Add spring security configuration.

src/main/java/org/codiki/account/AccountController.java

@@ -1,7 +1,7 @@
 package org.codiki.account;
 
 import java.io.IOException;
-import java.util.Optional;
+import java.security.Principal;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -9,8 +9,11 @@ import javax.servlet.http.HttpServletResponse;
 import org.codiki.core.entities.dto.PasswordWrapperDTO;
 import org.codiki.core.entities.dto.UserDTO;
 import org.codiki.core.entities.persistence.User;
-import org.codiki.core.security.TokenService;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.PutMapping;
@@ -21,40 +24,20 @@ import org.springframework.web.bind.annotation.RestController;
 @RestController
 @RequestMapping("/api/account")
 public class AccountController {
-
-	private static final String HEADER_TOKEN = "token";
-	
 	@Autowired
 	private AccountService accountService;
 	
-	@Autowired
-	private TokenService tokenService;
-	
-	/**
-	 * Log in the user in request body.
-	 * 
-	 * @param pUser
-	 *            The user to connect.
-	 * @param response
-	 *            The reponse injected by Spring.
-	 * @return The connected user object.
-	 * @throws IOException
-	 *             If credentials are bad.
-	 */
 	@PostMapping("/login")
-	public UserDTO login(@RequestBody UserDTO pUser, HttpServletResponse response) throws IOException {
-		return accountService.checkCredentials(response, pUser);
+	public UserDTO login(@RequestBody final User pUser) throws BadCredentialsException {
+		return new UserDTO(accountService.authenticate(pUser));
 	}
 	
-	/**
-	 * Log out the user.
-	 * 
-	 * @param pRequest
-	 *            The request injected by Spring.
-	 */
 	@GetMapping("/logout")
-	public void logout(HttpServletRequest pRequest) {
-		tokenService.removeUser(pRequest.getHeader(HEADER_TOKEN));
+	public void logout(final HttpServletRequest request, final HttpServletResponse response) {
+		final Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+		if(auth != null) {
+			new SecurityContextLogoutHandler().logout(request, response, auth);
+		}
 	}
 	
 	/**
@@ -74,13 +57,15 @@ public class AccountController {
 	@PutMapping("/changePassword")
 	public void changePassword(@RequestBody final PasswordWrapperDTO pPasswordWrapper,
 			final HttpServletRequest pRequest,
-			final HttpServletResponse pResponse) throws IOException {
-		final Optional<User> connectedUser = tokenService.getAuthenticatedUserByToken(pRequest);
-		if(connectedUser.isPresent()) {
-			accountService.changePassword(connectedUser.get(), pPasswordWrapper, pResponse);
-		} else {
-			pResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-		}
+			final HttpServletResponse pResponse,
+			final Principal pPrincipal) throws IOException {
+//		final Optional<User> connectedUser = tokenService.getAuthenticatedUserByToken(pRequest);
+//		if(connectedUser.isPresent()) {
+//			accountService.changePassword(connectedUser.get(), pPasswordWrapper, pResponse);
+//		} else {
+//			pResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+//		}
+
 	}
 	
 	@PostMapping("/signin")
@@ -90,7 +75,7 @@ public class AccountController {
 	
 	@PutMapping("/")
 	public void update(@RequestBody final UserDTO pUser, final HttpServletRequest pRequest,
-			final HttpServletResponse pResponse) throws IOException {
-		accountService.updateUser(pUser, pRequest, pResponse);
+			final HttpServletResponse pResponse, final Principal pPrincipal) throws IOException {
+		accountService.updateUser(pUser, pRequest, pResponse, pPrincipal);
 	}
 }