refator(error-handler): Ajout d'un error handler (incomplet)

ca7ae74a · Paulo Pimenta · b5b7333d · b5b7333d · ca7ae74a · ca7ae74a
Commit ca7ae74a authored 4 years ago by Paulo Pimenta
--- a/src/main/java/com/smartharvester/config/SmartHarvesterApiConfiguration.java
+++ b/src/main/java/com/smartharvester/config/SmartHarvesterApiConfiguration.java
-package com.smartharvester.config;
-
-import org.springframework.context.annotation.Configuration;
-import org.springframework.core.annotation.Order;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-
-@Configuration
-@Order(3)
-public class SmartHarvesterApiConfiguration extends WebSecurityConfigurerAdapter {
-
-    protected void configure(HttpSecurity http) throws Exception {
-        http.antMatcher("/harvest/**").authorizeRequests().anyRequest().permitAll();
-    }
-}
-
--- a/src/main/java/com/smartharvester/config/SmartHarvesterSecurityConfiguration.java
+++ b/src/main/java/com/smartharvester/config/SmartHarvesterSecurityConfiguration.java
 package com.smartharvester.config;

-import com.smartharvester.security.auth.SmartHarvesterAuthenticationProvider;
+import com.smartharvester.security.handler.SmartHarvesterCustomAccessDeniedHandler;
 import com.smartharvester.security.jwt.AuthEntryPointJwt;
 import com.smartharvester.security.jwt.AuthTokenFilter;
 import com.smartharvester.security.services.UserServiceImpl;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.annotation.Order;
+
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -16,6 +18,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.access.AccessDeniedHandler;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

 @Configuration
@@ -61,4 +64,9 @@ public class SmartHarvesterSecurityConfiguration extends WebSecurityConfigurerAd
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
+
+    @Bean
+    public AccessDeniedHandler accessDeniedHandler(){
+        return new SmartHarvesterCustomAccessDeniedHandler();
+    }
 }
--- a/src/main/java/com/smartharvester/controller/SmartHarvesterErrorController.java
+++ b/src/main/java/com/smartharvester/controller/SmartHarvesterErrorController.java
+package com.smartharvester.controller;
+
+import org.springframework.boot.web.servlet.error.ErrorController;
+import org.springframework.http.HttpStatus;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.CrossOrigin;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+import javax.servlet.RequestDispatcher;
+import javax.servlet.http.HttpServletRequest;
+
+@CrossOrigin(origins = "*")
+@Controller
+public class SmartHarvesterErrorController implements ErrorController {
+
+    @RequestMapping("/error")
+    public String handleError(HttpServletRequest request) {
+
+        Object status = request.getAttribute(RequestDispatcher.ERROR_STATUS_CODE);
+
+        if (status != null) {
+
+            Integer statusCode = Integer.valueOf(status.toString());
+
+            if(statusCode == HttpStatus.NOT_FOUND.value()) {
+                return "error-404";
+            }
+            else if(statusCode == HttpStatus.INTERNAL_SERVER_ERROR.value()) {
+                return "error-500";
+            }
+        }
+        return "error";
+    }
+
+    @Override
+    public String getErrorPath() {
+        return null;
+    }
+}
--- a/src/main/java/com/smartharvester/security/auth/SmartHarvesterAuthenticationProvider.java
+++ b/src/main/java/com/smartharvester/security/auth/SmartHarvesterAuthenticationProvider.java
-package com.smartharvester.security.auth;
-
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider;
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.security.crypto.password.PasswordEncoder;
-
-public class SmartHarvesterAuthenticationProvider  extends AbstractUserDetailsAuthenticationProvider {
-    public void setPasswordEncoder(PasswordEncoder passwordEncoder) {
-    }
-
-    @Override
-    protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
-
-    }
-
-    @Override
-    protected UserDetails retrieveUser(String s, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
-        return null;
-    }
-}
--- a/src/main/java/com/smartharvester/security/handler/SmartHarvesterCustomAccessDeniedHandler.java
+++ b/src/main/java/com/smartharvester/security/handler/SmartHarvesterCustomAccessDeniedHandler.java
+package com.smartharvester.security.handler;
+
+import java.io.IOException;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.web.access.AccessDeniedHandler;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+public class SmartHarvesterCustomAccessDeniedHandler implements AccessDeniedHandler {
+
+    public static final Logger LOG = LoggerFactory.getLogger(SmartHarvesterCustomAccessDeniedHandler.class);
+
+    @Override
+    public void handle(
+            HttpServletRequest request,
+            HttpServletResponse response,
+            AccessDeniedException exc) throws IOException, ServletException {
+
+        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+        if (auth != null) {
+            LOG.warn("User: "
+                    + auth.getName()
+                    + " attempted to access the protected URL: "
+                    + request.getRequestURI());
+        }
+
+        response.sendRedirect(request.getContextPath() + "/denied.html");
+    }
+}
--- a/src/main/java/com/smartharvester/security/services/SmartHarvesterAuthCustomProvider.java
+++ b/src/main/java/com/smartharvester/security/services/SmartHarvesterAuthCustomProvider.java
-package com.smartharvester.security.services;
-
-import com.smartharvester.dao.UserDaoRepository;
-import com.smartharvester.model.user.SmartHarvesterUser;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.authentication.AuthenticationProvider;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.stereotype.Service;
-import org.springframework.transaction.annotation.Transactional;
-
-import java.util.Optional;
-
-@Service(value = "smartHarvesterAuthCustomProvider")
-public class SmartHarvesterAuthCustomProvider implements AuthenticationProvider {
-
-    @Autowired
-    public UserDaoRepository userDaoRepository;
-
-    @Transactional
-    public Authentication authenticateEmail(Authentication authentication, String email) throws AuthenticationException {
-        String password = authentication.getCredentials().toString();
-        Optional<SmartHarvesterUser> user = userDaoRepository.findByEmail(email);
-        if (user == null) {
-            return null;
-        } else {
-            // Here use the user object to only check if the user exists in the database if not null use his login ( principal ) and password
-            return new UsernamePasswordAuthenticationToken(email, password);
-        }
-    }
-
-    @Override
-    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
-        return null;
-    }
-
-    @Override
-    public boolean supports(Class<?> authentication) {
-        return authentication.equals(UsernamePasswordAuthenticationToken.class);
-    }
-}
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
 # SMART HARVESTER Application Properties

-#Alternative mongodb configuration
-#spring.data.mongodb.uri=mongodb://10.6.10.9:27017/fdp
-
 # 1. For pretty print
 spring.jackson.serialization.indent_output=true

@@ -10,6 +7,7 @@ spring.jackson.serialization.indent_output=true
 server.port=8080

 # 3. MongoDB configuration.
+#spring.data.mongodb.uri=mongodb:user@password//10.6.10.9:27017/fdp (alternative)
 spring.data.mongodb.host=10.6.10.9
 spring.data.mongodb.port=27017
 spring.data.mongodb.database=fdp
@@ -28,6 +26,9 @@ smartharvester.app.jwtExpirationMs=86400000
 smartharvester.app.jwt.route.authentication.path=/auth
 smartharvester.app.jwt.route.authentication.refresh=/refresh

-#Swagger
+# 7. Swagger
 springdoc.api-docs.path=/smart-docs

+# 8. Error Handling
+server.error.whitelabel.enabled=true
+server.error.path=/error
--- a/src/main/resources/templates/errors/css/style.css
+++ b/src/main/resources/templates/errors/css/style.css
+* {
+  -webkit-box-sizing: border-box;
+          box-sizing: border-box;
+}
+
+body {
+  padding: 0;
+  margin: 0;
+}
+
+#notfound {
+  position: relative;
+  height: 100vh;
+}
+
+#notfound .notfound {
+  position: absolute;
+  left: 50%;
+  top: 50%;
+  -webkit-transform: translate(-50%, -50%);
+      -ms-transform: translate(-50%, -50%);
+          transform: translate(-50%, -50%);
+}
+
+.notfound {
+  max-width: 520px;
+  width: 100%;
+  line-height: 1.4;
+  text-align: center;
+}
+
+.notfound .notfound-404 {
+  position: relative;
+  height: 240px;
+}
+
+.notfound .notfound-404 h1 {
+  font-family: 'Montserrat', sans-serif;
+  position: absolute;
+  left: 50%;
+  top: 50%;
+  -webkit-transform: translate(-50%, -50%);
+      -ms-transform: translate(-50%, -50%);
+          transform: translate(-50%, -50%);
+  font-size: 252px;
+  font-weight: 900;
+  margin: 0px;
+  color: #262626;
+  text-transform: uppercase;
+  letter-spacing: -40px;
+  margin-left: -20px;
+}
+
+.notfound .notfound-404 h1>span {
+  text-shadow: -8px 0px 0px #fff;
+}
+
+.notfound .notfound-404 h3 {
+  font-family: 'Cabin', sans-serif;
+  position: relative;
+  font-size: 16px;
+  font-weight: 700;
+  text-transform: uppercase;
+  color: #262626;
+  margin: 0px;
+  letter-spacing: 3px;
+  padding-left: 6px;
+}
+
+.notfound h2 {
+  font-family: 'Cabin', sans-serif;
+  font-size: 20px;
+  font-weight: 400;
+  text-transform: uppercase;
+  color: #000;
+  margin-top: 0px;
+  margin-bottom: 25px;
+}
+
+@media only screen and (max-width: 767px) {
+  .notfound .notfound-404 {
+    height: 200px;
+  }
+  .notfound .notfound-404 h1 {
+    font-size: 200px;
+  }
+}
+
+@media only screen and (max-width: 480px) {
+  .notfound .notfound-404 {
+    height: 162px;
+  }
+  .notfound .notfound-404 h1 {
+    font-size: 162px;
+    height: 150px;
+    line-height: 162px;
+  }
+  .notfound h2 {
+    font-size: 16px;
+  }
+}
--- a/src/main/resources/templates/errors/error.html
+++ b/src/main/resources/templates/errors/error.html
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+	<meta charset="utf-8">
+	<meta http-equiv="X-UA-Compatible" content="IE=edge">
+	<meta name="viewport" content="width=device-width, initial-scale=1">
+	<!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags -->
+
+	<title>404 HTML Template by Colorlib</title>
+
+	<!-- Google font -->
+	<link href="https://fonts.googleapis.com/css?family=Cabin:400,700" rel="stylesheet">
+	<link href="https://fonts.googleapis.com/css?family=Montserrat:900" rel="stylesheet">
+
+	<!-- Custom stlylesheet -->
+	<link type="text/css" rel="stylesheet" href="css/style.css" />
+
+	<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
+	<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
+	<!--[if lt IE 9]>
+		  <script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script>
+		  <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
+		<![endif]-->
+
+</head>
+
+<body>
+
+	<div id="notfound">
+		<div class="notfound">
+			<div class="notfound-404">
+				<h3>Oops! Page not found</h3>
+				<h1><span>4</span><span>0</span><span>4</span></h1>
+			</div>
+			<h2>we are sorry, but the page you requested was not found</h2>
+		</div>
+	</div>
+
+</body><!-- This templates was made by Colorlib (https://colorlib.com) -->
+
+</html>