Robię projekt w Spring 4.1.6, Spring Security 4.0.1, mam Resta który działa, teraz chcę zrobić jego autoryzację, tak sobie pomyślałem że będzie ona oparta o tokeny. Poniżej przedstawiam moje klasy konfiguracyjne:
AppConfig
@Configuration
@EnableWebMvc
@ComponentScan(basePackages = "pl.wrweb.springrest")
public class AppConfig extends WebMvcConfigurerAdapter {
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
}
@Override
public void configureDefaultServletHandling(DefaultServletHandlerConfigurer configurer) {
configurer.enable();
}
@Bean(name = "messageSource")
public ReloadableResourceBundleMessageSource getMessageSource() {
ReloadableResourceBundleMessageSource resource = new ReloadableResourceBundleMessageSource();
resource.setBasename("classpath:messages");
resource.setDefaultEncoding("UTF-8");
return resource;
}
}
AppInitializer
public class AppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
public void onStartup(ServletContext container) throws ServletException {
AnnotationConfigWebApplicationContext ctx = new AnnotationConfigWebApplicationContext();
ctx.register(AppConfig.class);
ctx.setServletContext(container);
ServletRegistration.Dynamic servlet = container.addServlet("dispatcher", new DispatcherServlet(ctx));
servlet.setLoadOnStartup(1);
servlet.addMapping("/");
container.addFilter("customFilter", new DelegatingFilterProxy(new CustomFilter())).addMappingForUrlPatterns(null, true, "/*");
}
@Override
protected String[] getServletMappings() {
return new String[0];
}
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class<?>[0];
}
@Override
protected Class<?>[] getServletConfigClasses() {
return new Class<?>[0];
}
}
HibernateConfiguration
@Configuration
@EnableTransactionManagement
@ComponentScan({ "pl.wrweb.springrest.configuration" })
@PropertySource(value = { "classpath:application.properties" })
public class HibernateConfiguration {
@Autowired
private Environment environment;
@Bean
public LocalSessionFactoryBean sessionFactory() {
LocalSessionFactoryBean sessionFactory = new LocalSessionFactoryBean();
sessionFactory.setDataSource(dataSource());
sessionFactory.setPackagesToScan(new String[] {"pl.wrweb.springrest.entity" });
sessionFactory.setHibernateProperties(hibernateProperties());
return sessionFactory;
}
@Bean
public DataSource dataSource() {
DriverManagerDataSource dataSource = new DriverManagerDataSource();
dataSource.setDriverClassName(environment.getRequiredProperty("jdbc.driverClassName"));
dataSource.setUrl(environment.getRequiredProperty("jdbc.url"));
dataSource.setUsername(environment.getRequiredProperty("jdbc.username"));
dataSource.setPassword(environment.getRequiredProperty("jdbc.password"));
return dataSource;
}
private Properties hibernateProperties() {
Properties properties = new Properties();
properties.put("hibernate.dialect", environment.getRequiredProperty("hibernate.dialect"));
properties.put("hibernate.hbm2ddl.auto", environment.getRequiredProperty("update"));
properties.put("hibernate.format_sql", environment.getRequiredProperty("hibernate.format_sql"));
return properties;
}
@Bean
@Autowired
public HibernateTransactionManager transactionManager(SessionFactory s) {
HibernateTransactionManager txManager = new HibernateTransactionManager();
txManager.setSessionFactory(s);
return txManager;
}
}
Dodałem też Filter który sprawdza z jakiego urla przychodzi request i czy ma token, jeśli ma sprawdza czy token poprawny jeśli poprawny generuje kolejny token i dokleja do header responsa.
@Configuration
@EnableWebSecurity
public class CustomFilter implements Filter {
@Autowired
UserService userService;
public void init(FilterConfig fc) throws ServletException {
}
public void doFilter(ServletRequest req, ServletResponse res, FilterChain fc) throws IOException, ServletException {
System.out.println("doFilter");
HttpServletRequest httpServletRequest = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
if (httpServletRequest.getRequestURI().contains("/employee/")) {
String token = httpServletRequest.getHeader("x-token");
System.out.println("token " + token);
Long userId = TokenUtils.getUserNameFromToken(token);
System.out.println("ObjectStore.token " + ObjectStore.token);
if (token!=null) {
if (token.equals(String.valueOf(ObjectStore.token))) {
int index = ObjectStore.token++;
ObjectStore.token = index+1;
System.out.println("index " +ObjectStore.token + "token " + token);
response.setHeader("x-token", String.valueOf(ObjectStore.token));
fc.doFilter(req, response);
} else {
response.sendError(HttpStatus.FORBIDDEN.value());
fc.doFilter(req, response);
return;
}
} else {
response.sendError(HttpStatus.FORBIDDEN.value());
fc.doFilter(req, response);
return;
}
} else {
fc.doFilter(req, res);
}
}
public void destroy() {
}
}
To tez działa, ale chcę zrobić tak żeby genrowany token był dodawany do bazy i sprawdzany z tym w bazie, w tym celu próbuje wstrzyknąć:
@Autowired
UserService userService
ale jest nullem. Jak można rozwiązać ten problem, czy to co robię jest prawidłowe czy może powinno się to inaczej zrobić?Dodam że zależy mi na konfiguracji w javie.