From 55b09a6a3bc4a21201189d855e140308f05016fb Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Fri, 25 Nov 2016 13:20:15 +0300
Subject: juick-api: security WIP

---
 .../security/JuickAuthenticationEntryPoint.java    | 20 +++++++
 .../security/JuickAuthenticationProvider.java      | 35 ++++++++++++
 .../juick/server/security/entities/JuickUser.java  | 62 ++++++++++++++++++++++
 3 files changed, 117 insertions(+)
 create mode 100644 juick-server/src/main/java/com/juick/server/security/JuickAuthenticationEntryPoint.java
 create mode 100644 juick-server/src/main/java/com/juick/server/security/JuickAuthenticationProvider.java
 create mode 100644 juick-server/src/main/java/com/juick/server/security/entities/JuickUser.java

(limited to 'juick-server/src/main/java')

diff --git a/juick-server/src/main/java/com/juick/server/security/JuickAuthenticationEntryPoint.java b/juick-server/src/main/java/com/juick/server/security/JuickAuthenticationEntryPoint.java
new file mode 100644
index 00000000..4c73196d
--- /dev/null
+++ b/juick-server/src/main/java/com/juick/server/security/JuickAuthenticationEntryPoint.java
@@ -0,0 +1,20 @@
+package com.juick.server.security;
+
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * Created by vitalyster on 25.11.2016.
+ */
+public class JuickAuthenticationEntryPoint implements AuthenticationEntryPoint {
+    @Override
+    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException)
+            throws IOException, ServletException {
+        response.setStatus(HttpServletResponse.SC_FORBIDDEN);
+    }
+}
diff --git a/juick-server/src/main/java/com/juick/server/security/JuickAuthenticationProvider.java b/juick-server/src/main/java/com/juick/server/security/JuickAuthenticationProvider.java
new file mode 100644
index 00000000..bf0ed4d7
--- /dev/null
+++ b/juick-server/src/main/java/com/juick/server/security/JuickAuthenticationProvider.java
@@ -0,0 +1,35 @@
+package com.juick.server.security;
+
+import com.juick.service.UserService;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+
+import javax.inject.Inject;
+import java.util.Collections;
+
+/**
+ * Created by vitalyster on 25.11.2016.
+ */
+public class JuickAuthenticationProvider implements AuthenticationProvider {
+    @Inject
+    UserService userService;
+    @Override
+    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+        String name = authentication.getName();
+        String password = authentication.getCredentials().toString();
+        if (userService.checkPassword(name, password) > 0) {
+            return new UsernamePasswordAuthenticationToken(name, password, Collections.singletonList(
+                    new SimpleGrantedAuthority("ROLE_USER")
+            ));
+        }
+        return null;
+    }
+
+    @Override
+    public boolean supports(Class<?> authentication) {
+        return authentication.equals(UsernamePasswordAuthenticationToken.class);
+    }
+}
diff --git a/juick-server/src/main/java/com/juick/server/security/entities/JuickUser.java b/juick-server/src/main/java/com/juick/server/security/entities/JuickUser.java
new file mode 100644
index 00000000..6cc002ae
--- /dev/null
+++ b/juick-server/src/main/java/com/juick/server/security/entities/JuickUser.java
@@ -0,0 +1,62 @@
+package com.juick.server.security.entities;
+
+import com.juick.User;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+
+import java.util.Collection;
+import java.util.Collections;
+
+/**
+ * Created by aalexeev on 11/21/16.
+ */
+public class JuickUser implements UserDetails {
+    private static final GrantedAuthority ROLE_USER = new SimpleGrantedAuthority("ROLE_USER");
+
+    private final com.juick.User user;
+
+
+    public JuickUser(com.juick.User user) {
+        this.user = user;
+    }
+
+    @Override
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+        return Collections.singletonList(ROLE_USER);
+    }
+
+    @Override
+    public String getPassword() {
+        return null;
+    }
+
+    @Override
+    public String getUsername() {
+        return user.getName();
+    }
+
+    @Override
+    public boolean isAccountNonExpired() {
+        return true;
+    }
+
+    @Override
+    public boolean isAccountNonLocked() {
+        return false;
+    }
+
+    @Override
+    public boolean isCredentialsNonExpired() {
+        return true;
+    }
+
+    @Override
+    public boolean isEnabled() {
+        return !user.isBanned();
+    }
+
+    public User getUser() {
+        return user;
+    }
+}
-- 
cgit v1.2.3