feat(core): add simple jwt authentication

Author: kucharzyk

proxy.json

@@ -1,8 +1,4 @@
 {
-  "/auth": {
-    "target": "http://localhost:8080",
-    "secure": "false"
-  },
   "/api": {
     "target": "http://localhost:8080",
     "secure": "false"

schema.sql

@@ -12,7 +12,7 @@
         drop constraint FKt0mnl3rej2p0h9gxnbalf2kdd;
 
     alter table roles_permissions 
-        drop constraint FKeqt383nibym26cjj8we4uar8h;
+        drop constraint FK570wuy6sacdnrw8wdqjfh7j0q;
 
     alter table roles_permissions 
         drop constraint FKqi9odri6c1o81vjox54eedwyh;
@@ -197,7 +197,7 @@
         first_name varchar(120) not null,
         last_name varchar(120) not null,
         locked boolean not null,
-        password varchar(64) not null,
+        password varchar(120) not null,
         username varchar(250) not null,
         primary key (id)
     );
@@ -217,7 +217,7 @@
         first_name varchar(120),
         last_name varchar(120),
         locked boolean,
-        password varchar(64),
+        password varchar(120),
         username varchar(250),
         primary key (id, rev)
     );
@@ -242,15 +242,9 @@
     alter table roles 
         add constraint UK_ofx66keruapi6vyqpv6f2or37 unique (name);
 
-    alter table roles_permissions 
-        add constraint UK_oll9subcln0cdjt31bp72a3uv unique (permissions_id);
-
     alter table users 
         add constraint UK_r43af9ap4edm43mmtq01oddj6 unique (username);
 
-    alter table users_roles 
-        add constraint UK_60loxav507l5mreo05v0im1lq unique (roles_id);
-
     alter table jwt_tokens 
         add constraint FKhy6n4wirmw0ryw2wdmy9cx2mn 
         foreign key (user_id) 
@@ -272,9 +266,9 @@
         references revinfo;
 
     alter table roles_permissions 
-        add constraint FKeqt383nibym26cjj8we4uar8h 
+        add constraint FK570wuy6sacdnrw8wdqjfh7j0q 
         foreign key (permissions_id) 
-        references roles;
+        references permissions;
 
     alter table roles_permissions 
         add constraint FKqi9odri6c1o81vjox54eedwyh 

src/main/kotlin/com/shardis/domain/Role.kt

@@ -11,7 +11,7 @@ import javax.persistence.*
 @SequenceGenerator(allocationSize = 1, name = "sequenceIdGenerator", sequenceName = "sequence_roles")
 class Role(
     @Column(nullable = false, length = 64, unique = true) val name: String,
-    @OneToMany(fetch = FetchType.LAZY) val permissions: MutableSet<Role> = mutableSetOf()
+    @ManyToMany(fetch = FetchType.LAZY) val permissions: MutableSet<Permission> = mutableSetOf()
 ) : AuditedEntity(), Serializable, GrantedAuthority {
     override fun getAuthority() = name
 }

src/main/kotlin/com/shardis/domain/User.kt

@@ -9,12 +9,12 @@ import javax.persistence.*
 @SequenceGenerator(allocationSize = 1, name = "sequenceIdGenerator", sequenceName = "sequence_users")
 class User(
     @Column(nullable = false, length = 250, unique = true) var username: String,
-    @Column(nullable = false, length = 64) var password: String,
+    @Column(nullable = false, length = 120) var password: String,
     @Column(nullable = false, length = 120) var firstName: String,
     @Column(nullable = false, length = 120) var lastName: String,
     @Column(nullable = false, length = 250) var email: String,
     @Column(nullable = false) var enabled: Boolean,
     @Column(nullable = false) var expired: Boolean,
     @Column(nullable = false) var locked: Boolean,
-    @OneToMany(fetch = FetchType.LAZY) var roles: MutableSet<Role> = mutableSetOf()
+    @ManyToMany(fetch = FetchType.LAZY) var roles: MutableSet<Role> = mutableSetOf()
 ) : AuditedEntity()

src/main/kotlin/com/shardis/init/DbInitializer.kt

@@ -0,0 +1,92 @@
+package com.shardis.init
+
+import com.shardis.domain.Permission
+import com.shardis.domain.Role
+import com.shardis.domain.User
+import com.shardis.repositories.PermissionRepository
+import com.shardis.repositories.RoleRepository
+import com.shardis.repositories.UserRepository
+import org.slf4j.LoggerFactory
+import org.springframework.security.crypto.password.PasswordEncoder
+import org.springframework.stereotype.Component
+import javax.annotation.PostConstruct
+import javax.transaction.Transactional
+
+
+@Transactional
+@Component
+class DbInitializer(
+    val permissionRepository: PermissionRepository,
+    val roleRepository: RoleRepository,
+    val userRepository: UserRepository,
+    val passwordEncoder: PasswordEncoder
+) {
+
+    @PostConstruct
+    open fun dbInit() {
+
+        if (userRepository.findAll().none()) {
+
+            log.info("Db initialization")
+
+            val p1 = Permission("PERM_ONE")
+            val p2 = Permission("PERM_TWO")
+            val p3 = Permission("PERM_THREE")
+
+            log.info("saving permissions")
+
+            with(permissionRepository) {
+                save(p1)
+                save(p2)
+                save(p3)
+            }
+
+
+            val roleAdmin = Role("ROLE_ADMIN", mutableSetOf(p1, p2, p3))
+            val roleUser = Role("ROLE_USER", mutableSetOf(p1))
+
+            log.info("saving roles")
+
+            with(roleRepository) {
+                save(roleAdmin)
+                save(roleUser)
+            }
+
+            val admin = User(
+                username = "admin",
+                password = passwordEncoder.encode("xxxxxx"),
+                firstName = "Admin",
+                lastName = "Admin",
+                email = "admin@admin.com",
+                enabled = true,
+                expired = false,
+                locked = false,
+                roles = mutableSetOf(roleAdmin)
+            )
+
+            val user = User(
+                username = "user",
+                password = passwordEncoder.encode("xxxxxx"),
+                firstName = "User",
+                lastName = "User",
+                email = "user@user.com",
+                enabled = true,
+                expired = false,
+                locked = false,
+                roles = mutableSetOf(roleUser)
+            )
+
+            log.info("saving users")
+
+            with(userRepository) {
+                save(admin)
+                save(user)
+            }
+
+        }
+    }
+
+    companion object {
+        val log = LoggerFactory.getLogger(DbInitializer::class.java)
+    }
+}

src/main/kotlin/com/shardis/repositories/PermissionRepository.kt

@@ -0,0 +1,9 @@
+package com.shardis.repositories
+
+import com.shardis.domain.Permission
+import org.springframework.data.repository.CrudRepository
+import org.springframework.stereotype.Repository
+
+
+@Repository
+interface PermissionRepository : CrudRepository<Permission, Long>

src/main/kotlin/com/shardis/repositories/RoleRepository.kt

@@ -0,0 +1,9 @@
+package com.shardis.repositories
+
+import com.shardis.domain.Role
+import org.springframework.data.repository.CrudRepository
+import org.springframework.stereotype.Repository
+
+
+@Repository
+interface RoleRepository : CrudRepository<Role, Long>

src/main/kotlin/com/shardis/security/SecurityConfig.kt

@@ -2,7 +2,6 @@ package com.shardis.security
 
 import com.shardis.ShardisProperties
 import com.shardis.security.jwt.*
-import org.springframework.beans.factory.BeanInitializationException
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
@@ -43,13 +42,9 @@ open class SecurityConfig(
 
     @Autowired
     open fun configureGlobal(auth: AuthenticationManagerBuilder) {
-        try {
-            auth
-                .userDetailsService(shardisUserDetailsService)
-                .passwordEncoder(passwordEncoder())
-        } catch (e: Exception) {
-            throw BeanInitializationException("Security configuration failed", e)
-        }
+        auth
+            .userDetailsService(shardisUserDetailsService)
+            .passwordEncoder(passwordEncoder())
     }
 
     override fun configure(httpSecurity: HttpSecurity) {

src/main/kotlin/com/shardis/security/ShardisUserDetailsService.kt

@@ -7,6 +7,7 @@ import com.shardis.security.support.ShardisUserDetails
 import org.springframework.security.core.GrantedAuthority
 import org.springframework.security.core.userdetails.UserDetails
 import org.springframework.security.core.userdetails.UserDetailsService
+import org.springframework.security.core.userdetails.UsernameNotFoundException
 import org.springframework.stereotype.Service
 import org.springframework.transaction.annotation.Transactional
 
@@ -17,16 +18,14 @@ open class ShardisUserDetailsService(val userRepository: UserRepository) : UserD
 
     override fun loadUserByUsername(username: String): UserDetails? {
 
-        val user: User? = userRepository.findByUsername(username)
+        val user: User = userRepository.findByUsername(username) ?: throw UsernameNotFoundException("User $username not found")
+
+        val authorities = mutableSetOf<GrantedAuthority>()
+        authorities.addAll(user.roles)
+        authorities.addAll(user.roles.flatMap(Role::permissions))
+        return ShardisUserDetails(user.id!!, user.username, user.password, authorities)
 
-        user?.let {
-            val authorities = mutableSetOf<GrantedAuthority>()
-            authorities.addAll(user.roles)
-            authorities.addAll(user.roles.flatMap(Role::permissions))
-            return ShardisUserDetails(user.id!!, user.username, user.password, authorities)
-        }
 
-        return null
     }
 
 }

src/main/kotlin/com/shardis/security/support/SecurityUtils.kt

@@ -5,11 +5,11 @@ import org.springframework.security.core.context.SecurityContextHolder
 object SecurityUtils {
 
     fun getLoggedUser(): ShardisUserDetails? {
-        val principal: Any = SecurityContextHolder.getContext().authentication.principal
-        if (principal is ShardisUserDetails) {
-            return principal
-        } else {
-            return null
+        val principal: Any? = SecurityContextHolder.getContext()?.authentication?.principal
+
+        return when (principal) {
+            is ShardisUserDetails -> principal
+            else -> null
         }
     }