Merge pull request kaakaww#25 from kaakaww/feature/SCAN-300/add-multi-tenancy

Feature/scan 300/add multi tenancy

Author: d-co-white

src/main/java/hawk/Application.java

@@ -3,6 +3,7 @@
 import java.util.Arrays;
 import java.util.stream.Stream;
 
+import hawk.context.TenantContext;
 import hawk.entity.Item;
 import hawk.entity.User;
 import hawk.repos.ItemRepo;
@@ -60,13 +61,22 @@ public CommandLineRunner commandLineRunner(ApplicationContext ctx, ItemRepo repo
             if (userRepo.count() == 0) {
                 userRepo.findAll().forEach(item -> System.out.println(String.format("item: %s", item.getName())));
 
+                TenantContext.setCurrentTenant("1234567");
                 Stream.of(1, 2, 3).forEach(i -> {
+                    System.out.println(String.format("Adding user%d", i));
+                    userRepo.save(new User(String.format("user%d", i), String.format("we have the best users, users%d", i), "1234567"));
+                });
+                userRepo.save(new User("user", "The auth user", "1234567"));
+
+                TenantContext.setCurrentTenant("12345678");
+                Stream.of(4, 5, 6).forEach(i -> {
                     System.out.println(String.format("Adding item%d", i));
-                    userRepo.save(new User(String.format("user%d", i), String.format("we have the best users, users%d", i)));
+                    userRepo.save(new User(String.format("user%d", i), String.format("we have the best users, users%d", i), "12345678"));
                 });
 
+
                 System.out.println(String.format("Items in DB %d", userRepo.count()));
-                userRepo.findAll().forEach(item -> System.out.println(String.format("item: %s", item.getName())));
+                userRepo.findAll().forEach(item -> System.out.println(String.format("user: %s", item.getName())));
             }
 
         };

src/main/java/hawk/Config.java

@@ -1,6 +1,7 @@
 package hawk;
 
 import hawk.service.SearchService;
+import hawk.service.UserSearchService;
 import hawk.service.UserService;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -10,12 +11,13 @@
 @Configuration
 @EnableJpaRepositories
 public class Config implements WebMvcConfigurer {
-
     @Bean
     public SearchService searchService(){
         return new SearchService();
     }
     @Bean
+    public UserSearchService userSearchService() { return new UserSearchService(); }
+    @Bean
     public UserService userService() { return new UserService(); }
 
 }

src/main/java/hawk/api/AuthenticationRequest.java

@@ -15,4 +15,5 @@ public class AuthenticationRequest implements Serializable {
     private static final long serialVersionUID = -6986746375915710855L;
     private String username;
     private String password;
+    private String tenant;
 }

src/main/java/hawk/api/jwt/JwtAuthController.java

@@ -1,6 +1,7 @@
 package hawk.api.jwt;
 
 import hawk.api.AuthenticationRequest;
+import hawk.repos.UserRepo;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.authentication.AuthenticationManager;
@@ -27,12 +28,15 @@ public class JwtAuthController {
     private final AuthenticationManager authenticationManager;
     private final JwtTokenProvider jwtTokenProvider;
     private final UserDetailsService userDetailsService;
+    private final UserRepo userRepo;
 
     @Autowired
-    public JwtAuthController(AuthenticationManager authenticationManager, JwtTokenProvider jwtTokenProvider, UserDetailsService userDetailsService) {
+    public JwtAuthController(AuthenticationManager authenticationManager, JwtTokenProvider jwtTokenProvider, UserDetailsService userDetailsService,
+                             UserRepo userRepo) {
         this.authenticationManager = authenticationManager;
         this.jwtTokenProvider = jwtTokenProvider;
         this.userDetailsService = userDetailsService;
+        this.userRepo = userRepo;
     }
 
     @PostMapping("/signin")
@@ -44,8 +48,11 @@ public ResponseEntity signin(@RequestBody AuthenticationRequest data) {
             if (null == userDetails) {
                 throw new UsernameNotFoundException("username");
             }
+
+            String tenantId = this.userRepo.findByName(username).getTenantId();
             String token = jwtTokenProvider.createToken(username,
-                    userDetails.getAuthorities().stream().map(auth -> ((GrantedAuthority) auth).toString()).collect(Collectors.toList()));
+                    userDetails.getAuthorities().stream().map(auth -> ((GrantedAuthority) auth).toString()).collect(Collectors.toList()),
+                    tenantId);
             Map<Object, Object> model = new HashMap<>();
             model.put("username", username);
             model.put("token", token);

src/main/java/hawk/api/jwt/JwtFilter.java

@@ -1,6 +1,7 @@
 package hawk.api.jwt;
 
 import hawk.api.jwt.JwtTokenProvider;
+import hawk.context.TenantContext;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.filter.GenericFilterBean;
@@ -28,6 +29,7 @@ public void doFilter(ServletRequest req, ServletResponse res, FilterChain filter
         if (token != null && jwtTokenProvider.validateToken(token)) {
             Authentication auth = token != null ? jwtTokenProvider.getAuthentication(token) : null;
             SecurityContextHolder.getContext().setAuthentication(auth);
+            TenantContext.setCurrentTenant(jwtTokenProvider.getTenantId(token));
         }
 
         filterChain.doFilter(req, res);

src/main/java/hawk/api/jwt/JwtTokenProvider.java

@@ -36,9 +36,10 @@ protected void init() {
         secretKey = Base64.getEncoder().encodeToString(secretKey.getBytes());
     }
 
-    public String createToken(String username, List<String> roles) {
+    public String createToken(String username, List<String> roles, String companyId) {
         Claims claims = Jwts.claims().setSubject(username);
         claims.put("roles", roles);
+        claims.put("tenantId", companyId);
         Date now = new Date();
         Date validity = new Date(now.getTime() + validityInMilliseconds);
         return Jwts.builder()//
@@ -58,6 +59,10 @@ private String getUsername(String token) {
         return Jwts.parser().setSigningKey(secretKey).parseClaimsJws(token).getBody().getSubject();
     }
 
+    public String getTenantId(String token) {
+        return Jwts.parser().setSigningKey(secretKey).parseClaimsJws(token).getBody().get("tenantId", String.class);
+    }
+
     public String resolveToken(HttpServletRequest req) {
         String bearerToken = req.getHeader("Authorization");
         if (bearerToken != null && bearerToken.startsWith("Bearer ")) {

src/main/java/hawk/api/jwt/JwtUserController.java

@@ -1,7 +1,8 @@
 package hawk.api.jwt;
 
+import hawk.entity.User;
 import hawk.form.Search;
-import hawk.service.SearchService;
+import hawk.service.UserSearchService;
 import hawk.service.UserService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
@@ -10,26 +11,37 @@
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
+import java.util.ArrayList;
+import java.util.List;
+
 @RestController
 @RequestMapping("/api/jwt/users")
 public class JwtUserController {
 
     private final UserService userService;
+    private final UserSearchService userSearchService;
 
     @Autowired
-    public JwtUserController(UserService userService) {
+    public JwtUserController(UserService userService, UserSearchService userSearchService) {
         this.userService = userService;
+        this.userSearchService = userSearchService;
     }
 
     @GetMapping("/search/")
     public ResponseEntity searchAll() {
         Search search = new Search("");
-        return ResponseEntity.ok(userService.search(search));
+        return ResponseEntity.ok(this.userService.findUsersByName(""));
     }
 
     @GetMapping("/search/{text}")
     public ResponseEntity search(@PathVariable("text") String text) {
         Search search = new Search(text);
-        return ResponseEntity.ok(userService.search(search));
+        return ResponseEntity.ok(this.userService.findUsersByName(search.getSearchText()));
+    }
+
+    @GetMapping("/search/bad/{text}")
+    public ResponseEntity searchCrappy(@PathVariable("text") String text) {
+        Search search = new Search(text);
+        return ResponseEntity.ok(this.userSearchService.search(search));
     }
 }

src/main/java/hawk/aspect/UserServiceAspect.java

@@ -0,0 +1,20 @@
+package hawk.aspect;
+
+import hawk.context.TenantContext;
+import org.aspectj.lang.JoinPoint;
+import org.aspectj.lang.annotation.Aspect;
+import org.aspectj.lang.annotation.Before;
+import org.hibernate.Session;
+import org.springframework.stereotype.Component;
+import hawk.service.UserService;
+
+@Aspect
+@Component
+public class UserServiceAspect {
+    @Before("execution(* hawk.service.UserService.*(..))&& target(userService) ")
+    public void aroundExecution(JoinPoint pjp, UserService userService) throws Throwable {
+        org.hibernate.Filter filter = userService.entityManager.unwrap(Session.class).enableFilter("tenantFilter");
+        filter.setParameter("tenantId", TenantContext.getCurrentTenant());
+        filter.validate();
+    }
+}

src/main/java/hawk/context/TenantContext.java

@@ -0,0 +1,17 @@
+package hawk.context;
+
+public class TenantContext {
+    private static ThreadLocal<String> currentTenant = new InheritableThreadLocal<>();
+
+    public static String getCurrentTenant() {
+        return currentTenant.get();
+    }
+
+    public static void setCurrentTenant(String tenant) {
+        currentTenant.set(tenant);
+    }
+
+    public static void clear() {
+        currentTenant.set(null);
+    }
+}

src/main/java/hawk/controller/AdminController.java

@@ -1,9 +1,8 @@
 package hawk.controller;
 
-import hawk.entity.Item;
+import hawk.entity.User;
 import hawk.form.Search;
-import hawk.service.SearchService;
-import hawk.service.UserService;
+import hawk.service.UserSearchService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
@@ -16,7 +15,7 @@
 @Controller
 public class AdminController {
     @Autowired
-    UserService userService;
+    UserSearchService userSearchService;
 
     @GetMapping("/admin")
     public String index(Model model) {
@@ -45,7 +44,7 @@ public String searchForm(Model model) {
 
     @PostMapping( "/admin/search")
     public String searchSubmit(@ModelAttribute Search search, Model model) {
-        List<Item> users = userService.search(search);
+        List<User> users = userSearchService.search(search);
         model.addAttribute("users", users);
         model.addAttribute("search", search);
         model.addAttribute("title", "User Search");