From bc23d2d2125d2086847397e85335f29a70668f6b Mon Sep 17 00:00:00 2001 From: Alexander Alexeev Date: Mon, 28 Nov 2016 13:39:04 +0700 Subject: remember-me authorization with test; a statndard DaoAuthentication provider used --- .../juick/api/configuration/ApiSecurityConfig.java | 42 ++++++++++++++++----- .../juick/api/configuration/JuickHashFilter.java | 44 ---------------------- .../java/com/juick/api/tests/MessagesTests.java | 37 +++++++++++++++++- juick-api/src/test/resources/juick.conf.example | 8 ++++ 4 files changed, 76 insertions(+), 55 deletions(-) delete mode 100644 juick-api/src/main/java/com/juick/api/configuration/JuickHashFilter.java create mode 100644 juick-api/src/test/resources/juick.conf.example (limited to 'juick-api') diff --git a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java index b3d2d21e..8da51f5a 100644 --- a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java +++ b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java @@ -1,24 +1,27 @@ package com.juick.api.configuration; import com.juick.server.security.JuickAuthenticationEntryPoint; -import com.juick.server.security.JuickAuthenticationProvider; import com.juick.service.UserService; +import com.juick.service.security.JuickUserDetailsService; +import com.juick.service.security.SimpleRememberMeServices; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.PropertySource; import org.springframework.core.env.Environment; import org.springframework.http.HttpMethod; +import org.springframework.security.authentication.dao.DaoAuthenticationProvider; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.http.SessionCreationPolicy; -import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; +import org.springframework.security.web.authentication.RememberMeServices; import org.springframework.web.cors.CorsConfiguration; import org.springframework.web.cors.CorsConfigurationSource; import org.springframework.web.cors.UrlBasedCorsConfigurationSource; import javax.inject.Inject; import java.util.Arrays; +import java.util.concurrent.TimeUnit; /** * Created by aalexeev on 11/21/16. @@ -38,8 +41,7 @@ public class ApiSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { - http.addFilterBefore(getJuickHashFilter(), UsernamePasswordAuthenticationFilter.class) - .authorizeRequests() + http.authorizeRequests() .antMatchers(HttpMethod.OPTIONS).permitAll() .anyRequest().hasRole("USER") .and().httpBasic().authenticationEntryPoint(getJuickAuthenticationEntryPoint()) @@ -48,22 +50,42 @@ public class ApiSecurityConfig extends WebSecurityConfigurerAdapter { .and().servletApi() .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) .and().exceptionHandling().authenticationEntryPoint(getJuickAuthenticationEntryPoint()) - .and().authenticationProvider(new JuickAuthenticationProvider(userService)) + .and() + .rememberMe() + .alwaysRemember(true) + .tokenValiditySeconds((int) TimeUnit.DAYS.toSeconds(6 * 30)) + .rememberMeServices(rememberMeServices()) + .key(env.getProperty("auth_remember_me_key")) + .and().authenticationProvider(authenticationProvider()) .headers().defaultsDisabled().cacheControl(); } @Bean - public JuickAuthenticationEntryPoint getJuickAuthenticationEntryPoint() { - return new JuickAuthenticationEntryPoint(); + public DaoAuthenticationProvider authenticationProvider() { + DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider(); + + authenticationProvider.setUserDetailsService(userDetailsService()); + + return authenticationProvider; + } + + @Bean + public JuickUserDetailsService userDetailsService() { + return new JuickUserDetailsService(userService); + } + + @Bean + public RememberMeServices rememberMeServices() throws Exception { + return new SimpleRememberMeServices(env.getProperty("auth_remember_me_key"), userDetailsService(), userService, env); } @Bean - public JuickHashFilter getJuickHashFilter() { - return new JuickHashFilter(); + public JuickAuthenticationEntryPoint getJuickAuthenticationEntryPoint() { + return new JuickAuthenticationEntryPoint(); } @Bean - CorsConfigurationSource corsConfigurationSource() { + public CorsConfigurationSource corsConfigurationSource() { CorsConfiguration configuration = new CorsConfiguration(); configuration.setAllowedOrigins(Arrays.asList("*")); diff --git a/juick-api/src/main/java/com/juick/api/configuration/JuickHashFilter.java b/juick-api/src/main/java/com/juick/api/configuration/JuickHashFilter.java deleted file mode 100644 index 62e6f3d2..00000000 --- a/juick-api/src/main/java/com/juick/api/configuration/JuickHashFilter.java +++ /dev/null @@ -1,44 +0,0 @@ -package com.juick.api.configuration; - -import com.juick.User; -import com.juick.service.UserService; -import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.authority.SimpleGrantedAuthority; -import org.springframework.security.core.context.SecurityContext; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.web.authentication.WebAuthenticationDetails; -import org.springframework.web.filter.GenericFilterBean; - -import javax.inject.Inject; -import javax.servlet.FilterChain; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; -import java.io.IOException; -import java.util.Collections; -import java.util.List; - -/** - * Created by vitalyster on 27.11.2016. - */ -public class JuickHashFilter extends GenericFilterBean { - @Inject - UserService userService; - - @Override - public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { - String hash = request.getParameter("hash"); - if (hash != null) { - User user = userService.getUserByHash(hash); - if (user.getUid() > 0) { - List authorities = Collections.singletonList(new SimpleGrantedAuthority("ROLE_USER")); - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(user.getName(), null); - token.setDetails(new WebAuthenticationDetails((HttpServletRequest) request)); - SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(user.getName(), null, authorities)); - } - } - chain.doFilter(request, response); - } - } diff --git a/juick-api/src/test/java/com/juick/api/tests/MessagesTests.java b/juick-api/src/test/java/com/juick/api/tests/MessagesTests.java index 7f238b79..cec2bc7d 100644 --- a/juick-api/src/test/java/com/juick/api/tests/MessagesTests.java +++ b/juick-api/src/test/java/com/juick/api/tests/MessagesTests.java @@ -19,6 +19,7 @@ import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Import; import org.springframework.context.annotation.Primary; import org.springframework.http.MediaType; +import org.springframework.security.crypto.codec.Base64; import org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; @@ -28,7 +29,9 @@ import org.springframework.test.web.servlet.setup.MockMvcBuilders; import org.springframework.web.context.WebApplicationContext; import javax.inject.Inject; +import javax.servlet.http.Cookie; import java.util.Collections; +import java.util.Optional; import static org.hamcrest.Matchers.hasSize; import static org.hamcrest.Matchers.is; @@ -150,7 +153,39 @@ public class MessagesTests { } @Test - public void homeTestWithSimpleCors() throws Exception { + public void homeTestWithMessagesAndRememberMe() throws Exception { + String ugnichName = "ugnich"; + String uginchPassword = "MyPassw0rd!"; + String msgText = "Привет, я - Угнич"; + String hash = "12345678"; + + User user = getUser(1, ugnichName, uginchPassword); + Message msg = getMessage(user, msgText); + + when(userService.getUserByName(ugnichName)) + .thenReturn(user); + when(userService.getUserByUID(1)) + .thenReturn(Optional.of(user)); + when(userService.getFullyUserByName(ugnichName)) + .thenReturn(user); + when(messagesService.getMyFeed(1, 0)) + .thenReturn(Collections.singletonList(1)); + when(messagesService.getMessages(Collections.singletonList(1))) + .thenReturn(Collections.singletonList(msg)); + when(userService.getUIDbyHash(hash)) + .thenReturn(1); + + Cookie cookie = new Cookie("hash", new String(Base64.encode(hash.getBytes()))); + cookie.setDomain("juick.com"); + cookie.setMaxAge(100); + + mockMvc.perform( + get("/home").cookie(cookie)) + .andExpect(status().isOk()); + } + + @Test + public void homeTestWithMEssagesAndSimpleCors() throws Exception { String ugnichName = "ugnich"; String uginchPassword = "MyPassw0rd!"; diff --git a/juick-api/src/test/resources/juick.conf.example b/juick-api/src/test/resources/juick.conf.example new file mode 100644 index 00000000..cca3c182 --- /dev/null +++ b/juick-api/src/test/resources/juick.conf.example @@ -0,0 +1,8 @@ +# The domain name for Web (default value - "juick.com") +web_domain=juick.com + +# Authority cookie name (default value - "hash") +auth_cookie_name=hash + +# Authority remember-me key +auth_remember_me_key=3vHcy3OUDQlkpRDm -- cgit v1.2.3