Lab 6 Jwt

src/main/java/com/example/demo/configuration/SecurityConfiguration.java

@@ -54,6 +54,7 @@ public class SecurityConfiguration {
                 .and()
                 .authorizeHttpRequests()
                 .requestMatchers("/", SPA_URL_MASK).permitAll()
+                .requestMatchers(HttpMethod.GET, OpenAPI30Configuration.API_PREFIX + "/product/").permitAll()
                 .requestMatchers(HttpMethod.POST, MasterController.URL_LOGIN).permitAll()
                 .requestMatchers(HttpMethod.POST, MasterController.URL_SING_UP).permitAll()
                 .requestMatchers(HttpMethod.POST, MasterController.URL_WHO_AM_I).permitAll()

src/main/java/com/example/demo/master/Master.java

@@ -86,12 +86,15 @@ public class Master {
 
     @Override
     public String toString() {
-        return "Master{" +
+        return "{" +
-                "id=" + id +
+                "\"id\":" + id +
-                ", firstName='" + firstName + '\'' +
+                ", \"firstName\":\"" + firstName + '\"' +
-                ", lastName='" + lastName + '\'' +
+                ", \"lastName\":\"" + lastName + '\"' +
-                ", email='" + email + '\'' +
+                ", \"email\":\"" + email + '\"' +
-                ", password='" + password + '\'' +
+                ", \"password\":\"" + password + '\"' +
+                ", \"role\":\"" + role + "\"" +
                 '}';
     }
+
+
 }

src/main/java/com/example/demo/master/MasterController.java

@@ -8,6 +8,7 @@ import jakarta.validation.Valid;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.web.bind.annotation.*;
 
+import java.io.Console;
 import java.security.Principal;
 import java.util.List;
 
@@ -26,7 +27,7 @@ public class MasterController {
     }
 
     @PostMapping(URL_LOGIN)
-    public String login(@RequestBody @Valid MasterDto userDto) {
+    public String login(@RequestBody @Valid MasterLoginDto userDto) {
         return masterService.loginAndGetToken(userDto);
     }
 
@@ -35,7 +36,7 @@ public class MasterController {
         try {
             final Master master = masterService.addMaster(masterSignupDto.getFirstName(), masterSignupDto.getLastName(),
                     masterSignupDto.getEmail(), masterSignupDto.getPassword(), MasterRole.USER);
-            final Order order = orderService.addOrder(master.getId());
+            orderService.addOrder(master.getId());
             return "created " + master.getEmail();
         } catch (ValidationException e) {
             return e.getMessage();
@@ -46,12 +47,7 @@ public class MasterController {
     public String whoAmI(@RequestParam("token") String token) {
         UserDetails userDetails = masterService.loadUserByToken(token);
         Master master = masterService.findMaster(userDetails.getUsername());
-        return master.getRole().toString();
+        return master.toString();
-    }
-
-    @GetMapping(OpenAPI30Configuration.API_PREFIX + "/master")
-    public MasterDto getCurrentMaster(Principal principal) {
-        return new MasterDto(masterService.findMaster(principal.getName()));
     }
 
     @PatchMapping(OpenAPI30Configuration.API_PREFIX + "/master")
@@ -59,8 +55,10 @@ public class MasterController {
                                   @RequestParam("lastName") String lastName,
                                   @RequestParam("email") String email,
                                   @RequestParam("password") String password,
-                                  Principal principal) {
+                                  @RequestParam("token") String token) {
-        return new MasterDto(masterService.updateMaster(masterService.findMaster(principal.getName()).getId(),
+        UserDetails userDetails = masterService.loadUserByToken(token);
+        Master master = masterService.findMaster(userDetails.getUsername());
+        return new MasterDto(masterService.updateMaster(master.getId(),
                 firstName, lastName, email, password));
     }
 

src/main/java/com/example/demo/master/MasterDto.java

@@ -7,9 +7,9 @@ import java.util.List;
 
 public class MasterDto {
     private final Long id;
-    @NotBlank
+
     private final String firstName;
-    @NotBlank
+
     private final String lastName;
 
     @NotBlank

src/main/java/com/example/demo/master/MasterLoginDto.java

@@ -0,0 +1,23 @@
+package com.example.demo.master;
+
+import jakarta.validation.constraints.NotBlank;
+
+public class MasterLoginDto {
+    @NotBlank
+    private String email;
+    @NotBlank
+    private String password;
+
+
+    public String getEmail() {return email; }
+
+    public String getPassword() { return password; }
+
+    public void setEmail(String email) {
+        this.email = email;
+    }
+
+    public void setPassword(String password) {
+        this.password = password;
+    }
+}

src/main/java/com/example/demo/master/MasterService.java

@@ -100,7 +100,7 @@ public class MasterService  implements UserDetailsService {
         masterRepository.deleteAll();
     }
 
-    public String loginAndGetToken(MasterDto userDto) {
+    public String loginAndGetToken(MasterLoginDto userDto) {
         final Master master = findMaster(userDto.getEmail());
         if (master == null) {
             throw new MasterNotFoundException(userDto.getEmail());

src/main/java/com/example/demo/order/OrderController.java

@@ -2,9 +2,14 @@ package com.example.demo.order;
 
 import com.example.demo.configuration.OpenAPI30Configuration;
 import com.example.demo.configuration.WebConfiguration;
+import com.example.demo.master.Master;
+import com.example.demo.master.MasterRole;
 import com.example.demo.master.MasterService;
+import org.springframework.security.access.annotation.Secured;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.web.bind.annotation.*;
 
+import java.net.http.HttpHeaders;
 import java.security.Principal;
 import java.util.List;
 
@@ -19,38 +24,43 @@ public class OrderController {
         this.masterService = masterService;
     }
 
-    @GetMapping("/{id}")
+    @GetMapping("/")
-    public OrderDto getOrder(@PathVariable Long id) {
+    public OrderDto getOrder(@RequestHeader("Authorization") String token) {
-        return new OrderDto(orderService.findOrder(id));
+        UserDetails userDetails = masterService.loadUserByToken(token.substring(7));
+        Master master = masterService.findMaster(userDetails.getUsername());
+        return new OrderDto(orderService.findOrder(master.getId()));
     }
 
     @DeleteMapping("/")
-    public void buyProducts(Principal principal) {
+    public void buyProducts(@RequestHeader("Authorization") String token) {
-        orderService.buyProducts(masterService.findMaster(principal.getName()).getId());
+        UserDetails userDetails = masterService.loadUserByToken(token.substring(7));
+        Master master = masterService.findMaster(userDetails.getUsername());
+        orderService.buyProducts(master.getId());
     }
 
-    @GetMapping("/")
+    @GetMapping("/all")
     public List<OrderDto> getOrder() {
         return orderService.findAllOrders().stream().map(OrderDto::new).toList();
     }
 
-    @PostMapping("/")
-    public OrderDto createOrder(@RequestParam("master") Long masterId) {
-        return new OrderDto(orderService.addOrder(masterId));
-    }
 
     @PostMapping("/{product}")
-    public void addProduct(@PathVariable("product") Long productId, Principal principal) {
+    public void addProduct(@PathVariable("product") Long productId, @RequestHeader("Authorization") String token) {
-        orderService.addProduct(masterService.findMaster(principal.getName()).getId(), productId);
+        UserDetails userDetails = masterService.loadUserByToken(token.substring(7));
+        Master master = masterService.findMaster(userDetails.getUsername());
+        orderService.addProduct(master.getId(), productId);
     }
 
     @DeleteMapping("/{product}")
-    public void deleteProduct(@PathVariable("product") Long productId, Principal principal) {
+    public void deleteProduct(@PathVariable("product") Long productId, @RequestHeader("Authorization") String token) {
-        orderService.deleteProduct(masterService.findMaster(principal.getName()).getId(), productId);
+        UserDetails userDetails = masterService.loadUserByToken(token.substring(7));
+        Master master = masterService.findMaster(userDetails.getUsername());
+        orderService.deleteProduct(master.getId(), productId);
     }
 
-    @GetMapping("/findOrders/{masterId}")
+    @GetMapping("/findOrders/{id}")
-    public List<OrderDto> findOrders(@PathVariable("masterId") Long masterId) {
+    @Secured(MasterRole.AsString.ADMIN)
-        return orderService.findMastersOrders(masterId).stream().map(OrderDto::new).toList();
+    public List<OrderDto> findOrders(@PathVariable("id") Long id) {
+        return orderService.findMastersOrders(id).stream().map(OrderDto::new).toList();
     }
 }

src/main/java/com/example/demo/product/ProductController.java

@@ -2,24 +2,21 @@ package com.example.demo.product;
 
 import com.example.demo.configuration.OpenAPI30Configuration;
 import com.example.demo.configuration.WebConfiguration;
-import org.springframework.web.bind.annotation.DeleteMapping;
+import com.example.demo.master.Master;
-import org.springframework.web.bind.annotation.GetMapping;
+import com.example.demo.master.MasterService;
-import org.springframework.web.bind.annotation.PatchMapping;
+import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.*;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestParam;
-import org.springframework.web.bind.annotation.RestController;
 
 import java.util.List;
 @RestController
 @RequestMapping(OpenAPI30Configuration.API_PREFIX + "/product")
 public class ProductController {
     private final ProductService productService;
+    private final MasterService masterService;
 
-
+    public ProductController(ProductService productService, MasterService masterService) {
-    public ProductController(ProductService productService) {
         this.productService = productService;
+        this.masterService = masterService;
     }
 
     @GetMapping("/{id}")
@@ -32,16 +29,20 @@ public class ProductController {
         return productService.findAllProducts().stream().map(ProductDto::new).toList();
     }
 
-    @GetMapping("/master/{id}")
+    @GetMapping("/master")
-    public List<ProductDto> getMasterProduct(@PathVariable("id") Long id) {
+    public List<ProductDto> getMasterProduct(@RequestHeader("Authorization") String token) {
-        return productService.findProducts(id).stream().map(ProductDto::new).toList();
+        UserDetails userDetails = masterService.loadUserByToken(token.substring(7));
+        Master master = masterService.findMaster(userDetails.getUsername());
+        return productService.findProducts(master.getId()).stream().map(ProductDto::new).toList();
     }
 
-    @PostMapping("/{name}/{cost}/{masterId}")
+    @PostMapping("/{name}/{cost}")
     public ProductDto createProduct(@PathVariable("name") String name,
                                  @PathVariable("cost") Integer cost,
-                                    @PathVariable("masterId") Long masterId) {
+                                    @RequestHeader("Authorization") String token) {
-        return new ProductDto(productService.addProduct(name, cost, masterId));
+        UserDetails userDetails = masterService.loadUserByToken(token.substring(7));
+        Master master = masterService.findMaster(userDetails.getUsername());
+        return new ProductDto(productService.addProduct(name, cost, master.getId()));
     }
 
     @PatchMapping("/{id}")

src/main/resources/application.properties

@@ -9,3 +9,5 @@ spring.jpa.hibernate.ddl-auto=update
 spring.h2.console.enabled=true
 spring.h2.console.settings.trace=false
 spring.h2.console.settings.web-allow-others=false
+jwt.dev-token=my-secret-jwt
+jwt.dev=true