Spring security

pom.xml

@@ -56,6 +56,12 @@
             <scope>runtime</scope>
         </dependency>
 
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+            <version>3.3.3</version>
+        </dependency>
+
         <dependency>
             <groupId>org.projectlombok</groupId>
             <artifactId>lombok</artifactId>

src/main/java/project/bookstore/config/SecurityConfig.java

@@ -0,0 +1,44 @@
+package project.bookstore.config;
+
+import lombok.RequiredArgsConstructor;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.SecurityFilterChain;
+
+@Configuration
+@EnableMethodSecurity
+@RequiredArgsConstructor
+public class SecurityConfig {
+    private final UserDetailsService userDetailsService;
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+
+    @Bean
+    public SecurityFilterChain getSecurityFilterChain(HttpSecurity http) throws Exception {
+        return http
+                .cors(AbstractHttpConfigurer::disable)
+                .csrf(AbstractHttpConfigurer::disable)
+                .authorizeHttpRequests(
+                        auth -> auth
+                                .requestMatchers(
+                                        "/auth/**",
+                                        "/swagger-ui/**",
+                                        "/v3/api-docs/**"
+                                )
+                                .permitAll()
+                                .anyRequest()
+                                .authenticated()
+                )
+                .userDetailsService(userDetailsService)
+                .build();
+    }
+}

src/main/java/project/bookstore/controller/AuthenticationController.java

@@ -28,6 +28,7 @@ public class AuthenticationController {
     )
     public UserResponseDto register(@RequestBody @Valid UserRegistrationRequestDto requestDto)
             throws RegistrationException {
+
         return userService.register(requestDto);
     }
 }

src/main/java/project/bookstore/controller/BookController.java

@@ -6,6 +6,7 @@
 import java.util.List;
 import lombok.RequiredArgsConstructor;
 import org.springframework.data.domain.Pageable;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -45,6 +46,7 @@ public BookDto getBookById(@PathVariable Long id) {
     }
 
     @PostMapping
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
     @Operation(
             summary = "Create new book",
             description = "Create new book and add to db")
@@ -53,6 +55,7 @@ public BookDto createBook(@RequestBody @Valid CreateBookRequestDto requestDto) {
     }
 
     @PutMapping("/{id}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
     @Operation(summary = "Update book's info", description = "Update book's info")
     public BookDto updateBook(
             @RequestBody @Valid CreateBookRequestDto requestDto,
@@ -62,6 +65,7 @@ public BookDto updateBook(
     }
 
     @DeleteMapping("/{id}")
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
     @Operation(summary = "Delete book", description = "Delete book from db")
     public void deleteBook(@PathVariable Long id) {
         bookService.deleteBookById(id);

src/main/java/project/bookstore/model/Role.java

@@ -0,0 +1,31 @@
+package project.bookstore.model;
+
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.EnumType;
+import jakarta.persistence.Enumerated;
+import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.GenerationType;
+import jakarta.persistence.Id;
+import jakarta.persistence.Table;
+import lombok.Getter;
+import lombok.Setter;
+import org.springframework.security.core.GrantedAuthority;
+
+@Getter
+@Setter
+@Entity
+@Table(name = "roles")
+public class Role implements GrantedAuthority {
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id;
+    @Column(unique = true, nullable = false)
+    @Enumerated(EnumType.STRING)
+    private RoleName role;
+
+    @Override
+    public String getAuthority() {
+        return role.name();
+    }
+}

src/main/java/project/bookstore/model/RoleName.java

@@ -0,0 +1,6 @@
+package project.bookstore.model;
+
+public enum RoleName {
+    ROLE_USER,
+    ROLE_ADMIN
+}

src/main/java/project/bookstore/model/User.java

@@ -5,30 +5,72 @@
 import jakarta.persistence.GeneratedValue;
 import jakarta.persistence.GenerationType;
 import jakarta.persistence.Id;
+import jakarta.persistence.JoinColumn;
+import jakarta.persistence.JoinTable;
+import jakarta.persistence.ManyToMany;
 import jakarta.persistence.Table;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Set;
 import lombok.Getter;
 import lombok.Setter;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
 
 @Entity
 @Table(name = "users")
 @Getter
 @Setter
-public class User {
+public class User implements UserDetails {
     @Id
     @GeneratedValue(strategy = GenerationType.IDENTITY)
     private Long id;
-
     @Column(unique = true, nullable = false)
     private String email;
-
     @Column(nullable = false)
     private String password;
-
     @Column(nullable = false)
     private String firstName;
-
     @Column(nullable = false)
     private String lastName;
-
     private String shippingAddress;
+    @ManyToMany
+    @JoinTable(
+            name = "users_roles",
+            joinColumns = @JoinColumn(name = "user_id"),
+            inverseJoinColumns = @JoinColumn(name = "role_id")
+    )
+    private Set<Role> roles = new HashSet<>();
+    @Column(nullable = false, columnDefinition = "TINYINT(1)")
+    private boolean isDeleted = false;
+
+    @Override
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+        return roles;
+    }
+
+    @Override
+    public String getUsername() {
+        return email;
+    }
+
+    @Override
+    public boolean isAccountNonExpired() {
+        return true;
+    }
+
+    @Override
+    public boolean isAccountNonLocked() {
+        return true;
+    }
+
+    @Override
+    public boolean isEnabled() {
+        return true;
+    }
+
+    @Override
+    public boolean isCredentialsNonExpired() {
+        return true;
+    }
 }

src/main/java/project/bookstore/repository/role/RoleRepository.java

@@ -0,0 +1,9 @@
+package project.bookstore.repository.role;
+
+import org.springframework.data.jpa.repository.JpaRepository;
+import project.bookstore.model.Role;
+import project.bookstore.model.RoleName;
+
+public interface RoleRepository extends JpaRepository<Role, Long> {
+    Role findByRole(RoleName name);
+}

src/main/java/project/bookstore/repository/user/UserRepository.java

@@ -0,0 +1,13 @@
+package project.bookstore.repository.user;
+
+import java.util.Optional;
+import org.springframework.data.jpa.repository.EntityGraph;
+import org.springframework.data.jpa.repository.JpaRepository;
+import project.bookstore.model.User;
+
+public interface UserRepository extends JpaRepository<User, Long> {
+    boolean existsByEmail(String email);
+
+    @EntityGraph(attributePaths = "roles")
+    Optional<User> findByEmail(String email);
+}

src/main/java/project/bookstore/security/CustomUserDetailsService.java

@@ -0,0 +1,21 @@
+package project.bookstore.security;
+
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Service;
+import project.bookstore.repository.user.UserRepository;
+
+@Service
+@RequiredArgsConstructor
+public class CustomUserDetailsService implements UserDetailsService {
+    private final UserRepository userRepo;
+
+    @Override
+    public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException {
+        return userRepo.findByEmail(email)
+                .orElseThrow(
+                        () -> new UsernameNotFoundException("Can't find user by email: " + email));
+    }
+}

src/main/java/project/bookstore/service/impl/UserServiceImpl.java

@@ -1,27 +1,37 @@
 package project.bookstore.service.impl;
 
+import java.util.Set;
 import lombok.RequiredArgsConstructor;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Component;
 import project.bookstore.dto.user.UserRegistrationRequestDto;
 import project.bookstore.dto.user.UserResponseDto;
 import project.bookstore.exception.RegistrationException;
 import project.bookstore.mapper.UserMapper;
+import project.bookstore.model.Role;
+import project.bookstore.model.RoleName;
 import project.bookstore.model.User;
-import project.bookstore.repository.user.UserRepo;
+import project.bookstore.repository.role.RoleRepository;
+import project.bookstore.repository.user.UserRepository;
 import project.bookstore.service.UserService;
 
 @RequiredArgsConstructor
 @Component
 public class UserServiceImpl implements UserService {
     private final UserMapper userMapper;
-    private final UserRepo userRepository;
+    private final UserRepository userRepository;
+    private final PasswordEncoder passwordEncoder;
+    private final RoleRepository roleRepository;
 
     @Override
     public UserResponseDto register(UserRegistrationRequestDto requestDto) {
-        if (userRepository.existsUserByEmail(requestDto.getEmail())) {
+        if (userRepository.existsByEmail(requestDto.getEmail())) {
             throw new RegistrationException(requestDto.getEmail() + "allready exists!");
         }
         User user = userMapper.toModel(requestDto);
+        user.setPassword(passwordEncoder.encode(user.getPassword()));
+        Role userRole = roleRepository.findByRole(RoleName.ROLE_USER);
+        user.setRoles(Set.of(userRole));
         userRepository.save(user);
 
         return userMapper.toResponseDto(user);

src/main/resources/application.properties

@@ -7,3 +7,5 @@ spring.datasource.password=pass
 spring.jpa.hibernate.ddl-auto=validate
 spring.jpa.show-sql=true
 spring.jpa.open-in-view=false
+
+server.servlet.context-path=/api

src/main/resources/db/changelog/changes/01-create-books-table.yaml

@@ -4,8 +4,8 @@ databaseChangeLog:
       author: vlad
       changes:
         - createTable:
-            - tableName: books
-            - columns:
+            tableName: books
+            columns:
                 - column:
                     name: id
                     type: bigint

src/main/resources/db/changelog/changes/03-create-roles-table.yaml

@@ -0,0 +1,21 @@
+databaseChangeLog:
+  - changeSet:
+      id: create-roles-table
+      author: vlad
+      changes:
+        - createTable:
+             tableName: roles
+             columns:
+                - column:
+                    name: id
+                    type: bigint
+                    autoIncrement: true
+                    constraints:
+                        primaryKey: true
+                        nullable: false
+                - column:
+                    name: role
+                    type: varchar(255)
+                    constraints:
+                        unique: true
+                        nullable: false

src/main/resources/db/changelog/changes/04-create-users-roles-table.yaml

@@ -0,0 +1,24 @@
+databaseChangeLog:
+  - changeSet:
+      id: create-users-roles-table
+      author: vlad
+      changes:
+        - createTable:
+            tableName: users_roles
+            columns:
+              - column:
+                  name: user_id
+                  type: bigint
+                  constraints:
+                    primaryKey: true
+                    nullable: false
+                    foreignKeyName: fk_users_id
+                    references: users(id)
+              - column:
+                  name: role_id
+                  type: bigint
+                  constraints:
+                    primaryKey: true
+                    nullable: false
+                    foreignKeyName: fk_roles_id
+                    references: roles(id)