diff --git a/src/main/java/runner/AppRunner.java b/src/main/java/runner/AppRunner.java index eeb1da7c2..0e6dd8e09 100644 --- a/src/main/java/runner/AppRunner.java +++ b/src/main/java/runner/AppRunner.java @@ -3,7 +3,10 @@ import com.ulisesbocchio.jasyptspringboot.annotation.EnableEncryptableProperties; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.PropertySource; +import org.springframework.web.servlet.config.annotation.CorsRegistry; +import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; @SpringBootApplication @EnableEncryptableProperties @@ -11,6 +14,5 @@ public class AppRunner { public static void main(String[] args) { SpringApplication.run(AppRunner.class, args); - } } diff --git a/src/main/java/runner/controllers/AccountController.java b/src/main/java/runner/controllers/AccountController.java index acde9e2de..abd82d712 100644 --- a/src/main/java/runner/controllers/AccountController.java +++ b/src/main/java/runner/controllers/AccountController.java @@ -30,7 +30,7 @@ public String testJWT() { } //get accounts for the authenticated user only, THIS is the homepage once user has logged in - @JsonView(Views.AllAccounts.class) + //@JsonView(Views.AllAccounts.class) @GetMapping public ResponseEntity> readAllAccount() { String currentPrincipalName = SecurityContextHolder.getContext().getAuthentication().getName(); diff --git a/src/main/java/runner/controllers/CustomerController.java b/src/main/java/runner/controllers/CustomerController.java index c9e1b37fb..3b6ab0c8d 100644 --- a/src/main/java/runner/controllers/CustomerController.java +++ b/src/main/java/runner/controllers/CustomerController.java @@ -2,6 +2,7 @@ import com.fasterxml.jackson.annotation.JsonView; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; +import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.web.bind.annotation.*; @@ -20,15 +21,15 @@ public class CustomerController { @JsonView(Views.Profile.class) @GetMapping(value = "/myaccount/profile") public ResponseEntity getCustomer() { - String currentPrincipalName = SecurityContextHolder.getContext().getAuthentication().getName(); - Customer customer =customerServices.readCustomerByLogin(currentPrincipalName); + String currentPrincipalName = SecurityContextHolder.getContext().getAuthentication().getName(); //needs JWT token in header + Customer customer =customerServices.readCustomerByLogin(currentPrincipalName); //<< for testing on angular, need to change back to currentPrincipalName if( customer == null) return new ResponseEntity<>("Customer not found", HttpStatus.NOT_FOUND); else return new ResponseEntity<>(customer, HttpStatus.OK); } - @PostMapping(value = "/openaccount") + @PostMapping(value = "/openaccount",consumes = MediaType.APPLICATION_JSON_VALUE) public ResponseEntity create(@RequestBody Customer customer) throws Exception { customer = customerServices.createCustomer(customer); @@ -39,13 +40,13 @@ public ResponseEntity create(@RequestBody Customer customer) throws Exception return new ResponseEntity<>("Login user name already exist", HttpStatus.CONFLICT); } - @PutMapping(value = "myaccount/profile/update") +/* @PutMapping(value = "myaccount/profile") public ResponseEntity update(@RequestBody Customer customer) throws Exception { String currentPrincipalName = SecurityContextHolder.getContext().getAuthentication().getName(); - Customer customerReturned =customerServices.readCustomerByLogin(currentPrincipalName); + Customer customerReturned =customerServices.readCustomerByLogin(*//*currentPrincipalName*//* "user1"); Long id = customerReturned.getId(); return new ResponseEntity<>(customerServices.updateCustomer(id,customer), HttpStatus.OK); - } + }*/ @JsonView(Views.PhoneNumber.class) @PutMapping(value = "myaccount/profile/phone") diff --git a/src/main/java/runner/entities/Customer.java b/src/main/java/runner/entities/Customer.java index f7ab1bf92..56067f55c 100644 --- a/src/main/java/runner/entities/Customer.java +++ b/src/main/java/runner/entities/Customer.java @@ -16,18 +16,18 @@ public class Customer { @GeneratedValue(strategy = GenerationType.AUTO) private Long id; - @JsonView(Views.Profile.class) + //@JsonView(Views.Profile.class) @Column(nullable = false) private String firstName; - @JsonView(Views.Profile.class) + //@JsonView(Views.Profile.class) private String middleName; - @JsonView(Views.Profile.class) + //@JsonView(Views.Profile.class) @Column(nullable = false) private String lastName; - @JsonView(Views.Profile.class) + //@JsonView(Views.Profile.class) @Column(nullable = false) private LocalDate dateOfBirth; diff --git a/src/main/java/runner/security/config/WebSecurityConfig.java b/src/main/java/runner/security/config/WebSecurityConfig.java index c5312f107..1d903984a 100644 --- a/src/main/java/runner/security/config/WebSecurityConfig.java +++ b/src/main/java/runner/security/config/WebSecurityConfig.java @@ -1,5 +1,8 @@ package runner.security.config; +import org.springframework.boot.web.servlet.FilterRegistrationBean; +import org.springframework.security.config.annotation.web.builders.WebSecurity; +import org.springframework.web.filter.CorsFilter; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -23,13 +26,15 @@ import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.security.web.util.matcher.AndRequestMatcher; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; +import org.springframework.web.cors.CorsConfiguration; +import org.springframework.web.cors.CorsConfigurationSource; +import org.springframework.web.cors.UrlBasedCorsConfigurationSource; +import org.springframework.web.servlet.config.annotation.CorsRegistry; +import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; import runner.security.filters.JwtAuthorizationFilter; import runner.services.LoginServices; import runner.services.UserDetailServices; -import java.util.ArrayList; -import java.util.List; - @Configuration @EnableWebSecurity //allows Spring to find and automatically apply the class to the global Web Security. public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @@ -62,15 +67,47 @@ protected void configure(AuthenticationManagerBuilder auth) throws Exception { //allowing user to post to authenticate since spring security is placed on all request @Override protected void configure(HttpSecurity http) throws Exception { + http.cors(); http .csrf().disable() - .authorizeRequests().antMatchers("/authenticate","/","/openaccount").permitAll() //permit everybody for this endpoint + .authorizeRequests()//.antMatchers().permitAll() //permit everybody for this endpoint .anyRequest().authenticated() //all other request requires authentication .and().sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS); //jwt is stateless, asking Spring to not create sessions for each request http.addFilterBefore(jwtAuthorizationFilter, UsernamePasswordAuthenticationFilter.class); //asking Spring to use jwtAuthorizationFilter before UsernamePasswordAuthenticationFilter is called } + //Bypasses the jwtAuthorizationFilter for endpoints not required which i think is dictated by web.ignoring() line in configure(WebSecurity web) method + @Bean + public FilterRegistrationBean disableMyFilterBean() { + FilterRegistrationBean registration = new FilterRegistrationBean(jwtAuthorizationFilter); + registration.setEnabled(false); + return registration; + } + + @Override + public void configure(WebSecurity web) throws Exception { + web.ignoring().antMatchers("/authenticate","/","/myaccount/profile","/openaccount"); + } + + @Bean + public WebMvcConfigurer corsConfigurer(){ + return new WebMvcConfigurer() { + @Override + public void addCorsMappings(CorsRegistry registry) { + registry.addMapping("/**") + .allowedMethods("GET","POST","PUT","DELETE") + .allowedHeaders("*") + .allowedOrigins("http://localhost:4200"); //angular default port + } + }; + } + + + + + + /* @Override //creating own form for login protected void configure(HttpSecurity http) throws Exception{ http diff --git a/src/main/java/runner/security/filters/JwtAuthorizationFilter.java b/src/main/java/runner/security/filters/JwtAuthorizationFilter.java index 1bb7d08f2..7d2f8e7f4 100644 --- a/src/main/java/runner/security/filters/JwtAuthorizationFilter.java +++ b/src/main/java/runner/security/filters/JwtAuthorizationFilter.java @@ -7,6 +7,10 @@ import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; import org.springframework.stereotype.Component; +import org.springframework.web.cors.CorsConfiguration; +import org.springframework.web.cors.CorsConfigurationSource; +import org.springframework.web.cors.CorsUtils; +import org.springframework.web.cors.UrlBasedCorsConfigurationSource; import org.springframework.web.filter.OncePerRequestFilter; import runner.entities.Login; import runner.security.utilities.JwtUtil; @@ -57,6 +61,8 @@ protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServl SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken); } } + filterChain.doFilter(httpServletRequest, httpServletResponse); } + } \ No newline at end of file diff --git a/target/classes/runner/AppRunner.class b/target/classes/runner/AppRunner.class index e447d8a94..64ec98a6f 100644 Binary files a/target/classes/runner/AppRunner.class and b/target/classes/runner/AppRunner.class differ diff --git a/target/classes/runner/controllers/CustomerController.class b/target/classes/runner/controllers/CustomerController.class index 78c2aac3f..7f82ba14a 100644 Binary files a/target/classes/runner/controllers/CustomerController.class and b/target/classes/runner/controllers/CustomerController.class differ diff --git a/target/classes/runner/entities/Customer.class b/target/classes/runner/entities/Customer.class index 02a94028b..1f1ac3341 100644 Binary files a/target/classes/runner/entities/Customer.class and b/target/classes/runner/entities/Customer.class differ diff --git a/target/classes/runner/security/config/WebSecurityConfig$1.class b/target/classes/runner/security/config/WebSecurityConfig$1.class new file mode 100644 index 000000000..224395320 Binary files /dev/null and b/target/classes/runner/security/config/WebSecurityConfig$1.class differ diff --git a/target/classes/runner/security/config/WebSecurityConfig.class b/target/classes/runner/security/config/WebSecurityConfig.class index 14eb357f8..08076daf5 100644 Binary files a/target/classes/runner/security/config/WebSecurityConfig.class and b/target/classes/runner/security/config/WebSecurityConfig.class differ diff --git a/target/classes/runner/security/filters/JwtAuthorizationFilter.class b/target/classes/runner/security/filters/JwtAuthorizationFilter.class index 1604d93ec..0854b94d1 100644 Binary files a/target/classes/runner/security/filters/JwtAuthorizationFilter.class and b/target/classes/runner/security/filters/JwtAuthorizationFilter.class differ