add WebSecurity

Author: LyamanNva

pom.xml

@@ -44,23 +44,39 @@
 		<dependency>
 			<groupId>mysql</groupId>
 			<artifactId>mysql-connector-java</artifactId>
-
+			<version>8.0.33</version>
 		</dependency>
-
-
+		<!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-security -->
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter-test</artifactId>
-			<scope>test</scope>
+			<artifactId>spring-boot-starter-security</artifactId>
 		</dependency>
 		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter-data-jpa</artifactId>
+			<groupId>io.jsonwebtoken</groupId>
+			<artifactId>jjwt-api</artifactId>
+			<version>0.11.5</version>
+		</dependency>
+		<dependency>
+			<groupId>io.jsonwebtoken</groupId>
+			<artifactId>jjwt-impl</artifactId>
+			<version>0.11.5</version>
+		</dependency>
+		<dependency>
+			<groupId>io.jsonwebtoken</groupId>
+			<artifactId>jjwt-jackson</artifactId>
+			<version>0.11.5</version>
 		</dependency>
+
+
+
+
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter-data-jpa</artifactId>
+			<artifactId>spring-boot-starter-test</artifactId>
+			<scope>test</scope>
 		</dependency>
+
+
 	</dependencies>
 
 	<build>

src/main/java/com/appsdeveloperblog/app/ws/mobile_app_ws/MobileAppWsApplication.java

@@ -2,6 +2,8 @@
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.context.annotation.Bean;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 
 @SpringBootApplication
 public class MobileAppWsApplication {
@@ -10,4 +12,8 @@ public static void main(String[] args) {
 		SpringApplication.run(MobileAppWsApplication.class, args);
 	}
 
+	@Bean
+	public BCryptPasswordEncoder bCryptPasswordEncoder(){
+		return new BCryptPasswordEncoder();
+	}
 }

src/main/java/com/appsdeveloperblog/app/ws/mobile_app_ws/UserRepository.java

@@ -6,5 +6,6 @@
 
 @Repository
 public interface UserRepository extends CrudRepository<UserEntity,Long> {
+    UserEntity findByEmail(String email);
 
 }

src/main/java/com/appsdeveloperblog/app/ws/mobile_app_ws/io/entity/UserEntity.java

@@ -30,8 +30,8 @@ public class UserEntity implements Serializable {
 
     private String emailVerificationToken;
 
-    @Column(nullable = false,columnDefinition = "boolean default false")
-    private Boolean emailVerificationStatus;
+    @Column(nullable = false)
+    private Boolean emailVerificationStatus=false;
 
     public long getId() {
         return id;

src/main/java/com/appsdeveloperblog/app/ws/mobile_app_ws/security/WebSecurity.java

@@ -0,0 +1,40 @@
+package com.appsdeveloperblog.app.ws.mobile_app_ws.security;
+
+import com.appsdeveloperblog.app.ws.mobile_app_ws.service.UserService;
+import org.springframework.context.annotation.Bean;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.web.SecurityFilterChain;
+
+@EnableWebSecurity
+public class WebSecurity{
+
+    private final UserService userDetailsService;
+    private final BCryptPasswordEncoder bCryptPasswordEncoder;
+
+    public WebSecurity(UserService userService, BCryptPasswordEncoder bCryptPasswordEncoder) {
+        this.userDetailsService = userService;
+        this.bCryptPasswordEncoder = bCryptPasswordEncoder;
+    }
+
+    @Bean
+    protected SecurityFilterChain configure(HttpSecurity http) throws Exception{
+
+        //Configure AuthenticationManagerBuilder
+        AuthenticationManagerBuilder authenticationManagerBuilder=
+                http.getSharedObject(AuthenticationManagerBuilder.class);
+
+        authenticationManagerBuilder.userDetailsService(userDetailsService)
+                .passwordEncoder(bCryptPasswordEncoder);
+
+
+
+        http.csrf().disable()
+                .authorizeRequests().antMatchers(HttpMethod.POST,"/users").permitAll()
+                .anyRequest().authenticated();
+        return http.build();
+    }
+}

src/main/java/com/appsdeveloperblog/app/ws/mobile_app_ws/service/UserService.java

@@ -1,7 +1,8 @@
 package com.appsdeveloperblog.app.ws.mobile_app_ws.service;
 
 import com.appsdeveloperblog.app.ws.mobile_app_ws.shared.dto.UserDto;
+import org.springframework.security.core.userdetails.UserDetailsService;
 
-public interface UserService {
+public interface UserService extends UserDetailsService {
     UserDto createUser(UserDto user);
 }

src/main/java/com/appsdeveloperblog/app/ws/mobile_app_ws/service/impl/UserServiceImpl.java

@@ -3,30 +3,50 @@
 import com.appsdeveloperblog.app.ws.mobile_app_ws.UserRepository;
 import com.appsdeveloperblog.app.ws.mobile_app_ws.io.entity.UserEntity;
 import com.appsdeveloperblog.app.ws.mobile_app_ws.service.UserService;
+import com.appsdeveloperblog.app.ws.mobile_app_ws.shared.Utils;
 import com.appsdeveloperblog.app.ws.mobile_app_ws.shared.dto.UserDto;
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.stereotype.Service;
 
 @Service
 public class UserServiceImpl implements UserService {
 
     @Autowired
     UserRepository userRepository;
+
+    @Autowired
+    Utils utils;
+
+    @Autowired
+    BCryptPasswordEncoder bCryptPasswordEncoder;
+
     @Override
     public UserDto createUser(UserDto user) {
 
-        UserEntity userEntity=new UserEntity();
-        BeanUtils.copyProperties(user,userEntity);
+        if (userRepository.findByEmail(user.getEmail()) != null) throw new RuntimeException("Record already exists");
 
-        userEntity.setEncryptedPassword("test");
-        userEntity.setUserId("testUserId");
+        UserEntity userEntity = new UserEntity();
+        BeanUtils.copyProperties(user, userEntity);
 
-        UserEntity storedUserDetails=userRepository.save(userEntity);
+        String publicUserId=utils.generateUserId(30);
 
-        UserDto returnValue=new UserDto();
-        BeanUtils.copyProperties(storedUserDetails,returnValue);
+        userEntity.setEncryptedPassword(bCryptPasswordEncoder.encode(user.getPassword()));
+        userEntity.setUserId(publicUserId);
+
+        UserEntity storedUserDetails = userRepository.save(userEntity);
+
+        UserDto returnValue = new UserDto();
+        BeanUtils.copyProperties(storedUserDetails, returnValue);
 
         return returnValue;
     }
+
+    @Override
+    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+        return null;
+    }
 }

src/main/java/com/appsdeveloperblog/app/ws/mobile_app_ws/shared/Utils.java

@@ -0,0 +1,26 @@
+package com.appsdeveloperblog.app.ws.mobile_app_ws.shared;
+
+import org.springframework.stereotype.Component;
+
+import java.security.SecureRandom;
+import java.util.Random;
+
+@Component
+public class Utils {
+    private final Random RANDOM = new SecureRandom();
+    private String ALPHABET = "012345789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+    private int ITERATIONS = 1000;
+    private final int KEY_LENGTH = 256;
+
+    public String generateUserId(int length) {
+        return generateRandomString(length);
+    }
+
+    private String generateRandomString(int length) {
+        StringBuilder returnValue = new StringBuilder(length);
+        for (int i = 0; i < length; i++) {
+            returnValue.append(ALPHABET.charAt(RANDOM.nextInt(ALPHABET.length())));
+        }
+        return new String(returnValue);
+    }
+}

src/main/java/com/appsdeveloperblog/app/ws/mobile_app_ws/shared/dto/UserDto.java

@@ -12,7 +12,7 @@ public class UserDto implements Serializable {
     private String password;
     private String encryptedPassword;
     private String emailVerificationToken;
-    private Boolean emailVerificationStatus;
+    private Boolean emailVerificationStatus=false;
 
     public long getId() {
         return id;

src/main/resources/application.properties

@@ -3,3 +3,5 @@ spring.datasource.username=root
 spring.datasource.password=root
 spring.datasource.url=jdbc:mysql://localhost:3306/photo_app
 spring.jpa.hibernate.ddl-auto=update
+spring.jpa.open-in-view=false
+