Add authorization by auth server

Added filter for uneditable units
2025-02-15 17:24:10 +03:00 · 2025-02-14 19:54:28 +03:00
14 changed files with 93 additions and 34 deletions
--- a/build.gradle.kts
+++ b/build.gradle.kts
@ -1,49 +1,51 @@
 plugins {
-	java
-	id("org.springframework.boot") version "3.4.1"
-	id("io.spring.dependency-management") version "1.1.7"
-	id("com.vaadin") version "24.6.0"
+    java
+    id("org.springframework.boot") version "3.4.1"
+    id("io.spring.dependency-management") version "1.1.7"
+    id("com.vaadin") version "24.6.0"
 }

 group = "ru.vyatsu"
 version = "1.0.0"

 java {
-	toolchain {
-		languageVersion = JavaLanguageVersion.of(17)
-	}
+    toolchain {
+        languageVersion = JavaLanguageVersion.of(17)
+    }
 }

 configurations {
-	compileOnly {
-		extendsFrom(configurations.annotationProcessor.get())
-	}
+    compileOnly {
+        extendsFrom(configurations.annotationProcessor.get())
+    }
 }

 repositories {
-	mavenCentral()
+    mavenCentral()
 }

 extra["vaadinVersion"] = "24.6.0"

 dependencies {
-	implementation("org.springframework.boot:spring-boot-starter-data-jpa")
-	implementation("org.springframework.boot:spring-boot-starter-web")
-	implementation("com.vaadin:vaadin-spring-boot-starter")
-	implementation("org.yaml:snakeyaml")
-	compileOnly("org.projectlombok:lombok")
-	annotationProcessor("org.projectlombok:lombok")
-	runtimeOnly("org.postgresql:postgresql")
-	testImplementation("org.springframework.boot:spring-boot-starter-test")
-	testRuntimeOnly("org.junit.platform:junit-platform-launcher")
+    implementation("org.springframework.boot:spring-boot-starter-data-jpa")
+    implementation("org.springframework.boot:spring-boot-starter-web")
+    implementation("com.vaadin:vaadin-spring-boot-starter")
+    implementation("org.springframework.boot:spring-boot-starter-oauth2-client")
+
+    implementation("org.yaml:snakeyaml")
+    compileOnly("org.projectlombok:lombok")
+    annotationProcessor("org.projectlombok:lombok")
+    runtimeOnly("org.postgresql:postgresql")
+    testImplementation("org.springframework.boot:spring-boot-starter-test")
+    testRuntimeOnly("org.junit.platform:junit-platform-launcher")
 }

 dependencyManagement {
-	imports {
-		mavenBom("com.vaadin:vaadin-bom:${property("vaadinVersion")}")
-	}
+    imports {
+        mavenBom("com.vaadin:vaadin-bom:${property("vaadinVersion")}")
+    }
 }

 tasks.withType<Test> {
-	useJUnitPlatform()
+    useJUnitPlatform()
 }
--- a/src/main/java/ru/vyatsu/qr_access_admin/client/view/ClientView.java
+++ b/src/main/java/ru/vyatsu/qr_access_admin/client/view/ClientView.java
@ -7,6 +7,7 @@ import com.vaadin.flow.component.orderedlayout.HorizontalLayout;
 import com.vaadin.flow.component.orderedlayout.VerticalLayout;
 import com.vaadin.flow.router.PageTitle;
 import com.vaadin.flow.router.Route;
+import jakarta.annotation.security.PermitAll;
 import ru.vyatsu.qr_access_admin.client.component.ClientEditor;
 import ru.vyatsu.qr_access_admin.client.entity.ClientEntity;
 import ru.vyatsu.qr_access_admin.client.entity.ClientRepository;
@ -16,6 +17,7 @@ import java.util.List;

@Route(value = "clients", layout = MainLayout.class)
@PageTitle("Клиенты")
+@PermitAll
 public class ClientView extends VerticalLayout {
    private final ClientRepository repository;
    private final Grid<ClientEntity> grid;
--- a/src/main/java/ru/vyatsu/qr_access_admin/common/config/SecurityConfiguration.java
+++ b/src/main/java/ru/vyatsu/qr_access_admin/common/config/SecurityConfiguration.java
@ -0,0 +1,17 @@
+package ru.vyatsu.qr_access_admin.common.config;
+
+import com.vaadin.flow.spring.security.VaadinWebSecurity;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfiguration extends VaadinWebSecurity {
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        super.configure(http);
+        http.oauth2Login(c -> c.loginProcessingUrl("/login/oauth2/code/own"));
+    }
+}
--- a/src/main/java/ru/vyatsu/qr_access_admin/common/view/MainView.java
+++ b/src/main/java/ru/vyatsu/qr_access_admin/common/view/MainView.java
@ -1,12 +1,14 @@
 package ru.vyatsu.qr_access_admin.common.view;

-import ru.vyatsu.qr_access_admin.common.MainLayout;
 import com.vaadin.flow.component.orderedlayout.VerticalLayout;
 import com.vaadin.flow.router.PageTitle;
 import com.vaadin.flow.router.Route;
+import jakarta.annotation.security.PermitAll;
+import ru.vyatsu.qr_access_admin.common.MainLayout;

@Route(value = "", layout = MainLayout.class)
@PageTitle("Start")
+@PermitAll
 public class MainView extends VerticalLayout {

 }
--- a/src/main/java/ru/vyatsu/qr_access_admin/door/view/DoorView.java
+++ b/src/main/java/ru/vyatsu/qr_access_admin/door/view/DoorView.java
@ -7,6 +7,7 @@ import com.vaadin.flow.component.orderedlayout.HorizontalLayout;
 import com.vaadin.flow.component.orderedlayout.VerticalLayout;
 import com.vaadin.flow.router.PageTitle;
 import com.vaadin.flow.router.Route;
+import jakarta.annotation.security.PermitAll;
 import jakarta.persistence.EntityManager;
 import jakarta.persistence.EntityManagerFactory;
 import jakarta.persistence.Query;
@ -22,6 +23,7 @@ import java.util.List;

@Route(value = "doors", layout = MainLayout.class)
@PageTitle("Двери")
+@PermitAll
 public class DoorView extends VerticalLayout {
    private final Grid<DoorEntity> grid;
    private final DoorRepository repository;
--- a/src/main/java/ru/vyatsu/qr_access_admin/partner/view/PartnerView.java
+++ b/src/main/java/ru/vyatsu/qr_access_admin/partner/view/PartnerView.java
@ -7,6 +7,7 @@ import com.vaadin.flow.component.orderedlayout.HorizontalLayout;
 import com.vaadin.flow.component.orderedlayout.VerticalLayout;
 import com.vaadin.flow.router.PageTitle;
 import com.vaadin.flow.router.Route;
+import jakarta.annotation.security.PermitAll;
 import ru.vyatsu.qr_access_admin.common.MainLayout;
 import ru.vyatsu.qr_access_admin.partner.component.PartnerEditor;
 import ru.vyatsu.qr_access_admin.partner.entity.PartnerEntity;
@ -16,6 +17,7 @@ import java.util.List;

@Route(value = "partners", layout = MainLayout.class)
@PageTitle("Партнеры")
+@PermitAll
 public class PartnerView extends VerticalLayout {
    private final PartnerRepository repository;
    private final Grid<PartnerEntity> grid;
--- a/src/main/java/ru/vyatsu/qr_access_admin/qr/view/QrView.java
+++ b/src/main/java/ru/vyatsu/qr_access_admin/qr/view/QrView.java
@ -7,6 +7,7 @@ import com.vaadin.flow.component.orderedlayout.HorizontalLayout;
 import com.vaadin.flow.component.orderedlayout.VerticalLayout;
 import com.vaadin.flow.router.PageTitle;
 import com.vaadin.flow.router.Route;
+import jakarta.annotation.security.PermitAll;
 import ru.vyatsu.qr_access_admin.common.MainLayout;
 import ru.vyatsu.qr_access_admin.door.entity.DoorRepository;
 import ru.vyatsu.qr_access_admin.qr.component.QrEditor;
@ -17,6 +18,7 @@ import java.util.List;

@Route(value = "qrs", layout = MainLayout.class)
@PageTitle("Коды")
+@PermitAll
 public class QrView extends VerticalLayout {
    private final QrRepository repository;
    private final Grid<QrEntity> grid;
--- a/src/main/java/ru/vyatsu/qr_access_admin/slot/view/SlotView.java
+++ b/src/main/java/ru/vyatsu/qr_access_admin/slot/view/SlotView.java
@ -7,6 +7,7 @@ import com.vaadin.flow.component.orderedlayout.HorizontalLayout;
 import com.vaadin.flow.component.orderedlayout.VerticalLayout;
 import com.vaadin.flow.router.PageTitle;
 import com.vaadin.flow.router.Route;
+import jakarta.annotation.security.PermitAll;
 import ru.vyatsu.qr_access_admin.common.MainLayout;
 import ru.vyatsu.qr_access_admin.slot.component.SlotEditor;
 import ru.vyatsu.qr_access_admin.slot.entity.SlotEntity;
@ -16,6 +17,7 @@ import java.util.List;

@Route(value = "slots", layout = MainLayout.class)
@PageTitle("Слоты")
+@PermitAll
 public class SlotView extends VerticalLayout {
    private final SlotRepository repository;
    private final Grid<SlotEntity> grid;
--- a/src/main/java/ru/vyatsu/qr_access_admin/unit/entity/UnitEntity.java
+++ b/src/main/java/ru/vyatsu/qr_access_admin/unit/entity/UnitEntity.java
@ -47,4 +47,6 @@ public class UnitEntity {
    @Column
    @JdbcTypeCode(SqlTypes.JSON)
    private String tokenSettings;
+    @Column
+    private Boolean adminEditable;
 }
--- a/src/main/java/ru/vyatsu/qr_access_admin/unit/entity/UnitRepository.java
+++ b/src/main/java/ru/vyatsu/qr_access_admin/unit/entity/UnitRepository.java
@ -3,6 +3,9 @@ package ru.vyatsu.qr_access_admin.unit.entity;
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.stereotype.Repository;

+import java.util.List;
+
@Repository
 public interface UnitRepository extends JpaRepository<UnitEntity, String> {
+    List<UnitEntity> findAllByAdminEditableIsTrue();
 }
--- a/src/main/java/ru/vyatsu/qr_access_admin/unit/mapper/UnitEntityUnitModelMapper.java
+++ b/src/main/java/ru/vyatsu/qr_access_admin/unit/mapper/UnitEntityUnitModelMapper.java
@ -1,8 +1,8 @@
 package ru.vyatsu.qr_access_admin.unit.mapper;

+import org.springframework.stereotype.Component;
 import ru.vyatsu.qr_access_admin.unit.entity.UnitEntity;
 import ru.vyatsu.qr_access_admin.unit.model.UnitModel;
-import org.springframework.stereotype.Component;

 import java.util.Collection;
 import java.util.List;
@ -32,6 +32,7 @@ public class UnitEntityUnitModelMapper {
        entity.setTokenSettings(DEFAULT_TOKEN_SETTINGS);
        entity.setRedirectUris("");
        entity.setPostLogoutRedirectUris("");
+        entity.setAdminEditable(true);
        return entity;
    }

@ -42,6 +43,7 @@ public class UnitEntityUnitModelMapper {
        unitModel.setClientSecret(entity.getClientSecret());
        unitModel.setClientName(entity.getClientName());
        unitModel.setClientSecretExpiresAt(entity.getClientSecretExpiresAt());
+        unitModel.setAdminEditable(entity.getAdminEditable());
        return unitModel;
    }

--- a/src/main/java/ru/vyatsu/qr_access_admin/unit/model/UnitModel.java
+++ b/src/main/java/ru/vyatsu/qr_access_admin/unit/model/UnitModel.java
@ -1,11 +1,11 @@
 package ru.vyatsu.qr_access_admin.unit.model;

-import ru.vyatsu.qr_access_admin.common.validation.IsAfter;
 import jakarta.validation.constraints.NotBlank;
 import jakarta.validation.constraints.Size;
 import lombok.Getter;
 import lombok.NoArgsConstructor;
 import lombok.Setter;
+import ru.vyatsu.qr_access_admin.common.validation.IsAfter;

 import java.time.LocalDateTime;

@ -26,4 +26,6 @@ public class UnitModel {
    @NotBlank
    @Size(max = 255)
    private String clientName;
+
+    private boolean adminEditable;
 }
--- a/src/main/java/ru/vyatsu/qr_access_admin/unit/view/UnitView.java
+++ b/src/main/java/ru/vyatsu/qr_access_admin/unit/view/UnitView.java
@ -7,6 +7,7 @@ import com.vaadin.flow.component.orderedlayout.HorizontalLayout;
 import com.vaadin.flow.component.orderedlayout.VerticalLayout;
 import com.vaadin.flow.router.PageTitle;
 import com.vaadin.flow.router.Route;
+import jakarta.annotation.security.PermitAll;
 import ru.vyatsu.qr_access_admin.common.MainLayout;
 import ru.vyatsu.qr_access_admin.unit.component.UnitEditor;
 import ru.vyatsu.qr_access_admin.unit.entity.UnitEntity;
@ -18,6 +19,7 @@ import java.util.List;

@Route(value = "units", layout = MainLayout.class)
@PageTitle("Устройства")
+@PermitAll
 public class UnitView extends VerticalLayout {

    private final UnitRepository unitRepository;
@ -31,6 +33,7 @@ public class UnitView extends VerticalLayout {

        var addButton = new Button("Добавить устройство", VaadinIcon.PLUS.create());
        grid = new Grid<>(UnitModel.class);
+        grid.setColumns("clientId", "clientName", "clientSecretExpiresAt");
        editor = new UnitEditor();

        var actionsLayout = new HorizontalLayout(addButton);
@ -47,7 +50,7 @@ public class UnitView extends VerticalLayout {
    }

    private void refreshUnitsGrid() {
-        List<UnitEntity> entities = unitRepository.findAll();
+        List<UnitEntity> entities = unitRepository.findAllByAdminEditableIsTrue();

        grid.setItems(entityModelMapper.mapEntityToModel(entities));
    }
@ -72,9 +75,11 @@ public class UnitView extends VerticalLayout {
        });

        editor.setDeleteListener(unit -> {
-            unitRepository.deleteById(unit.getId());
-            refreshUnitsGrid();
-            editUnit(null);
+            if (unit.isAdminEditable()) {
+                unitRepository.deleteById(unit.getId());
+                refreshUnitsGrid();
+                editUnit(null);
+            }
        });

        editor.setCancelListener(() -> editUnit(null));
--- a/src/main/resources/application.yaml
+++ b/src/main/resources/application.yaml
@ -9,6 +9,20 @@ spring:
    password: 123
  security:
    oauth2:
-      resourceserver:
-        jwt:
-          jwk-set-uri: http://localhost:8081/oauth2/jwks
+      client:
+        registration:
+          own:
+            clientId: ${CLIENT_ID:admin}
+            clientSecret: ${CLIENT_SECRET:}
+            authorizationGrantType: authorization_code
+            clientAuthenticationMethod: none
+            scope:
+              - admin
+              - openid
+            redirectUri: "{baseUrl}/login/oauth2/code/{registrationId}"
+        provider:
+          own:
+            issuerUri: http://127.0.0.1:8081
+            jwkSetUri: http://127.0.0.1:8081/oauth2/jwks
+            tokenUri: http://127.0.0.1:8081/oauth2/token
+            authorizationUri: http://127.0.0.1:8081/oauth2/authorize
Author	SHA1	Message	Date
kashiuno	7dbfd77547	Add authorization by auth server	2025-02-15 17:24:10 +03:00
kashiuno	e98789a1ee	Added filter for uneditable units	2025-02-14 19:54:28 +03:00