Merge pull request #11 from kento-kotlin-sandbox/future/add_spring_security

Kento75 · web-flow · commit a7b463a73829 · 2018-12-24T08:10:19.000+09:00
Future/add spring security
diff --git a/pom.xml b/pom.xml
@@ -14,7 +14,7 @@
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
-		<version>2.1.1.RELEASE</version>
+		<version>2.0.0.RELEASE</version>
 		<relativePath/> <!-- lookup parent from repository -->
 	</parent>
 
@@ -25,61 +25,76 @@
 	</properties>
 
 	<dependencies>
+		<!-- SpringJDBC -->
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-jdbc</artifactId>
 		</dependency>
+		<!-- Thymeleaf -->
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-thymeleaf</artifactId>
 		</dependency>
+		<!-- SpringBoot -->
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-web</artifactId>
 		</dependency>
-
+		<!-- DevTools -->
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-devtools</artifactId>
 			<scope>runtime</scope>
 		</dependency>
+		<!-- SpringSecurity -->
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-security</artifactId>
+		</dependency>
+		<!-- Thyemeleaf拡張（セキュリティ） -->
+		<dependency>
+			<groupId>org.thymeleaf.extras</groupId>
+			<artifactId>thymeleaf-extras-springsecurity4</artifactId>
+		</dependency>
+		<!-- H2データベース -->
 		<dependency>
 			<groupId>com.h2database</groupId>
 			<artifactId>h2</artifactId>
 			<scope>runtime</scope>
 		</dependency>
+		<!-- Lombok -->
 		<dependency>
 			<groupId>org.projectlombok</groupId>
 			<artifactId>lombok</artifactId>
 			<optional>true</optional>
 		</dependency>
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter-test</artifactId>
-			<scope>test</scope>
-		</dependency>
-		
 		<!-- webjars:JQuery -->
 		<dependency>
-		  <groupId>org.webjars</groupId>
-		  <artifactId>jquery</artifactId>
-		  <version>1.11.1</version>
+			<groupId>org.webjars</groupId>
+			<artifactId>jquery</artifactId>
+			<version>1.11.1</version>
 		</dependency>
 		<!-- webjars:Bootstrap -->
 		<dependency>
-		  <groupId>org.webjars</groupId>
-		  <artifactId>bootstrap</artifactId>
-		  <version>3.3.7-1</version>
+			<groupId>org.webjars</groupId>
+			<artifactId>bootstrap</artifactId>
+			<version>3.3.7-1</version>
 		</dependency>
 		<!-- Spring AOP -->
 		<dependency>
-          <groupId>org.springframework</groupId>
-		  <artifactId>spring-aop</artifactId>
+			<groupId>org.springframework</groupId>
+			<artifactId>spring-aop</artifactId>
 		</dependency>
 		<!-- AspectJ -->
 		<dependency>
-		  <groupId>org.aspectj</groupId>
-		  <artifactId>aspectjweaver</artifactId>
+			<groupId>org.aspectj</groupId>
+			<artifactId>aspectjweaver</artifactId>
+		</dependency>
+		<!-- Spring Test -->
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-test</artifactId>
+			<scope>test</scope>
 		</dependency>
 	</dependencies>
 
diff --git a/src/main/java/com/example/demo/SecurityConfig.java b/src/main/java/com/example/demo/SecurityConfig.java
@@ -0,0 +1,96 @@
+package com.example.demo;
+
+import javax.sql.DataSource;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+
+
+@EnableWebSecurity
+@Configuration
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+	
+	// パスワードエンコーダーBeanの定義
+	@Bean
+	public PasswordEncoder passwordEncoder() {
+		return new BCryptPasswordEncoder();
+	}
+	
+	// データソース
+	@Autowired
+	private DataSource dataSource;
+	
+	// ユーザーIDとパスワードを取得するSQL
+	private static final String USER_SQL = "SELECT"
+			+ " user_id,"
+			+ " password,"
+			+ " true"
+			+ " FROM"
+			+ " m_user"
+			+ " WHERE"
+			+ " user_id = ?";
+	
+	// ユーザーのロールを取得するSQL
+	private static final String ROLE_SQL = "SELECT"
+			+ " user_id,"
+			+ " role"
+			+ " FROM"
+			+ " m_user"
+			+ " WHERE"
+			+ " user_id = ?";
+	
+	@Override
+	public void configure(WebSecurity web) throws Exception {
+		// 静的リソースへのアクセスには、セキュリティを適用しない
+		web.ignoring().antMatchers("/webjars/**", "/css/**");
+	}
+	
+	@Override
+	protected void configure(HttpSecurity http) throws Exception {
+		// ログイン不要ページの設定
+		http.authorizeRequests()
+			.antMatchers("/webjars/**").permitAll()           // webjarsへのアクセス許可
+			.antMatchers("/css/**").permitAll()               // cssへのアクセス許可
+			.antMatchers("/login").permitAll()                // ログインページは直リンク許可
+			.antMatchers("/signup").permitAll()               // ユーザー登録画面は直リンク許可
+			.antMatchers("/admin").hasAuthority("ROLE_ADMIN") // 権限の設定
+			.anyRequest().authenticated();                    // それ以外は直リンク禁止
+		
+		// ログイン処理
+		http.formLogin()
+			.loginProcessingUrl("/login")       // ログイン処理のパス
+			.loginPage("/login")                // ログインページの指定
+			.failureUrl("/login")               // ログイン失敗時の遷移先
+			.usernameParameter("userId")        // ログインページのユーザーID
+			.passwordParameter("password")      // ログインページのパスワード
+			.defaultSuccessUrl("/home", true);  // ログイン成功後の遷移先
+		
+		// ログアウト処理
+		http.logout()
+		    .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
+		    .logoutUrl("/logout")
+		    .logoutSuccessUrl("/login");
+		
+		// CSRF対策を無効に設定（一時的）
+		// http.csrf().disable();
+	}
+	
+	@Override
+	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+		// ログイン処理時のユーザー情報を、DBから取得
+		auth.jdbcAuthentication()
+		    .dataSource(dataSource)
+		    .usersByUsernameQuery(USER_SQL)
+		    .authoritiesByUsernameQuery(ROLE_SQL)
+		    .passwordEncoder(passwordEncoder());
+	}
+}
diff --git a/src/main/java/com/example/demo/domain/model/repository/jdbc/UserDaoJdbcImpl.java b/src/main/java/com/example/demo/domain/model/repository/jdbc/UserDaoJdbcImpl.java
@@ -8,18 +8,22 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.dao.DataAccessException;
 import org.springframework.jdbc.core.JdbcTemplate;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Repository;
 
 import com.example.demo.domain.model.User;
 import com.example.demo.domain.model.repository.UserDao;
 
-// TODO: 各ロジックを埋める
+
 @Repository("UserDaoJdbcImpl")
 public class UserDaoJdbcImpl implements UserDao {
     
 	@Autowired
 	JdbcTemplate jdbc;
 	
+	@Autowired
+	PasswordEncoder passwordEncoder;
+	
 	// Userテーブルの件数を取得
 	@Override
 	public int count() throws DataAccessException {
@@ -32,17 +36,24 @@ public int count() throws DataAccessException {
 	// Userテーブルにデータを1件insert
 	@Override
 	public int insertOne(User user) throws DataAccessException {
+		
+		// パスワード暗号化
+		String password = passwordEncoder.encode(user.getPassword());
+		
+		// ユーザーテーブルに1件登録するSQL
+		String sql = "INSERT INTO m_user(user_id,"
+				   + "password,"
+				   + "user_name,"
+				   + "birthday,"
+				   + "age,"
+				   + "marriage,"
+				   + "role) "
+				   + "VALUES(?, ?, ?, ?, ?, ?, ?)";
+		
         // 1件登録
-		int rowNumber =jdbc.update("INSERT INTO m_user(user_id,"
-				+ "password,"
-				+ "user_name,"
-				+ "birthday,"
-				+ "age,"
-				+ "marriage,"
-				+ "role) "
-				+ "VALUES(?, ?, ?, ?, ?, ?, ?)"
-				,user.getUserId()
-				,user.getPassword()
+		int rowNumber =jdbc.update(sql
+                ,user.getUserId()
+				,password
 				,user.getUserName()
 				,user.getBirthday()
 				,user.getAge()
@@ -119,16 +130,22 @@ public List<User> selectMany() throws DataAccessException {
 	@Override
 	public int updateOne(User user) throws DataAccessException {
 		
+		// パスワード暗号化
+		String password = passwordEncoder.encode(user.getPassword());
+		
+		// 1件更新するSQL
+		String sql = "UPDATE M_USER"
+			   	   + " SET"
+				   + " password=?,"
+				   + " user_name=?,"
+				   + " birthday=?,"
+				   + " age=?,"
+				   + " marriage=?"
+				   + " WHERE user_id=?";
+		
 		// 1件更新
-		int rowNumber = jdbc.update("UPDATE M_USER"
-				+ " SET"
-				+ " password=?,"
-				+ " user_name=?,"
-				+ " birthday=?,"
-				+ " age=?,"
-				+ " marriage=?"
-				+ " WHERE user_id=?"
-				, user.getPassword()
+		int rowNumber = jdbc.update(sql
+				, password
 				, user.getUserName()
 				, user.getBirthday()
 				, user.getAge()
diff --git a/src/main/java/com/example/demo/login/controller/HomeController.java b/src/main/java/com/example/demo/login/controller/HomeController.java
@@ -69,6 +69,16 @@ public String getUserList(Model model) {
     	return "login/homeLayout";
     }
     
+    // 管理者用画面
+    @GetMapping("/admin")
+    public String getAdmin(Model model) {
+    	// コンテンツ部分にユーザー詳細を表示するための文字列を登録
+    	model.addAttribute("contents", "login/admin :: admin_contents");
+    	
+    	// レイアウト用テンプレート
+    	return "login/homeLayout";
+    }
+    
     // ユーザー詳細画面
     @GetMapping("/userDetail/{id:.+}")
     public String getDetail(@ModelAttribute SignupForm form, Model model, @PathVariable("id") String userId) {
diff --git a/src/main/resources/data.sql b/src/main/resources/data.sql
@@ -4,4 +4,8 @@ VALUES(1, '山田太郎', 30);
 
 /* ユーザーマスタテーブルのデータ(管理者権限あり) */
 INSERT INTO m_user(user_id, password, user_name, birthday, age, marriage, role)
-VALUES('kento75@xxx.co.jp', 'password', 'Kento75', '1993-07-05', 25, false, 'ROLE_ADMIN');
+VALUES('kento75@xxx.co.jp', '$2a$10$xRTXvpMWly0oGiu65WZlm.3YL95LGVV2ASFjDhe6WF4.Qji1huIPa', 'Kento75', '1993-07-05', 25, false, 'ROLE_ADMIN');
+
+/* ユーザーマスタのデータ(一般権限) */
+INSERT INTO m_user(user_id, password, user_name, birthday, age, marriage, role)
+VALUES('kento@xxx.co.jp', '$2a$10$xRTXvpMWly0oGiu65WZlm.3YL95LGVV2ASFjDhe6WF4.Qji1huIPa', 'Kento755', '1993-07-05', 25, false, 'ROLE_GENERAL');
diff --git a/src/main/resources/messages.properties b/src/main/resources/messages.properties
@@ -26,3 +26,12 @@ typeMismatch.signupForm.age=数値を入力してください
 
 # 結婚ステータス
 AssertFalse.signupForm.marriage=未婚の方のみ登録できます
+
+# **********************
+# ログイン失敗時のメッセージ
+# **********************
+AbstractUserDetailsAuthenticationProvider.locked=アカウントはロックされています。
+AbstractUserDetailsAuthenticationProvider.disabled=アカウントは使用できません。
+AbstractUserDetailsAuthenticationProvider.expired=アカウントの有効期限が切れています。
+AbstractUserDetailsAuthenticationProvider.credentialsExpired=パスワードの有効期限が切れています。
+AbstractUserDetailsAuthenticationProvider.badCredentials=ログインIDまたはパスワードが間違っています。
diff --git a/src/main/resources/templates/login/admin.html b/src/main/resources/templates/login/admin.html
@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html xmlns:th="http://www.thymeleaf.org" xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout">
+<head>
+  <meta charset="UTF-8"></meta>
+  <title>管理者画面</title>
+</head>
+<body>
+  <div th:fragment="admin_contents">
+    <div class="page-header">
+      <h1>管理者専用画面</h1>
+    </div>
+  </div>
+</body>
+</html>
diff --git a/src/main/resources/templates/login/homeLayout.html b/src/main/resources/templates/login/homeLayout.html
@@ -1,5 +1,7 @@
 <!DOCTYPE html>
-<html xmlns:th="http://www.thymeleaf.org" xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout">
+<html xmlns:th="http://www.thymeleaf.org"
+      xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout"
+      xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4">
 <head>
   <meta charset="UTF-8"></meta>
   <!-- BootStrap -->
@@ -28,7 +30,10 @@
       <div class="col-sm-2 sidebar">
         <ul class="nav nav-pills nav-stacked">
           <li role="presentation">
-            <a th:href="@{/userList}">ユーザー管理</a>
+            <a th:href="@{'/userList'}">ユーザー管理</a>
+          </li>
+          <li role="presentation" sec:authorize="hasRole('ADMIN')">
+            <a th:href="@{'/admin'}">管理者用画面</a>
           </li>
         </ul>
       </div>
diff --git a/src/main/resources/templates/login/login.html b/src/main/resources/templates/login/login.html
@@ -10,12 +10,18 @@
 <body class="text-center">
   <h1>Login</h1>
   <form method="post" action="/login">
+    <p th:if="${session['SPRING_SECURITY_LAST_EXCEPTION']} != null"
+      th:text="${session['SPRING_SECURITY_LAST_EXCEPTION'].message}" class="text-danger">
+      ログインエラーメッセージ
+    </p>
     <label>ユーザーID</label>
-    <input type="text"/><br/>
+    <input type="text" name="userId" /><br/>
     <br />
     <label>パスワード</label>
-    <input type="password"/><br/>
+    <input type="password" name="password" /><br/>
     <br/>
+    <!-- CSRF -->
+    <input type="hidden" th:name="${_csrf.parameterName}" th:value="${_csrf.token}" />
     <button class="btn btn-primary" type="submit">ログイン</button>
   </form>
   <br/>

-Original file line number
+Diff line change
 /* ユーザーマスタテーブルのデータ(管理者権限あり) */
 INSERT INTO m_user(user_id, password, user_name, birthday, age, marriage, role)
 -VALUES('[email protected]', 'password', 'Kento75', '1993-07-05', 25, false, 'ROLE_ADMIN');
 +VALUES('[email protected]', '$2a$10$xRTXvpMWly0oGiu65WZlm.3YL95LGVV2ASFjDhe6WF4.Qji1huIPa', 'Kento75', '1993-07-05', 25, false, 'ROLE_ADMIN');
++
 +/* ユーザーマスタのデータ(一般権限) */
 +INSERT INTO m_user(user_id, password, user_name, birthday, age, marriage, role)
 +VALUES('[email protected]', '$2a$10$xRTXvpMWly0oGiu65WZlm.3YL95LGVV2ASFjDhe6WF4.Qji1huIPa', 'Kento755', '1993-07-05', 25, false, 'ROLE_GENERAL');