Merge pull request #13 from kento-kotlin-sandbox/future/add_rest_logic

Kento75 · web-flow · commit f58dafe98156 · 2018-12-26T06:16:34.000+09:00
Future/add rest logic
diff --git a/src/main/java/com/example/demo/RestMatcher.java b/src/main/java/com/example/demo/RestMatcher.java
@@ -0,0 +1,35 @@
+package com.example.demo;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.security.web.util.matcher.RequestMatcher;
+
+
+public class RestMatcher implements RequestMatcher {
+
+	// マッチャー
+	private AntPathRequestMatcher matcher;
+	
+	// コンストラクタ
+	public RestMatcher(String url) {
+		super();
+		matcher = new AntPathRequestMatcher(url);
+	}
+	
+	// URLのマッチ条件
+	@Override
+	public boolean matches(HttpServletRequest request) {
+		// GETならCSRFのチェックをしない
+		if("GET".equals(request.getMethod())) {
+			return false;
+		}
+		
+		// 特定のURLに該当する場合、CSRFチェックしない
+		if(matcher.matches(request)) {
+			return false;
+		}
+		
+		return true;
+	}
+}
diff --git a/src/main/java/com/example/demo/SecurityConfig.java b/src/main/java/com/example/demo/SecurityConfig.java
@@ -13,6 +13,7 @@
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.security.web.util.matcher.RequestMatcher;
 
 
 @EnableWebSecurity
@@ -62,6 +63,7 @@ protected void configure(HttpSecurity http) throws Exception {
 			.antMatchers("/css/**").permitAll()               // cssへのアクセス許可
 			.antMatchers("/login").permitAll()                // ログインページは直リンク許可
 			.antMatchers("/signup").permitAll()               // ユーザー登録画面は直リンク許可
+			.antMatchers("/rest/**").permitAll()              // REST
 			.antMatchers("/admin").hasAuthority("ROLE_ADMIN") // 権限の設定
 			.anyRequest().authenticated();                    // それ以外は直リンク禁止
 		
@@ -80,6 +82,12 @@ protected void configure(HttpSecurity http) throws Exception {
 		    .logoutUrl("/logout")
 		    .logoutSuccessUrl("/login");
 		
+		// CSRFを無効にするURLを設定
+		RequestMatcher csrfMatcher = new RestMatcher("/rest/**");
+		
+		// RESTのみCSRF対策を無効に設定
+		http.csrf().requireCsrfProtectionMatcher(csrfMatcher);
+		
 		// CSRF対策を無効に設定（一時的）
 		// http.csrf().disable();
 	}
diff --git a/src/main/java/com/example/demo/domain/service/RestService.java b/src/main/java/com/example/demo/domain/service/RestService.java
@@ -0,0 +1,23 @@
+package com.example.demo.domain.service;
+
+import java.util.List;
+
+import com.example.demo.domain.model.User;
+
+// Rest用インターフェース
+public interface RestService {
+	// 1件登録用メソッド
+	public boolean insert(User user);
+	
+	// 1件検索用メソッド
+	public User selectOne(String userId);
+	
+	// 全件検索用メソッド
+	public List<User> selectMany();
+	
+	// 1件更新用メソッド
+	public boolean update(User user);
+	
+	// 1件削除用メソッド
+	public boolean delete(String userId);
+}
diff --git a/src/main/java/com/example/demo/domain/service/jdbc/RestServiceJdbcImpl.java b/src/main/java/com/example/demo/domain/service/jdbc/RestServiceJdbcImpl.java
@@ -0,0 +1,70 @@
+package com.example.demo.domain.service.jdbc;
+
+import java.util.List;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import com.example.demo.domain.model.User;
+import com.example.demo.domain.model.repository.UserDao;
+import com.example.demo.domain.service.RestService;
+
+
+@Transactional
+@Service
+public class RestServiceJdbcImpl implements RestService {
+	
+	@Autowired
+	@Qualifier("UserDaoJdbcImpl")
+	UserDao dao;
+	
+	// 1件登録用メソッド
+	@Override
+	public boolean insert(User user) {
+		int result = dao.insertOne(user);
+		
+		if(result == 0) {
+			return false;
+		} else {
+			return true;
+		}
+	}
+	
+	// 1件検索用メソッド
+	@Override
+	public User selectOne(String userId) {
+		return dao.selectOne(userId);
+	}
+	
+	// 全件検索用メソッド
+	@Override
+	public List<User> selectMany() {
+		return dao.selectMany();
+	}
+	
+	// 1件更新用メソッド
+	@Override
+	public boolean update(User user) {
+		int result = dao.updateOne(user);
+		
+		if(result == 0) {
+			return false;
+		} else {
+			return true;
+		}
+	}
+	
+	// 1件削除用メソッド
+	@Override
+	public boolean delete(String userId) {
+		int result = dao.deleteOne(userId);
+		
+		if(result == 0) {
+			return false;
+		} else {
+			return true;
+		}
+	}
+}
diff --git a/src/main/java/com/example/demo/login/controller/UserRestController.java b/src/main/java/com/example/demo/login/controller/UserRestController.java
@@ -0,0 +1,89 @@
+package com.example.demo.login.controller;
+
+import java.util.List;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RestController;
+
+import com.example.demo.domain.model.User;
+import com.example.demo.domain.service.RestService;
+
+
+@RestController
+public class UserRestController {
+	@Autowired
+	RestService service;
+	
+	// ユーザー全件取得
+	@GetMapping("/rest/get")
+	public List<User> getUserMany() {
+		// ユーザー全件取得
+		return service.selectMany();
+	}
+	
+	// ユーザー1件取得
+	@GetMapping("/rest/get/{id:.+}")
+	public User getUserOne(@PathVariable("id") String userId) {
+		// ユーザー1件取得
+		return service.selectOne(userId);
+	}
+	
+	// ユーザー1件登録
+	@PostMapping("/rest/insert")
+	public String postUserOne(@RequestBody User user) {
+		// ユーザーを1件登録
+		boolean result = service.insert(user);
+		
+		String str = "";
+		
+		if(result) {
+			str = "{\"result\":\"ok\"}";
+		} else {
+			str = "{\"result\":\"error\"}";
+		}
+		
+		// 結果用の文字列を返す
+		return str;
+	}
+	
+	// ユーザー1件更新
+	@PutMapping("/rest/update")
+	public String putUserOne(@RequestBody User user) {
+		// ユーザー1件更新
+		boolean result = service.update(user);
+		
+		String str = "";
+		
+		if(result) {
+			str = "{\"result\":\"ok\"}";
+		} else {
+			str = "{\"result\":\"error\"}";
+		}
+		
+		return str;
+	}
+	
+	// ユーザー1件削除
+	@DeleteMapping("/rest/delete/{id:.+}")
+	public String deleteUserOne(@PathVariable("id") String userId) {
+		// ユーザー1件削除
+		boolean result = service.delete(userId);
+		
+		String str = "";
+		
+		if(result) {
+			str = "{\"result\":\"ok\"}";
+		} else {
+			str = "{\"result\":\"error\"}";
+		}
+		
+		// 結果用の文字列をリターン
+		return str;
+	}
+}
