diff --git a/exemplos/02-seguranca/pom.xml b/exemplos/02-seguranca/pom.xml
index 7c0b5df..3db60a8 100644
--- a/exemplos/02-seguranca/pom.xml
+++ b/exemplos/02-seguranca/pom.xml
@@ -56,6 +56,24 @@
42.2.8
+
+ io.jsonwebtoken
+ jjwt-api
+ 0.10.5
+
+
+ io.jsonwebtoken
+ jjwt-impl
+ 0.10.5
+ runtime
+
+
+ io.jsonwebtoken
+ jjwt-jackson
+ 0.10.5
+ runtime
+
+
diff --git a/exemplos/02-seguranca/src/main/java/br/com/ifpb/pweb2/securitydemo/config/DBWebSecurityConfig.java b/exemplos/02-seguranca/src/main/java/br/com/ifpb/pweb2/securitydemo/config/DBWebSecurityConfig.java
deleted file mode 100644
index a4fecca..0000000
--- a/exemplos/02-seguranca/src/main/java/br/com/ifpb/pweb2/securitydemo/config/DBWebSecurityConfig.java
+++ /dev/null
@@ -1,31 +0,0 @@
-package br.com.ifpb.pweb2.securitydemo.config;
-
-import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.core.annotation.Order;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.crypto.password.PasswordEncoder;
-
-@ConditionalOnProperty(value = "app.autenticacaoPadrao.tipoAutenticacao", havingValue = "BANCO")
-@Order(5)
-@Configuration
-public class DBWebSecurityConfig extends WebSecurityConfigurerAdapter {
-
- private final UserDetailsService userDetailsService;
-
- private final PasswordEncoder passwordEncoder;
-
- public DBWebSecurityConfig(UserDetailsService userDetailsService, PasswordEncoder passwordEncoder) {
- this.userDetailsService = userDetailsService;
- this.passwordEncoder = passwordEncoder;
- }
-
- @Override
- protected void configure(AuthenticationManagerBuilder auth) throws Exception {
- auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder);
- }
-
-}
diff --git a/exemplos/02-seguranca/src/main/java/br/com/ifpb/pweb2/securitydemo/config/InMemoryWebSecurityConfig.java b/exemplos/02-seguranca/src/main/java/br/com/ifpb/pweb2/securitydemo/config/InMemoryWebSecurityConfig.java
deleted file mode 100644
index 1f220ef..0000000
--- a/exemplos/02-seguranca/src/main/java/br/com/ifpb/pweb2/securitydemo/config/InMemoryWebSecurityConfig.java
+++ /dev/null
@@ -1,36 +0,0 @@
-package br.com.ifpb.pweb2.securitydemo.config;
-
-import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.core.annotation.Order;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.crypto.password.PasswordEncoder;
-
-@ConditionalOnProperty(value = "app.autenticacaoPadrao.tipoAutenticacao", havingValue = "MEMORIA")
-@Order(5)
-@Configuration
-public class InMemoryWebSecurityConfig extends WebSecurityConfigurerAdapter {
-
-
- private final ApplicationConfig applicationConfig;
-
- private final PasswordEncoder passwordEncoder;
-
- public InMemoryWebSecurityConfig(ApplicationConfig applicationConfig, PasswordEncoder passwordEncoder) {
- this.applicationConfig = applicationConfig;
- this.passwordEncoder = passwordEncoder;
- }
-
-
- @Override
- protected void configure(AuthenticationManagerBuilder auth) throws Exception {
- auth.inMemoryAuthentication()
- .passwordEncoder(passwordEncoder)
- .withUser(applicationConfig.getAutenticacaoPadrao().getLogin())
- .password(passwordEncoder.encode(applicationConfig.getAutenticacaoPadrao().getSenha()))
- .authorities("ROLE_"+applicationConfig.getAutenticacaoPadrao().getPapel());
- }
-
-}
diff --git a/exemplos/02-seguranca/src/main/java/br/com/ifpb/pweb2/securitydemo/config/SecurityConfig.java b/exemplos/02-seguranca/src/main/java/br/com/ifpb/pweb2/securitydemo/config/SecurityConfig.java
new file mode 100644
index 0000000..e59034d
--- /dev/null
+++ b/exemplos/02-seguranca/src/main/java/br/com/ifpb/pweb2/securitydemo/config/SecurityConfig.java
@@ -0,0 +1,16 @@
+package br.com.ifpb.pweb2.securitydemo.config;
+
+import lombok.Data;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+@ConfigurationProperties(prefix="security")
+@Data
+public class SecurityConfig {
+ private String tokenType;
+ private String secret;
+ private String issuer;
+ private String audience;
+ private Long expiration;
+}
diff --git a/exemplos/02-seguranca/src/main/java/br/com/ifpb/pweb2/securitydemo/config/WebSecurityConfig.java b/exemplos/02-seguranca/src/main/java/br/com/ifpb/pweb2/securitydemo/config/WebSecurityConfig.java
index f97697d..cc9eb67 100644
--- a/exemplos/02-seguranca/src/main/java/br/com/ifpb/pweb2/securitydemo/config/WebSecurityConfig.java
+++ b/exemplos/02-seguranca/src/main/java/br/com/ifpb/pweb2/securitydemo/config/WebSecurityConfig.java
@@ -1,32 +1,71 @@
package br.com.ifpb.pweb2.securitydemo.config;
-import org.springframework.core.annotation.Order;
+import br.com.ifpb.pweb2.securitydemo.config.jwt.JwtAuthorizationFilter;
+import org.springframework.context.annotation.Bean;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
@EnableWebSecurity
@EnableGlobalMethodSecurity(jsr250Enabled = true, securedEnabled = true, prePostEnabled = true)
/***
* Deve ser carregado por último para garantir que essa configuração será aplicada a todos
*/
-@Order(10)
-public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+//@Order(10)
+public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+
+ private final UserDetailsService userDetailsService;
+
+ private final PasswordEncoder passwordEncoder;
+
+ private final SecurityConfig securityConfig;
+
+ public WebSecurityConfig(UserDetailsService userDetailsService, PasswordEncoder passwordEncoder, SecurityConfig securityConfig) {
+ this.userDetailsService = userDetailsService;
+ this.passwordEncoder = passwordEncoder;
+ this.securityConfig = securityConfig;
+ }
+
@Override
protected void configure(HttpSecurity http) throws Exception {
- http.csrf().disable()
+ http.cors().and()
.authorizeRequests()
- .antMatchers("/api/**").authenticated()
.antMatchers("/publico").permitAll()
- .antMatchers("/usuarios").permitAll()
- .and()
- .sessionManagement()
+ .antMatchers("/login").permitAll()
+ .anyRequest().authenticated()
+ .and()
+ .addFilter(new JwtAuthorizationFilter(authenticationManager(), securityConfig))
+ .sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
- .and()
- .httpBasic();
+ .and()
+ .csrf().disable();
+ }
+
+ public void configure(AuthenticationManagerBuilder auth) throws Exception {
+ auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder);
+ }
+
+
+ @Bean
+ public AuthenticationManager getAuthenticationManager() throws Exception {
+ return authenticationManager();
+ }
+
+ @Bean
+ public CorsConfigurationSource corsConfigurationSource() {
+ final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+ source.registerCorsConfiguration("/**", new CorsConfiguration().applyPermitDefaultValues());
+ return source;
}
}
diff --git a/exemplos/02-seguranca/src/main/java/br/com/ifpb/pweb2/securitydemo/config/jwt/JwtAuthorizationFilter.java b/exemplos/02-seguranca/src/main/java/br/com/ifpb/pweb2/securitydemo/config/jwt/JwtAuthorizationFilter.java
new file mode 100644
index 0000000..eba1bc8
--- /dev/null
+++ b/exemplos/02-seguranca/src/main/java/br/com/ifpb/pweb2/securitydemo/config/jwt/JwtAuthorizationFilter.java
@@ -0,0 +1,82 @@
+package br.com.ifpb.pweb2.securitydemo.config.jwt;
+
+import br.com.ifpb.pweb2.securitydemo.config.SecurityConfig;
+import io.jsonwebtoken.*;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.List;
+import java.util.stream.Collectors;
+
+@Slf4j
+public class JwtAuthorizationFilter extends BasicAuthenticationFilter {
+
+ private final SecurityConfig securityConfig;
+
+ public JwtAuthorizationFilter(AuthenticationManager authenticationManager, SecurityConfig securityConfig) {
+ super(authenticationManager);
+ this.securityConfig = securityConfig;
+ }
+
+ @Override
+ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
+ FilterChain filterChain) throws IOException, ServletException {
+ UsernamePasswordAuthenticationToken authentication = getAuthentication(request);
+ if (authentication == null) {
+ filterChain.doFilter(request, response);
+ return;
+ }
+
+ SecurityContextHolder.getContext().setAuthentication(authentication);
+ filterChain.doFilter(request, response);
+ }
+
+ private UsernamePasswordAuthenticationToken getAuthentication(HttpServletRequest request) {
+ String token = request.getHeader("Authorization");
+ if (token != null && !token.isEmpty() && token.startsWith("Bearer")) {
+ try {
+ String signingKey = securityConfig.getSecret();
+
+ Jws parsedToken = Jwts.parser()
+ .setSigningKey(signingKey.getBytes())
+ .parseClaimsJws(token.replace("Bearer ", ""));
+
+ String username = parsedToken
+ .getBody()
+ .getSubject();
+
+ List authorities = ((List) parsedToken.getBody()
+ .get("roles")).stream()
+ .map(authority -> new SimpleGrantedAuthority((String) authority))
+ .collect(Collectors.toList());
+
+ if (username != null && !username.isEmpty()){
+ return new UsernamePasswordAuthenticationToken(username, null, authorities);
+ }
+
+ } catch (ExpiredJwtException exception) {
+ log.warn("Request to parse expired JWT : {} failed : {}", token, exception.getMessage());
+ } catch (UnsupportedJwtException exception) {
+ log.warn("Request to parse unsupported JWT : {} failed : {}", token, exception.getMessage());
+ } catch (MalformedJwtException exception) {
+ log.warn("Request to parse invalid JWT : {} failed : {}", token, exception.getMessage());
+ } catch (SignatureException exception) {
+ log.warn("Request to parse JWT with invalid signature : {} failed : {}", token, exception.getMessage());
+ } catch (IllegalArgumentException exception) {
+ log.warn("Request to parse empty or null JWT : {} failed : {}", token, exception.getMessage());
+ }
+ }
+
+ return null;
+ }
+
+}
\ No newline at end of file
diff --git a/exemplos/02-seguranca/src/main/java/br/com/ifpb/pweb2/securitydemo/config/jwt/JwtUtil.java b/exemplos/02-seguranca/src/main/java/br/com/ifpb/pweb2/securitydemo/config/jwt/JwtUtil.java
new file mode 100644
index 0000000..743a2d1
--- /dev/null
+++ b/exemplos/02-seguranca/src/main/java/br/com/ifpb/pweb2/securitydemo/config/jwt/JwtUtil.java
@@ -0,0 +1,45 @@
+package br.com.ifpb.pweb2.securitydemo.config.jwt;
+
+import br.com.ifpb.pweb2.securitydemo.config.SecurityConfig;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+import io.jsonwebtoken.security.Keys;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+
+import java.util.Date;
+import java.util.List;
+import java.util.stream.Collectors;
+
+@Configuration
+public class JwtUtil {
+
+ private final SecurityConfig securityConfig;
+ private final String signingKey;
+
+ public JwtUtil(SecurityConfig securityConfig) {
+ this.securityConfig = securityConfig;
+ signingKey = securityConfig.getSecret();
+ }
+
+ public String generateToken(Authentication authentication) {
+ UserDetails user = ((UserDetails) authentication.getPrincipal());
+
+ List roles = user.getAuthorities()
+ .stream()
+ .map(GrantedAuthority::getAuthority)
+ .collect(Collectors.toList());
+
+ return Jwts.builder()
+ .signWith(Keys.hmacShaKeyFor(signingKey.getBytes()), SignatureAlgorithm.HS512)
+ .setHeaderParam("type", securityConfig.getTokenType())
+ .setIssuer(securityConfig.getIssuer()) //emissor
+ .setAudience(securityConfig.getAudience()) //destinatario
+ .setSubject(user.getUsername())
+ .setExpiration(new Date(System.currentTimeMillis() + securityConfig.getExpiration()))
+ .claim("roles", roles)
+ .compact();
+ }
+}
diff --git a/exemplos/02-seguranca/src/main/java/br/com/ifpb/pweb2/securitydemo/controller/LoginController.java b/exemplos/02-seguranca/src/main/java/br/com/ifpb/pweb2/securitydemo/controller/LoginController.java
new file mode 100644
index 0000000..3667a4f
--- /dev/null
+++ b/exemplos/02-seguranca/src/main/java/br/com/ifpb/pweb2/securitydemo/controller/LoginController.java
@@ -0,0 +1,44 @@
+package br.com.ifpb.pweb2.securitydemo.controller;
+
+import br.com.ifpb.pweb2.securitydemo.config.jwt.JwtUtil;
+import br.com.ifpb.pweb2.securitydemo.controller.dto.LoginDTO;
+import br.com.ifpb.pweb2.securitydemo.controller.dto.TokenDTO;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+public class LoginController {
+
+ private final JwtUtil jwtUtil;
+
+ private final AuthenticationManager authenticationManager;
+
+ private final PasswordEncoder passwordEncoder;
+
+ public LoginController(AuthenticationManager authenticationManager, JwtUtil jwtUtil, PasswordEncoder passwordEncoder) {
+ this.jwtUtil = jwtUtil;
+ this.authenticationManager = authenticationManager;
+ this.passwordEncoder = passwordEncoder;
+ }
+
+ @PostMapping("login")
+ public ResponseEntity login(@RequestBody LoginDTO loginDTO) {
+
+ System.out.println(passwordEncoder.encode(loginDTO.getPassword()));
+
+ UsernamePasswordAuthenticationToken authenticationToken =
+ new UsernamePasswordAuthenticationToken(loginDTO.getLogin(), loginDTO.getPassword());
+
+ String token = this.jwtUtil.generateToken(authenticationManager.authenticate(authenticationToken));
+
+ return ResponseEntity.ok(new TokenDTO(token));
+ }
+
+}
diff --git a/exemplos/02-seguranca/src/main/java/br/com/ifpb/pweb2/securitydemo/controller/UsuarioController.java b/exemplos/02-seguranca/src/main/java/br/com/ifpb/pweb2/securitydemo/controller/UsuarioController.java
new file mode 100644
index 0000000..c11c666
--- /dev/null
+++ b/exemplos/02-seguranca/src/main/java/br/com/ifpb/pweb2/securitydemo/controller/UsuarioController.java
@@ -0,0 +1,67 @@
+/*
+ * To change this license header, choose License Headers in Project Properties.
+ * To change this template file, choose Tools | Templates
+ * and open the template in the editor.
+ */
+package br.com.ifpb.pweb2.securitydemo.controller;
+
+import br.com.ifpb.pweb2.securitydemo.domain.Usuario;
+import br.com.ifpb.pweb2.securitydemo.service.UsuarioException;
+import br.com.ifpb.pweb2.securitydemo.service.UsuarioService;
+import java.util.List;
+import javax.validation.Valid;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+import org.springframework.web.bind.annotation.RestController;
+
+/**
+ *
+ * @author ian
+ */
+@RestController
+@RequestMapping("usuario")
+public class UsuarioController {
+ private final UsuarioService usuarioService;
+ private PasswordEncoder passwordEncoder;
+
+ public UsuarioController(UsuarioService usuarioService, PasswordEncoder passwordEncoder) {
+ this.usuarioService = usuarioService;
+ this.passwordEncoder = passwordEncoder;
+ }
+
+ @GetMapping
+ public List listar(){
+ return usuarioService.listarUsuarios();
+ }
+
+ @PostMapping
+ public ResponseEntity salvar(@RequestBody @Valid Usuario usuario){
+ try {
+ usuario.setSenha(passwordEncoder.encode(usuario.getSenha()));
+ usuario = usuarioService.salvarUsuario(usuario);
+ } catch (UsuarioException ex) {
+ return ResponseEntity.badRequest().header("erro", ex.getMessage()).build();
+ }
+ return ResponseEntity.ok(usuario);
+ }
+
+ @PutMapping
+ public ResponseEntity atualizar(@RequestBody @Valid Usuario usuario){
+ usuario.setSenha(passwordEncoder.encode(usuario.getSenha()));
+ return ResponseEntity.ok(usuarioService.atualizarUsuario(usuario));
+ }
+
+ @DeleteMapping("{id}")
+ public ResponseEntity remover(@PathVariable("id") Long id){
+ usuarioService.removerUsuario(id);
+ return ResponseEntity.accepted().build();
+ }
+}
diff --git a/exemplos/02-seguranca/src/main/java/br/com/ifpb/pweb2/securitydemo/controller/dto/LoginDTO.java b/exemplos/02-seguranca/src/main/java/br/com/ifpb/pweb2/securitydemo/controller/dto/LoginDTO.java
new file mode 100644
index 0000000..1e603c7
--- /dev/null
+++ b/exemplos/02-seguranca/src/main/java/br/com/ifpb/pweb2/securitydemo/controller/dto/LoginDTO.java
@@ -0,0 +1,11 @@
+package br.com.ifpb.pweb2.securitydemo.controller.dto;
+
+import lombok.Data;
+
+@Data
+public class LoginDTO {
+
+ private String login;
+ private String password;
+
+}
diff --git a/exemplos/02-seguranca/src/main/java/br/com/ifpb/pweb2/securitydemo/controller/dto/TokenDTO.java b/exemplos/02-seguranca/src/main/java/br/com/ifpb/pweb2/securitydemo/controller/dto/TokenDTO.java
new file mode 100644
index 0000000..450c314
--- /dev/null
+++ b/exemplos/02-seguranca/src/main/java/br/com/ifpb/pweb2/securitydemo/controller/dto/TokenDTO.java
@@ -0,0 +1,10 @@
+package br.com.ifpb.pweb2.securitydemo.controller.dto;
+
+import lombok.AllArgsConstructor;
+import lombok.Data;
+
+@Data
+@AllArgsConstructor
+public class TokenDTO {
+ private String token;
+}
diff --git a/exemplos/02-seguranca/src/main/java/br/com/ifpb/pweb2/securitydemo/domain/Usuario.java b/exemplos/02-seguranca/src/main/java/br/com/ifpb/pweb2/securitydemo/domain/Usuario.java
index ad72737..0791bcb 100644
--- a/exemplos/02-seguranca/src/main/java/br/com/ifpb/pweb2/securitydemo/domain/Usuario.java
+++ b/exemplos/02-seguranca/src/main/java/br/com/ifpb/pweb2/securitydemo/domain/Usuario.java
@@ -52,6 +52,11 @@ public class Usuario implements UserDetails {
private LocalDateTime dataCadastro;
+ public Usuario(String login, String senha){
+ this.login = login;
+ this.senha = senha;
+ }
+
@Override
public Collection getAuthorities() {
return Collections.singleton(new SimpleGrantedAuthority("ROLE_ADMIN"));
diff --git a/exemplos/02-seguranca/src/main/java/br/com/ifpb/pweb2/securitydemo/service/auth/UserDetailsServiceImpl.java b/exemplos/02-seguranca/src/main/java/br/com/ifpb/pweb2/securitydemo/service/auth/UserDetailsServiceImpl.java
index 00a1db8..bd91d43 100644
--- a/exemplos/02-seguranca/src/main/java/br/com/ifpb/pweb2/securitydemo/service/auth/UserDetailsServiceImpl.java
+++ b/exemplos/02-seguranca/src/main/java/br/com/ifpb/pweb2/securitydemo/service/auth/UserDetailsServiceImpl.java
@@ -1,9 +1,12 @@
package br.com.ifpb.pweb2.securitydemo.service.auth;
+import br.com.ifpb.pweb2.securitydemo.config.ApplicationConfig;
+import br.com.ifpb.pweb2.securitydemo.domain.Usuario;
import br.com.ifpb.pweb2.securitydemo.repository.UsuarioRepository;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
@Service("userDetailsService")
@@ -11,12 +14,21 @@ public class UserDetailsServiceImpl implements UserDetailsService {
private final UsuarioRepository usuarioRepository;
- public UserDetailsServiceImpl(UsuarioRepository usuarioRepository) {
+ private final ApplicationConfig applicationConfig;
+
+ private final PasswordEncoder passwordEncoder;
+
+ public UserDetailsServiceImpl(UsuarioRepository usuarioRepository, ApplicationConfig applicationConfig, PasswordEncoder passwordEncoder) {
this.usuarioRepository = usuarioRepository;
+ this.applicationConfig = applicationConfig;
+ this.passwordEncoder = passwordEncoder;
}
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+ if(username.equals(this.applicationConfig.getAutenticacaoPadrao().getLogin())){
+ return new Usuario(this.applicationConfig.getAutenticacaoPadrao().getLogin(), passwordEncoder.encode(this.applicationConfig.getAutenticacaoPadrao().getSenha()));
+ }
return usuarioRepository.findByLogin(username).orElseThrow( () -> new UsernameNotFoundException(username));
}
}
diff --git a/exemplos/02-seguranca/src/main/resources/application-dev.yaml b/exemplos/02-seguranca/src/main/resources/application-dev.yaml
index 05c263f..d951b4b 100644
--- a/exemplos/02-seguranca/src/main/resources/application-dev.yaml
+++ b/exemplos/02-seguranca/src/main/resources/application-dev.yaml
@@ -2,7 +2,7 @@ spring:
datasource:
url: jdbc:postgresql://localhost:5432/pweb2
username: postgres
- password: secret
+ password: postgres
driver-class-name: org.postgresql.Driver
jpa:
hibernate:
diff --git a/exemplos/02-seguranca/src/main/resources/application.yaml b/exemplos/02-seguranca/src/main/resources/application.yaml
index c5af4b7..5dab0c6 100644
--- a/exemplos/02-seguranca/src/main/resources/application.yaml
+++ b/exemplos/02-seguranca/src/main/resources/application.yaml
@@ -10,4 +10,11 @@ app:
login: diego
senha: 123
papel: ADMIN
- tipoAutenticacao: BANCO
\ No newline at end of file
+ tipoAutenticacao: MEMORIA
+
+security:
+ tokenType: JWT
+ issuer: ifpb
+ audience: pweb2
+ expiration: 3600000
+ secret: n2r5u8x/A%D*G-KaPdSgVkYp3s6v9y$B&E(H+MbQeThWmZq4t7w!z%C*F-J@NcRf
\ No newline at end of file