├── .gitignore ├── README.md ├── mvnw ├── mvnw.cmd ├── pom.xml └── src ├── main ├── java │ └── com │ │ └── devglan │ │ └── rolebasedoauth2 │ │ ├── RoleBasedOauth2Application.java │ │ ├── config │ │ ├── AuthorizationServerConfig.java │ │ ├── ResourceServerConfig.java │ │ └── SecurityConfig.java │ │ ├── controller │ │ └── UserController.java │ │ ├── dao │ │ ├── RoleDao.java │ │ └── UserDao.java │ │ ├── dto │ │ ├── ApiResponse.java │ │ └── UserDto.java │ │ ├── model │ │ ├── Role.java │ │ ├── RoleType.java │ │ └── User.java │ │ └── service │ │ ├── AuthenticationFacadeService.java │ │ ├── UserService.java │ │ └── impl │ │ ├── AuthenticationFacadeServiceImpl.java │ │ └── UserServiceImpl.java └── resources │ ├── application.properties │ ├── logback.xml │ └── script.sql └── test └── java └── com └── devglan └── rolebasedoauth2 └── RoleBasedOauth2ApplicationTests.java /.gitignore: -------------------------------------------------------------------------------- 1 | /target/ 2 | !.mvn/wrapper/maven-wrapper.jar 3 | 4 | ### STS ### 5 | .apt_generated 6 | .classpath 7 | .factorypath 8 | .project 9 | .settings 10 | .springBeans 11 | .sts4-cache 12 | 13 | ### IntelliJ IDEA ### 14 | .idea 15 | *.iws 16 | *.iml 17 | *.ipr 18 | 19 | ### NetBeans ### 20 | /nbproject/private/ 21 | /build/ 22 | /nbbuild/ 23 | /dist/ 24 | /nbdist/ 25 | /.nb-gradle/ -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # role-based-oauth2 2 | In this article, we will be securing REST APIs with role based OAUTH2 implementation. To do so, we will be creating two custom roles as ADMIN and USER and we will use <code>@secured</code> annotation provided by spring security to secure our controller methods based on role. This article was posted on [Devglan](https://www.devglan.com/spring-security/spring-oauth2-role-based-authorization). Below are some other articles on OAUTH2 3 | 1. [Spring Boot Security OAUTH2 with Angular Example](https://www.devglan.com/spring-security/spring-boot-oauth2-angular) 4 | 2. [Spring Boot Security OAUTH2 Example](https://www.devglan.com/spring-security/spring-boot-security-oauth2-example) 5 | 3. [Spring Boot OAUTH2 JWT Example](https://www.devglan.com/spring-security/spring-boot-oauth2-jwt-example) 6 | 4. [Exception Handling in Spring Security](https://www.devglan.com/spring-security/exception-handling-in-spring-security) 7 | 8 | Also, you can visit this page to explore all the [tutorials on spring security](https://www.devglan.com/tutorials/spring-security-tutorial) 9 | -------------------------------------------------------------------------------- /mvnw: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # ---------------------------------------------------------------------------- 3 | # Licensed to the Apache Software Foundation (ASF) under one 4 | # or more contributor license agreements. See the NOTICE file 5 | # distributed with this work for additional information 6 | # regarding copyright ownership. The ASF licenses this file 7 | # to you under the Apache License, Version 2.0 (the 8 | # "License"); you may not use this file except in compliance 9 | # with the License. You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, 14 | # software distributed under the License is distributed on an 15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 | # KIND, either express or implied. See the License for the 17 | # specific language governing permissions and limitations 18 | # under the License. 19 | # ---------------------------------------------------------------------------- 20 | 21 | # ---------------------------------------------------------------------------- 22 | # Maven2 Start Up Batch script 23 | # 24 | # Required ENV vars: 25 | # ------------------ 26 | # JAVA_HOME - location of a JDK home dir 27 | # 28 | # Optional ENV vars 29 | # ----------------- 30 | # M2_HOME - location of maven2's installed home dir 31 | # MAVEN_OPTS - parameters passed to the Java VM when running Maven 32 | # e.g. to debug Maven itself, use 33 | # set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 34 | # MAVEN_SKIP_RC - flag to disable loading of mavenrc files 35 | # ---------------------------------------------------------------------------- 36 | 37 | if [ -z "$MAVEN_SKIP_RC" ] ; then 38 | 39 | if [ -f /etc/mavenrc ] ; then 40 | . /etc/mavenrc 41 | fi 42 | 43 | if [ -f "$HOME/.mavenrc" ] ; then 44 | . "$HOME/.mavenrc" 45 | fi 46 | 47 | fi 48 | 49 | # OS specific support. $var _must_ be set to either true or false. 50 | cygwin=false; 51 | darwin=false; 52 | mingw=false 53 | case "`uname`" in 54 | CYGWIN*) cygwin=true ;; 55 | MINGW*) mingw=true;; 56 | Darwin*) darwin=true 57 | # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home 58 | # See https://developer.apple.com/library/mac/qa/qa1170/_index.html 59 | if [ -z "$JAVA_HOME" ]; then 60 | if [ -x "/usr/libexec/java_home" ]; then 61 | export JAVA_HOME="`/usr/libexec/java_home`" 62 | else 63 | export JAVA_HOME="/Library/Java/Home" 64 | fi 65 | fi 66 | ;; 67 | esac 68 | 69 | if [ -z "$JAVA_HOME" ] ; then 70 | if [ -r /etc/gentoo-release ] ; then 71 | JAVA_HOME=`java-config --jre-home` 72 | fi 73 | fi 74 | 75 | if [ -z "$M2_HOME" ] ; then 76 | ## resolve links - $0 may be a link to maven's home 77 | PRG="$0" 78 | 79 | # need this for relative symlinks 80 | while [ -h "$PRG" ] ; do 81 | ls=`ls -ld "$PRG"` 82 | link=`expr "$ls" : '.*-> \(.*\)$'` 83 | if expr "$link" : '/.*' > /dev/null; then 84 | PRG="$link" 85 | else 86 | PRG="`dirname "$PRG"`/$link" 87 | fi 88 | done 89 | 90 | saveddir=`pwd` 91 | 92 | M2_HOME=`dirname "$PRG"`/.. 93 | 94 | # make it fully qualified 95 | M2_HOME=`cd "$M2_HOME" && pwd` 96 | 97 | cd "$saveddir" 98 | # echo Using m2 at $M2_HOME 99 | fi 100 | 101 | # For Cygwin, ensure paths are in UNIX format before anything is touched 102 | if $cygwin ; then 103 | [ -n "$M2_HOME" ] && 104 | M2_HOME=`cygpath --unix "$M2_HOME"` 105 | [ -n "$JAVA_HOME" ] && 106 | JAVA_HOME=`cygpath --unix "$JAVA_HOME"` 107 | [ -n "$CLASSPATH" ] && 108 | CLASSPATH=`cygpath --path --unix "$CLASSPATH"` 109 | fi 110 | 111 | # For Mingw, ensure paths are in UNIX format before anything is touched 112 | if $mingw ; then 113 | [ -n "$M2_HOME" ] && 114 | M2_HOME="`(cd "$M2_HOME"; pwd)`" 115 | [ -n "$JAVA_HOME" ] && 116 | JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`" 117 | # TODO classpath? 118 | fi 119 | 120 | if [ -z "$JAVA_HOME" ]; then 121 | javaExecutable="`which javac`" 122 | if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then 123 | # readlink(1) is not available as standard on Solaris 10. 124 | readLink=`which readlink` 125 | if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then 126 | if $darwin ; then 127 | javaHome="`dirname \"$javaExecutable\"`" 128 | javaExecutable="`cd \"$javaHome\" && pwd -P`/javac" 129 | else 130 | javaExecutable="`readlink -f \"$javaExecutable\"`" 131 | fi 132 | javaHome="`dirname \"$javaExecutable\"`" 133 | javaHome=`expr "$javaHome" : '\(.*\)/bin'` 134 | JAVA_HOME="$javaHome" 135 | export JAVA_HOME 136 | fi 137 | fi 138 | fi 139 | 140 | if [ -z "$JAVACMD" ] ; then 141 | if [ -n "$JAVA_HOME" ] ; then 142 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 143 | # IBM's JDK on AIX uses strange locations for the executables 144 | JAVACMD="$JAVA_HOME/jre/sh/java" 145 | else 146 | JAVACMD="$JAVA_HOME/bin/java" 147 | fi 148 | else 149 | JAVACMD="`which java`" 150 | fi 151 | fi 152 | 153 | if [ ! -x "$JAVACMD" ] ; then 154 | echo "Error: JAVA_HOME is not defined correctly." >&2 155 | echo " We cannot execute $JAVACMD" >&2 156 | exit 1 157 | fi 158 | 159 | if [ -z "$JAVA_HOME" ] ; then 160 | echo "Warning: JAVA_HOME environment variable is not set." 161 | fi 162 | 163 | CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher 164 | 165 | # traverses directory structure from process work directory to filesystem root 166 | # first directory with .mvn subdirectory is considered project base directory 167 | find_maven_basedir() { 168 | 169 | if [ -z "$1" ] 170 | then 171 | echo "Path not specified to find_maven_basedir" 172 | return 1 173 | fi 174 | 175 | basedir="$1" 176 | wdir="$1" 177 | while [ "$wdir" != '/' ] ; do 178 | if [ -d "$wdir"/.mvn ] ; then 179 | basedir=$wdir 180 | break 181 | fi 182 | # workaround for JBEAP-8937 (on Solaris 10/Sparc) 183 | if [ -d "${wdir}" ]; then 184 | wdir=`cd "$wdir/.."; pwd` 185 | fi 186 | # end of workaround 187 | done 188 | echo "${basedir}" 189 | } 190 | 191 | # concatenates all lines of a file 192 | concat_lines() { 193 | if [ -f "$1" ]; then 194 | echo "$(tr -s '\n' ' ' < "$1")" 195 | fi 196 | } 197 | 198 | BASE_DIR=`find_maven_basedir "$(pwd)"` 199 | if [ -z "$BASE_DIR" ]; then 200 | exit 1; 201 | fi 202 | 203 | ########################################################################################## 204 | # Extension to allow automatically downloading the maven-wrapper.jar from Maven-central 205 | # This allows using the maven wrapper in projects that prohibit checking in binary data. 206 | ########################################################################################## 207 | if [ -r "$BASE_DIR/.mvn/wrapper/maven-wrapper.jar" ]; then 208 | if [ "$MVNW_VERBOSE" = true ]; then 209 | echo "Found .mvn/wrapper/maven-wrapper.jar" 210 | fi 211 | else 212 | if [ "$MVNW_VERBOSE" = true ]; then 213 | echo "Couldn't find .mvn/wrapper/maven-wrapper.jar, downloading it ..." 214 | fi 215 | jarUrl="https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.4.2/maven-wrapper-0.4.2.jar" 216 | while IFS="=" read key value; do 217 | case "$key" in (wrapperUrl) jarUrl="$value"; break ;; 218 | esac 219 | done < "$BASE_DIR/.mvn/wrapper/maven-wrapper.properties" 220 | if [ "$MVNW_VERBOSE" = true ]; then 221 | echo "Downloading from: $jarUrl" 222 | fi 223 | wrapperJarPath="$BASE_DIR/.mvn/wrapper/maven-wrapper.jar" 224 | 225 | if command -v wget > /dev/null; then 226 | if [ "$MVNW_VERBOSE" = true ]; then 227 | echo "Found wget ... using wget" 228 | fi 229 | wget "$jarUrl" -O "$wrapperJarPath" 230 | elif command -v curl > /dev/null; then 231 | if [ "$MVNW_VERBOSE" = true ]; then 232 | echo "Found curl ... using curl" 233 | fi 234 | curl -o "$wrapperJarPath" "$jarUrl" 235 | else 236 | if [ "$MVNW_VERBOSE" = true ]; then 237 | echo "Falling back to using Java to download" 238 | fi 239 | javaClass="$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.java" 240 | if [ -e "$javaClass" ]; then 241 | if [ ! -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then 242 | if [ "$MVNW_VERBOSE" = true ]; then 243 | echo " - Compiling MavenWrapperDownloader.java ..." 244 | fi 245 | # Compiling the Java class 246 | ("$JAVA_HOME/bin/javac" "$javaClass") 247 | fi 248 | if [ -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then 249 | # Running the downloader 250 | if [ "$MVNW_VERBOSE" = true ]; then 251 | echo " - Running MavenWrapperDownloader.java ..." 252 | fi 253 | ("$JAVA_HOME/bin/java" -cp .mvn/wrapper MavenWrapperDownloader "$MAVEN_PROJECTBASEDIR") 254 | fi 255 | fi 256 | fi 257 | fi 258 | ########################################################################################## 259 | # End of extension 260 | ########################################################################################## 261 | 262 | export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"} 263 | if [ "$MVNW_VERBOSE" = true ]; then 264 | echo $MAVEN_PROJECTBASEDIR 265 | fi 266 | MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS" 267 | 268 | # For Cygwin, switch paths to Windows format before running java 269 | if $cygwin; then 270 | [ -n "$M2_HOME" ] && 271 | M2_HOME=`cygpath --path --windows "$M2_HOME"` 272 | [ -n "$JAVA_HOME" ] && 273 | JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"` 274 | [ -n "$CLASSPATH" ] && 275 | CLASSPATH=`cygpath --path --windows "$CLASSPATH"` 276 | [ -n "$MAVEN_PROJECTBASEDIR" ] && 277 | MAVEN_PROJECTBASEDIR=`cygpath --path --windows "$MAVEN_PROJECTBASEDIR"` 278 | fi 279 | 280 | WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain 281 | 282 | exec "$JAVACMD" \ 283 | $MAVEN_OPTS \ 284 | -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \ 285 | "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \ 286 | ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@" 287 | -------------------------------------------------------------------------------- /mvnw.cmd: -------------------------------------------------------------------------------- 1 | @REM ---------------------------------------------------------------------------- 2 | @REM Licensed to the Apache Software Foundation (ASF) under one 3 | @REM or more contributor license agreements. See the NOTICE file 4 | @REM distributed with this work for additional information 5 | @REM regarding copyright ownership. The ASF licenses this file 6 | @REM to you under the Apache License, Version 2.0 (the 7 | @REM "License"); you may not use this file except in compliance 8 | @REM with the License. You may obtain a copy of the License at 9 | @REM 10 | @REM http://www.apache.org/licenses/LICENSE-2.0 11 | @REM 12 | @REM Unless required by applicable law or agreed to in writing, 13 | @REM software distributed under the License is distributed on an 14 | @REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | @REM KIND, either express or implied. See the License for the 16 | @REM specific language governing permissions and limitations 17 | @REM under the License. 18 | @REM ---------------------------------------------------------------------------- 19 | 20 | @REM ---------------------------------------------------------------------------- 21 | @REM Maven2 Start Up Batch script 22 | @REM 23 | @REM Required ENV vars: 24 | @REM JAVA_HOME - location of a JDK home dir 25 | @REM 26 | @REM Optional ENV vars 27 | @REM M2_HOME - location of maven2's installed home dir 28 | @REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands 29 | @REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a key stroke before ending 30 | @REM MAVEN_OPTS - parameters passed to the Java VM when running Maven 31 | @REM e.g. to debug Maven itself, use 32 | @REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 33 | @REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files 34 | @REM ---------------------------------------------------------------------------- 35 | 36 | @REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on' 37 | @echo off 38 | @REM set title of command window 39 | title %0 40 | @REM enable echoing my setting MAVEN_BATCH_ECHO to 'on' 41 | @if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO% 42 | 43 | @REM set %HOME% to equivalent of $HOME 44 | if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%") 45 | 46 | @REM Execute a user defined script before this one 47 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre 48 | @REM check for pre script, once with legacy .bat ending and once with .cmd ending 49 | if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat" 50 | if exist "%HOME%\mavenrc_pre.cmd" call "%HOME%\mavenrc_pre.cmd" 51 | :skipRcPre 52 | 53 | @setlocal 54 | 55 | set ERROR_CODE=0 56 | 57 | @REM To isolate internal variables from possible post scripts, we use another setlocal 58 | @setlocal 59 | 60 | @REM ==== START VALIDATION ==== 61 | if not "%JAVA_HOME%" == "" goto OkJHome 62 | 63 | echo. 64 | echo Error: JAVA_HOME not found in your environment. >&2 65 | echo Please set the JAVA_HOME variable in your environment to match the >&2 66 | echo location of your Java installation. >&2 67 | echo. 68 | goto error 69 | 70 | :OkJHome 71 | if exist "%JAVA_HOME%\bin\java.exe" goto init 72 | 73 | echo. 74 | echo Error: JAVA_HOME is set to an invalid directory. >&2 75 | echo JAVA_HOME = "%JAVA_HOME%" >&2 76 | echo Please set the JAVA_HOME variable in your environment to match the >&2 77 | echo location of your Java installation. >&2 78 | echo. 79 | goto error 80 | 81 | @REM ==== END VALIDATION ==== 82 | 83 | :init 84 | 85 | @REM Find the project base dir, i.e. the directory that contains the folder ".mvn". 86 | @REM Fallback to current working directory if not found. 87 | 88 | set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR% 89 | IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir 90 | 91 | set EXEC_DIR=%CD% 92 | set WDIR=%EXEC_DIR% 93 | :findBaseDir 94 | IF EXIST "%WDIR%"\.mvn goto baseDirFound 95 | cd .. 96 | IF "%WDIR%"=="%CD%" goto baseDirNotFound 97 | set WDIR=%CD% 98 | goto findBaseDir 99 | 100 | :baseDirFound 101 | set MAVEN_PROJECTBASEDIR=%WDIR% 102 | cd "%EXEC_DIR%" 103 | goto endDetectBaseDir 104 | 105 | :baseDirNotFound 106 | set MAVEN_PROJECTBASEDIR=%EXEC_DIR% 107 | cd "%EXEC_DIR%" 108 | 109 | :endDetectBaseDir 110 | 111 | IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig 112 | 113 | @setlocal EnableExtensions EnableDelayedExpansion 114 | for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a 115 | @endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS% 116 | 117 | :endReadAdditionalConfig 118 | 119 | SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe" 120 | set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar" 121 | set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain 122 | 123 | set DOWNLOAD_URL="https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.4.2/maven-wrapper-0.4.2.jar" 124 | FOR /F "tokens=1,2 delims==" %%A IN (%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties) DO ( 125 | IF "%%A"=="wrapperUrl" SET DOWNLOAD_URL=%%B 126 | ) 127 | 128 | @REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central 129 | @REM This allows using the maven wrapper in projects that prohibit checking in binary data. 130 | if exist %WRAPPER_JAR% ( 131 | echo Found %WRAPPER_JAR% 132 | ) else ( 133 | echo Couldn't find %WRAPPER_JAR%, downloading it ... 134 | echo Downloading from: %DOWNLOAD_URL% 135 | powershell -Command "(New-Object Net.WebClient).DownloadFile('%DOWNLOAD_URL%', '%WRAPPER_JAR%')" 136 | echo Finished downloading %WRAPPER_JAR% 137 | ) 138 | @REM End of extension 139 | 140 | %MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %* 141 | if ERRORLEVEL 1 goto error 142 | goto end 143 | 144 | :error 145 | set ERROR_CODE=1 146 | 147 | :end 148 | @endlocal & set ERROR_CODE=%ERROR_CODE% 149 | 150 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPost 151 | @REM check for post script, once with legacy .bat ending and once with .cmd ending 152 | if exist "%HOME%\mavenrc_post.bat" call "%HOME%\mavenrc_post.bat" 153 | if exist "%HOME%\mavenrc_post.cmd" call "%HOME%\mavenrc_post.cmd" 154 | :skipRcPost 155 | 156 | @REM pause the script if MAVEN_BATCH_PAUSE is set to 'on' 157 | if "%MAVEN_BATCH_PAUSE%" == "on" pause 158 | 159 | if "%MAVEN_TERMINATE_CMD%" == "on" exit %ERROR_CODE% 160 | 161 | exit /B %ERROR_CODE% 162 | -------------------------------------------------------------------------------- /pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 4 | 4.0.0 5 | 6 | org.springframework.boot 7 | spring-boot-starter-parent 8 | 2.1.1.RELEASE 9 | 10 | 11 | com.devglan 12 | role-based-oauth2 13 | 0.0.1-SNAPSHOT 14 | role-based-oauth2 15 | Demo project for Spring Boot 16 | 17 | 18 | 1.8 19 | 20 | 21 | 22 | 23 | org.springframework.boot 24 | spring-boot-starter-data-jpa 25 | 26 | 27 | org.springframework.boot 28 | spring-boot-starter-security 29 | 30 | 31 | org.springframework.boot 32 | spring-boot-starter-web 33 | 34 | 35 | org.springframework.security.oauth 36 | spring-security-oauth2 37 | 2.1.0.RELEASE 38 | 39 | 40 | org.springframework.security 41 | spring-security-jwt 42 | 1.0.9.RELEASE 43 | 44 | 45 | mysql 46 | mysql-connector-java 47 | 48 | 49 | org.springframework.boot 50 | spring-boot-starter-test 51 | test 52 | 53 | 54 | org.springframework.security 55 | spring-security-test 56 | test 57 | 58 | 59 | 60 | 61 | 62 | 63 | org.springframework.boot 64 | spring-boot-maven-plugin 65 | 66 | 67 | 68 | 69 | 70 | -------------------------------------------------------------------------------- /src/main/java/com/devglan/rolebasedoauth2/RoleBasedOauth2Application.java: -------------------------------------------------------------------------------- 1 | package com.devglan.rolebasedoauth2; 2 | 3 | import org.springframework.boot.SpringApplication; 4 | import org.springframework.boot.autoconfigure.SpringBootApplication; 5 | 6 | @SpringBootApplication 7 | public class RoleBasedOauth2Application { 8 | 9 | public static void main(String[] args) { 10 | SpringApplication.run(RoleBasedOauth2Application.class, args); 11 | } 12 | 13 | } 14 | 15 | -------------------------------------------------------------------------------- /src/main/java/com/devglan/rolebasedoauth2/config/AuthorizationServerConfig.java: -------------------------------------------------------------------------------- 1 | package com.devglan.rolebasedoauth2.config; 2 | 3 | import org.springframework.beans.factory.annotation.Autowired; 4 | import org.springframework.context.annotation.Bean; 5 | import org.springframework.context.annotation.Configuration; 6 | import org.springframework.security.authentication.AuthenticationManager; 7 | import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer; 8 | import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter; 9 | import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer; 10 | import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer; 11 | import org.springframework.security.oauth2.provider.token.TokenStore; 12 | import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter; 13 | import org.springframework.security.oauth2.provider.token.store.JwtTokenStore; 14 | 15 | @Configuration 16 | @EnableAuthorizationServer 17 | public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter { 18 | 19 | private static final String CLIEN_ID = "devglan-client"; 20 | private static final String CLIENT_SECRET ="$2a$04$1VGGg98BkCSvSLs4RDSyUu8MrYf0jkY3dgCLAy8GHJe6QA4VAM/X2"; 21 | private static final String GRANT_TYPE_PASSWORD = "password"; 22 | private static final String AUTHORIZATION_CODE = "authorization_code"; 23 | private static final String REFRESH_TOKEN = "refresh_token"; 24 | private static final String IMPLICIT = "implicit"; 25 | private static final String SCOPE_READ = "read"; 26 | private static final String SCOPE_WRITE = "write"; 27 | private static final String TRUST = "trust"; 28 | 29 | @Autowired 30 | private AuthenticationManager authenticationManager; 31 | 32 | @Bean 33 | public JwtAccessTokenConverter accessTokenConverter() { 34 | JwtAccessTokenConverter converter = new JwtAccessTokenConverter(); 35 | converter.setSigningKey("as466gf"); 36 | return converter; 37 | } 38 | 39 | @Bean 40 | public TokenStore tokenStore() { 41 | return new JwtTokenStore(accessTokenConverter()); 42 | } 43 | 44 | @Override 45 | public void configure(ClientDetailsServiceConfigurer configurer) throws Exception { 46 | 47 | configurer 48 | .inMemory() 49 | .withClient(CLIEN_ID) 50 | .secret(CLIENT_SECRET) 51 | .authorizedGrantTypes(GRANT_TYPE_PASSWORD, AUTHORIZATION_CODE, REFRESH_TOKEN, IMPLICIT ) 52 | .scopes(SCOPE_READ, SCOPE_WRITE, TRUST); 53 | } 54 | 55 | @Override 56 | public void configure(AuthorizationServerEndpointsConfigurer endpoints) { 57 | 58 | endpoints 59 | /*.pathMapping("/oauth/token", "/users/user/login")*/.tokenStore(tokenStore()) 60 | .authenticationManager(authenticationManager) 61 | .accessTokenConverter(accessTokenConverter()); 62 | } 63 | 64 | 65 | } -------------------------------------------------------------------------------- /src/main/java/com/devglan/rolebasedoauth2/config/ResourceServerConfig.java: -------------------------------------------------------------------------------- 1 | package com.devglan.rolebasedoauth2.config; 2 | 3 | import org.springframework.context.annotation.Configuration; 4 | import org.springframework.security.config.annotation.web.builders.HttpSecurity; 5 | import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer; 6 | import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter; 7 | import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer; 8 | import org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler; 9 | 10 | @Configuration 11 | @EnableResourceServer 12 | public class ResourceServerConfig extends ResourceServerConfigurerAdapter { 13 | 14 | private static final String RESOURCE_ID = "resource_id"; 15 | 16 | @Override 17 | public void configure(ResourceServerSecurityConfigurer resources) { 18 | resources.resourceId(RESOURCE_ID).stateless(false); 19 | } 20 | 21 | @Override 22 | public void configure(HttpSecurity http) throws Exception { 23 | http. 24 | anonymous().disable() 25 | .authorizeRequests() 26 | .antMatchers("/admin/**").access("hasRole('ADMIN')") 27 | .and().exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler()); 28 | } 29 | 30 | 31 | 32 | } -------------------------------------------------------------------------------- /src/main/java/com/devglan/rolebasedoauth2/config/SecurityConfig.java: -------------------------------------------------------------------------------- 1 | package com.devglan.rolebasedoauth2.config; 2 | 3 | import org.springframework.beans.factory.annotation.Autowired; 4 | import org.springframework.context.annotation.Bean; 5 | import org.springframework.context.annotation.Configuration; 6 | import org.springframework.security.authentication.AuthenticationManager; 7 | import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; 8 | import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; 9 | import org.springframework.security.config.annotation.web.builders.HttpSecurity; 10 | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; 11 | import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; 12 | import org.springframework.security.core.userdetails.UserDetailsService; 13 | import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; 14 | 15 | import javax.annotation.Resource; 16 | 17 | @Configuration 18 | @EnableWebSecurity 19 | @EnableGlobalMethodSecurity(securedEnabled = true) 20 | public class SecurityConfig extends WebSecurityConfigurerAdapter { 21 | 22 | @Resource(name = "userService") 23 | private UserDetailsService userDetailsService; 24 | 25 | @Override 26 | @Bean 27 | public AuthenticationManager authenticationManagerBean() throws Exception { 28 | return super.authenticationManagerBean(); 29 | } 30 | 31 | @Autowired 32 | public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception { 33 | auth.userDetailsService(userDetailsService) 34 | .passwordEncoder(encoder()); 35 | } 36 | 37 | @Override 38 | protected void configure(HttpSecurity http) throws Exception { 39 | http 40 | .csrf().disable() 41 | .anonymous().disable() 42 | .authorizeRequests() 43 | .antMatchers("/api-docs/**").permitAll(); 44 | } 45 | 46 | @Bean 47 | public BCryptPasswordEncoder encoder(){ 48 | return new BCryptPasswordEncoder(); 49 | } 50 | 51 | 52 | } 53 | -------------------------------------------------------------------------------- /src/main/java/com/devglan/rolebasedoauth2/controller/UserController.java: -------------------------------------------------------------------------------- 1 | package com.devglan.rolebasedoauth2.controller; 2 | 3 | import com.devglan.rolebasedoauth2.dto.ApiResponse; 4 | import com.devglan.rolebasedoauth2.dto.UserDto; 5 | import com.devglan.rolebasedoauth2.service.AuthenticationFacadeService; 6 | import com.devglan.rolebasedoauth2.service.UserService; 7 | import org.slf4j.Logger; 8 | import org.slf4j.LoggerFactory; 9 | import org.springframework.beans.factory.annotation.Autowired; 10 | import org.springframework.http.HttpStatus; 11 | import org.springframework.security.access.annotation.Secured; 12 | import org.springframework.web.bind.annotation.*; 13 | 14 | @RestController 15 | @RequestMapping("/users") 16 | public class UserController { 17 | 18 | private static final Logger log = LoggerFactory.getLogger(UserController.class); 19 | 20 | public static final String SUCCESS = "success"; 21 | public static final String ROLE_ADMIN = "ROLE_ADMIN"; 22 | public static final String ROLE_USER = "ROLE_USER"; 23 | 24 | @Autowired 25 | private UserService userService; 26 | 27 | @Autowired 28 | private AuthenticationFacadeService authenticationFacadeService; 29 | 30 | @Secured({ROLE_ADMIN}) 31 | @GetMapping 32 | public ApiResponse listUser(){ 33 | log.info(String.format("received request to list user %s", authenticationFacadeService.getAuthentication().getPrincipal())); 34 | return new ApiResponse(HttpStatus.OK, SUCCESS, userService.findAll()); 35 | } 36 | 37 | @Secured({ROLE_ADMIN}) 38 | @PostMapping 39 | public ApiResponse create(@RequestBody UserDto user){ 40 | log.info(String.format("received request to create user %s", authenticationFacadeService.getAuthentication().getPrincipal())); 41 | return new ApiResponse(HttpStatus.OK, SUCCESS, userService.save(user)); 42 | } 43 | 44 | @Secured({ROLE_ADMIN, ROLE_USER}) 45 | @GetMapping(value = "/{id}") 46 | public ApiResponse getUser(@PathVariable long id){ 47 | log.info(String.format("received request to update user %s", authenticationFacadeService.getAuthentication().getPrincipal())); 48 | return new ApiResponse(HttpStatus.OK, SUCCESS, userService.findOne(id)); 49 | } 50 | 51 | @Secured({ROLE_ADMIN}) 52 | @DeleteMapping(value = "/{id}") 53 | public void delete(@PathVariable(value = "id") Long id){ 54 | log.info(String.format("received request to delete user %s", authenticationFacadeService.getAuthentication().getPrincipal())); 55 | userService.delete(id); 56 | } 57 | 58 | 59 | 60 | } 61 | -------------------------------------------------------------------------------- /src/main/java/com/devglan/rolebasedoauth2/dao/RoleDao.java: -------------------------------------------------------------------------------- 1 | package com.devglan.rolebasedoauth2.dao; 2 | 3 | import com.devglan.rolebasedoauth2.model.Role; 4 | import org.springframework.data.jpa.repository.Query; 5 | import org.springframework.data.repository.CrudRepository; 6 | import org.springframework.data.repository.query.Param; 7 | 8 | import java.util.List; 9 | import java.util.Set; 10 | 11 | public interface RoleDao extends CrudRepository { 12 | 13 | @Query(value = "SELECT * FROM Roles where name IN (:roles)", nativeQuery = true) 14 | Set find(@Param("roles") List roles); 15 | } 16 | -------------------------------------------------------------------------------- /src/main/java/com/devglan/rolebasedoauth2/dao/UserDao.java: -------------------------------------------------------------------------------- 1 | package com.devglan.rolebasedoauth2.dao; 2 | 3 | import com.devglan.rolebasedoauth2.model.User; 4 | import org.springframework.data.repository.CrudRepository; 5 | import org.springframework.stereotype.Repository; 6 | 7 | @Repository 8 | public interface UserDao extends CrudRepository { 9 | 10 | User findByUsername(String username); 11 | User findByEmail(String email); 12 | } 13 | -------------------------------------------------------------------------------- /src/main/java/com/devglan/rolebasedoauth2/dto/ApiResponse.java: -------------------------------------------------------------------------------- 1 | package com.devglan.rolebasedoauth2.dto; 2 | 3 | import org.springframework.http.HttpStatus; 4 | 5 | public class ApiResponse { 6 | 7 | private int status; 8 | private String message; 9 | private Object result; 10 | 11 | public ApiResponse(HttpStatus status, String message, Object result){ 12 | this.status = status.value(); 13 | this.message = message; 14 | this.result = result; 15 | } 16 | 17 | public ApiResponse(HttpStatus status, String message){ 18 | this.status = status.value(); 19 | this.message = message; 20 | } 21 | 22 | public int getStatus() { 23 | return status; 24 | } 25 | 26 | public void setStatus(int status) { 27 | this.status = status; 28 | } 29 | 30 | public String getMessage() { 31 | return message; 32 | } 33 | 34 | public void setMessage(String message) { 35 | this.message = message; 36 | } 37 | 38 | public Object getResult() { 39 | return result; 40 | } 41 | 42 | public void setResult(Object result) { 43 | this.result = result; 44 | } 45 | 46 | @Override 47 | public String toString() { 48 | return "ApiResponse [statusCode=" + status + ", message=" + message +"]"; 49 | } 50 | 51 | 52 | } 53 | -------------------------------------------------------------------------------- /src/main/java/com/devglan/rolebasedoauth2/dto/UserDto.java: -------------------------------------------------------------------------------- 1 | package com.devglan.rolebasedoauth2.dto; 2 | 3 | import java.util.List; 4 | 5 | public class UserDto { 6 | 7 | private long id; 8 | private String firstName; 9 | private String lastName; 10 | private String username; 11 | private String password; 12 | private String email; 13 | private List role; 14 | 15 | public long getId() { 16 | return id; 17 | } 18 | 19 | public void setId(long id) { 20 | this.id = id; 21 | } 22 | 23 | public String getFirstName() { 24 | return firstName; 25 | } 26 | 27 | public void setFirstName(String firstName) { 28 | this.firstName = firstName; 29 | } 30 | 31 | public String getLastName() { 32 | return lastName; 33 | } 34 | 35 | public void setLastName(String lastName) { 36 | this.lastName = lastName; 37 | } 38 | 39 | public String getUsername() { 40 | return username; 41 | } 42 | 43 | public void setUsername(String username) { 44 | this.username = username; 45 | } 46 | 47 | public String getPassword() { 48 | return password; 49 | } 50 | 51 | public void setPassword(String password) { 52 | this.password = password; 53 | } 54 | 55 | public String getEmail() { 56 | return email; 57 | } 58 | 59 | public void setEmail(String email) { 60 | this.email = email; 61 | } 62 | 63 | public List getRole() { 64 | return role; 65 | } 66 | 67 | public void setRole(List role) { 68 | this.role = role; 69 | } 70 | 71 | @Override 72 | public String toString() { 73 | return "UserDto{" + 74 | "id=" + id + 75 | ", firstName='" + firstName + '\'' + 76 | ", lastName='" + lastName + '\'' + 77 | ", username='" + username + '\'' + 78 | '}'; 79 | } 80 | } 81 | -------------------------------------------------------------------------------- /src/main/java/com/devglan/rolebasedoauth2/model/Role.java: -------------------------------------------------------------------------------- 1 | package com.devglan.rolebasedoauth2.model; 2 | 3 | import javax.persistence.*; 4 | 5 | @Entity 6 | @Table(name = "ROLES") 7 | public class Role { 8 | 9 | @Id 10 | @GeneratedValue(strategy= GenerationType.IDENTITY) 11 | @Column(name = "ID") 12 | private long id; 13 | 14 | @Enumerated(EnumType.STRING) 15 | @Column(name = "NAME") 16 | private RoleType name; 17 | @Column(name = "DESCRIPTION") 18 | private String description; 19 | @Column(name = "CREATED_ON") 20 | private Long createdOn; 21 | @Column(name = "MODIFIED_ON") 22 | private Long modifiedOn; 23 | 24 | public RoleType getName() { 25 | return name; 26 | } 27 | 28 | public void setName(RoleType name) { 29 | this.name = name; 30 | } 31 | 32 | public String getDescription() { 33 | return description; 34 | } 35 | 36 | public void setDescription(String description) { 37 | this.description = description; 38 | } 39 | 40 | public long getId() { 41 | return id; 42 | } 43 | 44 | public void setId(long id) { 45 | this.id = id; 46 | } 47 | 48 | public Long getCreatedOn() { 49 | return createdOn; 50 | } 51 | 52 | public void setCreatedOn(Long createdOn) { 53 | this.createdOn = createdOn; 54 | } 55 | 56 | public Long getModifiedOn() { 57 | return modifiedOn; 58 | } 59 | 60 | public void setModifiedOn(Long modifiedOn) { 61 | this.modifiedOn = modifiedOn; 62 | } 63 | } 64 | -------------------------------------------------------------------------------- /src/main/java/com/devglan/rolebasedoauth2/model/RoleType.java: -------------------------------------------------------------------------------- 1 | package com.devglan.rolebasedoauth2.model; 2 | 3 | public enum RoleType { 4 | 5 | ADMIN,USER_CREATE,USER_UPDATE,USER 6 | } 7 | -------------------------------------------------------------------------------- /src/main/java/com/devglan/rolebasedoauth2/model/User.java: -------------------------------------------------------------------------------- 1 | package com.devglan.rolebasedoauth2.model; 2 | 3 | import com.devglan.rolebasedoauth2.dto.UserDto; 4 | 5 | import javax.persistence.*; 6 | import java.util.Set; 7 | import java.util.stream.Collectors; 8 | 9 | @Entity 10 | @Table(name = "Users") 11 | public class User { 12 | 13 | @Id 14 | @GeneratedValue(strategy= GenerationType.IDENTITY) 15 | @Column(name = "ID") 16 | private long id; 17 | @Column(name = "FIRST_NAME") 18 | private String firstName; 19 | @Column(name = "LAST_NAME") 20 | private String lastName; 21 | @Column(name = "USERNAME") 22 | private String username; 23 | @Column(name = "PASSWORD") 24 | private String password; 25 | @Column(name = "EMAIL") 26 | private String email; 27 | 28 | @ManyToMany(fetch = FetchType.EAGER) 29 | @JoinTable(name = "User_ROLES", 30 | joinColumns = @JoinColumn(name ="USER_ID"),inverseJoinColumns= @JoinColumn(name="ROLE_ID")) 31 | private Set roles; 32 | 33 | public Set getRoles() { 34 | return roles; 35 | } 36 | 37 | public void setRoles(Set roles) { 38 | this.roles = roles; 39 | } 40 | 41 | public long getId() { 42 | return id; 43 | } 44 | 45 | public void setId(long id) { 46 | this.id = id; 47 | } 48 | 49 | public String getFirstName() { 50 | return firstName; 51 | } 52 | 53 | public void setFirstName(String firstName) { 54 | this.firstName = firstName; 55 | } 56 | 57 | public String getLastName() { 58 | return lastName; 59 | } 60 | 61 | public void setLastName(String lastName) { 62 | this.lastName = lastName; 63 | } 64 | 65 | public String getUsername() { 66 | return username; 67 | } 68 | 69 | public void setUsername(String username) { 70 | this.username = username; 71 | } 72 | 73 | public String getPassword() { 74 | return password; 75 | } 76 | 77 | public void setPassword(String password) { 78 | this.password = password; 79 | } 80 | 81 | public String getEmail() { 82 | return email; 83 | } 84 | 85 | public void setEmail(String email) { 86 | this.email = email; 87 | } 88 | 89 | public UserDto toUserDto(){ 90 | UserDto userDto = new UserDto(); 91 | userDto.setId(this.id); 92 | userDto.setEmail(this.email); 93 | userDto.setFirstName(this.firstName); 94 | userDto.setLastName(this.lastName); 95 | userDto.setUsername(this.username); 96 | userDto.setRole(this.roles.stream().map(role -> role.getName().toString()).collect(Collectors.toList())); 97 | return userDto; 98 | } 99 | } 100 | -------------------------------------------------------------------------------- /src/main/java/com/devglan/rolebasedoauth2/service/AuthenticationFacadeService.java: -------------------------------------------------------------------------------- 1 | package com.devglan.rolebasedoauth2.service; 2 | 3 | import org.springframework.security.core.Authentication; 4 | 5 | public interface AuthenticationFacadeService { 6 | 7 | Authentication getAuthentication(); 8 | } 9 | -------------------------------------------------------------------------------- /src/main/java/com/devglan/rolebasedoauth2/service/UserService.java: -------------------------------------------------------------------------------- 1 | package com.devglan.rolebasedoauth2.service; 2 | 3 | import com.devglan.rolebasedoauth2.dto.UserDto; 4 | import com.devglan.rolebasedoauth2.model.User; 5 | 6 | import java.util.List; 7 | 8 | public interface UserService { 9 | 10 | UserDto save(UserDto user); 11 | List findAll(); 12 | User findOne(long id); 13 | void delete(long id); 14 | } 15 | -------------------------------------------------------------------------------- /src/main/java/com/devglan/rolebasedoauth2/service/impl/AuthenticationFacadeServiceImpl.java: -------------------------------------------------------------------------------- 1 | package com.devglan.rolebasedoauth2.service.impl; 2 | 3 | import com.devglan.rolebasedoauth2.service.AuthenticationFacadeService; 4 | import org.springframework.security.core.Authentication; 5 | import org.springframework.security.core.context.SecurityContextHolder; 6 | import org.springframework.stereotype.Component; 7 | 8 | @Component 9 | public class AuthenticationFacadeServiceImpl implements AuthenticationFacadeService { 10 | 11 | @Override 12 | public Authentication getAuthentication() { 13 | return SecurityContextHolder.getContext().getAuthentication(); 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /src/main/java/com/devglan/rolebasedoauth2/service/impl/UserServiceImpl.java: -------------------------------------------------------------------------------- 1 | package com.devglan.rolebasedoauth2.service.impl; 2 | 3 | import com.devglan.rolebasedoauth2.dao.RoleDao; 4 | import com.devglan.rolebasedoauth2.dao.UserDao; 5 | import com.devglan.rolebasedoauth2.dto.UserDto; 6 | import com.devglan.rolebasedoauth2.model.Role; 7 | import com.devglan.rolebasedoauth2.model.RoleType; 8 | import com.devglan.rolebasedoauth2.model.User; 9 | import com.devglan.rolebasedoauth2.service.UserService; 10 | import org.slf4j.Logger; 11 | import org.slf4j.LoggerFactory; 12 | import org.springframework.beans.factory.annotation.Autowired; 13 | import org.springframework.security.core.GrantedAuthority; 14 | import org.springframework.security.core.authority.SimpleGrantedAuthority; 15 | import org.springframework.security.core.userdetails.UserDetails; 16 | import org.springframework.security.core.userdetails.UserDetailsService; 17 | import org.springframework.security.core.userdetails.UsernameNotFoundException; 18 | import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; 19 | import org.springframework.stereotype.Service; 20 | import org.springframework.transaction.annotation.Transactional; 21 | 22 | import java.util.ArrayList; 23 | import java.util.List; 24 | import java.util.Set; 25 | import java.util.stream.Collectors; 26 | 27 | @Transactional 28 | @Service(value = "userService") 29 | public class UserServiceImpl implements UserDetailsService, UserService { 30 | 31 | private static final Logger log = LoggerFactory.getLogger(UserServiceImpl.class); 32 | 33 | @Autowired 34 | private UserDao userDao; 35 | 36 | @Autowired 37 | private RoleDao roleDao; 38 | 39 | @Autowired 40 | private BCryptPasswordEncoder passwordEncoder; 41 | 42 | public UserDetails loadUserByUsername(String userId) throws UsernameNotFoundException { 43 | User user = userDao.findByUsername(userId); 44 | if(user == null){ 45 | log.error("Invalid username or password."); 46 | throw new UsernameNotFoundException("Invalid username or password."); 47 | } 48 | Set grantedAuthorities = getAuthorities(user); 49 | 50 | 51 | return new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPassword(), grantedAuthorities); 52 | } 53 | 54 | private Set getAuthorities(User user) { 55 | Set roleByUserId = user.getRoles(); 56 | final Set authorities = roleByUserId.stream().map(role -> new SimpleGrantedAuthority("ROLE_" + role.getName().toString().toUpperCase())).collect(Collectors.toSet()); 57 | return authorities; 58 | } 59 | 60 | public List findAll() { 61 | List users = new ArrayList<>(); 62 | userDao.findAll().iterator().forEachRemaining(user -> users.add(user.toUserDto())); 63 | return users; 64 | } 65 | 66 | @Override 67 | public User findOne(long id) { 68 | return userDao.findById(id).get(); 69 | } 70 | 71 | @Override 72 | public void delete(long id) { 73 | userDao.deleteById(id); 74 | } 75 | 76 | @Override 77 | public UserDto save(UserDto userDto) { 78 | User userWithDuplicateUsername = userDao.findByUsername(userDto.getUsername()); 79 | if(userWithDuplicateUsername != null && userDto.getId() != userWithDuplicateUsername.getId()) { 80 | log.error(String.format("Duplicate username %", userDto.getUsername())); 81 | throw new RuntimeException("Duplicate username."); 82 | } 83 | User userWithDuplicateEmail = userDao.findByEmail(userDto.getEmail()); 84 | if(userWithDuplicateEmail != null && userDto.getId() != userWithDuplicateEmail.getId()) { 85 | log.error(String.format("Duplicate email %", userDto.getEmail())); 86 | throw new RuntimeException("Duplicate email."); 87 | } 88 | User user = new User(); 89 | user.setEmail(userDto.getEmail()); 90 | user.setFirstName(userDto.getFirstName()); 91 | user.setLastName(userDto.getLastName()); 92 | user.setUsername(userDto.getUsername()); 93 | user.setPassword(passwordEncoder.encode(userDto.getPassword())); 94 | List roleTypes = new ArrayList<>(); 95 | userDto.getRole().stream().map(role -> roleTypes.add(RoleType.valueOf(role))); 96 | user.setRoles(roleDao.find(userDto.getRole())); 97 | userDao.save(user); 98 | return userDto; 99 | } 100 | } 101 | -------------------------------------------------------------------------------- /src/main/resources/application.properties: -------------------------------------------------------------------------------- 1 | spring.datasource.url=jdbc:mysql://localhost:3306/test 2 | spring.datasource.username=root 3 | spring.datasource.password=root 4 | spring.jpa.hibernate.ddl-auto=create-drop 5 | spring.jpa.show-sql=true 6 | spring.user.datasource.driver-class-name=com.mysql.jdbc.Driver -------------------------------------------------------------------------------- /src/main/resources/logback.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | %d{yyyy-MM-dd HH:mm:ss} %-5level %logger{36} - %m%n 6 | 7 | 8 | 9 | 11 | devglan.log 12 | aaj 13 | devglan.%d{yyyy-MM-dd}.log 14 | 30 15 | 16 | 17 | 18 | %d{yyyy-MM-dd HH:mm:ss} %-5level %logger{36} - %m%n 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /src/main/resources/script.sql: -------------------------------------------------------------------------------- 1 | drop table if exists roles; 2 | drop table if exists user_roles; 3 | drop table if exists users; 4 | create table roles (id bigint not null auto_increment, created_on bigint, description varchar(255), modified_on bigint, name varchar(255), primary key (id)) engine=MyISAM; 5 | create table user_roles (user_id bigint not null, role_id bigint not null, primary key (user_id, role_id)) engine=MyISAM; 6 | create table users (id bigint not null auto_increment, email varchar(255), first_name varchar(255), last_name varchar(255), password varchar(255), username varchar(255), primary key (id)) engine=MyISAM 7 | alter table user_roles add constraint FKh8ciramu9cc9q3qcqiv4ue8a6 foreign key (role_id) references roles (id); 8 | alter table user_roles add constraint FKhfh9dx7w3ubf1co1vdev94g3f foreign key (user_id) references users (id); 9 | 10 | INSERT INTO roles(description,name) values ('Admin', 'ADMIN'); 11 | INSERT INTO roles(description,name) values ('User', 'USER'); 12 | INSERT INTO users (email,first_name, last_name,password,username) values ('admin@gmail.com','admin', 'admin','$2a$04$EZzbSqieYfe/nFWfBWt2KeCdyq0UuDEM1ycFF8HzmlVR6sbsOnw7u','admin'); 13 | insert into USER_ROLES(USER_ID,ROLE_ID) values (1,1); -------------------------------------------------------------------------------- /src/test/java/com/devglan/rolebasedoauth2/RoleBasedOauth2ApplicationTests.java: -------------------------------------------------------------------------------- 1 | package com.devglan.rolebasedoauth2; 2 | 3 | import org.junit.Test; 4 | import org.junit.runner.RunWith; 5 | import org.springframework.boot.test.context.SpringBootTest; 6 | import org.springframework.test.context.junit4.SpringRunner; 7 | 8 | @RunWith(SpringRunner.class) 9 | @SpringBootTest 10 | public class RoleBasedOauth2ApplicationTests { 11 | 12 | @Test 13 | public void contextLoads() { 14 | } 15 | 16 | } 17 | 18 | --------------------------------------------------------------------------------