Removed test controller, added login controller, and authentication

Only a temporary authentication is set up at the moment.

src/main/java/nl/andrewlalis/teaching_assistant_assistant/config/WebSecurityConfig.java

@@ -1,41 +1,68 @@
 package nl.andrewlalis.teaching_assistant_assistant.config;
 
+import nl.andrewlalis.teaching_assistant_assistant.model.security.UserDetailsService;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.core.userdetails.User;
-import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
 
 @Configuration
 @EnableWebSecurity
 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        http.authorizeRequests()
-                .antMatchers("/").permitAll()
-                .anyRequest().authenticated()
-                .and()
-                .authorizeRequests()
-                .antMatchers("/resources/**").permitAll().anyRequest().permitAll()
-                .and()
-                .formLogin()
-                .loginPage("/login")
-                .permitAll()
-                .and()
-                .logout()
-                .permitAll();
+    private UserDetailsService userDetailsService;
+
+    protected WebSecurityConfig(UserDetailsService userDetailsService) {
+        this.userDetailsService = userDetailsService;
     }
 
-    public UserDetailsService userDetailsService () {
-        UserDetails user = User.withDefaultPasswordEncoder()
-                .username("andrewlalis")
-                .password("test")
-                .roles("USER")
-                .build();
-        return new InMemoryUserDetailsManager(user);
+    @Override
+    protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
+        auth.inMemoryAuthentication()
+                .withUser("tester")
+                .password(passwordEncoder().encode("tester"))
+                .roles("USER");
+        auth.userDetailsService(this.userDetailsService);
+    }
+
+    @Override
+    protected void configure(final HttpSecurity http) throws Exception {
+        http
+                .csrf().disable() // So that we can GET the logout page.
+
+                .authorizeRequests() // Let anyone view the login and logout pages.
+                    .antMatchers("/login*", "/logout*")
+                    .permitAll()
+                    .anyRequest()
+                    .authenticated()
+                    .and()
+
+                .authorizeRequests() // Only logged in users should be able to see site content.
+                    .antMatchers("/**")
+                    .hasRole("USER")
+                    .and()
+
+                .formLogin()
+                    .loginPage("/login")
+                    .loginProcessingUrl("/login")
+                    .defaultSuccessUrl("/", true)
+                    .failureUrl("/login?error")
+                    .and()
+
+                .logout()
+                    .clearAuthentication(true)
+                    .invalidateHttpSession(true)
+                    .logoutUrl("/logout")
+                    .logoutSuccessUrl("/login")
+                    .deleteCookies("JSESSIONID");
+    }
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
     }
 }

src/main/java/nl/andrewlalis/teaching_assistant_assistant/controllers/LoginController.java

@@ -0,0 +1,22 @@
+package nl.andrewlalis.teaching_assistant_assistant.controllers;
+
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
+
+/**
+ * Controller for the login page, visible to all users.
+ */
+@Controller
+public class LoginController {
+
+    private final Logger logger = LogManager.getLogger(LoginController.class);
+
+    @GetMapping("/login")
+    public String get() {
+        logger.info("User got login page.");
+
+        return "login";
+    }
+}

src/main/java/nl/andrewlalis/teaching_assistant_assistant/controllers/TestController.java

@@ -1,17 +0,0 @@
-package nl.andrewlalis.teaching_assistant_assistant.controllers;
-
-import org.springframework.stereotype.Controller;
-import org.springframework.ui.Model;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.RequestParam;
-
-@Controller
-public class TestController {
-
-    @GetMapping("/test")
-    public String test (@RequestParam(name="name", required=false, defaultValue="World") String name, Model model) {
-        model.addAttribute("name", name);
-        return "test";
-    }
-
-}

src/main/java/nl/andrewlalis/teaching_assistant_assistant/model/security/UserDetailsService.java

@@ -3,9 +3,11 @@ package nl.andrewlalis.teaching_assistant_assistant.model.security;
 import nl.andrewlalis.teaching_assistant_assistant.model.repositories.UserRepository;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Service;
 
 import java.util.Optional;
 
+@Service
 public class UserDetailsService implements org.springframework.security.core.userdetails.UserDetailsService {
 
     private UserRepository userRepository;

src/main/resources/templates/fragments/header.html

@@ -15,6 +15,7 @@
         <li><a href="/courses" th:href="@{/courses}">Courses</a>
         <li><a href="/students" th:href="@{/students}">Students</a></li>
         <li><a href="/teaching_assistants" th:href="@{/teaching_assistants}">Teaching Assistants</a></li>
+        <li><a href="/logout" th:href="@{/logout}">Log Out</a></li>
     </ul>
 </nav>
 

src/main/resources/templates/index.html

@@ -1,5 +1,5 @@
 <!DOCTYPE html>
-<html xmlns:th="http://www.thymeleaf.org" th:replace="~{layouts/basic_page :: layout (~{::title}, ~{::#content}, ~{::#sidebar})}">
+<html xmlns:th="http://www.thymeleaf.org" th:replace="~{layouts/basic_page :: layout (~{::title}, ~{::#content}, ~{::#sidebar})}" lang="en">
 <head>
     <title>Homepage</title>
 </head>

src/main/resources/templates/login.html

@@ -0,0 +1,24 @@
+<!DOCTYPE html>
+<html xmlns:th="http://www.thymeleaf.org" lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>Login</title>
+</head>
+<body>
+
+<div th:if="${param.error}">
+    Invalid username or password!
+</div>
+
+<div th:if="${param.logout}">
+    You have been logged out!
+</div>
+
+<form th:action="@{/login}" method="post">
+    <label>Username: <input type="text" name="username"/></label>
+    <label>Password: <input type="password" name="password"/></label>
+    <button type="submit">Login</button>
+</form>
+
+</body>
+</html>

src/main/resources/templates/test.html

@@ -1,12 +0,0 @@
-<!DOCTYPE html>
-<html lang="en" xmlns:th="http://www.thymeleaf.org">
-<head>
-    <title>Test Controller Page</title>
-    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-</head>
-<body>
-
-<p th:text="'Hello, ' + ${name} + '!'"></p>
-
-</body>
-</html>