Merge pull request #164 from Doha2012/master

modify reddit authentication
This commit is contained in:
Eugen 2015-03-16 22:26:19 +02:00
commit 7208be123d
11 changed files with 113 additions and 85 deletions

View File

@ -21,7 +21,11 @@
<artifactId>spring-security-config</artifactId> <artifactId>spring-security-config</artifactId>
<version>${org.springframework.security.version}</version> <version>${org.springframework.security.version}</version>
</dependency> </dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>${org.springframework.security.version}</version>
</dependency>
<dependency> <dependency>
<groupId>org.springframework.security.oauth</groupId> <groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId> <artifactId>spring-security-oauth2</artifactId>
@ -152,6 +156,7 @@
<scope>runtime</scope> <scope>runtime</scope>
</dependency> </dependency>
<!-- marshalling --> <!-- marshalling -->
<dependency> <dependency>

View File

@ -0,0 +1,41 @@
package org.baeldung.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication();
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/resources/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http.authorizeRequests()
.antMatchers("/","/login").permitAll()
.anyRequest().hasRole("USER")
.and()
.httpBasic().authenticationEntryPoint(oauth2AuthenticationEntryPoint());
// @formatter:on
}
private LoginUrlAuthenticationEntryPoint oauth2AuthenticationEntryPoint() {
return new LoginUrlAuthenticationEntryPoint("/login");
}
}

View File

@ -25,6 +25,7 @@ import org.springframework.web.servlet.ViewResolver;
import org.springframework.web.servlet.config.annotation.DefaultServletHandlerConfigurer; import org.springframework.web.servlet.config.annotation.DefaultServletHandlerConfigurer;
import org.springframework.web.servlet.config.annotation.EnableWebMvc; import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry; import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
import org.springframework.web.servlet.view.InternalResourceViewResolver; import org.springframework.web.servlet.view.InternalResourceViewResolver;
@ -42,7 +43,7 @@ public class WebConfig extends WebMvcConfigurerAdapter {
@Bean @Bean
public ViewResolver viewResolver() { public ViewResolver viewResolver() {
InternalResourceViewResolver viewResolver = new InternalResourceViewResolver(); final InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();
viewResolver.setPrefix("/WEB-INF/jsp/"); viewResolver.setPrefix("/WEB-INF/jsp/");
viewResolver.setSuffix(".jsp"); viewResolver.setSuffix(".jsp");
return viewResolver; return viewResolver;
@ -53,13 +54,20 @@ public class WebConfig extends WebMvcConfigurerAdapter {
configurer.enable(); configurer.enable();
} }
@Override
public void addViewControllers(final ViewControllerRegistry registry) {
super.addViewControllers(registry);
registry.addViewController("/home.html");
}
@Bean @Bean
public ScheduledTasks scheduledTasks(OAuth2ProtectedResourceDetails reddit) { public ScheduledTasks scheduledTasks(OAuth2ProtectedResourceDetails reddit) {
ScheduledTasks s = new ScheduledTasks(); final ScheduledTasks s = new ScheduledTasks();
s.setRedditRestTemplate(new OAuth2RestTemplate(reddit)); s.setRedditRestTemplate(new OAuth2RestTemplate(reddit));
return s; return s;
} }
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) { public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/resources/**").addResourceLocations("/resources/"); registry.addResourceHandler("/resources/**").addResourceLocations("/resources/");
} }
@ -83,7 +91,7 @@ public class WebConfig extends WebMvcConfigurerAdapter {
@Bean @Bean
public OAuth2ProtectedResourceDetails reddit() { public OAuth2ProtectedResourceDetails reddit() {
AuthorizationCodeResourceDetails details = new AuthorizationCodeResourceDetails(); final AuthorizationCodeResourceDetails details = new AuthorizationCodeResourceDetails();
details.setId("reddit"); details.setId("reddit");
details.setClientId(clientID); details.setClientId(clientID);
details.setClientSecret(clientSecret); details.setClientSecret(clientSecret);
@ -92,13 +100,15 @@ public class WebConfig extends WebMvcConfigurerAdapter {
details.setTokenName("oauth_token"); details.setTokenName("oauth_token");
details.setScope(Arrays.asList("identity", "read", "submit")); details.setScope(Arrays.asList("identity", "read", "submit"));
details.setGrantType("authorization_code"); details.setGrantType("authorization_code");
details.setPreEstablishedRedirectUri("http://localhost:8080/spring-security-oauth/login");
details.setUseCurrentUri(false);
return details; return details;
} }
@Bean @Bean
public OAuth2RestTemplate redditRestTemplate(OAuth2ClientContext clientContext) { public OAuth2RestTemplate redditRestTemplate(OAuth2ClientContext clientContext) {
OAuth2RestTemplate template = new OAuth2RestTemplate(reddit(), clientContext); final OAuth2RestTemplate template = new OAuth2RestTemplate(reddit(), clientContext);
AccessTokenProvider accessTokenProvider = new AccessTokenProviderChain(Arrays.<AccessTokenProvider> asList(new MyAuthorizationCodeAccessTokenProvider(), new ImplicitAccessTokenProvider(), new ResourceOwnerPasswordAccessTokenProvider(), final AccessTokenProvider accessTokenProvider = new AccessTokenProviderChain(Arrays.<AccessTokenProvider> asList(new MyAuthorizationCodeAccessTokenProvider(), new ImplicitAccessTokenProvider(), new ResourceOwnerPasswordAccessTokenProvider(),
new ClientCredentialsAccessTokenProvider())); new ClientCredentialsAccessTokenProvider()));
template.setAccessTokenProvider(accessTokenProvider); template.setAccessTokenProvider(accessTokenProvider);
return template; return template;

View File

@ -2,13 +2,12 @@ package org.baeldung.web;
import java.text.ParseException; import java.text.ParseException;
import java.text.SimpleDateFormat; import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Date; import java.util.Date;
import java.util.HashMap; import java.util.HashMap;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import javax.servlet.http.HttpSession;
import org.baeldung.persistence.dao.PostRepository; import org.baeldung.persistence.dao.PostRepository;
import org.baeldung.persistence.dao.UserRepository; import org.baeldung.persistence.dao.UserRepository;
import org.baeldung.persistence.model.Post; import org.baeldung.persistence.model.Post;
@ -18,6 +17,9 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus; import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.client.OAuth2RestTemplate; import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.stereotype.Controller; import org.springframework.stereotype.Controller;
@ -48,13 +50,11 @@ public class RedditController {
@Autowired @Autowired
private PostRepository postReopsitory; private PostRepository postReopsitory;
@RequestMapping("/info") @RequestMapping("/login")
public final String getInfo(HttpSession session) { public final String redditLogin() {
final JsonNode node = redditRestTemplate.getForObject("https://oauth.reddit.com/api/v1/me", JsonNode.class); final JsonNode node = redditRestTemplate.getForObject("https://oauth.reddit.com/api/v1/me", JsonNode.class);
final String name = node.get("name").asText(); loadAuthentication(node.get("name").asText(), redditRestTemplate.getAccessToken());
addUser(name, redditRestTemplate.getAccessToken()); return "redirect:home.html";
session.setAttribute("username", name);
return "reddit";
} }
@RequestMapping(value = "/submit", method = RequestMethod.POST) @RequestMapping(value = "/submit", method = RequestMethod.POST)
@ -207,25 +207,26 @@ public class RedditController {
} }
} }
private final void addUser(final String name, final OAuth2AccessToken token) { private final void loadAuthentication(final String name, final OAuth2AccessToken token) {
User user = userReopsitory.findByUsername(name); User user = userReopsitory.findByUsername(name);
if (user == null) { if (user == null) {
user = new User(); user = new User();
user.setUsername(name); user.setUsername(name);
user.setAccessToken(token.getValue());
user.setRefreshToken(token.getRefreshToken().getValue());
user.setTokenExpiration(token.getExpiration());
} }
final String needsCaptchaResult = needsCaptcha(); if (needsCaptcha().equalsIgnoreCase("true")) {
if (needsCaptchaResult.equalsIgnoreCase("true")) {
user.setNeedCaptcha(true); user.setNeedCaptcha(true);
} else { } else {
user.setNeedCaptcha(false); user.setNeedCaptcha(false);
} }
user.setAccessToken(token.getValue()); user.setAccessToken(token.getValue());
user.setRefreshToken(token.getRefreshToken().getValue()); user.setRefreshToken(token.getRefreshToken().getValue());
user.setTokenExpiration(token.getExpiration());
userReopsitory.save(user); userReopsitory.save(user);
final UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(user, token.getValue(), Arrays.asList(new SimpleGrantedAuthority("ROLE_USER")));
SecurityContextHolder.getContext().setAuthentication(auth);
} }
} }

View File

@ -23,20 +23,14 @@ border-color: #ddd;
<body> <body>
<nav class="navbar navbar-default"> <nav class="navbar navbar-default">
<div class="container-fluid"> <div class="container-fluid">
<!-- Brand and toggle get grouped for better mobile display -->
<div class="navbar-header"> <div class="navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1"> <a class="navbar-brand" href="<c:url value="/home.html" />">Schedule to Reddit</a>
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="<c:url value="/info" />">Schedule to Reddit</a>
</div> </div>
<p class="navbar-text navbar-right">Logged in as <b><c:out value="${username}"/></b>&nbsp;&nbsp;&nbsp;</p> <p class="navbar-text navbar-right">Logged in as
<b><sec:authentication property="principal.username" /></b>&nbsp;&nbsp;&nbsp;
</p>
<!-- Collect the nav links, forms, and other content for toggling -->
<div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1"> <div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
<ul class="nav navbar-nav"> <ul class="nav navbar-nav">
<li><a href="<c:url value="/posts" />">My Scheduled Posts</a></li> <li><a href="<c:url value="/posts" />">My Scheduled Posts</a></li>

View File

@ -1,4 +1,5 @@
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags"%>
<html> <html>
<head> <head>
@ -9,20 +10,14 @@
<body> <body>
<nav class="navbar navbar-default"> <nav class="navbar navbar-default">
<div class="container-fluid"> <div class="container-fluid">
<!-- Brand and toggle get grouped for better mobile display -->
<div class="navbar-header"> <div class="navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="#">Schedule to Reddit</a> <a class="navbar-brand" href="#">Schedule to Reddit</a>
</div> </div>
<p class="navbar-text navbar-right">Logged in as <b><c:out value="${username}"/></b>&nbsp;&nbsp;&nbsp;</p> <p class="navbar-text navbar-right">Logged in as
<b><sec:authentication property="principal.username" /></b>&nbsp;&nbsp;&nbsp;
</p>
<!-- Collect the nav links, forms, and other content for toggling -->
<div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1"> <div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
<ul class="nav navbar-nav"> <ul class="nav navbar-nav">
<li><a href="posts">My Scheduled Posts</a></li> <li><a href="posts">My Scheduled Posts</a></li>
@ -34,12 +29,11 @@
</div><!-- /.container-fluid --> </div><!-- /.container-fluid -->
</nav> </nav>
<div class="container"> <div class="container">
<h1>Welcome, <small><c:out value="${username}"/></small></h1> <h1>Welcome, <small><sec:authentication property="principal.username" /></small></h1>
<br> <br>
<a href="posts" class="btn btn-primary">My Scheduled Posts</a> <a href="posts" class="btn btn-primary">My Scheduled Posts</a>
<a href="post" class="btn btn-primary">Post to Reddit</a> <a href="post" class="btn btn-primary">Post to Reddit</a>
<a href="postSchedule" class="btn btn-primary">Schedule Post to Reddit</a> <a href="postSchedule" class="btn btn-primary">Schedule Post to Reddit</a>
</div> </div>
</body> </body>
</html> </html>

View File

@ -1,5 +1,6 @@
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %> <%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %>
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags"%>
<html> <html>
<head> <head>
@ -11,20 +12,14 @@
<body> <body>
<nav class="navbar navbar-default"> <nav class="navbar navbar-default">
<div class="container-fluid"> <div class="container-fluid">
<!-- Brand and toggle get grouped for better mobile display -->
<div class="navbar-header"> <div class="navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1"> <a class="navbar-brand" href="home.html">Schedule to Reddit</a>
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="info">Schedule to Reddit</a>
</div> </div>
<p class="navbar-text navbar-right">Logged in as <b><c:out value="${username}"/></b>&nbsp;&nbsp;&nbsp;</p> <p class="navbar-text navbar-right">Logged in as
<b><sec:authentication property="principal.username" /></b>&nbsp;&nbsp;&nbsp;
</p>
<!-- Collect the nav links, forms, and other content for toggling -->
<div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1"> <div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
<ul class="nav navbar-nav"> <ul class="nav navbar-nav">
<li class="active"><a href="posts">My Scheduled Posts</a></li> <li class="active"><a href="posts">My Scheduled Posts</a></li>

View File

@ -1,4 +1,6 @@
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags"%>
<html> <html>
<head> <head>
@ -23,20 +25,14 @@ border-color: #ddd;
<body> <body>
<nav class="navbar navbar-default"> <nav class="navbar navbar-default">
<div class="container-fluid"> <div class="container-fluid">
<!-- Brand and toggle get grouped for better mobile display -->
<div class="navbar-header"> <div class="navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1"> <a class="navbar-brand" href="home.html">Schedule to Reddit</a>
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="info">Schedule to Reddit</a>
</div> </div>
<p class="navbar-text navbar-right">Logged in as <b><c:out value="${username}"/></b>&nbsp;&nbsp;&nbsp;</p> <p class="navbar-text navbar-right">Logged in as
<b><sec:authentication property="principal.username" /></b>&nbsp;&nbsp;&nbsp;
</p>
<!-- Collect the nav links, forms, and other content for toggling -->
<div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1"> <div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
<ul class="nav navbar-nav"> <ul class="nav navbar-nav">
<li><a href="posts">My Scheduled Posts</a></li> <li><a href="posts">My Scheduled Posts</a></li>

View File

@ -1,4 +1,6 @@
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags"%>
<html> <html>
<head> <head>
@ -21,20 +23,14 @@ border-color: #ddd;
<body> <body>
<nav class="navbar navbar-default"> <nav class="navbar navbar-default">
<div class="container-fluid"> <div class="container-fluid">
<!-- Brand and toggle get grouped for better mobile display --> <div class="navbar-header">
<div class="navbar-header"> <a class="navbar-brand" href="home.html">Schedule to Reddit</a>
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="info">Schedule to Reddit</a>
</div> </div>
<p class="navbar-text navbar-right">Logged in as <b><c:out value="${username}"/></b>&nbsp;&nbsp;&nbsp;</p> <p class="navbar-text navbar-right">Logged in as
<b><sec:authentication property="principal.username" /></b>&nbsp;&nbsp;&nbsp;
</p>
<!-- Collect the nav links, forms, and other content for toggling -->
<div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1"> <div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
<ul class="nav navbar-nav"> <ul class="nav navbar-nav">
<li><a href="posts">My Scheduled Posts</a></li> <li><a href="posts">My Scheduled Posts</a></li>

View File

@ -1,4 +1,6 @@
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags"%>
<html> <html>
<head> <head>
@ -9,20 +11,14 @@
<body> <body>
<nav class="navbar navbar-default"> <nav class="navbar navbar-default">
<div class="container-fluid"> <div class="container-fluid">
<!-- Brand and toggle get grouped for better mobile display -->
<div class="navbar-header"> <div class="navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1"> <a class="navbar-brand" href="home.html">Schedule to Reddit</a>
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="info">Schedule to Reddit</a>
</div> </div>
<p class="navbar-text navbar-right">Logged in as <b><c:out value="${username}"/></b>&nbsp;&nbsp;&nbsp;</p> <p class="navbar-text navbar-right">Logged in as
<b><sec:authentication property="principal.username" /></b>&nbsp;&nbsp;&nbsp;
</p>
<!-- Collect the nav links, forms, and other content for toggling -->
<div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1"> <div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
<ul class="nav navbar-nav"> <ul class="nav navbar-nav">
<li><a href="posts">My Scheduled Posts</a></li> <li><a href="posts">My Scheduled Posts</a></li>

View File

@ -10,7 +10,7 @@
<body> <body>
<div class="container"> <div class="container">
<h1>Schedule to Reddit</h1> <h1>Schedule to Reddit</h1>
<a href="info" class="btn btn-primary">Login with Reddit</a> <a href="login" class="btn btn-primary">Login with Reddit</a>
</div> </div>
</body> </body>
</html> </html>