├── .gitignore
├── README.md
├── mvnw
├── mvnw.cmd
├── pom.xml
└── src
├── main
├── java
│ └── com
│ │ └── devglan
│ │ └── rolebasedoauth2
│ │ ├── RoleBasedOauth2Application.java
│ │ ├── config
│ │ ├── AuthorizationServerConfig.java
│ │ ├── ResourceServerConfig.java
│ │ └── SecurityConfig.java
│ │ ├── controller
│ │ └── UserController.java
│ │ ├── dao
│ │ ├── RoleDao.java
│ │ └── UserDao.java
│ │ ├── dto
│ │ ├── ApiResponse.java
│ │ └── UserDto.java
│ │ ├── model
│ │ ├── Role.java
│ │ ├── RoleType.java
│ │ └── User.java
│ │ └── service
│ │ ├── AuthenticationFacadeService.java
│ │ ├── UserService.java
│ │ └── impl
│ │ ├── AuthenticationFacadeServiceImpl.java
│ │ └── UserServiceImpl.java
└── resources
│ ├── application.properties
│ ├── logback.xml
│ └── script.sql
└── test
└── java
└── com
└── devglan
└── rolebasedoauth2
└── RoleBasedOauth2ApplicationTests.java
/.gitignore:
--------------------------------------------------------------------------------
1 | /target/
2 | !.mvn/wrapper/maven-wrapper.jar
3 |
4 | ### STS ###
5 | .apt_generated
6 | .classpath
7 | .factorypath
8 | .project
9 | .settings
10 | .springBeans
11 | .sts4-cache
12 |
13 | ### IntelliJ IDEA ###
14 | .idea
15 | *.iws
16 | *.iml
17 | *.ipr
18 |
19 | ### NetBeans ###
20 | /nbproject/private/
21 | /build/
22 | /nbbuild/
23 | /dist/
24 | /nbdist/
25 | /.nb-gradle/
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # role-based-oauth2
2 | In this article, we will be securing REST APIs with role based OAUTH2 implementation. To do so, we will be creating two custom roles as ADMIN and USER and we will use <code>@secured</code> annotation provided by spring security to secure our controller methods based on role. This article was posted on [Devglan](https://www.devglan.com/spring-security/spring-oauth2-role-based-authorization). Below are some other articles on OAUTH2
3 | 1. [Spring Boot Security OAUTH2 with Angular Example](https://www.devglan.com/spring-security/spring-boot-oauth2-angular)
4 | 2. [Spring Boot Security OAUTH2 Example](https://www.devglan.com/spring-security/spring-boot-security-oauth2-example)
5 | 3. [Spring Boot OAUTH2 JWT Example](https://www.devglan.com/spring-security/spring-boot-oauth2-jwt-example)
6 | 4. [Exception Handling in Spring Security](https://www.devglan.com/spring-security/exception-handling-in-spring-security)
7 |
8 | Also, you can visit this page to explore all the [tutorials on spring security](https://www.devglan.com/tutorials/spring-security-tutorial)
9 |
--------------------------------------------------------------------------------
/mvnw:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | # ----------------------------------------------------------------------------
3 | # Licensed to the Apache Software Foundation (ASF) under one
4 | # or more contributor license agreements. See the NOTICE file
5 | # distributed with this work for additional information
6 | # regarding copyright ownership. The ASF licenses this file
7 | # to you under the Apache License, Version 2.0 (the
8 | # "License"); you may not use this file except in compliance
9 | # with the License. You may obtain a copy of the License at
10 | #
11 | # http://www.apache.org/licenses/LICENSE-2.0
12 | #
13 | # Unless required by applicable law or agreed to in writing,
14 | # software distributed under the License is distributed on an
15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16 | # KIND, either express or implied. See the License for the
17 | # specific language governing permissions and limitations
18 | # under the License.
19 | # ----------------------------------------------------------------------------
20 |
21 | # ----------------------------------------------------------------------------
22 | # Maven2 Start Up Batch script
23 | #
24 | # Required ENV vars:
25 | # ------------------
26 | # JAVA_HOME - location of a JDK home dir
27 | #
28 | # Optional ENV vars
29 | # -----------------
30 | # M2_HOME - location of maven2's installed home dir
31 | # MAVEN_OPTS - parameters passed to the Java VM when running Maven
32 | # e.g. to debug Maven itself, use
33 | # set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
34 | # MAVEN_SKIP_RC - flag to disable loading of mavenrc files
35 | # ----------------------------------------------------------------------------
36 |
37 | if [ -z "$MAVEN_SKIP_RC" ] ; then
38 |
39 | if [ -f /etc/mavenrc ] ; then
40 | . /etc/mavenrc
41 | fi
42 |
43 | if [ -f "$HOME/.mavenrc" ] ; then
44 | . "$HOME/.mavenrc"
45 | fi
46 |
47 | fi
48 |
49 | # OS specific support. $var _must_ be set to either true or false.
50 | cygwin=false;
51 | darwin=false;
52 | mingw=false
53 | case "`uname`" in
54 | CYGWIN*) cygwin=true ;;
55 | MINGW*) mingw=true;;
56 | Darwin*) darwin=true
57 | # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home
58 | # See https://developer.apple.com/library/mac/qa/qa1170/_index.html
59 | if [ -z "$JAVA_HOME" ]; then
60 | if [ -x "/usr/libexec/java_home" ]; then
61 | export JAVA_HOME="`/usr/libexec/java_home`"
62 | else
63 | export JAVA_HOME="/Library/Java/Home"
64 | fi
65 | fi
66 | ;;
67 | esac
68 |
69 | if [ -z "$JAVA_HOME" ] ; then
70 | if [ -r /etc/gentoo-release ] ; then
71 | JAVA_HOME=`java-config --jre-home`
72 | fi
73 | fi
74 |
75 | if [ -z "$M2_HOME" ] ; then
76 | ## resolve links - $0 may be a link to maven's home
77 | PRG="$0"
78 |
79 | # need this for relative symlinks
80 | while [ -h "$PRG" ] ; do
81 | ls=`ls -ld "$PRG"`
82 | link=`expr "$ls" : '.*-> \(.*\)$'`
83 | if expr "$link" : '/.*' > /dev/null; then
84 | PRG="$link"
85 | else
86 | PRG="`dirname "$PRG"`/$link"
87 | fi
88 | done
89 |
90 | saveddir=`pwd`
91 |
92 | M2_HOME=`dirname "$PRG"`/..
93 |
94 | # make it fully qualified
95 | M2_HOME=`cd "$M2_HOME" && pwd`
96 |
97 | cd "$saveddir"
98 | # echo Using m2 at $M2_HOME
99 | fi
100 |
101 | # For Cygwin, ensure paths are in UNIX format before anything is touched
102 | if $cygwin ; then
103 | [ -n "$M2_HOME" ] &&
104 | M2_HOME=`cygpath --unix "$M2_HOME"`
105 | [ -n "$JAVA_HOME" ] &&
106 | JAVA_HOME=`cygpath --unix "$JAVA_HOME"`
107 | [ -n "$CLASSPATH" ] &&
108 | CLASSPATH=`cygpath --path --unix "$CLASSPATH"`
109 | fi
110 |
111 | # For Mingw, ensure paths are in UNIX format before anything is touched
112 | if $mingw ; then
113 | [ -n "$M2_HOME" ] &&
114 | M2_HOME="`(cd "$M2_HOME"; pwd)`"
115 | [ -n "$JAVA_HOME" ] &&
116 | JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`"
117 | # TODO classpath?
118 | fi
119 |
120 | if [ -z "$JAVA_HOME" ]; then
121 | javaExecutable="`which javac`"
122 | if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then
123 | # readlink(1) is not available as standard on Solaris 10.
124 | readLink=`which readlink`
125 | if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then
126 | if $darwin ; then
127 | javaHome="`dirname \"$javaExecutable\"`"
128 | javaExecutable="`cd \"$javaHome\" && pwd -P`/javac"
129 | else
130 | javaExecutable="`readlink -f \"$javaExecutable\"`"
131 | fi
132 | javaHome="`dirname \"$javaExecutable\"`"
133 | javaHome=`expr "$javaHome" : '\(.*\)/bin'`
134 | JAVA_HOME="$javaHome"
135 | export JAVA_HOME
136 | fi
137 | fi
138 | fi
139 |
140 | if [ -z "$JAVACMD" ] ; then
141 | if [ -n "$JAVA_HOME" ] ; then
142 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
143 | # IBM's JDK on AIX uses strange locations for the executables
144 | JAVACMD="$JAVA_HOME/jre/sh/java"
145 | else
146 | JAVACMD="$JAVA_HOME/bin/java"
147 | fi
148 | else
149 | JAVACMD="`which java`"
150 | fi
151 | fi
152 |
153 | if [ ! -x "$JAVACMD" ] ; then
154 | echo "Error: JAVA_HOME is not defined correctly." >&2
155 | echo " We cannot execute $JAVACMD" >&2
156 | exit 1
157 | fi
158 |
159 | if [ -z "$JAVA_HOME" ] ; then
160 | echo "Warning: JAVA_HOME environment variable is not set."
161 | fi
162 |
163 | CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher
164 |
165 | # traverses directory structure from process work directory to filesystem root
166 | # first directory with .mvn subdirectory is considered project base directory
167 | find_maven_basedir() {
168 |
169 | if [ -z "$1" ]
170 | then
171 | echo "Path not specified to find_maven_basedir"
172 | return 1
173 | fi
174 |
175 | basedir="$1"
176 | wdir="$1"
177 | while [ "$wdir" != '/' ] ; do
178 | if [ -d "$wdir"/.mvn ] ; then
179 | basedir=$wdir
180 | break
181 | fi
182 | # workaround for JBEAP-8937 (on Solaris 10/Sparc)
183 | if [ -d "${wdir}" ]; then
184 | wdir=`cd "$wdir/.."; pwd`
185 | fi
186 | # end of workaround
187 | done
188 | echo "${basedir}"
189 | }
190 |
191 | # concatenates all lines of a file
192 | concat_lines() {
193 | if [ -f "$1" ]; then
194 | echo "$(tr -s '\n' ' ' < "$1")"
195 | fi
196 | }
197 |
198 | BASE_DIR=`find_maven_basedir "$(pwd)"`
199 | if [ -z "$BASE_DIR" ]; then
200 | exit 1;
201 | fi
202 |
203 | ##########################################################################################
204 | # Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
205 | # This allows using the maven wrapper in projects that prohibit checking in binary data.
206 | ##########################################################################################
207 | if [ -r "$BASE_DIR/.mvn/wrapper/maven-wrapper.jar" ]; then
208 | if [ "$MVNW_VERBOSE" = true ]; then
209 | echo "Found .mvn/wrapper/maven-wrapper.jar"
210 | fi
211 | else
212 | if [ "$MVNW_VERBOSE" = true ]; then
213 | echo "Couldn't find .mvn/wrapper/maven-wrapper.jar, downloading it ..."
214 | fi
215 | jarUrl="https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.4.2/maven-wrapper-0.4.2.jar"
216 | while IFS="=" read key value; do
217 | case "$key" in (wrapperUrl) jarUrl="$value"; break ;;
218 | esac
219 | done < "$BASE_DIR/.mvn/wrapper/maven-wrapper.properties"
220 | if [ "$MVNW_VERBOSE" = true ]; then
221 | echo "Downloading from: $jarUrl"
222 | fi
223 | wrapperJarPath="$BASE_DIR/.mvn/wrapper/maven-wrapper.jar"
224 |
225 | if command -v wget > /dev/null; then
226 | if [ "$MVNW_VERBOSE" = true ]; then
227 | echo "Found wget ... using wget"
228 | fi
229 | wget "$jarUrl" -O "$wrapperJarPath"
230 | elif command -v curl > /dev/null; then
231 | if [ "$MVNW_VERBOSE" = true ]; then
232 | echo "Found curl ... using curl"
233 | fi
234 | curl -o "$wrapperJarPath" "$jarUrl"
235 | else
236 | if [ "$MVNW_VERBOSE" = true ]; then
237 | echo "Falling back to using Java to download"
238 | fi
239 | javaClass="$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.java"
240 | if [ -e "$javaClass" ]; then
241 | if [ ! -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then
242 | if [ "$MVNW_VERBOSE" = true ]; then
243 | echo " - Compiling MavenWrapperDownloader.java ..."
244 | fi
245 | # Compiling the Java class
246 | ("$JAVA_HOME/bin/javac" "$javaClass")
247 | fi
248 | if [ -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then
249 | # Running the downloader
250 | if [ "$MVNW_VERBOSE" = true ]; then
251 | echo " - Running MavenWrapperDownloader.java ..."
252 | fi
253 | ("$JAVA_HOME/bin/java" -cp .mvn/wrapper MavenWrapperDownloader "$MAVEN_PROJECTBASEDIR")
254 | fi
255 | fi
256 | fi
257 | fi
258 | ##########################################################################################
259 | # End of extension
260 | ##########################################################################################
261 |
262 | export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"}
263 | if [ "$MVNW_VERBOSE" = true ]; then
264 | echo $MAVEN_PROJECTBASEDIR
265 | fi
266 | MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS"
267 |
268 | # For Cygwin, switch paths to Windows format before running java
269 | if $cygwin; then
270 | [ -n "$M2_HOME" ] &&
271 | M2_HOME=`cygpath --path --windows "$M2_HOME"`
272 | [ -n "$JAVA_HOME" ] &&
273 | JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"`
274 | [ -n "$CLASSPATH" ] &&
275 | CLASSPATH=`cygpath --path --windows "$CLASSPATH"`
276 | [ -n "$MAVEN_PROJECTBASEDIR" ] &&
277 | MAVEN_PROJECTBASEDIR=`cygpath --path --windows "$MAVEN_PROJECTBASEDIR"`
278 | fi
279 |
280 | WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
281 |
282 | exec "$JAVACMD" \
283 | $MAVEN_OPTS \
284 | -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \
285 | "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \
286 | ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@"
287 |
--------------------------------------------------------------------------------
/mvnw.cmd:
--------------------------------------------------------------------------------
1 | @REM ----------------------------------------------------------------------------
2 | @REM Licensed to the Apache Software Foundation (ASF) under one
3 | @REM or more contributor license agreements. See the NOTICE file
4 | @REM distributed with this work for additional information
5 | @REM regarding copyright ownership. The ASF licenses this file
6 | @REM to you under the Apache License, Version 2.0 (the
7 | @REM "License"); you may not use this file except in compliance
8 | @REM with the License. You may obtain a copy of the License at
9 | @REM
10 | @REM http://www.apache.org/licenses/LICENSE-2.0
11 | @REM
12 | @REM Unless required by applicable law or agreed to in writing,
13 | @REM software distributed under the License is distributed on an
14 | @REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 | @REM KIND, either express or implied. See the License for the
16 | @REM specific language governing permissions and limitations
17 | @REM under the License.
18 | @REM ----------------------------------------------------------------------------
19 |
20 | @REM ----------------------------------------------------------------------------
21 | @REM Maven2 Start Up Batch script
22 | @REM
23 | @REM Required ENV vars:
24 | @REM JAVA_HOME - location of a JDK home dir
25 | @REM
26 | @REM Optional ENV vars
27 | @REM M2_HOME - location of maven2's installed home dir
28 | @REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands
29 | @REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a key stroke before ending
30 | @REM MAVEN_OPTS - parameters passed to the Java VM when running Maven
31 | @REM e.g. to debug Maven itself, use
32 | @REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
33 | @REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files
34 | @REM ----------------------------------------------------------------------------
35 |
36 | @REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on'
37 | @echo off
38 | @REM set title of command window
39 | title %0
40 | @REM enable echoing my setting MAVEN_BATCH_ECHO to 'on'
41 | @if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO%
42 |
43 | @REM set %HOME% to equivalent of $HOME
44 | if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%")
45 |
46 | @REM Execute a user defined script before this one
47 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre
48 | @REM check for pre script, once with legacy .bat ending and once with .cmd ending
49 | if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat"
50 | if exist "%HOME%\mavenrc_pre.cmd" call "%HOME%\mavenrc_pre.cmd"
51 | :skipRcPre
52 |
53 | @setlocal
54 |
55 | set ERROR_CODE=0
56 |
57 | @REM To isolate internal variables from possible post scripts, we use another setlocal
58 | @setlocal
59 |
60 | @REM ==== START VALIDATION ====
61 | if not "%JAVA_HOME%" == "" goto OkJHome
62 |
63 | echo.
64 | echo Error: JAVA_HOME not found in your environment. >&2
65 | echo Please set the JAVA_HOME variable in your environment to match the >&2
66 | echo location of your Java installation. >&2
67 | echo.
68 | goto error
69 |
70 | :OkJHome
71 | if exist "%JAVA_HOME%\bin\java.exe" goto init
72 |
73 | echo.
74 | echo Error: JAVA_HOME is set to an invalid directory. >&2
75 | echo JAVA_HOME = "%JAVA_HOME%" >&2
76 | echo Please set the JAVA_HOME variable in your environment to match the >&2
77 | echo location of your Java installation. >&2
78 | echo.
79 | goto error
80 |
81 | @REM ==== END VALIDATION ====
82 |
83 | :init
84 |
85 | @REM Find the project base dir, i.e. the directory that contains the folder ".mvn".
86 | @REM Fallback to current working directory if not found.
87 |
88 | set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%
89 | IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir
90 |
91 | set EXEC_DIR=%CD%
92 | set WDIR=%EXEC_DIR%
93 | :findBaseDir
94 | IF EXIST "%WDIR%"\.mvn goto baseDirFound
95 | cd ..
96 | IF "%WDIR%"=="%CD%" goto baseDirNotFound
97 | set WDIR=%CD%
98 | goto findBaseDir
99 |
100 | :baseDirFound
101 | set MAVEN_PROJECTBASEDIR=%WDIR%
102 | cd "%EXEC_DIR%"
103 | goto endDetectBaseDir
104 |
105 | :baseDirNotFound
106 | set MAVEN_PROJECTBASEDIR=%EXEC_DIR%
107 | cd "%EXEC_DIR%"
108 |
109 | :endDetectBaseDir
110 |
111 | IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig
112 |
113 | @setlocal EnableExtensions EnableDelayedExpansion
114 | for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a
115 | @endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%
116 |
117 | :endReadAdditionalConfig
118 |
119 | SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe"
120 | set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar"
121 | set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
122 |
123 | set DOWNLOAD_URL="https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.4.2/maven-wrapper-0.4.2.jar"
124 | FOR /F "tokens=1,2 delims==" %%A IN (%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties) DO (
125 | IF "%%A"=="wrapperUrl" SET DOWNLOAD_URL=%%B
126 | )
127 |
128 | @REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
129 | @REM This allows using the maven wrapper in projects that prohibit checking in binary data.
130 | if exist %WRAPPER_JAR% (
131 | echo Found %WRAPPER_JAR%
132 | ) else (
133 | echo Couldn't find %WRAPPER_JAR%, downloading it ...
134 | echo Downloading from: %DOWNLOAD_URL%
135 | powershell -Command "(New-Object Net.WebClient).DownloadFile('%DOWNLOAD_URL%', '%WRAPPER_JAR%')"
136 | echo Finished downloading %WRAPPER_JAR%
137 | )
138 | @REM End of extension
139 |
140 | %MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %*
141 | if ERRORLEVEL 1 goto error
142 | goto end
143 |
144 | :error
145 | set ERROR_CODE=1
146 |
147 | :end
148 | @endlocal & set ERROR_CODE=%ERROR_CODE%
149 |
150 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPost
151 | @REM check for post script, once with legacy .bat ending and once with .cmd ending
152 | if exist "%HOME%\mavenrc_post.bat" call "%HOME%\mavenrc_post.bat"
153 | if exist "%HOME%\mavenrc_post.cmd" call "%HOME%\mavenrc_post.cmd"
154 | :skipRcPost
155 |
156 | @REM pause the script if MAVEN_BATCH_PAUSE is set to 'on'
157 | if "%MAVEN_BATCH_PAUSE%" == "on" pause
158 |
159 | if "%MAVEN_TERMINATE_CMD%" == "on" exit %ERROR_CODE%
160 |
161 | exit /B %ERROR_CODE%
162 |
--------------------------------------------------------------------------------
/pom.xml:
--------------------------------------------------------------------------------
1 |
2 |
4 | 4.0.0
5 |
6 | org.springframework.boot
7 | spring-boot-starter-parent
8 | 2.1.1.RELEASE
9 |
10 |
11 | com.devglan
12 | role-based-oauth2
13 | 0.0.1-SNAPSHOT
14 | role-based-oauth2
15 | Demo project for Spring Boot
16 |
17 |
18 | 1.8
19 |
20 |
21 |
22 |
23 | org.springframework.boot
24 | spring-boot-starter-data-jpa
25 |
26 |
27 | org.springframework.boot
28 | spring-boot-starter-security
29 |
30 |
31 | org.springframework.boot
32 | spring-boot-starter-web
33 |
34 |
35 | org.springframework.security.oauth
36 | spring-security-oauth2
37 | 2.1.0.RELEASE
38 |
39 |
40 | org.springframework.security
41 | spring-security-jwt
42 | 1.0.9.RELEASE
43 |
44 |
45 | mysql
46 | mysql-connector-java
47 |
48 |
49 | org.springframework.boot
50 | spring-boot-starter-test
51 | test
52 |
53 |
54 | org.springframework.security
55 | spring-security-test
56 | test
57 |
58 |
59 |
60 |
61 |
62 |
63 | org.springframework.boot
64 | spring-boot-maven-plugin
65 |
66 |
67 |
68 |
69 |
70 |
--------------------------------------------------------------------------------
/src/main/java/com/devglan/rolebasedoauth2/RoleBasedOauth2Application.java:
--------------------------------------------------------------------------------
1 | package com.devglan.rolebasedoauth2;
2 |
3 | import org.springframework.boot.SpringApplication;
4 | import org.springframework.boot.autoconfigure.SpringBootApplication;
5 |
6 | @SpringBootApplication
7 | public class RoleBasedOauth2Application {
8 |
9 | public static void main(String[] args) {
10 | SpringApplication.run(RoleBasedOauth2Application.class, args);
11 | }
12 |
13 | }
14 |
15 |
--------------------------------------------------------------------------------
/src/main/java/com/devglan/rolebasedoauth2/config/AuthorizationServerConfig.java:
--------------------------------------------------------------------------------
1 | package com.devglan.rolebasedoauth2.config;
2 |
3 | import org.springframework.beans.factory.annotation.Autowired;
4 | import org.springframework.context.annotation.Bean;
5 | import org.springframework.context.annotation.Configuration;
6 | import org.springframework.security.authentication.AuthenticationManager;
7 | import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
8 | import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
9 | import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
10 | import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
11 | import org.springframework.security.oauth2.provider.token.TokenStore;
12 | import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
13 | import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
14 |
15 | @Configuration
16 | @EnableAuthorizationServer
17 | public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
18 |
19 | private static final String CLIEN_ID = "devglan-client";
20 | private static final String CLIENT_SECRET ="$2a$04$1VGGg98BkCSvSLs4RDSyUu8MrYf0jkY3dgCLAy8GHJe6QA4VAM/X2";
21 | private static final String GRANT_TYPE_PASSWORD = "password";
22 | private static final String AUTHORIZATION_CODE = "authorization_code";
23 | private static final String REFRESH_TOKEN = "refresh_token";
24 | private static final String IMPLICIT = "implicit";
25 | private static final String SCOPE_READ = "read";
26 | private static final String SCOPE_WRITE = "write";
27 | private static final String TRUST = "trust";
28 |
29 | @Autowired
30 | private AuthenticationManager authenticationManager;
31 |
32 | @Bean
33 | public JwtAccessTokenConverter accessTokenConverter() {
34 | JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
35 | converter.setSigningKey("as466gf");
36 | return converter;
37 | }
38 |
39 | @Bean
40 | public TokenStore tokenStore() {
41 | return new JwtTokenStore(accessTokenConverter());
42 | }
43 |
44 | @Override
45 | public void configure(ClientDetailsServiceConfigurer configurer) throws Exception {
46 |
47 | configurer
48 | .inMemory()
49 | .withClient(CLIEN_ID)
50 | .secret(CLIENT_SECRET)
51 | .authorizedGrantTypes(GRANT_TYPE_PASSWORD, AUTHORIZATION_CODE, REFRESH_TOKEN, IMPLICIT )
52 | .scopes(SCOPE_READ, SCOPE_WRITE, TRUST);
53 | }
54 |
55 | @Override
56 | public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
57 |
58 | endpoints
59 | /*.pathMapping("/oauth/token", "/users/user/login")*/.tokenStore(tokenStore())
60 | .authenticationManager(authenticationManager)
61 | .accessTokenConverter(accessTokenConverter());
62 | }
63 |
64 |
65 | }
--------------------------------------------------------------------------------
/src/main/java/com/devglan/rolebasedoauth2/config/ResourceServerConfig.java:
--------------------------------------------------------------------------------
1 | package com.devglan.rolebasedoauth2.config;
2 |
3 | import org.springframework.context.annotation.Configuration;
4 | import org.springframework.security.config.annotation.web.builders.HttpSecurity;
5 | import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
6 | import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
7 | import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
8 | import org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler;
9 |
10 | @Configuration
11 | @EnableResourceServer
12 | public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
13 |
14 | private static final String RESOURCE_ID = "resource_id";
15 |
16 | @Override
17 | public void configure(ResourceServerSecurityConfigurer resources) {
18 | resources.resourceId(RESOURCE_ID).stateless(false);
19 | }
20 |
21 | @Override
22 | public void configure(HttpSecurity http) throws Exception {
23 | http.
24 | anonymous().disable()
25 | .authorizeRequests()
26 | .antMatchers("/admin/**").access("hasRole('ADMIN')")
27 | .and().exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler());
28 | }
29 |
30 |
31 |
32 | }
--------------------------------------------------------------------------------
/src/main/java/com/devglan/rolebasedoauth2/config/SecurityConfig.java:
--------------------------------------------------------------------------------
1 | package com.devglan.rolebasedoauth2.config;
2 |
3 | import org.springframework.beans.factory.annotation.Autowired;
4 | import org.springframework.context.annotation.Bean;
5 | import org.springframework.context.annotation.Configuration;
6 | import org.springframework.security.authentication.AuthenticationManager;
7 | import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
8 | import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
9 | import org.springframework.security.config.annotation.web.builders.HttpSecurity;
10 | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
11 | import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
12 | import org.springframework.security.core.userdetails.UserDetailsService;
13 | import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
14 |
15 | import javax.annotation.Resource;
16 |
17 | @Configuration
18 | @EnableWebSecurity
19 | @EnableGlobalMethodSecurity(securedEnabled = true)
20 | public class SecurityConfig extends WebSecurityConfigurerAdapter {
21 |
22 | @Resource(name = "userService")
23 | private UserDetailsService userDetailsService;
24 |
25 | @Override
26 | @Bean
27 | public AuthenticationManager authenticationManagerBean() throws Exception {
28 | return super.authenticationManagerBean();
29 | }
30 |
31 | @Autowired
32 | public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception {
33 | auth.userDetailsService(userDetailsService)
34 | .passwordEncoder(encoder());
35 | }
36 |
37 | @Override
38 | protected void configure(HttpSecurity http) throws Exception {
39 | http
40 | .csrf().disable()
41 | .anonymous().disable()
42 | .authorizeRequests()
43 | .antMatchers("/api-docs/**").permitAll();
44 | }
45 |
46 | @Bean
47 | public BCryptPasswordEncoder encoder(){
48 | return new BCryptPasswordEncoder();
49 | }
50 |
51 |
52 | }
53 |
--------------------------------------------------------------------------------
/src/main/java/com/devglan/rolebasedoauth2/controller/UserController.java:
--------------------------------------------------------------------------------
1 | package com.devglan.rolebasedoauth2.controller;
2 |
3 | import com.devglan.rolebasedoauth2.dto.ApiResponse;
4 | import com.devglan.rolebasedoauth2.dto.UserDto;
5 | import com.devglan.rolebasedoauth2.service.AuthenticationFacadeService;
6 | import com.devglan.rolebasedoauth2.service.UserService;
7 | import org.slf4j.Logger;
8 | import org.slf4j.LoggerFactory;
9 | import org.springframework.beans.factory.annotation.Autowired;
10 | import org.springframework.http.HttpStatus;
11 | import org.springframework.security.access.annotation.Secured;
12 | import org.springframework.web.bind.annotation.*;
13 |
14 | @RestController
15 | @RequestMapping("/users")
16 | public class UserController {
17 |
18 | private static final Logger log = LoggerFactory.getLogger(UserController.class);
19 |
20 | public static final String SUCCESS = "success";
21 | public static final String ROLE_ADMIN = "ROLE_ADMIN";
22 | public static final String ROLE_USER = "ROLE_USER";
23 |
24 | @Autowired
25 | private UserService userService;
26 |
27 | @Autowired
28 | private AuthenticationFacadeService authenticationFacadeService;
29 |
30 | @Secured({ROLE_ADMIN})
31 | @GetMapping
32 | public ApiResponse listUser(){
33 | log.info(String.format("received request to list user %s", authenticationFacadeService.getAuthentication().getPrincipal()));
34 | return new ApiResponse(HttpStatus.OK, SUCCESS, userService.findAll());
35 | }
36 |
37 | @Secured({ROLE_ADMIN})
38 | @PostMapping
39 | public ApiResponse create(@RequestBody UserDto user){
40 | log.info(String.format("received request to create user %s", authenticationFacadeService.getAuthentication().getPrincipal()));
41 | return new ApiResponse(HttpStatus.OK, SUCCESS, userService.save(user));
42 | }
43 |
44 | @Secured({ROLE_ADMIN, ROLE_USER})
45 | @GetMapping(value = "/{id}")
46 | public ApiResponse getUser(@PathVariable long id){
47 | log.info(String.format("received request to update user %s", authenticationFacadeService.getAuthentication().getPrincipal()));
48 | return new ApiResponse(HttpStatus.OK, SUCCESS, userService.findOne(id));
49 | }
50 |
51 | @Secured({ROLE_ADMIN})
52 | @DeleteMapping(value = "/{id}")
53 | public void delete(@PathVariable(value = "id") Long id){
54 | log.info(String.format("received request to delete user %s", authenticationFacadeService.getAuthentication().getPrincipal()));
55 | userService.delete(id);
56 | }
57 |
58 |
59 |
60 | }
61 |
--------------------------------------------------------------------------------
/src/main/java/com/devglan/rolebasedoauth2/dao/RoleDao.java:
--------------------------------------------------------------------------------
1 | package com.devglan.rolebasedoauth2.dao;
2 |
3 | import com.devglan.rolebasedoauth2.model.Role;
4 | import org.springframework.data.jpa.repository.Query;
5 | import org.springframework.data.repository.CrudRepository;
6 | import org.springframework.data.repository.query.Param;
7 |
8 | import java.util.List;
9 | import java.util.Set;
10 |
11 | public interface RoleDao extends CrudRepository {
12 |
13 | @Query(value = "SELECT * FROM Roles where name IN (:roles)", nativeQuery = true)
14 | Set find(@Param("roles") List roles);
15 | }
16 |
--------------------------------------------------------------------------------
/src/main/java/com/devglan/rolebasedoauth2/dao/UserDao.java:
--------------------------------------------------------------------------------
1 | package com.devglan.rolebasedoauth2.dao;
2 |
3 | import com.devglan.rolebasedoauth2.model.User;
4 | import org.springframework.data.repository.CrudRepository;
5 | import org.springframework.stereotype.Repository;
6 |
7 | @Repository
8 | public interface UserDao extends CrudRepository {
9 |
10 | User findByUsername(String username);
11 | User findByEmail(String email);
12 | }
13 |
--------------------------------------------------------------------------------
/src/main/java/com/devglan/rolebasedoauth2/dto/ApiResponse.java:
--------------------------------------------------------------------------------
1 | package com.devglan.rolebasedoauth2.dto;
2 |
3 | import org.springframework.http.HttpStatus;
4 |
5 | public class ApiResponse {
6 |
7 | private int status;
8 | private String message;
9 | private Object result;
10 |
11 | public ApiResponse(HttpStatus status, String message, Object result){
12 | this.status = status.value();
13 | this.message = message;
14 | this.result = result;
15 | }
16 |
17 | public ApiResponse(HttpStatus status, String message){
18 | this.status = status.value();
19 | this.message = message;
20 | }
21 |
22 | public int getStatus() {
23 | return status;
24 | }
25 |
26 | public void setStatus(int status) {
27 | this.status = status;
28 | }
29 |
30 | public String getMessage() {
31 | return message;
32 | }
33 |
34 | public void setMessage(String message) {
35 | this.message = message;
36 | }
37 |
38 | public Object getResult() {
39 | return result;
40 | }
41 |
42 | public void setResult(Object result) {
43 | this.result = result;
44 | }
45 |
46 | @Override
47 | public String toString() {
48 | return "ApiResponse [statusCode=" + status + ", message=" + message +"]";
49 | }
50 |
51 |
52 | }
53 |
--------------------------------------------------------------------------------
/src/main/java/com/devglan/rolebasedoauth2/dto/UserDto.java:
--------------------------------------------------------------------------------
1 | package com.devglan.rolebasedoauth2.dto;
2 |
3 | import java.util.List;
4 |
5 | public class UserDto {
6 |
7 | private long id;
8 | private String firstName;
9 | private String lastName;
10 | private String username;
11 | private String password;
12 | private String email;
13 | private List role;
14 |
15 | public long getId() {
16 | return id;
17 | }
18 |
19 | public void setId(long id) {
20 | this.id = id;
21 | }
22 |
23 | public String getFirstName() {
24 | return firstName;
25 | }
26 |
27 | public void setFirstName(String firstName) {
28 | this.firstName = firstName;
29 | }
30 |
31 | public String getLastName() {
32 | return lastName;
33 | }
34 |
35 | public void setLastName(String lastName) {
36 | this.lastName = lastName;
37 | }
38 |
39 | public String getUsername() {
40 | return username;
41 | }
42 |
43 | public void setUsername(String username) {
44 | this.username = username;
45 | }
46 |
47 | public String getPassword() {
48 | return password;
49 | }
50 |
51 | public void setPassword(String password) {
52 | this.password = password;
53 | }
54 |
55 | public String getEmail() {
56 | return email;
57 | }
58 |
59 | public void setEmail(String email) {
60 | this.email = email;
61 | }
62 |
63 | public List getRole() {
64 | return role;
65 | }
66 |
67 | public void setRole(List role) {
68 | this.role = role;
69 | }
70 |
71 | @Override
72 | public String toString() {
73 | return "UserDto{" +
74 | "id=" + id +
75 | ", firstName='" + firstName + '\'' +
76 | ", lastName='" + lastName + '\'' +
77 | ", username='" + username + '\'' +
78 | '}';
79 | }
80 | }
81 |
--------------------------------------------------------------------------------
/src/main/java/com/devglan/rolebasedoauth2/model/Role.java:
--------------------------------------------------------------------------------
1 | package com.devglan.rolebasedoauth2.model;
2 |
3 | import javax.persistence.*;
4 |
5 | @Entity
6 | @Table(name = "ROLES")
7 | public class Role {
8 |
9 | @Id
10 | @GeneratedValue(strategy= GenerationType.IDENTITY)
11 | @Column(name = "ID")
12 | private long id;
13 |
14 | @Enumerated(EnumType.STRING)
15 | @Column(name = "NAME")
16 | private RoleType name;
17 | @Column(name = "DESCRIPTION")
18 | private String description;
19 | @Column(name = "CREATED_ON")
20 | private Long createdOn;
21 | @Column(name = "MODIFIED_ON")
22 | private Long modifiedOn;
23 |
24 | public RoleType getName() {
25 | return name;
26 | }
27 |
28 | public void setName(RoleType name) {
29 | this.name = name;
30 | }
31 |
32 | public String getDescription() {
33 | return description;
34 | }
35 |
36 | public void setDescription(String description) {
37 | this.description = description;
38 | }
39 |
40 | public long getId() {
41 | return id;
42 | }
43 |
44 | public void setId(long id) {
45 | this.id = id;
46 | }
47 |
48 | public Long getCreatedOn() {
49 | return createdOn;
50 | }
51 |
52 | public void setCreatedOn(Long createdOn) {
53 | this.createdOn = createdOn;
54 | }
55 |
56 | public Long getModifiedOn() {
57 | return modifiedOn;
58 | }
59 |
60 | public void setModifiedOn(Long modifiedOn) {
61 | this.modifiedOn = modifiedOn;
62 | }
63 | }
64 |
--------------------------------------------------------------------------------
/src/main/java/com/devglan/rolebasedoauth2/model/RoleType.java:
--------------------------------------------------------------------------------
1 | package com.devglan.rolebasedoauth2.model;
2 |
3 | public enum RoleType {
4 |
5 | ADMIN,USER_CREATE,USER_UPDATE,USER
6 | }
7 |
--------------------------------------------------------------------------------
/src/main/java/com/devglan/rolebasedoauth2/model/User.java:
--------------------------------------------------------------------------------
1 | package com.devglan.rolebasedoauth2.model;
2 |
3 | import com.devglan.rolebasedoauth2.dto.UserDto;
4 |
5 | import javax.persistence.*;
6 | import java.util.Set;
7 | import java.util.stream.Collectors;
8 |
9 | @Entity
10 | @Table(name = "Users")
11 | public class User {
12 |
13 | @Id
14 | @GeneratedValue(strategy= GenerationType.IDENTITY)
15 | @Column(name = "ID")
16 | private long id;
17 | @Column(name = "FIRST_NAME")
18 | private String firstName;
19 | @Column(name = "LAST_NAME")
20 | private String lastName;
21 | @Column(name = "USERNAME")
22 | private String username;
23 | @Column(name = "PASSWORD")
24 | private String password;
25 | @Column(name = "EMAIL")
26 | private String email;
27 |
28 | @ManyToMany(fetch = FetchType.EAGER)
29 | @JoinTable(name = "User_ROLES",
30 | joinColumns = @JoinColumn(name ="USER_ID"),inverseJoinColumns= @JoinColumn(name="ROLE_ID"))
31 | private Set roles;
32 |
33 | public Set getRoles() {
34 | return roles;
35 | }
36 |
37 | public void setRoles(Set roles) {
38 | this.roles = roles;
39 | }
40 |
41 | public long getId() {
42 | return id;
43 | }
44 |
45 | public void setId(long id) {
46 | this.id = id;
47 | }
48 |
49 | public String getFirstName() {
50 | return firstName;
51 | }
52 |
53 | public void setFirstName(String firstName) {
54 | this.firstName = firstName;
55 | }
56 |
57 | public String getLastName() {
58 | return lastName;
59 | }
60 |
61 | public void setLastName(String lastName) {
62 | this.lastName = lastName;
63 | }
64 |
65 | public String getUsername() {
66 | return username;
67 | }
68 |
69 | public void setUsername(String username) {
70 | this.username = username;
71 | }
72 |
73 | public String getPassword() {
74 | return password;
75 | }
76 |
77 | public void setPassword(String password) {
78 | this.password = password;
79 | }
80 |
81 | public String getEmail() {
82 | return email;
83 | }
84 |
85 | public void setEmail(String email) {
86 | this.email = email;
87 | }
88 |
89 | public UserDto toUserDto(){
90 | UserDto userDto = new UserDto();
91 | userDto.setId(this.id);
92 | userDto.setEmail(this.email);
93 | userDto.setFirstName(this.firstName);
94 | userDto.setLastName(this.lastName);
95 | userDto.setUsername(this.username);
96 | userDto.setRole(this.roles.stream().map(role -> role.getName().toString()).collect(Collectors.toList()));
97 | return userDto;
98 | }
99 | }
100 |
--------------------------------------------------------------------------------
/src/main/java/com/devglan/rolebasedoauth2/service/AuthenticationFacadeService.java:
--------------------------------------------------------------------------------
1 | package com.devglan.rolebasedoauth2.service;
2 |
3 | import org.springframework.security.core.Authentication;
4 |
5 | public interface AuthenticationFacadeService {
6 |
7 | Authentication getAuthentication();
8 | }
9 |
--------------------------------------------------------------------------------
/src/main/java/com/devglan/rolebasedoauth2/service/UserService.java:
--------------------------------------------------------------------------------
1 | package com.devglan.rolebasedoauth2.service;
2 |
3 | import com.devglan.rolebasedoauth2.dto.UserDto;
4 | import com.devglan.rolebasedoauth2.model.User;
5 |
6 | import java.util.List;
7 |
8 | public interface UserService {
9 |
10 | UserDto save(UserDto user);
11 | List findAll();
12 | User findOne(long id);
13 | void delete(long id);
14 | }
15 |
--------------------------------------------------------------------------------
/src/main/java/com/devglan/rolebasedoauth2/service/impl/AuthenticationFacadeServiceImpl.java:
--------------------------------------------------------------------------------
1 | package com.devglan.rolebasedoauth2.service.impl;
2 |
3 | import com.devglan.rolebasedoauth2.service.AuthenticationFacadeService;
4 | import org.springframework.security.core.Authentication;
5 | import org.springframework.security.core.context.SecurityContextHolder;
6 | import org.springframework.stereotype.Component;
7 |
8 | @Component
9 | public class AuthenticationFacadeServiceImpl implements AuthenticationFacadeService {
10 |
11 | @Override
12 | public Authentication getAuthentication() {
13 | return SecurityContextHolder.getContext().getAuthentication();
14 | }
15 | }
16 |
--------------------------------------------------------------------------------
/src/main/java/com/devglan/rolebasedoauth2/service/impl/UserServiceImpl.java:
--------------------------------------------------------------------------------
1 | package com.devglan.rolebasedoauth2.service.impl;
2 |
3 | import com.devglan.rolebasedoauth2.dao.RoleDao;
4 | import com.devglan.rolebasedoauth2.dao.UserDao;
5 | import com.devglan.rolebasedoauth2.dto.UserDto;
6 | import com.devglan.rolebasedoauth2.model.Role;
7 | import com.devglan.rolebasedoauth2.model.RoleType;
8 | import com.devglan.rolebasedoauth2.model.User;
9 | import com.devglan.rolebasedoauth2.service.UserService;
10 | import org.slf4j.Logger;
11 | import org.slf4j.LoggerFactory;
12 | import org.springframework.beans.factory.annotation.Autowired;
13 | import org.springframework.security.core.GrantedAuthority;
14 | import org.springframework.security.core.authority.SimpleGrantedAuthority;
15 | import org.springframework.security.core.userdetails.UserDetails;
16 | import org.springframework.security.core.userdetails.UserDetailsService;
17 | import org.springframework.security.core.userdetails.UsernameNotFoundException;
18 | import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
19 | import org.springframework.stereotype.Service;
20 | import org.springframework.transaction.annotation.Transactional;
21 |
22 | import java.util.ArrayList;
23 | import java.util.List;
24 | import java.util.Set;
25 | import java.util.stream.Collectors;
26 |
27 | @Transactional
28 | @Service(value = "userService")
29 | public class UserServiceImpl implements UserDetailsService, UserService {
30 |
31 | private static final Logger log = LoggerFactory.getLogger(UserServiceImpl.class);
32 |
33 | @Autowired
34 | private UserDao userDao;
35 |
36 | @Autowired
37 | private RoleDao roleDao;
38 |
39 | @Autowired
40 | private BCryptPasswordEncoder passwordEncoder;
41 |
42 | public UserDetails loadUserByUsername(String userId) throws UsernameNotFoundException {
43 | User user = userDao.findByUsername(userId);
44 | if(user == null){
45 | log.error("Invalid username or password.");
46 | throw new UsernameNotFoundException("Invalid username or password.");
47 | }
48 | Set grantedAuthorities = getAuthorities(user);
49 |
50 |
51 | return new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPassword(), grantedAuthorities);
52 | }
53 |
54 | private Set getAuthorities(User user) {
55 | Set roleByUserId = user.getRoles();
56 | final Set authorities = roleByUserId.stream().map(role -> new SimpleGrantedAuthority("ROLE_" + role.getName().toString().toUpperCase())).collect(Collectors.toSet());
57 | return authorities;
58 | }
59 |
60 | public List findAll() {
61 | List users = new ArrayList<>();
62 | userDao.findAll().iterator().forEachRemaining(user -> users.add(user.toUserDto()));
63 | return users;
64 | }
65 |
66 | @Override
67 | public User findOne(long id) {
68 | return userDao.findById(id).get();
69 | }
70 |
71 | @Override
72 | public void delete(long id) {
73 | userDao.deleteById(id);
74 | }
75 |
76 | @Override
77 | public UserDto save(UserDto userDto) {
78 | User userWithDuplicateUsername = userDao.findByUsername(userDto.getUsername());
79 | if(userWithDuplicateUsername != null && userDto.getId() != userWithDuplicateUsername.getId()) {
80 | log.error(String.format("Duplicate username %", userDto.getUsername()));
81 | throw new RuntimeException("Duplicate username.");
82 | }
83 | User userWithDuplicateEmail = userDao.findByEmail(userDto.getEmail());
84 | if(userWithDuplicateEmail != null && userDto.getId() != userWithDuplicateEmail.getId()) {
85 | log.error(String.format("Duplicate email %", userDto.getEmail()));
86 | throw new RuntimeException("Duplicate email.");
87 | }
88 | User user = new User();
89 | user.setEmail(userDto.getEmail());
90 | user.setFirstName(userDto.getFirstName());
91 | user.setLastName(userDto.getLastName());
92 | user.setUsername(userDto.getUsername());
93 | user.setPassword(passwordEncoder.encode(userDto.getPassword()));
94 | List roleTypes = new ArrayList<>();
95 | userDto.getRole().stream().map(role -> roleTypes.add(RoleType.valueOf(role)));
96 | user.setRoles(roleDao.find(userDto.getRole()));
97 | userDao.save(user);
98 | return userDto;
99 | }
100 | }
101 |
--------------------------------------------------------------------------------
/src/main/resources/application.properties:
--------------------------------------------------------------------------------
1 | spring.datasource.url=jdbc:mysql://localhost:3306/test
2 | spring.datasource.username=root
3 | spring.datasource.password=root
4 | spring.jpa.hibernate.ddl-auto=create-drop
5 | spring.jpa.show-sql=true
6 | spring.user.datasource.driver-class-name=com.mysql.jdbc.Driver
--------------------------------------------------------------------------------
/src/main/resources/logback.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | %d{yyyy-MM-dd HH:mm:ss} %-5level %logger{36} - %m%n
6 |
7 |
8 |
9 |
11 | devglan.log
12 | aaj
13 | devglan.%d{yyyy-MM-dd}.log
14 | 30
15 |
16 |
17 |
18 | %d{yyyy-MM-dd HH:mm:ss} %-5level %logger{36} - %m%n
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
--------------------------------------------------------------------------------
/src/main/resources/script.sql:
--------------------------------------------------------------------------------
1 | drop table if exists roles;
2 | drop table if exists user_roles;
3 | drop table if exists users;
4 | create table roles (id bigint not null auto_increment, created_on bigint, description varchar(255), modified_on bigint, name varchar(255), primary key (id)) engine=MyISAM;
5 | create table user_roles (user_id bigint not null, role_id bigint not null, primary key (user_id, role_id)) engine=MyISAM;
6 | create table users (id bigint not null auto_increment, email varchar(255), first_name varchar(255), last_name varchar(255), password varchar(255), username varchar(255), primary key (id)) engine=MyISAM
7 | alter table user_roles add constraint FKh8ciramu9cc9q3qcqiv4ue8a6 foreign key (role_id) references roles (id);
8 | alter table user_roles add constraint FKhfh9dx7w3ubf1co1vdev94g3f foreign key (user_id) references users (id);
9 |
10 | INSERT INTO roles(description,name) values ('Admin', 'ADMIN');
11 | INSERT INTO roles(description,name) values ('User', 'USER');
12 | INSERT INTO users (email,first_name, last_name,password,username) values ('admin@gmail.com','admin', 'admin','$2a$04$EZzbSqieYfe/nFWfBWt2KeCdyq0UuDEM1ycFF8HzmlVR6sbsOnw7u','admin');
13 | insert into USER_ROLES(USER_ID,ROLE_ID) values (1,1);
--------------------------------------------------------------------------------
/src/test/java/com/devglan/rolebasedoauth2/RoleBasedOauth2ApplicationTests.java:
--------------------------------------------------------------------------------
1 | package com.devglan.rolebasedoauth2;
2 |
3 | import org.junit.Test;
4 | import org.junit.runner.RunWith;
5 | import org.springframework.boot.test.context.SpringBootTest;
6 | import org.springframework.test.context.junit4.SpringRunner;
7 |
8 | @RunWith(SpringRunner.class)
9 | @SpringBootTest
10 | public class RoleBasedOauth2ApplicationTests {
11 |
12 | @Test
13 | public void contextLoads() {
14 | }
15 |
16 | }
17 |
18 |
--------------------------------------------------------------------------------