Merge branch 'user/authorization'

Author: bjpaul

build.gradle

@@ -30,8 +30,5 @@ dependencies {
 	compile('org.springframework.boot:spring-boot-starter-data-jpa')
 	compile('org.springframework.boot:spring-boot-starter-web')
 	compile('org.springframework.boot:spring-boot-starter-security')
-	compile('org.springframework.session:spring-session')
-	
-	testCompile('org.springframework.boot:spring-boot-starter-test')
 	runtime('mysql:mysql-connector-java:5.1.13')
 }

src/main/java/org/basic/spring/security/rest/Application.java

@@ -0,0 +1,15 @@
+package org.basic.spring.security.rest;
+
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class Application {
+
+	
+	public static void main(String[] args) {
+		SpringApplication.run(Application.class, args);
+		
+	}
+}

src/main/java/org/basic/spring/security/rest/config/ApiSecurityConfig.java

@@ -0,0 +1,55 @@
+package org.basic.spring.security.rest.config;
+
+import org.basic.spring.security.rest.enums.Authoritiy;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.web.access.AccessDeniedHandler;
+import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
+
+/**
+ * This application is secured at both the URL level for some parts, and the
+ * method level for other parts. The URL security is shown inside this code,
+ * while method-level annotations are enabled at by
+ * {@link EnableGlobalMethodSecurity}.
+ *
+ * @author Bijoy Paul
+ */
+@Configuration
+@EnableWebSecurity
+public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {
+
+	@Autowired
+	private BasicAuthenticationEntryPoint entryPoint;
+
+	@Autowired
+	private AccessDeniedHandler handler;
+
+	@Autowired
+	private UserDetailsService userDetailsService;
+
+	@Autowired
+	public void configureGlobalSecurity(AuthenticationManagerBuilder auth)
+			throws Exception {
+		auth.userDetailsService(userDetailsService);
+	}
+
+	@Override
+	protected void configure(HttpSecurity http) throws Exception {
+		
+		 http.csrf().disable()
+         .authorizeRequests()
+         .antMatchers("/user/count").permitAll()
+         .antMatchers("/user/profile").hasRole(Authoritiy.USER.toString())
+         .antMatchers("/user/**").hasRole(Authoritiy.ADMIN.toString())
+         .and()
+         .httpBasic().authenticationEntryPoint(entryPoint)
+         .and()
+         .exceptionHandling().accessDeniedHandler(handler);
+	}
+}

src/main/java/org/basic/spring/security/rest/controller/UserController.java

@@ -0,0 +1,118 @@
+package org.basic.spring.security.rest.controller;
+
+import java.security.Principal;
+
+import org.basic.spring.security.rest.dto.entity.user.AuthenticationDto;
+import org.basic.spring.security.rest.dto.entity.user.UserDto;
+import org.basic.spring.security.rest.dto.entity.user.UserList;
+import org.basic.spring.security.rest.dto.response.AbstractResponseDto;
+import org.basic.spring.security.rest.service.UserManagedService;
+import org.basic.spring.security.rest.util.ResponseUtil;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+public class UserController {
+	
+    @Autowired
+    UserManagedService userService;  //Service which will do all data retrieval/manipulation work
+ 
+    //-------------------User Profile Detail--------------------------------------------------------
+    
+    @RequestMapping(value = "/user/profile", method = RequestMethod.GET)
+    public HttpEntity<AbstractResponseDto> profileDetail(Principal principal) {
+    	UserDto user = userService.findByUsername(principal.getName());
+        return ResponseUtil.success().body(user).send(HttpStatus.OK);
+    }
+    
+    //-------------------Count user--------------------------------------------------------
+    
+    @RequestMapping(value = "/user/count", method = RequestMethod.GET)
+    public HttpEntity<AbstractResponseDto> userCout() {
+    	
+        return ResponseUtil.success().body(userService.count()).send(HttpStatus.OK);
+    }
+    
+    //-------------------Retrieve All Users--------------------------------------------------------
+     
+    @RequestMapping(value = "/user/", method = RequestMethod.GET)
+    public HttpEntity<AbstractResponseDto> listAllUsers() {
+        UserList users = userService.findAllUsers();
+        if(users.getUserList().isEmpty()){
+            return ResponseUtil.error().message("No data found").send(HttpStatus.NOT_FOUND);
+        }
+        return ResponseUtil.success().body(users).message("User list fetched successfully !!!").send(HttpStatus.OK);
+    }
+ 
+ 
+    //-------------------Retrieve Single User--------------------------------------------------------
+     
+    @RequestMapping(value = "/user/{id}", method = RequestMethod.GET)
+    public ResponseEntity<AbstractResponseDto> getUser(@PathVariable("id") long id) {
+        UserDto user = userService.findById(id);
+        if (user == null) {
+        	return ResponseUtil.error().message("No data found").send(HttpStatus.NOT_FOUND);
+        }
+        return ResponseUtil.success().body(user).message("User fetched successfully !!!").send(HttpStatus.OK);
+    }
+ 
+     
+     
+    //-------------------Create a User--------------------------------------------------------
+     
+    @RequestMapping(value = "/user/", method = RequestMethod.POST)
+    public ResponseEntity<AbstractResponseDto> createUser(@RequestBody AuthenticationDto user) {
+ 
+        userService.saveUser(user);
+ 
+        return ResponseUtil.success().body(user.detail()).message("User created successfully !!!").send(HttpStatus.CREATED);
+    }
+ 
+     
+    //------------------- Update a User --------------------------------------------------------
+     
+    @RequestMapping(value = "/user/{id}", method = RequestMethod.PUT)
+    public ResponseEntity<AbstractResponseDto> updateUser(@PathVariable("id") long id, @RequestBody UserDto user) {
+         
+        UserDto currentUser = userService.findById(id);
+         
+        if (currentUser==null) {
+            return ResponseUtil.error().message("User with id " + id + " not found").send(HttpStatus.NOT_FOUND);
+        }
+        
+        userService.updateUser(currentUser, user);
+        return ResponseUtil.success().body(currentUser).message("User updated successfully !!!").send(HttpStatus.OK);
+    }
+ 
+    //------------------- Delete a User --------------------------------------------------------
+     
+    @RequestMapping(value = "/user/{id}", method = RequestMethod.DELETE)
+    public ResponseEntity<AbstractResponseDto> deleteUser(@PathVariable("id") long id) {
+ 
+        UserDto user = userService.findById(id);
+        if (user == null) {
+            System.out.println("Unable to delete. User with id " + id + " not found");
+            return ResponseUtil.error().message("Unable to delete. User with id " + id + " not found").send(HttpStatus.NOT_FOUND);
+        }
+ 
+        userService.deleteUserById(id);
+        return ResponseUtil.success().body(user).message("User deleted successfully !!!").send(HttpStatus.OK);
+    }
+ 
+     
+    //------------------- Delete All Users --------------------------------------------------------
+     
+    @RequestMapping(value = "/user/", method = RequestMethod.DELETE)
+    public ResponseEntity<AbstractResponseDto> deleteAllUsers() {
+ 
+        userService.deleteAllUsers();
+        return ResponseUtil.success().body(new UserList()).message("All User deleted successfully !!!").send(HttpStatus.OK);
+    }
+}

src/main/java/org/basic/spring/security/rest/domain/Authentication.java

@@ -0,0 +1,78 @@
+package org.basic.spring.security.rest.domain;
+
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.persistence.CascadeType;
+import javax.persistence.Entity;
+import javax.persistence.FetchType;
+import javax.persistence.Id;
+import javax.persistence.JoinColumn;
+import javax.persistence.JoinTable;
+import javax.persistence.ManyToMany;
+
+@Entity
+public class Authentication {
+
+	@Id
+	private String username;
+	private String password;
+    @ManyToMany(fetch = FetchType.EAGER, cascade = CascadeType.ALL)
+    @JoinTable(
+            joinColumns = @JoinColumn(name = "user_id"), inverseJoinColumns = @JoinColumn(name = "role_id")
+    )
+    private Set<Role> roles;
+    public Authentication(){}
+    
+	public Authentication(String username, String password, Set<Role> roles){
+		this.username = username;
+		this.password = password;
+		this.roles = roles;
+	}
+	
+	
+	public String getUsername() {
+		return username;
+	}
+	public void setUsername(String username) {
+		this.username = username;
+	}
+	public String getPassword() {
+		return password;
+	}
+	public void setPassword(String password) {
+		this.password = password;
+	}
+	
+	public Set<Role> getRoles() {
+        return roles;
+    }
+
+    public void setRoles(Set<Role> roles) {
+        this.roles = roles;
+    }
+    
+    public void addRole(Role role) {
+        Set<Role> roles = this.getRoles();
+        if (roles == null) {
+            roles = new HashSet<Role>();
+            this.setRoles(roles);
+        }
+        roles.add(role);
+
+        Set<Authentication> users = role.getUsers();
+        if (users == null) {
+            users = new HashSet<Authentication>();
+            role.setUsers(users);
+        }
+        users.add(this);
+
+    }
+    
+	@Override
+	public String toString() {
+		return "User [username=" + username + ", password=" + password + "]";
+	}
+	
+	
+}

src/main/java/org/basic/spring/security/rest/domain/Role.java

@@ -0,0 +1,57 @@
+package org.basic.spring.security.rest.domain;
+
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.persistence.*;
+
+@Entity
+public class Role {
+	
+	@Id
+	@GeneratedValue(strategy = GenerationType.AUTO)
+	private Long id;
+	
+	@Column(unique= true)
+	private String authority;
+	
+	@ManyToMany(mappedBy = "roles", fetch = FetchType.LAZY)
+	private Set<Authentication> users;
+	
+	public Role(){}
+	
+	public Role(String authority){
+		this.authority = authority;
+	}
+	
+	public Long getId() {
+		return id;
+	}
+	
+	public String getAuthority() {
+		return authority;
+	}
+	public void setAuthority(String authority) {
+		this.authority = authority;
+	}
+	public Set<Authentication> getUsers() {
+		return users;
+	}
+	public void setUsers(Set<Authentication> users) {
+		this.users = users;
+	}
+	public void addUser(Authentication user){
+		Set<Role> roles = user.getRoles();
+		if(roles == null){
+			roles = new HashSet<Role>();
+			user.setRoles(roles);
+		}
+		roles.add(this);
+		Set<Authentication> users = this.getUsers();
+		if(users == null){
+			users = new HashSet<Authentication>();
+			this.setUsers(users);
+		}
+		users.add(user);
+	}
+}