Add Hello Spring Security Xml Config project

Closes gh-25

servlet/xml/java/helloworld/build.gradle

@@ -0,0 +1,38 @@
+plugins {
+	id "java"
+	id "nebula.integtest" version "7.0.9"
+	id "org.gretty" version "3.0.3"
+	id "war"
+}
+
+apply from: "gradle/gretty.gradle"
+
+repositories {
+	jcenter()
+	maven { url "https://repo.spring.io/snapshot" }
+}
+
+dependencies {
+	implementation platform("org.springframework.security:spring-security-bom:5.6.0-SNAPSHOT")
+	implementation platform("org.junit:junit-bom:5.7.0")
+
+	implementation "org.springframework.security:spring-security-config"
+	implementation "org.springframework.security:spring-security-web"
+	implementation "org.thymeleaf:thymeleaf-spring5:3.0.11.RELEASE"
+	implementation 'javax.servlet:jstl:1.2'
+	implementation 'org.slf4j:slf4j-api:1.7.30'
+	implementation 'org.slf4j:slf4j-simple:1.7.30'
+
+	testImplementation "org.springframework:spring-test"
+	testImplementation "org.springframework.security:spring-security-test"
+	testImplementation("org.junit.jupiter:junit-jupiter-api")
+	testImplementation "org.assertj:assertj-core:3.18.0"
+
+	testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine")
+
+	integTestImplementation "org.seleniumhq.selenium:htmlunit-driver:2.44.0"
+}
+
+tasks.withType(Test).configureEach {
+	useJUnitPlatform()
+}

servlet/xml/java/helloworld/gradle.properties

@@ -0,0 +1 @@
+version=5.6.0-SNAPSHOT

servlet/xml/java/helloworld/gradle/gretty.gradle

@@ -0,0 +1,41 @@
+gretty {
+	servletContainer = "tomcat9"
+	contextPath = "/"
+	fileLogEnabled = false
+	integrationTestTask = 'integrationTest'
+}
+
+Task prepareAppServerForIntegrationTests = project.tasks.create('prepareAppServerForIntegrationTests') {
+	group = 'Verification'
+	description = 'Prepares the app server for integration tests'
+	doFirst {
+		project.gretty {
+			httpPort = -1
+		}
+	}
+}
+
+project.tasks.matching { it.name == "appBeforeIntegrationTest" }.all { task ->
+	task.dependsOn prepareAppServerForIntegrationTests
+}
+
+project.tasks.matching { it.name == "integrationTest" }.all {
+	task -> task.doFirst {
+		def gretty = project.gretty
+		String host = project.gretty.host ?: 'localhost'
+		boolean isHttps = gretty.httpsEnabled
+		Integer httpPort = integrationTest.systemProperties['gretty.httpPort']
+		Integer httpsPort = integrationTest.systemProperties['gretty.httpsPort']
+		int port = isHttps ? httpsPort : httpPort
+		String contextPath = project.gretty.contextPath
+		String httpBaseUrl = "http://${host}:${httpPort}${contextPath}"
+		String httpsBaseUrl = "https://${host}:${httpsPort}${contextPath}"
+		String baseUrl = isHttps ? httpsBaseUrl : httpBaseUrl
+		integrationTest.systemProperty 'app.port', port
+		integrationTest.systemProperty 'app.httpPort', httpPort
+		integrationTest.systemProperty 'app.httpsPort', httpsPort
+		integrationTest.systemProperty 'app.baseURI', baseUrl
+		integrationTest.systemProperty 'app.httpBaseURI', httpBaseUrl
+		integrationTest.systemProperty 'app.httpsBaseURI', httpsBaseUrl
+	}
+}

servlet/xml/java/helloworld/gradle/wrapper/gradle-wrapper.properties

@@ -0,0 +1,5 @@
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-6.9-bin.zip
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists

servlet/xml/java/helloworld/src/integTest/java/org/springframework/security/samples/HelloWorldXmlTests.java

@@ -0,0 +1,73 @@
+/*
+ * Copyright 2002-2021 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.samples;
+
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.openqa.selenium.WebDriver;
+import org.openqa.selenium.htmlunit.HtmlUnitDriver;
+
+import org.springframework.security.samples.pages.HomePage;
+import org.springframework.security.samples.pages.LoginPage;
+
+/**
+ * Tests for Hello World XML.
+ *
+ * @author Michael Simons
+ */
+public class HelloWorldXmlTests {
+
+	private WebDriver driver;
+
+	private int port;
+
+	@BeforeEach
+	void setup() {
+		this.port = Integer.parseInt(System.getProperty("app.httpPort"));
+		this.driver = new HtmlUnitDriver();
+	}
+
+	@AfterEach
+	void tearDown() {
+		this.driver.quit();
+	}
+
+	@Test
+	void accessHomePageWithUnauthenticatedUserSendsToLoginPage() {
+		final LoginPage loginPage = HomePage.to(this.driver, this.port);
+		loginPage.assertAt();
+	}
+
+	@Test
+	void authenticatedUserIsSentToOriginalPage() {
+		final HomePage homePage = HomePage.to(this.driver, this.port).loginForm().username("user").password("password")
+				.submit();
+		homePage.assertAt().andTheUserNameIsDisplayed();
+	}
+
+	@Test
+	void authenticatedUserLogsOut() {
+		LoginPage loginPage = HomePage.to(this.driver, this.port).loginForm().username("user").password("password")
+				.submit().logout();
+		loginPage.assertAt();
+
+		loginPage = HomePage.to(this.driver, this.port);
+		loginPage.assertAt();
+	}
+
+}

servlet/xml/java/helloworld/src/integTest/java/org/springframework/security/samples/pages/HomePage.java

@@ -0,0 +1,72 @@
+/*
+ * Copyright 2002-2018 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.samples.pages;
+
+import org.openqa.selenium.WebDriver;
+import org.openqa.selenium.WebElement;
+import org.openqa.selenium.support.FindBy;
+import org.openqa.selenium.support.PageFactory;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * Tests for HomePage.
+ *
+ * @author Michael Simons
+ */
+public class HomePage {
+
+	private final WebDriver webDriver;
+
+	@FindBy(css = "p")
+	private WebElement message;
+
+	@FindBy(css = "input[type=submit]")
+	private WebElement logoutButton;
+
+	public static LoginPage to(WebDriver driver, int port) {
+		driver.get("http://localhost:" + port + "/");
+		return PageFactory.initElements(driver, LoginPage.class);
+	}
+
+	public HomePage(WebDriver webDriver) {
+		this.webDriver = webDriver;
+	}
+
+	public Content assertAt() {
+		assertThat(this.webDriver.getTitle()).isEqualTo("Hello Security");
+		return PageFactory.initElements(this.webDriver, Content.class);
+	}
+
+	public LoginPage logout() {
+		this.logoutButton.submit();
+		return PageFactory.initElements(this.webDriver, LoginPage.class);
+	}
+
+	public static class Content {
+
+		@FindBy(css = "p")
+		private WebElement message;
+
+		public Content andTheUserNameIsDisplayed() {
+			assertThat(this.message.getText()).isEqualTo("Hello user");
+			return this;
+		}
+
+	}
+
+}

servlet/xml/java/helloworld/src/integTest/java/org/springframework/security/samples/pages/LoginPage.java

@@ -0,0 +1,83 @@
+/*
+ * Copyright 2002-2018 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.samples.pages;
+
+import org.openqa.selenium.WebDriver;
+import org.openqa.selenium.WebElement;
+import org.openqa.selenium.support.FindBy;
+import org.openqa.selenium.support.PageFactory;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * Tests for Login Page.
+ *
+ * @author Michael Simons
+ */
+public class LoginPage {
+
+	private final WebDriver webDriver;
+
+	private final LoginForm loginForm;
+
+	public LoginPage(WebDriver webDriver) {
+		this.webDriver = webDriver;
+		this.loginForm = PageFactory.initElements(this.webDriver, LoginForm.class);
+	}
+
+	public LoginPage assertAt() {
+		assertThat(this.webDriver.getTitle()).isEqualTo("Please sign in");
+		return this;
+	}
+
+	public LoginForm loginForm() {
+		return this.loginForm;
+	}
+
+	public static class LoginForm {
+
+		private WebDriver webDriver;
+
+		private WebElement username;
+
+		private WebElement password;
+
+		@FindBy(css = "button[type=submit]")
+		private WebElement submit;
+
+		public LoginForm(WebDriver webDriver) {
+			this.webDriver = webDriver;
+		}
+
+		public LoginForm username(String username) {
+			this.username.sendKeys(username);
+			return this;
+		}
+
+		public LoginForm password(String password) {
+			this.password.sendKeys(password);
+			return this;
+		}
+
+		public HomePage submit() {
+			this.submit.click();
+			return PageFactory.initElements(this.webDriver, HomePage.class);
+		}
+
+	}
+
+}

servlet/xml/java/helloworld/src/main/resources/logback.xml

@@ -0,0 +1,12 @@
+<configuration>
+	<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+	<encoder>
+		<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
+	</encoder>
+	</appender>
+
+	<root level="WARN">
+		<appender-ref ref="STDOUT" />
+	</root>
+
+</configuration>

servlet/xml/java/helloworld/src/main/webapp/META-INF/MANIFEST.MF

@@ -0,0 +1,2 @@
+Manifest-Version: 1.0
+

servlet/xml/java/helloworld/src/main/webapp/WEB-INF/spring/security.xml

@@ -0,0 +1,11 @@
+<b:beans xmlns="http://www.springframework.org/schema/security"
+		 xmlns:b="http://www.springframework.org/schema/beans"
+		 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+		 xsi:schemaLocation="http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd
+						http://www.springframework.org/schema/security https://www.springframework.org/schema/security/spring-security.xsd">
+	<http />
+
+	<user-service>
+		<user name="user" password="{noop}password" authorities="ROLE_USER" />
+	</user-service>
+</b:beans>

servlet/xml/java/helloworld/src/main/webapp/WEB-INF/web.xml

@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"
+		 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+		 xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+  https://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
+
+	<!--
+	  - Location of the XML file that defines the root application context
+	  - Applied by ContextLoaderListener.
+	  -->
+	<context-param>
+		<param-name>contextConfigLocation</param-name>
+		<param-value>
+			/WEB-INF/spring/*.xml
+		</param-value>
+	</context-param>
+
+
+	<filter>
+		<filter-name>springSecurityFilterChain</filter-name>
+		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+	</filter>
+	<filter-mapping>
+		<filter-name>springSecurityFilterChain</filter-name>
+		<url-pattern>/*</url-pattern>
+	</filter-mapping>
+
+	<!--
+	  - Loads the root application context of this web app at startup.
+	  - The application context is then available via
+	  - WebApplicationContextUtils.getWebApplicationContext(servletContext).
+	-->
+	<listener>
+		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+	</listener>
+</web-app>

servlet/xml/java/helloworld/src/main/webapp/index.jsp

@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page"
+    xmlns:c="http://java.sun.com/jsp/jstl/core" version="2.0">
+
+  <jsp:directive.page contentType="text/html" pageEncoding="UTF-8" />
+  <jsp:output omit-xml-declaration="true" />
+  <jsp:output doctype-root-element="HTML"
+              doctype-system="about:legacy-compat" />
+<html lang="en">
+  <head>
+    <title>Hello Security</title>
+    <c:url var="faviconUrl" value="/resources/img/favicon.ico"/>
+    <link rel="icon" type="image/x-icon" href="${faviconUrl}"/>
+    <c:url var="bootstrapUrl" value="/resources/css/bootstrap.css"/>
+    <link href="${bootstrapUrl}" rel="stylesheet"></link>
+    <c:url var="bootstrapResponsiveUrl" value="/resources/css/bootstrap-responsive.css"/>
+    <link href="${bootstrapResponsiveUrl}" rel="stylesheet"></link>
+    <!-- HTML5 shim, for IE6-8 support of HTML5 elements -->
+    <!--[if lt IE 9]>
+      <script src="https://html5shim.googlecode.com/svn/trunk/html5.js"></script>
+    <![endif]-->
+  </head>
+
+  <body>
+    <div class="container">
+      <h1>This is secured!</h1>
+      <p>
+        Hello <b>${pageContext.request.remoteUser}</b>
+      </p>
+      <c:url var="logoutUrl" value="/logout"/>
+      <form class="form-inline" action="${logoutUrl}" method="post">
+          <input type="submit" value="Log out" />
+          <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
+      </form>
+    </div>
+  </body>
+</html>
+</jsp:root>

settings.gradle

@@ -55,3 +55,4 @@ include ":servlet:spring-boot:java:oauth2:resource-server:static"
 include ":servlet:spring-boot:java:oauth2:webclient"
 include ":servlet:spring-boot:java:saml2-login"
 include ":servlet:spring-boot:kotlin:hello-security"
+include ":servlet:xml:java:helloworld"