Compare commits

..

No commits in common. "e54fbdb7b7735938109d3b1209041ebaadb4ed4c" and "57619bfefc2090d9ac358ecd9ce412aaeff6e3d2" have entirely different histories.

15 changed files with 75 additions and 72 deletions

View File

@ -1,6 +1,6 @@
plugins {
id 'java'
id 'org.springframework.boot' version '2.6.3'
id 'org.springframework.boot' version '3.0.2'
id 'io.spring.dependency-management' version '1.1.0'
}
@ -18,37 +18,22 @@ jar {
dependencies {
annotationProcessor "org.springframework.boot:spring-boot-configuration-processor"
implementation 'org.springframework.boot:spring-boot-starter-web'
implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
implementation 'com.h2database:h2:2.1.210'
implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'
implementation 'org.springframework.boot:spring-boot-starter-security'
implementation 'com.auth0:java-jwt:4.4.0'
implementation 'org.hibernate.validator:hibernate-validator'
implementation 'org.springdoc:springdoc-openapi-ui:1.6.5'
implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity6'
implementation 'org.springframework.boot:spring-boot-devtools'
implementation 'nz.net.ultraq.thymeleaf:thymeleaf-layout-dialect'
implementation 'org.webjars:bootstrap:5.1.3'
implementation 'org.webjars:jquery:3.6.0'
implementation 'org.webjars:font-awesome:6.1.0'
implementation 'com.h2database:h2:2.1.210'
implementation 'jakarta.validation:jakarta.validation-api:3.0.0'
implementation 'org.hibernate.validator:hibernate-validator:7.0.1.Final'
implementation group: 'org.springdoc', name: 'springdoc-openapi-ui', version: '1.6.5'
testImplementation 'org.springframework.boot:spring-boot-starter-test'
// annotationProcessor "org.springframework.boot:spring-boot-configuration-processor"
// implementation 'org.springframework.boot:spring-boot-starter-web'
// implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
// implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'
// implementation 'org.springframework.boot:spring-boot-starter-security'
// implementation 'com.auth0:java-jwt:4.4.0'
// implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity6'
// implementation 'org.springframework.boot:spring-boot-devtools'
// implementation 'nz.net.ultraq.thymeleaf:thymeleaf-layout-dialect'
// implementation 'org.webjars:bootstrap:5.1.3'
// implementation 'org.webjars:jquery:3.6.0'
// implementation 'org.webjars:font-awesome:6.1.0'
// implementation 'com.h2database:h2:2.1.210'
// implementation 'jakarta.validation:jakarta.validation-api:3.0.0'
// implementation 'org.hibernate.validator:hibernate-validator:7.0.1.Final'
// implementation group: 'org.springdoc', name: 'springdoc-openapi-ui', version: '1.6.5'
// testImplementation 'org.springframework.boot:spring-boot-starter-test'
}
tasks.named('test') {

BIN
data.mv.db Normal file

Binary file not shown.

View File

@ -79,11 +79,6 @@ export default {
editedSong: new Song(),
}
},
beforeCreate() {
if (localStorage.getItem("token") == null) {
this.$router.push("/login");
}
},
methods: {
getSongs(){
axios.get(this.URL + "song")

View File

@ -1,5 +1,12 @@
package ru.ulstu.is.sbapp.configuration;
import com.fasterxml.jackson.databind.ObjectMapper;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.springframework.http.MediaType;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
@ -7,12 +14,7 @@ import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.GenericFilterBean;
import ru.ulstu.is.sbapp.database.service.UserService;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
public class JwtFilter extends GenericFilterBean {

View File

@ -2,15 +2,15 @@ package ru.ulstu.is.sbapp.configuration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import ru.ulstu.is.sbapp.controllers.UserController;
import ru.ulstu.is.sbapp.database.model.Role;
@ -18,17 +18,24 @@ import ru.ulstu.is.sbapp.database.service.UserService;
@Configuration
@EnableWebSecurity
@EnableMethodSecurity(securedEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@EnableMethodSecurity(
securedEnabled = true
)
public class SecurityConfiguration {
private final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class);
private static final String LOGIN_URL = "/login";
public static final String SPA_URL_MASK = "/{path:[^\\.]*}";
private final UserService userService;
private final JwtFilter jwtFilter;
public SecurityConfiguration(UserService userService) {
public SecurityConfiguration(UserService userService)
{
this.userService = userService;
this.jwtFilter = new JwtFilter(userService);
createAdminOnStartup();
}
private void createAdminOnStartup() {
final String admin = "admin";
if (userService.findByLogin(admin) == null) {
@ -36,35 +43,41 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
userService.addUser(admin, admin, admin, Role.ADMIN);
}
}
@Override
protected void configure(HttpSecurity http) throws Exception {
log.info("Creating security configuration");
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.cors()
.and()
.csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/", SPA_URL_MASK).permitAll()
.antMatchers(HttpMethod.POST, UserController.URL_LOGIN).permitAll()
.authorizeHttpRequests()
.requestMatchers("", SPA_URL_MASK).permitAll()
.requestMatchers("/", SPA_URL_MASK).permitAll()
.requestMatchers(HttpMethod.POST, UserController.URL_LOGIN).permitAll()
.requestMatchers(HttpMethod.POST, UserController.URL_SIGN_UP).permitAll()
.requestMatchers(HttpMethod.POST, UserController.URL_WHO_AM_I).permitAll()
.anyRequest()
.authenticated()
.and()
.addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class)
.anonymous();
return http.userDetailsService(userService).build();
}
@Override
protected void configure(AuthenticationManagerBuilder builder) throws Exception {
builder.userDetailsService(userService);
}
@Override
public void configure(WebSecurity web) {
web.ignoring()
.antMatchers(HttpMethod.OPTIONS, "/**")
.antMatchers("/**/*.{js,html,css,png}")
.antMatchers("/swagger-ui/index.html")
.antMatchers("/webjars/**")
.antMatchers("/swagger-resources/**")
.antMatchers("/v3/api-docs/**");
@Bean
public WebSecurityCustomizer webSecurityCustomizer() {
return (web) -> web.ignoring()
.requestMatchers(HttpMethod.OPTIONS, "/**")
.requestMatchers("/*.js")
.requestMatchers("/*.html")
.requestMatchers("/*.css")
.requestMatchers("/assets/**")
.requestMatchers("/favicon.ico")
.requestMatchers("/.js", "/.css")
.requestMatchers("/swagger-ui/index.html")
.requestMatchers("/webjars/**")
.requestMatchers("/swagger-resources/**")
.requestMatchers("/v3/api-docs/**")
.requestMatchers("/h2-console/**");
}
}

View File

@ -1,5 +1,6 @@
package ru.ulstu.is.sbapp.controllers;
import jakarta.validation.Valid;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.*;
import ru.ulstu.is.sbapp.configuration.OpenAPI30Configuration;
@ -7,7 +8,6 @@ import ru.ulstu.is.sbapp.database.model.Artist;
import ru.ulstu.is.sbapp.database.model.Song;
import ru.ulstu.is.sbapp.database.service.AlbumService;
import javax.validation.Valid;
import java.util.List;
import java.util.Map;

View File

@ -1,6 +1,6 @@
package ru.ulstu.is.sbapp.controllers;
import javax.validation.Valid;
import jakarta.validation.Valid;
import org.springframework.web.bind.annotation.*;
import ru.ulstu.is.sbapp.configuration.OpenAPI30Configuration;
import ru.ulstu.is.sbapp.database.service.ArtistService;

View File

@ -1,6 +1,6 @@
package ru.ulstu.is.sbapp.controllers;
import javax.validation.Valid;
import jakarta.validation.Valid;
import org.springframework.web.bind.annotation.*;
import ru.ulstu.is.sbapp.configuration.OpenAPI30Configuration;
import ru.ulstu.is.sbapp.database.service.AlbumService;

View File

@ -1,6 +1,6 @@
package ru.ulstu.is.sbapp.controllers;
import javax.validation.Valid;
import jakarta.validation.Valid;
import org.springframework.security.access.annotation.Secured;
import org.springframework.web.bind.annotation.*;
import ru.ulstu.is.sbapp.database.model.User;

View File

@ -1,5 +1,7 @@
package ru.ulstu.is.sbapp.controllers;
import jakarta.validation.constraints.NotBlank;
import jakarta.validation.constraints.Size;
public class UserSignUpDTO {
private String login;

View File

@ -1,7 +1,7 @@
package ru.ulstu.is.sbapp.database.model;
import com.fasterxml.jackson.annotation.JsonManagedReference;
import javax.persistence.*;
import jakarta.persistence.*;
import java.util.ArrayList;
import java.util.Collections;

View File

@ -1,7 +1,8 @@
package ru.ulstu.is.sbapp.database.model;
import com.fasterxml.jackson.annotation.JsonBackReference;
import javax.persistence.*;
import jakarta.persistence.*;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;

View File

@ -1,8 +1,10 @@
package ru.ulstu.is.sbapp.database.model;
import com.fasterxml.jackson.annotation.JsonBackReference;
import jakarta.persistence.*;
import jakarta.validation.constraints.NotBlank;
import jakarta.validation.constraints.NotNull;
import javax.persistence.*;
import java.util.Objects;
@Entity

View File

@ -1,8 +1,8 @@
package ru.ulstu.is.sbapp.database.model;
import jakarta.persistence.*;
import ru.ulstu.is.sbapp.controllers.UserSignUpDTO;
import javax.persistence.*;
import java.util.Objects;
@Entity

View File

@ -1,6 +1,9 @@
package ru.ulstu.is.sbapp.database.util.validation;
import javax.validation.*;
import jakarta.validation.ConstraintViolation;
import jakarta.validation.Validation;
import jakarta.validation.Validator;
import jakarta.validation.ValidatorFactory;
import org.springframework.stereotype.Component;
import java.util.Set;