Scribd
Upload
9 views

Basic-Security

The document outlines a basic security configuration for user registration and login in a Spring application. It includes a SecurityConfiguration class for setting up user authentication, an AuthController for handling registration and login requests, and a Member entity representing user details. The configuration uses BCrypt for password encoding and sets up stateless session management with HTTP basic authentication.

Uploaded by

kushaagr.sh
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
9 views

Basic-Security

The document outlines a basic security configuration for user registration and login in a Spring application. It includes a SecurityConfiguration class for setting up user authentication, an AuthController for handling registration and login requests, and a Member entity representing user details. The configuration uses BCrypt for password encoding and sets up stateless session management with HTTP basic authentication.

Uploaded by

kushaagr.sh
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Basic-Security

register and login using Request Body

@Configuration
@EnableWebSecurity(debug=true)
public class SecurityConfiguration {
private final MemberRepository memberRepository;

public SecurityConfiguration(MemberRepository memberRepository) {


this.memberRepository = memberRepository;
}

@Bean
public UserDetailsService userDetailsService() {
return new UserDetailsService() {
@Override
public UserDetails loadUserByUsername(String username) throws
UsernameNotFoundException {
return memberRepository.findByUsername(username).orElseThrow();
}
};
}

@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder(12);
}

@Bean
public AuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
authProvider.setUserDetailsService(userDetailsService());
authProvider.setPasswordEncoder(passwordEncoder());
return authProvider;
}

@Bean
public AuthenticationManager authenticationManager(
AuthenticationConfiguration authConfig) throws Exception {
return authConfig.getAuthenticationManager();
}

@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws
Exception {
http
.csrf((csrfConfig) -> {csrfConfig.disable();})
.cors((corsConfig) -> {corsConfig.disable();})
.sessionManagement((config) ->

config.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.authorizeHttpRequests(
auth -> auth.anyRequest().permitAll())
.authenticationProvider(authenticationProvider())
.httpBasic(Customizer.withDefaults());
return http.build();
}

controller

@RestController
@RequestMapping("api/v1/auth/")
public class AuthController {
private final MemberRepository memberRepository;
private final PasswordEncoder passwordEncoder;
private final AuthenticationManager authenticationManager;

public AuthController(
MemberRepository memberRepository,
PasswordEncoder passwordEncoder,
AuthenticationManager authenticationManager) {
this.memberRepository = memberRepository;
this.passwordEncoder = passwordEncoder;
this.authenticationManager = authenticationManager;
}

@PostMapping("register")
public ResponseEntity<?> register(@RequestBody Member user) {
if(memberRepository.findByUsername(user.getUsername()).isEmpty()) {
Member member = new Member();
member.setUsername(user.getUsername());
member.setPassword(passwordEncoder.encode(user.getPassword()));
member.setFirstName(user.getFirstName());
member.setLastName(user.getLastName());
return ResponseEntity.ok(memberRepository.save(member));
} return ResponseEntity.status(HttpStatus.CONFLICT).build();
}

@GetMapping("login")
public ResponseEntity<?> login(@RequestBody Member user) {
boolean isLogin = authenticationManager
.authenticate(
new UsernamePasswordAuthenticationToken(
user.getUsername(),
user.getPassword()))
.isAuthenticated();
return isLogin
? ResponseEntity.ok().build()
: ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
}

Entity

@Entity
public class Member implements UserDetails {
@Id
@GeneratedValue(strategy = GenerationType.UUID)
private String id;
@Column(unique=true)
private String username;
private String password;
private String firstName;
private String lastName;

@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return List.of();
}
@Override
public String getPassword() {
return this.password;
}
@Override
public String getUsername() {
return this.username;
}
@Override
public boolean isAccountNonExpired() {
return UserDetails.super.isAccountNonExpired();
}
@Override
public boolean isAccountNonLocked() {
return UserDetails.super.isAccountNonLocked();
}
@Override
public boolean isCredentialsNonExpired() {
return UserDetails.super.isCredentialsNonExpired();
}
@Override
public boolean isEnabled() {
return UserDetails.super.isEnabled();
}
public String getId() {
return id;
}
public String getLastName() {
return lastName;
}
public String getFirstName() {
return firstName;
}
public void setUsername(String username) {
this.username = username;
}
public void setPassword(String password) {
this.password = password;
}
public void setFirstName(String firstName) {
this.firstName = firstName;
}
public void setLastName(String lastName) {
this.lastName = lastName;
}
}

You might also like