Added User creation endpoint and authentication via spring security oauth2 jwt

Author: repl

build.gradle

@@ -18,7 +18,7 @@ buildscript {
 //}
 
 ext {
-    spring_boot_version = '2.1.3.RELEASE'
+    spring_boot_version = '2.1.4.RELEASE'
     scala_version = '2.12.8'
 }
 
@@ -54,6 +54,9 @@ dependencies {
 	implementation "org.springframework.boot:spring-boot-starter-jetty"
 	implementation 'org.springframework.boot:spring-boot-starter-actuator'
 	implementation 'org.springframework.boot:spring-boot-starter-data-mongodb'
+    implementation 'org.springframework.boot:spring-boot-starter-security'
+    implementation 'org.springframework.security.oauth:spring-security-oauth2:2.3.5.RELEASE'
+    implementation 'org.springframework.security:spring-security-jwt:1.0.9.RELEASE'
 
     // Jackson Dependencies
     implementation "com.fasterxml.jackson.core:jackson-core:2.9.8"
@@ -65,6 +68,8 @@ dependencies {
     implementation group: 'com.fasterxml.jackson.module', name: 'jackson-module-scala_2.11', version: '2.9.8'
 
     implementation group: 'org.apache.commons', name: 'commons-lang3', version: '3.3.2'
+    implementation group: 'javax.xml.bind', name: 'jaxb-api', version: '2.3.1'
+    implementation group: 'org.glassfish.jaxb', name: 'jaxb-runtime', version: '2.3.1'
 
 	testImplementation 'org.springframework.boot:spring-boot-starter-test'
 }

build.sbt

@@ -4,7 +4,7 @@ version := "0.0.1-SNAPSHOT"
 import Dependencies._
 import sbt.Keys.libraryDependencies
 
-lazy val springVersion = "2.1.3.RELEASE"
+lazy val springVersion = "2.1.4.RELEASE"
 
 lazy val root = (project in file(".")).
   settings(
@@ -17,6 +17,9 @@ lazy val root = (project in file(".")).
     libraryDependencies += scalaTest % Test,
     libraryDependencies += "org.springframework.boot" % "spring-boot-starter-web" % springVersion,
     libraryDependencies += "org.springframework.boot" % "spring-boot-starter-actuator" % springVersion,
+    libraryDependencies += "org.springframework.boot" % "spring-boot-starter-security" % springVersion,
+    libraryDependencies += "org.springframework.security.oauth" % "spring-security-oauth2" % "2.3.5.RELEASE",
+    libraryDependencies += "org.springframework.security" % "spring-security-jwt" % "1.0.9.RELEASE",
 
     libraryDependencies += "org.springframework.boot" % "spring-boot-starter-data-mongodb" % springVersion,
     libraryDependencies += "com.h2database" % "h2" % "1.4.195",
@@ -28,7 +31,9 @@ lazy val root = (project in file(".")).
     libraryDependencies += "com.fasterxml.jackson.datatype" % "jackson-datatype-jsr310" % "2.9.8",
     libraryDependencies += "com.fasterxml.jackson.module" % "jackson-module-scala_2.12" % "2.9.8",
     libraryDependencies += "org.apache.commons" % "commons-lang3" % "3.3.2",
-    
+    libraryDependencies += "javax.xml.bind" % "jaxb-api" % "2.3.1",
+    libraryDependencies += "org.glassfish.jaxb" % "jaxb-runtime" % "2.3.1",
+
     libraryDependencies += "org.springframework.boot" % "spring-boot-starter-test" % springVersion
   )
 

src/main/scala/org/repl/poc/lmsdata/config/OAuth2AuthorizationServerConfig.scala

@@ -0,0 +1,61 @@
+package org.repl.poc.lmsdata.config
+
+import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.context.annotation.{Bean, Configuration}
+import org.springframework.security.authentication.AuthenticationManager
+import org.springframework.security.oauth2.common.OAuth2AccessToken
+import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer
+import org.springframework.security.oauth2.config.annotation.web.configuration.{AuthorizationServerConfigurerAdapter, EnableAuthorizationServer}
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer
+import org.springframework.security.oauth2.provider.OAuth2Authentication
+import org.springframework.security.oauth2.provider.token.{AccessTokenConverter, TokenEnhancer, TokenStore}
+
+@Configuration
+@EnableAuthorizationServer
+class OAuth2AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
+
+  @Autowired
+  private var tokenStore: TokenStore = _
+
+  @Autowired
+  private var accessTokenConverter: AccessTokenConverter = _
+
+  @Autowired
+  private var authenticationManager: AuthenticationManager = _
+
+  val CLIENT_ID: String = "defmacro-client";
+  val CLIENT_SECRET = "$2y$12$nv64IvDN1P2EnNARkeYOgOdHSM4b7G5y97KuXG5sdv03HAqU6TNuW"; //defmacro-secret
+  val GRANT_TYPE_PASSWORD = "password";
+  val AUTHORIZATION_CODE = "authorization_code";
+  val REFRESH_TOKEN = "refresh_token";
+  val IMPLICIT = "implicit";
+  val SCOPE_READ = "read";
+  val SCOPE_WRITE = "write";
+  val TRUST = "trust";
+  val ACCESS_TOKEN_VALIDITY_SECONDS: Int = 1 * 60 * 60;
+  val REFRESH_TOKEN_VALIDITY_SECONDS: Int = 6 * 60 * 60;
+
+  override def configure(clients: ClientDetailsServiceConfigurer): Unit = {
+    clients
+      .inMemory
+      .withClient(CLIENT_ID)
+      .secret(CLIENT_SECRET)
+      .authorizedGrantTypes(GRANT_TYPE_PASSWORD, AUTHORIZATION_CODE, REFRESH_TOKEN, IMPLICIT)
+      .scopes(SCOPE_READ, SCOPE_WRITE, TRUST)
+      .accessTokenValiditySeconds(ACCESS_TOKEN_VALIDITY_SECONDS).
+      refreshTokenValiditySeconds(REFRESH_TOKEN_VALIDITY_SECONDS)
+  }
+
+  override def configure(endpoints: AuthorizationServerEndpointsConfigurer): Unit = {
+    endpoints
+      .tokenStore(tokenStore)
+      .accessTokenConverter(accessTokenConverter)
+      .authenticationManager(authenticationManager)
+  }
+}
+
+/*class CustomTokenEnhancer extends TokenEnhancer {
+  override def enhance(accessToken: OAuth2AccessToken, authentication: OAuth2Authentication): OAuth2AccessToken = {
+    return accessToken
+  }
+}*/

src/main/scala/org/repl/poc/lmsdata/config/SecurityConfig.scala

@@ -0,0 +1,103 @@
+package org.repl.poc.lmsdata.config
+
+import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.boot.web.servlet.FilterRegistrationBean
+import org.springframework.context.annotation.{Bean, Configuration, Primary}
+import org.springframework.http.HttpMethod
+import org.springframework.security.authentication.AuthenticationManager
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity
+import org.springframework.security.config.annotation.web.builders.HttpSecurity
+import org.springframework.security.config.annotation.web.configuration.{EnableWebSecurity, WebSecurityConfigurerAdapter}
+import org.springframework.security.config.http.SessionCreationPolicy
+import org.springframework.security.core.userdetails.UserDetailsService
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
+import org.springframework.security.oauth2.provider.token.{AccessTokenConverter, DefaultTokenServices, TokenStore}
+import org.springframework.security.oauth2.provider.token.store.{JwtAccessTokenConverter, JwtTokenStore}
+import org.springframework.web.cors.{CorsConfiguration, UrlBasedCorsConfigurationSource}
+import org.springframework.web.filter.CorsFilter
+import javax.annotation.Resource
+
+@Configuration
+@EnableWebSecurity
+@EnableGlobalMethodSecurity(prePostEnabled = true)
+class SecurityConfig extends WebSecurityConfigurerAdapter {
+  @Bean
+  def accessTokenConverter(): AccessTokenConverter = {
+    val jatc = new JwtAccessTokenConverter()
+    jatc.setSigningKey("123")
+    jatc.setVerifierKey("123")
+    return jatc
+  }
+
+  @Bean
+  def tokenStore(converter: AccessTokenConverter): TokenStore = new JwtTokenStore(converter.asInstanceOf[JwtAccessTokenConverter])
+
+  @Bean
+  @Primary
+  def tokenServices(tokenStore: TokenStore): DefaultTokenServices = {
+    val dts = new DefaultTokenServices()
+    dts.setTokenStore(tokenStore)
+    dts.setSupportRefreshToken(true)
+    return dts
+  }
+
+  @Bean
+  @throws[Exception]
+  override def authenticationManagerBean: AuthenticationManager = super.authenticationManagerBean
+
+  @Bean def encoder = new BCryptPasswordEncoder
+
+  @Resource(name = "userService")
+  override val userDetailsService: UserDetailsService = null
+
+  @Autowired
+  @throws[Exception]
+  def globalUserDetails(auth: AuthenticationManagerBuilder): Unit = {
+    auth.userDetailsService(userDetailsService).passwordEncoder(encoder)
+  }
+
+  /*@Autowired
+  def configureGlobal(auth: AuthenticationManagerBuilder): Unit = {
+    auth.inMemoryAuthentication().withUser("bugbug0102").password("0102").roles("USER", "ADMIN", "BUGBUG")
+  }
+
+  @throws[Exception]
+  override protected def configure(auth: AuthenticationManagerBuilder): Unit = {
+    //@formatter:off
+    auth.inMemoryAuthentication.withUser("habuma")
+      .password("password")
+      .authorities("ROLE_USER", "ROLE_ADMIN")
+      .and
+      .withUser("izzy")
+      .password("password")
+      .authorities("ROLE_USER")
+    //@formatter:on
+  }*/
+
+  @throws[Exception]
+  override protected def configure(http: HttpSecurity): Unit = {
+    http
+      .csrf.disable
+      .anonymous.disable
+      //.sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+      .authorizeRequests
+      .antMatchers(HttpMethod.GET, "/api/v1/movies", "/error").permitAll
+      .antMatchers(HttpMethod.POST, "/api/v1/login", "/api/v1/register", "/api/v1/tickets").permitAll
+  }
+
+  /*@Bean def corsFilter: FilterRegistrationBean[CorsFilter] = {
+    val source = new UrlBasedCorsConfigurationSource
+    val config = new CorsConfiguration
+    config.setAllowCredentials(true)
+    config.addAllowedOrigin("*")
+    config.addAllowedHeader("*")
+    config.addAllowedMethod("*")
+    source.registerCorsConfiguration("/**", config)
+    val bean = new FilterRegistrationBean(new CorsFilter(source))
+    bean.setOrder(0)
+    bean
+  }*/
+   */
+
+}

src/main/scala/org/repl/poc/lmsdata/controller/UserController.scala

@@ -0,0 +1,17 @@
+package org.repl.poc.lmsdata.controller
+
+import org.repl.poc.lmsdata.dto.{IdDto, ServiceResponse, UserCreateDto}
+import org.repl.poc.lmsdata.service.UserService
+import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.http.MediaType
+import org.springframework.web.bind.annotation._
+
+@RestController
+@RequestMapping(value = Array("/api"))
+class UserController @Autowired()(userService: UserService) {
+  @PostMapping(value = Array("/v1/user"), consumes = Array(MediaType.APPLICATION_JSON_VALUE), produces = Array(MediaType.APPLICATION_JSON_VALUE))
+  @ResponseBody
+  def createUser(@RequestBody input: UserCreateDto): ServiceResponse[IdDto] = {
+    return userService.createUser(input);
+  }
+}

src/main/scala/org/repl/poc/lmsdata/dto/UserCreateDto.scala

@@ -0,0 +1,4 @@
+package org.repl.poc.lmsdata.dto
+
+case class UserCreateDto(username: String, password: String) {
+}

src/main/scala/org/repl/poc/lmsdata/dto/UserDto.scala

@@ -0,0 +1,8 @@
+package org.repl.poc.lmsdata.dto
+
+case class UserDto(username: String) extends Item {
+  var city: String = _
+  var state: String = _
+  var country: String = _
+  var categories: List[String] = _
+}

src/main/scala/org/repl/poc/lmsdata/mongodb/model/UserMdl.scala

@@ -0,0 +1,44 @@
+package org.repl.poc.lmsdata.mongodb.model
+
+import java.time.LocalDateTime
+
+import com.fasterxml.jackson.annotation.JsonIgnore
+import org.repl.poc.lmsdata.dto.UserDto
+import org.springframework.data.annotation.Id
+import org.springframework.data.mongodb.core.index.Indexed
+import org.springframework.data.mongodb.core.mapping.Document
+
+@Document(collection = "User")
+class UserMdl {
+  @Id
+  var id: String = _
+  @Indexed
+  var username: String = _
+  @JsonIgnore
+  var password: String = _
+  var usernum: Long = _
+  var firstName: String = _
+  var lastName: String = _
+  var city: String = _
+  var state: String = _
+  var country: String = _
+  var categories: List[String] = _
+
+  var createdDate: LocalDateTime = _
+  var createdByUID: String = _
+  var modifiedDate: LocalDateTime = _
+  var modifiedByUID: String = _
+
+  def createDto(): UserDto = {
+    val retDto = UserDto(username)
+    retDto.id = id
+    retDto.city = city
+    retDto.state = state
+    retDto.country = country
+    retDto.createdDate = createdDate
+    retDto.createdByUID = createdByUID
+    retDto.modifiedDate = modifiedDate
+    retDto.modifiedByUID = modifiedByUID
+    return retDto
+  }
+}

src/main/scala/org/repl/poc/lmsdata/mongodb/repository/UserRepository.scala

@@ -0,0 +1,10 @@
+package org.repl.poc.lmsdata.mongodb.repository
+
+import org.repl.poc.lmsdata.mongodb.model.UserMdl
+import org.springframework.data.mongodb.repository.MongoRepository
+import org.springframework.data.repository.Repository
+
+trait UserRepository extends MongoRepository[UserMdl, String] {
+  def findByUsername(userId: String): UserMdl
+
+}

src/main/scala/org/repl/poc/lmsdata/service/LibraryAdminService.scala

@@ -1,7 +1,6 @@
 package org.repl.poc.lmsdata.service
 
 import java.time.LocalDateTime
-import java.util.UUID
 
 import org.repl.poc.lmsdata.dto.{IdDto, LibraryBranchDto, ServiceResponse, ServiceResponseError}
 import org.repl.poc.lmsdata.mongodb.model.LibraryBranchMdl

src/main/scala/org/repl/poc/lmsdata/service/UserService.scala

@@ -0,0 +1,71 @@
+package org.repl.poc.lmsdata.service
+
+import java.time.LocalDateTime
+
+import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.stereotype.Service
+import java.util
+
+import org.repl.poc.lmsdata.dto.{IdDto, LibraryBranchDto, ServiceResponse, ServiceResponseError, UserCreateDto, UserDto}
+import org.repl.poc.lmsdata.mongodb.model.UserMdl
+import org.repl.poc.lmsdata.mongodb.repository.UserRepository
+import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.security.core.authority.SimpleGrantedAuthority
+import org.springframework.security.core.userdetails.{UserDetailsService, UsernameNotFoundException}
+import org.springframework.security.crypto.password.PasswordEncoder
+
+import scala.collection.mutable
+
+@Service(value = "userService")
+class UserService extends UserDetailsService {
+  @Autowired
+  private val userRepository: UserRepository = null
+  @Autowired private
+  val passwordEncoder: PasswordEncoder = null
+
+  @throws[UsernameNotFoundException]
+  def loadUserByUsername(userId: String): org.springframework.security.core.userdetails.User = {
+    val user = userRepository.findByUsername(userId)
+    if (user == null) throw new UsernameNotFoundException("Invalid username or password.")
+    new org.springframework.security.core.userdetails.User(user.username, user.password, getAuthority)
+  }
+
+  private def getAuthority = util.Arrays.asList(new SimpleGrantedAuthority("ROLE_ADMIN"))
+
+  def findAll: util.List[UserDto] = {
+    val list = new util.ArrayList[UserDto]
+    userRepository.findAll.iterator.forEachRemaining(mdl => {
+      list.add(mdl.createDto())
+    })
+    list
+  }
+
+  def createUser(input: UserCreateDto): ServiceResponse[IdDto] = {
+    val response = new ServiceResponse[IdDto]()
+    val errors = validateCreateInput(input)
+    if (errors.nonEmpty) {
+      errors.foreach(error => response.errors += error)
+      response.success = false
+      return response
+    }
+    val model = new UserMdl()
+    model.username = input.username
+    model.password = passwordEncoder.encode(input.password)
+    model.createdDate = LocalDateTime.now()
+    model.modifiedDate = LocalDateTime.now()
+    val persistedModel = userRepository.save(model)
+    val persistedDto = persistedModel.createDto()
+    response.success = true
+    response.data = Some(IdDto(persistedDto.id))
+    response
+  }
+
+  def validateCreateInput(input: UserCreateDto) :Seq[ServiceResponseError] = {
+    val errors: mutable.MutableList[ServiceResponseError] = mutable.MutableList[ServiceResponseError]()
+    val existingUser = userRepository.findByUsername(input.username)
+    if (existingUser != null) {
+      errors += ServiceResponseError("USER002", "Another user exists with same name.")
+    }
+    errors
+  }
+}