From 8ff5b3e538f6d0c48f394b94c6ecfc8fa00fc988 Mon Sep 17 00:00:00 2001
From: egmp777 <egmp777@gmail.com>
Date: Thu, 11 Dec 2014 15:33:40 -0500
Subject: [PATCH] Registration with PasswordEncoding
---
.../baeldung/event/OnRegistrationCompleteEvent.java | 2 --
.../event/listener/RegistrationListener.java | 2 +-
.../java/org/baeldung/hashing/HashGenerator.java | 12 ++++++++++++
.../java/org/baeldung/persistence/model/Role.java | 2 --
.../persistence/model/VerificationToken.java | 1 -
.../baeldung/persistence/service/UserService.java | 9 +++++----
.../org/baeldung/security/MyUserDetailsService.java | 11 +++--------
.../main/java/org/baeldung/spring/MvcConfig.java | 8 ++++++++
.../web/controller/RegistrationController.java | 6 +++---
.../src/main/resources/application.properties | 2 +-
.../src/main/resources/webSecurityConfig.xml | 13 +++++++++----
11 files changed, 42 insertions(+), 26 deletions(-)
create mode 100644 spring-security-login-and-registration/src/main/java/org/baeldung/hashing/HashGenerator.java
diff --git a/spring-security-login-and-registration/src/main/java/org/baeldung/event/OnRegistrationCompleteEvent.java b/spring-security-login-and-registration/src/main/java/org/baeldung/event/OnRegistrationCompleteEvent.java
index f731c23fb1..9094099ecc 100644
--- a/spring-security-login-and-registration/src/main/java/org/baeldung/event/OnRegistrationCompleteEvent.java
+++ b/spring-security-login-and-registration/src/main/java/org/baeldung/event/OnRegistrationCompleteEvent.java
@@ -3,9 +3,7 @@ package org.baeldung.event;
import java.util.Locale;
import org.baeldung.persistence.model.User;
-import org.baeldung.web.controller.RegistrationController;
import org.springframework.context.ApplicationEvent;
-import org.springframework.web.context.request.WebRequest;
@SuppressWarnings("serial")
public class OnRegistrationCompleteEvent extends ApplicationEvent {
diff --git a/spring-security-login-and-registration/src/main/java/org/baeldung/event/listener/RegistrationListener.java b/spring-security-login-and-registration/src/main/java/org/baeldung/event/listener/RegistrationListener.java
index 17cd7d6b0c..5c848c7433 100644
--- a/spring-security-login-and-registration/src/main/java/org/baeldung/event/listener/RegistrationListener.java
+++ b/spring-security-login-and-registration/src/main/java/org/baeldung/event/listener/RegistrationListener.java
@@ -32,7 +32,7 @@ public class RegistrationListener implements ApplicationListener<OnRegistrationC
User user = event.getUser();
String token = UUID.randomUUID().toString();
service.createVerificationTokenForUser(user, token);
-
+
String recipientAddress = user.getEmail();
String subject = "Registration Confirmation";
String confirmationUrl = event.getAppUrl() + "/regitrationConfirm.html?token=" + token;
diff --git a/spring-security-login-and-registration/src/main/java/org/baeldung/hashing/HashGenerator.java b/spring-security-login-and-registration/src/main/java/org/baeldung/hashing/HashGenerator.java
new file mode 100644
index 0000000000..bf9620a052
--- /dev/null
+++ b/spring-security-login-and-registration/src/main/java/org/baeldung/hashing/HashGenerator.java
@@ -0,0 +1,12 @@
+package org.baeldung.hashing;
+
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+
+public class HashGenerator {
+
+ public String getHashedPassword(String password) {
+ BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
+ String hashedPassword = passwordEncoder.encode(password);
+ return hashedPassword;
+ }
+}
diff --git a/spring-security-login-and-registration/src/main/java/org/baeldung/persistence/model/Role.java b/spring-security-login-and-registration/src/main/java/org/baeldung/persistence/model/Role.java
index 2468fb997d..b6d495a266 100644
--- a/spring-security-login-and-registration/src/main/java/org/baeldung/persistence/model/Role.java
+++ b/spring-security-login-and-registration/src/main/java/org/baeldung/persistence/model/Role.java
@@ -1,7 +1,6 @@
package org.baeldung.persistence.model;
import javax.persistence.CascadeType;
-import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.GeneratedValue;
@@ -23,7 +22,6 @@ public class Role {
@JoinColumn(name = "user_id")
private User user;
- @Column(name = "role")
private Integer role;
public Role() {
diff --git a/spring-security-login-and-registration/src/main/java/org/baeldung/persistence/model/VerificationToken.java b/spring-security-login-and-registration/src/main/java/org/baeldung/persistence/model/VerificationToken.java
index 368f966a39..d85aecb618 100644
--- a/spring-security-login-and-registration/src/main/java/org/baeldung/persistence/model/VerificationToken.java
+++ b/spring-security-login-and-registration/src/main/java/org/baeldung/persistence/model/VerificationToken.java
@@ -3,7 +3,6 @@ package org.baeldung.persistence.model;
import java.util.Calendar;
import java.sql.Date;
import java.sql.Timestamp;
-
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.GeneratedValue;
diff --git a/spring-security-login-and-registration/src/main/java/org/baeldung/persistence/service/UserService.java b/spring-security-login-and-registration/src/main/java/org/baeldung/persistence/service/UserService.java
index 299a3cdfcd..a0b8ed4a4b 100644
--- a/spring-security-login-and-registration/src/main/java/org/baeldung/persistence/service/UserService.java
+++ b/spring-security-login-and-registration/src/main/java/org/baeldung/persistence/service/UserService.java
@@ -2,6 +2,7 @@ package org.baeldung.persistence.service;
import javax.transaction.Transactional;
+import org.baeldung.hashing.HashGenerator;
import org.baeldung.persistence.dao.UserRepository;
import org.baeldung.persistence.dao.VerificationTokenRepository;
import org.baeldung.persistence.model.Role;
@@ -20,7 +21,8 @@ public class UserService implements IUserService {
@Autowired
private VerificationTokenRepository tokenRepository;
- // API
+ @Autowired
+ private HashGenerator hashGenerator;
@Override
public User registerNewUserAccount(UserDto accountDto) throws EmailExistsException {
@@ -30,7 +32,8 @@ public class UserService implements IUserService {
User user = new User();
user.setFirstName(accountDto.getFirstName());
user.setLastName(accountDto.getLastName());
- user.setPassword(accountDto.getPassword());
+ String hashedPassword = hashGenerator.getHashedPassword(accountDto.getPassword());
+ user.setPassword(hashedPassword);
user.setEmail(accountDto.getEmail());
user.setRole(new Role(Integer.valueOf(1), user));
return repository.save(user);
@@ -63,8 +66,6 @@ public class UserService implements IUserService {
tokenRepository.save(myToken);
}
- //
-
private boolean emailExist(String email) {
User user = repository.findByEmail(email);
if (user != null) {
diff --git a/spring-security-login-and-registration/src/main/java/org/baeldung/security/MyUserDetailsService.java b/spring-security-login-and-registration/src/main/java/org/baeldung/security/MyUserDetailsService.java
index c08c47d1b2..a103504055 100644
--- a/spring-security-login-and-registration/src/main/java/org/baeldung/security/MyUserDetailsService.java
+++ b/spring-security-login-and-registration/src/main/java/org/baeldung/security/MyUserDetailsService.java
@@ -3,11 +3,10 @@ package org.baeldung.security;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
+
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
import org.baeldung.persistence.dao.UserRepository;
import org.baeldung.persistence.model.User;
import org.baeldung.persistence.service.IUserService;
@@ -22,8 +21,6 @@ import org.springframework.transaction.annotation.Transactional;
@Transactional
public class MyUserDetailsService implements UserDetailsService {
- private final Logger LOGGER = LoggerFactory.getLogger(getClass());
-
@Autowired
private UserRepository userRepository;
@Autowired
@@ -41,14 +38,12 @@ public class MyUserDetailsService implements UserDetailsService {
boolean credentialsNonExpired = true;
boolean accountNonLocked = true;
try {
- LOGGER.debug("Loading user by username: {}", email);
User user = userRepository.findByEmail(email);
- LOGGER.debug("Found user: {}", user);
if (user == null) {
return new org.springframework.security.core.userdetails.User(" ", " ", enabled, true, true, true, getAuthorities(new Integer(1)));
}
-
- return new org.springframework.security.core.userdetails.User(user.getEmail(), user.getPassword().toLowerCase(), user.isEnabled(), accountNonExpired, credentialsNonExpired, accountNonLocked, getAuthorities(user.getRole().getRole()));
+
+ return new org.springframework.security.core.userdetails.User(user.getEmail(), user.getPassword(), user.isEnabled(), accountNonExpired, credentialsNonExpired, accountNonLocked, getAuthorities(user.getRole().getRole()));
} catch (Exception e) {
throw new RuntimeException(e);
}
diff --git a/spring-security-login-and-registration/src/main/java/org/baeldung/spring/MvcConfig.java b/spring-security-login-and-registration/src/main/java/org/baeldung/spring/MvcConfig.java
index 5f1e79f023..3294ac2788 100644
--- a/spring-security-login-and-registration/src/main/java/org/baeldung/spring/MvcConfig.java
+++ b/spring-security-login-and-registration/src/main/java/org/baeldung/spring/MvcConfig.java
@@ -2,6 +2,7 @@ package org.baeldung.spring;
import java.util.Locale;
+import org.baeldung.hashing.HashGenerator;
import org.baeldung.validation.service.EmailValidator;
import org.baeldung.validation.service.PasswordMatchesValidator;
import org.springframework.context.MessageSource;
@@ -100,4 +101,11 @@ public class MvcConfig extends WebMvcConfigurerAdapter {
return passwordMatchesValidator;
}
+ // DIC 7
+ @Bean
+ public HashGenerator hashGenerator() {
+ HashGenerator hashGenerator = new HashGenerator();
+ return hashGenerator;
+ }
+
}
\ No newline at end of file
diff --git a/spring-security-login-and-registration/src/main/java/org/baeldung/web/controller/RegistrationController.java b/spring-security-login-and-registration/src/main/java/org/baeldung/web/controller/RegistrationController.java
index 635fb0dc44..69709c9190 100644
--- a/spring-security-login-and-registration/src/main/java/org/baeldung/web/controller/RegistrationController.java
+++ b/spring-security-login-and-registration/src/main/java/org/baeldung/web/controller/RegistrationController.java
@@ -60,21 +60,21 @@ public class RegistrationController {
@RequestMapping(value = "/regitrationConfirm", method = RequestMethod.GET)
public String confirmRegistration(WebRequest request, Model model, @RequestParam("token") String token) {
Locale locale = request.getLocale();
-
+
VerificationToken verificationToken = service.getVerificationToken(token);
if (verificationToken == null) {
String message = messages.getMessage("auth.message.invalidToken", null, locale);
model.addAttribute("message", message);
return "redirect:/badUser.html?lang=" + locale.getLanguage();
}
-
+
User user = verificationToken.getUser();
Calendar cal = Calendar.getInstance();
if ((verificationToken.getExpiryDate().getTime() - cal.getTime().getTime()) <= 0) {
model.addAttribute("message", messages.getMessage("auth.message.expired", null, locale));
return "redirect:/badUser.html?lang=" + locale.getLanguage();
}
-
+
user.setEnabled(true);
service.saveRegisteredUser(user);
return "redirect:/login.html?lang=" + locale.getLanguage();
diff --git a/spring-security-login-and-registration/src/main/resources/application.properties b/spring-security-login-and-registration/src/main/resources/application.properties
index 51db801043..70d0f63499 100644
--- a/spring-security-login-and-registration/src/main/resources/application.properties
+++ b/spring-security-login-and-registration/src/main/resources/application.properties
@@ -14,4 +14,4 @@ smtp.port=465
smtp.protocol=smtps
smtp.username=xxx777@gmail.com
smtp.password=
-support.email=xxx777@gmail.com
\ No newline at end of file
+support.email=xxx777@gmail.com
diff --git a/spring-security-login-and-registration/src/main/resources/webSecurityConfig.xml b/spring-security-login-and-registration/src/main/resources/webSecurityConfig.xml
index d6abce8889..0a05c24026 100644
--- a/spring-security-login-and-registration/src/main/resources/webSecurityConfig.xml
+++ b/spring-security-login-and-registration/src/main/resources/webSecurityConfig.xml
@@ -15,7 +15,7 @@
<intercept-url pattern="/expiredAccount*" access="permitAll" />
<intercept-url pattern="/registration*" access="permitAll" />
<intercept-url pattern="/badUser*" access="permitAll" />
-
+
<intercept-url pattern="/emailError*" access="permitAll" />
<intercept-url pattern="/resources/**" access="permitAll" />
<intercept-url pattern="/invalidSession*" access="isAnonymous()" />
@@ -32,10 +32,15 @@
<beans:bean id="myAuthenticationSuccessHandler"
class="org.baeldung.security.MySimpleUrlAuthenticationSuccessHandler" />
-
<authentication-manager>
- <authentication-provider user-service-ref="userDetailsService" />
+ <authentication-provider ref="authProvider"/>
</authentication-manager>
+ <beans:bean id="authProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
+ <beans:property name="userDetailsService" ref="userDetailsService" /> <beans:property
+ name="passwordEncoder" ref="encoder" /> </beans:bean>
<beans:bean id="userDetailsService" class="org.baeldung.security.MyUserDetailsService" />
-
+ <beans:bean id="encoder"
+ class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
+ <beans:constructor-arg name="strength" value="11" />
+ </beans:bean>
</beans:beans>
\ No newline at end of file