Fix authentication manager recursion bug

Author: patrick-emmanuel

pom.xml

@@ -54,7 +54,17 @@
             <!--<artifactId>flyway-core</artifactId>-->
             <!--<version>4.2.0</version>-->
         <!--</dependency>-->
-        <!-- https://mvnrepository.com/artifact/org.hibernate/hibernate-search-orm -->
+        <!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-web -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+            <version>2.0.0.RELEASE</version>
+        </dependency>
+        <dependency>
+            <groupId>org.hibernate.validator</groupId>
+            <artifactId>hibernate-validator</artifactId>
+            <version>6.0.8.Final</version>
+        </dependency>
         <dependency>
             <groupId>org.hibernate</groupId>
             <artifactId>hibernate-search-orm</artifactId>

src/main/java/com/springboilerplate/springboilerplate/SpringBoilerplateApplication.java

@@ -5,8 +5,9 @@
 
 @SpringBootApplication
 public class SpringBoilerplateApplication {
-
 	public static void main(String[] args) {
 		SpringApplication.run(SpringBoilerplateApplication.class, args);
 	}
+
+
 }

src/main/java/com/springboilerplate/springboilerplate/app/auth/AuthController.java

@@ -3,25 +3,24 @@
 import com.springboilerplate.springboilerplate.app.user.User;
 import com.springboilerplate.springboilerplate.security.CustomUserService;
 import com.springboilerplate.springboilerplate.security.JwtTokenUtil;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.authentication.BadCredentialsException;
-import org.springframework.security.authentication.DisabledException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.*;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.validation.constraints.NotNull;
 
 @RestController
 public class AuthController {
 
+    Logger logger = LoggerFactory.getLogger(AuthController.class);
     @Value("${jwt.header}")
     private String tokenHeader;
     @Autowired
@@ -32,22 +31,26 @@ public class AuthController {
     private CustomUserService customUserService;
 
 
-    @RequestMapping(value = "user", method = RequestMethod.GET)
+    @GetMapping(value = "user")
     public User getAuthenticatedUser(HttpServletRequest request) {
         String token = request.getHeader(tokenHeader).substring(7);
+        logger.info("Retrieved token: '{}'", token);
         String username = jwtTokenUtil.getEmailFromToken(token);
+        logger.info("Retrieved user from token: '{}'", username);
         return customUserService.loadUserByUsername(username);
     }
 
-    @RequestMapping(value = "${jwt.route.authentication.path}", method = RequestMethod.POST)
+    @PostMapping(value = "${jwt.route.authentication.path}")
     public ResponseEntity<?> createAuthenticationToken(@RequestBody AccountCredentials accountCredentials) {
-        authenticate(accountCredentials);
-        final UserDetails userDetails = customUserService.loadUserByUsername(accountCredentials.getEmail());
+        authenticateUser(accountCredentials);
+        final User userDetails = customUserService.loadUserByUsername(accountCredentials.getEmail());
+        logger.info("Loaded user details: '{}' '{}'", userDetails);
         final String token = jwtTokenUtil.generateToken(userDetails);
+        logger.info("Generated token: '{}'", token);
         return ResponseEntity.ok(new JwtAuthenticationResponse(token));
     }
 
-    @RequestMapping(value = "${jwt.route.authentication.refresh}", method = RequestMethod.GET)
+    @GetMapping(value = "${jwt.route.authentication.refresh}")
     public ResponseEntity<?> refreshAndGetAuthenticationToken(HttpServletRequest request) {
         String authToken = request.getHeader(tokenHeader);
         final String token = authToken.substring(7);
@@ -61,8 +64,10 @@ public ResponseEntity<?> refreshAndGetAuthenticationToken(HttpServletRequest req
         }
     }
 
-    private void authenticate(@NotNull  AccountCredentials accountCredentials) {
+    private void authenticateUser(@NotNull  AccountCredentials accountCredentials) throws AuthenticationException{
         String email = accountCredentials.getEmail(), password = accountCredentials.getPassword();
+        logger.info("Authenticating with the following email and password: '{}' '{}'", email, password);
         authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(email, password));
+        logger.info("Authenticated with email: '{}' '{}'", email, password);
     }
 }

src/main/java/com/springboilerplate/springboilerplate/app/user/User.java

@@ -2,7 +2,9 @@
 
 import com.fasterxml.jackson.annotation.JsonFormat;
 import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.springboilerplate.springboilerplate.app.role.Role;
 import com.springboilerplate.springboilerplate.app.userRole.UserRole;
+import org.hibernate.Hibernate;
 import org.hibernate.annotations.Where;
 import org.hibernate.search.annotations.*;
 import org.hibernate.search.annotations.Index;
@@ -22,7 +24,7 @@
 import java.util.stream.Collectors;
 
 @Entity
-@Table(name="user")
+@Table(name="users")
 @Indexed
 @Where(clause = "deleted = false")
 public class User implements UserDetails{
@@ -117,7 +119,8 @@ public void setEmail(String email) {
         this.email = email;
     }
 
-    @OneToMany(mappedBy="user", orphanRemoval = true)
+
+    @OneToMany(mappedBy="user", orphanRemoval = true, fetch = FetchType.EAGER)
     public List<UserRole> getUserRoles() {
         return userRoles;
     }
@@ -165,6 +168,10 @@ public boolean isDeleted() {
         return deleted;
     }
 
+    public void setDeleted(boolean deleted) {
+        this.deleted = deleted;
+    }
+
     @Column(name = "last_login")
     @JsonFormat(pattern="yyyy-MM-dd HH:mm:ss")
     public LocalDateTime getLastLogin() {
@@ -175,18 +182,24 @@ public void setLastLogin(LocalDateTime lastLogin) {
         this.lastLogin = lastLogin;
     }
 
-    public void setDeleted(boolean deleted) {
-        this.deleted = deleted;
+    @Column(name = "last_password_reset_data")
+    @JsonIgnore
+    public Date getLastPasswordResetDate() {
+        return lastPasswordResetDate;
+    }
 
+    public void setLastPasswordResetDate(Date lastPasswordResetDate) {
+        this.lastPasswordResetDate = lastPasswordResetDate;
     }
 
     @Override
     @JsonIgnore
     @Transient
     public Collection<? extends GrantedAuthority> getAuthorities() {
-        return userRoles.stream()
-                .map(userRole -> (new SimpleGrantedAuthority(userRole.getRole().getName().name())))
-                .collect(Collectors.toList());
+        //Hibernate initialize because role on userRole is lazily loaded.
+        userRoles.forEach(userRole -> Hibernate.initialize(userRole.getRole()));
+        return userRoles.stream().map(userRole -> new SimpleGrantedAuthority(
+                        userRole.getRole().getName().name())).collect(Collectors.toList());
     }
 
     @Override
@@ -216,14 +229,4 @@ public boolean isAccountNonLocked() {
     public boolean isCredentialsNonExpired() {
         return true;
     }
-
-    @Column(name = "last_password_reset_data")
-    @JsonIgnore
-    public Date getLastPasswordResetDate() {
-        return lastPasswordResetDate;
-    }
-
-    public void setLastPasswordResetDate(Date lastPasswordResetDate) {
-        this.lastPasswordResetDate = lastPasswordResetDate;
-    }
 }

src/main/java/com/springboilerplate/springboilerplate/app/user/UserController.java

@@ -47,6 +47,6 @@ public ResponseEntity<?> searchUser(@RequestParam("keyword") String keyword) thr
 
     @GetMapping(path = "/hello")
     public String getHello(){
-        return "hello";
+        return "hey!";
     }
 }

src/main/java/com/springboilerplate/springboilerplate/app/user/UserServiceImpl.java

@@ -8,6 +8,7 @@
         import com.springboilerplate.springboilerplate.app.userRole.UserRoleRepository;
         import com.springboilerplate.springboilerplate.exceptions.RoleDoesNotExistException;
         import org.springframework.beans.factory.annotation.Autowired;
+        import org.springframework.security.crypto.password.PasswordEncoder;
         import org.springframework.stereotype.Service;
 
         import java.util.Optional;
@@ -17,21 +18,24 @@
 public class UserServiceImpl implements UserService{
     private RoleRepository roleRepository;
     private UserRepository userRepository;
-    private UserRoleRepository userRoleRepository;
     private UserDtoMapper userDtoMapper;
+    private PasswordEncoder passwordEncoder;
 
     @Autowired
     public UserServiceImpl(RoleRepository roleRepository,
-                           UserRepository userRepository, UserRoleRepository userRoleRepository, UserDtoMapper userDtoMapper) {
+                           UserRepository userRepository,
+                           UserDtoMapper userDtoMapper,
+                           PasswordEncoder passwordEncoder) {
         this.roleRepository = roleRepository;
         this.userRepository = userRepository;
-        this.userRoleRepository = userRoleRepository;
         this.userDtoMapper = userDtoMapper;
+        this.passwordEncoder = passwordEncoder;
     }
 
     @Override
     public User saveUser(UserDto userDto, RoleType roleType) {
         User user = userDtoMapper.toUser(userDto);
+        user.setPassword(passwordEncoder.encode(userDto.getPassword()));
         return setUserRole(user, roleType);
     }
 

src/main/java/com/springboilerplate/springboilerplate/app/userRole/UserRole.java

@@ -20,12 +20,12 @@ public class UserRole {
 
     @NotNull
     @JoinColumn(name="user_id")
-    @ManyToOne
+    @ManyToOne(cascade = {CascadeType.PERSIST, CascadeType.DETACH, CascadeType.REFRESH, CascadeType.MERGE})
     private User user;
 
     @NotNull
     @JoinColumn(name="role_id")
-    @ManyToOne
+    @ManyToOne(cascade = {CascadeType.PERSIST, CascadeType.DETACH, CascadeType.REFRESH, CascadeType.MERGE})
     private Role role;
 
     public UserRole() {

src/main/java/com/springboilerplate/springboilerplate/config/WebSecurityConfig.java

@@ -27,9 +27,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
     private JwtAuthenticationEntryPoint unauthorizedHandler;
     @Autowired
     private JwtTokenUtil jwtTokenUtil;
-
     @Autowired
-    private CustomUserDetailsService customUserDetailsService;
+    private JwtUserDetailsService customUserService;
 
     @Value("${jwt.header}")
     private String tokenHeader;
@@ -39,13 +38,13 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
     @Autowired
     public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
-        auth.userDetailsService(customUserDetailsService)
+        auth.userDetailsService(customUserService)
                 .passwordEncoder(passwordEncoder());
     }
 
     @Bean
-    @Autowired
-    public AuthenticationManager authenticationManager() throws Exception {
+    @Override
+    public AuthenticationManager authenticationManagerBean() throws Exception {
         return super.authenticationManagerBean();
     }
 
@@ -66,7 +65,9 @@ protected void configure(HttpSecurity httpSecurity) throws Exception {
                 // Un-secure H2 Database
                 .antMatchers("/h2-console/**/**").permitAll()
                 .antMatchers("/auth/**").permitAll()
+                .antMatchers("/v1/users/**").permitAll()
                 .antMatchers("/actuator/**").permitAll()
+                .antMatchers(HttpMethod.POST, "/v1/users/register").permitAll()
                 .anyRequest().authenticated();
 
         // Custom JWT based security filter

src/main/java/com/springboilerplate/springboilerplate/constants/EnvironmentConstants.java

@@ -74,4 +74,11 @@ public ResponseEntity<Object> handleSendingTokenException(SendingTokenException
         ApiError apiError = new ApiError(HttpStatus.INTERNAL_SERVER_ERROR, ex.getMessage(), error);
         return new ResponseEntity<>(apiError, apiError.getStatus());
     }
+
+    @ExceptionHandler({RoleDoesNotExistException.class})
+    public ResponseEntity<Object> handleRoleDoesNotExistException(RoleDoesNotExistException ex, WebRequest webRequest){
+        String error = ex.getMessage();
+        ApiError apiError = new ApiError(HttpStatus.NOT_FOUND, ex.getMessage(), error);
+        return new ResponseEntity<>(apiError, apiError.getStatus());
+    }
 }