Refatorando autenticação: - Corrigido erros em cliente e sistema que estavam logando de maneiras mistas. - Refatorado nome Usuario para cliente

Author: jonatassantoszup

testeSantanderWay/src/main/java/br/com/testesantanderway/TesteSantanderWayApplication.java

@@ -12,12 +12,12 @@
 @EnableSpringDataWebSupport
 @EnableCaching
 public class TesteSantanderWayApplication {
-//	@PostConstruct
-//	void started(){
-//		TimeZone.setDefault(TimeZone.getTimeZone("UTC"));
-//	}
+    @PostConstruct
+    void started() {
+        TimeZone.setDefault(TimeZone.getTimeZone("UTC"));
+    }
 
-	public static void main(String[] args) {
-		SpringApplication.run(TesteSantanderWayApplication.class, args);
-	}
+    public static void main(String[] args) {
+        SpringApplication.run(TesteSantanderWayApplication.class, args);
+    }
 }

testeSantanderWay/src/main/java/br/com/testesantanderway/config/security/AutenticacaoService.java

@@ -1,7 +1,9 @@
 package br.com.testesantanderway.config.security;
 
+import br.com.testesantanderway.modelo.Cliente;
 import br.com.testesantanderway.modelo.Sistema;
 import br.com.testesantanderway.repository.SistemaRepository;
+import br.com.testesantanderway.repository.ClienteRepository;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
@@ -14,14 +16,23 @@
 public class AutenticacaoService implements UserDetailsService {
 
     @Autowired
-    private SistemaRepository repository;
+    private SistemaRepository sistemaRepository;
+
+    @Autowired
+    private ClienteRepository clienteRepository;
 
     @Override
     public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
-        Optional<Sistema> clientePorEmail = repository.findByEmail(username);
+        Optional<Sistema> sistema = sistemaRepository.findByEmail(username);
+
+        if (sistema.isPresent()) {
+            return sistema.get();
+        }
+
+        Optional<Cliente> usuario = clienteRepository.findByEmail(username);
 
-        if (clientePorEmail.isPresent()){
-            return clientePorEmail.get();
+        if (usuario.isPresent()) {
+            return usuario.get();
         }
 
         throw new UsernameNotFoundException("Dados Inválidos");

…y/AutenticacaoSistemaViaTokenFilter.java …security/AutenticacaoViaTokenFilter.javatesteSantanderWay/src/main/java/br/com/testesantanderway/config/security/AutenticacaoSistemaViaTokenFilter.java renamed to testeSantanderWay/src/main/java/br/com/testesantanderway/config/security/AutenticacaoViaTokenFilter.java testeSantanderWay/src/main/java/br/com/testesantanderway/config/security/AutenticacaoSistemaViaTokenFilter.java renamed to testeSantanderWay/src/main/java/br/com/testesantanderway/config/security/AutenticacaoViaTokenFilter.java

@@ -1,64 +1,71 @@
 package br.com.testesantanderway.config.security;
 
+import br.com.testesantanderway.modelo.Cliente;
 import br.com.testesantanderway.modelo.Sistema;
-import br.com.testesantanderway.modelo.Usuario;
 import br.com.testesantanderway.repository.SistemaRepository;
-import br.com.testesantanderway.repository.UsuarioRepository;
-import org.springframework.beans.factory.annotation.Autowired;
+import br.com.testesantanderway.repository.ClienteRepository;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.filter.OncePerRequestFilter;
+
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
-import java.util.Arrays;
+import java.util.Optional;
 
 public class AutenticacaoViaTokenFilter extends OncePerRequestFilter {
 
     private static final String BEARER = "Bearer ";
 
-    @Autowired
     private ServicoDeToken tokenService;
 
-    @Autowired
     private SistemaRepository sistemaRepository;
 
-    @Autowired
-    private UsuarioRepository usuarioRepository;
+    private ClienteRepository clienteRepository;
+
+    public AutenticacaoViaTokenFilter(ServicoDeToken tokenService, SistemaRepository sistemaRepository, ClienteRepository clienteRepository) {
+        this.tokenService = tokenService;
+        this.sistemaRepository = sistemaRepository;
+        this.clienteRepository = clienteRepository;
+    }
 
     @Override
     protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
                                     FilterChain filterChain) throws ServletException, IOException {
         String token = AutenticacaoViaTokenFilter.recuperarToken(request);
-        boolean valido = tokenService.isTokenValido(token);
-        if (valido){
-            autenticarUsuario(token);
+
+        if (token != null && tokenService.isTokenValido(token)) {
+            autenticar(token);
         }
 
         filterChain.doFilter(request, response);
     }
 
-    private void autenticarUsuario(String token) {
-        String codigoUsuario = tokenService.getCodigo(token);
-        Usuario usuario = usuarioRepository.findById(codigoUsuario).get();
-        UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(usuario,
-                null, Arrays.asList(() -> "USUARIO"));
-        SecurityContextHolder.getContext().setAuthentication(authentication);
-    }
+    private void autenticar(String token) {
+        String codigo = tokenService.getCodigo(token);
+
+        UsernamePasswordAuthenticationToken authentication = null;
+        Optional<Sistema> sistema = sistemaRepository.findById(codigo);
+        if(sistema.isPresent()){
+            authentication = new UsernamePasswordAuthenticationToken(sistema,
+                    null, sistema.get().getAuthorities());
+        }else{
+            Optional<Cliente> cliente = clienteRepository.findById(codigo);
+
+            if(cliente.isPresent()){
+                authentication = new UsernamePasswordAuthenticationToken(sistema,
+                        null, cliente.get().getAuthorities());
+            }
+        }
 
-    private void autenticarSistema(String token) {
-        String codigoSistema = tokenService.getCodigo(token);
-        Sistema sistema = sistemaRepository.findById(codigoSistema).get();
-        UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(sistema,
-                null, sistema.getAuthorities());
         SecurityContextHolder.getContext().setAuthentication(authentication);
     }
 
     public static String recuperarToken(HttpServletRequest request) {
         String token = request.getHeader("Authorization");
-        if (token == null || token.isEmpty() || !token.startsWith(BEARER)){
+        if (token == null || token.isEmpty() || !token.startsWith(BEARER)) {
             return null;
         }
 

testeSantanderWay/src/main/java/br/com/testesantanderway/config/security/ConfigSeguranca.java

@@ -1,6 +1,7 @@
 package br.com.testesantanderway.config.security;
 
 import br.com.testesantanderway.repository.SistemaRepository;
+import br.com.testesantanderway.repository.ClienteRepository;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -20,14 +21,19 @@
 public class ConfigSeguranca extends WebSecurityConfigurerAdapter {
     @Autowired
     private AutenticacaoService autenticacaoService;
+
     @Autowired
-    private ServicoDeToken tokenService;
+    private ClienteRepository clienteRepository;
+
     @Autowired
     private SistemaRepository sistemaRepository;
 
+    @Autowired
+    private ServicoDeToken tokenService;
+
     @Override
     @Bean
-    protected AuthenticationManager authenticationManager() throws Exception{
+    protected AuthenticationManager authenticationManager() throws Exception {
         return super.authenticationManager();
     }
 
@@ -41,20 +47,18 @@ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         http.authorizeRequests()
-                .antMatchers(HttpMethod.GET,"/clientes/*").permitAll()
-                .antMatchers(HttpMethod.GET,"/gastos/*").permitAll()
-                .antMatchers(HttpMethod.GET,"/usuarios/*").permitAll()
-                .antMatchers(HttpMethod.POST,"/usuarios/*").permitAll()
-                .antMatchers(HttpMethod.POST,"/auth").permitAll()
-                .antMatchers(HttpMethod.GET,"/actuator/**").permitAll()
+                .antMatchers(HttpMethod.POST, "/auth/**").permitAll()
+                .antMatchers("/user/**").hasAnyAuthority("USUARIO")
+                .antMatchers("/sistema/**").hasAnyAuthority("SISTEMA")
                 .antMatchers(
                         "/v2/api-docs", "/swagger-resources/**", "/swagger-ui.html", "/webjars/**",
                         "/swagger.json")
                 .permitAll()
                 .anyRequest().authenticated()
                 .and().csrf().disable()
                 .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
-                .and().addFilterBefore(new AutenticacaoViaTokenFilter(tokenService, sistemaRepository), UsernamePasswordAuthenticationFilter.class);
+                .and()
+                .addFilterBefore(new AutenticacaoViaTokenFilter(tokenService, sistemaRepository, clienteRepository), UsernamePasswordAuthenticationFilter.class);
     }
 
     //Recursos estáticos(js, css, img, etc.)

testeSantanderWay/src/main/java/br/com/testesantanderway/config/security/ServicoDeToken.java

@@ -1,46 +1,57 @@
 package br.com.testesantanderway.config.security;
 
+import br.com.testesantanderway.modelo.Cliente;
 import br.com.testesantanderway.modelo.Sistema;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.actuate.trace.http.HttpTrace;
 import org.springframework.security.core.Authentication;
 import org.springframework.stereotype.Service;
 
 import java.util.Date;
 
 @Service
 public class ServicoDeToken {
+    public static String USUARIO_TESTE = "12615a2f-92a3-4bfd-a6f3-5a352b65438b";
+
     @Value("${testeSantanderWay.jwt.expiration}")
     private String expiracao;
     @Value("${testeSantanderWay.jwt.secret}")
     private String secret;
 
-    public String gerarToken(Authentication authentication) {
-        Sistema sistemaLogado = (Sistema) authentication.getPrincipal();
+    public String gerarToken(Authentication authentication, String issuer) {
+        Object principal = authentication.getPrincipal();
+        String subject = null;
+        if(principal instanceof Sistema){
+            Sistema sistema = (Sistema) principal;
+            subject = sistema.getCodigo();
+        }else if (principal instanceof Cliente){
+            Cliente cliente = (Cliente) principal;
+            subject = cliente.getCodigo();
+        }
         Date hoje = new Date();
         Date dataExpiracao = new Date(hoje.getTime() + Long.parseLong(expiracao));
 
         return Jwts.builder()
-                .setIssuer("Api teste way")
-                .setSubject(sistemaLogado.getCodigo())
+                .setSubject(subject)
+                .setIssuer(issuer)
                 .setIssuedAt(hoje)
                 .setExpiration(dataExpiracao)
                 .signWith(SignatureAlgorithm.HS256, secret).compact();
     }
 
-    public boolean isTokenValido(String token){
+    public boolean isTokenValido(String token) {
         try {
             Jwts.parser().setSigningKey(this.secret).parseClaimsJws(token);
-
             return true;
-        } catch (Exception e){
+        } catch (Exception e) {
             return false;
         }
     }
 
-    public String getCodigo(String token){
+    public String getCodigo(String token) {
         Claims claims = Jwts.parser().setSigningKey(this.secret).parseClaimsJws(token).getBody();
         return claims.getSubject();
     }

testeSantanderWay/src/main/java/br/com/testesantanderway/controller/AuthController.java

@@ -19,17 +19,30 @@
 public class AuthController {
     @Autowired
     private AuthenticationManager authManager;
+
     @Autowired
     private ServicoDeToken servicoDeToken;
 
+    @PostMapping("sistema/login")
+    public ResponseEntity<TokenDTO> sistemaLogin(@RequestBody AuthForm form) {
+        UsernamePasswordAuthenticationToken dadosLogin = form.ciarAutenticacaoSistema();
+        try {
+            Authentication authentication = authManager.authenticate(dadosLogin);
+            String token = servicoDeToken.gerarToken(authentication, "SISTEMA");
+            return ResponseEntity.ok(new TokenDTO(token, "Bearer"));
+        } catch (AuthenticationException e) {
+            return ResponseEntity.badRequest().build();
+        }
+    }
+
     @PostMapping
-    public ResponseEntity<TokenDTO> login(@RequestBody AuthForm form){
-        UsernamePasswordAuthenticationToken dadosLogin = form.converter();
+    public ResponseEntity<TokenDTO> login(@RequestBody AuthForm form) {
+        UsernamePasswordAuthenticationToken dadosLogin = form.ciarAutenticacaoUsuario();
         try {
             Authentication authentication = authManager.authenticate(dadosLogin);
-            String token = servicoDeToken.gerarToken(authentication);
+            String token = servicoDeToken.gerarToken(authentication, "USUARIO");
             return ResponseEntity.ok(new TokenDTO(token, "Bearer"));
-        } catch (AuthenticationException e){
+        } catch (AuthenticationException e) {
             return ResponseEntity.badRequest().build();
         }
     }

testeSantanderWay/src/main/java/br/com/testesantanderway/controller/GastoController.java

@@ -29,15 +29,15 @@ public class GastoController {
     private GastoService gastoService;
 
     //TODO permitir apenas USUARIO listar gastos
-    @GetMapping
+    @GetMapping("user/gasto")
     public ResponseEntity<List<GastoDTO>> listar(HttpServletRequest request) {
         String codigoUsuario = servicoDeToken.getCodigo(AutenticacaoViaTokenFilter.recuperarToken(request));
         List<Gasto> gastos = gastoService.listarGastosMaisRecentes(codigoUsuario);
         return ResponseEntity.ok(GastoDTO.converter(gastos));
     }
 
     //TODO permitir apenas SISTEMA lançar gasto
-    @PutMapping
+    @PutMapping("sistema/gasto")
     public ResponseEntity lancar(HttpServletRequest request, @RequestBody GastoForm form) {
         Gasto gasto = form.converter(servicoDeToken.getCodigo(AutenticacaoViaTokenFilter.recuperarToken(request)));
         gastoService.lancar(gasto);
@@ -46,16 +46,16 @@ public ResponseEntity lancar(HttpServletRequest request, @RequestBody GastoForm
 
     //TODO permitir apenas USUARIO listar gastos
     @Cacheable("gastoUsuario")
-    @GetMapping("/{dataCriacao}")
+    @GetMapping("user/gasto/{dataCriacao}")
     public Page<GastoDTO> filtro(HttpServletRequest request,
-                                 @PathVariable LocalDate dataCriacao,
+                                 @PathVariable String dataCriacao,
                                  @PageableDefault(sort = "dataCriacao", direction = Sort.Direction.DESC) Pageable paginacao) {
         String codigoUsuario = servicoDeToken.getCodigo(AutenticacaoViaTokenFilter.recuperarToken(request));
-        return GastoDTO.converter(gastoService.encontrarGastosDoDia(codigoUsuario, dataCriacao, paginacao));
+        return GastoDTO.converter(gastoService.encontrarGastosDoDia(codigoUsuario, LocalDate.parse(dataCriacao), paginacao));
     }
 
     //TODO permitir apenas USUARIO categorizar gasto
-    @PutMapping("categorizar")
+    @PutMapping("user/gasto/categorizar")
     public ResponseEntity categorizar(@RequestBody Gasto gasto) {
         gastoService.categorizarGasto(gasto);
         return ResponseEntity.ok().build();

testeSantanderWay/src/main/java/br/com/testesantanderway/controller/form/AuthForm.java

@@ -2,6 +2,8 @@
 
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 
+import java.util.Arrays;
+
 public class AuthForm {
     private String email;
     private String senha;
@@ -22,7 +24,11 @@ public void setSenha(String senha) {
         this.senha = senha;
     }
 
-    public UsernamePasswordAuthenticationToken converter() {
-        return new UsernamePasswordAuthenticationToken(email, senha);
+    public UsernamePasswordAuthenticationToken ciarAutenticacaoUsuario() {
+        return new UsernamePasswordAuthenticationToken(email, senha, Arrays.asList(() -> "USUARIO"));
+    }
+
+    public UsernamePasswordAuthenticationToken ciarAutenticacaoSistema() {
+        return new UsernamePasswordAuthenticationToken(email, senha, Arrays.asList(() -> "SISTEMA"));
     }
 }