├── .idea ├── .gitignore ├── compiler.xml ├── encodings.xml ├── google-java-format.xml ├── jarRepositories.xml ├── jpa-buddy.xml ├── libraries │ ├── Maven__antlr_antlr_2_7_7.xml │ ├── Maven__ch_qos_logback_logback_classic_1_2_11.xml │ ├── Maven__ch_qos_logback_logback_core_1_2_11.xml │ ├── Maven__com_fasterxml_classmate_1_5_1.xml │ ├── Maven__com_fasterxml_jackson_core_jackson_annotations_2_13_4.xml │ ├── Maven__com_fasterxml_jackson_core_jackson_core_2_13_4.xml │ ├── Maven__com_fasterxml_jackson_core_jackson_databind_2_13_4_2.xml │ ├── Maven__com_fasterxml_jackson_datatype_jackson_datatype_jdk8_2_13_4.xml │ ├── Maven__com_fasterxml_jackson_datatype_jackson_datatype_jsr310_2_13_4.xml │ ├── Maven__com_fasterxml_jackson_module_jackson_module_parameter_names_2_13_4.xml │ ├── Maven__com_github_stephenc_jcip_jcip_annotations_1_0_1.xml │ ├── Maven__com_h2database_h2_2_1_214.xml │ ├── Maven__com_jayway_jsonpath_json_path_2_7_0.xml │ ├── Maven__com_nimbusds_nimbus_jose_jwt_9_22.xml │ ├── Maven__com_sun_activation_jakarta_activation_1_2_2.xml │ ├── Maven__com_sun_istack_istack_commons_runtime_3_0_12.xml │ ├── Maven__com_vaadin_external_google_android_json_0_0_20131108_vaadin1.xml │ ├── Maven__com_zaxxer_HikariCP_4_0_3.xml │ ├── Maven__jakarta_activation_jakarta_activation_api_1_2_2.xml │ ├── Maven__jakarta_annotation_jakarta_annotation_api_1_3_5.xml │ ├── Maven__jakarta_persistence_jakarta_persistence_api_2_2_3.xml │ ├── Maven__jakarta_transaction_jakarta_transaction_api_1_3_3.xml │ ├── Maven__jakarta_xml_bind_jakarta_xml_bind_api_2_3_3.xml │ ├── Maven__net_bytebuddy_byte_buddy_1_12_18.xml │ ├── Maven__net_bytebuddy_byte_buddy_agent_1_12_18.xml │ ├── Maven__net_minidev_accessors_smart_2_4_8.xml │ ├── Maven__net_minidev_json_smart_2_4_8.xml │ ├── Maven__org_apache_logging_log4j_log4j_api_2_17_2.xml │ ├── Maven__org_apache_logging_log4j_log4j_to_slf4j_2_17_2.xml │ ├── Maven__org_apache_tomcat_embed_tomcat_embed_core_9_0_68.xml │ ├── Maven__org_apache_tomcat_embed_tomcat_embed_el_9_0_68.xml │ ├── Maven__org_apache_tomcat_embed_tomcat_embed_websocket_9_0_68.xml │ ├── Maven__org_apiguardian_apiguardian_api_1_1_2.xml │ ├── Maven__org_aspectj_aspectjweaver_1_9_7.xml │ ├── Maven__org_assertj_assertj_core_3_22_0.xml │ ├── Maven__org_glassfish_jaxb_jaxb_runtime_2_3_7.xml │ ├── Maven__org_glassfish_jaxb_txw2_2_3_7.xml │ ├── Maven__org_hamcrest_hamcrest_2_2.xml │ ├── Maven__org_hibernate_common_hibernate_commons_annotations_5_1_2_Final.xml │ ├── Maven__org_hibernate_hibernate_core_5_6_12_Final.xml │ ├── Maven__org_jboss_jandex_2_4_2_Final.xml │ ├── Maven__org_jboss_logging_jboss_logging_3_4_3_Final.xml │ ├── Maven__org_junit_jupiter_junit_jupiter_5_8_2.xml │ ├── Maven__org_junit_jupiter_junit_jupiter_api_5_8_2.xml │ ├── Maven__org_junit_jupiter_junit_jupiter_engine_5_8_2.xml │ ├── Maven__org_junit_jupiter_junit_jupiter_params_5_8_2.xml │ ├── Maven__org_junit_platform_junit_platform_commons_1_8_2.xml │ ├── Maven__org_junit_platform_junit_platform_engine_1_8_2.xml │ ├── Maven__org_mockito_mockito_core_4_5_1.xml │ ├── Maven__org_mockito_mockito_junit_jupiter_4_5_1.xml │ ├── Maven__org_objenesis_objenesis_3_2.xml │ ├── Maven__org_opentest4j_opentest4j_1_2_0.xml │ ├── Maven__org_ow2_asm_asm_9_1.xml │ ├── Maven__org_projectlombok_lombok_1_18_24.xml │ ├── Maven__org_skyscreamer_jsonassert_1_5_1.xml │ ├── Maven__org_slf4j_jul_to_slf4j_1_7_36.xml │ ├── Maven__org_slf4j_slf4j_api_1_7_36.xml │ ├── Maven__org_springframework_boot_spring_boot_2_7_5.xml │ ├── Maven__org_springframework_boot_spring_boot_autoconfigure_2_7_5.xml │ ├── Maven__org_springframework_boot_spring_boot_configuration_processor_2_7_5.xml │ ├── Maven__org_springframework_boot_spring_boot_devtools_2_7_5.xml │ ├── Maven__org_springframework_boot_spring_boot_starter_2_7_5.xml │ ├── Maven__org_springframework_boot_spring_boot_starter_aop_2_7_5.xml │ ├── Maven__org_springframework_boot_spring_boot_starter_data_jpa_2_7_5.xml │ ├── Maven__org_springframework_boot_spring_boot_starter_jdbc_2_7_5.xml │ ├── Maven__org_springframework_boot_spring_boot_starter_json_2_7_5.xml │ ├── Maven__org_springframework_boot_spring_boot_starter_logging_2_7_5.xml │ ├── Maven__org_springframework_boot_spring_boot_starter_oauth2_resource_server_2_7_5.xml │ ├── Maven__org_springframework_boot_spring_boot_starter_security_2_7_5.xml │ ├── Maven__org_springframework_boot_spring_boot_starter_test_2_7_5.xml │ ├── Maven__org_springframework_boot_spring_boot_starter_tomcat_2_7_5.xml │ ├── Maven__org_springframework_boot_spring_boot_starter_web_2_7_5.xml │ ├── Maven__org_springframework_boot_spring_boot_test_2_7_5.xml │ ├── Maven__org_springframework_boot_spring_boot_test_autoconfigure_2_7_5.xml │ ├── Maven__org_springframework_data_spring_data_commons_2_7_5.xml │ ├── Maven__org_springframework_data_spring_data_jpa_2_7_5.xml │ ├── Maven__org_springframework_security_spring_security_config_5_7_4.xml │ ├── Maven__org_springframework_security_spring_security_core_5_7_4.xml │ ├── Maven__org_springframework_security_spring_security_crypto_5_7_4.xml │ ├── Maven__org_springframework_security_spring_security_oauth2_core_5_7_4.xml │ ├── Maven__org_springframework_security_spring_security_oauth2_jose_5_7_4.xml │ ├── Maven__org_springframework_security_spring_security_oauth2_resource_server_5_7_4.xml │ ├── Maven__org_springframework_security_spring_security_test_5_7_4.xml │ ├── Maven__org_springframework_security_spring_security_web_5_7_4.xml │ ├── Maven__org_springframework_spring_aop_5_3_23.xml │ ├── Maven__org_springframework_spring_aspects_5_3_23.xml │ ├── Maven__org_springframework_spring_beans_5_3_23.xml │ ├── Maven__org_springframework_spring_context_5_3_23.xml │ ├── Maven__org_springframework_spring_core_5_3_23.xml │ ├── Maven__org_springframework_spring_expression_5_3_23.xml │ ├── Maven__org_springframework_spring_jcl_5_3_23.xml │ ├── Maven__org_springframework_spring_jdbc_5_3_23.xml │ ├── Maven__org_springframework_spring_orm_5_3_23.xml │ ├── Maven__org_springframework_spring_test_5_3_23.xml │ ├── Maven__org_springframework_spring_tx_5_3_23.xml │ ├── Maven__org_springframework_spring_web_5_3_23.xml │ ├── Maven__org_springframework_spring_webmvc_5_3_23.xml │ ├── Maven__org_xmlunit_xmlunit_core_2_9_0.xml │ └── Maven__org_yaml_snakeyaml_1_30.xml ├── misc.xml ├── modules.xml ├── sonarlint │ └── issuestore │ │ └── index.pb ├── uiDesigner.xml └── vcs.xml ├── Spring Security.pptx ├── basic-authentication ├── .gitignore ├── .mvn │ └── wrapper │ │ ├── maven-wrapper.jar │ │ └── maven-wrapper.properties ├── httpRequests │ └── UserResource.http ├── mvnw ├── mvnw.cmd ├── pom.xml └── src │ ├── main │ ├── java │ │ └── com │ │ │ └── example │ │ │ └── basicauthentication │ │ │ ├── ApplicationStartup.java │ │ │ ├── BasicAuthenticationApplication.java │ │ │ ├── api │ │ │ ├── LoginRequest.java │ │ │ └── UserResource.java │ │ │ ├── configs │ │ │ ├── CustomUserDetailService.java │ │ │ ├── MyUserDetails.java │ │ │ ├── SecurityConfiguration.java │ │ │ └── filter │ │ │ │ └── CustomFilter.java │ │ │ └── user │ │ │ ├── User.java │ │ │ ├── UserDao.java │ │ │ ├── UserService.java │ │ │ ├── UserServiceImpl.java │ │ │ ├── requests │ │ │ └── LoginRequestBody.java │ │ │ └── responses │ │ │ └── LoginResponse.java │ └── resources │ │ └── application.properties │ └── test │ └── java │ └── com │ └── example │ └── basicauthentication │ └── BasicAuthenticationApplicationTests.java ├── spring-security-presentation.iml ├── spring-security-with-authority-jwt-crypted ├── .gitignore ├── .mvn │ └── wrapper │ │ ├── maven-wrapper.jar │ │ └── maven-wrapper.properties ├── httpRequests │ └── UserResource.http ├── mvnw ├── mvnw.cmd ├── pom.xml └── src │ ├── main │ ├── java │ │ └── com │ │ │ └── example │ │ │ └── springsecuritywithauthorityjwtcrypted │ │ │ ├── SpringSecurityWithAuthorityJwtCryptedApplication.java │ │ │ ├── api │ │ │ └── UserResource.java │ │ │ ├── exception │ │ │ ├── BusinessException.java │ │ │ └── GlobalExceptionHandler.java │ │ │ ├── outservices │ │ │ ├── EmailVerificationService.java │ │ │ └── EmailVerificationServiceImpl.java │ │ │ ├── security │ │ │ ├── Authority.java │ │ │ ├── JwtUserDetailsConverter.java │ │ │ ├── SecurityConfiguration.java │ │ │ ├── crypto │ │ │ │ ├── AESCryptoService.java │ │ │ │ ├── CryptoProperties.java │ │ │ │ └── CryptoService.java │ │ │ └── token │ │ │ │ ├── JwtConfiguration.java │ │ │ │ ├── JwtProperties.java │ │ │ │ ├── JwtTokenService.java │ │ │ │ └── TokenService.java │ │ │ ├── user │ │ │ ├── RegisterRequest.java │ │ │ ├── RegisterResponse.java │ │ │ ├── User.java │ │ │ ├── UserDao.java │ │ │ ├── UserService.java │ │ │ └── UserServiceImpl.java │ │ │ └── utilities │ │ │ └── results │ │ │ ├── DataResult.java │ │ │ ├── ErrorDataResult.java │ │ │ ├── ErrorResult.java │ │ │ ├── Result.java │ │ │ ├── SuccessDataResult.java │ │ │ └── SuccessResult.java │ └── resources │ │ └── application.yml │ └── test │ └── java │ └── com │ └── example │ └── springsecuritywithauthorityjwtcrypted │ └── SpringSecurityWithAuthorityJwtCryptedApplicationTests.java ├── spring-security-with-authority-jwt-implementation ├── .gitignore ├── .mvn │ └── wrapper │ │ ├── maven-wrapper.jar │ │ └── maven-wrapper.properties ├── httpRequests │ └── UserResource.http ├── mvnw ├── mvnw.cmd ├── pom.xml └── src │ └── main │ ├── java │ └── com │ │ └── example │ │ └── springsecuritywithauthority │ │ ├── SpringSecurityWithAuthorityJwtImplementationApplication.java │ │ ├── api │ │ ├── Request.java │ │ ├── SwaggerConfig.java │ │ └── UserResource.java │ │ ├── exception │ │ ├── BusinessException.java │ │ └── GlobalExceptionHandler.java │ │ ├── outservices │ │ ├── EmailVerificationService.java │ │ └── EmailVerificationServiceImpl.java │ │ ├── security │ │ ├── Authority.java │ │ ├── CustomUserDetailsService.java │ │ ├── JwtUserDetailsConverter.java │ │ ├── MyUserDetails.java │ │ ├── SecurityConfiguration.java │ │ ├── log │ │ │ └── LoggingFilter.java │ │ └── token │ │ │ ├── JwtConfiguration.java │ │ │ ├── JwtProperties.java │ │ │ ├── JwtTokenService.java │ │ │ └── TokenService.java │ │ ├── user │ │ ├── RegisterRequest.java │ │ ├── RegisterResponse.java │ │ ├── User.java │ │ ├── UserDao.java │ │ ├── UserService.java │ │ └── UserServiceImpl.java │ │ └── utilities │ │ └── results │ │ ├── DataResult.java │ │ ├── ErrorDataResult.java │ │ ├── ErrorResult.java │ │ ├── Result.java │ │ ├── SuccessDataResult.java │ │ └── SuccessResult.java │ └── resources │ ├── application.yml │ └── logback.xml └── spring-security-with-authority ├── .gitignore ├── .mvn └── wrapper │ ├── maven-wrapper.jar │ └── maven-wrapper.properties ├── httpRequests └── UserResource.http ├── mvnw ├── mvnw.cmd ├── pom.xml └── src ├── main ├── java │ └── com │ │ └── example │ │ └── springsecuritywithauthority │ │ ├── SpringSecurityWithAuthorityApplication.java │ │ ├── api │ │ └── UserResource.java │ │ ├── exception │ │ ├── BusinessException.java │ │ └── GlobalExceptionHandler.java │ │ ├── outservices │ │ ├── EmailVerificationService.java │ │ └── EmailVerificationServiceImpl.java │ │ ├── security │ │ ├── Authority.java │ │ ├── CustomUserDetailsService.java │ │ ├── MyUserDetails.java │ │ ├── SecurityConfiguration.java │ │ └── filter │ │ │ └── CustomFilter.java │ │ ├── user │ │ ├── RegisterRequest.java │ │ ├── RegisterResponse.java │ │ ├── User.java │ │ ├── UserDao.java │ │ ├── UserService.java │ │ └── UserServiceImpl.java │ │ └── utilities │ │ └── results │ │ ├── DataResult.java │ │ ├── ErrorDataResult.java │ │ ├── ErrorResult.java │ │ ├── Result.java │ │ ├── SuccessDataResult.java │ │ └── SuccessResult.java └── resources │ └── application.properties └── test └── java └── com └── example └── springsecuritywithauthority └── SpringSecurityWithAuthorityApplicationTests.java /.idea/.gitignore: -------------------------------------------------------------------------------- 1 | # Default ignored files 2 | /shelf/ 3 | /workspace.xml 4 | # Editor-based HTTP Client requests 5 | /httpRequests/ 6 | # Datasource local storage ignored files 7 | /dataSources/ 8 | /dataSources.local.xml 9 | -------------------------------------------------------------------------------- /.idea/compiler.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 32 | 33 | -------------------------------------------------------------------------------- /.idea/encodings.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/google-java-format.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 6 | -------------------------------------------------------------------------------- /.idea/jarRepositories.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 9 | 10 | 14 | 15 | 19 | 20 | 24 | 25 | 29 | 30 | -------------------------------------------------------------------------------- /.idea/jpa-buddy.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 7 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__antlr_antlr_2_7_7.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__ch_qos_logback_logback_classic_1_2_11.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__ch_qos_logback_logback_core_1_2_11.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__com_fasterxml_classmate_1_5_1.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__com_fasterxml_jackson_core_jackson_annotations_2_13_4.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__com_fasterxml_jackson_core_jackson_core_2_13_4.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__com_fasterxml_jackson_core_jackson_databind_2_13_4_2.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__com_fasterxml_jackson_datatype_jackson_datatype_jdk8_2_13_4.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__com_fasterxml_jackson_datatype_jackson_datatype_jsr310_2_13_4.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__com_fasterxml_jackson_module_jackson_module_parameter_names_2_13_4.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__com_github_stephenc_jcip_jcip_annotations_1_0_1.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__com_h2database_h2_2_1_214.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__com_jayway_jsonpath_json_path_2_7_0.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__com_nimbusds_nimbus_jose_jwt_9_22.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__com_sun_activation_jakarta_activation_1_2_2.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__com_sun_istack_istack_commons_runtime_3_0_12.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__com_vaadin_external_google_android_json_0_0_20131108_vaadin1.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__com_zaxxer_HikariCP_4_0_3.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__jakarta_activation_jakarta_activation_api_1_2_2.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__jakarta_annotation_jakarta_annotation_api_1_3_5.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__jakarta_persistence_jakarta_persistence_api_2_2_3.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__jakarta_transaction_jakarta_transaction_api_1_3_3.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__jakarta_xml_bind_jakarta_xml_bind_api_2_3_3.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__net_bytebuddy_byte_buddy_1_12_18.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__net_bytebuddy_byte_buddy_agent_1_12_18.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__net_minidev_accessors_smart_2_4_8.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__net_minidev_json_smart_2_4_8.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_apache_logging_log4j_log4j_api_2_17_2.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_apache_logging_log4j_log4j_to_slf4j_2_17_2.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_apache_tomcat_embed_tomcat_embed_core_9_0_68.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_apache_tomcat_embed_tomcat_embed_el_9_0_68.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_apache_tomcat_embed_tomcat_embed_websocket_9_0_68.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_apiguardian_apiguardian_api_1_1_2.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_aspectj_aspectjweaver_1_9_7.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_assertj_assertj_core_3_22_0.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_glassfish_jaxb_jaxb_runtime_2_3_7.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_glassfish_jaxb_txw2_2_3_7.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_hamcrest_hamcrest_2_2.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_hibernate_common_hibernate_commons_annotations_5_1_2_Final.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_hibernate_hibernate_core_5_6_12_Final.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_jboss_jandex_2_4_2_Final.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_jboss_logging_jboss_logging_3_4_3_Final.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_junit_jupiter_junit_jupiter_5_8_2.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_junit_jupiter_junit_jupiter_api_5_8_2.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_junit_jupiter_junit_jupiter_engine_5_8_2.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_junit_jupiter_junit_jupiter_params_5_8_2.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_junit_platform_junit_platform_commons_1_8_2.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_junit_platform_junit_platform_engine_1_8_2.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_mockito_mockito_core_4_5_1.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_mockito_mockito_junit_jupiter_4_5_1.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_objenesis_objenesis_3_2.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_opentest4j_opentest4j_1_2_0.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_ow2_asm_asm_9_1.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_projectlombok_lombok_1_18_24.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_skyscreamer_jsonassert_1_5_1.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_slf4j_jul_to_slf4j_1_7_36.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_slf4j_slf4j_api_1_7_36.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_springframework_boot_spring_boot_2_7_5.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_springframework_boot_spring_boot_autoconfigure_2_7_5.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_springframework_boot_spring_boot_configuration_processor_2_7_5.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_springframework_boot_spring_boot_devtools_2_7_5.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_2_7_5.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_aop_2_7_5.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_data_jpa_2_7_5.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_jdbc_2_7_5.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_json_2_7_5.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_logging_2_7_5.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_oauth2_resource_server_2_7_5.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_security_2_7_5.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_test_2_7_5.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_tomcat_2_7_5.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_web_2_7_5.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_springframework_boot_spring_boot_test_2_7_5.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_springframework_boot_spring_boot_test_autoconfigure_2_7_5.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_springframework_data_spring_data_commons_2_7_5.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_springframework_data_spring_data_jpa_2_7_5.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_springframework_security_spring_security_config_5_7_4.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_springframework_security_spring_security_core_5_7_4.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_springframework_security_spring_security_crypto_5_7_4.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_springframework_security_spring_security_oauth2_core_5_7_4.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_springframework_security_spring_security_oauth2_jose_5_7_4.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_springframework_security_spring_security_oauth2_resource_server_5_7_4.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_springframework_security_spring_security_test_5_7_4.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_springframework_security_spring_security_web_5_7_4.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_springframework_spring_aop_5_3_23.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_springframework_spring_aspects_5_3_23.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_springframework_spring_beans_5_3_23.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_springframework_spring_context_5_3_23.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_springframework_spring_core_5_3_23.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_springframework_spring_expression_5_3_23.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_springframework_spring_jcl_5_3_23.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_springframework_spring_jdbc_5_3_23.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_springframework_spring_orm_5_3_23.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_springframework_spring_test_5_3_23.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_springframework_spring_tx_5_3_23.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_springframework_spring_web_5_3_23.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_springframework_spring_webmvc_5_3_23.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_xmlunit_xmlunit_core_2_9_0.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/libraries/Maven__org_yaml_snakeyaml_1_30.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/misc.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 12 | 13 | 14 | 15 | 16 | 17 | 19 | -------------------------------------------------------------------------------- /.idea/modules.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /.idea/sonarlint/issuestore/index.pb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hnfaydn/spring-security-presentation/edda90dc0bbb6e16fb4f9e4d073158b350ca6999/.idea/sonarlint/issuestore/index.pb -------------------------------------------------------------------------------- /.idea/vcs.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /Spring Security.pptx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hnfaydn/spring-security-presentation/edda90dc0bbb6e16fb4f9e4d073158b350ca6999/Spring Security.pptx -------------------------------------------------------------------------------- /basic-authentication/.gitignore: -------------------------------------------------------------------------------- 1 | HELP.md 2 | target/ 3 | !.mvn/wrapper/maven-wrapper.jar 4 | !**/src/main/**/target/ 5 | !**/src/test/**/target/ 6 | 7 | ### STS ### 8 | .apt_generated 9 | .classpath 10 | .factorypath 11 | .project 12 | .settings 13 | .springBeans 14 | .sts4-cache 15 | 16 | ### IntelliJ IDEA ### 17 | .idea 18 | *.iws 19 | *.iml 20 | *.ipr 21 | 22 | ### NetBeans ### 23 | /nbproject/private/ 24 | /nbbuild/ 25 | /dist/ 26 | /nbdist/ 27 | /.nb-gradle/ 28 | build/ 29 | !**/src/main/**/build/ 30 | !**/src/test/**/build/ 31 | 32 | ### VS Code ### 33 | .vscode/ 34 | -------------------------------------------------------------------------------- /basic-authentication/.mvn/wrapper/maven-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hnfaydn/spring-security-presentation/edda90dc0bbb6e16fb4f9e4d073158b350ca6999/basic-authentication/.mvn/wrapper/maven-wrapper.jar -------------------------------------------------------------------------------- /basic-authentication/.mvn/wrapper/maven-wrapper.properties: -------------------------------------------------------------------------------- 1 | distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.6/apache-maven-3.8.6-bin.zip 2 | wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar 3 | -------------------------------------------------------------------------------- /basic-authentication/httpRequests/UserResource.http: -------------------------------------------------------------------------------- 1 | ### Get basic authentication test 2 | GET localhost:8080/api/user/get 3 | Authorization: Basic testMail test 4 | 5 | 6 | ### Post with authentication 7 | POST localhost:8080/api/user/login 8 | Authorization: Basic test@mail.com test 9 | Content-Type: application/json 10 | 11 | { 12 | "email": "testMail", 13 | "password": "test" 14 | } 15 | 16 | -------------------------------------------------------------------------------- /basic-authentication/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 4 | 4.0.0 5 | 6 | org.springframework.boot 7 | spring-boot-starter-parent 8 | 2.7.5 9 | 10 | 11 | com.example 12 | basic-authentication 13 | 0.0.1-SNAPSHOT 14 | basic-authentication 15 | basic-authentication 16 | 17 | 17 18 | 19 | 20 | 21 | org.springframework.boot 22 | spring-boot-starter-data-jpa 23 | 24 | 25 | org.springframework.boot 26 | spring-boot-starter-security 27 | 28 | 29 | org.springframework.boot 30 | spring-boot-starter-web 31 | 32 | 33 | 34 | org.springframework.boot 35 | spring-boot-devtools 36 | runtime 37 | true 38 | 39 | 40 | com.h2database 41 | h2 42 | runtime 43 | 44 | 45 | org.projectlombok 46 | lombok 47 | true 48 | 49 | 50 | org.springframework.boot 51 | spring-boot-starter-test 52 | test 53 | 54 | 55 | org.springframework.security 56 | spring-security-test 57 | test 58 | 59 | 60 | 61 | 62 | 63 | 64 | org.springframework.boot 65 | spring-boot-maven-plugin 66 | 67 | 68 | 69 | org.projectlombok 70 | lombok 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | -------------------------------------------------------------------------------- /basic-authentication/src/main/java/com/example/basicauthentication/ApplicationStartup.java: -------------------------------------------------------------------------------- 1 | package com.example.basicauthentication; 2 | 3 | import com.example.basicauthentication.user.User; 4 | import com.example.basicauthentication.user.UserDao; 5 | import org.springframework.boot.context.event.ApplicationReadyEvent; 6 | import org.springframework.context.ApplicationListener; 7 | import org.springframework.stereotype.Component; 8 | 9 | import java.util.List; 10 | 11 | @Component 12 | public class ApplicationStartup implements ApplicationListener { 13 | private final UserDao userDao; 14 | 15 | public ApplicationStartup(UserDao userDao) { 16 | this.userDao = userDao; 17 | } 18 | 19 | @Override 20 | public void onApplicationEvent(ApplicationReadyEvent event) { 21 | final var user = new User(1, "testFirstname", "testLastname", "test@mail.com", "test"); 22 | final var user2 = new User(2, "testFirstname", "testLastname", "testMail", "test"); 23 | final var userList = List.of(user, user2); 24 | this.userDao.saveAll(userList); 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /basic-authentication/src/main/java/com/example/basicauthentication/BasicAuthenticationApplication.java: -------------------------------------------------------------------------------- 1 | package com.example.basicauthentication; 2 | 3 | import org.springframework.boot.SpringApplication; 4 | import org.springframework.boot.autoconfigure.SpringBootApplication; 5 | 6 | @SpringBootApplication 7 | public class BasicAuthenticationApplication { 8 | public static void main(String[] args) { 9 | SpringApplication.run(BasicAuthenticationApplication.class, args); 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /basic-authentication/src/main/java/com/example/basicauthentication/api/LoginRequest.java: -------------------------------------------------------------------------------- 1 | package com.example.basicauthentication.api; 2 | 3 | import lombok.AllArgsConstructor; 4 | import lombok.Getter; 5 | import lombok.NoArgsConstructor; 6 | import lombok.Setter; 7 | 8 | @Getter 9 | @Setter 10 | @NoArgsConstructor 11 | @AllArgsConstructor 12 | public class LoginRequest { 13 | private String email; 14 | private String password; 15 | } 16 | -------------------------------------------------------------------------------- /basic-authentication/src/main/java/com/example/basicauthentication/api/UserResource.java: -------------------------------------------------------------------------------- 1 | package com.example.basicauthentication.api; 2 | 3 | import com.example.basicauthentication.user.UserService; 4 | import com.example.basicauthentication.user.requests.LoginRequestBody; 5 | import com.example.basicauthentication.user.responses.LoginResponse; 6 | import org.springframework.http.ResponseEntity; 7 | import org.springframework.web.bind.annotation.*; 8 | 9 | @RestController 10 | @RequestMapping("/api/user") 11 | public class UserResource { 12 | 13 | private final UserService userService; 14 | 15 | public UserResource(UserService userService) { 16 | this.userService = userService; 17 | } 18 | 19 | @PostMapping("/login") 20 | ResponseEntity login(@RequestBody LoginRequest loginRequest) { 21 | final var loginRequestBody = new LoginRequestBody(); 22 | loginRequestBody.setEmail(loginRequest.getEmail()); 23 | loginRequestBody.setPassword(loginRequest.getPassword()); 24 | return this.userService.login(loginRequestBody); 25 | } 26 | 27 | @GetMapping("/get") 28 | String login() { 29 | return "Security work correctly"; 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /basic-authentication/src/main/java/com/example/basicauthentication/configs/CustomUserDetailService.java: -------------------------------------------------------------------------------- 1 | package com.example.basicauthentication.configs; 2 | 3 | import com.example.basicauthentication.user.UserDao; 4 | import org.springframework.security.core.userdetails.UserDetails; 5 | import org.springframework.security.core.userdetails.UserDetailsService; 6 | import org.springframework.security.core.userdetails.UsernameNotFoundException; 7 | import org.springframework.stereotype.Service; 8 | 9 | import java.util.Objects; 10 | 11 | @Service 12 | public class CustomUserDetailService implements UserDetailsService { 13 | private final UserDao userDao; 14 | 15 | public CustomUserDetailService(UserDao userDao) { 16 | this.userDao = userDao; 17 | } 18 | 19 | @Override 20 | public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException { 21 | com.example.basicauthentication.user.User user = this.userDao.findUserByEmail(email); 22 | if (Objects.isNull(user)) { 23 | throw new UsernameNotFoundException("There is no user with following email adress:" + email); 24 | } 25 | return new MyUserDetails(user); 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /basic-authentication/src/main/java/com/example/basicauthentication/configs/MyUserDetails.java: -------------------------------------------------------------------------------- 1 | package com.example.basicauthentication.configs; 2 | 3 | import com.example.basicauthentication.user.User; 4 | import org.springframework.security.core.GrantedAuthority; 5 | import org.springframework.security.core.userdetails.UserDetails; 6 | 7 | import java.util.Collection; 8 | import java.util.List; 9 | 10 | public class MyUserDetails implements UserDetails { 11 | private final User user; 12 | 13 | public MyUserDetails(User user) { 14 | this.user = user; 15 | } 16 | 17 | @Override 18 | public Collection getAuthorities() { 19 | return List.of(); 20 | } 21 | 22 | @Override 23 | public String getPassword() { 24 | return user.getPassword(); 25 | } 26 | 27 | @Override 28 | public String getUsername() { 29 | return user.getEmail(); 30 | } 31 | 32 | @Override 33 | public boolean isAccountNonExpired() { 34 | return true; 35 | } 36 | 37 | @Override 38 | public boolean isAccountNonLocked() { 39 | return true; 40 | } 41 | 42 | @Override 43 | public boolean isCredentialsNonExpired() { 44 | return true; 45 | } 46 | 47 | @Override 48 | public boolean isEnabled() { 49 | return true; 50 | } 51 | } 52 | -------------------------------------------------------------------------------- /basic-authentication/src/main/java/com/example/basicauthentication/configs/SecurityConfiguration.java: -------------------------------------------------------------------------------- 1 | package com.example.basicauthentication.configs; 2 | 3 | import com.example.basicauthentication.configs.filter.CustomFilter; 4 | import org.springframework.context.annotation.Bean; 5 | import org.springframework.context.annotation.Configuration; 6 | import org.springframework.security.config.annotation.web.builders.HttpSecurity; 7 | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; 8 | import org.springframework.security.core.userdetails.UserDetailsService; 9 | import org.springframework.security.crypto.password.NoOpPasswordEncoder; 10 | import org.springframework.security.crypto.password.PasswordEncoder; 11 | import org.springframework.security.web.SecurityFilterChain; 12 | import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; 13 | 14 | import static org.springframework.security.config.Customizer.withDefaults; 15 | 16 | @EnableWebSecurity 17 | @Configuration 18 | public class SecurityConfiguration { 19 | @Bean 20 | public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { 21 | 22 | return http.httpBasic(withDefaults()) 23 | .addFilterBefore(new CustomFilter(), BasicAuthenticationFilter.class) 24 | .csrf() 25 | .disable() 26 | .build(); 27 | } 28 | 29 | @Bean 30 | public PasswordEncoder getPasswordEncoder() { 31 | return NoOpPasswordEncoder.getInstance(); 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /basic-authentication/src/main/java/com/example/basicauthentication/configs/filter/CustomFilter.java: -------------------------------------------------------------------------------- 1 | package com.example.basicauthentication.configs.filter; 2 | 3 | import lombok.extern.slf4j.Slf4j; 4 | import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; 5 | import org.springframework.security.web.authentication.www.BasicAuthenticationConverter; 6 | import org.springframework.web.filter.GenericFilterBean; 7 | 8 | import javax.servlet.FilterChain; 9 | import javax.servlet.ServletException; 10 | import javax.servlet.ServletRequest; 11 | import javax.servlet.ServletResponse; 12 | import javax.servlet.http.HttpServletRequest; 13 | import javax.servlet.http.HttpServletResponse; 14 | import java.io.IOException; 15 | 16 | @Slf4j 17 | public class CustomFilter extends GenericFilterBean { 18 | 19 | private BasicAuthenticationConverter authenticationConverter = new BasicAuthenticationConverter(); 20 | 21 | @Override 22 | public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) 23 | throws IOException, ServletException { 24 | HttpServletRequest httpServletRequest = (HttpServletRequest) request; 25 | HttpServletResponse httpServletResponse = (HttpServletResponse) response; 26 | 27 | UsernamePasswordAuthenticationToken authRequest = 28 | this.authenticationConverter.convert(httpServletRequest); 29 | final var name = authRequest.getName(); 30 | final var method = httpServletRequest.getMethod(); 31 | log.info("Following user:'{}' has sent request with method type of {}", name, method); 32 | 33 | chain.doFilter(request, response); 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /basic-authentication/src/main/java/com/example/basicauthentication/user/User.java: -------------------------------------------------------------------------------- 1 | package com.example.basicauthentication.user; 2 | 3 | import lombok.*; 4 | 5 | import javax.persistence.*; 6 | 7 | @Entity 8 | @Getter 9 | @Setter 10 | @AllArgsConstructor 11 | @NoArgsConstructor 12 | @Table(name = "users") 13 | @Builder 14 | public class User { 15 | @Id 16 | @GeneratedValue(strategy = GenerationType.IDENTITY) 17 | @Column(name = "id") 18 | private int id; 19 | 20 | @Column(name = "firstname") 21 | private String firstname; 22 | 23 | @Column(name = "lastname") 24 | private String lastname; 25 | 26 | @Column(name = "email") 27 | private String email; 28 | 29 | @Column(name = "password") 30 | private String password; 31 | } 32 | -------------------------------------------------------------------------------- /basic-authentication/src/main/java/com/example/basicauthentication/user/UserDao.java: -------------------------------------------------------------------------------- 1 | package com.example.basicauthentication.user; 2 | 3 | import org.springframework.data.jpa.repository.JpaRepository; 4 | import org.springframework.stereotype.Repository; 5 | 6 | @Repository 7 | public interface UserDao extends JpaRepository { 8 | User findUserByEmail(String email); 9 | } 10 | -------------------------------------------------------------------------------- /basic-authentication/src/main/java/com/example/basicauthentication/user/UserService.java: -------------------------------------------------------------------------------- 1 | package com.example.basicauthentication.user; 2 | 3 | import com.example.basicauthentication.user.requests.LoginRequestBody; 4 | import com.example.basicauthentication.user.responses.LoginResponse; 5 | import org.springframework.http.ResponseEntity; 6 | 7 | public interface UserService { 8 | ResponseEntity login(LoginRequestBody loginRequestBody); 9 | } 10 | -------------------------------------------------------------------------------- /basic-authentication/src/main/java/com/example/basicauthentication/user/UserServiceImpl.java: -------------------------------------------------------------------------------- 1 | package com.example.basicauthentication.user; 2 | 3 | import com.example.basicauthentication.user.requests.LoginRequestBody; 4 | import com.example.basicauthentication.user.responses.LoginResponse; 5 | import org.springframework.http.HttpStatus; 6 | import org.springframework.http.ResponseEntity; 7 | import org.springframework.security.core.userdetails.UsernameNotFoundException; 8 | import org.springframework.stereotype.Service; 9 | 10 | import java.util.Optional; 11 | 12 | @Service 13 | public class UserServiceImpl implements UserService { 14 | private final UserDao userDao; 15 | 16 | public UserServiceImpl(UserDao userDao) { 17 | this.userDao = userDao; 18 | } 19 | 20 | @Override 21 | public ResponseEntity login(LoginRequestBody loginRequestBody) { 22 | final var userByEmail = Optional.of(this.userDao.findUserByEmail(loginRequestBody.getEmail())); 23 | 24 | final var user = 25 | userByEmail.orElseThrow( 26 | () -> { 27 | throw new UsernameNotFoundException( 28 | "There is no user with following email: " + loginRequestBody.getEmail()); 29 | }); 30 | 31 | return new ResponseEntity<>( 32 | new LoginResponse(user.getEmail(), user.getFirstname(), user.getLastname()), HttpStatus.OK); 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /basic-authentication/src/main/java/com/example/basicauthentication/user/requests/LoginRequestBody.java: -------------------------------------------------------------------------------- 1 | package com.example.basicauthentication.user.requests; 2 | 3 | import lombok.AllArgsConstructor; 4 | import lombok.Getter; 5 | import lombok.NoArgsConstructor; 6 | import lombok.Setter; 7 | 8 | @Getter 9 | @Setter 10 | @NoArgsConstructor 11 | @AllArgsConstructor 12 | public class LoginRequestBody { 13 | private String email; 14 | private String password; 15 | } 16 | -------------------------------------------------------------------------------- /basic-authentication/src/main/java/com/example/basicauthentication/user/responses/LoginResponse.java: -------------------------------------------------------------------------------- 1 | package com.example.basicauthentication.user.responses; 2 | 3 | import lombok.AllArgsConstructor; 4 | import lombok.Getter; 5 | import lombok.NoArgsConstructor; 6 | import lombok.Setter; 7 | 8 | @Getter 9 | @Setter 10 | @NoArgsConstructor 11 | @AllArgsConstructor 12 | public class LoginResponse { 13 | private String email; 14 | private String firstname; 15 | private String lastname; 16 | } 17 | -------------------------------------------------------------------------------- /basic-authentication/src/main/resources/application.properties: -------------------------------------------------------------------------------- 1 | spring.datasource.url=jdbc:h2:mem:testdb 2 | spring.datasource.driverClassName=org.h2.Driver 3 | spring.datasource.username=sa 4 | spring.jpa.database-platform=org.hibernate.dialect.H2Dialect 5 | -------------------------------------------------------------------------------- /basic-authentication/src/test/java/com/example/basicauthentication/BasicAuthenticationApplicationTests.java: -------------------------------------------------------------------------------- 1 | package com.example.basicauthentication; 2 | 3 | import org.junit.jupiter.api.Test; 4 | import org.springframework.boot.test.context.SpringBootTest; 5 | 6 | @SpringBootTest 7 | class BasicAuthenticationApplicationTests { 8 | 9 | @Test 10 | void contextLoads() {} 11 | } 12 | -------------------------------------------------------------------------------- /spring-security-presentation.iml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-crypted/.gitignore: -------------------------------------------------------------------------------- 1 | HELP.md 2 | target/ 3 | !.mvn/wrapper/maven-wrapper.jar 4 | !**/src/main/**/target/ 5 | !**/src/test/**/target/ 6 | 7 | ### STS ### 8 | .apt_generated 9 | .classpath 10 | .factorypath 11 | .project 12 | .settings 13 | .springBeans 14 | .sts4-cache 15 | 16 | ### IntelliJ IDEA ### 17 | .idea 18 | *.iws 19 | *.iml 20 | *.ipr 21 | 22 | ### NetBeans ### 23 | /nbproject/private/ 24 | /nbbuild/ 25 | /dist/ 26 | /nbdist/ 27 | /.nb-gradle/ 28 | build/ 29 | !**/src/main/**/build/ 30 | !**/src/test/**/build/ 31 | 32 | ### VS Code ### 33 | .vscode/ 34 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-crypted/.mvn/wrapper/maven-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hnfaydn/spring-security-presentation/edda90dc0bbb6e16fb4f9e4d073158b350ca6999/spring-security-with-authority-jwt-crypted/.mvn/wrapper/maven-wrapper.jar -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-crypted/.mvn/wrapper/maven-wrapper.properties: -------------------------------------------------------------------------------- 1 | distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.6/apache-maven-3.8.6-bin.zip 2 | wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar 3 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-crypted/httpRequests/UserResource.http: -------------------------------------------------------------------------------- 1 | ### Register 2 | POST localhost:8080/api/user/register 3 | Content-Type: application/json 4 | X-Csrf-Token: 5 | 6 | { 7 | "firstname": "testFirstname", 8 | "lastname": "testLastname", 9 | "email": "testMail2", 10 | "password": "testPassword", 11 | "authority": "user" 12 | } 13 | 14 | ### Admin 15 | GET localhost:8080/api/user/admin-login 16 | Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJzb2Z0cG9zLW1vYmlsZS1iYWNrZW5kIiwic3ViIjoidGVzdE1haWwiLCJleHAiOjE2NjkyNDAyMjcsImlhdCI6MTY2OTE1MzgyNywidXNlciI6IkFBQUFBQUFBQUFBQUFBQUFkcitudzZcL3U0V1dNalh2eHZVMjFwUDRjR1BJamFEZmVCa0pvdTZKYlFOTE15TTZNMEV0ejRDQkdnUmFPTzVMaUpnWGVLQ1FZdEQ4XC83dEk4MngxZ0IyVDNqZXY3RDNKdXE5VVRrMlg4V0hrdm5OUksrbkVcL0pGb2lKQ3ZvZEJtbDVQb2doU0JyTzZXKzZzNGRPaWhzbDZGV2JDSkFjN1VjWmlpeFFKWXBmM2Y0VkhBZTJwb0tjTEhRTEVJWjB6dz0ifQ.duqp-yKDOTCxXJ_rt_oZXAP8uj3aSycBr6S8KXecSsQ 17 | 18 | ### User 19 | GET localhost:8080/api/user/user-login 20 | Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJzb2Z0cG9zLW1vYmlsZS1iYWNrZW5kIiwic3ViIjoidGVzdE1haWwyIiwiZXhwIjoxNjY5MzgwNzY4LCJpYXQiOjE2NjkyOTQzNjgsInVzZXIiOiJBQUFBQUFBQUFBQUFBQUFBZHIrbnc2XC91NFdXTWpYdnh2VTIxcFA0Y0dQSWphRGZlQmtKb3U2SmJRTkxNeU02TTBFdHo0Q0JHZ1JhT081TGlKZ1hlS0NRWXREOFwvN3RJODJ4MWdCMlQzamV2N0QzSnVxOVVUazJYOFdHa2hrb1piNkhFN1BFYzBZalB3SWdpejQ5NFJseUJ2STdpb3JNQVRlVHh0aTZaTGR6OU5LSzBFQlRtdlRJb3BmeGpmdThIWjFwMG5jNnh0TDZcL1dLWU09In0.dk83AXejL6hwH5DlQ3L3C0XQKCEcP7MhAI3M5YptRUM 21 | 22 | 23 | ### Editor 24 | GET localhost:8080/api/user/editor-login 25 | Authorization: Basic testMail testPassword 26 | 27 | 28 | ### Any-of-authority 29 | GET localhost:8080/api/user/any-of-request-login 30 | Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJzb2Z0cG9zLW1vYmlsZS1iYWNrZW5kIiwic3ViIjoidGVzdE1haWwyIiwiZXhwIjoxNjY5MjQwMzA4LCJpYXQiOjE2NjkxNTM5MDgsInVzZXIiOiJBQUFBQUFBQUFBQUFBQUFBZHIrbnc2XC91NFdXTWpYdnh2VTIxcFA0Y0dQSWphRGZlQmtKb3U2SmJRTkxNeU02TTBFdHo0Q0JHZ1JhT081TGlKZ1hlS0NRWXREOFwvN3RJODJ4MWdCMlQzamV2N0QzSnVxOVVUazJYOFdHa2hrb1piNkhFN1BFYzBZalB3SWdpejQ5NFJseUJ2STdpb3JNQVRlVHh0aTZaTGR6OU5LSzBFQlRtdlRJb3BmeGpmdThIWjFwMG5jNnh0TDZcL1dLWU09In0.ZG7jo-pNF0LMurxxCWaNly1JyZpoxvhoMbNNOYUYaBs 31 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-crypted/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 4 | 4.0.0 5 | 6 | org.springframework.boot 7 | spring-boot-starter-parent 8 | 2.7.5 9 | 10 | 11 | com.example 12 | spring-security-with-authority-jwt-crypted 13 | 0.0.1-SNAPSHOT 14 | spring-security-with-authority-jwt-crypted 15 | spring-security-with-authority-jwt-crypted 16 | 17 | 17 18 | 19 | 20 | 21 | org.springframework.boot 22 | spring-boot-starter-data-jpa 23 | 24 | 25 | org.springframework.boot 26 | spring-boot-starter-oauth2-resource-server 27 | 28 | 29 | org.springframework.boot 30 | spring-boot-configuration-processor 31 | true 32 | 33 | 34 | org.springframework.boot 35 | spring-boot-starter-security 36 | 37 | 38 | org.springframework.boot 39 | spring-boot-starter-web 40 | 41 | 42 | 43 | org.springframework.boot 44 | spring-boot-devtools 45 | runtime 46 | true 47 | 48 | 49 | com.h2database 50 | h2 51 | runtime 52 | 53 | 54 | org.projectlombok 55 | lombok 56 | true 57 | 58 | 59 | org.springframework.boot 60 | spring-boot-starter-test 61 | test 62 | 63 | 64 | org.springframework.security 65 | spring-security-test 66 | test 67 | 68 | 69 | 70 | 71 | 72 | 73 | org.springframework.boot 74 | spring-boot-maven-plugin 75 | 76 | 77 | 78 | org.projectlombok 79 | lombok 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-crypted/src/main/java/com/example/springsecuritywithauthorityjwtcrypted/SpringSecurityWithAuthorityJwtCryptedApplication.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthorityjwtcrypted; 2 | 3 | import org.springframework.boot.SpringApplication; 4 | import org.springframework.boot.autoconfigure.SpringBootApplication; 5 | 6 | @SpringBootApplication 7 | public class SpringSecurityWithAuthorityJwtCryptedApplication { 8 | 9 | public static void main(String[] args) { 10 | SpringApplication.run(SpringSecurityWithAuthorityJwtCryptedApplication.class, args); 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-crypted/src/main/java/com/example/springsecuritywithauthorityjwtcrypted/api/UserResource.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthorityjwtcrypted.api; 2 | 3 | import com.example.springsecuritywithauthorityjwtcrypted.user.RegisterRequest; 4 | import com.example.springsecuritywithauthorityjwtcrypted.user.RegisterResponse; 5 | import com.example.springsecuritywithauthorityjwtcrypted.user.UserServiceImpl; 6 | import org.springframework.http.ResponseEntity; 7 | import org.springframework.security.access.prepost.PreAuthorize; 8 | import org.springframework.web.bind.annotation.*; 9 | 10 | @RestController 11 | @RequestMapping("/api/user") 12 | public class UserResource { 13 | private final UserServiceImpl userService; 14 | 15 | public UserResource(UserServiceImpl userService) { 16 | this.userService = userService; 17 | } 18 | 19 | @PostMapping("/register") 20 | public ResponseEntity register(@RequestBody RegisterRequest registerRequest) { 21 | return this.userService.register(registerRequest); 22 | } 23 | 24 | @PreAuthorize("hasAuthority('ADMIN')") 25 | @GetMapping("/admin-login") 26 | public ResponseEntity adminLogin() { 27 | return this.userService.adminAuthorityAcceptOnly(); 28 | } 29 | 30 | // @Secured("USER")//work with roles 31 | @PreAuthorize("hasAuthority('USER')") 32 | @GetMapping("/user-login") 33 | public ResponseEntity userLogin() { 34 | return this.userService.userAuthorityAcceptOnly(); 35 | } 36 | 37 | // @RolesAllowed("EDITOR")//work with roles 38 | @PreAuthorize("hasAuthority('EDITOR')") 39 | @GetMapping("/editor-login") 40 | public ResponseEntity editorLogin() { 41 | return this.userService.editorAuthorityAcceptOnly(); 42 | } 43 | 44 | @GetMapping("/any-of-request-login") 45 | public ResponseEntity anyOfAuthorityLogin() { 46 | return this.userService.acceptsAnyAuthority(); 47 | } 48 | } 49 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-crypted/src/main/java/com/example/springsecuritywithauthorityjwtcrypted/exception/BusinessException.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthorityjwtcrypted.exception; 2 | 3 | public class BusinessException extends RuntimeException { 4 | public BusinessException(String message) { 5 | super(message); 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-crypted/src/main/java/com/example/springsecuritywithauthorityjwtcrypted/exception/GlobalExceptionHandler.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthorityjwtcrypted.exception; 2 | 3 | import com.example.springsecuritywithauthorityjwtcrypted.utilities.results.ErrorDataResult; 4 | import org.springframework.http.HttpStatus; 5 | import org.springframework.web.bind.annotation.ExceptionHandler; 6 | import org.springframework.web.bind.annotation.ResponseStatus; 7 | import org.springframework.web.bind.annotation.RestControllerAdvice; 8 | 9 | @RestControllerAdvice 10 | public class GlobalExceptionHandler { 11 | @ExceptionHandler 12 | @ResponseStatus(code = HttpStatus.BAD_REQUEST) 13 | public ErrorDataResult handleBusinessExceptions(Exception exception) { 14 | ErrorDataResult errorDataResult = 15 | new ErrorDataResult<>(exception.getMessage(), "An Error Occurred"); 16 | return errorDataResult; 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-crypted/src/main/java/com/example/springsecuritywithauthorityjwtcrypted/outservices/EmailVerificationService.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthorityjwtcrypted.outservices; 2 | 3 | public interface EmailVerificationService { 4 | boolean emailVerification(String email); 5 | } 6 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-crypted/src/main/java/com/example/springsecuritywithauthorityjwtcrypted/outservices/EmailVerificationServiceImpl.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthorityjwtcrypted.outservices; 2 | 3 | import org.springframework.stereotype.Service; 4 | 5 | @Service 6 | public class EmailVerificationServiceImpl implements EmailVerificationService { 7 | @Override 8 | public boolean emailVerification(String email) { 9 | return true; 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-crypted/src/main/java/com/example/springsecuritywithauthorityjwtcrypted/security/Authority.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthorityjwtcrypted.security; 2 | 3 | import lombok.Getter; 4 | import org.springframework.security.core.GrantedAuthority; 5 | 6 | @Getter 7 | public enum Authority implements GrantedAuthority { 8 | USER, 9 | ADMIN, 10 | EDITOR, 11 | READONLY; 12 | 13 | @Override 14 | public String getAuthority() { 15 | return name(); 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-crypted/src/main/java/com/example/springsecuritywithauthorityjwtcrypted/security/JwtUserDetailsConverter.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthorityjwtcrypted.security; 2 | 3 | import com.example.springsecuritywithauthorityjwtcrypted.security.token.TokenService; 4 | import com.example.springsecuritywithauthorityjwtcrypted.user.User; 5 | import org.springframework.context.annotation.Lazy; 6 | import org.springframework.core.convert.converter.Converter; 7 | import org.springframework.security.authentication.AbstractAuthenticationToken; 8 | import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; 9 | import org.springframework.security.oauth2.jwt.Jwt; 10 | import org.springframework.stereotype.Component; 11 | 12 | import java.util.List; 13 | 14 | @Component 15 | public class JwtUserDetailsConverter implements Converter { 16 | private final TokenService tokenService; 17 | 18 | public JwtUserDetailsConverter(@Lazy final TokenService tokenService) { 19 | this.tokenService = tokenService; 20 | } 21 | 22 | @Override 23 | public AbstractAuthenticationToken convert(final Jwt source) { 24 | final User user = tokenService.getUser(source); 25 | return new UsernamePasswordAuthenticationToken( 26 | user.getEmail(), user.getPassword(), List.of(Authority.valueOf(user.getAuthority()))); 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-crypted/src/main/java/com/example/springsecuritywithauthorityjwtcrypted/security/SecurityConfiguration.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthorityjwtcrypted.security; 2 | 3 | import org.springframework.context.annotation.Bean; 4 | import org.springframework.context.annotation.Configuration; 5 | import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; 6 | import org.springframework.security.config.annotation.web.builders.HttpSecurity; 7 | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; 8 | import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; 9 | import org.springframework.security.crypto.password.NoOpPasswordEncoder; 10 | import org.springframework.security.crypto.password.PasswordEncoder; 11 | import org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationEntryPoint; 12 | import org.springframework.security.oauth2.server.resource.web.access.BearerTokenAccessDeniedHandler; 13 | import org.springframework.security.web.SecurityFilterChain; 14 | 15 | import java.util.Locale; 16 | 17 | /* 18 | The prePostEnabled property enables Spring Security pre/post annotations. 19 | The securedEnabled property determines if the @Secured annotation should be enabled. 20 | The jsr250Enabled property allows us to use the @RoleAllowed annotation. 21 | */ 22 | 23 | @EnableWebSecurity 24 | @Configuration 25 | @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true) 26 | public class SecurityConfiguration { 27 | private final JwtUserDetailsConverter jwtUserDetailsConverter; 28 | 29 | public SecurityConfiguration(JwtUserDetailsConverter jwtUserDetailsConverter) { 30 | this.jwtUserDetailsConverter = jwtUserDetailsConverter; 31 | } 32 | 33 | @Bean 34 | public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { 35 | return http.authorizeHttpRequests( 36 | authorize -> 37 | authorize 38 | // public endpoint everyone can reach without any authority 39 | .antMatchers("/h2-console", "/api/user/register") 40 | .permitAll() 41 | 42 | // admin endpoint only admin authority can reach 43 | // .antMatchers("/api/user/admin-login") 44 | // .hasAuthority(Authority.ADMIN.getAuthority().toUpperCase(Locale.ENGLISH)) 45 | 46 | // user endpoint only user authority can reach 47 | // .antMatchers("/api/user/user-login") 48 | // .hasAuthority(Authority.USER.getAuthority().toUpperCase(Locale.ENGLISH)) 49 | 50 | // editor endpoint only editor authority can reach 51 | // .antMatchers("/api/user/editor-login") 52 | // .hasAuthority(Authority.EDITOR.getAuthority().toUpperCase(Locale.ENGLISH)) 53 | 54 | // any authority can reach 55 | .antMatchers("/api/user/any-of-request-login") 56 | .hasAnyAuthority( 57 | Authority.ADMIN.getAuthority().toUpperCase(Locale.ENGLISH), 58 | Authority.USER.getAuthority().toUpperCase(Locale.ENGLISH), 59 | Authority.EDITOR.getAuthority().toUpperCase(Locale.ENGLISH), 60 | Authority.READONLY.getAuthority().toUpperCase(Locale.ENGLISH))) 61 | .csrf(AbstractHttpConfigurer::disable) 62 | .oauth2ResourceServer( 63 | httpSecurityOAuth2ResourceServerConfigurer -> 64 | httpSecurityOAuth2ResourceServerConfigurer 65 | .jwt() 66 | .jwtAuthenticationConverter(jwtUserDetailsConverter)) 67 | .exceptionHandling( 68 | exceptions -> 69 | exceptions 70 | .authenticationEntryPoint(new BearerTokenAuthenticationEntryPoint()) 71 | .accessDeniedHandler(new BearerTokenAccessDeniedHandler())) 72 | .build(); 73 | } 74 | 75 | @Bean 76 | public PasswordEncoder getPasswordEncoder() { 77 | return NoOpPasswordEncoder.getInstance(); 78 | } 79 | } 80 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-crypted/src/main/java/com/example/springsecuritywithauthorityjwtcrypted/security/crypto/AESCryptoService.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthorityjwtcrypted.security.crypto; 2 | 3 | import lombok.NonNull; 4 | import lombok.RequiredArgsConstructor; 5 | import org.springframework.stereotype.Component; 6 | 7 | import javax.crypto.*; 8 | import javax.crypto.spec.GCMParameterSpec; 9 | import javax.crypto.spec.SecretKeySpec; 10 | import java.nio.charset.StandardCharsets; 11 | import java.security.InvalidAlgorithmParameterException; 12 | import java.security.InvalidKeyException; 13 | import java.security.Key; 14 | import java.security.NoSuchAlgorithmException; 15 | import java.util.Arrays; 16 | import java.util.Base64; 17 | 18 | @RequiredArgsConstructor 19 | @Component 20 | public final class AESCryptoService implements CryptoService { 21 | 22 | private final CryptoProperties cryptoProperties; 23 | 24 | @Override 25 | public String encrypt(final String rawData) 26 | throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, 27 | IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException, 28 | ShortBufferException { 29 | final var initVectorLength = cryptoProperties.getGcmIvLength(); 30 | final var initVector = new byte[initVectorLength]; 31 | final var cipher = buildCipher(Cipher.ENCRYPT_MODE, initVector); 32 | final var rawDataAsBytes = rawData.getBytes(StandardCharsets.UTF_8); 33 | final var dataLength = rawDataAsBytes.length; 34 | final var cipherTextLength = initVectorLength + cipher.getOutputSize(dataLength); 35 | final var ciphertext = new byte[cipherTextLength]; 36 | System.arraycopy(initVector, 0, ciphertext, 0, initVectorLength); 37 | cipher.doFinal(rawDataAsBytes, 0, dataLength, ciphertext, initVectorLength); 38 | return encode(ciphertext); 39 | } 40 | 41 | @Override 42 | public String decrypt(final String cipherText) 43 | throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, 44 | BadPaddingException, IllegalBlockSizeException, InvalidAlgorithmParameterException { 45 | final var encryptedData = decode(cipherText); 46 | final var initVectorLength = cryptoProperties.getGcmIvLength(); 47 | final var initVector = Arrays.copyOfRange(encryptedData, 0, initVectorLength); 48 | final var cipher = buildCipher(Cipher.DECRYPT_MODE, initVector); 49 | final var inputLength = encryptedData.length - initVectorLength; 50 | final var decryptedData = cipher.doFinal(encryptedData, initVectorLength, inputLength); 51 | return new String(decryptedData, StandardCharsets.UTF_8); 52 | } 53 | 54 | private Cipher buildCipher(final int mode, final byte[] initVector) 55 | throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, 56 | InvalidAlgorithmParameterException { 57 | final var cipher = Cipher.getInstance(cryptoProperties.getTransformation()); 58 | final var tagLength = cryptoProperties.getGcmTagLength() * Byte.SIZE; 59 | final var algorithmSpec = new GCMParameterSpec(tagLength, initVector); 60 | cipher.init(mode, getSecretKey(), algorithmSpec); 61 | return cipher; 62 | } 63 | 64 | private Key getSecretKey() { 65 | final var secretKeyBytes = cryptoProperties.getSecretKey().getBytes(); 66 | return new SecretKeySpec(secretKeyBytes, cryptoProperties.getSecretKeyAlgorithm()); 67 | } 68 | 69 | private String encode(final byte[] data) { 70 | return Base64.getEncoder().encodeToString(data); 71 | } 72 | 73 | @NonNull 74 | private byte[] decode(final String data) { 75 | return Base64.getDecoder().decode(data); 76 | } 77 | } 78 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-crypted/src/main/java/com/example/springsecuritywithauthorityjwtcrypted/security/crypto/CryptoProperties.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthorityjwtcrypted.security.crypto; 2 | 3 | import lombok.Getter; 4 | import lombok.Setter; 5 | import org.springframework.boot.context.properties.ConfigurationProperties; 6 | import org.springframework.stereotype.Component; 7 | 8 | @Setter 9 | @Getter 10 | @Component 11 | @ConfigurationProperties("crypto") 12 | public class CryptoProperties { 13 | private String secretKey; 14 | private String secretKeyAlgorithm; 15 | private String transformation; 16 | private int gcmTagLength; 17 | private int gcmIvLength; 18 | } 19 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-crypted/src/main/java/com/example/springsecuritywithauthorityjwtcrypted/security/crypto/CryptoService.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthorityjwtcrypted.security.crypto; 2 | 3 | import javax.crypto.BadPaddingException; 4 | import javax.crypto.IllegalBlockSizeException; 5 | import javax.crypto.NoSuchPaddingException; 6 | import javax.crypto.ShortBufferException; 7 | import java.security.InvalidAlgorithmParameterException; 8 | import java.security.InvalidKeyException; 9 | import java.security.NoSuchAlgorithmException; 10 | 11 | public interface CryptoService { 12 | String encrypt(String plainText) 13 | throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, 14 | IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException, 15 | ShortBufferException; 16 | 17 | String decrypt(String cipherText) 18 | throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, 19 | BadPaddingException, IllegalBlockSizeException, InvalidAlgorithmParameterException; 20 | } 21 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-crypted/src/main/java/com/example/springsecuritywithauthorityjwtcrypted/security/token/JwtConfiguration.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthorityjwtcrypted.security.token; 2 | 3 | import com.nimbusds.jose.jwk.source.ImmutableSecret; 4 | import org.springframework.context.annotation.Bean; 5 | import org.springframework.context.annotation.Configuration; 6 | import org.springframework.security.oauth2.jose.jws.MacAlgorithm; 7 | import org.springframework.security.oauth2.jwt.JwtDecoder; 8 | import org.springframework.security.oauth2.jwt.JwtEncoder; 9 | import org.springframework.security.oauth2.jwt.NimbusJwtDecoder; 10 | import org.springframework.security.oauth2.jwt.NimbusJwtEncoder; 11 | 12 | import javax.crypto.SecretKey; 13 | import javax.crypto.spec.SecretKeySpec; 14 | 15 | @Configuration 16 | public class JwtConfiguration { 17 | private final SecretKey secretKey; 18 | private final MacAlgorithm macAlgorithm; 19 | 20 | public JwtConfiguration(final JwtProperties jwtProperties) { 21 | final var secret = jwtProperties.getSecretKey().getBytes(); 22 | secretKey = new SecretKeySpec(secret, jwtProperties.getAlgorithm()); 23 | macAlgorithm = MacAlgorithm.valueOf(jwtProperties.getAlgorithm()); 24 | } 25 | 26 | @Bean 27 | JwtDecoder jwtDecoder() { 28 | return NimbusJwtDecoder.withSecretKey(secretKey).macAlgorithm(macAlgorithm).build(); 29 | } 30 | 31 | @Bean 32 | JwtEncoder jwtEncoder() { 33 | final var jwks = new ImmutableSecret<>(secretKey); 34 | return new NimbusJwtEncoder(jwks); 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-crypted/src/main/java/com/example/springsecuritywithauthorityjwtcrypted/security/token/JwtProperties.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthorityjwtcrypted.security.token; 2 | 3 | import lombok.Getter; 4 | import lombok.Setter; 5 | import org.springframework.boot.context.properties.ConfigurationProperties; 6 | import org.springframework.context.annotation.Configuration; 7 | 8 | import java.time.Duration; 9 | 10 | @Getter 11 | @Setter 12 | @Configuration 13 | @ConfigurationProperties("jwt") 14 | public class JwtProperties { 15 | private String algorithm; 16 | private String secretKey; 17 | private String issuer; 18 | private Duration expiration; 19 | } 20 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-crypted/src/main/java/com/example/springsecuritywithauthorityjwtcrypted/security/token/JwtTokenService.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthorityjwtcrypted.security.token; 2 | 3 | import com.example.springsecuritywithauthorityjwtcrypted.security.crypto.CryptoService; 4 | import com.example.springsecuritywithauthorityjwtcrypted.user.User; 5 | import com.fasterxml.jackson.core.JsonProcessingException; 6 | import com.fasterxml.jackson.databind.ObjectMapper; 7 | import lombok.extern.slf4j.Slf4j; 8 | import org.springframework.security.oauth2.jwt.*; 9 | import org.springframework.stereotype.Component; 10 | 11 | import java.security.GeneralSecurityException; 12 | import java.time.Instant; 13 | 14 | @Slf4j 15 | @Component 16 | public class JwtTokenService implements TokenService { 17 | 18 | private static final String CLAIMS_USER = "user"; 19 | private final JwtProperties jwtProperties; 20 | private final JwtEncoder jwtEncoder; 21 | private final JwsHeader jwsHeader; 22 | private final CryptoService cryptoService; 23 | private final ObjectMapper objectMapper; 24 | 25 | public JwtTokenService( 26 | final JwtProperties jwtProperties, 27 | final JwtEncoder jwtEncoder, 28 | final CryptoService cryptoService, 29 | final ObjectMapper objectMapper) { 30 | this.jwtProperties = jwtProperties; 31 | this.jwtEncoder = jwtEncoder; 32 | jwsHeader = JwsHeader.with(jwtProperties::getAlgorithm).build(); 33 | this.cryptoService = cryptoService; 34 | this.objectMapper = objectMapper; 35 | } 36 | 37 | @Override 38 | public String createToken(final User user) { 39 | final var claims = createClaims(user); 40 | return jwtEncoder.encode(JwtEncoderParameters.from(jwsHeader, claims)).getTokenValue(); 41 | } 42 | 43 | private JwtClaimsSet createClaims(final User user) { 44 | final var now = Instant.now(); 45 | final var expiresAt = now.plus(jwtProperties.getExpiration()); 46 | return JwtClaimsSet.builder() 47 | .issuer(jwtProperties.getIssuer()) 48 | .issuedAt(now) 49 | .expiresAt(expiresAt) 50 | .subject(user.getEmail()) 51 | .claim(CLAIMS_USER, serializeAndEncrypt(user)) 52 | .build(); 53 | } 54 | 55 | @Override 56 | public User getUser(final Object source) { 57 | final var claims = ((Jwt) source).getClaims(); 58 | final var encryptedUser = (String) claims.get(CLAIMS_USER); 59 | return decryptAndDeserialize(encryptedUser); 60 | } 61 | 62 | private String serializeAndEncrypt(final Object data) { 63 | try { 64 | final var json = objectMapper.writeValueAsString(data); 65 | return cryptoService.encrypt(json); 66 | } catch (final GeneralSecurityException e) { 67 | 68 | throw new RuntimeException("error"); 69 | } catch (final JsonProcessingException e) { 70 | throw new RuntimeException("error"); 71 | } 72 | } 73 | 74 | private User decryptAndDeserialize(final String data) { 75 | try { 76 | final var json = cryptoService.decrypt(data); 77 | return objectMapper.readValue(json, User.class); 78 | } catch (final GeneralSecurityException e) { 79 | throw new RuntimeException("error"); 80 | } catch (final JsonProcessingException e) { 81 | throw new RuntimeException("error"); 82 | } 83 | } 84 | } 85 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-crypted/src/main/java/com/example/springsecuritywithauthorityjwtcrypted/security/token/TokenService.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthorityjwtcrypted.security.token; 2 | 3 | import com.example.springsecuritywithauthorityjwtcrypted.user.User; 4 | 5 | public interface TokenService { 6 | String createToken(User user); 7 | 8 | User getUser(Object source); 9 | } 10 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-crypted/src/main/java/com/example/springsecuritywithauthorityjwtcrypted/user/RegisterRequest.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthorityjwtcrypted.user; 2 | 3 | import lombok.AllArgsConstructor; 4 | import lombok.Getter; 5 | import lombok.NoArgsConstructor; 6 | import lombok.Setter; 7 | 8 | @Getter 9 | @Setter 10 | @AllArgsConstructor 11 | @NoArgsConstructor 12 | public class RegisterRequest { 13 | private String firstname; 14 | private String lastname; 15 | private String email; 16 | private String password; 17 | private String authority; 18 | } 19 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-crypted/src/main/java/com/example/springsecuritywithauthorityjwtcrypted/user/RegisterResponse.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthorityjwtcrypted.user; 2 | 3 | import lombok.*; 4 | 5 | @Builder 6 | @Getter 7 | @Setter 8 | @AllArgsConstructor 9 | @NoArgsConstructor 10 | public class RegisterResponse { 11 | private String firstname; 12 | private String lastname; 13 | private String email; 14 | private String token; 15 | } 16 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-crypted/src/main/java/com/example/springsecuritywithauthorityjwtcrypted/user/User.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthorityjwtcrypted.user; 2 | 3 | import lombok.*; 4 | 5 | import javax.persistence.*; 6 | 7 | @Entity 8 | @Getter 9 | @Setter 10 | @AllArgsConstructor 11 | @NoArgsConstructor 12 | @Table(name = "users") 13 | @Builder 14 | public class User { 15 | @Id 16 | @GeneratedValue(strategy = GenerationType.IDENTITY) 17 | @Column(name = "id") 18 | private int id; 19 | 20 | @Column(name = "firstname") 21 | private String firstname; 22 | 23 | @Column(name = "lastname") 24 | private String lastname; 25 | 26 | @Column(name = "email") 27 | private String email; 28 | 29 | @Column(name = "password") 30 | private String password; 31 | 32 | @Column(name = "authority") 33 | private String authority; 34 | } 35 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-crypted/src/main/java/com/example/springsecuritywithauthorityjwtcrypted/user/UserDao.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthorityjwtcrypted.user; 2 | 3 | import org.springframework.data.jpa.repository.JpaRepository; 4 | import org.springframework.stereotype.Repository; 5 | 6 | @Repository 7 | public interface UserDao extends JpaRepository { 8 | boolean existsByEmail(String email); 9 | 10 | User findUserByEmail(String email); 11 | } 12 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-crypted/src/main/java/com/example/springsecuritywithauthorityjwtcrypted/user/UserService.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthorityjwtcrypted.user; 2 | 3 | import org.springframework.http.ResponseEntity; 4 | 5 | public interface UserService { 6 | ResponseEntity register(RegisterRequest registerRequest); 7 | 8 | ResponseEntity adminAuthorityAcceptOnly(); 9 | 10 | ResponseEntity userAuthorityAcceptOnly(); 11 | 12 | ResponseEntity editorAuthorityAcceptOnly(); 13 | 14 | ResponseEntity acceptsAnyAuthority(); 15 | } 16 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-crypted/src/main/java/com/example/springsecuritywithauthorityjwtcrypted/user/UserServiceImpl.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthorityjwtcrypted.user; 2 | 3 | import com.example.springsecuritywithauthorityjwtcrypted.exception.BusinessException; 4 | import com.example.springsecuritywithauthorityjwtcrypted.outservices.EmailVerificationService; 5 | import com.example.springsecuritywithauthorityjwtcrypted.security.token.TokenService; 6 | import org.springframework.http.HttpStatus; 7 | import org.springframework.http.ResponseEntity; 8 | import org.springframework.stereotype.Service; 9 | 10 | import java.util.Locale; 11 | 12 | @Service 13 | public class UserServiceImpl implements UserService { 14 | private final UserDao userDao; 15 | private final TokenService tokenService; 16 | private final EmailVerificationService emailVerificationService; 17 | 18 | public UserServiceImpl( 19 | UserDao userDao, 20 | TokenService tokenService, 21 | EmailVerificationService emailVerificationService) { 22 | this.userDao = userDao; 23 | this.tokenService = tokenService; 24 | this.emailVerificationService = emailVerificationService; 25 | } 26 | 27 | @Override 28 | public ResponseEntity register(RegisterRequest registerRequest) { 29 | 30 | CheckEmailIsAlreadyUsing(registerRequest.getEmail()); 31 | emailVerificationService.emailVerification(registerRequest.getEmail()); 32 | User user = 33 | User.builder() 34 | .id(0) 35 | .firstname(registerRequest.getFirstname()) 36 | .lastname(registerRequest.getLastname()) 37 | .email(registerRequest.getEmail()) 38 | .password(registerRequest.getPassword()) 39 | .authority(registerRequest.getAuthority().toUpperCase(Locale.ENGLISH)) 40 | .build(); 41 | 42 | final var token = tokenService.createToken(user); 43 | 44 | RegisterResponse registerResponse = 45 | RegisterResponse.builder() 46 | .firstname(user.getFirstname()) 47 | .lastname(user.getLastname()) 48 | .email(user.getEmail()) 49 | .token(token) 50 | .build(); 51 | 52 | this.userDao.save(user); 53 | return new ResponseEntity<>(registerResponse, HttpStatus.OK); 54 | } 55 | 56 | @Override 57 | public ResponseEntity adminAuthorityAcceptOnly() { 58 | return new ResponseEntity<>("Admin authorization has been succeed", HttpStatus.OK); 59 | } 60 | 61 | @Override 62 | public ResponseEntity userAuthorityAcceptOnly() { 63 | return new ResponseEntity<>("User authorization has been succeed", HttpStatus.OK); 64 | } 65 | 66 | @Override 67 | public ResponseEntity editorAuthorityAcceptOnly() { 68 | return new ResponseEntity<>("Editor authorization has been succeed", HttpStatus.OK); 69 | } 70 | 71 | @Override 72 | public ResponseEntity acceptsAnyAuthority() { 73 | return new ResponseEntity<>("Accepts any of authorities", HttpStatus.OK); 74 | } 75 | 76 | private void CheckEmailIsAlreadyUsing(String email) { 77 | if (this.userDao.existsByEmail(email)) { 78 | throw new BusinessException("This is email is already using"); 79 | } 80 | } 81 | } 82 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-crypted/src/main/java/com/example/springsecuritywithauthorityjwtcrypted/utilities/results/DataResult.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthorityjwtcrypted.utilities.results; 2 | 3 | public class DataResult extends Result { 4 | private final T data; 5 | 6 | public DataResult(T data, boolean success, String message) { 7 | super(success, message); 8 | this.data = data; 9 | } 10 | 11 | public DataResult(T data, boolean success) { 12 | super(success); 13 | this.data = data; 14 | } 15 | 16 | public T getData() { 17 | return this.data; 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-crypted/src/main/java/com/example/springsecuritywithauthorityjwtcrypted/utilities/results/ErrorDataResult.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthorityjwtcrypted.utilities.results; 2 | 3 | public class ErrorDataResult extends DataResult { 4 | public ErrorDataResult(T data, String message) { 5 | super(data, false, message); 6 | } 7 | 8 | public ErrorDataResult(T data) { 9 | super(data, false); 10 | } 11 | 12 | public ErrorDataResult(String message) { 13 | super(null, false, message); 14 | } 15 | 16 | public ErrorDataResult() { 17 | super(null, false); 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-crypted/src/main/java/com/example/springsecuritywithauthorityjwtcrypted/utilities/results/ErrorResult.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthorityjwtcrypted.utilities.results; 2 | 3 | public class ErrorResult extends Result { 4 | 5 | public ErrorResult() { 6 | super(false); 7 | } 8 | 9 | public ErrorResult(String message) { 10 | super(false, message); 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-crypted/src/main/java/com/example/springsecuritywithauthorityjwtcrypted/utilities/results/Result.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthorityjwtcrypted.utilities.results; 2 | 3 | public class Result { 4 | private final boolean success; 5 | private String message; 6 | 7 | public Result(boolean success) { 8 | this.success = success; 9 | } 10 | 11 | public Result(boolean success, String message) { 12 | this(success); 13 | this.message = message; 14 | } 15 | 16 | public boolean isSuccess() { 17 | return this.success; 18 | } 19 | 20 | public String getMessage() { 21 | return this.message; 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-crypted/src/main/java/com/example/springsecuritywithauthorityjwtcrypted/utilities/results/SuccessDataResult.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthorityjwtcrypted.utilities.results; 2 | 3 | public class SuccessDataResult extends DataResult { 4 | public SuccessDataResult(T data, String message) { 5 | super(data, true, message); 6 | } 7 | 8 | public SuccessDataResult(T data) { 9 | super(data, true); 10 | } 11 | 12 | public SuccessDataResult(String message) { 13 | super(null, true, message); 14 | } 15 | 16 | public SuccessDataResult() { 17 | super(null, true); 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-crypted/src/main/java/com/example/springsecuritywithauthorityjwtcrypted/utilities/results/SuccessResult.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthorityjwtcrypted.utilities.results; 2 | 3 | public class SuccessResult extends Result { 4 | 5 | public SuccessResult() { 6 | super(true); 7 | } 8 | 9 | public SuccessResult(String message) { 10 | super(true, message); 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-crypted/src/main/resources/application.yml: -------------------------------------------------------------------------------- 1 | spring: 2 | datasource: 3 | url: jdbc:h2:mem:testdb 4 | driverClassName: org.h2.Driver 5 | username: sa 6 | jpa: 7 | database-platform: org.hibernate.dialect.H2Dialect 8 | 9 | ###Secret Key length should have 32 character 10 | crypto: 11 | secret-key: asdqweasdqweasdwqaedasdwqaeadsad 12 | secret-key-algorithm: AES 13 | transformation: AES/GCM/NoPadding 14 | gcm-tag-length: 16 15 | gcm-iv-length: 12 16 | 17 | ###Secret Key length should have 48 character 18 | jwt: 19 | algorithm: HS256 20 | secret-key: qwezdft4rqesdawadasdasdasdasdasdasdasqweweasadfs 21 | issuer: softpos-mobile-backend 22 | expiration: 1d -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-crypted/src/test/java/com/example/springsecuritywithauthorityjwtcrypted/SpringSecurityWithAuthorityJwtCryptedApplicationTests.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthorityjwtcrypted; 2 | 3 | import org.junit.jupiter.api.Test; 4 | import org.springframework.boot.test.context.SpringBootTest; 5 | 6 | @SpringBootTest 7 | class SpringSecurityWithAuthorityJwtCryptedApplicationTests { 8 | 9 | @Test 10 | void contextLoads() {} 11 | } 12 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-implementation/.gitignore: -------------------------------------------------------------------------------- 1 | HELP.md 2 | target/ 3 | !.mvn/wrapper/maven-wrapper.jar 4 | !**/src/main/**/target/ 5 | !**/src/test/**/target/ 6 | 7 | ### STS ### 8 | .apt_generated 9 | .classpath 10 | .factorypath 11 | .project 12 | .settings 13 | .springBeans 14 | .sts4-cache 15 | 16 | ### IntelliJ IDEA ### 17 | .idea 18 | *.iws 19 | *.iml 20 | *.ipr 21 | 22 | ### NetBeans ### 23 | /nbproject/private/ 24 | /nbbuild/ 25 | /dist/ 26 | /nbdist/ 27 | /.nb-gradle/ 28 | build/ 29 | !**/src/main/**/build/ 30 | !**/src/test/**/build/ 31 | 32 | ### VS Code ### 33 | .vscode/ 34 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-implementation/.mvn/wrapper/maven-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hnfaydn/spring-security-presentation/edda90dc0bbb6e16fb4f9e4d073158b350ca6999/spring-security-with-authority-jwt-implementation/.mvn/wrapper/maven-wrapper.jar -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-implementation/.mvn/wrapper/maven-wrapper.properties: -------------------------------------------------------------------------------- 1 | distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.6/apache-maven-3.8.6-bin.zip 2 | wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar 3 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-implementation/httpRequests/UserResource.http: -------------------------------------------------------------------------------- 1 | ### Register 2 | POST localhost:8080/api/user/register 3 | Content-Type: application/json 4 | 5 | { 6 | "firstname": "testFirstname", 7 | "lastname": "testLastname", 8 | "email": "testMail", 9 | "password": "testPassword", 10 | "authority": "user" 11 | } 12 | 13 | ### login 14 | POST localhost:8080/api/user/login 15 | Authorization: Basic testMail testPassword 16 | 17 | ### Admin 18 | GET localhost:8080/api/user/admin-login 19 | Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJzb2Z0cG9zLW1vYmlsZS1iYWNrZW5kIiwic3ViIjoidGVzdE1haWwiLCJleHAiOjE2NzE2MzM3NDcsImlhdCI6MTY3MTU0NzM0NywidXNlciI6eyJmaXJzdG5hbWUiOiJ0ZXN0Rmlyc3RuYW1lIiwicGFzc3dvcmQiOiJ0ZXN0UGFzc3dvcmQiLCJhdXRob3JpdHkiOiJFRElUT1IiLCJpZCI6MCwiZW1haWwiOiJ0ZXN0TWFpbCIsImxhc3RuYW1lIjoidGVzdExhc3RuYW1lIn19.x-C1IE2z4Q0CjxhABiQUkKecd6a9hsl03r9TRTgtQRk 20 | 21 | ### User 22 | GET localhost:8080/api/user/user-login 23 | Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJzb2Z0cG9zLW1vYmlsZS1iYWNrZW5kIiwic3ViIjoidGVzdE1haWwiLCJleHAiOjE2NzE0NDQ1MTMsImlhdCI6MTY3MTM1ODExMywidXNlciI6eyJmaXJzdG5hbWUiOiJ0ZXN0Rmlyc3RuYW1lIiwicGFzc3dvcmQiOiJ0ZXN0UGFzc3dvcmQiLCJhdXRob3JpdHkiOiJFRElUT1IiLCJpZCI6MCwiZW1haWwiOiJ0ZXN0TWFpbCIsImxhc3RuYW1lIjoidGVzdExhc3RuYW1lIn19.pW_kFT9audFgJQAl7qxPM-giDSltGZZWpvHeFkFhaik 24 | 25 | ### Editor 26 | GET localhost:8080/api/user/editor-login 27 | Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJzb2Z0cG9zLW1vYmlsZS1iYWNrZW5kIiwic3ViIjoidGVzdE1haWwiLCJleHAiOjE2NzEzOTUyMzcsImlhdCI6MTY3MTMwODgzNywidXNlciI6eyJmaXJzdG5hbWUiOiJ0ZXN0Rmlyc3RuYW1lIiwicGFzc3dvcmQiOiJ0ZXN0UGFzc3dvcmQiLCJhdXRob3JpdHkiOiJBRE1JTiIsImlkIjowLCJlbWFpbCI6InRlc3RNYWlsIiwibGFzdG5hbWUiOiJ0ZXN0TGFzdG5hbWUifX0.86Jx8czurXmDSdF3U2KtwpNFL7zT49CtDeC_SsiA0Zc 28 | 29 | ### Any-of-authority 30 | GET localhost:8080/api/user/any-of-request-login 31 | Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJzb2Z0cG9zLW1vYmlsZS1iYWNrZW5kIiwic3ViIjoidGVzdE1haWwiLCJleHAiOjE2NzExMjQ1NjQsImlhdCI6MTY3MTAzODE2NCwidXNlciI6eyJmaXJzdG5hbWUiOiJ0ZXN0Rmlyc3RuYW1lIiwicGFzc3dvcmQiOiJ0ZXN0UGFzc3dvcmQiLCJhdXRob3JpdHkiOiJBRE1JTiIsImlkIjowLCJlbWFpbCI6InRlc3RNYWlsIiwibGFzdG5hbWUiOiJ0ZXN0TGFzdG5hbWUifX0.IlBtGohHulYL2XpVlmBmgR6GUlzDQIm09p7clCSKd2M 32 | 33 | 34 | 35 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-implementation/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 4 | 4.0.0 5 | 6 | org.springframework.boot 7 | spring-boot-starter-parent 8 | 2.7.5 9 | 10 | 11 | com.example 12 | spring-security-with-authority-jwt-implementation 13 | 0.0.1-SNAPSHOT 14 | spring-security-with-authority-jwt-implementation 15 | spring-security-with-authority-jwt-implementation 16 | 17 | 17 18 | 19 | 20 | 21 | org.springframework.boot 22 | spring-boot-starter-data-jpa 23 | 24 | 25 | org.springframework.boot 26 | spring-boot-starter-security 27 | 28 | 29 | org.springframework.boot 30 | spring-boot-starter-oauth2-resource-server 31 | 2.7.5 32 | 33 | 34 | org.springframework.boot 35 | spring-boot-configuration-processor 36 | true 37 | 38 | 39 | org.springframework.boot 40 | spring-boot-starter-web 41 | 42 | 43 | org.springframework.boot 44 | spring-boot-devtools 45 | runtime 46 | true 47 | 48 | 49 | com.h2database 50 | h2 51 | runtime 52 | 53 | 54 | org.projectlombok 55 | lombok 56 | true 57 | 58 | 59 | org.springdoc 60 | springdoc-openapi-ui 61 | 1.6.6 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | org.springframework.boot 71 | spring-boot-maven-plugin 72 | 73 | 74 | 75 | org.projectlombok 76 | lombok 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-implementation/src/main/java/com/example/springsecuritywithauthority/SpringSecurityWithAuthorityJwtImplementationApplication.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority; 2 | 3 | import org.springframework.boot.SpringApplication; 4 | import org.springframework.boot.autoconfigure.SpringBootApplication; 5 | 6 | @SpringBootApplication 7 | public class SpringSecurityWithAuthorityJwtImplementationApplication { 8 | 9 | public static void main(String[] args) { 10 | SpringApplication.run(SpringSecurityWithAuthorityJwtImplementationApplication.class, args); 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-implementation/src/main/java/com/example/springsecuritywithauthority/api/Request.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.api; 2 | 3 | public record Request(int id, String name) { 4 | } 5 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-implementation/src/main/java/com/example/springsecuritywithauthority/api/SwaggerConfig.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.api; 2 | 3 | import io.swagger.v3.oas.models.Components; 4 | import io.swagger.v3.oas.models.OpenAPI; 5 | import io.swagger.v3.oas.models.info.Info; 6 | import io.swagger.v3.oas.models.security.SecurityRequirement; 7 | import io.swagger.v3.oas.models.security.SecurityScheme; 8 | import org.apache.commons.lang3.StringUtils; 9 | import org.springframework.beans.factory.annotation.Value; 10 | import org.springframework.context.annotation.Bean; 11 | import org.springframework.context.annotation.Configuration; 12 | 13 | /** 14 | * @author Gokalp on 28.12.2022 15 | * @project spring-security-with-authority-jwt-implementation 16 | */ 17 | @Configuration 18 | public class SwaggerConfig { 19 | 20 | private String APP_TITLE = "Spring Security"; 21 | 22 | @Bean 23 | public OpenAPI customOpenAPI() { 24 | final String securitySchemeName = "bearerAuth"; 25 | final String apiTitle = String.format("%s API", StringUtils.capitalize(APP_TITLE)); 26 | 27 | return new OpenAPI() 28 | .addSecurityItem(new SecurityRequirement().addList(securitySchemeName)) 29 | .components( 30 | new Components() 31 | .addSecuritySchemes(securitySchemeName, 32 | new SecurityScheme() 33 | .name(securitySchemeName) 34 | .type(SecurityScheme.Type.HTTP) 35 | .scheme("bearer") 36 | .bearerFormat("JWT") 37 | ) 38 | ) 39 | .info(new Info().title(apiTitle).version("1")); 40 | } 41 | } -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-implementation/src/main/java/com/example/springsecuritywithauthority/api/UserResource.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.api; 2 | 3 | import com.example.springsecuritywithauthority.user.RegisterRequest; 4 | import com.example.springsecuritywithauthority.user.RegisterResponse; 5 | import com.example.springsecuritywithauthority.user.UserServiceImpl; 6 | import org.springframework.http.ResponseEntity; 7 | import org.springframework.security.access.prepost.PreAuthorize; 8 | import org.springframework.web.bind.annotation.*; 9 | 10 | import java.security.Principal; 11 | 12 | @RestController 13 | @RequestMapping("/api/user") 14 | public class UserResource { 15 | private final UserServiceImpl userService; 16 | 17 | public UserResource(UserServiceImpl userService) { 18 | this.userService = userService; 19 | } 20 | 21 | @PostMapping("/register") 22 | public ResponseEntity register(@RequestBody RegisterRequest registerRequest) { 23 | return this.userService.register(registerRequest); 24 | } 25 | 26 | //@PreAuthorize("hasAuthority('ADMIN')") 27 | @GetMapping("/admin-login") 28 | public ResponseEntity adminLogin() { 29 | return this.userService.adminAuthorityAcceptOnly(); 30 | } 31 | 32 | // @Secured("USER")//work with roles 33 | //@PreAuthorize("hasAuthority('USER')") 34 | @GetMapping("/user-login") 35 | public ResponseEntity userLogin() { 36 | return this.userService.userAuthorityAcceptOnly(); 37 | } 38 | 39 | // @RolesAllowed("EDITOR")//work with roles 40 | //@PreAuthorize("hasAuthority('EDITOR')") 41 | @GetMapping("/editor-login/{id}") 42 | public ResponseEntity editorLogin(@PathVariable int id,@RequestParam String name,@RequestBody Request request) { 43 | return this.userService.editorAuthorityAcceptOnly(); 44 | } 45 | 46 | @GetMapping("/any-of-request-login") 47 | public ResponseEntity anyOfAuthorityLogin() { 48 | return this.userService.acceptsAnyAuthority(); 49 | } 50 | 51 | @GetMapping("/me") 52 | public ResponseEntity me(Principal principal) { 53 | return ResponseEntity.ok(principal); 54 | } 55 | } 56 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-implementation/src/main/java/com/example/springsecuritywithauthority/exception/BusinessException.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.exception; 2 | 3 | public class BusinessException extends RuntimeException { 4 | public BusinessException(String message) { 5 | super(message); 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-implementation/src/main/java/com/example/springsecuritywithauthority/exception/GlobalExceptionHandler.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.exception; 2 | 3 | import com.example.springsecuritywithauthority.utilities.results.ErrorDataResult; 4 | import org.springframework.http.HttpStatus; 5 | import org.springframework.web.bind.annotation.ExceptionHandler; 6 | import org.springframework.web.bind.annotation.ResponseStatus; 7 | import org.springframework.web.bind.annotation.RestControllerAdvice; 8 | 9 | @RestControllerAdvice 10 | public class GlobalExceptionHandler { 11 | @ExceptionHandler 12 | @ResponseStatus(code = HttpStatus.BAD_REQUEST) 13 | public ErrorDataResult handleBusinessExceptions(Exception exception) { 14 | ErrorDataResult errorDataResult = 15 | new ErrorDataResult<>(exception.getMessage(), "An Error Occurred"); 16 | return errorDataResult; 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-implementation/src/main/java/com/example/springsecuritywithauthority/outservices/EmailVerificationService.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.outservices; 2 | 3 | public interface EmailVerificationService { 4 | boolean emailVerification(String email); 5 | } 6 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-implementation/src/main/java/com/example/springsecuritywithauthority/outservices/EmailVerificationServiceImpl.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.outservices; 2 | 3 | import org.springframework.stereotype.Service; 4 | 5 | @Service 6 | public class EmailVerificationServiceImpl implements EmailVerificationService { 7 | @Override 8 | public boolean emailVerification(String email) { 9 | return true; 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-implementation/src/main/java/com/example/springsecuritywithauthority/security/Authority.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.security; 2 | 3 | import lombok.Getter; 4 | import org.springframework.security.core.GrantedAuthority; 5 | 6 | @Getter 7 | public enum Authority implements GrantedAuthority { 8 | USER, 9 | ADMIN, 10 | EDITOR, 11 | READONLY; 12 | 13 | @Override 14 | public String getAuthority() { 15 | return name(); 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-implementation/src/main/java/com/example/springsecuritywithauthority/security/CustomUserDetailsService.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.security; 2 | 3 | import com.example.springsecuritywithauthority.user.User; 4 | import com.example.springsecuritywithauthority.user.UserDao; 5 | import org.springframework.security.core.userdetails.UserDetails; 6 | import org.springframework.security.core.userdetails.UserDetailsService; 7 | import org.springframework.security.core.userdetails.UsernameNotFoundException; 8 | import org.springframework.stereotype.Service; 9 | 10 | import java.util.Objects; 11 | 12 | @Service 13 | public class CustomUserDetailsService implements UserDetailsService { 14 | private final UserDao userDao; 15 | 16 | public CustomUserDetailsService(UserDao userDao) { 17 | this.userDao = userDao; 18 | } 19 | 20 | @Override 21 | public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException { 22 | User user = this.userDao.findUserByEmail(email); 23 | if (Objects.isNull(user)) { 24 | throw new UsernameNotFoundException("There is no user with following email adress:" + email); 25 | } 26 | return new MyUserDetails(user); 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-implementation/src/main/java/com/example/springsecuritywithauthority/security/JwtUserDetailsConverter.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.security; 2 | 3 | import com.example.springsecuritywithauthority.security.token.TokenService; 4 | import com.example.springsecuritywithauthority.user.User; 5 | import org.springframework.context.annotation.Lazy; 6 | import org.springframework.core.convert.converter.Converter; 7 | import org.springframework.security.authentication.AbstractAuthenticationToken; 8 | import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; 9 | import org.springframework.security.oauth2.jwt.Jwt; 10 | import org.springframework.stereotype.Component; 11 | 12 | import java.util.List; 13 | 14 | @Component 15 | public class JwtUserDetailsConverter implements Converter { 16 | private final TokenService tokenService; 17 | 18 | public JwtUserDetailsConverter(@Lazy final TokenService tokenService) { 19 | this.tokenService = tokenService; 20 | } 21 | 22 | @Override 23 | public AbstractAuthenticationToken convert(final Jwt source) { 24 | final User user = tokenService.getUser(source); 25 | return new UsernamePasswordAuthenticationToken( 26 | user.getEmail(), user.getPassword(), List.of(Authority.valueOf(user.getAuthority()))); 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-implementation/src/main/java/com/example/springsecuritywithauthority/security/MyUserDetails.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.security; 2 | 3 | import com.example.springsecuritywithauthority.user.User; 4 | import org.springframework.security.core.GrantedAuthority; 5 | import org.springframework.security.core.userdetails.UserDetails; 6 | 7 | import java.util.Collection; 8 | import java.util.List; 9 | 10 | public class MyUserDetails implements UserDetails { 11 | private final User user; 12 | 13 | public MyUserDetails(User user) { 14 | this.user = user; 15 | } 16 | 17 | @Override 18 | public Collection getAuthorities() { 19 | return List.of(Authority.valueOf(user.getAuthority())); 20 | } 21 | 22 | @Override 23 | public String getPassword() { 24 | return user.getPassword(); 25 | } 26 | 27 | @Override 28 | public String getUsername() { 29 | return user.getEmail(); 30 | } 31 | 32 | @Override 33 | public boolean isAccountNonExpired() { 34 | return true; 35 | } 36 | 37 | @Override 38 | public boolean isAccountNonLocked() { 39 | return true; 40 | } 41 | 42 | @Override 43 | public boolean isCredentialsNonExpired() { 44 | return true; 45 | } 46 | 47 | @Override 48 | public boolean isEnabled() { 49 | return true; 50 | } 51 | } 52 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-implementation/src/main/java/com/example/springsecuritywithauthority/security/SecurityConfiguration.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.security; 2 | 3 | import org.springframework.context.annotation.Bean; 4 | import org.springframework.context.annotation.Configuration; 5 | import org.springframework.security.config.Customizer; 6 | import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; 7 | import org.springframework.security.config.annotation.web.builders.HttpSecurity; 8 | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; 9 | import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; 10 | import org.springframework.security.crypto.password.NoOpPasswordEncoder; 11 | import org.springframework.security.crypto.password.PasswordEncoder; 12 | import org.springframework.security.web.SecurityFilterChain; 13 | import org.springframework.web.filter.CommonsRequestLoggingFilter; 14 | 15 | import java.util.Locale; 16 | 17 | /* 18 | The prePostEnabled property enables Spring Security pre/post annotations. 19 | The securedEnabled property determines if the @Secured annotation should be enabled. 20 | The jsr250Enabled property allows us to use the @RoleAllowed annotation. 21 | */ 22 | 23 | @EnableWebSecurity 24 | @Configuration 25 | @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true) 26 | public class SecurityConfiguration { 27 | private final JwtUserDetailsConverter jwtUserDetailsConverter; 28 | 29 | public SecurityConfiguration(JwtUserDetailsConverter jwtUserDetailsConverter) { 30 | this.jwtUserDetailsConverter = jwtUserDetailsConverter; 31 | } 32 | 33 | @Bean 34 | public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { 35 | return http.authorizeHttpRequests( 36 | authorize -> 37 | authorize 38 | // public endpoint everyone can reach without any authority 39 | .antMatchers("/h2-console", "/api/user/register") 40 | .permitAll() 41 | 42 | // admin endpoint only admin authority can reach 43 | // .antMatchers("/api/user/admin-login") 44 | // .hasAuthority(Authority.ADMIN.getAuthority().toUpperCase(Locale.ENGLISH)) 45 | 46 | // user endpoint only user authority can reach 47 | // .antMatchers("/api/user/user-login") 48 | // .hasAuthority(Authority.USER.getAuthority().toUpperCase(Locale.ENGLISH)) 49 | 50 | // editor endpoint only editor authority can reach 51 | .antMatchers("/api/user/editor-login") 52 | .hasAuthority(Authority.EDITOR.getAuthority().toUpperCase(Locale.ENGLISH)) 53 | 54 | // any authority can reach 55 | .antMatchers("/api/user/any-of-request-login") 56 | .hasAnyAuthority( 57 | Authority.ADMIN.getAuthority().toUpperCase(Locale.ENGLISH), 58 | Authority.USER.getAuthority().toUpperCase(Locale.ENGLISH), 59 | Authority.EDITOR.getAuthority().toUpperCase(Locale.ENGLISH), 60 | Authority.READONLY.getAuthority().toUpperCase(Locale.ENGLISH))) 61 | .csrf(AbstractHttpConfigurer::disable) 62 | .oauth2ResourceServer( 63 | httpSecurityOAuth2ResourceServerConfigurer -> 64 | httpSecurityOAuth2ResourceServerConfigurer 65 | .jwt() 66 | .jwtAuthenticationConverter(jwtUserDetailsConverter)) 67 | .headers() 68 | .frameOptions() 69 | .disable() 70 | .and() 71 | .httpBasic(Customizer.withDefaults()) 72 | .build(); 73 | } 74 | 75 | @Bean 76 | public PasswordEncoder getPasswordEncoder() { 77 | return NoOpPasswordEncoder.getInstance(); 78 | } 79 | 80 | 81 | } 82 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-implementation/src/main/java/com/example/springsecuritywithauthority/security/token/JwtConfiguration.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.security.token; 2 | 3 | import com.nimbusds.jose.jwk.source.ImmutableSecret; 4 | import org.springframework.context.annotation.Bean; 5 | import org.springframework.context.annotation.Configuration; 6 | import org.springframework.security.oauth2.jose.jws.MacAlgorithm; 7 | import org.springframework.security.oauth2.jwt.JwtDecoder; 8 | import org.springframework.security.oauth2.jwt.JwtEncoder; 9 | import org.springframework.security.oauth2.jwt.NimbusJwtDecoder; 10 | import org.springframework.security.oauth2.jwt.NimbusJwtEncoder; 11 | 12 | import javax.crypto.SecretKey; 13 | import javax.crypto.spec.SecretKeySpec; 14 | 15 | @Configuration 16 | public class JwtConfiguration { 17 | private final SecretKey secretKey; 18 | private final MacAlgorithm macAlgorithm; 19 | 20 | public JwtConfiguration(final JwtProperties jwtProperties) { 21 | final var secret = jwtProperties.getSecretKey().getBytes(); 22 | secretKey = new SecretKeySpec(secret, jwtProperties.getAlgorithm()); 23 | macAlgorithm = MacAlgorithm.valueOf(jwtProperties.getAlgorithm()); 24 | } 25 | 26 | @Bean 27 | JwtDecoder jwtDecoder() { 28 | return NimbusJwtDecoder.withSecretKey(secretKey).macAlgorithm(macAlgorithm).build(); 29 | } 30 | 31 | @Bean 32 | JwtEncoder jwtEncoder() { 33 | final var jwks = new ImmutableSecret<>(secretKey); 34 | return new NimbusJwtEncoder(jwks); 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-implementation/src/main/java/com/example/springsecuritywithauthority/security/token/JwtProperties.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.security.token; 2 | 3 | import lombok.Getter; 4 | import lombok.Setter; 5 | import org.springframework.boot.context.properties.ConfigurationProperties; 6 | import org.springframework.context.annotation.Configuration; 7 | 8 | import java.time.Duration; 9 | 10 | @Getter 11 | @Setter 12 | @Configuration 13 | @ConfigurationProperties("jwt") 14 | public class JwtProperties { 15 | private String algorithm; 16 | private String secretKey; 17 | private String issuer; 18 | private Duration expiration; 19 | } 20 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-implementation/src/main/java/com/example/springsecuritywithauthority/security/token/JwtTokenService.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.security.token; 2 | 3 | import com.example.springsecuritywithauthority.user.User; 4 | import com.fasterxml.jackson.databind.ObjectMapper; 5 | import org.springframework.security.oauth2.jwt.*; 6 | import org.springframework.stereotype.Component; 7 | 8 | import java.time.Instant; 9 | 10 | @Component 11 | public class JwtTokenService implements TokenService { 12 | 13 | private static final String CLAIMS_USER = "user"; 14 | private final JwtProperties jwtProperties; 15 | private final JwtEncoder jwtEncoder; 16 | private final JwsHeader jwsHeader; 17 | private final ObjectMapper objectMapper; 18 | 19 | public JwtTokenService( 20 | final JwtProperties jwtProperties, 21 | final JwtEncoder jwtEncoder, 22 | final ObjectMapper objectMapper) { 23 | this.jwtProperties = jwtProperties; 24 | this.jwtEncoder = jwtEncoder; 25 | jwsHeader = JwsHeader.with(jwtProperties::getAlgorithm).build(); 26 | this.objectMapper = objectMapper; 27 | } 28 | 29 | @Override 30 | public String createToken(final User user) { 31 | final var claims = createClaims(user); 32 | return jwtEncoder.encode(JwtEncoderParameters.from(jwsHeader, claims)).getTokenValue(); 33 | } 34 | 35 | private JwtClaimsSet createClaims(final User user) { 36 | final var now = Instant.now(); 37 | final var expiresAt = now.plus(jwtProperties.getExpiration()); 38 | return JwtClaimsSet.builder() 39 | .issuer(jwtProperties.getIssuer()) 40 | .issuedAt(now) 41 | .expiresAt(expiresAt) 42 | .subject(user.getEmail()) 43 | .claim(CLAIMS_USER, user) 44 | .build(); 45 | } 46 | 47 | @Override 48 | public User getUser(final Object source) { 49 | final var claims = ((Jwt) source).getClaims(); 50 | final var user = objectMapper.convertValue(claims.get("user"), User.class); 51 | return user; 52 | } 53 | } 54 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-implementation/src/main/java/com/example/springsecuritywithauthority/security/token/TokenService.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.security.token; 2 | 3 | import com.example.springsecuritywithauthority.user.User; 4 | 5 | public interface TokenService { 6 | String createToken(User user); 7 | 8 | User getUser(Object source); 9 | } 10 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-implementation/src/main/java/com/example/springsecuritywithauthority/user/RegisterRequest.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.user; 2 | 3 | import lombok.AllArgsConstructor; 4 | import lombok.Getter; 5 | import lombok.NoArgsConstructor; 6 | import lombok.Setter; 7 | 8 | @Getter 9 | @Setter 10 | @AllArgsConstructor 11 | @NoArgsConstructor 12 | public class RegisterRequest { 13 | private String firstname; 14 | private String lastname; 15 | private String email; 16 | private String password; 17 | private String authority; 18 | } 19 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-implementation/src/main/java/com/example/springsecuritywithauthority/user/RegisterResponse.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.user; 2 | 3 | import lombok.*; 4 | 5 | @Builder 6 | @Getter 7 | @Setter 8 | @AllArgsConstructor 9 | @NoArgsConstructor 10 | public class RegisterResponse { 11 | private String firstname; 12 | private String lastname; 13 | private String email; 14 | private String token; 15 | } 16 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-implementation/src/main/java/com/example/springsecuritywithauthority/user/User.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.user; 2 | 3 | import lombok.*; 4 | 5 | import javax.persistence.*; 6 | 7 | @Entity 8 | @Getter 9 | @Setter 10 | @AllArgsConstructor 11 | @NoArgsConstructor 12 | @Table(name = "users") 13 | @Builder 14 | public class User { 15 | @Id 16 | @GeneratedValue(strategy = GenerationType.IDENTITY) 17 | @Column(name = "id") 18 | private int id; 19 | 20 | @Column(name = "firstname") 21 | private String firstname; 22 | 23 | @Column(name = "lastname") 24 | private String lastname; 25 | 26 | @Column(name = "email") 27 | private String email; 28 | 29 | @Column(name = "password") 30 | private String password; 31 | 32 | @Column(name = "authority") 33 | private String authority; 34 | } 35 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-implementation/src/main/java/com/example/springsecuritywithauthority/user/UserDao.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.user; 2 | 3 | import org.springframework.data.jpa.repository.JpaRepository; 4 | import org.springframework.stereotype.Repository; 5 | 6 | @Repository 7 | public interface UserDao extends JpaRepository { 8 | boolean existsByEmail(String email); 9 | 10 | User findUserByEmail(String email); 11 | } 12 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-implementation/src/main/java/com/example/springsecuritywithauthority/user/UserService.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.user; 2 | 3 | import org.springframework.http.ResponseEntity; 4 | 5 | public interface UserService { 6 | ResponseEntity register(RegisterRequest registerRequest); 7 | 8 | ResponseEntity adminAuthorityAcceptOnly(); 9 | 10 | ResponseEntity userAuthorityAcceptOnly(); 11 | 12 | ResponseEntity editorAuthorityAcceptOnly(); 13 | 14 | ResponseEntity acceptsAnyAuthority(); 15 | } 16 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-implementation/src/main/java/com/example/springsecuritywithauthority/user/UserServiceImpl.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.user; 2 | 3 | import com.example.springsecuritywithauthority.exception.BusinessException; 4 | import com.example.springsecuritywithauthority.outservices.EmailVerificationService; 5 | import com.example.springsecuritywithauthority.security.token.TokenService; 6 | import org.springframework.http.HttpStatus; 7 | import org.springframework.http.ResponseEntity; 8 | import org.springframework.stereotype.Service; 9 | 10 | import java.util.Locale; 11 | 12 | @Service 13 | public class UserServiceImpl implements UserService { 14 | private final UserDao userDao; 15 | private final TokenService tokenService; 16 | private final EmailVerificationService emailVerificationService; 17 | 18 | public UserServiceImpl( 19 | final UserDao userDao, 20 | final TokenService tokenService, 21 | final EmailVerificationService emailVerificationService) { 22 | this.userDao = userDao; 23 | this.tokenService = tokenService; 24 | this.emailVerificationService = emailVerificationService; 25 | } 26 | 27 | @Override 28 | public ResponseEntity register(final RegisterRequest registerRequest) { 29 | 30 | CheckEmailIsAlreadyUsing(registerRequest.getEmail()); 31 | emailVerificationService.emailVerification(registerRequest.getEmail()); 32 | final var user = 33 | User.builder() 34 | .id(0) 35 | .firstname(registerRequest.getFirstname()) 36 | .lastname(registerRequest.getLastname()) 37 | .email(registerRequest.getEmail()) 38 | .password(registerRequest.getPassword()) 39 | .authority(registerRequest.getAuthority().toUpperCase(Locale.ENGLISH)) 40 | .build(); 41 | 42 | final var token = tokenService.createToken(user); 43 | 44 | final RegisterResponse registerResponse = 45 | RegisterResponse.builder() 46 | .firstname(user.getFirstname()) 47 | .lastname(user.getLastname()) 48 | .email(user.getEmail()) 49 | .token(token) 50 | .build(); 51 | 52 | this.userDao.save(user); 53 | return new ResponseEntity<>(registerResponse, HttpStatus.OK); 54 | } 55 | 56 | @Override 57 | public ResponseEntity adminAuthorityAcceptOnly() { 58 | return new ResponseEntity<>("Admin authorization has been succeed", HttpStatus.OK); 59 | } 60 | 61 | @Override 62 | public ResponseEntity userAuthorityAcceptOnly() { 63 | return new ResponseEntity<>("User authorization has been succeed", HttpStatus.OK); 64 | } 65 | 66 | @Override 67 | public ResponseEntity editorAuthorityAcceptOnly() { 68 | return new ResponseEntity<>("Editor authorization has been succeed", HttpStatus.OK); 69 | } 70 | 71 | @Override 72 | public ResponseEntity acceptsAnyAuthority() { 73 | return new ResponseEntity<>("Accepts any of authorities", HttpStatus.OK); 74 | } 75 | 76 | private void CheckEmailIsAlreadyUsing(String email) { 77 | if (this.userDao.existsByEmail(email)) { 78 | throw new BusinessException("This is email is already using"); 79 | } 80 | } 81 | } 82 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-implementation/src/main/java/com/example/springsecuritywithauthority/utilities/results/DataResult.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.utilities.results; 2 | 3 | public class DataResult extends Result { 4 | private final T data; 5 | 6 | public DataResult(T data, boolean success, String message) { 7 | super(success, message); 8 | this.data = data; 9 | } 10 | 11 | public DataResult(T data, boolean success) { 12 | super(success); 13 | this.data = data; 14 | } 15 | 16 | public T getData() { 17 | return this.data; 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-implementation/src/main/java/com/example/springsecuritywithauthority/utilities/results/ErrorDataResult.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.utilities.results; 2 | 3 | public class ErrorDataResult extends DataResult { 4 | public ErrorDataResult(T data, String message) { 5 | super(data, false, message); 6 | } 7 | 8 | public ErrorDataResult(T data) { 9 | super(data, false); 10 | } 11 | 12 | public ErrorDataResult(String message) { 13 | super(null, false, message); 14 | } 15 | 16 | public ErrorDataResult() { 17 | super(null, false); 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-implementation/src/main/java/com/example/springsecuritywithauthority/utilities/results/ErrorResult.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.utilities.results; 2 | 3 | public class ErrorResult extends Result { 4 | 5 | public ErrorResult() { 6 | super(false); 7 | } 8 | 9 | public ErrorResult(String message) { 10 | super(false, message); 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-implementation/src/main/java/com/example/springsecuritywithauthority/utilities/results/Result.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.utilities.results; 2 | 3 | public class Result { 4 | private final boolean success; 5 | private String message; 6 | 7 | public Result(boolean success) { 8 | this.success = success; 9 | } 10 | 11 | public Result(boolean success, String message) { 12 | this(success); 13 | this.message = message; 14 | } 15 | 16 | public boolean isSuccess() { 17 | return this.success; 18 | } 19 | 20 | public String getMessage() { 21 | return this.message; 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-implementation/src/main/java/com/example/springsecuritywithauthority/utilities/results/SuccessDataResult.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.utilities.results; 2 | 3 | public class SuccessDataResult extends DataResult { 4 | public SuccessDataResult(T data, String message) { 5 | super(data, true, message); 6 | } 7 | 8 | public SuccessDataResult(T data) { 9 | super(data, true); 10 | } 11 | 12 | public SuccessDataResult(String message) { 13 | super(null, true, message); 14 | } 15 | 16 | public SuccessDataResult() { 17 | super(null, true); 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-implementation/src/main/java/com/example/springsecuritywithauthority/utilities/results/SuccessResult.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.utilities.results; 2 | 3 | public class SuccessResult extends Result { 4 | 5 | public SuccessResult() { 6 | super(true); 7 | } 8 | 9 | public SuccessResult(String message) { 10 | super(true, message); 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-implementation/src/main/resources/application.yml: -------------------------------------------------------------------------------- 1 | spring: 2 | datasource: 3 | url: jdbc:h2:mem:testdb 4 | driverClassName: org.h2.Driver 5 | username: sa 6 | jpa: 7 | database-platform: org.hibernate.dialect.H2Dialect 8 | 9 | ###Secret Key length should have 32 character 10 | crypto: 11 | secret-key: asdqweasdqweasdwqaedasdwqaeadsad 12 | secret-key-algorithm: AES 13 | transformation: AES/GCM/NoPadding 14 | gcm-tag-length: 16 15 | gcm-iv-length: 12 16 | 17 | ###Secret Key length should have 48 character 18 | jwt: 19 | algorithm: HS256 20 | secret-key: qwezdft4rqesdawadasdasdasdasdasdasdasqweweasadfs 21 | issuer: jwt-implementation 22 | expiration: 1d -------------------------------------------------------------------------------- /spring-security-with-authority-jwt-implementation/src/main/resources/logback.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | %d{HH:mm:ss.SSS} [%t] %-5level %logger{36} - %msg%n 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | -------------------------------------------------------------------------------- /spring-security-with-authority/.gitignore: -------------------------------------------------------------------------------- 1 | HELP.md 2 | target/ 3 | !.mvn/wrapper/maven-wrapper.jar 4 | !**/src/main/**/target/ 5 | !**/src/test/**/target/ 6 | 7 | ### STS ### 8 | .apt_generated 9 | .classpath 10 | .factorypath 11 | .project 12 | .settings 13 | .springBeans 14 | .sts4-cache 15 | 16 | ### IntelliJ IDEA ### 17 | .idea 18 | *.iws 19 | *.iml 20 | *.ipr 21 | 22 | ### NetBeans ### 23 | /nbproject/private/ 24 | /nbbuild/ 25 | /dist/ 26 | /nbdist/ 27 | /.nb-gradle/ 28 | build/ 29 | !**/src/main/**/build/ 30 | !**/src/test/**/build/ 31 | 32 | ### VS Code ### 33 | .vscode/ 34 | -------------------------------------------------------------------------------- /spring-security-with-authority/.mvn/wrapper/maven-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hnfaydn/spring-security-presentation/edda90dc0bbb6e16fb4f9e4d073158b350ca6999/spring-security-with-authority/.mvn/wrapper/maven-wrapper.jar -------------------------------------------------------------------------------- /spring-security-with-authority/.mvn/wrapper/maven-wrapper.properties: -------------------------------------------------------------------------------- 1 | distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.6/apache-maven-3.8.6-bin.zip 2 | wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar 3 | -------------------------------------------------------------------------------- /spring-security-with-authority/httpRequests/UserResource.http: -------------------------------------------------------------------------------- 1 | ### Register 2 | POST localhost:8080/api/user/register 3 | Content-Type: application/json 4 | Authorization 5 | X-Csrf-Token: 6 | 7 | { 8 | "firstname": "testFirstname", 9 | "lastname": "testLastname", 10 | "email": "testMail", 11 | "password": "testPassword", 12 | "authority": "user" 13 | } 14 | 15 | ### Admin 16 | GET localhost:8080/api/user/admin-login 17 | Authorization: Basic testMail testPassword 18 | 19 | 20 | ### User 21 | GET localhost:8080/api/user/user-login 22 | Authorization: Basic testMail testPassword 23 | 24 | 25 | ### Editor 26 | GET localhost:8080/api/user/editor-login 27 | Authorization: Basic testMail testPassword 28 | 29 | 30 | ### Any-of-authority 31 | GET localhost:8080/api/user/any-of-request-login 32 | Authorization: Basic testMail testPassword 33 | -------------------------------------------------------------------------------- /spring-security-with-authority/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 4 | 4.0.0 5 | 6 | org.springframework.boot 7 | spring-boot-starter-parent 8 | 2.7.5 9 | 10 | 11 | com.example 12 | spring-security-with-authority 13 | 0.0.1-SNAPSHOT 14 | spring-security-with-authority 15 | spring-security-with-authority 16 | 17 | 17 18 | 19 | 20 | 21 | org.springframework.boot 22 | spring-boot-starter-data-jpa 23 | 24 | 25 | org.springframework.boot 26 | spring-boot-starter-security 27 | 28 | 29 | org.springframework.boot 30 | spring-boot-starter-web 31 | 32 | 33 | 34 | org.springframework.boot 35 | spring-boot-devtools 36 | runtime 37 | true 38 | 39 | 40 | com.h2database 41 | h2 42 | runtime 43 | 44 | 45 | org.projectlombok 46 | lombok 47 | true 48 | 49 | 50 | org.springframework.boot 51 | spring-boot-starter-test 52 | test 53 | 54 | 55 | org.springframework.security 56 | spring-security-test 57 | test 58 | 59 | 60 | 61 | 62 | 63 | 64 | org.springframework.boot 65 | spring-boot-maven-plugin 66 | 67 | 68 | 69 | org.projectlombok 70 | lombok 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | -------------------------------------------------------------------------------- /spring-security-with-authority/src/main/java/com/example/springsecuritywithauthority/SpringSecurityWithAuthorityApplication.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority; 2 | 3 | import org.springframework.boot.SpringApplication; 4 | import org.springframework.boot.autoconfigure.SpringBootApplication; 5 | 6 | @SpringBootApplication 7 | public class SpringSecurityWithAuthorityApplication { 8 | 9 | public static void main(String[] args) { 10 | SpringApplication.run(SpringSecurityWithAuthorityApplication.class, args); 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /spring-security-with-authority/src/main/java/com/example/springsecuritywithauthority/api/UserResource.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.api; 2 | 3 | import com.example.springsecuritywithauthority.user.RegisterRequest; 4 | import com.example.springsecuritywithauthority.user.RegisterResponse; 5 | import com.example.springsecuritywithauthority.user.UserServiceImpl; 6 | import org.springframework.http.ResponseEntity; 7 | import org.springframework.security.access.prepost.PreAuthorize; 8 | import org.springframework.web.bind.annotation.*; 9 | 10 | @RestController 11 | @RequestMapping("/api/user") 12 | public class UserResource { 13 | private final UserServiceImpl userService; 14 | 15 | public UserResource(UserServiceImpl userService) { 16 | this.userService = userService; 17 | } 18 | 19 | @PostMapping("/register") 20 | public ResponseEntity register(@RequestBody RegisterRequest registerRequest) { 21 | return this.userService.register(registerRequest); 22 | } 23 | 24 | //@PreAuthorize("hasAuthority('ADMIN')") 25 | @GetMapping("/admin-login") 26 | public ResponseEntity adminLogin() { 27 | return this.userService.adminAuthorityAcceptOnly(); 28 | } 29 | 30 | // @Secured("USER")//work with roles 31 | //@PreAuthorize("hasAuthority('USER')") 32 | @GetMapping("/user-login") 33 | public ResponseEntity userLogin() { 34 | return this.userService.userAuthorityAcceptOnly(); 35 | } 36 | 37 | // @RolesAllowed("EDITOR")//work with roles 38 | //@PreAuthorize("hasAuthority('EDITOR')") 39 | @GetMapping("/editor-login") 40 | public ResponseEntity editorLogin() { 41 | return this.userService.editorAuthorityAcceptOnly(); 42 | } 43 | 44 | @GetMapping("/any-of-request-login") 45 | public ResponseEntity anyOfAuthorityLogin() { 46 | return this.userService.acceptsAnyAuthority(); 47 | } 48 | } 49 | -------------------------------------------------------------------------------- /spring-security-with-authority/src/main/java/com/example/springsecuritywithauthority/exception/BusinessException.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.exception; 2 | 3 | public class BusinessException extends RuntimeException { 4 | public BusinessException(String message) { 5 | super(message); 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /spring-security-with-authority/src/main/java/com/example/springsecuritywithauthority/exception/GlobalExceptionHandler.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.exception; 2 | 3 | import com.example.springsecuritywithauthority.utilities.results.ErrorDataResult; 4 | import org.springframework.http.HttpStatus; 5 | import org.springframework.web.bind.annotation.ExceptionHandler; 6 | import org.springframework.web.bind.annotation.ResponseStatus; 7 | import org.springframework.web.bind.annotation.RestControllerAdvice; 8 | 9 | @RestControllerAdvice 10 | public class GlobalExceptionHandler { 11 | @ExceptionHandler 12 | @ResponseStatus(code = HttpStatus.BAD_REQUEST) 13 | public ErrorDataResult handleBusinessExceptions(Exception exception) { 14 | ErrorDataResult errorDataResult = 15 | new ErrorDataResult<>(exception.getMessage(), "An Error Occurred"); 16 | return errorDataResult; 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /spring-security-with-authority/src/main/java/com/example/springsecuritywithauthority/outservices/EmailVerificationService.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.outservices; 2 | 3 | public interface EmailVerificationService { 4 | boolean emailVerification(String email); 5 | } 6 | -------------------------------------------------------------------------------- /spring-security-with-authority/src/main/java/com/example/springsecuritywithauthority/outservices/EmailVerificationServiceImpl.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.outservices; 2 | 3 | import org.springframework.stereotype.Service; 4 | 5 | @Service 6 | public class EmailVerificationServiceImpl implements EmailVerificationService { 7 | @Override 8 | public boolean emailVerification(String email) { 9 | return true; 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /spring-security-with-authority/src/main/java/com/example/springsecuritywithauthority/security/Authority.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.security; 2 | 3 | import lombok.Getter; 4 | import org.springframework.security.core.GrantedAuthority; 5 | 6 | @Getter 7 | public enum Authority implements GrantedAuthority { 8 | USER, 9 | ADMIN, 10 | EDITOR, 11 | READONLY; 12 | 13 | @Override 14 | public String getAuthority() { 15 | return name(); 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /spring-security-with-authority/src/main/java/com/example/springsecuritywithauthority/security/CustomUserDetailsService.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.security; 2 | 3 | import com.example.springsecuritywithauthority.user.User; 4 | import com.example.springsecuritywithauthority.user.UserDao; 5 | import org.springframework.security.core.userdetails.UserDetails; 6 | import org.springframework.security.core.userdetails.UserDetailsService; 7 | import org.springframework.security.core.userdetails.UsernameNotFoundException; 8 | import org.springframework.stereotype.Service; 9 | 10 | import java.util.Objects; 11 | 12 | @Service 13 | public class CustomUserDetailsService implements UserDetailsService { 14 | private final UserDao userDao; 15 | 16 | public CustomUserDetailsService(UserDao userDao) { 17 | this.userDao = userDao; 18 | } 19 | 20 | @Override 21 | public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException { 22 | User user = this.userDao.findUserByEmail(email); 23 | if (Objects.isNull(user)) { 24 | throw new UsernameNotFoundException("There is no user with following email adress:" + email); 25 | } 26 | return new MyUserDetails(user); 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /spring-security-with-authority/src/main/java/com/example/springsecuritywithauthority/security/MyUserDetails.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.security; 2 | 3 | import com.example.springsecuritywithauthority.user.User; 4 | import org.springframework.security.core.GrantedAuthority; 5 | import org.springframework.security.core.userdetails.UserDetails; 6 | 7 | import java.util.Collection; 8 | import java.util.List; 9 | 10 | public class MyUserDetails implements UserDetails { 11 | private final User user; 12 | 13 | public MyUserDetails(User user) { 14 | this.user = user; 15 | } 16 | 17 | @Override 18 | public Collection getAuthorities() { 19 | return List.of(Authority.valueOf(user.getAuthority())); 20 | } 21 | 22 | @Override 23 | public String getPassword() { 24 | return user.getPassword(); 25 | } 26 | 27 | @Override 28 | public String getUsername() { 29 | return user.getEmail(); 30 | } 31 | 32 | @Override 33 | public boolean isAccountNonExpired() { 34 | return true; 35 | } 36 | 37 | @Override 38 | public boolean isAccountNonLocked() { 39 | return true; 40 | } 41 | 42 | @Override 43 | public boolean isCredentialsNonExpired() { 44 | return true; 45 | } 46 | 47 | @Override 48 | public boolean isEnabled() { 49 | return true; 50 | } 51 | } 52 | -------------------------------------------------------------------------------- /spring-security-with-authority/src/main/java/com/example/springsecuritywithauthority/security/SecurityConfiguration.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.security; 2 | 3 | import com.example.springsecuritywithauthority.security.filter.CustomFilter; 4 | import org.springframework.context.annotation.Bean; 5 | import org.springframework.context.annotation.Configuration; 6 | import org.springframework.security.config.Customizer; 7 | import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; 8 | import org.springframework.security.config.annotation.web.builders.HttpSecurity; 9 | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; 10 | import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; 11 | import org.springframework.security.core.userdetails.UserDetailsService; 12 | import org.springframework.security.crypto.password.NoOpPasswordEncoder; 13 | import org.springframework.security.crypto.password.PasswordEncoder; 14 | import org.springframework.security.web.SecurityFilterChain; 15 | import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; 16 | 17 | import java.util.Locale; 18 | 19 | /* 20 | The prePostEnabled property enables Spring Security pre/post annotations. 21 | The securedEnabled property determines if the @Secured annotation should be enabled. 22 | The jsr250Enabled property allows us to use the @RoleAllowed annotation. 23 | */ 24 | 25 | @EnableWebSecurity 26 | @Configuration 27 | @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true) 28 | public class SecurityConfiguration { 29 | private final UserDetailsService userDetailsService; 30 | 31 | public SecurityConfiguration(UserDetailsService userDetailsService) { 32 | this.userDetailsService = userDetailsService; 33 | } 34 | 35 | @Bean 36 | public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { 37 | return http.authorizeHttpRequests( 38 | authorize -> 39 | authorize 40 | // public endpoint everyone can reach without any authority 41 | .antMatchers("/h2-console", "/api/user/register") 42 | .permitAll() 43 | 44 | // admin endpoint only admin authority can reach 45 | .antMatchers("/api/user/admin-login") 46 | .hasAuthority(Authority.ADMIN.getAuthority().toUpperCase(Locale.ENGLISH)) 47 | 48 | // user endpoint only user authority can reach 49 | .antMatchers("/api/user/user-login") 50 | .hasAuthority(Authority.USER.getAuthority().toUpperCase(Locale.ENGLISH)) 51 | 52 | // editor endpoint only editor authority can reach 53 | .antMatchers("/api/user/editor-login") 54 | .hasAuthority(Authority.EDITOR.getAuthority().toUpperCase(Locale.ENGLISH)) 55 | 56 | // any authority can reach 57 | .antMatchers("/api/user/any-of-request-login") 58 | .hasAnyAuthority( 59 | Authority.ADMIN.getAuthority().toUpperCase(Locale.ENGLISH), 60 | Authority.USER.getAuthority().toUpperCase(Locale.ENGLISH), 61 | Authority.EDITOR.getAuthority().toUpperCase(Locale.ENGLISH), 62 | Authority.READONLY.getAuthority().toUpperCase(Locale.ENGLISH))) 63 | .csrf(AbstractHttpConfigurer::disable) 64 | .httpBasic(Customizer.withDefaults()) 65 | .addFilterBefore(new CustomFilter(), BasicAuthenticationFilter.class) 66 | .build(); 67 | } 68 | 69 | @Bean 70 | public PasswordEncoder getPasswordEncoder() { 71 | return NoOpPasswordEncoder.getInstance(); 72 | } 73 | } 74 | -------------------------------------------------------------------------------- /spring-security-with-authority/src/main/java/com/example/springsecuritywithauthority/security/filter/CustomFilter.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.security.filter; 2 | 3 | import lombok.extern.slf4j.Slf4j; 4 | import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; 5 | import org.springframework.web.filter.GenericFilterBean; 6 | 7 | import javax.servlet.FilterChain; 8 | import javax.servlet.ServletException; 9 | import javax.servlet.ServletRequest; 10 | import javax.servlet.ServletResponse; 11 | import javax.servlet.http.HttpServletRequest; 12 | import javax.servlet.http.HttpServletResponse; 13 | import java.io.IOException; 14 | 15 | @Slf4j 16 | public class CustomFilter extends GenericFilterBean { 17 | 18 | @Override 19 | public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) 20 | throws IOException, ServletException { 21 | HttpServletRequest httpServletRequest = (HttpServletRequest) request; 22 | HttpServletResponse httpServletResponse = (HttpServletResponse) response; 23 | UsernamePasswordAuthenticationFilter usernamePasswordAuthenticationFilter = 24 | new UsernamePasswordAuthenticationFilter(); 25 | final var usernameParameter = usernamePasswordAuthenticationFilter.getUsernameParameter(); 26 | final var method = httpServletRequest.getMethod(); 27 | log.info( 28 | "Following user:{} has sent request with method type of {}", usernameParameter, method); 29 | chain.doFilter(request, response); 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /spring-security-with-authority/src/main/java/com/example/springsecuritywithauthority/user/RegisterRequest.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.user; 2 | 3 | import lombok.AllArgsConstructor; 4 | import lombok.Getter; 5 | import lombok.NoArgsConstructor; 6 | import lombok.Setter; 7 | 8 | @Getter 9 | @Setter 10 | @AllArgsConstructor 11 | @NoArgsConstructor 12 | public class RegisterRequest { 13 | private String firstname; 14 | private String lastname; 15 | private String email; 16 | private String password; 17 | private String authority; 18 | } 19 | -------------------------------------------------------------------------------- /spring-security-with-authority/src/main/java/com/example/springsecuritywithauthority/user/RegisterResponse.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.user; 2 | 3 | import lombok.*; 4 | 5 | @Builder 6 | @Getter 7 | @Setter 8 | @AllArgsConstructor 9 | @NoArgsConstructor 10 | public class RegisterResponse { 11 | private String firstname; 12 | private String lastname; 13 | private String email; 14 | } 15 | -------------------------------------------------------------------------------- /spring-security-with-authority/src/main/java/com/example/springsecuritywithauthority/user/User.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.user; 2 | 3 | import lombok.*; 4 | 5 | import javax.persistence.*; 6 | 7 | @Entity 8 | @Getter 9 | @Setter 10 | @AllArgsConstructor 11 | @NoArgsConstructor 12 | @Table(name = "users") 13 | @Builder 14 | public class User { 15 | @Id 16 | @GeneratedValue(strategy = GenerationType.IDENTITY) 17 | @Column(name = "id") 18 | private int id; 19 | 20 | @Column(name = "firstname") 21 | private String firstname; 22 | 23 | @Column(name = "lastname") 24 | private String lastname; 25 | 26 | @Column(name = "email") 27 | private String email; 28 | 29 | @Column(name = "password") 30 | private String password; 31 | 32 | @Column(name = "authority") 33 | private String authority; 34 | } 35 | -------------------------------------------------------------------------------- /spring-security-with-authority/src/main/java/com/example/springsecuritywithauthority/user/UserDao.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.user; 2 | 3 | import org.springframework.data.jpa.repository.JpaRepository; 4 | import org.springframework.stereotype.Repository; 5 | 6 | @Repository 7 | public interface UserDao extends JpaRepository { 8 | boolean existsByEmail(String email); 9 | 10 | User findUserByEmail(String email); 11 | } 12 | -------------------------------------------------------------------------------- /spring-security-with-authority/src/main/java/com/example/springsecuritywithauthority/user/UserService.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.user; 2 | 3 | import org.springframework.http.ResponseEntity; 4 | 5 | public interface UserService { 6 | ResponseEntity register(RegisterRequest registerRequest); 7 | 8 | ResponseEntity adminAuthorityAcceptOnly(); 9 | 10 | ResponseEntity userAuthorityAcceptOnly(); 11 | 12 | ResponseEntity editorAuthorityAcceptOnly(); 13 | 14 | ResponseEntity acceptsAnyAuthority(); 15 | } 16 | -------------------------------------------------------------------------------- /spring-security-with-authority/src/main/java/com/example/springsecuritywithauthority/user/UserServiceImpl.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.user; 2 | 3 | import com.example.springsecuritywithauthority.exception.BusinessException; 4 | import com.example.springsecuritywithauthority.outservices.EmailVerificationService; 5 | import org.springframework.http.HttpStatus; 6 | import org.springframework.http.ResponseEntity; 7 | import org.springframework.stereotype.Service; 8 | 9 | import java.util.Locale; 10 | 11 | @Service 12 | public class UserServiceImpl implements UserService { 13 | private final UserDao userDao; 14 | private final EmailVerificationService emailVerificationService; 15 | 16 | public UserServiceImpl(UserDao userDao, EmailVerificationService emailVerificationService) { 17 | this.userDao = userDao; 18 | this.emailVerificationService = emailVerificationService; 19 | } 20 | 21 | @Override 22 | public ResponseEntity register(RegisterRequest registerRequest) { 23 | 24 | CheckEmailIsAlreadyUsing(registerRequest.getEmail()); 25 | emailVerificationService.emailVerification(registerRequest.getEmail()); 26 | User user = 27 | User.builder() 28 | .id(0) 29 | .firstname(registerRequest.getFirstname()) 30 | .lastname(registerRequest.getLastname()) 31 | .email(registerRequest.getEmail()) 32 | .password(registerRequest.getPassword()) 33 | .authority(registerRequest.getAuthority().toUpperCase(Locale.ENGLISH)) 34 | .build(); 35 | 36 | RegisterResponse registerResponse = 37 | RegisterResponse.builder() 38 | .firstname(user.getFirstname()) 39 | .lastname(user.getLastname()) 40 | .email(user.getEmail()) 41 | .build(); 42 | 43 | this.userDao.save(user); 44 | return new ResponseEntity<>(registerResponse, HttpStatus.OK); 45 | } 46 | 47 | @Override 48 | public ResponseEntity adminAuthorityAcceptOnly() { 49 | return new ResponseEntity<>("Admin authorization has been succeed", HttpStatus.OK); 50 | } 51 | 52 | @Override 53 | public ResponseEntity userAuthorityAcceptOnly() { 54 | return new ResponseEntity<>("User authorization has been succeed", HttpStatus.OK); 55 | } 56 | 57 | @Override 58 | public ResponseEntity editorAuthorityAcceptOnly() { 59 | return new ResponseEntity<>("Editor authorization has been succeed", HttpStatus.OK); 60 | } 61 | 62 | @Override 63 | public ResponseEntity acceptsAnyAuthority() { 64 | return new ResponseEntity<>("Accepts any of authorities", HttpStatus.OK); 65 | } 66 | 67 | private void CheckEmailIsAlreadyUsing(String email) { 68 | if (this.userDao.existsByEmail(email)) { 69 | throw new BusinessException("This is email is already using"); 70 | } 71 | } 72 | } 73 | -------------------------------------------------------------------------------- /spring-security-with-authority/src/main/java/com/example/springsecuritywithauthority/utilities/results/DataResult.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.utilities.results; 2 | 3 | public class DataResult extends Result { 4 | private final T data; 5 | 6 | public DataResult(T data, boolean success, String message) { 7 | super(success, message); 8 | this.data = data; 9 | } 10 | 11 | public DataResult(T data, boolean success) { 12 | super(success); 13 | this.data = data; 14 | } 15 | 16 | public T getData() { 17 | return this.data; 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /spring-security-with-authority/src/main/java/com/example/springsecuritywithauthority/utilities/results/ErrorDataResult.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.utilities.results; 2 | 3 | public class ErrorDataResult extends DataResult { 4 | public ErrorDataResult(T data, String message) { 5 | super(data, false, message); 6 | } 7 | 8 | public ErrorDataResult(T data) { 9 | super(data, false); 10 | } 11 | 12 | public ErrorDataResult(String message) { 13 | super(null, false, message); 14 | } 15 | 16 | public ErrorDataResult() { 17 | super(null, false); 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /spring-security-with-authority/src/main/java/com/example/springsecuritywithauthority/utilities/results/ErrorResult.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.utilities.results; 2 | 3 | public class ErrorResult extends Result { 4 | 5 | public ErrorResult() { 6 | super(false); 7 | } 8 | 9 | public ErrorResult(String message) { 10 | super(false, message); 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /spring-security-with-authority/src/main/java/com/example/springsecuritywithauthority/utilities/results/Result.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.utilities.results; 2 | 3 | public class Result { 4 | private final boolean success; 5 | private String message; 6 | 7 | public Result(boolean success) { 8 | this.success = success; 9 | } 10 | 11 | public Result(boolean success, String message) { 12 | this(success); 13 | this.message = message; 14 | } 15 | 16 | public boolean isSuccess() { 17 | return this.success; 18 | } 19 | 20 | public String getMessage() { 21 | return this.message; 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /spring-security-with-authority/src/main/java/com/example/springsecuritywithauthority/utilities/results/SuccessDataResult.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.utilities.results; 2 | 3 | public class SuccessDataResult extends DataResult { 4 | public SuccessDataResult(T data, String message) { 5 | super(data, true, message); 6 | } 7 | 8 | public SuccessDataResult(T data) { 9 | super(data, true); 10 | } 11 | 12 | public SuccessDataResult(String message) { 13 | super(null, true, message); 14 | } 15 | 16 | public SuccessDataResult() { 17 | super(null, true); 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /spring-security-with-authority/src/main/java/com/example/springsecuritywithauthority/utilities/results/SuccessResult.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority.utilities.results; 2 | 3 | public class SuccessResult extends Result { 4 | 5 | public SuccessResult() { 6 | super(true); 7 | } 8 | 9 | public SuccessResult(String message) { 10 | super(true, message); 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /spring-security-with-authority/src/main/resources/application.properties: -------------------------------------------------------------------------------- 1 | spring.datasource.url=jdbc:h2:mem:testdb 2 | spring.datasource.driverClassName=org.h2.Driver 3 | spring.datasource.username=sa 4 | spring.jpa.database-platform=org.hibernate.dialect.H2Dialect -------------------------------------------------------------------------------- /spring-security-with-authority/src/test/java/com/example/springsecuritywithauthority/SpringSecurityWithAuthorityApplicationTests.java: -------------------------------------------------------------------------------- 1 | package com.example.springsecuritywithauthority; 2 | 3 | import org.junit.jupiter.api.Test; 4 | import org.springframework.boot.test.context.SpringBootTest; 5 | 6 | @SpringBootTest 7 | class SpringSecurityWithAuthorityApplicationTests { 8 | 9 | @Test 10 | void contextLoads() {} 11 | } 12 | --------------------------------------------------------------------------------