#6 #8

fix table name for User. Request matcher works now able to register users and authenticate, return jwt, access secured endpoints with jwt

#6 #8
fix table name for User. Request matcher works now able to register users and authenticate, return jwt, access secured endpoints with jwt
c724dd8a · Lukas Karsch · 3fc92758 · c724dd8a · c724dd8a · c724dd8a
Commit c724dd8a authored 1 year ago by Lukas Karsch
--- a/.gitignore
+++ b/.gitignore
@@ -32,3 +32,5 @@ build/
 ### VS Code ###
 .vscode/

+requests.http
+
--- a/requests.http
+++ b/requests.http
 ### Get all plants
-GET http://localhost:8080/api/v1/plants
\ No newline at end of file
+GET http://localhost:8080/api/v1/plants
+Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJsdWthcy5rYXJzY2hAZ214LmRlIiwiaWF0IjoxNjk5ODczMDA4LCJleHAiOjE2OTk5NTk0MDh9.iU9gkWinFla3__ksuwLmKosevRXrrYlDdSQCPhNHxbM
+
+### Create account
+POST http://localhost:8080/api/v1/auth
+content-type: application/json
+
+{
+  "email": "lukas.karsch@gmx.de",
+  "firstname": "Lukas",
+  "lastname": "Karsch",
+  "password": "12345678"
+}
+
+### Authenticate
+POST http://localhost:8080/api/v1/auth/authenticate
+content-type: application/json
+
+{
+  "email": "lukas.karsch@gmx.de",
+  "password": "12345678"
+}
--- a/src/main/java/hdm/mi/growbros/controllers/AuthenticationController.java
+++ b/src/main/java/hdm/mi/growbros/controllers/AuthenticationController.java
@@ -6,7 +6,10 @@ import hdm.mi.growbros.auth.AuthenticationService;
 import hdm.mi.growbros.auth.RegisterRequest;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.*;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;

 @RestController
 @RequestMapping("/api/v1/auth")

--- a/src/main/java/hdm/mi/growbros/models/user/User.java
+++ b/src/main/java/hdm/mi/growbros/models/user/User.java
 package hdm.mi.growbros.models.user;

 import jakarta.persistence.*;
+import jakarta.validation.constraints.Email;
+import jakarta.validation.constraints.Min;
 import lombok.AllArgsConstructor;
 import lombok.Builder;
 import lombok.Data;
@@ -17,7 +19,7 @@ import java.util.List;
 @NoArgsConstructor
 @AllArgsConstructor
 @Entity
-@Table(name = "user")
+@Table(name = "_user")
 public class User implements UserDetails {
    @Id
    @GeneratedValue
@@ -27,8 +29,10 @@ public class User implements UserDetails {
    private String lastname;

    @Column(unique = true)
+    @Email
    private String email;

+    @Min(8)
    private String password;

    @Enumerated(EnumType.STRING)

--- a/src/main/java/hdm/mi/growbros/security/SecurityConfiguration.java
+++ b/src/main/java/hdm/mi/growbros/security/SecurityConfiguration.java
@@ -6,9 +6,12 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
+import org.springframework.web.servlet.handler.HandlerMappingIntrospector;

 @Configuration
 @EnableWebSecurity
@@ -18,13 +21,15 @@ public class SecurityConfiguration {
    private final AuthenticationProvider authenticationProvider;

    @Bean
-    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception{
-
+    public SecurityFilterChain securityFilterChain(HttpSecurity http, MvcRequestMatcher.Builder mvc) throws Exception {
        http
-                .csrf((csrf) -> csrf.disable())
+                .csrf(AbstractHttpConfigurer::disable)
                .authorizeHttpRequests((authorizeHttpRequests) -> //white List
                        authorizeHttpRequests
-                                .requestMatchers("/api/v1/auth/**")
+                                .requestMatchers(
+                                        mvc.pattern("/api/v1/auth/**")
+                                        //,mvc.pattern("/h2-console/**")
+                                )
                                .permitAll()
                                .anyRequest()
                                .authenticated()
@@ -40,4 +45,10 @@ public class SecurityConfiguration {

        return http.build();
    }
+
+    @Bean
+    MvcRequestMatcher.Builder mvc(HandlerMappingIntrospector introspector) {
+        //see https://stackoverflow.com/questions/76809698/spring-security-method-cannot-decide-pattern-is-mvc-or-not-spring-boot-applicati
+        return new MvcRequestMatcher.Builder(introspector);
+    }
 }