Lab 6 MVC + SPA (профили)

2023-05-16 10:53:56 +04:00 · 2023-05-16 10:53:56 +04:00 · f168733da2
commit f168733da2
parent 7a293630a4
6 changed files with 156 additions and 27 deletions
--- a/data.mv.db
+++ b/data.mv.db
--- a/front/vue_front/src/components/Profile.vue
+++ b/front/vue_front/src/components/Profile.vue
@ -1,9 +1,6 @@
 <template>
    <div class="ms-5">
        <p class='h5 m-3'>Профили</p>
-        <button type='button' class="btn btn-primary ms-3 mb-3" data-bs-toggle="modal" data-bs-target="#profileCreate">
-            Добавить новый профиль
-        </button>
        <p class='h6 ms-3'>Список профилей</p>
        <ul>
            <li v-for="profile in profiles">
@ -107,12 +104,18 @@ export default {
            this.refreshList();
        },
        async editUser() {
-            const response = await axios.put('http://localhost:8080/api/1.0/profile/' + this.selectedProfileId + '?login=' + this.loginModal + '&password=' + this.passwordModal, 
-            {
+            // const response = await axios.put('http://localhost:8080/api/1.0/profile/' + this.selectedProfileId + '?login=' + this.loginModal + '&password=' + this.passwordModal, 
+            // {
+            //     headers: {
+            //         'Authorization': 'Bearer ' + localStorage.token
+            //     }
+            // });
+            await fetch('http://localhost:8080/api/1.0/profile/' + this.selectedProfileId + '?login=' + this.loginModal + '&password=' + this.passwordModal, {
+                method: 'PUT',
                headers: {
-                    'Authorization': 'Bearer ' + localStorage.token
-                }
-            });
+                    'Authorization':'Bearer ' + localStorage['token']
+                },
+            })
            this.refreshList();
        },
        async refreshList() {
--- a/src/main/java/com/webproglabs/lab1/SecurityConfiguration.java
+++ b/src/main/java/com/webproglabs/lab1/SecurityConfiguration.java
@ -7,7 +7,9 @@ import com.webproglabs.lab1.lab34.model.UserRole;
 import com.webproglabs.lab1.lab34.services.ProfileService;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
@ -16,11 +18,20 @@ import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint;
+import org.springframework.security.web.authentication.Http403ForbiddenEntryPoint;
+import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.security.web.util.matcher.RequestMatcher;
+
+import java.util.LinkedHashMap;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
+@Profile("mvc")
 public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
    private final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class);
    private static final String LOGIN_URL = "/login";
@ -46,8 +57,10 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
        }
    }

-/*    @Override
+    @Override
    protected void configure(HttpSecurity http) throws Exception {
+
+        http.exceptionHandling().authenticationEntryPoint(delegatingEntryPoint());
        http.headers().frameOptions().sameOrigin().and()
                .cors().and()
                .csrf().disable()
@ -60,24 +73,6 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
                .loginPage(LOGIN_URL).permitAll()
                .and()
                .logout().permitAll();
-    }*/
-
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        log.info("Creating security configuration");
-        http.cors()
-                .and()
-                .csrf().disable()
-                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
-                .and()
-                .authorizeRequests()
-                .antMatchers("/", SPA_URL_MASK).permitAll()
-                .antMatchers(HttpMethod.POST, WebConfiguration.REST_API + "/profile" + ProfileController.URL_LOGIN).permitAll()
-                .anyRequest()
-                .authenticated()
-                .and()
-                .addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class)
-                .anonymous();
    }

    @Override
@ -95,4 +90,16 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
                .antMatchers("/swagger-resources/**")
                .antMatchers("/v3/api-docs/**");
    }
+
+    @Bean
+    public AuthenticationEntryPoint delegatingEntryPoint() {
+        final LinkedHashMap<RequestMatcher, AuthenticationEntryPoint> map = new LinkedHashMap();
+        map.put(new AntPathRequestMatcher("/"), new LoginUrlAuthenticationEntryPoint("/login"));
+        map.put(new AntPathRequestMatcher("/api/1.0/**"), new Http403ForbiddenEntryPoint());
+
+        final DelegatingAuthenticationEntryPoint entryPoint = new DelegatingAuthenticationEntryPoint(map);
+        entryPoint.setDefaultEntryPoint(new LoginUrlAuthenticationEntryPoint("/login"));
+
+        return entryPoint;
+    }
 }
--- a/src/main/java/com/webproglabs/lab1/SecurityConfigurationSPA.java
+++ b/src/main/java/com/webproglabs/lab1/SecurityConfigurationSPA.java
@ -0,0 +1,105 @@
+package com.webproglabs.lab1;
+
+import com.webproglabs.lab1.lab34.controller.ProfileController;
+import com.webproglabs.lab1.lab34.controller.mvc_controllers.UserSignupMvcController;
+import com.webproglabs.lab1.lab34.jwt.JwtFilter;
+import com.webproglabs.lab1.lab34.model.UserRole;
+import com.webproglabs.lab1.lab34.services.ProfileService;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint;
+import org.springframework.security.web.authentication.Http403ForbiddenEntryPoint;
+import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.security.web.util.matcher.RequestMatcher;
+
+import java.util.LinkedHashMap;
+
+@Configuration
+@EnableWebSecurity
+@EnableGlobalMethodSecurity(securedEnabled = true)
+@Profile("spa")
+public class SecurityConfigurationSPA extends WebSecurityConfigurerAdapter {
+    private final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class);
+    private static final String LOGIN_URL = "/login";
+    public static final String SPA_URL_MASK = "/{path:[^\\.]*}";
+    private final ProfileService userService;
+    private final JwtFilter jwtFilter;
+
+    public SecurityConfigurationSPA(ProfileService userService) {
+        this.userService = userService;
+        this.jwtFilter = new JwtFilter(userService);
+        createAdminOnStartup();
+    }
+
+    private void createAdminOnStartup() {
+        final String admin = "admin";
+        if (userService.findByLogin(admin) == null) {
+            log.info("Admin user successfully created");
+            try {
+                userService.createUser(admin, admin, admin, UserRole.ADMIN);
+            } catch (Exception e) {
+                throw new RuntimeException(e);
+            }
+        }
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        log.info("Creating security configuration");
+        http.cors()
+                .and()
+                .csrf().disable()
+                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                .and()
+                .authorizeRequests()
+                .antMatchers("/", SPA_URL_MASK).permitAll()
+                .antMatchers(HttpMethod.POST, WebConfiguration.REST_API + "/profile" + ProfileController.URL_LOGIN).permitAll()
+                .anyRequest()
+                .authenticated()
+                .and()
+                .addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class)
+                .anonymous();
+    }
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth.userDetailsService(userService);
+    }
+
+    @Override
+    public void configure(WebSecurity web) {
+        web.ignoring()
+                .antMatchers("/css/**")
+                .antMatchers("/js/**")
+                .antMatchers("/templates/**")
+                .antMatchers("/webjars/**")
+                .antMatchers("/swagger-resources/**")
+                .antMatchers("/v3/api-docs/**");
+    }
+
+    @Bean
+    public AuthenticationEntryPoint delegatingEntryPoint() {
+        final LinkedHashMap<RequestMatcher, AuthenticationEntryPoint> map = new LinkedHashMap();
+        map.put(new AntPathRequestMatcher("/"), new LoginUrlAuthenticationEntryPoint("/login"));
+        map.put(new AntPathRequestMatcher("/api/1.0/**"), new Http403ForbiddenEntryPoint());
+
+        final DelegatingAuthenticationEntryPoint entryPoint = new DelegatingAuthenticationEntryPoint(map);
+        entryPoint.setDefaultEntryPoint(new LoginUrlAuthenticationEntryPoint("/login"));
+
+        return entryPoint;
+    }
+}
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@ -13,3 +13,4 @@ spring.h2.console.settings.web-allow-others=false
 spring.security.user.password=user
 jwt.dev-token=my-secret-jwt
 jwt.dev=true
+spring.profiles.active=mvc
--- a/src/main/resources/templates/error.html
+++ b/src/main/resources/templates/error.html
@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html lang="en"
+      xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout"
+      layout:decorate="~{default}">
+<body>
+<div class="container" layout:fragment="content">
+    <div class="alert alert-danger">
+        <span th:text="${error}"></span>
+    </div>
+    <a href="/">На главную</a>
+</div>
+</body>
+</html>