get current user success

This commit is contained in:
aisensiy 2017-08-08 21:14:14 +08:00
parent 197130648c
commit 6bc7b84327
11 changed files with 234 additions and 43 deletions

View File

@ -30,7 +30,8 @@ dependencies {
compile('org.mybatis.spring.boot:mybatis-spring-boot-starter:1.3.0')
compile('org.springframework.boot:spring-boot-starter-web')
compile('io.jsonwebtoken:jjwt:0.7.0')
compileOnly('org.projectlombok:lombok')
compile('org.springframework.boot:spring-boot-starter-security')
compileOnly('org.projectlombok:lombok')
runtime('com.h2database:h2')
testCompile 'io.rest-assured:rest-assured:3.0.2'
testCompile('org.springframework.boot:spring-boot-starter-test')

View File

@ -0,0 +1,28 @@
package io.spring.api;
import io.spring.application.user.UserQueryService;
import io.spring.core.user.User;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.ResponseEntity;
import org.springframework.security.core.annotation.AuthenticationPrincipal;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class CurrentUserApi {
private UserQueryService userQueryService;
@Autowired
public CurrentUserApi(UserQueryService userQueryService) {
this.userQueryService = userQueryService;
}
@RequestMapping(path = "/user", method = RequestMethod.GET)
public ResponseEntity currentUser(@AuthenticationPrincipal User currentUser,
@RequestHeader(value = "Authorization") String authorization) {
return ResponseEntity.ok(userQueryService.fetchCurrentUser(currentUser.getUsername(), authorization.split(" ")[1]));
}
}

View File

@ -12,8 +12,10 @@ import org.hibernate.validator.constraints.NotBlank;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.ResponseEntity;
import org.springframework.security.core.annotation.AuthenticationPrincipal;
import org.springframework.validation.BindingResult;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
@ -21,21 +23,22 @@ import org.springframework.web.bind.annotation.RestController;
import javax.validation.Valid;
@RestController
@RequestMapping("/users")
public class UsersApi {
private UserRepository userRepository;
private UserQueryService userQueryService;
private String defaultImage;
@Autowired
public UsersApi(UserRepository userRepository, UserQueryService userQueryService, @Value("${image.default}") String defaultImage) {
public UsersApi(UserRepository userRepository,
UserQueryService userQueryService,
@Value("${image.default}") String defaultImage) {
this.userRepository = userRepository;
this.userQueryService = userQueryService;
this.defaultImage = defaultImage;
}
@RequestMapping(method = RequestMethod.POST)
public ResponseEntity creeteUser(@Valid @RequestBody RegisterParam registerParam, BindingResult bindingResult) {
@RequestMapping(path = "/users", method = RequestMethod.POST)
public ResponseEntity createUser(@Valid @RequestBody RegisterParam registerParam, BindingResult bindingResult) {
if (bindingResult.hasErrors()) {
throw new InvalidRequestException(bindingResult);
}

View File

@ -0,0 +1,60 @@
package io.spring.api.security;
import io.spring.application.JwtService;
import io.spring.core.user.User;
import io.spring.core.user.UserRepository;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.web.filter.OncePerRequestFilter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Collections;
import java.util.Optional;
@SuppressWarnings("SpringJavaAutowiringInspection")
public class JwtTokenFilter extends OncePerRequestFilter {
@Autowired
private UserRepository userRepository;
@Autowired
private JwtService jwtService;
private String header = "Authorization";
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
getTokenString(request.getHeader(header)).ifPresent(token -> {
jwtService.getSubFromToken(token).ifPresent(username -> {
if (SecurityContextHolder.getContext().getAuthentication() == null) {
User user = userRepository.findByUsername(username).get();
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(
user,
null,
Collections.emptyList()
);
authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(authenticationToken);
}
});
});
filterChain.doFilter(request, response);
}
private Optional<String> getTokenString(String header) {
if (header == null || header.split("").length < 2) {
return Optional.empty();
} else {
return Optional.ofNullable(header.split(" ")[1]);
}
}
}

View File

@ -0,0 +1,33 @@
package io.spring.api.security;
import org.springframework.boot.autoconfigure.security.Http401AuthenticationEntryPoint;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public JwtTokenFilter jwtTokenFilter() {
return new JwtTokenFilter();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.exceptionHandling().authenticationEntryPoint(new Http401AuthenticationEntryPoint("Unauthenticated"))
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests()
.antMatchers(HttpMethod.POST, "/users", "/users/login").permitAll()
.anyRequest().authenticated();
http.addFilterBefore(jwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
}
}

View File

@ -1,9 +1,11 @@
package io.spring.application;
import io.spring.application.user.UserData;
import org.springframework.stereotype.Service;
import java.util.Optional;
@Service
public interface JwtService {
String toToken(UserData userData);

View File

@ -20,6 +20,9 @@ public class UserQueryService {
return new UserWithToken(userData, jwtService.toToken(userData));
}
public UserWithToken fetchCurrentUser(String username, String token) {
return new UserWithToken(userReadService.findOne(username), token);
}
}
@JsonRootName("user")

View File

@ -7,17 +7,20 @@ import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.SignatureException;
import io.spring.application.JwtService;
import io.spring.application.user.UserData;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import org.springframework.stereotype.Service;
import java.util.Date;
import java.util.Optional;
@Service
@Component
public class DefaultJwtService implements JwtService {
private String secret;
private int sessionTime;
@Autowired
public DefaultJwtService(@Value("${jwt.secret}") String secret,
@Value("${jwt.sessionTime}") int sessionTime) {
this.secret = secret;

View File

@ -1,6 +1,7 @@
spring.jackson.deserialization.UNWRAP_ROOT_VALUE=true
spring.jackson.serialization.WRAP_ROOT_VALUE=true
image.default=https://static.productionready.io/images/smiley-cyrus.jpg
mybatis.config-location=mybatis-config.xml
jwt.secret=nRvyYC4soFxBdZ-F-5Nnzz5USXstR1YylsTd-mA0aKtI9HUlriGrtkf-TiuDapkLiUCogO3JOK7kwZisrHp6wA
jwt.sessionTime=86400
mybatis.config-location=classpath:mybatis-config.xml
mybatis.mapper-locations=mapper/*Mapper.xml

View File

@ -0,0 +1,73 @@
package io.spring.api;
import io.restassured.RestAssured;
import io.spring.application.JwtService;
import io.spring.application.user.UserData;
import io.spring.application.user.UserReadService;
import io.spring.core.user.User;
import io.spring.core.user.UserRepository;
import io.spring.infrastructure.service.DefaultJwtService;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.context.embedded.LocalServerPort;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.mock.mockito.MockBean;
import org.springframework.test.context.junit4.SpringRunner;
import java.util.Optional;
import static io.restassured.RestAssured.given;
import static org.hamcrest.core.IsEqual.equalTo;
import static org.mockito.Matchers.eq;
import static org.mockito.Mockito.when;
import static org.springframework.boot.test.context.SpringBootTest.WebEnvironment.RANDOM_PORT;
@SpringBootTest(webEnvironment = RANDOM_PORT)
@RunWith(SpringRunner.class)
public class CurrentUserApiTest {
@MockBean
private UserRepository userRepository;
@MockBean
private UserReadService userReadService;
@LocalServerPort
private int port;
@Autowired
private JwtService jwtService;
@Before
public void setUp() throws Exception {
RestAssured.port = port;
}
@Test
public void should_get_current_user_with_token() throws Exception {
String email = "john@jacob.com";
String username = "johnjacob";
User user = new User(email, username, "123", "", "https://static.productionready.io/images/smiley-cyrus.jpg");
when(userRepository.findByUsername(eq(username))).thenReturn(Optional.of(user));
UserData userData = new UserData(email, username, "", "https://static.productionready.io/images/smiley-cyrus.jpg");
when(userReadService.findOne(eq(username))).thenReturn(userData);
String token = jwtService.toToken(userData);
given()
.header("Authorization", "Token " + token)
.contentType("application/json")
.when()
.get("/user")
.then()
.statusCode(200)
.body("user.email", equalTo(email))
.body("user.username", equalTo(username))
.body("user.bio", equalTo(""))
.body("user.image", equalTo("https://static.productionready.io/images/smiley-cyrus.jpg"))
.body("user.token", equalTo(token));
}
}

View File

@ -6,6 +6,7 @@ import io.spring.application.user.UserData;
import io.spring.application.user.UserReadService;
import io.spring.core.user.User;
import io.spring.core.user.UserRepository;
import io.spring.infrastructure.service.DefaultJwtService;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
@ -56,13 +57,10 @@ public class UsersApiTest {
UserData userData = new UserData(email, username, "", "https://static.productionready.io/images/smiley-cyrus.jpg");
when(userReadService.findOne(eq(username))).thenReturn(userData);
Map<String, Object> param = new HashMap<String, Object>() {{
put("user", new HashMap<String, Object>() {{
put("email", email);
put("password", "johnnyjacob");
put("username", username);
}});
}};
when(userRepository.findByUsername(eq(username))).thenReturn(Optional.empty());
when(userRepository.findByEmail(eq(email))).thenReturn(Optional.empty());
Map<String, Object> param = prepareRegisterParameter(email, username);
given()
.contentType("application/json")
@ -86,13 +84,7 @@ public class UsersApiTest {
String email = "john@jacob.com";
String username = "";
Map<String, Object> param = new HashMap<String, Object>() {{
put("user", new HashMap<String, Object>() {{
put("email", email);
put("password", "johnnyjacob");
put("username", username);
}});
}};
Map<String, Object> param = prepareRegisterParameter(email, username);
given()
.contentType("application/json")
@ -109,13 +101,7 @@ public class UsersApiTest {
String email = "johnxjacob.com";
String username = "johnjacob";
Map<String, Object> param = new HashMap<String, Object>() {{
put("user", new HashMap<String, Object>() {{
put("email", email);
put("password", "johnnyjacob");
put("username", username);
}});
}};
Map<String, Object> param = prepareRegisterParameter(email, username);
given()
.contentType("application/json")
@ -137,13 +123,7 @@ public class UsersApiTest {
email, username, "123", "bio", ""
)));
Map<String, Object> param = new HashMap<String, Object>() {{
put("user", new HashMap<String, Object>() {{
put("email", email);
put("password", "johnnyjacob");
put("username", username);
}});
}};
Map<String, Object> param = prepareRegisterParameter(email, username);
given()
.contentType("application/json")
@ -166,13 +146,7 @@ public class UsersApiTest {
when(userRepository.findByUsername(eq(username))).thenReturn(Optional.empty());
Map<String, Object> param = new HashMap<String, Object>() {{
put("user", new HashMap<String, Object>() {{
put("email", email);
put("password", "johnnyjacob");
put("username", username);
}});
}};
Map<String, Object> param = prepareRegisterParameter(email, username);
given()
.contentType("application/json")
@ -183,4 +157,14 @@ public class UsersApiTest {
.statusCode(422)
.body("errors.email[0]", equalTo("duplicated email"));
}
private HashMap<String, Object> prepareRegisterParameter(final String email, final String username) {
return new HashMap<String, Object>() {{
put("user", new HashMap<String, Object>() {{
put("email", email);
put("password", "johnnyjacob");
put("username", username);
}});
}};
}
}