aboutsummaryrefslogtreecommitdiff
path: root/juick-server
diff options
context:
space:
mode:
Diffstat (limited to 'juick-server')
-rw-r--r--juick-server/build.gradle7
-rw-r--r--juick-server/src/main/java/com/juick/server/security/JuickAuthenticationEntryPoint.java20
-rw-r--r--juick-server/src/main/java/com/juick/server/security/JuickAuthenticationProvider.java35
-rw-r--r--juick-server/src/main/java/com/juick/server/security/entities/JuickUser.java62
4 files changed, 124 insertions, 0 deletions
diff --git a/juick-server/build.gradle b/juick-server/build.gradle
index 9f7db721..7acf4a7e 100644
--- a/juick-server/build.gradle
+++ b/juick-server/build.gradle
@@ -1,4 +1,5 @@
apply plugin: 'java'
+apply plugin: 'war'
apply plugin: 'com.github.ben-manes.versions'
sourceCompatibility = 1.8
@@ -7,6 +8,7 @@ def jacksonVersion = '2.8.5'
def logbackVersion = '1.1.7'
def slf4jVersion = '1.7.21'
def springFrameworkVersion = '4.3.4.RELEASE'
+def springSecurityVersion = "4.2.0.RELEASE"
dependencies {
compile project(':juick-core')
@@ -32,6 +34,11 @@ dependencies {
compile "org.springframework:spring-context:${springFrameworkVersion}"
compile "org.springframework:spring-jdbc:${springFrameworkVersion}"
+ providedCompile 'javax.servlet:javax.servlet-api:3.1.0'
+
+ compile "org.springframework.security:spring-security-web:${springSecurityVersion}"
+ compile "org.springframework.security:spring-security-config:${springSecurityVersion}"
+
compile 'org.apache.commons:commons-dbcp2:2.1.1'
compile 'com.googlecode.log4jdbc:log4jdbc:1.2'
compile 'org.json:json:20160810'
diff --git a/juick-server/src/main/java/com/juick/server/security/JuickAuthenticationEntryPoint.java b/juick-server/src/main/java/com/juick/server/security/JuickAuthenticationEntryPoint.java
new file mode 100644
index 00000000..4c73196d
--- /dev/null
+++ b/juick-server/src/main/java/com/juick/server/security/JuickAuthenticationEntryPoint.java
@@ -0,0 +1,20 @@
+package com.juick.server.security;
+
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * Created by vitalyster on 25.11.2016.
+ */
+public class JuickAuthenticationEntryPoint implements AuthenticationEntryPoint {
+ @Override
+ public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException)
+ throws IOException, ServletException {
+ response.setStatus(HttpServletResponse.SC_FORBIDDEN);
+ }
+}
diff --git a/juick-server/src/main/java/com/juick/server/security/JuickAuthenticationProvider.java b/juick-server/src/main/java/com/juick/server/security/JuickAuthenticationProvider.java
new file mode 100644
index 00000000..bf0ed4d7
--- /dev/null
+++ b/juick-server/src/main/java/com/juick/server/security/JuickAuthenticationProvider.java
@@ -0,0 +1,35 @@
+package com.juick.server.security;
+
+import com.juick.service.UserService;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+
+import javax.inject.Inject;
+import java.util.Collections;
+
+/**
+ * Created by vitalyster on 25.11.2016.
+ */
+public class JuickAuthenticationProvider implements AuthenticationProvider {
+ @Inject
+ UserService userService;
+ @Override
+ public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+ String name = authentication.getName();
+ String password = authentication.getCredentials().toString();
+ if (userService.checkPassword(name, password) > 0) {
+ return new UsernamePasswordAuthenticationToken(name, password, Collections.singletonList(
+ new SimpleGrantedAuthority("ROLE_USER")
+ ));
+ }
+ return null;
+ }
+
+ @Override
+ public boolean supports(Class<?> authentication) {
+ return authentication.equals(UsernamePasswordAuthenticationToken.class);
+ }
+}
diff --git a/juick-server/src/main/java/com/juick/server/security/entities/JuickUser.java b/juick-server/src/main/java/com/juick/server/security/entities/JuickUser.java
new file mode 100644
index 00000000..6cc002ae
--- /dev/null
+++ b/juick-server/src/main/java/com/juick/server/security/entities/JuickUser.java
@@ -0,0 +1,62 @@
+package com.juick.server.security.entities;
+
+import com.juick.User;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+
+import java.util.Collection;
+import java.util.Collections;
+
+/**
+ * Created by aalexeev on 11/21/16.
+ */
+public class JuickUser implements UserDetails {
+ private static final GrantedAuthority ROLE_USER = new SimpleGrantedAuthority("ROLE_USER");
+
+ private final com.juick.User user;
+
+
+ public JuickUser(com.juick.User user) {
+ this.user = user;
+ }
+
+ @Override
+ public Collection<? extends GrantedAuthority> getAuthorities() {
+ return Collections.singletonList(ROLE_USER);
+ }
+
+ @Override
+ public String getPassword() {
+ return null;
+ }
+
+ @Override
+ public String getUsername() {
+ return user.getName();
+ }
+
+ @Override
+ public boolean isAccountNonExpired() {
+ return true;
+ }
+
+ @Override
+ public boolean isAccountNonLocked() {
+ return false;
+ }
+
+ @Override
+ public boolean isCredentialsNonExpired() {
+ return true;
+ }
+
+ @Override
+ public boolean isEnabled() {
+ return !user.isBanned();
+ }
+
+ public User getUser() {
+ return user;
+ }
+}