implement login page back-end

jamesjieye · jamesjieye · commit d987a9bbe0a7 · 2018-08-26T20:55:43.000+08:00
diff --git a/pom.xml b/pom.xml
@@ -23,6 +23,7 @@
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
     <java.version>1.8</java.version>
+    <commons-io.version>2.6</commons-io.version>
   </properties>
 
   <dependencies>
@@ -50,6 +51,11 @@
       <groupId>org.apache.commons</groupId>
       <artifactId>commons-lang3</artifactId>
     </dependency>
+    <dependency>
+      <groupId>commons-io</groupId>
+      <artifactId>commons-io</artifactId>
+      <version>${commons-io.version}</version>
+    </dependency>
 
     <dependency>
       <groupId>org.springframework.boot</groupId>
diff --git a/src/main/java/com/taskagile/config/SecurityConfiguration.java b/src/main/java/com/taskagile/config/SecurityConfiguration.java
@@ -1,12 +1,20 @@
 package com.taskagile.config;
 
+import com.taskagile.web.apis.authenticate.AuthenticationFilter;
+import com.taskagile.web.apis.authenticate.SimpleAuthenticationFailureHandler;
+import com.taskagile.web.apis.authenticate.SimpleAuthenticationSuccessHandler;
+import com.taskagile.web.apis.authenticate.SimpleLogoutSuccessHandler;
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.authentication.AuthenticationFailureHandler;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
 
 @EnableWebSecurity
 public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@@ -18,17 +26,18 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
   protected void configure(HttpSecurity http) throws Exception {
     http
       .authorizeRequests()
-      .antMatchers(PUBLIC).permitAll()
-      .anyRequest().authenticated()
+        .antMatchers(PUBLIC).permitAll()
+        .anyRequest().authenticated()
       .and()
-      .formLogin()
-      .loginPage("/login")
+        .addFilterAt(authenticationFilter(), UsernamePasswordAuthenticationFilter.class)
+        .formLogin()
+        .loginPage("/login")
       .and()
-      .logout()
-      .logoutUrl("/logout")
-      .logoutSuccessUrl("/login?logged-out")
+        .logout()
+        .logoutUrl("/logout")
+        .logoutSuccessHandler(logoutSuccessHandler())
       .and()
-      .csrf().disable();
+        .csrf().disable();
   }
 
   @Override
@@ -40,4 +49,28 @@ public void configure(WebSecurity web) {
   public PasswordEncoder passwordEncoder() {
     return new BCryptPasswordEncoder();
   }
+
+  @Bean
+  public AuthenticationFilter authenticationFilter() throws Exception {
+    AuthenticationFilter authenticationFilter = new AuthenticationFilter();
+    authenticationFilter.setAuthenticationSuccessHandler(authenticationSuccessHandler());
+    authenticationFilter.setAuthenticationFailureHandler(authenticationFailureHandler());
+    authenticationFilter.setAuthenticationManager(authenticationManagerBean());
+    return authenticationFilter;
+  }
+
+  @Bean
+  public AuthenticationSuccessHandler authenticationSuccessHandler() {
+    return new SimpleAuthenticationSuccessHandler();
+  }
+
+  @Bean
+  public AuthenticationFailureHandler authenticationFailureHandler() {
+    return new SimpleAuthenticationFailureHandler();
+  }
+
+  @Bean
+  public LogoutSuccessHandler logoutSuccessHandler() {
+    return new SimpleLogoutSuccessHandler();
+  }
 }
diff --git a/src/main/java/com/taskagile/domain/application/UserService.java b/src/main/java/com/taskagile/domain/application/UserService.java
@@ -2,8 +2,9 @@
 
 import com.taskagile.domain.application.commands.RegistrationCommand;
 import com.taskagile.domain.model.user.RegistrationException;
+import org.springframework.security.core.userdetails.UserDetailsService;
 
-public interface UserService {
+public interface UserService extends UserDetailsService {
 
   /**
    * Register a new user with username, email address, and password.
diff --git a/src/main/java/com/taskagile/domain/application/impl/UserServiceImpl.java b/src/main/java/com/taskagile/domain/application/impl/UserServiceImpl.java
@@ -5,12 +5,13 @@
 import com.taskagile.domain.common.event.DomainEventPublisher;
 import com.taskagile.domain.common.mail.MailManager;
 import com.taskagile.domain.common.mail.MessageVariable;
-import com.taskagile.domain.model.user.RegistrationException;
-import com.taskagile.domain.model.user.RegistrationManagement;
-import com.taskagile.domain.model.user.User;
+import com.taskagile.domain.model.user.*;
 import com.taskagile.domain.model.user.events.UserRegisteredEvent;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.stereotype.Service;
 import org.springframework.util.Assert;
+import org.springframework.util.StringUtils;
 
 import javax.transaction.Transactional;
 
@@ -21,13 +22,34 @@ public class UserServiceImpl implements UserService {
   private RegistrationManagement registrationManagement;
   private DomainEventPublisher domainEventPublisher;
   private MailManager mailManager;
+  private UserRepository userRepository;
 
   public UserServiceImpl(RegistrationManagement registrationManagement,
                          DomainEventPublisher domainEventPublisher,
-                         MailManager mailManager) {
+                         MailManager mailManager,
+                         UserRepository userRepository) {
     this.registrationManagement = registrationManagement;
     this.domainEventPublisher = domainEventPublisher;
     this.mailManager = mailManager;
+    this.userRepository = userRepository;
+  }
+
+
+  @Override
+  public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+    if (StringUtils.isEmpty(username)) {
+      throw new UsernameNotFoundException("No user found");
+    }
+    User user;
+    if (username.contains("@")) {
+      user = userRepository.findByEmailAddress(username);
+    } else {
+      user = userRepository.findByUsername(username);
+    }
+    if (user == null) {
+      throw new UsernameNotFoundException("No user found by `" + username + "`");
+    }
+    return new SimpleUser(user);
   }
 
   @Override
diff --git a/src/main/java/com/taskagile/domain/model/user/SimpleUser.java b/src/main/java/com/taskagile/domain/model/user/SimpleUser.java
@@ -0,0 +1,86 @@
+package com.taskagile.domain.model.user;
+
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+
+import java.io.Serializable;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Objects;
+
+public class SimpleUser implements UserDetails, Serializable {
+
+  private static final long serialVersionUID = -7144174657188362966L;
+
+  private long userId;
+  private String username;
+  private String password;
+
+  public SimpleUser(User user) {
+    this.userId = user.getId();
+    this.username = user.getUsername();
+    this.password = user.getPassword();
+  }
+
+  public long getUserId() {
+    return userId;
+  }
+
+  @Override
+  public String getPassword() {
+    return password;
+  }
+
+  @Override
+  public String getUsername() {
+    return username;
+  }
+
+  @Override
+  public Collection<? extends GrantedAuthority> getAuthorities() {
+    return Collections.singleton(new SimpleGrantedAuthority("ROLE_USER"));
+  }
+
+  @Override
+  public boolean isAccountNonExpired() {
+    return true;
+  }
+
+  @Override
+  public boolean isAccountNonLocked() {
+    return true;
+  }
+
+  @Override
+  public boolean isCredentialsNonExpired() {
+    return true;
+  }
+
+  @Override
+  public boolean isEnabled() {
+    return true;
+  }
+
+  @Override
+  public boolean equals(Object o) {
+    if (this == o) return true;
+    if (!(o instanceof SimpleUser)) return false;
+    SimpleUser that = (SimpleUser) o;
+    return Objects.equals(username, that.username);
+  }
+
+  @Override
+  public int hashCode() {
+    return Objects.hash(username);
+  }
+
+  @Override
+  public String toString() {
+    return "SimpleUser{" +
+      "userId=" + userId +
+      ", username='" + username + '\'' +
+      ", password='" + password + '\'' +
+      '}';
+  }
+}
diff --git a/src/main/java/com/taskagile/domain/model/user/User.java b/src/main/java/com/taskagile/domain/model/user/User.java
@@ -52,6 +52,11 @@ public static User create(String username, String emailAddress, String password)
     return user;
   }
 
+  public void updateName(String firstName, String lastName) {
+    this.firstName = firstName;
+    this.lastName = lastName;
+  }
+
   public Long getId() {
     return id;
   }
diff --git a/src/main/java/com/taskagile/utils/JsonUtils.java b/src/main/java/com/taskagile/utils/JsonUtils.java
@@ -2,9 +2,13 @@
 
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.taskagile.web.apis.authenticate.AuthenticationFilter;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import java.io.IOException;
+import java.io.Writer;
+
 public final class JsonUtils {
 
   private static final Logger log = LoggerFactory.getLogger(JsonUtils.class);
@@ -21,4 +25,19 @@ public static String toJson(Object object) {
       return null;
     }
   }
+
+  public static <T> T toObject(String json, Class<T> clazz) {
+    try {
+      ObjectMapper objectMapper = new ObjectMapper();
+      return objectMapper.readValue(json, clazz);
+    } catch (IOException e) {
+      log.error("Failed to convert string `" + json + "` class `" + clazz.getName() + "`", e);
+      return null;
+    }
+  }
+
+  public static void write(Writer writer, Object value) throws IOException {
+    new ObjectMapper().writeValue(writer, value);
+  }
+
 }
diff --git a/src/main/java/com/taskagile/web/apis/authenticate/AuthenticationFilter.java b/src/main/java/com/taskagile/web/apis/authenticate/AuthenticationFilter.java
@@ -0,0 +1,68 @@
+package com.taskagile.web.apis.authenticate;
+
+import com.taskagile.utils.JsonUtils;
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.authentication.InsufficientAuthenticationException;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+public class AuthenticationFilter extends AbstractAuthenticationProcessingFilter {
+
+  private static final Logger log = LoggerFactory.getLogger(AuthenticationFilter.class);
+
+  public AuthenticationFilter() {
+    super(new AntPathRequestMatcher("/api/authentications", "POST"));
+  }
+
+  @Override
+  public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
+    throws AuthenticationException, IOException {
+
+    log.debug("Processing login request");
+
+    String requestBody = IOUtils.toString(request.getReader());
+    LoginRequest loginRequest = JsonUtils.toObject(requestBody, LoginRequest.class);
+    if (loginRequest == null || loginRequest.isInvalid()) {
+      throw new InsufficientAuthenticationException("Invalid authentication request");
+    }
+
+    UsernamePasswordAuthenticationToken token =
+      new UsernamePasswordAuthenticationToken(loginRequest.username, loginRequest.password);
+    return this.getAuthenticationManager().authenticate(token);
+  }
+
+  static class LoginRequest {
+    private String username;
+    private String password;
+
+    public boolean isInvalid() {
+      return StringUtils.isBlank(username) || StringUtils.isBlank(password);
+    }
+
+    public String getUsername() {
+      return username;
+    }
+
+    public void setUsername(String username) {
+      this.username = username;
+    }
+
+    public String getPassword() {
+      return password;
+    }
+
+    public void setPassword(String password) {
+      this.password = password;
+    }
+  }
+}
diff --git a/src/main/java/com/taskagile/web/apis/authenticate/SimpleAuthenticationFailureHandler.java b/src/main/java/com/taskagile/web/apis/authenticate/SimpleAuthenticationFailureHandler.java
@@ -0,0 +1,31 @@
+package com.taskagile.web.apis.authenticate;
+
+import com.taskagile.web.results.ApiResult;
+import com.taskagile.utils.JsonUtils;
+import org.springframework.http.HttpStatus;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.InsufficientAuthenticationException;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.AuthenticationFailureHandler;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+public class SimpleAuthenticationFailureHandler implements AuthenticationFailureHandler {
+
+  @Override
+  public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
+                                      AuthenticationException exception) throws IOException {
+    response.setStatus(HttpStatus.BAD_REQUEST.value());
+    ApiResult failure;
+    if (exception instanceof BadCredentialsException) {
+      failure = ApiResult.message("Invalid credentials");
+    } else if (exception instanceof InsufficientAuthenticationException) {
+      failure = ApiResult.message("Invalid authentication request");
+    } else {
+      failure = ApiResult.message("Authentication failure");
+    }
+    JsonUtils.write(response.getWriter(), failure);
+  }
+}
diff --git a/src/main/java/com/taskagile/web/apis/authenticate/SimpleAuthenticationSuccessHandler.java b/src/main/java/com/taskagile/web/apis/authenticate/SimpleAuthenticationSuccessHandler.java
diff --git a/src/main/java/com/taskagile/web/apis/authenticate/SimpleLogoutSuccessHandler.java b/src/main/java/com/taskagile/web/apis/authenticate/SimpleLogoutSuccessHandler.java
diff --git a/src/test/java/com/taskagile/domain/application/impl/UserServiceImplTests.java b/src/test/java/com/taskagile/domain/application/impl/UserServiceImplTests.java
diff --git a/src/test/java/com/taskagile/web/apis/authenticate/AuthenticationFilterTests.java b/src/test/java/com/taskagile/web/apis/authenticate/AuthenticationFilterTests.java

Original file line number	Diff line number	Diff line change
`@@ -52,6 +52,11 @@ public static User create(String username, String emailAddress, String password)`
`52`	`52`	`return user;`
`53`	`53`	`}`
`54`	`54`
	`55`	`+ public void updateName(String firstName, String lastName) {`
	`56`	`+ this.firstName = firstName;`
	`57`	`+ this.lastName = lastName;`
	`58`	`+ }`
	`59`	`+`
`55`	`60`	`public Long getId() {`
`56`	`61`	`return id;`
`57`	`62`	`}`