Commit 16791f79f0000eac469c5b3acafe56fc2ba824ed
1 parent
57e157a4
routage du site
Ajout de la gestion des différents roles utilisateurs \n Ajout des sécurités sur les pages en fonction du role \nModification des pages pour la visibilité et la cohérence du site
Showing
6 changed files
with
26 additions
and
18 deletions
Show diff stats
PFE06/src/main/java/com/PFE/ServerManager/Customer.java
1 | 1 | package com.PFE.ServerManager; |
2 | 2 | |
3 | -import org.springframework.beans.factory.annotation.Autowired; | |
4 | - | |
5 | 3 | import javax.persistence.*; |
6 | 4 | import java.util.Set; |
7 | 5 | |
... | ... | @@ -34,6 +32,9 @@ public class Customer{ |
34 | 32 | public void setRoles(Set<Role> roles) { this.roles = roles; } |
35 | 33 | public Set<Role> getRoles() { return roles; } |
36 | 34 | |
35 | + public String getRole(){ | |
36 | + return roles.iterator().next().getRole(); | |
37 | + } | |
37 | 38 | public void setId(Integer id) { |
38 | 39 | this.customer_id = id; |
39 | 40 | } | ... | ... |
PFE06/src/main/java/com/PFE/ServerManager/MainController.java
... | ... | @@ -36,6 +36,7 @@ public class MainController { |
36 | 36 | Authentication auth = SecurityContextHolder.getContext().getAuthentication(); |
37 | 37 | Customer customer = customerRepository.findByPseudo(auth.getName()); |
38 | 38 | modelAndView.addObject("customerName", customer.getPseudo()); |
39 | + modelAndView.addObject("customerRole", customer.getRole()); | |
39 | 40 | modelAndView.setViewName("home"); |
40 | 41 | return modelAndView; |
41 | 42 | } |
... | ... | @@ -51,7 +52,7 @@ public class MainController { |
51 | 52 | } |
52 | 53 | |
53 | 54 | @PostMapping(path="/registration") |
54 | - public ModelAndView addNewUser(@RequestParam String pseudo, @RequestParam String password) { | |
55 | + public ModelAndView addNewUser(@RequestParam String pseudo, @RequestParam String password, @RequestParam String role) { | |
55 | 56 | //Model map, ModelAndView ou l'utilisation direct comme dans la méthode précédente sont 3 méthodes qui permettent d'envoyer des informations et donc de changer l'apparence d'une page |
56 | 57 | ModelAndView modelAndView = new ModelAndView(); // il n'est peut être pas utile d'utiliser ModelAndView |
57 | 58 | Customer n = new Customer(); |
... | ... | @@ -60,12 +61,11 @@ public class MainController { |
60 | 61 | n.setId((int)(customerRepository.count()+1)); |
61 | 62 | n.setActive(1); |
62 | 63 | Customer temp = customerRepository.findByPseudo(pseudo); |
63 | - Role userRole = roleRepository.findByRole("ADMIN"); | |
64 | + Role userRole = roleRepository.findByRole(role); | |
64 | 65 | n.setRoles(new HashSet<Role>(Arrays.asList(userRole))); |
65 | 66 | |
66 | 67 | if(temp != null) { |
67 | 68 | modelAndView.addObject("ok", "l'utilisateur existe déjà"); |
68 | - //return "login?fail"; | |
69 | 69 | } |
70 | 70 | else { |
71 | 71 | modelAndView.addObject("ok", "l'utilisateur a bien été ajouté"); | ... | ... |
PFE06/src/main/java/com/PFE/ServerManager/SecurityConfig.java
... | ... | @@ -34,15 +34,15 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { |
34 | 34 | protected void configure(HttpSecurity http) throws Exception { |
35 | 35 | http |
36 | 36 | .authorizeRequests() |
37 | - .antMatchers("/home").hasAuthority("ADMIN") | |
38 | - .antMatchers("/registration").permitAll() | |
37 | + .antMatchers("/home").hasAnyAuthority("USER","ADMIN") | |
38 | + .antMatchers("/registration").hasAuthority("ADMIN") | |
39 | 39 | .antMatchers("/login").permitAll() |
40 | 40 | .antMatchers("/denied").permitAll() |
41 | 41 | .anyRequest().authenticated() |
42 | 42 | .and() |
43 | 43 | .formLogin() |
44 | 44 | .loginPage("/login").failureUrl("/login?error=true") |
45 | - .defaultSuccessUrl("/success") | |
45 | + .defaultSuccessUrl("/home") | |
46 | 46 | .usernameParameter("pseudo") |
47 | 47 | .passwordParameter("password") |
48 | 48 | .and() | ... | ... |
PFE06/src/main/resources/data.sql
1 | 1 | /* ce fichier doit être placé dans les ressources afin d'être utilisé */ |
2 | 2 | INSERT INTO "role" VALUES (1,'ADMIN'); |
3 | -INSERT INTO "customer" VALUES (1,1,'$2a$10$GflhaD2IYuErynuOlxS2W.Gp1kXksVdiSviYN/lDYCsuH.lVm6Ph2','admin'); | |
3 | +INSERT INTO "role" VALUES (2,'USER'); | |
4 | +INSERT INTO "customer" VALUES (1,1,'$2a$10$GflhaD2IYuErynuOlxS2W.Gp1kXksVdiSviYN/lDYCsuH.lVm6Ph2','admin'); /*pseudo : admin // password : admin // role : ADMIN*/ | |
4 | 5 | INSERT INTO "customer_role" VALUES (1,1); |
5 | -INSERT INTO "customer" VALUES (2,1,'$2a$10$GflhaD2IYuErynuOlxS2W.Gp1kXksVdiSviYN/lDYCsuH.lVm6Ph2','root'); | |
6 | -INSERT INTO "customer_role" VALUES (2,1); | |
7 | 6 | \ No newline at end of file |
7 | +INSERT INTO "customer" VALUES (2,1,'$2a$10$0Fnls/gTQS1zA6rj1ZlxfuyyKNpCBDA1tcCqQMroPDIj1fRyhgv/O','user'); /*pseudo : user // password : password // role : USER*/ | |
8 | +INSERT INTO "customer_role" VALUES (2,2); | |
8 | 9 | \ No newline at end of file | ... | ... |
PFE06/src/main/resources/templates/home.html
... | ... | @@ -7,16 +7,15 @@ |
7 | 7 | </head> |
8 | 8 | <body> |
9 | 9 | |
10 | - <a th:href="@{/login}">Connexion</a> | |
11 | - <a th:href="@{/registration}">Enregistrer des utilisateurs</a> | |
12 | - | |
10 | + <div th:switch="${customerRole}"> | |
11 | + <div th:case="'ADMIN'"><a th:href="@{/registration}">Enregistrer des utilisateurs</a></div> | |
12 | + <div th:case="'USER'"></div> | |
13 | + </div> | |
13 | 14 | <form th:action="@{/logout}" method="GET"> |
14 | 15 | <button type="Submit">Logout </button> |
15 | 16 | </form> |
16 | 17 | |
17 | - | |
18 | - <h1 th:utext="${customerName}"> est connecté(e) !</h1> | |
19 | - | |
18 | + <h1><span th:text="${customerName}" th:remove="tag"></span> est connecté(e) !</h1> | |
20 | 19 | |
21 | 20 | </body> |
22 | 21 | </html> |
23 | 22 | \ No newline at end of file | ... | ... |
PFE06/src/main/resources/templates/registration.html
... | ... | @@ -16,10 +16,17 @@ |
16 | 16 | <label for="password">Password: </label> |
17 | 17 | <input type="password" id="password" placeholder="Enter Password" name="password"/> |
18 | 18 | </div> |
19 | + <div class="form3"> | |
20 | + <input type="radio" id="role1" name="role" value="ADMIN"> | |
21 | + <label for="role1">Admin</label> | |
22 | + | |
23 | + <input type="radio" id="role2" name="role" value="USER" checked="checked"> <!-- "checked" empeche l'utilisateur de ne rien séléctionner --> | |
24 | + <label for="role2">User</label> | |
25 | + </div> | |
19 | 26 | <button type="submit">Ajouter</button> |
20 | 27 | </form> |
21 | 28 | <span th:utext="${ok}"></span> |
22 | - <a href="/login">connexion</a> | |
29 | + <a th:href="@{/home}">Accueil</a> | |
23 | 30 | <!--<div th:if="${param.ok}"> |
24 | 31 | <span>L'utilisateur a été ajouté !</span> |
25 | 32 | </div> | ... | ... |