Вроде все работает

build.gradle

@@ -34,6 +34,11 @@ dependencies {
 	implementation 'org.webjars:bootstrap:5.1.3'
 	implementation 'org.webjars:jquery:3.6.0'
 	implementation 'org.webjars:font-awesome:6.1.0'
+
+	implementation 'org.springframework.boot:spring-boot-starter-security'
+	implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity6'
+	implementation group: 'org.springframework.security', name: 'spring-security-web'
+	implementation group: 'org.springframework.security', name: 'spring-security-config'
 }
 
 tasks.named('test') {

src/main/java/ip/labwork/configuration/PasswordEncoderConfiguration.java

@@ -0,0 +1,14 @@
+package ip.labwork.configuration;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+@Configuration
+public class PasswordEncoderConfiguration {
+    @Bean
+    public PasswordEncoder createPasswordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+}

src/main/java/ip/labwork/configuration/SecurityConfiguration.java

@@ -0,0 +1,76 @@
+package ip.labwork.configuration;
+
+import ip.labwork.user.controller.UserSignupMvcController;
+import ip.labwork.user.model.UserRole;
+import ip.labwork.user.service.UserService;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
+
+@Configuration
+@EnableWebSecurity
+@EnableGlobalMethodSecurity(securedEnabled = true)
+public class SecurityConfiguration {
+    private final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class);
+    private static final String LOGIN_URL = "/login";
+    private final UserService userService;
+    public SecurityConfiguration(UserService userService) {
+        this.userService = userService;
+        createAdminOnStartup();
+    }
+
+    private void createAdminOnStartup() {
+        final String admin = "admin";
+        if (userService.findByLogin(admin) == null) {
+            log.info("Admin user successfully created");
+            userService.createUser(admin, admin, admin, UserRole.ADMIN);
+        }
+    }
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http.headers().frameOptions().sameOrigin().and()
+                .cors().and()
+                .csrf().disable()
+                .authorizeRequests()
+                .requestMatchers(UserSignupMvcController.SIGNUP_URL).permitAll()
+                .requestMatchers(HttpMethod.GET, LOGIN_URL).permitAll()
+                .anyRequest().authenticated()
+                .and()
+                .formLogin()
+                .loginPage(LOGIN_URL).permitAll()
+                .and()
+                .logout().permitAll();
+        return http.build();
+    }
+    @Bean
+    public AuthenticationManager authenticationManager(HttpSecurity http, PasswordEncoderConfiguration bCryptPasswordEncoder)
+            throws Exception {
+        return http.getSharedObject(AuthenticationManagerBuilder.class)
+                .userDetailsService(userService)
+                .passwordEncoder(bCryptPasswordEncoder.createPasswordEncoder())
+                .and()
+                .build();
+    }
+    @Bean
+    public WebSecurityCustomizer webSecurityCustomizer() {
+        return (web) -> web.ignoring()
+                .requestMatchers("/css/**")
+                .requestMatchers("/js/**")
+                .requestMatchers("/templates/**")
+                .requestMatchers("/webjars/**");
+    }
+}

src/main/java/ip/labwork/configuration/WebConfiguration.java

@@ -1,28 +1,28 @@
-package ip.labwork;
+package ip.labwork.configuration;
 
 import org.springframework.boot.web.server.ErrorPage;
 import org.springframework.boot.web.server.WebServerFactoryCustomizer;
 import org.springframework.boot.web.servlet.server.ConfigurableServletWebServerFactory;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpStatus;
 import org.springframework.web.servlet.config.annotation.CorsRegistry;
-import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 import org.springframework.web.servlet.config.annotation.ViewControllerRegistration;
 import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
-import org.springframework.http.HttpStatus;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 @Configuration
 public class WebConfiguration implements WebMvcConfigurer {
     public static final String REST_API = "/api";
-    @Override
+
-    public void addCorsMappings(CorsRegistry registry){
-        registry.addMapping("/**").allowedMethods("*");
-    }
     @Override
     public void addViewControllers(ViewControllerRegistry registry) {
+        WebMvcConfigurer.super.addViewControllers(registry);
         ViewControllerRegistration registration = registry.addViewController("/notFound");
         registration.setViewName("forward:/index.html");
         registration.setStatusCode(HttpStatus.OK);
+        registry.addViewController("rest-test");
+        registry.addViewController("login");
     }
 
     @Bean
@@ -31,4 +31,8 @@ public class WebConfiguration implements WebMvcConfigurer {
             container.addErrorPages(new ErrorPage(HttpStatus.NOT_FOUND, "/notFound"));
         };
     }
+    @Override
+    public void addCorsMappings(CorsRegistry registry) {
+        registry.addMapping("/**").allowedMethods("*");
+    }
 }

src/main/java/ip/labwork/method/controller/MethodController.java

@@ -1,6 +1,6 @@
 package ip.labwork.method.controller;
 
-import ip.labwork.WebConfiguration;
+import ip.labwork.configuration.WebConfiguration;
 import ip.labwork.method.service.MethodService;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;

src/main/java/ip/labwork/shop/controller/ComponentController.java

@@ -1,6 +1,6 @@
 package ip.labwork.shop.controller;
 
-import ip.labwork.WebConfiguration;
+import ip.labwork.configuration.WebConfiguration;
 import ip.labwork.shop.service.ComponentService;
 import jakarta.validation.Valid;
 import org.springframework.web.bind.annotation.*;

src/main/java/ip/labwork/shop/controller/ComponentMvcController.java

@@ -1,7 +1,9 @@
 package ip.labwork.shop.controller;
 
 import ip.labwork.shop.service.ComponentService;
+import ip.labwork.user.model.UserRole;
 import jakarta.validation.Valid;
+import org.springframework.security.access.annotation.Secured;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.validation.BindingResult;
@@ -16,11 +18,13 @@ public class ComponentMvcController {
         this.componentService = componentService;
     }
     @GetMapping
+    @Secured({UserRole.AsString.ADMIN})
     public String getComponents(Model model) {
         model.addAttribute("components", componentService.findAllComponent());
         return "component";
     }
     @GetMapping(value = {"/edit", "/edit/{id}"})
+    @Secured({UserRole.AsString.ADMIN})
     public String editComponent(@PathVariable(required = false) Long id,
                                 Model model) {
         if (id == null || id <= 0) {

src/main/java/ip/labwork/shop/controller/OrderController.java

@@ -1,6 +1,6 @@
 package ip.labwork.shop.controller;
 
-import ip.labwork.WebConfiguration;
+import ip.labwork.configuration.WebConfiguration;
 import ip.labwork.shop.service.OrderService;
 import jakarta.validation.Valid;
 import org.springframework.web.bind.annotation.*;

src/main/java/ip/labwork/shop/controller/OrderDTO.java

@@ -14,6 +14,7 @@ public class OrderDTO {
     private Date date = new Date();
     @NotBlank(message = "Price can't be null or empty")
     private int price;
+    private long user_id;
     private OrderStatus status = OrderStatus.Неизвестен;
     private List<ProductDTO> productDTOList;
     public OrderDTO(Order order) {
@@ -25,6 +26,7 @@ public class OrderDTO {
                 .map(y -> new ProductDTO(y.getProduct(), y.getCount()))
                 .toList();
         this.status = Objects.equals(order.getStatus().toString(), "") ? OrderStatus.Неизвестен : order.getStatus();
+        this.user_id = order.getUser_id() == null ? -1 : order.getUser_id();
     }
 
     public OrderDTO() {
@@ -69,4 +71,12 @@ public class OrderDTO {
     public void setProductDTOList(List<ProductDTO> productDTOList) {
         this.productDTOList = productDTOList;
     }
+
+    public long getUser_id() {
+        return user_id;
+    }
+
+    public void setUser_id(long user_id) {
+        this.user_id = user_id;
+    }
 }

src/main/java/ip/labwork/shop/controller/OrderMvcController.java

@@ -3,6 +3,7 @@ package ip.labwork.shop.controller;
 import ip.labwork.shop.model.OrderStatus;
 import ip.labwork.shop.service.OrderService;
 import ip.labwork.shop.service.ProductService;
+import ip.labwork.user.service.UserService;
 import jakarta.servlet.http.Cookie;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
@@ -11,6 +12,7 @@ import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.*;
 
+import java.security.Principal;
 import java.util.ArrayList;
 import java.util.List;
 
@@ -19,9 +21,11 @@ import java.util.List;
 public class OrderMvcController {
     private final OrderService orderService;
     private final ProductService productService;
-    public OrderMvcController(OrderService orderService, ProductService productService) {
+    private final UserService userService;
+    public OrderMvcController(OrderService orderService, ProductService productService, UserService userService) {
         this.orderService = orderService;
         this.productService = productService;
+        this.userService = userService;
     }
     @GetMapping
     public String getOrders(HttpServletRequest request,
@@ -45,7 +49,7 @@ public class OrderMvcController {
     }
     @PostMapping
     public String createOrder(HttpServletRequest request,
-                              HttpServletResponse response) {
+                              HttpServletResponse response, Principal principal) {
         Cookie[] cookies = request.getCookies();
         OrderDTO orderDTO = new OrderDTO();
         List<ProductDTO> productDTOS = new ArrayList<>();
@@ -60,13 +64,14 @@ public class OrderMvcController {
         orderDTO.setPrice(totalPrice);
         orderDTO.setProductDTOList(productDTOS);
         orderDTO.setStatus(OrderStatus.Готов);
+        orderDTO.setUser_id(userService.findByLogin(principal.getName()).getId());
         orderService.create(orderDTO);
         response.addCookie(new Cookie("delete",""));
         return "redirect:/order";
     }
     @GetMapping(value = {"/all"})
-    public String getOrders(Model model) {
+    public String getOrders(Model model, Principal principal) {
-        model.addAttribute("orders", orderService.findAllOrder());
+        model.addAttribute("orders", orderService.findFiltredOrder(userService.findByLogin(principal.getName()).getId()));
         return "orders";
     }
 

src/main/java/ip/labwork/shop/controller/ProductController.java

@@ -1,6 +1,6 @@
 package ip.labwork.shop.controller;
 
-import ip.labwork.WebConfiguration;
+import ip.labwork.configuration.WebConfiguration;
 import ip.labwork.shop.service.ProductService;
 import jakarta.validation.Valid;
 import org.springframework.web.bind.annotation.*;

src/main/java/ip/labwork/shop/controller/ProductMvcController.java

@@ -2,7 +2,9 @@ package ip.labwork.shop.controller;
 
 import ip.labwork.shop.service.ComponentService;
 import ip.labwork.shop.service.ProductService;
+import ip.labwork.user.model.UserRole;
 import jakarta.validation.Valid;
+import org.springframework.security.access.annotation.Secured;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.validation.BindingResult;
@@ -27,6 +29,7 @@ public class ProductMvcController {
         return "product";
     }
     @GetMapping(value = {"/edit", "/edit/{id}"})
+    @Secured({UserRole.AsString.ADMIN})
     public String editProduct(@PathVariable(required = false) Long id,
                               Model model) {
         if (id == null || id <= 0) {

src/main/java/ip/labwork/shop/model/Order.java

@@ -20,6 +20,7 @@ public class Order {
     @NotNull(message = "Price can't be null or empty")
     @Column(name = "price")
     private Integer price;
+    private Long user_id;
     @OneToMany(mappedBy = "order", cascade = CascadeType.ALL, fetch = FetchType.EAGER)
     private List<OrderProducts> products;
     private OrderStatus status;
@@ -27,10 +28,11 @@ public class Order {
 
     }
 
-    public Order(Date date, Integer price, OrderStatus status) {
+    public Order(Date date, Integer price, OrderStatus status, Long user_id) {
         this.date = date;
         this.price = price;
         this.status = status;
+        this.user_id = user_id;
     }
 
     public Long getId() {
@@ -84,11 +86,19 @@ public class Order {
         this.status = status;
     }
 
+    public Long getUser_id() {
+        return user_id;
+    }
+
+    public void setUser_id(Long user_id) {
+        this.user_id = user_id;
+    }
+
     @Override
     public boolean equals(Object o) {
         if (this == o) return true;
         if (!(o instanceof Order order)) return false;
-        return Objects.equals(getId(), order.getId()) && Objects.equals(getDate(), order.getDate()) && Objects.equals(getPrice(), order.getPrice());
+        return Objects.equals(getId(), order.getId()) && Objects.equals(getDate(), order.getDate()) && Objects.equals(getPrice(), order.getPrice()) && Objects.equals(getUser_id(), order.getUser_id()) && Objects.equals(getProducts(), order.getProducts()) && getStatus() == order.getStatus();
     }
 
     @Override

src/main/java/ip/labwork/shop/repository/OrderRepository.java

@@ -11,4 +11,7 @@ import java.util.List;
 public interface OrderRepository extends JpaRepository<Order, Long> {
     @Query("Select os from OrderProducts os where os.order.id = :orderId")
     List<OrderProducts> getOrderProduct(@Param("orderId") Long orderId);
+
+    @Query("Select o from Order o where o.user_id = :userId")
+    List<Order> getOrdersByUser_id(@Param("userId") Long userId);
 }

src/main/java/ip/labwork/shop/service/OrderService.java

@@ -28,7 +28,7 @@ public class OrderService {
         for(int i = 0; i < orderDTO.getProductDTOList().size(); i++){
             price += orderDTO.getProductDTOList().get(i).getPrice() * orderDTO.getProductDTOList().get(i).getCount();
         }
-        final Order order = new Order(new Date(), price, orderDTO.getStatus());
+        final Order order = new Order(new Date(), price, orderDTO.getStatus(), orderDTO.getUser_id());
         validatorUtil.validate(order);
         orderRepository.save(order);
         for (int i = 0; i < orderDTO.getProductDTOList().size(); i++) {
@@ -47,6 +47,11 @@ public class OrderService {
     public List<OrderDTO> findAllOrder() {
         return orderRepository.findAll().stream().map(x -> new OrderDTO(x)).toList();
     }
+
+    @Transactional(readOnly = true)
+    public List<OrderDTO> findFiltredOrder(long userid) {
+        return orderRepository.getOrdersByUser_id(userid).stream().map(x -> new OrderDTO(x)).toList();
+    }
     @Transactional
     public OrderDTO update(Long id, OrderDTO orderDTO) {
         final Order currentOrder = findOrder(id);

src/main/java/ip/labwork/test/controller/TestController.java

@@ -1,6 +1,6 @@
 package ip.labwork.test.controller;
 
-import ip.labwork.WebConfiguration;
+import ip.labwork.configuration.WebConfiguration;
 import ip.labwork.test.model.TestDto;
 import jakarta.validation.Valid;
 import org.springframework.web.bind.annotation.PostMapping;

src/main/java/ip/labwork/user/controller/UserMvcController.java

@@ -0,0 +1,42 @@
+package ip.labwork.user.controller;
+
+import ip.labwork.user.model.UserDto;
+import ip.labwork.user.model.UserRole;
+import ip.labwork.user.service.UserService;
+import org.springframework.data.domain.Page;
+import org.springframework.security.access.annotation.Secured;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+
+import java.util.List;
+import java.util.stream.IntStream;
+
+@Controller
+@RequestMapping("/users")
+public class UserMvcController {
+    private final UserService userService;
+
+    public UserMvcController(UserService userService) {
+        this.userService = userService;
+    }
+
+    @GetMapping
+    @Secured({UserRole.AsString.ADMIN})
+    public String getUsers(@RequestParam(defaultValue = "1") int page,
+                           @RequestParam(defaultValue = "5") int size,
+                           Model model) {
+        final Page<UserDto> users = userService.findAllPages(page, size)
+                .map(UserDto::new);
+        model.addAttribute("users", users);
+        final int totalPages = users.getTotalPages();
+        final List<Integer> pageNumbers = IntStream.rangeClosed(1, totalPages)
+                .boxed()
+                .toList();
+        model.addAttribute("pages", pageNumbers);
+        model.addAttribute("totalPages", totalPages);
+        return "users";
+    }
+}

src/main/java/ip/labwork/user/controller/UserSignupMvcController.java

@@ -0,0 +1,50 @@
+package ip.labwork.user.controller;
+
+import ip.labwork.user.model.User;
+import ip.labwork.user.model.UserSignupDto;
+import ip.labwork.user.service.UserService;
+import ip.labwork.util.validation.ValidationException;
+import jakarta.validation.Valid;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.validation.BindingResult;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.ModelAttribute;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+@Controller
+@RequestMapping(UserSignupMvcController.SIGNUP_URL)
+public class UserSignupMvcController {
+    public static final String SIGNUP_URL = "/signup";
+
+    private final UserService userService;
+
+    public UserSignupMvcController(UserService userService) {
+        this.userService = userService;
+    }
+
+    @GetMapping
+    public String showSignupForm(Model model) {
+        model.addAttribute("userDto", new UserSignupDto());
+        return "signup";
+    }
+
+    @PostMapping
+    public String signup(@ModelAttribute("userDto") @Valid UserSignupDto userSignupDto,
+                         BindingResult bindingResult,
+                         Model model) {
+        if (bindingResult.hasErrors()) {
+            model.addAttribute("errors", bindingResult.getAllErrors());
+            return "signup";
+        }
+        try {
+            final User user = userService.createUser(
+                    userSignupDto.getLogin(), userSignupDto.getPassword(), userSignupDto.getPasswordConfirm());
+            return "redirect:/login?created=" + user.getLogin();
+        } catch (ValidationException e) {
+            model.addAttribute("errors", e.getMessage());
+            return "signup";
+        }
+    }
+}

src/main/java/ip/labwork/user/model/User.java

@@ -0,0 +1,74 @@
+package ip.labwork.user.model;
+
+import jakarta.persistence.*;
+import jakarta.validation.constraints.NotBlank;
+import jakarta.validation.constraints.Size;
+
+import java.util.Objects;
+
+@Entity
+@Table(name = "users")
+public class User {
+    @Id
+    @GeneratedValue(strategy = GenerationType.AUTO)
+    private Long id;
+    @Column(nullable = false, unique = true, length = 64)
+    @NotBlank
+    @Size(min = 3, max = 64)
+    private String login;
+    @Column(nullable = false, length = 64)
+    @NotBlank
+    @Size(min = 6, max = 64)
+    private String password;
+    private UserRole role;
+
+    public User() {
+    }
+
+    public User(String login, String password) {
+        this(login, password, UserRole.USER);
+    }
+
+    public User(String login, String password, UserRole role) {
+        this.login = login;
+        this.password = password;
+        this.role = role;
+    }
+
+    public Long getId() {
+        return id;
+    }
+
+    public String getLogin() {
+        return login;
+    }
+
+    public void setLogin(String login) {
+        this.login = login;
+    }
+
+    public String getPassword() {
+        return password;
+    }
+
+    public void setPassword(String password) {
+        this.password = password;
+    }
+
+    public UserRole getRole() {
+        return role;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+        User user = (User) o;
+        return Objects.equals(id, user.id) && Objects.equals(login, user.login);
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(id, login);
+    }
+}

src/main/java/ip/labwork/user/model/UserDto.java

@@ -0,0 +1,25 @@
+package ip.labwork.user.model;
+
+public class UserDto {
+    private final long id;
+    private final String login;
+    private final UserRole role;
+
+    public UserDto(User user) {
+        this.id = user.getId();
+        this.login = user.getLogin();
+        this.role = user.getRole();
+    }
+
+    public long getId() {
+        return id;
+    }
+
+    public String getLogin() {
+        return login;
+    }
+
+    public UserRole getRole() {
+        return role;
+    }
+}

src/main/java/ip/labwork/user/model/UserRole.java

@@ -0,0 +1,20 @@
+package ip.labwork.user.model;
+
+import org.springframework.security.core.GrantedAuthority;
+
+public enum UserRole implements GrantedAuthority {
+    ADMIN,
+    USER;
+
+    private static final String PREFIX = "ROLE_";
+
+    @Override
+    public String getAuthority() {
+        return PREFIX + this.name();
+    }
+
+    public static final class AsString {
+        public static final String ADMIN = PREFIX + "ADMIN";
+        public static final String USER = PREFIX + "USER";
+    }
+}

src/main/java/ip/labwork/user/model/UserSignupDto.java

@@ -0,0 +1,40 @@
+package ip.labwork.user.model;
+
+import jakarta.validation.constraints.NotBlank;
+import jakarta.validation.constraints.Size;
+
+public class UserSignupDto {
+    @NotBlank
+    @Size(min = 3, max = 64)
+    private String login;
+    @NotBlank
+    @Size(min = 6, max = 64)
+    private String password;
+    @NotBlank
+    @Size(min = 6, max = 64)
+    private String passwordConfirm;
+
+    public String getLogin() {
+        return login;
+    }
+
+    public void setLogin(String login) {
+        this.login = login;
+    }
+
+    public String getPassword() {
+        return password;
+    }
+
+    public void setPassword(String password) {
+        this.password = password;
+    }
+
+    public String getPasswordConfirm() {
+        return passwordConfirm;
+    }
+
+    public void setPasswordConfirm(String passwordConfirm) {
+        this.passwordConfirm = passwordConfirm;
+    }
+}

src/main/java/ip/labwork/user/repository/UserRepository.java

@@ -0,0 +1,8 @@
+package ip.labwork.user.repository;
+
+import ip.labwork.user.model.User;
+import org.springframework.data.jpa.repository.JpaRepository;
+
+public interface UserRepository extends JpaRepository<User, Long> {
+    User findOneByLoginIgnoreCase(String login);
+}

src/main/java/ip/labwork/user/service/UserService.java

@@ -0,0 +1,67 @@
+package ip.labwork.user.service;
+
+import ip.labwork.user.model.User;
+import ip.labwork.user.model.UserRole;
+import ip.labwork.user.repository.UserRepository;
+import ip.labwork.util.validation.ValidationException;
+import ip.labwork.util.validation.ValidatorUtil;
+import org.springframework.data.domain.Page;
+import org.springframework.data.domain.PageRequest;
+import org.springframework.data.domain.Sort;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.stereotype.Service;
+
+import java.util.Collections;
+import java.util.Objects;
+
+@Service
+public class UserService implements UserDetailsService {
+    private final UserRepository userRepository;
+    private final PasswordEncoder passwordEncoder;
+    private final ValidatorUtil validatorUtil;
+
+    public UserService(UserRepository userRepository,
+                       PasswordEncoder passwordEncoder,
+                       ValidatorUtil validatorUtil) {
+        this.userRepository = userRepository;
+        this.passwordEncoder = passwordEncoder;
+        this.validatorUtil = validatorUtil;
+    }
+
+    public Page<User> findAllPages(int page, int size) {
+        return userRepository.findAll(PageRequest.of(page - 1, size, Sort.by("id").ascending()));
+    }
+
+    public User findByLogin(String login) {
+        return userRepository.findOneByLoginIgnoreCase(login);
+    }
+
+    public User createUser(String login, String password, String passwordConfirm) {
+        return createUser(login, password, passwordConfirm, UserRole.USER);
+    }
+
+    public User createUser(String login, String password, String passwordConfirm, UserRole role) {
+        if (findByLogin(login) != null) {
+            throw new ValidationException(String.format("User '%s' already exists", login));
+        }
+        final User user = new User(login, passwordEncoder.encode(password), role);
+        validatorUtil.validate(user);
+        if (!Objects.equals(password, passwordConfirm)) {
+            throw new ValidationException("Passwords not equals");
+        }
+        return userRepository.save(user);
+    }
+
+    @Override
+    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+        final User userEntity = findByLogin(username);
+        if (userEntity == null) {
+            throw new UsernameNotFoundException(username);
+        }
+        return new org.springframework.security.core.userdetails.User(
+                userEntity.getLogin(), userEntity.getPassword(), Collections.singleton(userEntity.getRole()));
+    }
+}

src/main/java/ip/labwork/util/validation/ValidationException.java

@@ -3,7 +3,11 @@ package ip.labwork.util.validation;
 import java.util.Set;
 
 public class ValidationException extends RuntimeException {
-    public ValidationException(Set<String> errors) {
+    public <T> ValidationException(Set<String> errors) {
         super(String.join("\n", errors));
     }
+
+    public <T> ValidationException(String error) {
+        super(error);
+    }
 }

src/main/resources/templates/default.html

@@ -3,6 +3,7 @@
   lang="ru"
   xmlns:th="http://www.thymeleaf.org"
   xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout"
+  xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity6"
 >
   <head>
     <meta charset="UTF-8" />
@@ -38,14 +39,18 @@
             <span class="navbar-toggler-icon"></span>
           </button>
           <div class="collapse navbar-collapse" id="navbarNav">
-            <ul class="navbar-nav me-auto mb-2 mb-lg-0">
+            <ul class="navbar-nav me-auto mb-2 mb-lg-0" th:with="activeLink=${#ctx.springRequestContext.requestUri}" sec:authorize="isAuthenticated()">
-              <a class="nav-link fs-4 text-black" href="/component"
+              <a class="nav-link fs-4 text-black" sec:authorize="hasRole('ROLE_ADMIN')" href="/component" th:classappend="${#strings.equals(activeLink, '/component')} ? 'active' : ''">Компоненты</a>
-                >Компоненты</a
+              <a class="nav-link fs-4 text-black" href="/product" th:classappend="${#strings.equals(activeLink, '/product')} ? 'active' : ''">Продукты</a>
-              >
+              <a class="nav-link fs-4 text-black" href="/order" th:classappend="${#strings.equals(activeLink, '/order')} ? 'active' : ''">Заказы</a>
-              <a class="nav-link fs-4 text-black" href="/product">Продукты</a>
+              <a class="nav-link fs-4 text-black" href="/order/all" th:classappend="${#strings.equals(activeLink, '/order/all')} ? 'active' : ''">История заказов</a>
-              <a class="nav-link fs-4 text-black" href="/order">Заказы</a>
+              <a sec:authorize="hasRole('ROLE_ADMIN')" class="nav-link fs-4 text-black" href="/users"
-              <a class="nav-link fs-4 text-black" href="/order/all">История заказов</a>
+                 th:classappend="${#strings.equals(activeLink, '/users')} ? 'active' : ''">Пользователи</a>
+              <a class="nav-link fs-4 text-black" href="/logout">
+                Выход (<span th:text="${#authentication.name}"></span>)
+              </a>
             </ul>
+
           </div>
         </div>
       </nav>

src/main/resources/templates/login.html

@@ -0,0 +1,35 @@
+<!DOCTYPE html>
+<html lang="en"
+      xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout"
+      layout:decorate="~{default}">
+<body>
+<main
+        class="flex-shrink-0"
+        style="background-color: white"
+        layout:fragment="content">
+    <div class="container container-padding mt-5">
+    <div th:if="${param.error}" class="alert alert-danger margin-bottom">
+      Пользователь не найден или пароль указан не верно
+    </div>
+    <div th:if="${param.logout}" class="alert alert-success margin-bottom">
+      Выход успешно произведен
+    </div>
+    <div th:if="${param.created}" class="alert alert-success margin-bottom">
+      Пользователь '<span th:text="${param.created}"></span>' успешно создан
+    </div>
+    <form th:action="@{/login}" method="post" class="container-padding">
+      <div class="mb-3">
+        <input type="text" name="username" id="username" class="form-control"
+               placeholder="Логин" required="true" autofocus="true"/>
+      </div>
+      <div class="mb-3">
+        <input type="password" name="password" id="password" class="form-control"
+               placeholder="Пароль" required="true"/>
+      </div>
+      <button type="submit" class="btn btn-success button-fixed">Войти</button>
+      <a class="btn btn-primary button-fixed" href="/signup">Регистрация</a>
+    </form>
+    </div>
+</main>
+</body>
+</html>

src/main/resources/templates/product.html

@@ -3,6 +3,7 @@
   lang="en"
   layout:decorate="~{default}"
   xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout"
+  xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity6"
 >
   <head> </head>
   <body>
@@ -12,6 +13,7 @@
           type="button"
           class="btn btn-outline-dark text-center d-flex justify-content-md-center mx-2 mb-3"
           th:href="@{/product/edit}"
+          sec:authorize="hasRole('ROLE_ADMIN')"
         >
           Добавить
         </a>
@@ -39,13 +41,14 @@
               <a
                 class="btn btn-outline-dark text-center d-flex justify-content-md-center mx-5"
                 th:attr="onclick=|confirm('Удалить запись?') && document.getElementById('remove-${product.id}').click()|"
+                sec:authorize="hasRole('ROLE_ADMIN')"
               >
                 Удалить
               </a>
               <a
                 class="btn btn-outline-dark text-center d-flex justify-content-md-center mx-5"
                 th:href="@{/product/edit/{id}(id=${product.id})}"
-                type="button"
+                type="button" sec:authorize="hasRole('ROLE_ADMIN')"
                 >Изменить
               </a>
               <a
@@ -62,7 +65,7 @@
                 <button
                   th:id="'remove-' + ${product.id}"
                   type="submit"
-                  style="display: none"
+                  style="display: none" sec:authorize="hasRole('ROLE_ADMIN')"
                 >
                   Удалить
                 </button>

src/main/resources/templates/signup.html

@@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<html lang="en"
+      xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout"
+      layout:decorate="~{default}">
+<body>
+<main
+        class="flex-shrink-0"
+        style="background-color: white"
+        layout:fragment="content">
+<div class="container container-padding mt-5">
+  <div th:if="${errors}" th:text="${errors}" class="margin-bottom alert alert-danger"></div>
+  <form action="#" th:action="@{/signup}" th:object="${userDto}" method="post">
+    <div class="mb-3">
+      <input type="text" class="form-control" th:field="${userDto.login}"
+             placeholder="Логин" required="true" autofocus="true" maxlength="64"/>
+    </div>
+    <div class="mb-3">
+      <input type="password" class="form-control" th:field="${userDto.password}"
+             placeholder="Пароль" required="true" minlength="6" maxlength="64"/>
+    </div>
+    <div class="mb-3">
+      <input type="password" class="form-control" th:field="${userDto.passwordConfirm}"
+             placeholder="Пароль (подтверждение)" required="true" minlength="6" maxlength="64"/>
+    </div>
+    <div class="mb-3">
+      <button type="submit" class="btn btn-success button-fixed">Создать</button>
+      <a class="btn btn-primary button-fixed" href="/login">Назад</a>
+    </div>
+  </form>
+</div>
+</main>
+</body>
+</html>

src/main/resources/templates/users.html

@@ -0,0 +1,37 @@
+<!DOCTYPE html>
+<html lang="en"
+      xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout"
+      layout:decorate="~{default}">
+<body>
+<main style="background-color: white" layout:fragment="content">
+  <div class="table-responsive">
+    <table class="table">
+      <thead>
+      <tr>
+        <th scope="col">#</th>
+        <th scope="col">ID</th>
+        <th scope="col">Логин</th>
+        <th scope="col">Роль</th>
+      </tr>
+      </thead>
+      <tbody>
+      <tr th:each="user, iterator: ${users}">
+        <th scope="row" th:text="${iterator.index} + 1"></th>
+        <td th:text="${user.id}"></td>
+        <td th:text="${user.login}" style="width: 60%"></td>
+        <td th:text="${user.role}" style="width: 20%"></td>
+      </tr>
+      </tbody>
+    </table>
+  </div>
+  <div th:if="${totalPages > 0}" class="pagination">
+    <span style="float: left; padding: 5px 5px;">Страницы:</span>
+    <a th:each="page : ${pages}"
+       th:href="@{/users(page=${page}, size=${users.size})}"
+       th:text="${page}"
+       th:class="${page == users.number + 1} ? active">
+    </a>
+  </div>
+</main>
+</body>
+</html>