From 8ff5b3e538f6d0c48f394b94c6ecfc8fa00fc988 Mon Sep 17 00:00:00 2001 From: egmp777 Date: Thu, 11 Dec 2014 15:33:40 -0500 Subject: [PATCH] Registration with PasswordEncoding --- .../baeldung/event/OnRegistrationCompleteEvent.java | 2 -- .../event/listener/RegistrationListener.java | 2 +- .../java/org/baeldung/hashing/HashGenerator.java | 12 ++++++++++++ .../java/org/baeldung/persistence/model/Role.java | 2 -- .../persistence/model/VerificationToken.java | 1 - .../baeldung/persistence/service/UserService.java | 9 +++++---- .../org/baeldung/security/MyUserDetailsService.java | 11 +++-------- .../main/java/org/baeldung/spring/MvcConfig.java | 8 ++++++++ .../web/controller/RegistrationController.java | 6 +++--- .../src/main/resources/application.properties | 2 +- .../src/main/resources/webSecurityConfig.xml | 13 +++++++++---- 11 files changed, 42 insertions(+), 26 deletions(-) create mode 100644 spring-security-login-and-registration/src/main/java/org/baeldung/hashing/HashGenerator.java diff --git a/spring-security-login-and-registration/src/main/java/org/baeldung/event/OnRegistrationCompleteEvent.java b/spring-security-login-and-registration/src/main/java/org/baeldung/event/OnRegistrationCompleteEvent.java index f731c23fb1c1..9094099eccc0 100644 --- a/spring-security-login-and-registration/src/main/java/org/baeldung/event/OnRegistrationCompleteEvent.java +++ b/spring-security-login-and-registration/src/main/java/org/baeldung/event/OnRegistrationCompleteEvent.java @@ -3,9 +3,7 @@ import java.util.Locale; import org.baeldung.persistence.model.User; -import org.baeldung.web.controller.RegistrationController; import org.springframework.context.ApplicationEvent; -import org.springframework.web.context.request.WebRequest; @SuppressWarnings("serial") public class OnRegistrationCompleteEvent extends ApplicationEvent { diff --git a/spring-security-login-and-registration/src/main/java/org/baeldung/event/listener/RegistrationListener.java b/spring-security-login-and-registration/src/main/java/org/baeldung/event/listener/RegistrationListener.java index 17cd7d6b0c66..5c848c7433d2 100644 --- a/spring-security-login-and-registration/src/main/java/org/baeldung/event/listener/RegistrationListener.java +++ b/spring-security-login-and-registration/src/main/java/org/baeldung/event/listener/RegistrationListener.java @@ -32,7 +32,7 @@ private void confirmRegistration(OnRegistrationCompleteEvent event) { User user = event.getUser(); String token = UUID.randomUUID().toString(); service.createVerificationTokenForUser(user, token); - + String recipientAddress = user.getEmail(); String subject = "Registration Confirmation"; String confirmationUrl = event.getAppUrl() + "/regitrationConfirm.html?token=" + token; diff --git a/spring-security-login-and-registration/src/main/java/org/baeldung/hashing/HashGenerator.java b/spring-security-login-and-registration/src/main/java/org/baeldung/hashing/HashGenerator.java new file mode 100644 index 000000000000..bf9620a05202 --- /dev/null +++ b/spring-security-login-and-registration/src/main/java/org/baeldung/hashing/HashGenerator.java @@ -0,0 +1,12 @@ +package org.baeldung.hashing; + +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; + +public class HashGenerator { + + public String getHashedPassword(String password) { + BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder(); + String hashedPassword = passwordEncoder.encode(password); + return hashedPassword; + } +} diff --git a/spring-security-login-and-registration/src/main/java/org/baeldung/persistence/model/Role.java b/spring-security-login-and-registration/src/main/java/org/baeldung/persistence/model/Role.java index 2468fb997d49..b6d495a266a8 100644 --- a/spring-security-login-and-registration/src/main/java/org/baeldung/persistence/model/Role.java +++ b/spring-security-login-and-registration/src/main/java/org/baeldung/persistence/model/Role.java @@ -1,7 +1,6 @@ package org.baeldung.persistence.model; import javax.persistence.CascadeType; -import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.FetchType; import javax.persistence.GeneratedValue; @@ -23,7 +22,6 @@ public class Role { @JoinColumn(name = "user_id") private User user; - @Column(name = "role") private Integer role; public Role() { diff --git a/spring-security-login-and-registration/src/main/java/org/baeldung/persistence/model/VerificationToken.java b/spring-security-login-and-registration/src/main/java/org/baeldung/persistence/model/VerificationToken.java index 368f966a396f..d85aecb61887 100644 --- a/spring-security-login-and-registration/src/main/java/org/baeldung/persistence/model/VerificationToken.java +++ b/spring-security-login-and-registration/src/main/java/org/baeldung/persistence/model/VerificationToken.java @@ -3,7 +3,6 @@ import java.util.Calendar; import java.sql.Date; import java.sql.Timestamp; - import javax.persistence.Entity; import javax.persistence.FetchType; import javax.persistence.GeneratedValue; diff --git a/spring-security-login-and-registration/src/main/java/org/baeldung/persistence/service/UserService.java b/spring-security-login-and-registration/src/main/java/org/baeldung/persistence/service/UserService.java index 299a3cdfcd91..a0b8ed4a4baa 100644 --- a/spring-security-login-and-registration/src/main/java/org/baeldung/persistence/service/UserService.java +++ b/spring-security-login-and-registration/src/main/java/org/baeldung/persistence/service/UserService.java @@ -2,6 +2,7 @@ import javax.transaction.Transactional; +import org.baeldung.hashing.HashGenerator; import org.baeldung.persistence.dao.UserRepository; import org.baeldung.persistence.dao.VerificationTokenRepository; import org.baeldung.persistence.model.Role; @@ -20,7 +21,8 @@ public class UserService implements IUserService { @Autowired private VerificationTokenRepository tokenRepository; - // API + @Autowired + private HashGenerator hashGenerator; @Override public User registerNewUserAccount(UserDto accountDto) throws EmailExistsException { @@ -30,7 +32,8 @@ public User registerNewUserAccount(UserDto accountDto) throws EmailExistsExcepti User user = new User(); user.setFirstName(accountDto.getFirstName()); user.setLastName(accountDto.getLastName()); - user.setPassword(accountDto.getPassword()); + String hashedPassword = hashGenerator.getHashedPassword(accountDto.getPassword()); + user.setPassword(hashedPassword); user.setEmail(accountDto.getEmail()); user.setRole(new Role(Integer.valueOf(1), user)); return repository.save(user); @@ -63,8 +66,6 @@ public void createVerificationTokenForUser(User user, String token) { tokenRepository.save(myToken); } - // - private boolean emailExist(String email) { User user = repository.findByEmail(email); if (user != null) { diff --git a/spring-security-login-and-registration/src/main/java/org/baeldung/security/MyUserDetailsService.java b/spring-security-login-and-registration/src/main/java/org/baeldung/security/MyUserDetailsService.java index c08c47d1b254..a1035040555d 100644 --- a/spring-security-login-and-registration/src/main/java/org/baeldung/security/MyUserDetailsService.java +++ b/spring-security-login-and-registration/src/main/java/org/baeldung/security/MyUserDetailsService.java @@ -3,11 +3,10 @@ import java.util.ArrayList; import java.util.Collection; import java.util.List; + import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.baeldung.persistence.dao.UserRepository; import org.baeldung.persistence.model.User; import org.baeldung.persistence.service.IUserService; @@ -22,8 +21,6 @@ @Transactional public class MyUserDetailsService implements UserDetailsService { - private final Logger LOGGER = LoggerFactory.getLogger(getClass()); - @Autowired private UserRepository userRepository; @Autowired @@ -41,14 +38,12 @@ public UserDetails loadUserByUsername(String email) throws UsernameNotFoundExcep boolean credentialsNonExpired = true; boolean accountNonLocked = true; try { - LOGGER.debug("Loading user by username: {}", email); User user = userRepository.findByEmail(email); - LOGGER.debug("Found user: {}", user); if (user == null) { return new org.springframework.security.core.userdetails.User(" ", " ", enabled, true, true, true, getAuthorities(new Integer(1))); } - - return new org.springframework.security.core.userdetails.User(user.getEmail(), user.getPassword().toLowerCase(), user.isEnabled(), accountNonExpired, credentialsNonExpired, accountNonLocked, getAuthorities(user.getRole().getRole())); + + return new org.springframework.security.core.userdetails.User(user.getEmail(), user.getPassword(), user.isEnabled(), accountNonExpired, credentialsNonExpired, accountNonLocked, getAuthorities(user.getRole().getRole())); } catch (Exception e) { throw new RuntimeException(e); } diff --git a/spring-security-login-and-registration/src/main/java/org/baeldung/spring/MvcConfig.java b/spring-security-login-and-registration/src/main/java/org/baeldung/spring/MvcConfig.java index 5f1e79f023e1..3294ac2788d4 100644 --- a/spring-security-login-and-registration/src/main/java/org/baeldung/spring/MvcConfig.java +++ b/spring-security-login-and-registration/src/main/java/org/baeldung/spring/MvcConfig.java @@ -2,6 +2,7 @@ import java.util.Locale; +import org.baeldung.hashing.HashGenerator; import org.baeldung.validation.service.EmailValidator; import org.baeldung.validation.service.PasswordMatchesValidator; import org.springframework.context.MessageSource; @@ -100,4 +101,11 @@ public PasswordMatchesValidator passwordMatchesValidator() { return passwordMatchesValidator; } + // DIC 7 + @Bean + public HashGenerator hashGenerator() { + HashGenerator hashGenerator = new HashGenerator(); + return hashGenerator; + } + } \ No newline at end of file diff --git a/spring-security-login-and-registration/src/main/java/org/baeldung/web/controller/RegistrationController.java b/spring-security-login-and-registration/src/main/java/org/baeldung/web/controller/RegistrationController.java index 635fb0dc4455..69709c9190bb 100644 --- a/spring-security-login-and-registration/src/main/java/org/baeldung/web/controller/RegistrationController.java +++ b/spring-security-login-and-registration/src/main/java/org/baeldung/web/controller/RegistrationController.java @@ -60,21 +60,21 @@ public String showRegistrationForm(WebRequest request, Model model) { @RequestMapping(value = "/regitrationConfirm", method = RequestMethod.GET) public String confirmRegistration(WebRequest request, Model model, @RequestParam("token") String token) { Locale locale = request.getLocale(); - + VerificationToken verificationToken = service.getVerificationToken(token); if (verificationToken == null) { String message = messages.getMessage("auth.message.invalidToken", null, locale); model.addAttribute("message", message); return "redirect:/badUser.html?lang=" + locale.getLanguage(); } - + User user = verificationToken.getUser(); Calendar cal = Calendar.getInstance(); if ((verificationToken.getExpiryDate().getTime() - cal.getTime().getTime()) <= 0) { model.addAttribute("message", messages.getMessage("auth.message.expired", null, locale)); return "redirect:/badUser.html?lang=" + locale.getLanguage(); } - + user.setEnabled(true); service.saveRegisteredUser(user); return "redirect:/login.html?lang=" + locale.getLanguage(); diff --git a/spring-security-login-and-registration/src/main/resources/application.properties b/spring-security-login-and-registration/src/main/resources/application.properties index 51db80104337..70d0f6349925 100644 --- a/spring-security-login-and-registration/src/main/resources/application.properties +++ b/spring-security-login-and-registration/src/main/resources/application.properties @@ -14,4 +14,4 @@ smtp.port=465 smtp.protocol=smtps smtp.username=xxx777@gmail.com smtp.password= -support.email=xxx777@gmail.com \ No newline at end of file +support.email=xxx777@gmail.com diff --git a/spring-security-login-and-registration/src/main/resources/webSecurityConfig.xml b/spring-security-login-and-registration/src/main/resources/webSecurityConfig.xml index d6abce888951..0a05c240261a 100644 --- a/spring-security-login-and-registration/src/main/resources/webSecurityConfig.xml +++ b/spring-security-login-and-registration/src/main/resources/webSecurityConfig.xml @@ -15,7 +15,7 @@ - + @@ -32,10 +32,15 @@ - - + + + - + + + \ No newline at end of file