequestMapping;
-import ru.ulstu.core.controller.AdviceController;
-import ru.ulstu.user.service.UserService;
-import springfox.documentation.annotations.ApiIgnore;
-
-@Controller()
-@RequestMapping(value = "/index")
-@ApiIgnore
-public class IndexController extends AdviceController {
-    public IndexController(UserService userService) {
-        super(userService);
-    }
-
-    @GetMapping
-    public void currentUser(ModelMap modelMap) {
-        //нужен здесь для добавления параметров на стартовой странице
-    }
-}

src/main/java/ru/ulstu/user/service/UserService.java

@@ -341,10 +341,13 @@ public class UserService implements UserDetailsService {
     }
 
     public User getCurrentUser() {
-        String login = UserUtils.getCurrentUserLogin(SecurityContextHolder.getContext());
-        User user = userRepository.findOneByLoginIgnoreCase(login);
+        String loginOrEmail = UserUtils.getCurrentUserLoginOrEmail(SecurityContextHolder.getContext());
+        User user = userRepository.findOneByLoginIgnoreCase(loginOrEmail);
         if (user == null) {
-            throw new UserNotFoundException(login);
+            user = userRepository.findOneByEmailIgnoreCase(loginOrEmail);
+        }
+        if (user == null) {
+            throw new UserNotFoundException(loginOrEmail);
         }
         return user;
     }

src/main/java/ru/ulstu/user/util/UserUtils.java

@@ -4,6 +4,7 @@ import org.apache.commons.lang3.RandomStringUtils;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
 import ru.ulstu.configuration.Constants;
 
 public class UserUtils {
@@ -17,7 +18,7 @@ public class UserUtils {
         return RandomStringUtils.randomNumeric(DEF_COUNT);
     }
 
-    public static String getCurrentUserLogin(SecurityContext securityContext) {
+    public static String getCurrentUserLoginOrEmail(SecurityContext securityContext) {
         if (securityContext == null) {
             return null;
         }
@@ -27,6 +28,10 @@ public class UserUtils {
             final UserDetails springSecurityUser = (UserDetails) authentication.getPrincipal();
             return springSecurityUser.getUsername();
         }
+        if (authentication.getPrincipal() instanceof DefaultOidcUser) {
+            final DefaultOidcUser oauth2User = (DefaultOidcUser) authentication.getPrincipal();
+            return oauth2User.getEmail();
+        }
         if (authentication.getPrincipal() instanceof String) {
             return (String) authentication.getPrincipal();
         }

src/main/resources/META-INF/resources/basicTemplate.xhtml

@@ -38,7 +38,7 @@
                     <p:menuitem value="Quit" url="http://www.primefaces.org" icon="pi pi-times"/>
 
                     <f:facet name="options">
-                        <p:link href="/logout" value="Logout"/>
+                        <p:link href="/logout" value="Выход"/>
                     </f:facet>
                 </p:menubar>
                 <div class="ui-fluid">

src/main/resources/META-INF/resources/login.xhtml

@@ -45,6 +45,8 @@
                         </tr>
                         <tr>
                             <td>
+                                <a href="oauth2/authorize-client/google"
+                                   class="list-group-item active">Войти с учетной записью Google</a>
                             </td>
                         </tr>
                         </tbody>

src/main/resources/application.properties

@@ -45,3 +45,5 @@ ng-tracker.debug_email=romanov73@gmail.com
 ng-tracker.use-https=false
 ng-tracker.check-run=false
 ng-tracker.driver-path=
+spring.security.oauth2.client.registration.google.client-id=128435862215-4ltm7dr6enb6sfll0qhkt6a1op9juve6.apps.googleusercontent.com
+spring.security.oauth2.client.registration.google.client-secret=W_B-KMpqsSdKahqFxpuK4OoT

src/main/resources/templates/login.html

@@ -34,6 +34,10 @@
                             </div>
                         </fieldset>
                     </form>
+                    <h3>Login with:</h3>
+                    <p th:each="url : ${urls}">
+                        <a th:text="${url.key}" th:href="${url.value}">Client</a>
+                    </p>
                 </div>
             </div>
         </div>

src/main/resources/templates/oauth_login.html

@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
+    <title>Oauth2 Login</title>
+    <link rel="stylesheet"
+          href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.2/css/bootstrap.min.css"/>
+</head>
+
+<body>
+<div class="container">
+    <div class="col-sm-3 well">
+        <h3>Login with:</h3>
+        <div class="list-group">
+            <p th:each="url : ${urls}">
+                <a th:text="${url.key}" th:href="${url.value}" class="list-group-item active">Client</a>
+            </p>
+        </div>
+    </div>
+</div>
+</body>
+</html>