nbibh

.github/workflows/label.yml

@@ -0,0 +1,22 @@
+# This workflow will triage pull requests and apply a label based on the
+# paths that are modified in the pull request.
+#
+# To use this workflow, you will need to set up a .github/labeler.yml
+# file with configuration.  For more information, see:
+# https://github.com/actions/labeler
+
+name: Labeler
+on: [pull_request_target]
+
+jobs:
+  label:
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+
+    steps:
+    - uses: actions/[email protected]
+      with:
+        repo-token: "${{ secrets.GITHUB_TOKEN }}"

JtProject/.classpath

@@ -1,24 +1,11 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <classpath>
-	<classpathentry kind="src" output="target/classes" path="src/main/java">
-		<attributes>
-			<attribute name="optional" value="true"/>
-			<attribute name="maven.pomderived" value="true"/>
-		</attributes>
-	</classpathentry>
 	<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources">
 		<attributes>
 			<attribute name="maven.pomderived" value="true"/>
 			<attribute name="optional" value="true"/>
 		</attributes>
 	</classpathentry>
-	<classpathentry kind="src" output="target/test-classes" path="src/test/java">
-		<attributes>
-			<attribute name="optional" value="true"/>
-			<attribute name="maven.pomderived" value="true"/>
-			<attribute name="test" value="true"/>
-		</attributes>
-	</classpathentry>
 	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-11">
 		<attributes>
 			<attribute name="maven.pomderived" value="true"/>
@@ -31,19 +18,32 @@
 	</classpathentry>
 	<classpathentry excluding="**" kind="src" output="target/test-classes" path="src/test/resources">
 		<attributes>
-			<attribute name="maven.pomderived" value="true"/>
 			<attribute name="test" value="true"/>
+			<attribute name="maven.pomderived" value="true"/>
 			<attribute name="optional" value="true"/>
 		</attributes>
 	</classpathentry>
 	<classpathentry kind="src" path="target/generated-sources/annotations">
 		<attributes>
+			<attribute name="ignore_optional_problems" value="true"/>
 			<attribute name="optional" value="true"/>
 			<attribute name="maven.pomderived" value="true"/>
-			<attribute name="ignore_optional_problems" value="true"/>
 			<attribute name="m2e-apt" value="true"/>
 		</attributes>
 	</classpathentry>
+	<classpathentry kind="src" output="target/classes" path="src/main/java">
+		<attributes>
+			<attribute name="optional" value="true"/>
+			<attribute name="maven.pomderived" value="true"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="src" output="target/test-classes" path="src/test/java">
+		<attributes>
+			<attribute name="optional" value="true"/>
+			<attribute name="maven.pomderived" value="true"/>
+			<attribute name="test" value="true"/>
+		</attributes>
+	</classpathentry>
 	<classpathentry kind="src" output="target/test-classes" path="target/generated-test-sources/test-annotations">
 		<attributes>
 			<attribute name="optional" value="true"/>

JtProject/.project

@@ -15,6 +15,11 @@
 			<arguments>
 			</arguments>
 		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.buildship.core.gradleprojectbuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
 		<buildCommand>
 			<name>org.eclipse.m2e.core.maven2Builder</name>
 			<arguments>
@@ -24,6 +29,7 @@
 	<natures>
 		<nature>org.eclipse.jdt.core.javanature</nature>
 		<nature>org.eclipse.m2e.core.maven2Nature</nature>
+		<nature>org.eclipse.buildship.core.gradleprojectnature</nature>
 	</natures>
 	<filteredResources>
 		<filter>

JtProject/basedata.sql

@@ -1,5 +1,5 @@
 # SQL configs
-SET SQL_MODE ='IGNORE_SPACE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION';
+SET SQL_MODE ='IGNORE_SPACE,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION';
 
 # create database and use it
 CREATE DATABASE IF NOT EXISTS ecommjava;

JtProject/pom.xml

@@ -57,7 +57,11 @@
 			<artifactId>mysql-connector-java</artifactId>
 			<version>8.0.33</version>
 		</dependency>
-
+
+		<dependency>
+    		<groupId>org.springframework.boot</groupId>
+   			<artifactId>spring-boot-starter-security</artifactId>
+		</dependency>
 
 	</dependencies>
 
@@ -70,4 +74,4 @@
 		</plugins>
 	</build>
 
-</project>
+</project>

JtProject/src/main/java/com/jtspringproject/JtSpringProject/configuration/SecurityConfiguration.java

@@ -0,0 +1,111 @@
+package com.jtspringproject.JtSpringProject.configuration;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+
+import com.jtspringproject.JtSpringProject.models.User;
+import com.jtspringproject.JtSpringProject.services.userService;
+
+@Configuration
+public class SecurityConfiguration {
+
+	userService UserService;
+
+	public SecurityConfiguration(userService UserService) {
+		this.UserService = UserService;
+	}
+
+	@Configuration
+	@Order(1)
+	public static class AdminConfigurationAdapter{
+
+		@Bean
+		SecurityFilterChain adminFilterChain(HttpSecurity http) throws Exception {
+            http.antMatcher("/admin/**") 
+                   .authorizeHttpRequests(requests -> requests
+            		 .requestMatchers(new AntPathRequestMatcher("/admin/login")).permitAll()
+                     .requestMatchers(new AntPathRequestMatcher("/admin/**")).hasRole("ADMIN")
+                    )
+                    .formLogin(login -> login
+                            .loginPage("/admin/login")
+                            .loginProcessingUrl("/admin/loginvalidate")
+                            .successHandler((request, response, authentication) -> {
+                                response.sendRedirect("/admin/"); // Redirect on success
+                            })
+                            .failureHandler((request, response, exception) -> {
+                                response.sendRedirect("/admin/login?error=true"); // Redirect on failure
+                            }))
+
+                    .logout(logout -> logout.logoutUrl("/admin/logout")
+                            .logoutSuccessUrl("/admin/login")
+                            .deleteCookies("JSESSIONID"))
+                    .exceptionHandling(exception -> exception
+                            .accessDeniedPage("/403")  // Custom 403 page
+                        );
+            http.csrf(csrf -> csrf.disable());
+			return http.build();
+		}
+	}
+
+	@Configuration
+	@Order(2)
+	public static class UserConfigurationAdapter{
+
+		@Bean
+		SecurityFilterChain userFilterChain(HttpSecurity http) throws Exception {
+            http.authorizeHttpRequests(requests -> requests
+            		.antMatchers("/login", "/register", "/newuserregister" ,"/test", "/test2").permitAll()
+                    .antMatchers("/**").hasRole("USER"))
+                    .formLogin(login -> login
+                            .loginPage("/login")
+                            .loginProcessingUrl("/userloginvalidate")
+                            .successHandler((request, response, authentication) -> {
+                                response.sendRedirect("/"); // Redirect on success
+                            })
+                            .failureHandler((request, response, exception) -> {
+                                response.sendRedirect("/login?error=true"); // Redirect on failure
+                            }))
+
+                    .logout(logout -> logout.logoutUrl("/logout")
+                            .logoutSuccessUrl("/login")
+                            .deleteCookies("JSESSIONID"))
+                    .exceptionHandling(exception -> exception
+                            .accessDeniedPage("/403")  // Custom 403 page
+                        );
+
+            http.csrf(csrf -> csrf.disable());
+			return http.build();
+		}
+	}
+
+	@Bean
+	UserDetailsService userDetailsService() {
+		return username -> {
+			User user = UserService.getUserByUsername(username);
+			if(user == null) {
+	            throw new UsernameNotFoundException("User with username " + username + " not found.");
+			}
+			String role =  user.getRole().equals("ROLE_ADMIN") ? "ADMIN":"USER"; 
+
+			return org.springframework.security.core.userdetails.User
+					.withUsername(username)
+					.passwordEncoder(input->passwordEncoder().encode(input))
+					.password(user.getPassword())
+					.roles(role)
+					.build();
+		};
+	}
+
+	@Bean
+	PasswordEncoder passwordEncoder() {
+		return new BCryptPasswordEncoder();
+	}
+}