restructuration du site web avec une page d'accueil, de login et d'ajout d'utili…

…sateur et ajout de Spring Security pour l'instant pas opérationnel

restructuration du site web avec une page d'accueil, de login et d'ajout d'utili…
…sateur et ajout de Spring Security pour l'instant pas opérationnel
sfeutrie
1 parent e743b1b9
Showing 12 changed files with 242 additions and 51 deletions Show diff stats
PFE06/pom.xml
PFE06/src/main/java/com/PFE/ServerManager/Customer.java
PFE06/src/main/java/com/PFE/ServerManager/MainController.java
PFE06/src/main/java/com/PFE/ServerManager/Role.java
PFE06/src/main/java/com/PFE/ServerManager/RoleRepository.java
PFE06/src/main/java/com/PFE/ServerManager/SecurityConfig.java
PFE06/src/main/resources/application.properties
PFE06/src/main/resources/data.sql
PFE06/src/main/resources/templates/home.html
PFE06/src/main/resources/templates/login.html
PFE06/src/main/resources/templates/registration.html
PFE06/src/main/resources/templates/success.html
@@ -3,8 +3,8 @@
          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
  
-    <groupId>com.example</groupId>
-    <artifactId>demo</artifactId>
+    <groupId>com.PFE</groupId>
+    <artifactId>ServerManager</artifactId>
     <version>0.0.1-SNAPSHOT</version>
     <packaging>jar</packaging>
  
@@ -33,7 +33,10 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-web</artifactId>
         </dependency>
-
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.postgresql</groupId>
             <artifactId>postgresql</artifactId>
 package com.PFE.ServerManager;
  
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Table;
-
-@Entity // This tells Hibernate to make a table out of this class
-@Table(name = "Customer") // DON'T USE "User" because it is a reserved name in PostgreSQL
+import javax.persistence.*;
+
+@Entity
+@Table(name = "customer") // NE PAS utiliser "User" car c'est un mot clef réservé pour PostgreSQL
 public class Customer{
  
     @Id
     @GeneratedValue(strategy=GenerationType.AUTO)
-    private Integer id;
+    private Integer customer_id;
  
     @Column(name = "pseudo")
     private String pseudo;
@@ -21,20 +16,17 @@ public class Customer{
     @Column(name = "password")
     private String password;
  
-    public Integer getId() {
-        return id;
-    }
+    @ManyToOne(cascade = CascadeType.ALL)
+    @JoinTable(name = "customer_role", joinColumns = @JoinColumn(name = "customer_id"), inverseJoinColumns = @JoinColumn(name = "role_id"))
+    //private Set<Role> roles;
+    private Role role;
  
-    public String getPseudo() {
-        return pseudo;
-    }
-
-    public String getPassword() {
-        return password;
+    public void setRole(Role role) {
+        this.role = role;
     }
  
     public void setId(Integer id) {
-        this.id = id;
+        this.customer_id = id;
     }
  
     public void setPseudo(String pseudo) {
@@ -44,5 +36,4 @@ public class Customer{
     public void setPassword(String password) {
         this.password = password;
     }
-
 }
 \ No newline at end of file
@@ -3,44 +3,89 @@ package com.PFE.ServerManager;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.*;
+import org.springframework.web.servlet.ModelAndView;
  
-import java.util.Map;
-
-@Controller // This means that this class is a Controller
+@Controller
 public class MainController {
-    @Autowired // This means to get the bean called userRepository which is auto-generated by Spring, we will use it to handle the Customers
+
+    @Autowired
     CustomerRepository customerRepository;
  
+    @Autowired
+    RoleRepository roleRepository;
+
     @RequestMapping(value="/")
     public String home(){
-        return "redirect:login";
+        return "home";
     }
  
-    @GetMapping(path="/login") // Map ONLY GET Requests
-    public String login() {
-        return "login";  //return "redirect:/...."; //to send a request to redirect the current page
+    @GetMapping(path="/registration")
+    public String registration() {
+        return "registration";//fait le lien automatiquement avec le page html du même nom  //return "redirect:/....";
     }
  
-    @PostMapping(path="/login")
-    public String addNewUser(@RequestParam String pseudo, @RequestParam String password) {
-        // @RequestParam means it is a parameter from the GET or POST request
-        //the model Map is used by thymeleaf as a storage for values display on the html page
+    @PostMapping(path="/registration")
+    public ModelAndView addNewUser(@RequestParam String pseudo, @RequestParam String password) {
+        //Model map, ModelAndView ou l'utilisation direct comme dans la méthode précédente sont 3 méthodes qui permettent d'envoyer des informations et donc de changer l'apparence d'une page
+        ModelAndView modelAndView = new ModelAndView(); // il n'est peut être pas utile d'utiliser ModelAndView
         Customer n = new Customer();
         n.setPseudo(pseudo);
         n.setPassword(password);
         Customer temp = customerRepository.findByPseudo(pseudo);
  
+        /*Role nRole = roleRepository.findByRole("ADMIN");
+        n.setRoles(new HashSet<Role>(Arrays.asList(nRole)));*/
+        Role role = new Role(); // l'utilisation d'un role au lieu d'un tableau semble valide, ormis la première ligne de la table qui n'est pas utilisé
+        role.setRole("ADMIN");
+        n.setRole(role);
+
         if(temp != null) {
-            return "redirect:login?error";
+            modelAndView.addObject("ok", "l'utilisateur existe déjà");
+            //return "login?fail";
         }
+        else {
+            modelAndView.addObject("ok", "l'utilisateur a bien été ajouté");
+            customerRepository.save(n);
+    }
+        modelAndView.setViewName("registration");
+        return modelAndView;
+    }
  
-        customerRepository.save(n);
-        return "redirect:login?ok";
+    @GetMapping(path="/login")
+    public ModelAndView login(){
+        ModelAndView modelAndView = new ModelAndView();
+        modelAndView.setViewName("login");
+        return modelAndView;
     }
+    //////// Ne fonctionne pas /////////
+    /*public String login() {
+        return "login";  //return "redirect:/...."; //to send a request to redirect the current page
+    }*/
+    /*
+    @PostMapping(path="/login")
+    public ModelAndView connexion(@RequestParam String pseudo, @RequestParam String password) {
+        // @RequestParam means it is a parameter from the GET or POST request
+        //the model Map is used by thymeleaf as a storage for values display on the html page, this is the same way for ModelAndView
+        ModelAndView modelAndView = new ModelAndView();
+        Customer temp = customerRepository.findByPseudo(pseudo);
+        if(temp != null) {
+            modelAndView.addObject("error", "vous etes autorisé à être sur cette page");
+        }
+        else{
+            modelAndView.addObject("error", "vous n'etes pas autorisé à être sur cette page");
+        }
+        modelAndView.setViewName("login");
+        return modelAndView;
+    }*/
+    //////////////////////////
  
     @GetMapping(path="/all")
     public @ResponseBody Iterable<Customer> getAllUsers() {
-        // This returns a JSON or XML with the users
         return customerRepository.findAll();
     }
+
+    @RequestMapping(value="/success")
+    public String success(){
+        return "success";
+    }
 }
 \ No newline at end of file
@@ -0,0 +1,24 @@
+package com.PFE.ServerManager;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Table;
+
+@Entity
+@Table(name = "role")
+public class Role {
+    @Id
+    @GeneratedValue(strategy = GenerationType.AUTO)
+    @Column(name = "role_id")
+    private Integer role_id;
+
+    @Column(name = "role")
+    private String role;
+
+    public void setRole(String role) {
+        this.role = role;
+    }
+}
 \ No newline at end of file
@@ -0,0 +1,11 @@
+package com.PFE.ServerManager;
+
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.repository.CrudRepository;
+import org.springframework.stereotype.Repository;
+
+@Repository
+public interface RoleRepository extends CrudRepository<Role, Integer> {
+    Role findByRole(String role);
+}
+
@@ -0,0 +1,43 @@
+package com.PFE.ServerManager;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+import javax.sql.DataSource;
+
+@Configuration
+@EnableAutoConfiguration
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Autowired
+    DataSource dataSource;
+
+    @Autowired
+    public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
+        auth.jdbcAuthentication()
+                .dataSource(dataSource)
+                .usersByUsernameQuery("select pseudo, password from customer where pseudo=?")
+                .authoritiesByUsernameQuery("select u.pseudo, r.role from customer u inner join customer_role ur on(u.customer_id=ur.customer_id) inner join role r on(ur.role_id=r.role_id) where u.pseudo=?");
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http
+                .authorizeRequests()
+                    .antMatchers("/").permitAll()
+                    .antMatchers("/registration").permitAll()
+                    .antMatchers("/login").permitAll()
+                    //.antMatchers("/registration").hasRole("ADMIN").anyRequest().authenticated()
+                    .and()
+                .formLogin()
+                    .loginPage("/login").failureUrl("/login?error=true").defaultSuccessUrl("/success")
+                    .and()
+                .logout()
+                    .permitAll();
+        //http.exceptionHandling().accessDeniedPage("/403");
+    }
+}
 \ No newline at end of file
@@ -2,9 +2,23 @@
 #-----------------------------------------------#
 #---------- Spring Database management ---------#
 #-----------------------------------------------#
-spring.jpa.hibernate.ddl-auto=update
-#"create" if the database doesn't exist : it will reinitialize the DB every time the process is restarted
-#"update" if the database already exists
-spring.datasource.url=jdbc:postgresql://localhost:3306/sql_only
+spring.jpa.hibernate.ddl-auto=create
+#update
+#"create" recrée la base de données à chaque lancement
+#"update" met à jour la base données
+
+#Simon Postgres config :
+spring.datasource.url=jdbc:postgresql://localhost:5432/sql_only
 spring.datasource.username=postgres
-spring.datasource.password=admin
 \ No newline at end of file
+spring.datasource.password=idalurf123
+
+#Antoine Postgres config :
+#spring.datasource.url=jdbc:postgresql://localhost:3302/sql_only
+#spring.datasource.username=postgres
+#spring.datasource.password=admin
+
+# montre les communications JPA avec la BDD
+spring.jpa.show-sql = true
+
+# exécute le fichier data.sql pour préciser le role ADMIN
+spring.datasource.initialization-mode=always
 \ No newline at end of file
@@ -0,0 +1,6 @@
+/* ce fichier doit être placé dans les ressources afin d'être utilisé */
+INSERT INTO "role" VALUES (1,'ADMIN');
+/*INSERT INTO "customer" VALUES (10,1,'Feutrier','Simon');
+INSERT INTO "customer" VALUES (11,1,'Duquenoy','Antoine');
+INSERT INTO "customer_role" VALUES (1,1);
+INSERT INTO "customer_role" VALUES (2,1);*/
 \ No newline at end of file
@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html xmlns:th="http://www.thymeleaf.org">
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>Page d'accueil</title>
+</head>
+<body>
+<a th:href="@{/login}">connexion</a>
+<a th:href="@{/registration}">enregistrer des utilisateurs</a>
+</body>
+</html>
 \ No newline at end of file
 <!DOCTYPE html>
 <html xmlns:th="http://www.thymeleaf.org">
 <head>
-    <title>Add users page</title>
+    <title>Page de connexion</title>
     <meta charset="utf-8"/>
 </head>
     <body>
         <div>
-            <h5>Add new users</h5>
+            <h5>Ajouter de nouveaux utilisateurs :</h5>
             <form th:action="@{/login}" method="POST">
                 <div class="form1">
                     <label for="username">User Name: </label>
@@ -16,14 +16,15 @@
                     <label for="password">Password: </label>
                     <input type="password" id="password" placeholder="Enter Password" name="password"/>
                 </div>
-                <button type="submit">Ajouter</button>
+                <button type="submit">se connecter</button>
             </form>
-            <div th:if="${param.ok}">
+            <span th:utext="${error}"></span>
+            <!--<div th:if="${param.ok}">
                 <span>L'utilisateur a été ajouté !</span>
             </div>
-            <div th:if="${param.error}">
+            <div th:if="${param.fail}">
                 <span>Le pseudo existe déjà !</span>
-            </div>
+            </div>-->
         </div>
     </body>
 </html>
 \ No newline at end of file
@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<html xmlns:th="http://www.thymeleaf.org">
+<head>
+    <title>Ajout d'utilisateurs</title>
+    <meta charset="utf-8"/>
+</head>
+<body>
+<div>
+    <h5>Ajout d'utilisateurs :</h5>
+    <form th:action="@{/registration}" method="POST">
+        <div class="form1">
+            <label for="username">User Name: </label>
+            <input type="text" id="username" placeholder="Enter UserName" name="pseudo"/>
+        </div>
+        <div class="form2">
+            <label for="password">Password: </label>
+            <input type="password" id="password" placeholder="Enter Password" name="password"/>
+        </div>
+        <button type="submit">Ajouter</button>
+    </form>
+    <span th:utext="${ok}"></span>
+    <a href="/login">connexion</a>
+    <!--<div th:if="${param.ok}">
+        <span>L'utilisateur a été ajouté !</span>
+    </div>
+    <div th:if="${param.fail}">
+        <span>Le pseudo existe déjà !</span>
+    </div>-->
+</div>
+</body>
+</html>
 \ No newline at end of file
@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>SUCCESS</title>
+</head>
+<body>
+<a href="/login">connexion</a>
+</body>
+</html>
 \ No newline at end of file