Pull Request

pom.xml

@@ -21,6 +21,12 @@
 	</properties>
 
 	<dependencies>
+
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-security</artifactId>
+		</dependency>
+
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-web</artifactId>

src/main/java/com/devsuperior/bds04/components/JwtTokenEnhancer.java

@@ -0,0 +1,38 @@
+package com.devsuperior.bds04.components;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
+import org.springframework.security.oauth2.common.OAuth2AccessToken;
+import org.springframework.security.oauth2.provider.OAuth2Authentication;
+import org.springframework.security.oauth2.provider.token.TokenEnhancer;
+import org.springframework.stereotype.Component;
+
+import com.devsuperior.bds04.entities.User;
+import com.devsuperior.bds04.repositories.UserRepository;
+
+@Component
+public class JwtTokenEnhancer implements TokenEnhancer {
+
+	@Autowired
+	private UserRepository userRepository;
+
+	@Override
+	public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
+
+		User user = userRepository.findByEmail(authentication.getName());
+
+		Map<String, Object> map = new HashMap<>();
+		map.put("userFirstName", user.getFirstName());
+		map.put("userId", user.getId());
+
+		DefaultOAuth2AccessToken token = (DefaultOAuth2AccessToken) accessToken;
+		token.setAdditionalInformation(map);
+
+		return accessToken;
+
+	}
+
+}

src/main/java/com/devsuperior/bds04/config/AppConfig.java

@@ -0,0 +1,32 @@
+package com.devsuperior.bds04.config;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
+import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
+
+@Configuration
+public class AppConfig {
+
+		@Value("${jwt.secret}")
+		private String jwtSecret;
+
+		@Bean
+		public BCryptPasswordEncoder passwordEncoder() {
+			return new BCryptPasswordEncoder();
+		}
+
+		@Bean
+		public JwtAccessTokenConverter accessTokenConverter() {
+			JwtAccessTokenConverter tokenConverter = new JwtAccessTokenConverter();
+			tokenConverter.setSigningKey("jwtSecret");
+			return tokenConverter;
+		}
+
+		@Bean
+		public JwtTokenStore tokenStore() {
+			return new JwtTokenStore(accessTokenConverter());
+		}
+}

src/main/java/com/devsuperior/bds04/config/AuthorizationServerConfig.java

@@ -0,0 +1,75 @@
+package com.devsuperior.bds04.config;
+
+import java.util.Arrays;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
+import org.springframework.security.oauth2.provider.token.TokenEnhancerChain;
+import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
+import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
+
+import com.devsuperior.bds04.components.JwtTokenEnhancer;
+
+@Configuration
+@EnableAuthorizationServer
+public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
+
+	@Value("${security.oauth2.client.client-id}")
+	private String clientId;
+
+	@Value("${security.oauth2.client.client-secret}")
+	private String clientSecret;
+
+	@Value("${jwt.duration}")
+	private Integer jwtDuration;
+
+	@Autowired
+	private BCryptPasswordEncoder passwordEncoder;
+
+	@Autowired
+	private JwtAccessTokenConverter accessTokenConverter;
+
+	@Autowired
+	private JwtTokenStore tokenStore;
+
+	@Autowired 
+	private AuthenticationManager authenticatorManager;
+
+	@Autowired
+	private JwtTokenEnhancer tokenEnhancer;
+
+	@Override
+	public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
+		security.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()");
+	}
+
+	@Override
+	public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
+		clients.inMemory()
+		.withClient(clientId)
+		.secret(passwordEncoder.encode(clientSecret))
+		.scopes("read", "write")
+		.authorizedGrantTypes("password")
+		.accessTokenValiditySeconds(jwtDuration);
+	}
+
+	@Override
+	public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
+
+		TokenEnhancerChain chain = new TokenEnhancerChain();
+		chain.setTokenEnhancers(Arrays.asList(accessTokenConverter, tokenEnhancer));
+
+		endpoints.authenticationManager(authenticatorManager)
+		.tokenStore(tokenStore)
+		.accessTokenConverter(accessTokenConverter)
+		.tokenEnhancer(chain);
+	}
+}

src/main/java/com/devsuperior/bds04/config/ResourceServerConfig.java

@@ -0,0 +1,49 @@
+package com.devsuperior.bds04.config;
+
+import java.util.Arrays;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.env.Environment;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
+import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
+import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
+
+@Configuration
+@EnableResourceServer
+public class ResourceServerConfig  extends ResourceServerConfigurerAdapter{
+
+	@Autowired
+	private Environment env;
+
+	@Autowired
+	private JwtTokenStore tokenStore;
+
+	private static final String[] PUBLIC = { "/oauth/token", "/h2-console/**" };
+	private static final String[] PUBLIC_GET = { "/cities/**", "/events/**" };
+	private static final String[] CLIENT_POST = { "/events/**" };
+
+	@Override
+	public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
+		resources.tokenStore(tokenStore);
+	}
+
+	@Override
+	public void configure(HttpSecurity http) throws Exception {
+		if(Arrays.asList(env.getActiveProfiles()).contains("test")) {
+			http.headers().frameOptions().disable();
+		}
+
+		http.authorizeRequests()
+			.antMatchers(PUBLIC).permitAll()
+			.antMatchers(HttpMethod.GET, PUBLIC_GET).permitAll()
+			.antMatchers(HttpMethod.POST, CLIENT_POST).hasAnyRole("CLIENT")
+			.anyRequest().hasAnyRole("ADMIN");
+	}
+
+
+
+}

src/main/java/com/devsuperior/bds04/config/WebSecurityConfig.java

@@ -0,0 +1,39 @@
+package com.devsuperior.bds04.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+
+@Configuration
+@EnableWebSecurity
+public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+
+	@Autowired
+	private BCryptPasswordEncoder passwordEncoder;
+
+	@Autowired
+	private UserDetailsService userDetailsService;
+
+	@Override
+	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+		auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder);
+	}
+
+	@Override
+	public void configure(WebSecurity web) throws Exception {
+		web.ignoring().antMatchers("/actuator");
+	}
+
+	@Override
+	@Bean
+	protected AuthenticationManager authenticationManager() throws Exception {
+		return super.authenticationManager();
+	}
+}

src/main/java/com/devsuperior/bds04/controllers/CityController.java

@@ -0,0 +1,62 @@
+package com.devsuperior.bds04.controllers;
+
+import java.net.URI;
+
+import javax.validation.Valid;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.domain.Page;
+import org.springframework.data.domain.Pageable;
+import org.springframework.data.web.PageableDefault;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.servlet.support.ServletUriComponentsBuilder;
+
+import com.devsuperior.bds04.dto.CityDTO;
+import com.devsuperior.bds04.services.CityService;
+
+@RestController
+@RequestMapping(value = "/cities")
+public class CityController {
+
+	@Autowired
+	private CityService service;
+
+	@GetMapping
+	public ResponseEntity<Page<CityDTO>> findAll(@PageableDefault(sort= {"name"}) Pageable pageable) {
+		Page<CityDTO> list = service.findAllPaged(pageable);
+		return ResponseEntity.ok().body(list);
+	}
+
+	@GetMapping(value = "/{id}")
+	public ResponseEntity<CityDTO> findById(@PathVariable Long id) {
+		CityDTO dto = service.findById(id);
+		return ResponseEntity.ok().body(dto);
+	}
+
+	@PostMapping
+	public ResponseEntity<CityDTO> insert(@Valid @RequestBody CityDTO dto) {
+		CityDTO newDto = service.insert(dto);
+		URI uri = ServletUriComponentsBuilder.fromCurrentRequest().path("/{id}").buildAndExpand(newDto.getId()).toUri();
+		return ResponseEntity.created(uri).body(newDto);
+	}
+
+	@PutMapping(value = "/{id}")
+	public ResponseEntity<CityDTO> update(@PathVariable Long id,@Valid @RequestBody CityDTO dto) {
+		CityDTO newDto = service.update(id, dto);
+		return ResponseEntity.ok().body(newDto);
+	}
+
+	@DeleteMapping(value = "/{id}")
+	public ResponseEntity<Void> delete(@PathVariable Long id) {
+		service.delete(id);
+		return ResponseEntity.noContent().build();
+	}
+}

src/main/java/com/devsuperior/bds04/controllers/EventController.java

@@ -0,0 +1,62 @@
+package com.devsuperior.bds04.controllers;
+
+import java.net.URI;
+
+import javax.validation.Valid;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.domain.Page;
+import org.springframework.data.domain.Pageable;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.servlet.support.ServletUriComponentsBuilder;
+
+import com.devsuperior.bds04.dto.EventDTO;
+import com.devsuperior.bds04.services.EventService;
+
+@RestController
+@RequestMapping(value = "/events")
+public class EventController {
+
+	@Autowired
+	private EventService service;
+
+	@GetMapping
+	public ResponseEntity<Page<EventDTO>> findAll(Pageable pageable) {
+		Page<EventDTO> list = service.findAllPaged(pageable);
+		return ResponseEntity.ok().body(list);
+	}
+
+	@GetMapping(value = "/{id}")
+	public ResponseEntity<EventDTO> findById(@PathVariable Long id) {
+		EventDTO dto = service.findById(id);
+		return ResponseEntity.ok().body(dto);
+	}
+
+	@PostMapping
+	public ResponseEntity<EventDTO> insert(@Valid @RequestBody EventDTO dto) {
+		EventDTO newDto = service.insert(dto);
+		URI uri = ServletUriComponentsBuilder.fromCurrentRequest().path("/{id}").buildAndExpand(newDto.getId()).toUri();
+		return ResponseEntity.created(uri).body(newDto);
+	}
+
+	@PutMapping(value = "/{id}")
+	public ResponseEntity<EventDTO> update(@PathVariable Long id,@Valid @RequestBody EventDTO dto) {
+		EventDTO newDto = service.update(id, dto);
+		return ResponseEntity.ok().body(newDto);
+	}
+
+	@DeleteMapping(value = "/{id}")
+	public ResponseEntity<Void> delete(@PathVariable Long id) {
+		service.delete(id);
+		return ResponseEntity.noContent().build();
+	}
+
+}