bloominstituteoftechnology · martinezmarina · Aug 19, 2020 · Aug 19, 2020 · Aug 20, 2020
diff --git a/shoppingcart/pom.xml b/shoppingcart/pom.xml
@@ -5,7 +5,7 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>2.2.8.RELEASE</version>
+        <version>2.2.7.RELEASE</version>
         <relativePath/> <!-- lookup parent from repository -->
     </parent>
     <groupId>com.lambdaschool</groupId>
@@ -23,38 +23,30 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-data-jpa</artifactId>
         </dependency>
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-web</artifactId>
-        </dependency>
 
-<!--    New for 2.3.0-->
         <dependency>
             <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-validation</artifactId>
+            <artifactId>spring-boot-starter-web</artifactId>
         </dependency>
 
+        <!--        DevTools can cause some console messages to appear twice!-->
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-devtools</artifactId>
             <scope>runtime</scope>
             <optional>true</optional>
         </dependency>
+
         <dependency>
             <groupId>com.h2database</groupId>
             <artifactId>h2</artifactId>
-<!--            <scope>runtime</scope>-->
+            <!--            <scope>runtime</scope>-->
         </dependency>
+
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-test</artifactId>
             <scope>test</scope>
-            <exclusions>
-                <exclusion>
-                    <groupId>org.junit.vintage</groupId>
-                    <artifactId>junit-vintage-engine</artifactId>
-                </exclusion>
-            </exclusions>
         </dependency>
 
         <!-- https://mvnrepository.com/artifact/com.github.javafaker/javafaker -->
@@ -63,6 +55,46 @@
             <artifactId>javafaker</artifactId>
             <version>1.0.1</version>
         </dependency>
+
+        <!-- Swagger Dependencies Start -->
+        <!-- https://mvnrepository.com/artifact/io.springfox/springfox-swagger2 -->
+        <dependency>
+            <groupId>io.springfox</groupId>
+            <artifactId>springfox-swagger2</artifactId>
+            <version>2.9.2</version>
+        </dependency>
+
+        <!-- https://mvnrepository.com/artifact/io.springfox/springfox-swagger-ui -->
+        <dependency>
+            <groupId>io.springfox</groupId>
+            <artifactId>springfox-swagger-ui</artifactId>
+            <version>2.9.2</version>
+        </dependency>
+
+        <dependency>
+            <groupId>io.springfox</groupId>
+            <artifactId>springfox-bean-validators</artifactId>
+            <version>2.9.2</version>
+        </dependency>
+        <!-- Swagger Dependencies End -->
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-test</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.security.oauth</groupId>
+            <artifactId>spring-security-oauth2</artifactId>
+            <version>2.3.6.RELEASE</version>
+        </dependency>
+
     </dependencies>
 
     <build>

diff --git a/...ingcart/src/main/java/com/lambdaschool/shoppingcart/config/AuthorizationServerConfig.java b/...ingcart/src/main/java/com/lambdaschool/shoppingcart/config/AuthorizationServerConfig.java
@@ -0,0 +1,52 @@
+
+package com.lambdaschool.shoppingcart.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
+import org.springframework.security.oauth2.provider.token.TokenStore;
+
+@Configuration
+@EnableAuthorizationServer
+public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
+    static final String CLIENT_ID = "lambda-id";
+    static final String CLIENT_SECRET = "lambda-secret";
+    static final String GRANT_TYPE_PASSWORD = "password";
+    static final String AUTHORIZATION_CODE = "authorization_code";
+    static final String SCOPE_READ = "read";
+    static final String SCOPE_WRITE = "write";
+    static final String SCOPE_TRUST = "trust";
+    static final int ACCESS_TOKEN_VALIDITY_SECONDS = -1;
+
+    @Autowired
+    private TokenStore tokenStore;
+
+    @Autowired
+    private AuthenticationManager authenticationManager;
+
+    @Autowired
+    private PasswordEncoder encoder;
+
+    @Override
+    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
+        clients.inMemory()
+                .withClient(CLIENT_ID)
+                .secret(encoder.encode(CLIENT_SECRET))
+                .authorizedGrantTypes(GRANT_TYPE_PASSWORD, AUTHORIZATION_CODE)
+                .scopes(SCOPE_READ, SCOPE_TRUST, SCOPE_WRITE)
+                .accessTokenValiditySeconds(ACCESS_TOKEN_VALIDITY_SECONDS);
+    }
+
+    @Override
+    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
+        endpoints.tokenStore(tokenStore)
+                .authenticationManager(authenticationManager);
+
+        endpoints.pathMapping("/oauth/token", "/login");
+    }
+}
diff --git a/shoppingcart/src/main/java/com/lambdaschool/shoppingcart/config/H2ServerConfiguration.java b/shoppingcart/src/main/java/com/lambdaschool/shoppingcart/config/H2ServerConfiguration.java
@@ -1,3 +1,4 @@
+
 package com.lambdaschool.shoppingcart.config;
 
 import org.h2.tools.Server;
@@ -45,9 +46,9 @@ public Server h2TcpServer()
             SQLException
     {
         return Server.createTcpServer("-tcp",
-                                      "-tcpAllowOthers",
-                                      "-tcpPort",
-                                      h2TcpPort)
+                "-tcpAllowOthers",
+                "-tcpPort",
+                h2TcpPort)
                 .start();
     }
 
@@ -66,9 +67,9 @@ public Server h2WebServer()
             SQLException
     {
         return Server.createWebServer("-web",
-                                      "-webAllowOthers",
-                                      "-webPort",
-                                      h2WebPort)
+                "-webAllowOthers",
+                "-webPort",
+                h2WebPort)
                 .start();
     }
 }
diff --git a/shoppingcart/src/main/java/com/lambdaschool/shoppingcart/config/ResourceServerConfig.java b/shoppingcart/src/main/java/com/lambdaschool/shoppingcart/config/ResourceServerConfig.java
@@ -0,0 +1,82 @@
+package com.lambdaschool.shoppingcart.config;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
+import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
+import org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler;
+
+/**
+ * Once the client has gained authorization, users need to gain authentication. This class is response for handling that.
+ * It also configures which roles have access to which endpoints. So controls the users' access!
+ */
+@Configuration
+@EnableResourceServer
+public class ResourceServerConfig
+        extends ResourceServerConfigurerAdapter
+{
+    private static final String RESOURCE_ID = "resource_id";
+
+    @Override
+    public void configure(ResourceServerSecurityConfigurer resources)
+    {
+        resources.resourceId(RESOURCE_ID)
+                .stateless(false);
+    }
+
+    /**
+     * This method configures which roles can access which endpoints
+     *
+     * @param http Our HttpSecurity object that is maintains by Spring
+     * @throws Exception in case the configurations fails
+     */
+    @Override
+    public void configure(HttpSecurity http)
+            throws
+            Exception
+    {
+        http.authorizeRequests()
+                .antMatchers("/",
+                        "/h2-console/**",
+                        "/swagger-resources/**",
+                        "/swagger-resource/**",
+                        "/swagger-ui.html",
+                        "/v2/api-docs",
+                        "/webjars/**",
+                        "/createnewuser")
+                .permitAll()
+                .antMatchers("/users/users", "/users/user/**", "/carts/cart/**").hasAnyRole("ADMIN")
+                .antMatchers("/carts/user/**", "/carts/create/**", "/users/myinfo").authenticated()
+                .antMatchers("/carts/update/**", "/carts/delete/**", "/products/**").hasAnyRole("ADMIN")
+//                .antMatchers(HttpMethod.POST,
+//                        "/users/**")
+//                .hasAnyRole("ADMIN")
+//                .antMatchers(HttpMethod.DELETE,
+//                        "/users/**")
+//                .hasAnyRole("ADMIN")
+//                .antMatchers(HttpMethod.PUT,
+//                        "/users/**")
+//                .hasAnyRole("ADMIN")
+//                .antMatchers("/useremails/**",
+//                        "/oauth/revoke-token",
+//                        "/logout")
+//                .authenticated()
+//                .antMatchers("/roles/**")
+//                .hasAnyRole("ADMIN")
+                .and()
+                .exceptionHandling()
+                .accessDeniedHandler(new OAuth2AccessDeniedHandler());
+
+        http.csrf()
+                .disable();
+
+        http.headers()
+                .frameOptions()
+                .disable();
+
+        http.logout()
+                .disable();
+    }
+}
diff --git a/shoppingcart/src/main/java/com/lambdaschool/shoppingcart/config/SecurityConfig.java b/shoppingcart/src/main/java/com/lambdaschool/shoppingcart/config/SecurityConfig.java
@@ -0,0 +1,46 @@
+package com.lambdaschool.shoppingcart.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.oauth2.provider.token.TokenStore;
+import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;
+
+import javax.annotation.Resource;
+
+@Configuration
+@EnableWebSecurity
+@EnableGlobalMethodSecurity(prePostEnabled = true)
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+    @Override
+    @Bean
+    public AuthenticationManager authenticationManagerBean() throws Exception {
+        return super.authenticationManagerBean();
+    }
+
+    @Resource(name = "securityUserService")
+    private UserDetailsService userDetailsService;
+
+    @Autowired
+    public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception {
+        auth.userDetailsService(userDetailsService).passwordEncoder(encoder());
+    }
+
+    @Bean
+    public PasswordEncoder encoder() {
+        return new BCryptPasswordEncoder();
+    }
+
+    @Bean
+    public TokenStore tokenStore() {
+        return new InMemoryTokenStore();
+    }
+}
diff --git a/shoppingcart/src/main/java/com/lambdaschool/shoppingcart/config/Swagger2Config.java b/shoppingcart/src/main/java/com/lambdaschool/shoppingcart/config/Swagger2Config.java
@@ -0,0 +1,56 @@
+package com.lambdaschool.shoppingcart.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Import;
+import springfox.bean.validators.configuration.BeanValidatorPluginsConfiguration;
+import springfox.documentation.builders.ApiInfoBuilder;
+import springfox.documentation.builders.PathSelectors;
+import springfox.documentation.builders.RequestHandlerSelectors;
+import springfox.documentation.service.ApiInfo;
+import springfox.documentation.service.Contact;
+import springfox.documentation.spi.DocumentationType;
+import springfox.documentation.spring.web.plugins.Docket;
+import springfox.documentation.swagger2.annotations.EnableSwagger2;
+
+/**
+ * Configures the default Swagger Documentation
+ */
+@Configuration
+@EnableSwagger2
+@Import(BeanValidatorPluginsConfiguration.class)
+public class Swagger2Config {
+    /**
+     * Configures what to document using Swagger
+     *
+     * @return A Docket which is the primary interface for Swagger configuration
+     */
+    @Bean
+    public Docket api() {
+        return new Docket(DocumentationType.SWAGGER_2)
+                .select()
+                .apis(RequestHandlerSelectors
+                        .basePackage("com.lambdaschool.usermodel"))
+                .paths(PathSelectors.regex("/.*"))
+                .build()
+                .apiInfo(apiEndPointsInfo());
+    }
+
+    /**
+     * Configures some information related to the Application for Swagger
+     *
+     * @return ApiInfo a Swagger object containing identification information for this application
+     */
+    private ApiInfo apiEndPointsInfo() {
+        return new ApiInfoBuilder().title("User Model Example")
+                .description("User Model Example")
+                .contact(new Contact("John Mitchell",
+                        "http://www.lambdaschool.com",
+                        "[email protected]"))
+                .license("MIT")
+                .licenseUrl("https://github.com/LambdaSchool/java-usermodel/blob/master/LICENSE")
+                .version("1.0.0")
+                .build();
+    }
+}
+