Improved authentication - logout, accessdenied etc...

cypo721 · Jan 13, 2017 · ea1b85b · ea1b85b
1 parent e787c11
commit ea1b85b
Show file tree

Hide file tree

Showing 6 changed files with 44 additions and 24 deletions.
diff --git a/data/src/main/java/data/SampleDataLoadingFacadeImpl.java b/data/src/main/java/data/SampleDataLoadingFacadeImpl.java
@@ -54,6 +54,8 @@ public void loadData() throws IOException {
 
  User u = user("123456", "Luna", "Lovegood", "[email protected]", "800123456", new Date(), true);
  User u1 = user("123456", "Sme", "taky", "[email protected]", "800223456", new Date(), true);
+ User u3 = user("pwd", "Laszlo", "Admin", "[email protected]", "904355662", new Date(), true);
+ User u4 = user("pwd", "Fero", "Customer", "[email protected]", "903030132", new Date(), false);
 
  Revision r = revision(new Date(), m, u);
  Revision r1 = revision(new Date(), m , u);

diff --git a/web/pom.xml b/web/pom.xml
@@ -105,5 +105,10 @@
  <artifactId>spring-security-web</artifactId>
  <version>4.2.0.RELEASE</version>
  </dependency>
+ <dependency>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-taglibs</artifactId>
+ <version>4.0.0.RELEASE</version>
+ </dependency>
  </dependencies>
 </project>
diff --git a/web/src/main/java/controllers/HomeController.java b/web/src/main/java/controllers/HomeController.java
@@ -16,4 +16,9 @@ public class HomeController {
  public String home(Model model){
  return "home";
  }
+
+ @GetMapping("/accessdenied")
+ public String accessdenied(Model model){
+ return "accessDenied";
+ }
 }
diff --git a/web/src/main/java/security/AuthenticationProviderImpl.java b/web/src/main/java/security/AuthenticationProviderImpl.java
@@ -14,7 +14,7 @@
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.stereotype.Component;
 
-//@Component
+@Component
 public class AuthenticationProviderImpl implements AuthenticationProvider {
 
  @Inject
@@ -23,27 +23,27 @@ public class AuthenticationProviderImpl implements AuthenticationProvider {
  public Authentication authenticate(Authentication auth) throws AuthenticationException {
  String email = auth.getName();
 
- UserDTO user;
- 
+ UserDTO user;
+
  try {
- user = userFacade.findByEmail(email);
- }
- catch(Exception e)
- {
- throw new UsernameNotFoundException("Provide valid email: " + email);
- }
+ user = userFacade.findByEmail(email);
+ }
+ catch(Exception e)
+ {
+ throw new UsernameNotFoundException("Provide valid email: " + email);
+ }
 
  String password = (String) auth.getCredentials();
 
  if (!userFacade.authenticate(user, password)) {
  throw new BadCredentialsException("Provide valid email or password");
  }
 
- 
+
  List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList(user.getRole().toString());
  return new UsernamePasswordAuthenticationToken(email, password, authorities);
  }
- 
+
  public boolean supports(Class<?> auth) {
  return true;
  }

diff --git a/web/src/main/java/security/SecurityConfig.java b/web/src/main/java/security/SecurityConfig.java
@@ -30,15 +30,15 @@ public AuthenticationProvider authProvider(){
  @Override
  protected void configure(HttpSecurity http) throws Exception {
  http.authorizeRequests()
-// .antMatchers("/", "/home/", "/machine/","/login/").permitAll()
+// .antMatchers("/", "/home/", "/machine/","/login/", "/accessdenied").permitAll()
 // .antMatchers("/rental/list", "/revision/list").hasAnyAuthority("ADMIN", "CUSTOMER")
 // .antMatchers("/user/list", "/machine/edit/**", "/machine/new", "/rental/new").hasAuthority("ADMIN")
 // .anyRequest().authenticated()
-  .and()
+ .and()
  .formLogin()
-  .loginPage("/login")
-  .failureUrl("/login?error=invalid_attempt")
-  .usernameParameter("email").passwordParameter("password")
+ .loginPage("/login")
+ .failureUrl("/login?error=invalid_attempt")
+ .usernameParameter("email").passwordParameter("password")
  .permitAll()
  .and()
  .logout()

diff --git a/web/src/main/webapp/WEB-INF/tags/template.tag b/web/src/main/webapp/WEB-INF/tags/template.tag
@@ -8,6 +8,8 @@
 <%@ taglib prefix="c" uri="https://java.sun.com/jsp/jstl/core" %>
 <%@ taglib prefix="f" uri="https://java.sun.com/jsp/jstl/fmt" %>
 <%@ taglib prefix="spring" uri="https://www.springframework.org/tags" %>
+<%@ taglib prefix="sec" uri="https://www.springframework.org/security/tags" %>
+
 
 
 
@@ -32,15 +34,15 @@
 
 <%--<!-- navigation bar -->--%>
 <%--<nav class="navbar navbar-default">--%>
- <%--<div class="container-fluid">--%>
- <%--<!-- Brand and toggle get grouped for better mobile display -->--%>
+<%--<div class="container-fluid">--%>
+<%--<!-- Brand and toggle get grouped for better mobile display -->--%>
 
- <%--</div>--%>
+<%--</div>--%>
 <%--</nav>--%>
 
 <div class="container">
  <nav class="navbar navbar-inverse navbar-static-top">
- <div class="container-fluid">
+ <div class="container">
  <div class="navbar-header">
  <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar">
  <span class="sr-only">Toggle navigation</span>
@@ -57,16 +59,22 @@
  <li><a href="${pageContext.request.contextPath}/revision/">Revisions</a></li>
 
  <li><a href="${pageContext.request.contextPath}/rental/list">Rentals</a></li>
-
- <li><a href="${pageContext.request.contextPath}/user/list">Users</a></li>
- </ul>
- <ul class="nav navbar-nav navbar-right">
+
+ <li><a href="${pageContext.request.contextPath}/user/">Users</a></li>
+
  <li><a href="${pageContext.request.contextPath}/login">Login</a></li>
 
+ <li><a href="${pageContext.request.contextPath}/logout">Logout</a></li>
+
+
+
+
+
  </ul>
  </div><!--/.nav-collapse -->
  </div>
  </nav>
+ </a> <sec:authentication property="principal"/> </a>
 
  <c:if test="${not empty title}">
  <div class="page-header">