Initial Commit

Author: rajsingha

pom.xml

@@ -33,6 +33,16 @@
 			<artifactId>mysql-connector-java</artifactId>
 		</dependency>
 
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-security</artifactId>
+		</dependency>
+
+		<dependency>
+			<groupId>io.jsonwebtoken</groupId>
+			<artifactId>jjwt</artifactId>
+			<version>0.9.1</version>
+		</dependency>
 
 		<dependency>
 			<groupId>org.springframework.boot</groupId>

src/main/java/com/webservice/mobile/app/MobileAppWebServicesApplication.java

@@ -2,11 +2,20 @@
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.context.annotation.Bean;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+
 @SpringBootApplication
 public class MobileAppWebServicesApplication {
 
 	public static void main(String[] args) {
+
 		SpringApplication.run(MobileAppWebServicesApplication.class, args);
 	}
 
+	@Bean
+	public BCryptPasswordEncoder bCryptPasswordEncoder(){
+		return new BCryptPasswordEncoder();
+	}
+
 }

src/main/java/com/webservice/mobile/app/security/AuthenticationFilter.java

@@ -0,0 +1,69 @@
+package com.webservice.mobile.app.security;
+
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.webservice.mobile.app.ui.model.request.UserLoginRequestModel;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Date;
+
+public class AuthenticationFilter extends UsernamePasswordAuthenticationFilter {
+    private final AuthenticationManager authenticationManager;
+
+    public AuthenticationFilter(AuthenticationManager authenticationManager) {
+        this.authenticationManager = authenticationManager;
+    }
+
+    @Override
+    public Authentication attemptAuthentication(HttpServletRequest request,
+                                                HttpServletResponse response)
+            throws AuthenticationException {
+
+        try {
+            UserLoginRequestModel creds = new ObjectMapper()
+                    .readValue(request.getInputStream(),UserLoginRequestModel.class);
+
+            return authenticationManager.authenticate(
+                    new UsernamePasswordAuthenticationToken(creds.getEmail()
+                    ,creds.getPassword()
+                    ,new ArrayList<>())
+            );
+
+        } catch (IOException e) {
+            throw new RuntimeException(e);
+        }
+
+    }
+
+
+
+    @Override
+    protected void successfulAuthentication(HttpServletRequest request,
+                                            HttpServletResponse response,
+                                            FilterChain chain,
+                                            Authentication authResult)
+            throws IOException, ServletException {
+        String userName = ((User)authResult.getPrincipal()).getUsername();
+
+        String token = Jwts.builder()
+                .setSubject(userName)
+                .setExpiration(new Date(System.currentTimeMillis()+SecurityConstants.EXPIRATION_TIME))
+                .signWith(SignatureAlgorithm.HS512,SecurityConstants.TOKEN_SECRET)
+                .compact();
+
+        response.addHeader(SecurityConstants.HEADER_STRING,SecurityConstants.TOKEN_PREFIX+token);
+    }
+}

src/main/java/com/webservice/mobile/app/security/SecurityConstants.java

@@ -0,0 +1,9 @@
+package com.webservice.mobile.app.security;
+
+public class SecurityConstants {
+    public static final long EXPIRATION_TIME = 864000000; //Validity  10 Days
+    public static final String TOKEN_PREFIX = "Bearer";
+    public static final String HEADER_STRING = "Authorization";
+    public static final String SIGN_UP_URL = "/users";
+    public static final String TOKEN_SECRET = "jf9i4jgu83nfl0";
+}

src/main/java/com/webservice/mobile/app/security/WebSecurity.java

@@ -0,0 +1,33 @@
+package com.webservice.mobile.app.security;
+
+import com.webservice.mobile.app.service.UserService;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+
+@EnableWebSecurity
+public class WebSecurity extends WebSecurityConfigurerAdapter {
+    private final UserService userService;
+    private final BCryptPasswordEncoder bCryptPasswordEncoder;
+
+    public WebSecurity(UserService userService, BCryptPasswordEncoder bCryptPasswordEncoder) {
+        this.userService = userService;
+        this.bCryptPasswordEncoder = bCryptPasswordEncoder;
+    }
+
+    @Override
+    protected void configure(HttpSecurity httpSecurity)throws Exception{
+        httpSecurity.csrf().disable().authorizeRequests()
+                .antMatchers(HttpMethod.POST,SecurityConstants.SIGN_UP_URL)
+                .permitAll().anyRequest().authenticated().and()
+                .addFilter(new AuthenticationFilter(authenticationManager()));
+    }
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth.userDetailsService(userService).passwordEncoder(bCryptPasswordEncoder);
+    }
+}

src/main/java/com/webservice/mobile/app/service/UserService.java

@@ -1,7 +1,8 @@
 package com.webservice.mobile.app.service;
 
 import com.webservice.mobile.app.shared.dto.UserDTO;
+import org.springframework.security.core.userdetails.UserDetailsService;
 
-public interface UserService {
+public interface UserService extends UserDetailsService {
     UserDTO createUser(UserDTO userDTO);
 }

src/main/java/com/webservice/mobile/app/service/impl/UserServiceImpl.java

@@ -7,9 +7,15 @@
 import com.webservice.mobile.app.shared.dto.UserDTO;
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.stereotype.Service;
 import sun.rmi.runtime.Log;
 
+import java.util.ArrayList;
+
 @Service
 public class UserServiceImpl implements UserService {
 
@@ -19,6 +25,9 @@ public class UserServiceImpl implements UserService {
     @Autowired
     Utils utils;
 
+    @Autowired
+    BCryptPasswordEncoder bCryptPasswordEncoder;
+
     @Override
     public UserDTO createUser(UserDTO userDTO) {
 
@@ -31,12 +40,20 @@ public UserDTO createUser(UserDTO userDTO) {
 
         String autoGeneratedPublicUserID = utils.generateUserId(30);
         userEntity.setUserId(autoGeneratedPublicUserID);
-        userEntity.setEncryptedPassword("test");
+        userEntity.setEncryptedPassword(bCryptPasswordEncoder.encode(userDTO.getPassword()));
 
         UserEntity storedUSerDeatils =userRepository.save(userEntity);
         UserDTO returnValue = new UserDTO();
         BeanUtils.copyProperties(storedUSerDeatils,returnValue);
 
         return returnValue;
     }
+
+    @Override
+    public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException {
+        UserEntity userEntity= userRepository.findUserByEmail(email);
+        if (userEntity ==null)throw new UsernameNotFoundException(email);
+
+        return new User(userEntity.getEmail(),userEntity.getEncryptedPassword(),new ArrayList<>());
+    }
 }

src/main/java/com/webservice/mobile/app/ui/model/request/UserLoginRequestModel.java

@@ -0,0 +1,22 @@
+package com.webservice.mobile.app.ui.model.request;
+
+public class UserLoginRequestModel {
+    private String email;
+    private String password;
+
+    public String getEmail() {
+        return email;
+    }
+
+    public void setEmail(String email) {
+        this.email = email;
+    }
+
+    public String getPassword() {
+        return password;
+    }
+
+    public void setPassword(String password) {
+        this.password = password;
+    }
+}