Skip to content
Snippets Groups Projects
Commit bc5c3d29 authored by Tomas Madeja's avatar Tomas Madeja
Browse files

misc: minor changes

jk: fix auth, allow all cross origins, add some frontend auth
parent 4eda5fc3
No related branches found
No related tags found
No related merge requests found
......@@ -25,7 +25,7 @@ public class RestConfiguration {
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedMethods("GET", "POST", "PUT", "DELETE")
.allowedOrigins("http://localhost:4200/");
.allowedOrigins("*");
}
};
}
......
......@@ -35,17 +35,6 @@ public class JWTAuthorizationFilter extends BasicAuthenticationFilter {
HttpServletResponse res,
FilterChain chain) throws IOException, ServletException {
logger.info("Auth request on " + req.getRequestURI());
// if (req.getRequestURI().startsWith("/pa165/api/public")) {
// logger.info("Ignoring auth on public route");
// UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
// "",
// null,
// new ArrayList<>()
// );
// SecurityContextHolder.getContext().setAuthentication(authentication);
// chain.doFilter(req, res);
// return;
// }
String header = req.getHeader(HEADER_STRING);
......@@ -73,6 +62,7 @@ public class JWTAuthorizationFilter extends BasicAuthenticationFilter {
if (username != null) {
// new arraylist means authorities
logger.info("Auth SUCCESS");
var user = userAuthFacade.fetchUser(username).orElseThrow();
logger.info(username + " with role " + user.getRole().toString());
return new UsernamePasswordAuthenticationToken(
......
......@@ -6,6 +6,6 @@ public class SecurityConstants {
public static final long EXPIRATION_TIME = 900_000; // 15 mins
public static final String TOKEN_PREFIX = "Bearer ";
public static final String HEADER_STRING = "Authorization";
public static final String SIGN_UP_URL = "/pa165/auth";
public static final String SIGN_UP_URL = "/pa165/auth/**";
public static final String AUTH_URL = "/pa165/auth/login";
}
......@@ -29,12 +29,12 @@ public class WebSecurity extends WebSecurityConfigurerAdapter {
@Override
@Order(1)
protected void configure(HttpSecurity http) throws Exception {
http.cors().and()
.authorizeRequests()
http.cors().and().authorizeRequests()
.antMatchers(HttpMethod.POST, SIGN_UP_URL).permitAll()
.antMatchers(HttpMethod.GET, "/pa165/api/public/**").permitAll()
.antMatchers("/pa165/api/manage/league/**").hasRole(Roles.LEAGUE_MANAGER.toString())
.antMatchers("/pa165/api/manage/team/**").hasRole(Roles.TEAM_MANAGER.toString())
// .antMatchers("/pa165/api/manage/team/**").hasRole(Roles.TEAM_MANAGER.toString())
.antMatchers("/pa165/api/manage/team/**").permitAll()
.anyRequest().authenticated()
.and()
.addFilter(new JWTAuthenticationFilter(userAuthFacade))
......@@ -44,17 +44,17 @@ public class WebSecurity extends WebSecurityConfigurerAdapter {
http.csrf().disable();
}
@Bean
CorsConfigurationSource corsConfigurationSource() {
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration corsConfiguration = new CorsConfiguration();
corsConfiguration.setAllowedMethods(
List.of("GET", "POST", "PUT", "DELETE")
);
corsConfiguration.addAllowedOriginPattern("http://localhost:4200/");
source.registerCorsConfiguration("/**", corsConfiguration);
return source;
}
// @Bean
// CorsConfigurationSource corsConfigurationSource() {
// final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
//
// CorsConfiguration corsConfiguration = new CorsConfiguration();
// corsConfiguration.setAllowedMethods(
// List.of("GET", "POST", "PUT", "DELETE")
// );
// corsConfiguration.addAllowedOriginPattern("*");
// source.registerCorsConfiguration("/**", corsConfiguration);
//
// return source;
// }
}
......@@ -3,6 +3,7 @@ import {MatDialog, MatDialogConfig} from '@angular/material/dialog';
import {Player} from 'src/app/models/player';
import {Team} from 'src/app/models/team';
import {PlayerService} from 'src/app/services/player.service';
import { TeamService } from 'src/app/services/team.service';
import {HireNewPlayerDialogComponent} from '../hire-new-player-dialog/hire-new-player-dialog.component';
import {HireVeteranPlayerDialogComponent} from '../hire-veteran-player-dialog/hire-veteran-player-dialog.component';
......@@ -14,7 +15,7 @@ import {HireVeteranPlayerDialogComponent} from '../hire-veteran-player-dialog/hi
export class TeamManagementDashboardComponent implements OnInit {
// TODO remove default
@Input() team: Team = {id: 1, name: 'Toronto Maple Leafs'};
@Input() team!: Team;
players!: Player[];
......@@ -24,12 +25,22 @@ export class TeamManagementDashboardComponent implements OnInit {
constructor(
private playerService: PlayerService,
private dialog: MatDialog
private dialog: MatDialog,
private teamService: TeamService
) {
}
ngOnInit(): void {
this.getPlayers();
this.getTeam();
}
getTeam(): void {
this.teamService.getAssociatedTeam().subscribe(
team => {
this.team = team;
this.getPlayers();
}
);
}
getPlayers() {
......
import { HttpClient } from '@angular/common/http';
import {Injectable} from '@angular/core';
import {Observable, of} from 'rxjs';
import {UserAuthRequest} from '../models/user-auth-request';
......@@ -7,27 +8,27 @@ import {UserAuthRequest} from '../models/user-auth-request';
})
export class AuthServiceService {
readonly AUTH_URL: string = 'http://localhost:8080/pa165/auth/login';
readonly JWT: string = "JWT";
authenticated: boolean = false;
leagueManager: boolean = false;
teamManager: boolean = false;
constructor() {
constructor(private http: HttpClient) {
}
authenticate(userAuthRequest: UserAuthRequest) {
let username = userAuthRequest.username;
let password = userAuthRequest.password;
if (username === "testteam" && password === "pass") {
this.authenticated = true;
this.teamManager = true;
}
if (username === "testleague" && password === "pass") {
this.authenticated = true;
this.leagueManager = true;
}
this.http.post(
this.AUTH_URL,
userAuthRequest,
{responseType : 'text'}
)
.subscribe((response: string) => this.handleAuthResponse(response));
}
logOut(): Observable<boolean> {
localStorage.removeItem(this.JWT)
this.authenticated = false;
this.teamManager = false;
this.leagueManager = false;
......@@ -35,6 +36,7 @@ export class AuthServiceService {
}
isAuthenticated(): Observable<boolean> {
this.authenticated = localStorage.getItem(this.JWT) !== null;
return of(this.authenticated);
}
......@@ -45,4 +47,16 @@ export class AuthServiceService {
isTeamManager(): Observable<boolean> {
return of(this.teamManager);
}
handleAuthResponse(response: string) : void {
console.log("aaaaaaaaaaaaaaa");
let parts = response.split(" ");
let token = parts[1];
localStorage.setItem(this.JWT, token);
}
getBearerHeader(): string {
let token = localStorage.getItem(this.JWT);
return token !== null ? `Bearer ${token}` : "";
}
}
import {Injectable} from '@angular/core';
import {HttpClient} from '@angular/common/http';
import {HttpClient, HttpErrorResponse, HttpHeaders} from '@angular/common/http';
import {catchError, map} from 'rxjs/operators';
import {Observable, of} from 'rxjs';
import {EMPTY, Observable, of} from 'rxjs';
import {AccessEnum} from '../models/access-enum';
import {AssociatedTeam} from '../models/associated-team';
import {CreateTeam} from '../models/create-team';
import {Team} from '../models/team'
import { AuthServiceService } from './auth-service.service';
@Injectable({
providedIn: 'root'
......@@ -21,7 +23,12 @@ export class TeamService {
getAllUrl: string = 'http://localhost:8080/pa165/api/public/team/all';
createUrl: string = 'http://localhost:8080/pa165/api/manage/league/team/create';
constructor(private http: HttpClient) {
readonly GET_MANAGED_TEAM: string = 'http://localhost:8080/pa165/api/manage/team/team/get';
constructor(
private http: HttpClient,
private auth: AuthServiceService
) {
}
getTeams(): Observable<Team[]> {
......@@ -33,10 +40,23 @@ export class TeamService {
.subscribe();
}
getAssociatedTeam(): Observable<AssociatedTeam> {
return of({
stats: AccessEnum.OK,
team: this.teams[0]
});
getAssociatedTeam(): Observable<Team> {
const headerVal = this.auth.getBearerHeader();
return this.http.get<Team>(
this.GET_MANAGED_TEAM,
{
headers: {Authorization : headerVal}
}
);
// return of({
// stats: AccessEnum.OK,
// team: this.teams[0]
// });
}
}
function mergeMap(arg0: (team: any) => void): import("rxjs").OperatorFunction<Team, unknown> {
throw new Error('Function not implemented.');
}
// mergeMap(team => {stats: AccessEnum.OK; team: team});
\ No newline at end of file
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment