Merge pull request #164 from Doha2012/master

modify reddit authentication
This commit is contained in:
Eugen 2015-03-16 22:26:19 +02:00
commit 7208be123d
11 changed files with 113 additions and 85 deletions

View File

@ -21,7 +21,11 @@
<artifactId>spring-security-config</artifactId>
<version>${org.springframework.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>${org.springframework.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
@ -152,6 +156,7 @@
<scope>runtime</scope>
</dependency>
<!-- marshalling -->
<dependency>

View File

@ -0,0 +1,41 @@
package org.baeldung.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication();
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/resources/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http.authorizeRequests()
.antMatchers("/","/login").permitAll()
.anyRequest().hasRole("USER")
.and()
.httpBasic().authenticationEntryPoint(oauth2AuthenticationEntryPoint());
// @formatter:on
}
private LoginUrlAuthenticationEntryPoint oauth2AuthenticationEntryPoint() {
return new LoginUrlAuthenticationEntryPoint("/login");
}
}

View File

@ -25,6 +25,7 @@ import org.springframework.web.servlet.ViewResolver;
import org.springframework.web.servlet.config.annotation.DefaultServletHandlerConfigurer;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
import org.springframework.web.servlet.view.InternalResourceViewResolver;
@ -42,7 +43,7 @@ public class WebConfig extends WebMvcConfigurerAdapter {
@Bean
public ViewResolver viewResolver() {
InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();
final InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();
viewResolver.setPrefix("/WEB-INF/jsp/");
viewResolver.setSuffix(".jsp");
return viewResolver;
@ -53,13 +54,20 @@ public class WebConfig extends WebMvcConfigurerAdapter {
configurer.enable();
}
@Override
public void addViewControllers(final ViewControllerRegistry registry) {
super.addViewControllers(registry);
registry.addViewController("/home.html");
}
@Bean
public ScheduledTasks scheduledTasks(OAuth2ProtectedResourceDetails reddit) {
ScheduledTasks s = new ScheduledTasks();
final ScheduledTasks s = new ScheduledTasks();
s.setRedditRestTemplate(new OAuth2RestTemplate(reddit));
return s;
}
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/resources/**").addResourceLocations("/resources/");
}
@ -83,7 +91,7 @@ public class WebConfig extends WebMvcConfigurerAdapter {
@Bean
public OAuth2ProtectedResourceDetails reddit() {
AuthorizationCodeResourceDetails details = new AuthorizationCodeResourceDetails();
final AuthorizationCodeResourceDetails details = new AuthorizationCodeResourceDetails();
details.setId("reddit");
details.setClientId(clientID);
details.setClientSecret(clientSecret);
@ -92,13 +100,15 @@ public class WebConfig extends WebMvcConfigurerAdapter {
details.setTokenName("oauth_token");
details.setScope(Arrays.asList("identity", "read", "submit"));
details.setGrantType("authorization_code");
details.setPreEstablishedRedirectUri("http://localhost:8080/spring-security-oauth/login");
details.setUseCurrentUri(false);
return details;
}
@Bean
public OAuth2RestTemplate redditRestTemplate(OAuth2ClientContext clientContext) {
OAuth2RestTemplate template = new OAuth2RestTemplate(reddit(), clientContext);
AccessTokenProvider accessTokenProvider = new AccessTokenProviderChain(Arrays.<AccessTokenProvider> asList(new MyAuthorizationCodeAccessTokenProvider(), new ImplicitAccessTokenProvider(), new ResourceOwnerPasswordAccessTokenProvider(),
final OAuth2RestTemplate template = new OAuth2RestTemplate(reddit(), clientContext);
final AccessTokenProvider accessTokenProvider = new AccessTokenProviderChain(Arrays.<AccessTokenProvider> asList(new MyAuthorizationCodeAccessTokenProvider(), new ImplicitAccessTokenProvider(), new ResourceOwnerPasswordAccessTokenProvider(),
new ClientCredentialsAccessTokenProvider()));
template.setAccessTokenProvider(accessTokenProvider);
return template;

View File

@ -2,13 +2,12 @@ package org.baeldung.web;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpSession;
import org.baeldung.persistence.dao.PostRepository;
import org.baeldung.persistence.dao.UserRepository;
import org.baeldung.persistence.model.Post;
@ -18,6 +17,9 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.stereotype.Controller;
@ -48,13 +50,11 @@ public class RedditController {
@Autowired
private PostRepository postReopsitory;
@RequestMapping("/info")
public final String getInfo(HttpSession session) {
@RequestMapping("/login")
public final String redditLogin() {
final JsonNode node = redditRestTemplate.getForObject("https://oauth.reddit.com/api/v1/me", JsonNode.class);
final String name = node.get("name").asText();
addUser(name, redditRestTemplate.getAccessToken());
session.setAttribute("username", name);
return "reddit";
loadAuthentication(node.get("name").asText(), redditRestTemplate.getAccessToken());
return "redirect:home.html";
}
@RequestMapping(value = "/submit", method = RequestMethod.POST)
@ -207,25 +207,26 @@ public class RedditController {
}
}
private final void addUser(final String name, final OAuth2AccessToken token) {
private final void loadAuthentication(final String name, final OAuth2AccessToken token) {
User user = userReopsitory.findByUsername(name);
if (user == null) {
user = new User();
user.setUsername(name);
user.setAccessToken(token.getValue());
user.setRefreshToken(token.getRefreshToken().getValue());
user.setTokenExpiration(token.getExpiration());
}
final String needsCaptchaResult = needsCaptcha();
if (needsCaptchaResult.equalsIgnoreCase("true")) {
if (needsCaptcha().equalsIgnoreCase("true")) {
user.setNeedCaptcha(true);
} else {
user.setNeedCaptcha(false);
}
user.setAccessToken(token.getValue());
user.setRefreshToken(token.getRefreshToken().getValue());
user.setTokenExpiration(token.getExpiration());
userReopsitory.save(user);
final UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(user, token.getValue(), Arrays.asList(new SimpleGrantedAuthority("ROLE_USER")));
SecurityContextHolder.getContext().setAuthentication(auth);
}
}

View File

@ -23,20 +23,14 @@ border-color: #ddd;
<body>
<nav class="navbar navbar-default">
<div class="container-fluid">
<!-- Brand and toggle get grouped for better mobile display -->
<div class="navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="<c:url value="/info" />">Schedule to Reddit</a>
<a class="navbar-brand" href="<c:url value="/home.html" />">Schedule to Reddit</a>
</div>
<p class="navbar-text navbar-right">Logged in as <b><c:out value="${username}"/></b>&nbsp;&nbsp;&nbsp;</p>
<!-- Collect the nav links, forms, and other content for toggling -->
<p class="navbar-text navbar-right">Logged in as
<b><sec:authentication property="principal.username" /></b>&nbsp;&nbsp;&nbsp;
</p>
<div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
<ul class="nav navbar-nav">
<li><a href="<c:url value="/posts" />">My Scheduled Posts</a></li>

View File

@ -1,4 +1,5 @@
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags"%>
<html>
<head>
@ -9,20 +10,14 @@
<body>
<nav class="navbar navbar-default">
<div class="container-fluid">
<!-- Brand and toggle get grouped for better mobile display -->
<div class="navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="#">Schedule to Reddit</a>
</div>
<p class="navbar-text navbar-right">Logged in as <b><c:out value="${username}"/></b>&nbsp;&nbsp;&nbsp;</p>
<p class="navbar-text navbar-right">Logged in as
<b><sec:authentication property="principal.username" /></b>&nbsp;&nbsp;&nbsp;
</p>
<!-- Collect the nav links, forms, and other content for toggling -->
<div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
<ul class="nav navbar-nav">
<li><a href="posts">My Scheduled Posts</a></li>
@ -34,12 +29,11 @@
</div><!-- /.container-fluid -->
</nav>
<div class="container">
<h1>Welcome, <small><c:out value="${username}"/></small></h1>
<h1>Welcome, <small><sec:authentication property="principal.username" /></small></h1>
<br>
<a href="posts" class="btn btn-primary">My Scheduled Posts</a>
<a href="post" class="btn btn-primary">Post to Reddit</a>
<a href="postSchedule" class="btn btn-primary">Schedule Post to Reddit</a>
</div>
</body>
</html>

View File

@ -1,5 +1,6 @@
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %>
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags"%>
<html>
<head>
@ -11,20 +12,14 @@
<body>
<nav class="navbar navbar-default">
<div class="container-fluid">
<!-- Brand and toggle get grouped for better mobile display -->
<div class="navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="info">Schedule to Reddit</a>
<a class="navbar-brand" href="home.html">Schedule to Reddit</a>
</div>
<p class="navbar-text navbar-right">Logged in as <b><c:out value="${username}"/></b>&nbsp;&nbsp;&nbsp;</p>
<!-- Collect the nav links, forms, and other content for toggling -->
<p class="navbar-text navbar-right">Logged in as
<b><sec:authentication property="principal.username" /></b>&nbsp;&nbsp;&nbsp;
</p>
<div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
<ul class="nav navbar-nav">
<li class="active"><a href="posts">My Scheduled Posts</a></li>

View File

@ -1,4 +1,6 @@
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags"%>
<html>
<head>
@ -23,20 +25,14 @@ border-color: #ddd;
<body>
<nav class="navbar navbar-default">
<div class="container-fluid">
<!-- Brand and toggle get grouped for better mobile display -->
<div class="navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="info">Schedule to Reddit</a>
<a class="navbar-brand" href="home.html">Schedule to Reddit</a>
</div>
<p class="navbar-text navbar-right">Logged in as <b><c:out value="${username}"/></b>&nbsp;&nbsp;&nbsp;</p>
<p class="navbar-text navbar-right">Logged in as
<b><sec:authentication property="principal.username" /></b>&nbsp;&nbsp;&nbsp;
</p>
<!-- Collect the nav links, forms, and other content for toggling -->
<div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
<ul class="nav navbar-nav">
<li><a href="posts">My Scheduled Posts</a></li>

View File

@ -1,4 +1,6 @@
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags"%>
<html>
<head>
@ -21,20 +23,14 @@ border-color: #ddd;
<body>
<nav class="navbar navbar-default">
<div class="container-fluid">
<!-- Brand and toggle get grouped for better mobile display -->
<div class="navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="info">Schedule to Reddit</a>
<div class="navbar-header">
<a class="navbar-brand" href="home.html">Schedule to Reddit</a>
</div>
<p class="navbar-text navbar-right">Logged in as <b><c:out value="${username}"/></b>&nbsp;&nbsp;&nbsp;</p>
<p class="navbar-text navbar-right">Logged in as
<b><sec:authentication property="principal.username" /></b>&nbsp;&nbsp;&nbsp;
</p>
<!-- Collect the nav links, forms, and other content for toggling -->
<div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
<ul class="nav navbar-nav">
<li><a href="posts">My Scheduled Posts</a></li>

View File

@ -1,4 +1,6 @@
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags"%>
<html>
<head>
@ -9,20 +11,14 @@
<body>
<nav class="navbar navbar-default">
<div class="container-fluid">
<!-- Brand and toggle get grouped for better mobile display -->
<div class="navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="info">Schedule to Reddit</a>
<a class="navbar-brand" href="home.html">Schedule to Reddit</a>
</div>
<p class="navbar-text navbar-right">Logged in as <b><c:out value="${username}"/></b>&nbsp;&nbsp;&nbsp;</p>
<p class="navbar-text navbar-right">Logged in as
<b><sec:authentication property="principal.username" /></b>&nbsp;&nbsp;&nbsp;
</p>
<!-- Collect the nav links, forms, and other content for toggling -->
<div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
<ul class="nav navbar-nav">
<li><a href="posts">My Scheduled Posts</a></li>

View File

@ -10,7 +10,7 @@
<body>
<div class="container">
<h1>Schedule to Reddit</h1>
<a href="info" class="btn btn-primary">Login with Reddit</a>
<a href="login" class="btn btn-primary">Login with Reddit</a>
</div>
</body>
</html>