Add rest template logic

Kento75 · Kento75 · commit e503288987e5 · 2018-12-24T21:23:05.000+09:00
diff --git a/src/main/java/com/example/demo/RestMatcher.java b/src/main/java/com/example/demo/RestMatcher.java
@@ -0,0 +1,35 @@
+package com.example.demo;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.security.web.util.matcher.RequestMatcher;
+
+
+public class RestMatcher implements RequestMatcher {
+
+	// マッチャー
+	private AntPathRequestMatcher matcher;
+	
+	// コンストラクタ
+	public RestMatcher(String url) {
+		super();
+		matcher = new AntPathRequestMatcher(url);
+	}
+	
+	// URLのマッチ条件
+	@Override
+	public boolean matches(HttpServletRequest request) {
+		// GETならCSRFのチェックをしない
+		if("GET".equals(request.getMethod())) {
+			return false;
+		}
+		
+		// 特定のURLに該当する場合、CSRFチェックしない
+		if(matcher.matches(request)) {
+			return false;
+		}
+		
+		return true;
+	}
+}
diff --git a/src/main/java/com/example/demo/SecurityConfig.java b/src/main/java/com/example/demo/SecurityConfig.java
@@ -13,6 +13,7 @@
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.security.web.util.matcher.RequestMatcher;
 
 
 @EnableWebSecurity
@@ -62,6 +63,7 @@ protected void configure(HttpSecurity http) throws Exception {
 			.antMatchers("/css/**").permitAll()               // cssへのアクセス許可
 			.antMatchers("/login").permitAll()                // ログインページは直リンク許可
 			.antMatchers("/signup").permitAll()               // ユーザー登録画面は直リンク許可
+			.antMatchers("/rest/**").permitAll()              // REST
 			.antMatchers("/admin").hasAuthority("ROLE_ADMIN") // 権限の設定
 			.anyRequest().authenticated();                    // それ以外は直リンク禁止
 		
@@ -80,6 +82,12 @@ protected void configure(HttpSecurity http) throws Exception {
 		    .logoutUrl("/logout")
 		    .logoutSuccessUrl("/login");
 		
+		// CSRFを無効にするURLを設定
+		RequestMatcher csrfMatcher = new RestMatcher("/rest/**");
+		
+		// RESTのみCSRF対策を無効に設定
+		http.csrf().requireCsrfProtectionMatcher(csrfMatcher);
+		
 		// CSRF対策を無効に設定（一時的）
 		// http.csrf().disable();
 	}
diff --git a/src/main/java/com/example/demo/domain/service/RestService.java b/src/main/java/com/example/demo/domain/service/RestService.java
@@ -0,0 +1,23 @@
+package com.example.demo.domain.service;
+
+import java.util.List;
+
+import com.example.demo.domain.model.User;
+
+// Rest用インターフェース
+public interface RestService {
+	// 1件登録用メソッド
+	public boolean insert(User user);
+	
+	// 1件検索用メソッド
+	public User selectOne(String userId);
+	
+	// 全件検索用メソッド
+	public List<User> selectMany();
+	
+	// 1件更新用メソッド
+	public boolean update(User user);
+	
+	// 1件削除用メソッド
+	public boolean delete(String userId);
+}
diff --git a/src/main/java/com/example/demo/domain/service/jdbc/RestServiceJdbcImpl.java b/src/main/java/com/example/demo/domain/service/jdbc/RestServiceJdbcImpl.java
@@ -0,0 +1,52 @@
+package com.example.demo.domain.service.jdbc;
+
+import java.util.List;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import com.example.demo.domain.model.User;
+import com.example.demo.domain.model.repository.UserDao;
+import com.example.demo.domain.service.RestService;
+
+
+@Transactional
+@Service
+public class RestServiceJdbcImpl implements RestService {
+	
+	@Autowired
+	@Qualifier("UserDaoJdbcImpl")
+	UserDao dao;
+	
+	// 1件登録用メソッド
+	@Override
+	public boolean insert(User user) {
+		return false;
+	}
+	
+	// 1件検索用メソッド
+	@Override
+	public User selectOne(String userId) {
+		return null;
+	}
+	
+	// 全件検索用メソッド
+	@Override
+	public List<User> selectMany() {
+		return null;
+	}
+	
+	// 1件更新用メソッド
+	@Override
+	public boolean update(User user) {
+		return false;
+	}
+	
+	// 1件削除用メソッド
+	@Override
+	public boolean delete(String userId) {
+		return false;
+	}
+}
diff --git a/src/main/java/com/example/demo/login/controller/UserRestController.java b/src/main/java/com/example/demo/login/controller/UserRestController.java
@@ -0,0 +1,13 @@
+package com.example.demo.login.controller;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.RestController;
+
+import com.example.demo.domain.service.RestService;
+
+
+@RestController
+public class UserRestController {
+	@Autowired
+	RestService service;
+}
