From 437cd3480408555f044f53795f25eea0c41b866b Mon Sep 17 00:00:00 2001 From: chanhengseang Date: Sun, 6 Apr 2025 15:54:36 -0700 Subject: [PATCH 1/3] update to java17 --- pom.xml | 54 +++++---- .../murraco/configuration/SwaggerConfig.java | 75 ------------- .../murraco/controller/UserController.java | 83 +++++++------- src/main/java/murraco/dto/UserDataDTO.java | 12 +- .../java/murraco/dto/UserResponseDTO.java | 10 +- .../murraco/exception/CustomException.java | 3 + .../GlobalExceptionHandlerController.java | 2 +- src/main/java/murraco/model/AppUser.java | 16 +-- .../murraco/repository/UserRepository.java | 2 +- .../java/murraco/security/JwtTokenFilter.java | 27 ++--- .../security/JwtTokenFilterConfigurer.java | 2 +- .../murraco/security/JwtTokenProvider.java | 4 +- .../murraco/security/WebSecurityConfig.java | 103 ++++++++---------- .../java/murraco/service/UserService.java | 2 +- 14 files changed, 152 insertions(+), 243 deletions(-) delete mode 100644 src/main/java/murraco/configuration/SwaggerConfig.java diff --git a/pom.xml b/pom.xml index f59034e..7c52aad 100644 --- a/pom.xml +++ b/pom.xml @@ -12,25 +12,23 @@ UTF-8 UTF-8 - 1.8 + 17 murraco.JwtAuthServiceApp org.springframework.boot spring-boot-starter-parent - 2.5.4 + 3.4.4 - org.springframework.boot spring-boot-starter-web - org.springframework.boot spring-boot-starter-data-jpa @@ -40,32 +38,30 @@ spring-boot-starter-validation - org.springframework.boot spring-boot-starter-security - org.springframework.security spring-security-test test - org.springframework.boot spring-boot-devtools true + - - mysql - mysql-connector-java + com.mysql + mysql-connector-j + 8.2.0 + + + com.h2database + h2 + runtime - - com.h2database - h2 - runtime - org.projectlombok @@ -74,29 +70,31 @@ provided - - io.springfox - springfox-swagger2 - 2.9.2 - - - - io.springfox - springfox-swagger-ui - 2.10.0 + org.springdoc + springdoc-openapi-starter-webmvc-api + 2.8.6 + - io.jsonwebtoken jjwt 0.9.1 - org.modelmapper modelmapper 2.4.4 + + javax.xml.bind + jaxb-api + 2.3.1 + + + org.glassfish.jaxb + jaxb-runtime + 2.3.3 + @@ -108,4 +106,4 @@ - + \ No newline at end of file diff --git a/src/main/java/murraco/configuration/SwaggerConfig.java b/src/main/java/murraco/configuration/SwaggerConfig.java deleted file mode 100644 index 16e753a..0000000 --- a/src/main/java/murraco/configuration/SwaggerConfig.java +++ /dev/null @@ -1,75 +0,0 @@ -package murraco.configuration; - -import java.util.Arrays; -import java.util.Collections; -import java.util.List; -import java.util.Optional; - -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; - -import com.google.common.base.Predicates; - -import springfox.documentation.builders.ApiInfoBuilder; -import springfox.documentation.builders.PathSelectors; -import springfox.documentation.builders.RequestHandlerSelectors; -import springfox.documentation.service.ApiInfo; -import springfox.documentation.service.ApiKey; -import springfox.documentation.service.AuthorizationScope; -import springfox.documentation.service.Contact; -import springfox.documentation.service.SecurityReference; -import springfox.documentation.service.Tag; -import springfox.documentation.spi.DocumentationType; -import springfox.documentation.spi.service.contexts.SecurityContext; -import springfox.documentation.spring.web.plugins.Docket; -import springfox.documentation.swagger2.annotations.EnableSwagger2; - -@Configuration -@EnableSwagger2 -public class SwaggerConfig { - - @Bean - public Docket api() { - return new Docket(DocumentationType.SWAGGER_2)// - .select()// - .apis(RequestHandlerSelectors.any())// - .paths(Predicates.not(PathSelectors.regex("/error")))// - .build()// - .apiInfo(metadata())// - .useDefaultResponseMessages(false)// - .securitySchemes(Collections.singletonList(apiKey())) - .securityContexts(Collections.singletonList(securityContext())) - .tags(new Tag("users", "Operations about users"))// - .genericModelSubstitutes(Optional.class); - - } - - private ApiInfo metadata() { - return new ApiInfoBuilder()// - .title("JSON Web Token Authentication API")// - .description("This is a sample JWT authentication service. You can find out more about JWT at [https://jwt.io/](https://jwt.io/). For this sample, you can use the `admin` or `client` users (password: admin and client respectively) to test the authorization filters. Once you have successfully logged in and obtained the token, you should click on the right top button `Authorize` and introduce it with the prefix \"Bearer \".")// - .version("1.0.0")// - .license("MIT License").licenseUrl("http://opensource.org/licenses/MIT")// - .contact(new Contact(null, null, "mauriurraco@gmail.com"))// - .build(); - } - - private ApiKey apiKey() { - return new ApiKey("Authorization", "Authorization", "header"); - } - - private SecurityContext securityContext() { - return SecurityContext.builder() - .securityReferences(defaultAuth()) - .forPaths(PathSelectors.any()) - .build(); - } - - private List defaultAuth() { - AuthorizationScope authorizationScope = new AuthorizationScope("global", "accessEverything"); - AuthorizationScope[] authorizationScopes = new AuthorizationScope[1]; - authorizationScopes[0] = authorizationScope; - return Arrays.asList(new SecurityReference("Authorization", authorizationScopes)); - } - -} diff --git a/src/main/java/murraco/controller/UserController.java b/src/main/java/murraco/controller/UserController.java index e4f60b4..879a094 100644 --- a/src/main/java/murraco/controller/UserController.java +++ b/src/main/java/murraco/controller/UserController.java @@ -1,6 +1,12 @@ package murraco.controller; +import io.swagger.v3.oas.annotations.Operation; +import io.swagger.v3.oas.annotations.responses.ApiResponse; +import io.swagger.v3.oas.annotations.responses.ApiResponses; +import io.swagger.v3.oas.annotations.security.SecurityRequirement; +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.tags.Tag; -import javax.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletRequest; import lombok.RequiredArgsConstructor; import murraco.model.AppUser; @@ -15,19 +21,13 @@ import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RestController; -import io.swagger.annotations.Api; -import io.swagger.annotations.ApiOperation; -import io.swagger.annotations.ApiParam; -import io.swagger.annotations.ApiResponse; -import io.swagger.annotations.ApiResponses; -import io.swagger.annotations.Authorization; import murraco.dto.UserDataDTO; import murraco.dto.UserResponseDTO; import murraco.service.UserService; @RestController @RequestMapping("/users") -@Api(tags = "users") +@Tag(name = "users") @RequiredArgsConstructor public class UserController { @@ -35,58 +35,61 @@ public class UserController { private final ModelMapper modelMapper; @PostMapping("/signin") - @ApiOperation(value = "${UserController.signin}") - @ApiResponses(value = {// - @ApiResponse(code = 400, message = "Something went wrong"), // - @ApiResponse(code = 422, message = "Invalid username/password supplied")}) - public String login(// - @ApiParam("Username") @RequestParam String username, // - @ApiParam("Password") @RequestParam String password) { + @Operation(summary = "${UserController.signin}") + @ApiResponses(value = { + @ApiResponse(responseCode = "400", description = "Something went wrong"), + @ApiResponse(responseCode = "422", description = "Invalid username/password supplied") + }) + public String login( + @Parameter(description = "Username") @RequestParam String username, + @Parameter(description = "Password") @RequestParam String password) { return userService.signin(username, password); } @PostMapping("/signup") - @ApiOperation(value = "${UserController.signup}") - @ApiResponses(value = {// - @ApiResponse(code = 400, message = "Something went wrong"), // - @ApiResponse(code = 403, message = "Access denied"), // - @ApiResponse(code = 422, message = "Username is already in use")}) - public String signup(@ApiParam("Signup User") @RequestBody UserDataDTO user) { + @Operation(summary = "${UserController.signup}") + @ApiResponses(value = { + @ApiResponse(responseCode = "400", description = "Something went wrong"), + @ApiResponse(responseCode = "403", description = "Access denied"), + @ApiResponse(responseCode = "422", description = "Username is already in use") + }) + public String signup(@Parameter(description = "Signup User") @RequestBody UserDataDTO user) { return userService.signup(modelMapper.map(user, AppUser.class)); } @DeleteMapping(value = "/{username}") @PreAuthorize("hasRole('ROLE_ADMIN')") - @ApiOperation(value = "${UserController.delete}", authorizations = { @Authorization(value="apiKey") }) - @ApiResponses(value = {// - @ApiResponse(code = 400, message = "Something went wrong"), // - @ApiResponse(code = 403, message = "Access denied"), // - @ApiResponse(code = 404, message = "The user doesn't exist"), // - @ApiResponse(code = 500, message = "Expired or invalid JWT token")}) - public String delete(@ApiParam("Username") @PathVariable String username) { + @Operation(summary = "${UserController.delete}", security = @SecurityRequirement(name = "apiKey")) + @ApiResponses(value = { + @ApiResponse(responseCode = "400", description = "Something went wrong"), + @ApiResponse(responseCode = "403", description = "Access denied"), + @ApiResponse(responseCode = "404", description = "The user doesn't exist"), + @ApiResponse(responseCode = "500", description = "Expired or invalid JWT token") + }) + public String delete(@Parameter(description = "Username") @PathVariable String username) { userService.delete(username); return username; } @GetMapping(value = "/{username}") @PreAuthorize("hasRole('ROLE_ADMIN')") - @ApiOperation(value = "${UserController.search}", response = UserResponseDTO.class, authorizations = { @Authorization(value="apiKey") }) - @ApiResponses(value = {// - @ApiResponse(code = 400, message = "Something went wrong"), // - @ApiResponse(code = 403, message = "Access denied"), // - @ApiResponse(code = 404, message = "The user doesn't exist"), // - @ApiResponse(code = 500, message = "Expired or invalid JWT token")}) - public UserResponseDTO search(@ApiParam("Username") @PathVariable String username) { + @Operation(summary = "${UserController.search}", responses = { + @ApiResponse(responseCode = "400", description = "Something went wrong"), + @ApiResponse(responseCode = "403", description = "Access denied"), + @ApiResponse(responseCode = "404", description = "The user doesn't exist"), + @ApiResponse(responseCode = "500", description = "Expired or invalid JWT token") + }, security = @SecurityRequirement(name = "apiKey")) + public UserResponseDTO search(@Parameter(description = "Username") @PathVariable String username) { return modelMapper.map(userService.search(username), UserResponseDTO.class); } @GetMapping(value = "/me") @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_CLIENT')") - @ApiOperation(value = "${UserController.me}", response = UserResponseDTO.class, authorizations = { @Authorization(value="apiKey") }) - @ApiResponses(value = {// - @ApiResponse(code = 400, message = "Something went wrong"), // - @ApiResponse(code = 403, message = "Access denied"), // - @ApiResponse(code = 500, message = "Expired or invalid JWT token")}) + @Operation(summary = "${UserController.me}", responses = { + @ApiResponse(responseCode = "400", description = "Something went wrong"), + @ApiResponse(responseCode = "403", description = "Access denied"), + @ApiResponse(responseCode = "500", description = "Expired or invalid JWT token") + }, security = @SecurityRequirement(name = "apiKey")) public UserResponseDTO whoami(HttpServletRequest req) { return modelMapper.map(userService.whoami(req), UserResponseDTO.class); } diff --git a/src/main/java/murraco/dto/UserDataDTO.java b/src/main/java/murraco/dto/UserDataDTO.java index e7b94f1..5680e03 100644 --- a/src/main/java/murraco/dto/UserDataDTO.java +++ b/src/main/java/murraco/dto/UserDataDTO.java @@ -2,7 +2,7 @@ import java.util.List; -import io.swagger.annotations.ApiModelProperty; +import io.swagger.v3.oas.annotations.media.Schema; import lombok.Data; import lombok.NoArgsConstructor; import murraco.model.AppUserRole; @@ -10,14 +10,14 @@ @Data @NoArgsConstructor public class UserDataDTO { - - @ApiModelProperty(position = 0) + + @Schema(description = "Username") private String username; - @ApiModelProperty(position = 1) + @Schema(description = "Email") private String email; - @ApiModelProperty(position = 2) + @Schema(description = "Password") private String password; - @ApiModelProperty(position = 3) + @Schema(description = "User roles") List appUserRoles; } diff --git a/src/main/java/murraco/dto/UserResponseDTO.java b/src/main/java/murraco/dto/UserResponseDTO.java index d6e71b1..bc254a7 100644 --- a/src/main/java/murraco/dto/UserResponseDTO.java +++ b/src/main/java/murraco/dto/UserResponseDTO.java @@ -2,20 +2,20 @@ import java.util.List; -import io.swagger.annotations.ApiModelProperty; +import io.swagger.v3.oas.annotations.media.Schema; import lombok.Data; import murraco.model.AppUserRole; @Data public class UserResponseDTO { - @ApiModelProperty(position = 0) + @Schema(description = "user id") private Integer id; - @ApiModelProperty(position = 1) + @Schema(description = "user name") private String username; - @ApiModelProperty(position = 2) + @Schema(description = "user email") private String email; - @ApiModelProperty(position = 3) + @Schema(description = "user roles") List appUserRoles; } diff --git a/src/main/java/murraco/exception/CustomException.java b/src/main/java/murraco/exception/CustomException.java index fb70182..f9ed299 100644 --- a/src/main/java/murraco/exception/CustomException.java +++ b/src/main/java/murraco/exception/CustomException.java @@ -2,8 +2,11 @@ import org.springframework.http.HttpStatus; +import java.io.Serial; + public class CustomException extends RuntimeException { + @Serial private static final long serialVersionUID = 1L; private final String message; diff --git a/src/main/java/murraco/exception/GlobalExceptionHandlerController.java b/src/main/java/murraco/exception/GlobalExceptionHandlerController.java index b0d6fd1..987fd7a 100644 --- a/src/main/java/murraco/exception/GlobalExceptionHandlerController.java +++ b/src/main/java/murraco/exception/GlobalExceptionHandlerController.java @@ -3,7 +3,7 @@ import java.io.IOException; import java.util.Map; -import javax.servlet.http.HttpServletResponse; +import jakarta.servlet.http.HttpServletResponse; import org.springframework.boot.web.error.ErrorAttributeOptions; import org.springframework.boot.web.servlet.error.DefaultErrorAttributes; diff --git a/src/main/java/murraco/model/AppUser.java b/src/main/java/murraco/model/AppUser.java index 2fa7b73..6a96b68 100644 --- a/src/main/java/murraco/model/AppUser.java +++ b/src/main/java/murraco/model/AppUser.java @@ -5,14 +5,14 @@ import java.util.List; -import javax.persistence.Column; -import javax.persistence.ElementCollection; -import javax.persistence.Entity; -import javax.persistence.FetchType; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.validation.constraints.Size; +import jakarta.persistence.Column; +import jakarta.persistence.ElementCollection; +import jakarta.persistence.Entity; +import jakarta.persistence.FetchType; +import jakarta.persistence.GeneratedValue; +import jakarta.persistence.GenerationType; +import jakarta.persistence.Id; +import jakarta.validation.constraints.Size; @Entity @Data // Create getters and setters diff --git a/src/main/java/murraco/repository/UserRepository.java b/src/main/java/murraco/repository/UserRepository.java index f1ead55..33b8c85 100644 --- a/src/main/java/murraco/repository/UserRepository.java +++ b/src/main/java/murraco/repository/UserRepository.java @@ -1,6 +1,6 @@ package murraco.repository; -import javax.transaction.Transactional; +import org.springframework.transaction.annotation.Transactional; import org.springframework.data.jpa.repository.JpaRepository; diff --git a/src/main/java/murraco/security/JwtTokenFilter.java b/src/main/java/murraco/security/JwtTokenFilter.java index 47728c0..3bab59c 100644 --- a/src/main/java/murraco/security/JwtTokenFilter.java +++ b/src/main/java/murraco/security/JwtTokenFilter.java @@ -1,32 +1,29 @@ package murraco.security; -import java.io.IOException; - -import javax.servlet.FilterChain; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - +import jakarta.servlet.FilterChain; +import jakarta.servlet.ServletException; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; +import murraco.exception.CustomException; +import org.springframework.lang.NonNull; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.web.filter.GenericFilterBean; - -import murraco.exception.CustomException; import org.springframework.web.filter.OncePerRequestFilter; -// We should use OncePerRequestFilter since we are doing a database call, there is no point in doing this more than once +import java.io.IOException; + public class JwtTokenFilter extends OncePerRequestFilter { - private JwtTokenProvider jwtTokenProvider; + private final JwtTokenProvider jwtTokenProvider; public JwtTokenFilter(JwtTokenProvider jwtTokenProvider) { this.jwtTokenProvider = jwtTokenProvider; } @Override - protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException { + protected void doFilterInternal(@NonNull HttpServletRequest httpServletRequest, + @NonNull HttpServletResponse httpServletResponse, + @NonNull FilterChain filterChain) throws ServletException, IOException { String token = jwtTokenProvider.resolveToken(httpServletRequest); try { if (token != null && jwtTokenProvider.validateToken(token)) { diff --git a/src/main/java/murraco/security/JwtTokenFilterConfigurer.java b/src/main/java/murraco/security/JwtTokenFilterConfigurer.java index a3c5f2f..49750c3 100644 --- a/src/main/java/murraco/security/JwtTokenFilterConfigurer.java +++ b/src/main/java/murraco/security/JwtTokenFilterConfigurer.java @@ -7,7 +7,7 @@ public class JwtTokenFilterConfigurer extends SecurityConfigurerAdapter { - private JwtTokenProvider jwtTokenProvider; + private final JwtTokenProvider jwtTokenProvider; public JwtTokenFilterConfigurer(JwtTokenProvider jwtTokenProvider) { this.jwtTokenProvider = jwtTokenProvider; diff --git a/src/main/java/murraco/security/JwtTokenProvider.java b/src/main/java/murraco/security/JwtTokenProvider.java index 7b6970c..e56bcc3 100644 --- a/src/main/java/murraco/security/JwtTokenProvider.java +++ b/src/main/java/murraco/security/JwtTokenProvider.java @@ -6,8 +6,8 @@ import java.util.Objects; import java.util.stream.Collectors; -import javax.annotation.PostConstruct; -import javax.servlet.http.HttpServletRequest; +import jakarta.annotation.PostConstruct; +import jakarta.servlet.http.HttpServletRequest; import murraco.model.AppUserRole; import org.springframework.beans.factory.annotation.Autowired; diff --git a/src/main/java/murraco/security/WebSecurityConfig.java b/src/main/java/murraco/security/WebSecurityConfig.java index b971811..8edb31e 100644 --- a/src/main/java/murraco/security/WebSecurityConfig.java +++ b/src/main/java/murraco/security/WebSecurityConfig.java @@ -1,79 +1,62 @@ package murraco.security; import lombok.RequiredArgsConstructor; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.web.SecurityFilterChain; @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) @RequiredArgsConstructor -public class WebSecurityConfig extends WebSecurityConfigurerAdapter { - - private final JwtTokenProvider jwtTokenProvider; - - @Override - protected void configure(HttpSecurity http) throws Exception { - - // Disable CSRF (cross site request forgery) - http.csrf().disable(); - - // No session will be created or used by spring security - http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); - - // Entry points - http.authorizeRequests()// - .antMatchers("/users/signin").permitAll()// - .antMatchers("/users/signup").permitAll()// - .antMatchers("/h2-console/**/**").permitAll() - // Disallow everything else.. - .anyRequest().authenticated(); - - // If a user try to access a resource without having enough permissions - http.exceptionHandling().accessDeniedPage("/login"); - - // Apply JWT - http.apply(new JwtTokenFilterConfigurer(jwtTokenProvider)); - - // Optional, if you want to test the API from a browser - // http.httpBasic(); - } - - @Override - public void configure(WebSecurity web) throws Exception { - // Allow swagger to be accessed without authentication - web.ignoring().antMatchers("/v2/api-docs")// - .antMatchers("/swagger-resources/**")// - .antMatchers("/swagger-ui.html")// - .antMatchers("/configuration/**")// - .antMatchers("/webjars/**")// - .antMatchers("/public") - - // Un-secure H2 Database (for testing purposes, H2 console shouldn't be unprotected in production) - .and() - .ignoring() - .antMatchers("/h2-console/**/**");; - } - - @Bean - public PasswordEncoder passwordEncoder() { - return new BCryptPasswordEncoder(12); - } - - @Override - @Bean - public AuthenticationManager authenticationManagerBean() throws Exception { - return super.authenticationManagerBean(); - } +public class WebSecurityConfig { + + private final JwtTokenProvider jwtTokenProvider; + + @Bean + public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { + http.csrf().disable() + .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) + .and() + .authorizeHttpRequests(authz -> authz + .requestMatchers("/users/signin", "/users/signup", "/h2-console/**/**").permitAll() + .anyRequest().authenticated() + ) + .exceptionHandling().accessDeniedPage("/login") + .and() + .apply(new JwtTokenFilterConfigurer(jwtTokenProvider)); + return http.build(); + } + + @Bean + public WebSecurityCustomizer webSecurityCustomizer() { + return web -> web.ignoring() + .requestMatchers("/v3/api-docs", + "/swagger-resources/**", + "/swagger-ui.html", + "/configuration/**", + "/webjars/**", + "/public", + "/h2-console/**"); + } + + @Bean + public PasswordEncoder passwordEncoder() { + return new BCryptPasswordEncoder(12); + } + + @Bean + public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception { + return authenticationConfiguration.getAuthenticationManager(); + } } diff --git a/src/main/java/murraco/service/UserService.java b/src/main/java/murraco/service/UserService.java index e5c239f..83efa7a 100644 --- a/src/main/java/murraco/service/UserService.java +++ b/src/main/java/murraco/service/UserService.java @@ -1,6 +1,6 @@ package murraco.service; -import javax.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletRequest; import lombok.RequiredArgsConstructor; import org.springframework.http.HttpStatus; From f12fd7b6106d58f08ff780feb30ecd80d0d3258e Mon Sep 17 00:00:00 2001 From: chanhengseang Date: Sun, 6 Apr 2025 17:11:24 -0700 Subject: [PATCH 2/3] fix spring security --- pom.xml | 3 +- .../murraco/security/WebSecurityConfig.java | 37 ++++++++----------- 2 files changed, 17 insertions(+), 23 deletions(-) diff --git a/pom.xml b/pom.xml index 7c52aad..bc9f0a2 100644 --- a/pom.xml +++ b/pom.xml @@ -71,10 +71,9 @@ org.springdoc - springdoc-openapi-starter-webmvc-api + springdoc-openapi-starter-webmvc-ui 2.8.6 - io.jsonwebtoken jjwt diff --git a/src/main/java/murraco/security/WebSecurityConfig.java b/src/main/java/murraco/security/WebSecurityConfig.java index 8edb31e..cb8372e 100644 --- a/src/main/java/murraco/security/WebSecurityConfig.java +++ b/src/main/java/murraco/security/WebSecurityConfig.java @@ -5,10 +5,10 @@ import org.springframework.context.annotation.Configuration; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration; -import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; +import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer; +import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; @@ -16,7 +16,7 @@ @Configuration @EnableWebSecurity -@EnableGlobalMethodSecurity(prePostEnabled = true) +@EnableMethodSecurity @RequiredArgsConstructor public class WebSecurityConfig { @@ -24,31 +24,26 @@ public class WebSecurityConfig { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { - http.csrf().disable() - .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) - .and() + http.csrf(AbstractHttpConfigurer::disable) + .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) .authorizeHttpRequests(authz -> authz - .requestMatchers("/users/signin", "/users/signup", "/h2-console/**/**").permitAll() + .requestMatchers( + "/users/signin", + "/users/signup", + "/h2-console/**", + "/v3/api-docs/**", + "/swagger-ui/**", + "/swagger-resources/**", + "/configuration/**", + "/webjars/**" + ).permitAll() .anyRequest().authenticated() ) - .exceptionHandling().accessDeniedPage("/login") - .and() + .exceptionHandling(exception -> exception.accessDeniedPage("/login")) .apply(new JwtTokenFilterConfigurer(jwtTokenProvider)); return http.build(); } - @Bean - public WebSecurityCustomizer webSecurityCustomizer() { - return web -> web.ignoring() - .requestMatchers("/v3/api-docs", - "/swagger-resources/**", - "/swagger-ui.html", - "/configuration/**", - "/webjars/**", - "/public", - "/h2-console/**"); - } - @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(12); From 7d5084fcb861c3dbb137f47cc7c4a885464c8c8a Mon Sep 17 00:00:00 2001 From: chanhengseang Date: Sun, 6 Apr 2025 17:17:52 -0700 Subject: [PATCH 3/3] clean up --- src/main/java/murraco/JwtAuthServiceApp.java | 13 ++++++------- .../java/murraco/exception/CustomException.java | 6 ++---- 2 files changed, 8 insertions(+), 11 deletions(-) diff --git a/src/main/java/murraco/JwtAuthServiceApp.java b/src/main/java/murraco/JwtAuthServiceApp.java index d2414d2..b5f65f7 100644 --- a/src/main/java/murraco/JwtAuthServiceApp.java +++ b/src/main/java/murraco/JwtAuthServiceApp.java @@ -1,18 +1,17 @@ package murraco; -import java.util.ArrayList; -import java.util.Arrays; - import lombok.RequiredArgsConstructor; import murraco.model.AppUser; import murraco.model.AppUserRole; +import murraco.service.UserService; import org.modelmapper.ModelMapper; import org.springframework.boot.CommandLineRunner; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.context.annotation.Bean; -import murraco.service.UserService; +import java.util.ArrayList; +import java.util.List; @SpringBootApplication @RequiredArgsConstructor @@ -30,12 +29,12 @@ public ModelMapper modelMapper() { } @Override - public void run(String... params) throws Exception { + public void run(String... params) { AppUser admin = new AppUser(); admin.setUsername("admin"); admin.setPassword("admin"); admin.setEmail("admin@email.com"); - admin.setAppUserRoles(new ArrayList(Arrays.asList(AppUserRole.ROLE_ADMIN))); + admin.setAppUserRoles(new ArrayList<>(List.of(AppUserRole.ROLE_ADMIN))); userService.signup(admin); @@ -43,7 +42,7 @@ public void run(String... params) throws Exception { client.setUsername("client"); client.setPassword("client"); client.setEmail("client@email.com"); - client.setAppUserRoles(new ArrayList(Arrays.asList(AppUserRole.ROLE_CLIENT))); + client.setAppUserRoles(new ArrayList<>(List.of(AppUserRole.ROLE_CLIENT))); userService.signup(client); } diff --git a/src/main/java/murraco/exception/CustomException.java b/src/main/java/murraco/exception/CustomException.java index f9ed299..6001e26 100644 --- a/src/main/java/murraco/exception/CustomException.java +++ b/src/main/java/murraco/exception/CustomException.java @@ -1,5 +1,6 @@ package murraco.exception; +import lombok.Getter; import org.springframework.http.HttpStatus; import java.io.Serial; @@ -10,6 +11,7 @@ public class CustomException extends RuntimeException { private static final long serialVersionUID = 1L; private final String message; + @Getter private final HttpStatus httpStatus; public CustomException(String message, HttpStatus httpStatus) { @@ -22,8 +24,4 @@ public String getMessage() { return message; } - public HttpStatus getHttpStatus() { - return httpStatus; - } - }