Commit e8241b59 authored by Daniel Puchala's avatar Daniel Puchala
Browse files

Merge remote-tracking branch 'origin/devel' into devel

parents 3e8708c9 cbe6d38a
......@@ -28,7 +28,11 @@
<mockito.version>4.4.0</mockito.version>
<lombok.version>1.18.24</lombok.version>
<jwt.version>0.9.1</jwt.version>
<guava.version>29.0-jre</guava.version>
<testng.version>7.5</testng.version>
<swagger.version>3.0.0</swagger.version>
<bouncy.castle.version>1.71</bouncy.castle.version>
<javax.activation.version>1.2.0</javax.activation.version>
<javax.validation.version>2.0.1.Final</javax.validation.version>
</properties>
<modules>
......@@ -69,13 +73,6 @@
<artifactId>spring-web</artifactId>
</dependency>
<!-- Google Common Library -->
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>${guava.version}</version>
</dependency>
<!-- Lombok -->
<dependency>
<!-- https://mvnrepository.com/artifact/org.projectlombok/lombok -->
......@@ -84,25 +81,11 @@
<scope>provided</scope>
</dependency>
<!-- SLF4J Logging -->
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jul-to-slf4j</artifactId>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>log4j-over-slf4j</artifactId>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
</dependency>
<!-- Testng -->
<dependency>
<groupId>org.testng</groupId>
<artifactId>testng</artifactId>
<version>7.5</version>
<version>${testng.version}</version>
<scope>test</scope>
</dependency>
......@@ -124,14 +107,14 @@
<dependency>
<groupId>javax.validation</groupId>
<artifactId>validation-api</artifactId>
<version>2.0.1.Final</version>
<version>${javax.validation.version}</version>
</dependency>
<!-- AssertJ -->
<dependency>
<groupId>org.assertj</groupId>
<artifactId>assertj-core</artifactId>
<version>3.22.0</version>
<version>${assertj.version}</version>
<scope>test</scope>
</dependency>
......@@ -168,12 +151,10 @@
<dependency>
<groupId>com.fasterxml.jackson.datatype</groupId>
<artifactId>jackson-datatype-jsr310</artifactId>
<version>2.11.4</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.datatype</groupId>
<artifactId>jackson-datatype-hibernate5</artifactId>
<version>2.12.5</version>
</dependency>
<!-- TOMCAT -->
......@@ -188,12 +169,12 @@
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger2</artifactId>
<version>2.9.2</version>
<version>${swagger.version}</version>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger-ui</artifactId>
<version>2.9.2</version>
<version>${swagger.version}</version>
</dependency>
<!-- Apache -->
......@@ -205,12 +186,12 @@
<dependency>
<groupId>com.sun.activation</groupId>
<artifactId>javax.activation</artifactId>
<version>1.2.0</version>
<version>${javax.activation.version}</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15to18</artifactId>
<version>1.68</version>
<version>${bouncy.castle.version}</version>
</dependency>
</dependencies>
......
......@@ -25,23 +25,7 @@
<version>${project.version}</version>
<scope>compile</scope>
</dependency>
<dependency> <!-- An implementation of the JSP Standard Tag Library (JSTL) Specification API.-->
<groupId>org.apache.taglibs</groupId>
<artifactId>taglibs-standard-spec</artifactId>
<version>1.2.5</version>
</dependency>
<dependency> <!-- An implementation of the JSP Standard Tag Library (JSTL).-->
<groupId>org.apache.taglibs</groupId>
<artifactId>taglibs-standard-impl</artifactId>
<version>1.2.5</version>
</dependency>
<!-- must provide logging implementation, this is a runnable project -->
<!-- see viz http://docs.spring.io/platform/docs/current/reference/htmlsingle/#getting-started-logging -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-logging</artifactId>
</dependency>
<dependency>
<groupId>cz.fi.muni.pa165.theta</groupId>
<artifactId>core</artifactId>
......
......@@ -18,9 +18,9 @@ import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Map;
import static com.google.common.net.HttpHeaders.AUTHORIZATION;
import static java.util.Optional.ofNullable;
import static org.apache.commons.lang3.StringUtils.removeStart;
import static org.springframework.http.HttpHeaders.AUTHORIZATION;
/**
* Inspired by https://octoperf.com/blog/2018/03/08/securing-rest-api-spring-security/
......
......@@ -12,9 +12,9 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import static com.google.common.net.HttpHeaders.AUTHORIZATION;
import static java.util.Optional.ofNullable;
import static org.apache.commons.lang3.StringUtils.removeStart;
import static org.springframework.http.HttpHeaders.AUTHORIZATION;
/**
* Inspired by https://octoperf.com/blog/2018/03/08/securing-rest-api-spring-security/
......
......@@ -23,27 +23,16 @@
<version>${mockito.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>javax.inject</groupId>
<artifactId>javax.inject</artifactId>
<version>1</version>
<scope>compile</scope>
</dependency>
<!-- https://mvnrepository.com/artifact/org.apache.commons/commons-math3 -->
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-math3</artifactId>
<version>3.6.1</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>${apache.commons.version}</version>
</dependency>
<dependency>
<groupId>joda-time</groupId>
<artifactId>joda-time</artifactId>
<version>2.10</version>
<version>${joda.version}</version>
</dependency>
</dependencies>
......@@ -51,6 +40,8 @@
<properties>
<maven.compiler.source>17</maven.compiler.source>
<maven.compiler.target>17</maven.compiler.target>
<joda.version>2.10.14</joda.version>
<apache.commons.version>3.6.1</apache.commons.version>
</properties>
<build>
......
package cz.fi.muni.pa165.movierecommender.service.service;
import com.google.common.collect.ImmutableMap;
import cz.fi.muni.pa165.movierecommender.api.dto.account.UserDto;
import cz.fi.muni.pa165.movierecommender.persistence.dao.EntityDao;
import cz.fi.muni.pa165.movierecommender.persistence.dao.UserDao;
import cz.fi.muni.pa165.movierecommender.persistence.entity.User;
import cz.fi.muni.pa165.movierecommender.persistence.enums.UserType;
import cz.fi.muni.pa165.movierecommender.service.service.exception.BadArgumentException;
import cz.fi.muni.pa165.movierecommender.service.service.exception.LoginFailedException;
import cz.fi.muni.pa165.movierecommender.service.service.security.TokenService;
......@@ -17,6 +15,8 @@ import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
import javax.persistence.EntityExistsException;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
/**
......@@ -93,7 +93,14 @@ public class UserServiceImpl extends GenericServiceImpl<User> implements UserSer
return userDao
.findByName(username)
.filter(user -> encoder.matches(password, user.getPassword()))
.map(user -> tokens.expiring(ImmutableMap.of("name", username, "role", user.getUserType().toString(), "sub", user.getId().toString())))
.map(user -> {
final Map<String, String> map = new HashMap<>();
map.put("name", username);
map.put("role", user.getUserType().toString());
map.put("sub", user.getId().toString());
return tokens.expiring(map);
})
.orElseThrow(() -> new LoginFailedException("Invalid user credentials"));
}
......
package cz.fi.muni.pa165.movierecommender.service.service.security;
import com.google.common.base.Supplier;
import com.google.common.collect.ImmutableMap;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Clock;
import io.jsonwebtoken.JwtException;
......@@ -12,8 +10,11 @@ import org.joda.time.DateTime;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.function.Supplier;
import static io.jsonwebtoken.SignatureAlgorithm.HS256;
import static io.jsonwebtoken.impl.TextCodec.BASE64;
......@@ -49,13 +50,13 @@ public class JWTTokenService implements Clock, TokenService {
private static Map<String, String> parseClaims(final Supplier<Claims> toClaims) {
try {
final Claims claims = toClaims.get();
final ImmutableMap.Builder<String, String> builder = ImmutableMap.builder();
final Map<String, String> map = new HashMap<>();
for (final Map.Entry<String, Object> e : claims.entrySet()) {
builder.put(e.getKey(), String.valueOf(e.getValue()));
map.put(e.getKey(), String.valueOf(e.getValue()));
}
return builder.build();
return map;
} catch (final IllegalArgumentException | JwtException e) {
return ImmutableMap.of();
return Collections.emptyMap();
}
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment