work

Author: thomaswoehlke

src/main/java/org/woehlke/simpleworklist/SimpleworklistApplication.java

@@ -4,17 +4,17 @@
 import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
-import org.woehlke.simpleworklist.application.ApplicationProperties;
-import org.woehlke.simpleworklist.application.config.WebMvcConfig;
-import org.woehlke.simpleworklist.application.config.WebSecurityConfig;
+import org.woehlke.simpleworklist.config.SimpleworklistProperties;
+import org.woehlke.simpleworklist.config.WebMvcConfig;
+import org.woehlke.simpleworklist.config.WebSecurityConfig;
 
 
 @ImportAutoConfiguration({
     WebMvcConfig.class,
     WebSecurityConfig.class
 })
 @EnableConfigurationProperties({
-    ApplicationProperties.class
+    SimpleworklistProperties.class
 })
 @SpringBootApplication
 public class SimpleworklistApplication {

src/main/java/org/woehlke/simpleworklist/common/domain/AbstractController.java

@@ -5,7 +5,7 @@
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.SessionAttributes;
 import org.woehlke.simpleworklist.domain.breadcrumb.BreadcrumbService;
-import org.woehlke.simpleworklist.application.ApplicationProperties;
+import org.woehlke.simpleworklist.config.SimpleworklistProperties;
 import org.woehlke.simpleworklist.domain.context.Context;
 import org.woehlke.simpleworklist.domain.project.Project;
 import org.woehlke.simpleworklist.domain.task.TaskService;
@@ -37,7 +37,7 @@
 public abstract class AbstractController {
 
     @Autowired
-    protected ApplicationProperties applicationProperties;
+    protected SimpleworklistProperties simpleworklistProperties;
 
     @Autowired
     protected ProjectService projectService;

src/main/java/org/woehlke/simpleworklist/application/ApplicationProperties.java renamed to src/main/java/org/woehlke/simpleworklist/config/SimpleworklistProperties.java

@@ -1,4 +1,4 @@
-package org.woehlke.simpleworklist.application;
+package org.woehlke.simpleworklist.config;
 
 import lombok.Getter;
 import lombok.Setter;
@@ -7,14 +7,15 @@
 import org.springframework.validation.annotation.Validated;
 
 import javax.validation.Valid;
+import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.NotNull;
 
 @Component
 @Getter
 @Setter
 @ConfigurationProperties(prefix="org.woehlke.simpleworklist")
 @Validated
-public class ApplicationProperties {
+public class SimpleworklistProperties {
 
     @Valid
     private Mail mail = new Mail();
@@ -122,8 +123,17 @@ public static class WebSecurity {
 
         private String[] antPatternsPublic;
 
+        //@NotNull
+        //private Integer strengthBCryptPasswordEncoder;
+
+        @NotBlank
+        private String secret;
+
+        @NotNull
+        private Integer iterations;
+
         @NotNull
-        private Integer strengthBCryptPasswordEncoder;
+        private Integer hashWidth;
     }
 
 }

src/main/java/org/woehlke/simpleworklist/application/config/WebMvcConfig.java renamed to src/main/java/org/woehlke/simpleworklist/config/WebMvcConfig.java

@@ -1,4 +1,4 @@
-package org.woehlke.simpleworklist.application.config;
+package org.woehlke.simpleworklist.config;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
@@ -18,7 +18,6 @@
 import org.springframework.web.servlet.i18n.LocaleChangeInterceptor;
 import org.springframework.web.servlet.i18n.SessionLocaleResolver;
 import org.thymeleaf.dialect.springdata.SpringDataDialect;
-import org.woehlke.simpleworklist.application.ApplicationProperties;
 
 import java.util.Locale;
 import java.util.Properties;
@@ -33,42 +32,42 @@
     "org.woehlke.simpleworklist"
 })
 @EnableConfigurationProperties({
-    ApplicationProperties.class
+    SimpleworklistProperties.class
 })
 public class WebMvcConfig extends WebMvcConfigurerAdapter implements WebMvcConfigurer {
 
-    private final ApplicationProperties applicationProperties;
+    private final SimpleworklistProperties simpleworklistProperties;
 
     @Autowired
-    public WebMvcConfig(ApplicationProperties applicationProperties) {
-        this.applicationProperties = applicationProperties;
+    public WebMvcConfig(SimpleworklistProperties simpleworklistProperties) {
+        this.simpleworklistProperties = simpleworklistProperties;
     }
 
     @Bean
     public JavaMailSender mailSender(){
         Properties javaMailProperties = new Properties();
         javaMailProperties.setProperty(
             "mail.smtp.auth",
-            applicationProperties.getMail().getAuth().toString()
+            simpleworklistProperties.getMail().getAuth().toString()
         );
         javaMailProperties.setProperty(
             "mail.smtp.ssl.enable",
-            applicationProperties.getMail().getSslEnable().toString()
+            simpleworklistProperties.getMail().getSslEnable().toString()
         );
         javaMailProperties.setProperty(
             "mail.smtp.socketFactory.port",
-            applicationProperties.getMail().getSocketFactoryPort()
+            simpleworklistProperties.getMail().getSocketFactoryPort()
         );
         javaMailProperties.setProperty(
             "mail.smtp.socketFactory.class",
-            applicationProperties.getMail().getSocketFactoryClass()
+            simpleworklistProperties.getMail().getSocketFactoryClass()
         );
         JavaMailSenderImpl mailSender = new JavaMailSenderImpl();
         mailSender.setJavaMailProperties(javaMailProperties);
-        mailSender.setHost(applicationProperties.getMail().getHost());
-        mailSender.setPort(applicationProperties.getMail().getPort());
-        mailSender.setUsername(applicationProperties.getMail().getUsername());
-        mailSender.setPassword(applicationProperties.getMail().getPassword());
+        mailSender.setHost(simpleworklistProperties.getMail().getHost());
+        mailSender.setPort(simpleworklistProperties.getMail().getPort());
+        mailSender.setUsername(simpleworklistProperties.getMail().getUsername());
+        mailSender.setPassword(simpleworklistProperties.getMail().getPassword());
         return mailSender;
     }
 
@@ -113,12 +112,12 @@ public void addViewControllers(ViewControllerRegistry registry) {
     }
 
     public void addResourceHandlers(ResourceHandlerRegistry registry) {
-        for(String h :applicationProperties.getWebMvc().getStaticResourceHandler()){
+        for(String h : simpleworklistProperties.getWebMvc().getStaticResourceHandler()){
             String location = "classpath:/static"+h+"/";
             registry.addResourceHandler(h+"/*").addResourceLocations(location);
             registry.addResourceHandler(h+"/**").addResourceLocations(location);
         }
-        for(String h :applicationProperties.getWebMvc().getDynaicResourceHandler()){
+        for(String h : simpleworklistProperties.getWebMvc().getDynaicResourceHandler()){
             String location = h+"/";
             registry.addResourceHandler(h+"/*").addResourceLocations(location);
             registry.addResourceHandler(h+"/**").addResourceLocations(location);

src/main/java/org/woehlke/simpleworklist/application/config/WebSecurityConfig.java renamed to src/main/java/org/woehlke/simpleworklist/config/WebSecurityConfig.java

@@ -1,4 +1,4 @@
-package org.woehlke.simpleworklist.application.config;
+package org.woehlke.simpleworklist.config;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
@@ -14,14 +14,11 @@
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
-import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+import org.springframework.security.crypto.password.Pbkdf2PasswordEncoder;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
-import org.woehlke.simpleworklist.application.ApplicationProperties;
-import org.woehlke.simpleworklist.user.login.LoginSuccessHandler;
-import org.woehlke.simpleworklist.user.services.UserAccountSecurityService;
+import org.woehlke.simpleworklist.user.services.SimpleworklistUserAccountSecurityService;
 
 
 @Configuration
@@ -34,25 +31,25 @@
     WebMvcConfig.class
 })
 @EnableConfigurationProperties({
-    ApplicationProperties.class
+    SimpleworklistProperties.class
 })
 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
     private final AuthenticationManagerBuilder authenticationManagerBuilder;
-    private final AuthenticationSuccessHandler loginSuccessHandler;
-    private final UserAccountSecurityService userAccountSecurityService;
-    private final ApplicationProperties applicationProperties;
+    //private final AuthenticationSuccessHandler loginSuccessHandler;
+    private final SimpleworklistUserAccountSecurityService simpleworklistUserAccountSecurityService;
+    private final SimpleworklistProperties simpleworklistProperties;
 
     @Autowired
     public WebSecurityConfig(
-        AuthenticationManagerBuilder authenticationManagerBuilder,
-        LoginSuccessHandler loginSuccessHandler,
-        UserAccountSecurityService userAccountSecurityService,
-        ApplicationProperties applicationProperties) {
-        this.authenticationManagerBuilder = authenticationManagerBuilder;
-        this.loginSuccessHandler = loginSuccessHandler;
-        this.userAccountSecurityService = userAccountSecurityService;
-        this.applicationProperties = applicationProperties;
+        AuthenticationManagerBuilder auth,
+        //LoginSuccessHandler loginSuccessHandler,
+        SimpleworklistUserAccountSecurityService simpleworklistUserAccountSecurityService,
+        SimpleworklistProperties simpleworklistProperties) {
+        this.authenticationManagerBuilder = auth;
+        //this.loginSuccessHandler = loginSuccessHandler;
+        this.simpleworklistUserAccountSecurityService = simpleworklistUserAccountSecurityService;
+        this.simpleworklistProperties = simpleworklistProperties;
     }
 
     @Override
@@ -61,35 +58,35 @@ protected void configure(HttpSecurity http) throws Exception {
             .headers()
             .disable()
             .authorizeRequests()
-            .antMatchers(applicationProperties.getWebSecurity().getAntPatternsPublic())
+            .antMatchers(simpleworklistProperties.getWebSecurity().getAntPatternsPublic())
             .permitAll()
             .anyRequest()
             .fullyAuthenticated()
             .and()
             .csrf()
             .and()
             .formLogin()
-            .loginPage(applicationProperties.getWebSecurity().getLoginPage())
-            .usernameParameter(applicationProperties.getWebSecurity().getUsernameParameter())
-            .passwordParameter(applicationProperties.getWebSecurity().getPasswordParameter())
-            .loginProcessingUrl(applicationProperties.getWebSecurity().getLoginProcessingUrl())
-            .failureForwardUrl(applicationProperties.getWebSecurity().getFailureForwardUrl())
-            .defaultSuccessUrl(applicationProperties.getWebSecurity().getDefaultSuccessUrl())
-            .successHandler(loginSuccessHandler)
+            .loginPage(simpleworklistProperties.getWebSecurity().getLoginPage())
+            .usernameParameter(simpleworklistProperties.getWebSecurity().getUsernameParameter())
+            .passwordParameter(simpleworklistProperties.getWebSecurity().getPasswordParameter())
+            .loginProcessingUrl(simpleworklistProperties.getWebSecurity().getLoginProcessingUrl())
+            .failureForwardUrl(simpleworklistProperties.getWebSecurity().getFailureForwardUrl())
+            .defaultSuccessUrl(simpleworklistProperties.getWebSecurity().getDefaultSuccessUrl())
+            //.successHandler(loginSuccessHandler)
             .permitAll()
             .and()
             .csrf()
             .and()
             .logout()
-            .logoutUrl(applicationProperties.getWebSecurity().getLogoutUrl())
-            .deleteCookies(applicationProperties.getWebSecurity().getCookieNamesToClear())
-            .invalidateHttpSession(applicationProperties.getWebSecurity().getInvalidateHttpSession())
+            .logoutUrl(simpleworklistProperties.getWebSecurity().getLogoutUrl())
+            .deleteCookies(simpleworklistProperties.getWebSecurity().getCookieNamesToClear())
+            .invalidateHttpSession(simpleworklistProperties.getWebSecurity().getInvalidateHttpSession())
             .permitAll();
     }
 
     @Bean
     public UserDetailsService userDetailsService(){
-        return this.userAccountSecurityService;
+        return this.simpleworklistUserAccountSecurityService;
     }
 
     /**
@@ -98,8 +95,14 @@ public UserDetailsService userDetailsService(){
      */
     @Bean
     public PasswordEncoder encoder(){
-        int strength = applicationProperties.getWebSecurity().getStrengthBCryptPasswordEncoder();
-        return new BCryptPasswordEncoder(strength);
+        //int strength = simpleworklistProperties.getWebSecurity().getStrengthBCryptPasswordEncoder();
+        //return new Pbkdf2PasswordEncoder(strength);
+        CharSequence secret=this.simpleworklistProperties.getWebSecurity().getSecret();
+        int iterations=this.simpleworklistProperties.getWebSecurity().getIterations();
+        int hashWidth=this.simpleworklistProperties.getWebSecurity().getHashWidth();
+        Pbkdf2PasswordEncoder encoder = (new Pbkdf2PasswordEncoder(secret,iterations,hashWidth));
+        encoder.setEncodeHashAsBase64(true);
+        return encoder;
     }
 
     @Bean
@@ -113,7 +116,7 @@ public AuthenticationManager authenticationManager() throws Exception {
     public UsernamePasswordAuthenticationFilter authenticationFilter() throws Exception {
         UsernamePasswordAuthenticationFilter filter = new UsernamePasswordAuthenticationFilter();
         filter.setAuthenticationManager(authenticationManager());
-        filter.setFilterProcessesUrl(applicationProperties.getWebSecurity().getLoginProcessingUrl());
+        filter.setFilterProcessesUrl(simpleworklistProperties.getWebSecurity().getLoginProcessingUrl());
         return filter;
     }
 }

src/main/java/org/woehlke/simpleworklist/user/services/UserAccountSecurityService.java renamed to src/main/java/org/woehlke/simpleworklist/user/services/SimpleworklistUserAccountSecurityService.java

@@ -2,5 +2,5 @@
 
 import org.springframework.security.core.userdetails.UserDetailsService;
 
-public interface UserAccountSecurityService extends UserDetailsService {
+public interface SimpleworklistUserAccountSecurityService extends UserDetailsService {
 }

src/main/java/org/woehlke/simpleworklist/user/services/UserAccountSecurityServiceImpl.java renamed to src/main/java/org/woehlke/simpleworklist/user/services/SimpleworklistUserAccountSecurityServiceImpl.java

@@ -14,12 +14,12 @@
 @Slf4j
 @Service
 @Transactional(propagation = Propagation.REQUIRED, readOnly = true)
-public class UserAccountSecurityServiceImpl implements UserAccountSecurityService {
+public class SimpleworklistUserAccountSecurityServiceImpl implements SimpleworklistUserAccountSecurityService {
 
     private final UserAccountRepository userAccountRepository;
 
     @Autowired
-    public UserAccountSecurityServiceImpl(UserAccountRepository userAccountRepository) {
+    public SimpleworklistUserAccountSecurityServiceImpl(UserAccountRepository userAccountRepository) {
         this.userAccountRepository = userAccountRepository;
     }
 

src/main/java/org/woehlke/simpleworklist/user/services/UserPasswordRecoveryServiceImpl.java

@@ -9,7 +9,7 @@
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Propagation;
 import org.springframework.transaction.annotation.Transactional;
-import org.woehlke.simpleworklist.application.ApplicationProperties;
+import org.woehlke.simpleworklist.config.SimpleworklistProperties;
 import org.woehlke.simpleworklist.user.domain.resetpassword.UserPasswordRecovery;
 import org.woehlke.simpleworklist.user.domain.resetpassword.UserPasswordRecoveryRepository;
 import org.woehlke.simpleworklist.user.domain.resetpassword.UserPasswordRecoveryStatus;
@@ -23,14 +23,14 @@
 public class UserPasswordRecoveryServiceImpl implements UserPasswordRecoveryService {
 
     private final UserPasswordRecoveryRepository userPasswordRecoveryRepository;
-    private final ApplicationProperties applicationProperties;
+    private final SimpleworklistProperties simpleworklistProperties;
     private final TokenGeneratorService tokenGeneratorService;
     private final JavaMailSender mailSender;
 
     @Autowired
-    public UserPasswordRecoveryServiceImpl(UserPasswordRecoveryRepository userPasswordRecoveryRepository, ApplicationProperties applicationProperties, TokenGeneratorService tokenGeneratorService, JavaMailSender mailSender) {
+    public UserPasswordRecoveryServiceImpl(UserPasswordRecoveryRepository userPasswordRecoveryRepository, SimpleworklistProperties simpleworklistProperties, TokenGeneratorService tokenGeneratorService, JavaMailSender mailSender) {
         this.userPasswordRecoveryRepository = userPasswordRecoveryRepository;
-        this.applicationProperties = applicationProperties;
+        this.simpleworklistProperties = simpleworklistProperties;
         this.tokenGeneratorService = tokenGeneratorService;
         this.mailSender = mailSender;
     }
@@ -43,15 +43,15 @@ public UserPasswordRecovery findByToken(String token) {
     @Override
     public boolean passwordRecoveryIsRetryAndMaximumNumberOfRetries(String email) {
         UserPasswordRecovery earlierOptIn = userPasswordRecoveryRepository.findByEmail(email);
-        return earlierOptIn == null?false:earlierOptIn.getNumberOfRetries() >= applicationProperties.getRegistration().getMaxRetries();
+        return earlierOptIn == null?false:earlierOptIn.getNumberOfRetries() >= simpleworklistProperties.getRegistration().getMaxRetries();
     }
 
     @Override
     public void passwordRecoveryCheckIfResponseIsInTime(String email) {
         UserPasswordRecovery earlierOptIn = userPasswordRecoveryRepository.findByEmail(email);
         if (earlierOptIn != null) {
             Date now = new Date();
-            if ((applicationProperties.getRegistration().getTtlEmailVerificationRequest() + earlierOptIn.getRowCreatedAt().getTime()) < now.getTime()) {
+            if ((simpleworklistProperties.getRegistration().getTtlEmailVerificationRequest() + earlierOptIn.getRowCreatedAt().getTime()) < now.getTime()) {
                 userPasswordRecoveryRepository.delete(earlierOptIn);
             }
         }
@@ -103,8 +103,8 @@ public void passwordRecoveryDone(UserPasswordRecovery o) {
     }
 
     private void sendEmailForPasswordReset(UserPasswordRecovery o) {
-        String urlHost = applicationProperties.getRegistration().getUrlHost();
-        String mailFrom= applicationProperties.getRegistration().getMailFrom();
+        String urlHost = simpleworklistProperties.getRegistration().getUrlHost();
+        String mailFrom= simpleworklistProperties.getRegistration().getMailFrom();
         boolean success = true;
         SimpleMailMessage msg = new SimpleMailMessage();
         msg.setTo(o.getEmail());