From a957bc6266b01e0bc48298b1c942c99c8e44ca3d Mon Sep 17 00:00:00 2001
From: filippo-ferrari <filippo.ferrari.pr@gmail.com>
Date: Fri, 6 Sep 2024 19:15:16 +0200
Subject: [PATCH] feat: improved SecurityConfiguration

---
 .../munera/SecurityConfiguration.java         | 63 ++++++++-----------
 1 file changed, 26 insertions(+), 37 deletions(-)

diff --git a/src/main/java/com/application/munera/SecurityConfiguration.java b/src/main/java/com/application/munera/SecurityConfiguration.java
index 22f9e99..555aad5 100644
--- a/src/main/java/com/application/munera/SecurityConfiguration.java
+++ b/src/main/java/com/application/munera/SecurityConfiguration.java
@@ -1,7 +1,9 @@
 package com.application.munera;
 
+import com.application.munera.repositories.UserRepository;
 import com.application.munera.views.login.LoginView;
 import com.vaadin.flow.spring.security.VaadinWebSecurity;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -9,64 +11,51 @@ import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.crypto.password.NoOpPasswordEncoder;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.security.provisioning.UserDetailsManager;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 
 @EnableWebSecurity
 @Configuration
-public class SecurityConfiguration
-        extends VaadinWebSecurity {
+public class SecurityConfiguration extends VaadinWebSecurity {
+
+    @Autowired
+    private UserRepository userRepository;
 
     @Override
     protected void configure(HttpSecurity http) throws Exception {
-        // Delegating the responsibility of general configurations
-        // of http security to the super class. It's configuring
-        // the followings: Vaadin's CSRF protection by ignoring
-        // framework's internal requests, default request cache,
-        // ignoring public views annotated with @AnonymousAllowed,
-        // restricting access to other views/endpoints, and enabling
-        // NavigationAccessControl authorization.
-        // You can add any possible extra configurations of your own
-        // here (the following is just an example):
-
-        // http.rememberMe().alwaysRemember(false);
-
-        // Configure your static resources with public access before calling
-        // super.configure(HttpSecurity) as it adds final anyRequest matcher
         http.authorizeHttpRequests(auth -> auth.requestMatchers(new AntPathRequestMatcher("/public/**"))
                 .permitAll());
-
         super.configure(http);
-
-        // This is important to register your login view to the
-        // navigation access control mechanism:
         setLoginView(http, LoginView.class);
     }
 
     @Override
     public void configure(WebSecurity web) throws Exception {
-        // Customize your WebSecurity configuration.
         super.configure(web);
     }
 
-    /**
-     * Demo UserDetailsManager which only provides two hardcoded
-     * in memory users and their roles.
-     * NOTE: This shouldn't be used in real world applications.
-     */
     @Bean
-    public UserDetailsManager userDetailsService() {
-        UserDetails user =
-                User.withUsername("user")
-                        .password("{noop}user")
-                        .roles("USER")
+    public UserDetailsManager userDetailsManager() {
+        return new InMemoryUserDetailsManager() {
+            @Override
+            public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+                 com.application.munera.data.User user = userRepository.findByUsername(username);
+                if (user == null) {
+                    throw new UsernameNotFoundException("User not found");
+                }
+                return User.withUsername(user.getUsername())
+                        .password(user.getPassword())
+                        .roles(user.getRoles().split(","))
                         .build();
-        UserDetails admin =
-                User.withUsername("admin")
-                        .password("{noop}admin")
-                        .roles("ADMIN")
-                        .build();
-        return new InMemoryUserDetailsManager(user, admin);
+            }
+        };
+    }
+
+    @Bean
+    public static NoOpPasswordEncoder passwordEncoder() {
+        return (NoOpPasswordEncoder) NoOpPasswordEncoder.getInstance();
     }
 }
\ No newline at end of file