Académique Documents
Professionnel Documents
Culture Documents
UP ASI
Bureau E204
-Introduction
-TP
– Association: ManyToMany
public class Role implements Serializable {
class User implements Serializable {
@Entity @Id
@Getter @GeneratedValue(strategy =
@Setter GenerationType.AUTO)
@AllArgsConstructor private int id;
@NoArgsConstructor @Enumerated(EnumType.STRING)
public class User implements Serializable { private RoleName role;
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
private int id; import org.springframework.security.core.GrantedAuthority;
private String userName; public enum RoleName implements
private String email;
private String password;
GrantedAuthority {
private String name; ADMIN,
private String lastName; SUPERADMIN;
private Boolean active; @Override
@ManyToMany(cascade = CascadeType.PERSIST, fetch public String getAuthority() {
= FetchType.EAGER)
private Set<Role> roles; return "ROLE_" + name();
} }}
@Repository
public interface UserRepository extends CrudRepository<User,
Long> {
@Repository
public interface RoleRepository extends CrudRepository<Role,
Integer> {
Role findByRole(String role);
Implémente org.springframework.security.core.userdetails.UserDetailsService :
import javax.transaction.Transactional;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
@Service
public class MyUserDetailsService implements UserDetailsService {
@Autowired
private UserService userService;
@Override
@Transactional
public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException {
User user = userService.findUserByUserName(userName);
List<GrantedAuthority> authorities = getUserAuthority(user.getRoles());
return new org.springframework.security.core.userdetails.User(user.getUserName(),
user.getPassword(),user.getActive(), true, true, true, authorities); }
…
@Service
public class UserService {
@Autowired
private UserRepository userRepository;
BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
@RestController
public class HomeController {
@Autowired
UserService userService;
@PostMapping("/registration")
public String createNewUser( @RequestBody User user) {
String msg="";
User userExists = userService.findUserByUserName(user.getUserName());
if (userExists != null) {
msg="There is already a user registered with the user name provided";
} else {
userService.saveUser(user);
msg="OK"; }
return msg; }
…
• L’accès au service /retrieve-all-clients n’est autorisé qu’au user dont le rôle est
admin.
• Dans notre exemple, nous nous sommes basés sur la notion de basic
authentification. Plusieurs autres cas existent pour assurer la sécurité de notre
application tel que la génération des tokens.
Département Informatique
UP ASI
Bureau E204