aboutsummaryrefslogtreecommitdiff
path: root/src/main/java
diff options
context:
space:
mode:
authorGravatar Vitaly Takmazov2020-03-20 15:18:29 +0300
committerGravatar Vitaly Takmazov2020-03-20 15:18:29 +0300
commitc3d889c92d8eacfd93bab2dbc2e9a4db61d9aae7 (patch)
tree1f9d64442f0ef7acf9f88840f9320b82bc605c7f /src/main/java
parentbdef56b6fc58dc3554171f3e14ac821655cb8ddd (diff)
enable spring boot actuator for admin users
Diffstat (limited to 'src/main/java')
-rw-r--r--src/main/java/com/juick/server/configuration/SecurityConfig.java1
-rw-r--r--src/main/java/com/juick/service/UserService.java2
-rw-r--r--src/main/java/com/juick/service/UserServiceImpl.java10
-rw-r--r--src/main/java/com/juick/service/security/JuickUserDetailsService.java7
-rw-r--r--src/main/java/com/juick/service/security/entities/JuickUser.java4
5 files changed, 22 insertions, 2 deletions
diff --git a/src/main/java/com/juick/server/configuration/SecurityConfig.java b/src/main/java/com/juick/server/configuration/SecurityConfig.java
index 2713cc56..23a41e11 100644
--- a/src/main/java/com/juick/server/configuration/SecurityConfig.java
+++ b/src/main/java/com/juick/server/configuration/SecurityConfig.java
@@ -189,6 +189,7 @@ public class SecurityConfig {
.authorizeRequests()
.antMatchers("/settings", "/pm/**", "/**/bl", "/_twitter", "/post", "/post2", "/comment")
.authenticated()
+ .antMatchers("/actuator/**").hasRole("ADMIN")
.anyRequest().permitAll()
.and()
.anonymous().principal(JuickUser.ANONYMOUS_USER).authorities(JuickUser.ANONYMOUS_AUTHORITY)
diff --git a/src/main/java/com/juick/service/UserService.java b/src/main/java/com/juick/service/UserService.java
index e171126d..4bd5486d 100644
--- a/src/main/java/com/juick/service/UserService.java
+++ b/src/main/java/com/juick/service/UserService.java
@@ -127,4 +127,6 @@ public interface UserService {
List<String> getActiveJIDs();
void updateLastSeen(User user);
+
+ boolean isAdminUser(User user);
}
diff --git a/src/main/java/com/juick/service/UserServiceImpl.java b/src/main/java/com/juick/service/UserServiceImpl.java
index 084f3a00..23c55bbe 100644
--- a/src/main/java/com/juick/service/UserServiceImpl.java
+++ b/src/main/java/com/juick/service/UserServiceImpl.java
@@ -24,6 +24,7 @@ import com.juick.model.AuthResponse;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Value;
import org.springframework.dao.DuplicateKeyException;
import org.springframework.dao.EmptyResultDataAccessException;
import org.springframework.jdbc.core.RowMapper;
@@ -39,6 +40,7 @@ import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.sql.Timestamp;
+import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
@@ -52,6 +54,9 @@ import java.util.UUID;
@Repository
public class UserServiceImpl extends BaseJdbcService implements UserService {
+ @Value("${juick.admin_users:}")
+ List<String> adminUsers;
+
private class UserMapper implements RowMapper<User> {
@Override
public User mapRow(@Nonnull ResultSet rs, int rowNum) throws SQLException {
@@ -681,4 +686,9 @@ public class UserServiceImpl extends BaseJdbcService implements UserService {
public void updateLastSeen(User user) {
getJdbcTemplate().update("UPDATE users SET last_seen=now() WHERE id=?", user.getUid());
}
+
+ @Override
+ public boolean isAdminUser(User user) {
+ return adminUsers.contains(user.getName());
+ }
}
diff --git a/src/main/java/com/juick/service/security/JuickUserDetailsService.java b/src/main/java/com/juick/service/security/JuickUserDetailsService.java
index a62bdadd..da222539 100644
--- a/src/main/java/com/juick/service/security/JuickUserDetailsService.java
+++ b/src/main/java/com/juick/service/security/JuickUserDetailsService.java
@@ -21,11 +21,14 @@ import com.juick.model.User;
import com.juick.service.UserService;
import com.juick.service.security.entities.JuickUser;
import org.apache.commons.lang3.StringUtils;
+import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.util.Assert;
+import java.util.List;
+
/**
* Created by aalexeev on 11/28/16.
*/
@@ -46,7 +49,9 @@ public class JuickUserDetailsService implements UserDetailsService {
if (!user.isAnonymous()) {
user.setAuthHash(userService.getHashByUID(user.getUid()));
- return new JuickUser(user);
+ List<GrantedAuthority> authorities = userService.isAdminUser(user) ?
+ JuickUser.ADMIN_AUTHORITY : JuickUser.USER_AUTHORITY;
+ return new JuickUser(user, authorities);
}
throw new UsernameNotFoundException("The username " + username + " is not found");
diff --git a/src/main/java/com/juick/service/security/entities/JuickUser.java b/src/main/java/com/juick/service/security/entities/JuickUser.java
index 062db3a4..dca5fe7d 100644
--- a/src/main/java/com/juick/service/security/entities/JuickUser.java
+++ b/src/main/java/com/juick/service/security/entities/JuickUser.java
@@ -17,8 +17,8 @@
package com.juick.service.security.entities;
-import com.juick.model.User;
import com.juick.model.AnonymousUser;
+import com.juick.model.User;
import org.apache.commons.lang3.StringUtils;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
@@ -33,10 +33,12 @@ import java.util.List;
*/
public class JuickUser implements UserDetails {
static final GrantedAuthority ROLE_USER = new SimpleGrantedAuthority("ROLE_USER");
+ static final GrantedAuthority ROLE_ADMIN = new SimpleGrantedAuthority("ROLE_ADMIN");
static final GrantedAuthority ROLE_ANONYMOUS = new SimpleGrantedAuthority("ROLE_ANONYMOUS");
public static final List<GrantedAuthority> USER_AUTHORITY = Collections.singletonList(ROLE_USER);
public static final List<GrantedAuthority> ANONYMOUS_AUTHORITY = Collections.singletonList(ROLE_ANONYMOUS);
+ public static final List<GrantedAuthority> ADMIN_AUTHORITY = List.of(ROLE_ADMIN, ROLE_USER);
public static final JuickUser ANONYMOUS_USER = new JuickUser(AnonymousUser.INSTANCE, ANONYMOUS_AUTHORITY);