feat(fullstack): Read user out of JWT and persist with created and last modified
This commit is contained in:
@@ -1,6 +1,9 @@
|
||||
package com.betriebsratkanzlei.legalconsenthub.application_form
|
||||
|
||||
import com.betriebsratkanzlei.legalconsenthub.form_element.FormElement
|
||||
import com.betriebsratkanzlei.legalconsenthub.user.User
|
||||
import jakarta.persistence.AttributeOverride
|
||||
import jakarta.persistence.AttributeOverrides
|
||||
import jakarta.persistence.CascadeType
|
||||
import jakarta.persistence.Column
|
||||
import jakarta.persistence.Entity
|
||||
@@ -8,6 +11,7 @@ import jakarta.persistence.EntityListeners
|
||||
import jakarta.persistence.GeneratedValue
|
||||
import jakarta.persistence.Id
|
||||
import jakarta.persistence.OneToMany
|
||||
import jakarta.persistence.Embedded
|
||||
import org.springframework.data.annotation.CreatedDate
|
||||
import org.springframework.data.annotation.LastModifiedDate
|
||||
import org.springframework.data.jpa.domain.support.AuditingEntityListener
|
||||
@@ -30,11 +34,19 @@ class ApplicationForm(
|
||||
@Column(nullable = false)
|
||||
var isTemplate: Boolean,
|
||||
|
||||
@Column(nullable = false)
|
||||
var createdBy: String = "",
|
||||
@Embedded
|
||||
@AttributeOverrides(
|
||||
AttributeOverride(name = "id", column = Column(name = "created_by_id", nullable = false)),
|
||||
AttributeOverride(name = "name", column = Column(name = "created_by_name", nullable = false))
|
||||
)
|
||||
var createdBy: User,
|
||||
|
||||
@Column(nullable = false)
|
||||
var lastModifiedBy: String = "",
|
||||
@Embedded
|
||||
@AttributeOverrides(
|
||||
AttributeOverride(name = "id", column = Column(name = "last_modified_by_id", nullable = false)),
|
||||
AttributeOverride(name = "name", column = Column(name = "last_modified_by_name", nullable = false))
|
||||
)
|
||||
var lastModifiedBy: User,
|
||||
|
||||
@CreatedDate
|
||||
@Column(nullable = false)
|
||||
|
||||
@@ -1,20 +1,24 @@
|
||||
package com.betriebsratkanzlei.legalconsenthub.application_form
|
||||
|
||||
import com.betriebsratkanzlei.legalconsenthub.security.CustomJwtTokenPrincipal
|
||||
import com.betriebsratkanzlei.legalconsenthub.user.User
|
||||
import com.betriebsratkanzlei.legalconsenthub.user.UserMapper
|
||||
import com.betriebsratkanzlei.legalconsenthub_api.model.ApplicationFormDto
|
||||
import com.betriebsratkanzlei.legalconsenthub_api.model.CreateApplicationFormDto
|
||||
import org.springframework.security.core.context.SecurityContextHolder
|
||||
import org.springframework.stereotype.Component
|
||||
import java.time.LocalDateTime
|
||||
|
||||
@Component
|
||||
class ApplicationFormMapper(private val formElementMapper: FormElementMapper) {
|
||||
class ApplicationFormMapper(private val formElementMapper: FormElementMapper, private val userMapper: UserMapper) {
|
||||
fun toApplicationFormDto(applicationForm: ApplicationForm): ApplicationFormDto {
|
||||
return ApplicationFormDto(
|
||||
id = applicationForm.id ?: throw IllegalStateException("ApplicationForm ID must not be null!"),
|
||||
name = applicationForm.name,
|
||||
formElements = applicationForm.formElements.map { formElementMapper.toFormElementDto(it) },
|
||||
isTemplate = applicationForm.isTemplate,
|
||||
createdBy = applicationForm.createdBy,
|
||||
lastModifiedBy = applicationForm.lastModifiedBy,
|
||||
createdBy = userMapper.toUserDto(applicationForm.createdBy),
|
||||
lastModifiedBy = userMapper.toUserDto(applicationForm.lastModifiedBy),
|
||||
createdAt = applicationForm.createdAt ?: LocalDateTime.now(),
|
||||
modifiedAt = applicationForm.modifiedAt ?: LocalDateTime.now()
|
||||
)
|
||||
@@ -26,19 +30,23 @@ class ApplicationFormMapper(private val formElementMapper: FormElementMapper) {
|
||||
name = applicationForm.name,
|
||||
formElements = applicationForm.formElements.map { formElementMapper.toFormElement(it) }.toMutableList(),
|
||||
isTemplate = applicationForm.isTemplate,
|
||||
createdBy = applicationForm.createdBy,
|
||||
lastModifiedBy = applicationForm.lastModifiedBy,
|
||||
createdBy = userMapper.toUser(applicationForm.createdBy),
|
||||
lastModifiedBy = userMapper.toUser(applicationForm.lastModifiedBy),
|
||||
createdAt = applicationForm.createdAt,
|
||||
modifiedAt = applicationForm.modifiedAt
|
||||
)
|
||||
}
|
||||
|
||||
fun toApplicationForm(createApplicationFormDto: CreateApplicationFormDto): ApplicationForm {
|
||||
val principal = SecurityContextHolder.getContext().authentication.principal as CustomJwtTokenPrincipal
|
||||
val createdBy = User(principal.name ?: "UNKNOWN USER", principal.id ?: "")
|
||||
val lastModifiedBy = User(principal.name ?: "UNKNOWN USER", principal.id ?: "")
|
||||
|
||||
val applicationForm = ApplicationForm(
|
||||
name = createApplicationFormDto.name,
|
||||
isTemplate = createApplicationFormDto.isTemplate,
|
||||
createdBy = createApplicationFormDto.createdBy,
|
||||
lastModifiedBy = createApplicationFormDto.lastModifiedBy
|
||||
createdBy = createdBy,
|
||||
lastModifiedBy = lastModifiedBy,
|
||||
)
|
||||
applicationForm.formElements = createApplicationFormDto.formElements
|
||||
.map { formElementMapper.toFormElement(it, applicationForm) }
|
||||
|
||||
@@ -0,0 +1,22 @@
|
||||
package com.betriebsratkanzlei.legalconsenthub.config
|
||||
|
||||
import com.betriebsratkanzlei.legalconsenthub.security.CustomJwtAuthentication
|
||||
import com.betriebsratkanzlei.legalconsenthub.security.CustomJwtTokenPrincipal
|
||||
import org.springframework.core.convert.converter.Converter
|
||||
import org.springframework.security.authentication.AbstractAuthenticationToken
|
||||
import org.springframework.security.core.GrantedAuthority
|
||||
import org.springframework.security.oauth2.jwt.Jwt
|
||||
import org.springframework.stereotype.Component
|
||||
|
||||
@Component
|
||||
class CustomJwtAuthenticationConverter : Converter<Jwt, AbstractAuthenticationToken> {
|
||||
override fun convert(jwt: Jwt): AbstractAuthenticationToken {
|
||||
val authorities: Collection<GrantedAuthority> = emptyList()
|
||||
|
||||
val userId = jwt.getClaimAsString("id")
|
||||
val username = jwt.getClaimAsString("name")
|
||||
val principal = CustomJwtTokenPrincipal(userId, username)
|
||||
|
||||
return CustomJwtAuthentication(jwt, principal, authorities)
|
||||
}
|
||||
}
|
||||
@@ -15,7 +15,10 @@ import org.springframework.security.web.SecurityFilterChain
|
||||
class SecurityConfig {
|
||||
|
||||
@Bean
|
||||
fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
|
||||
fun securityFilterChain(
|
||||
http: HttpSecurity,
|
||||
customJwtAuthenticationConverter: CustomJwtAuthenticationConverter
|
||||
): SecurityFilterChain {
|
||||
http {
|
||||
csrf { disable() }
|
||||
authorizeHttpRequests {
|
||||
@@ -24,7 +27,7 @@ class SecurityConfig {
|
||||
authorize(anyRequest, authenticated)
|
||||
}
|
||||
oauth2ResourceServer {
|
||||
jwt { }
|
||||
jwt { jwtAuthenticationConverter = customJwtAuthenticationConverter }
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
package com.betriebsratkanzlei.legalconsenthub.security
|
||||
|
||||
import org.springframework.security.core.GrantedAuthority
|
||||
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken
|
||||
import org.springframework.security.oauth2.jwt.Jwt
|
||||
|
||||
class CustomJwtAuthentication(
|
||||
jwt: Jwt,
|
||||
private val principal: CustomJwtTokenPrincipal,
|
||||
authorities: Collection<GrantedAuthority>
|
||||
) : JwtAuthenticationToken(
|
||||
jwt, authorities, principal.id
|
||||
) {
|
||||
override fun getPrincipal(): CustomJwtTokenPrincipal {
|
||||
return principal
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,6 @@
|
||||
package com.betriebsratkanzlei.legalconsenthub.security
|
||||
|
||||
data class CustomJwtTokenPrincipal(
|
||||
val id: String? = null,
|
||||
val name: String? = null
|
||||
)
|
||||
@@ -0,0 +1,9 @@
|
||||
package com.betriebsratkanzlei.legalconsenthub.user
|
||||
|
||||
import jakarta.persistence.Embeddable
|
||||
|
||||
@Embeddable
|
||||
class User(
|
||||
var name: String,
|
||||
var id: String
|
||||
)
|
||||
@@ -0,0 +1,21 @@
|
||||
package com.betriebsratkanzlei.legalconsenthub.user
|
||||
|
||||
import com.betriebsratkanzlei.legalconsenthub_api.model.UserDto
|
||||
import org.springframework.stereotype.Component
|
||||
|
||||
@Component
|
||||
class UserMapper() {
|
||||
fun toUserDto(user: User): UserDto {
|
||||
return UserDto(
|
||||
id = user.id,
|
||||
name = user.name,
|
||||
)
|
||||
}
|
||||
|
||||
fun toUser(userDto: UserDto): User {
|
||||
return User(
|
||||
id = userDto.id,
|
||||
name = userDto.name,
|
||||
)
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user