multiple http elems config, controller, pages, test (#1307)

* multiple http elems config, controller, pages, test

* fix dependencies

* formatting

* formatting

* update security-test versiob

spring-security-mvc-boot/pom.xml

@@ -18,15 +18,20 @@
     </parent>
 
     <dependencies>
+     
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-security</artifactId>
         </dependency>
-        <dependency>
+       <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-web</artifactId>
         </dependency>
-
+        <dependency>
+            <groupId>org.apache.tomcat</groupId>
+            <artifactId>tomcat-catalina</artifactId>
+            <version>${tomcat.version}</version>
+        </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-tomcat</artifactId>
@@ -98,6 +103,12 @@
             <scope>test</scope>
         </dependency>
 		
+		 <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-test</artifactId>
+            <scope>test</scope>
+        </dependency>
+
         <dependency>
             <groupId>org.apache.derby</groupId>
             <artifactId>derby</artifactId>
@@ -158,6 +169,7 @@
                     <excludes>
                          <exclude>**/*IntegrationTest.java</exclude> 
                          <exclude>**/*LiveTest.java</exclude> 
+                         <exclude>**/*EntryPointsTest.java</exclude>
                     </excludes>
                     <systemPropertyVariables>
                         <!-- <provPersistenceTarget>h2</provPersistenceTarget> -->
@@ -279,6 +291,43 @@
                 </plugins>
             </build>
         </profile>
+        
+           <profile>
+            <id>entryPoints</id>
+            <build>
+
+                <plugins>
+
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-surefire-plugin</artifactId>
+                        <executions>
+                            <execution>
+                                <phase>integration-test</phase>
+                                <goals>
+                                    <goal>test</goal>
+                                </goals>
+                                <configuration>
+                                    <excludes>
+                                        <exclude>**/*LiveTest.java</exclude>
+                                        <exclude>**/*IntegrationTest.java</exclude>
+                                    </excludes>
+                                    <includes>
+                                        <include>**/*EntryPointsTest.java</include>
+                                    </includes>
+                                </configuration>
+                            </execution>
+                        </executions>
+                        <configuration>
+                            <systemPropertyVariables>
+                                <test.mime>json</test.mime>
+                            </systemPropertyVariables>
+                        </configuration>
+                    </plugin>
+                </plugins>
+
+            </build>
+        </profile>
     </profiles>
 
 
@@ -288,12 +337,17 @@
         <!--<start-class>org.baeldung.voter.VoterApplication</start-class>-->
         <!--If you want to run the example with the multiple logins, comment the tag above and uncomment the one below-->
         <!--<start-class>org.baeldung.multiplelogin.MultipleLoginApplication</start-class>-->
+        <!--If you want to run the example with the multiple http elements, comment the tag above and uncomment the one below-->
+        <!--<start-class>org.baeldung.multipleentrypoints.MultipleEntryPointsApplication</start-class>-->
+        
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <java.version>1.8</java.version>
         <derby.version>10.13.1.1</derby.version>
         <taglibs-standard.version>1.1.2</taglibs-standard.version>
         <spring-security-taglibs.version>4.2.0.RELEASE</spring-security-taglibs.version>
-		  <spring-security-core.version>4.2.0.RELEASE</spring-security-core.version>
+		<spring-security-core.version>4.2.0.RELEASE</spring-security-core.version>
+		<spring-security-test.version>4.2.0.RELEASE</spring-security-test.version>
+		<tomcat.version>8.5.11</tomcat.version>
       
         <jstl.version>1.2</jstl.version>
         <rest-assured.version>2.4.0</rest-assured.version>

spring-security-mvc-boot/src/main/java/org/baeldung/Application.java

@@ -9,7 +9,8 @@ import org.springframework.context.annotation.FilterType;
 
 @Configuration
 @EnableAutoConfiguration
-@ComponentScan(excludeFilters = { @ComponentScan.Filter(type = FilterType.REGEX, pattern = "org.baeldung.voter.*"), @ComponentScan.Filter(type = FilterType.REGEX, pattern = "org.baeldung.multiplelogin.*") })
+@ComponentScan(excludeFilters = { @ComponentScan.Filter(type = FilterType.REGEX, pattern = "org.baeldung.voter.*"), @ComponentScan.Filter(type = FilterType.REGEX, pattern = "org.baeldung.multiplelogin.*"),
+        @ComponentScan.Filter(type = FilterType.REGEX, pattern = "org.baeldung.multipleentrypoints.*") })
 public class Application extends SpringBootServletInitializer {
     public static void main(String[] args) {
         SpringApplication.run(Application.class, args);

spring-security-mvc-boot/src/main/java/org/baeldung/multipleentrypoints/MultipleEntryPointsApplication.java

@@ -0,0 +1,12 @@
+package org.baeldung.multipleentrypoints;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+// @ImportResource({"classpath*:spring-security-multiple-entry.xml"})
+public class MultipleEntryPointsApplication {
+    public static void main(String[] args) {
+        SpringApplication.run(MultipleEntryPointsApplication.class, args);
+    }
+}

spring-security-mvc-boot/src/main/java/org/baeldung/multipleentrypoints/MultipleEntryPointsSecurityConfig.java

@@ -0,0 +1,79 @@
+package org.baeldung.multipleentrypoints;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+
+@Configuration
+@EnableWebSecurity
+public class MultipleEntryPointsSecurityConfig {
+
+    @Bean
+    public UserDetailsService userDetailsService() throws Exception {
+        InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
+        manager.createUser(User.withUsername("user").password("userPass").roles("USER").build());
+        manager.createUser(User.withUsername("admin").password("adminPass").roles("ADMIN").build());
+        return manager;
+    }
+
+    @Configuration
+    @Order(1)
+    public static class App1ConfigurationAdapter extends WebSecurityConfigurerAdapter {
+
+        public App1ConfigurationAdapter() {
+            super();
+        }
+
+        @Override
+        protected void configure(HttpSecurity http) throws Exception {
+            //@formatter:off
+            http.antMatcher("/admin/**")
+                .authorizeRequests().anyRequest().hasRole("ADMIN")
+                .and().httpBasic()
+                .and().exceptionHandling().accessDeniedPage("/403");
+            //@formatter:on
+        }
+    }
+
+    @Configuration
+    @Order(2)
+    public static class App2ConfigurationAdapter extends WebSecurityConfigurerAdapter {
+
+        public App2ConfigurationAdapter() {
+            super();
+        }
+
+        protected void configure(HttpSecurity http) throws Exception {
+            //@formatter:off
+            http.antMatcher("/user/**")
+                .authorizeRequests().anyRequest().hasRole("USER")              
+                .and().formLogin().loginPage("/userLogin").loginProcessingUrl("/user/login")
+                .failureUrl("/userLogin?error=loginError").defaultSuccessUrl("/user/myUserPage")
+                .and().logout().logoutUrl("/user/logout").logoutSuccessUrl("/multipleHttpLinks")
+                .deleteCookies("JSESSIONID")
+                .and().exceptionHandling().accessDeniedPage("/403")
+                .and().csrf().disable();
+            //@formatter:on
+        }
+    }
+
+    @Configuration
+    @Order(3)
+    public static class App3ConfigurationAdapter extends WebSecurityConfigurerAdapter {
+
+        public App3ConfigurationAdapter() {
+            super();
+        }
+
+        protected void configure(HttpSecurity http) throws Exception {
+            http.antMatcher("/guest/**").authorizeRequests().anyRequest().permitAll();
+        }
+    }
+
+}

spring-security-mvc-boot/src/main/java/org/baeldung/multipleentrypoints/PagesController.java

@@ -0,0 +1,38 @@
+package org.baeldung.multipleentrypoints;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+@Controller
+public class PagesController {
+
+    @RequestMapping("/multipleHttpLinks")
+    public String getMultipleHttpLinksPage() {
+        return "multipleHttpElems/multipleHttpLinks";
+    }
+
+    @RequestMapping("/admin/myAdminPage")
+    public String getAdminPage() {
+        return "multipleHttpElems/myAdminPage";
+    }
+
+    @RequestMapping("/user/myUserPage")
+    public String getUserPage() {
+        return "multipleHttpElems/myUserPage";
+    }
+
+    @RequestMapping("/guest/myGuestPage")
+    public String getGuestPage() {
+        return "multipleHttpElems/myGuestPage";
+    }
+
+    @RequestMapping("/userLogin")
+    public String getUserLoginPage() {
+        return "multipleHttpElems/login";
+    }
+
+    @RequestMapping("/403")
+    public String getAccessDeniedPage() {
+        return "403";
+    }
+}

spring-security-mvc-boot/src/main/resources/spring-security-multiple-entry.xml

@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:security="http://www.springframework.org/schema/security"
+	xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.1.xsd
+		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
+
+    <security:authentication-manager>
+        <security:authentication-provider>
+            <security:user-service>
+                <security:user name="user" password="userPass" authorities="ROLE_USER"/>
+                <security:user name="admin" password="adminPass" authorities="ROLE_ADMIN"/>
+            </security:user-service>
+        </security:authentication-provider>
+    </security:authentication-manager>
+    
+    <security:http pattern="/user/**" use-expressions="true" auto-config="true">
+        <security:intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>
+        <security:form-login login-page="/userLogin" login-processing-url="/user/login" 
+          authentication-failure-url="/userLogin?error=loginError"
+          default-target-url="/user/myUserPage"/>
+        <security:csrf disabled="true"/>
+        <security:access-denied-handler error-page="/403"/>
+        <security:logout logout-url="/user/logout" delete-cookies="JSESSIONID" logout-success-url="/multipleHttpLinks"/>
+    </security:http>
+    
+    <security:http pattern="/admin/**" use-expressions="true" auto-config="true">
+        <security:intercept-url pattern="/**" access="hasRole('ROLE_ADMIN')"/>
+        <security:http-basic/>
+        <security:access-denied-handler error-page="/403"/>
+     </security:http>
+    
+     <security:http pattern="/**" use-expressions="true" auto-config="true">
+        <security:intercept-url pattern="/guest/**" access="permitAll()"/>  
+     </security:http>
+
+</beans>

spring-security-mvc-boot/src/main/resources/templates/multipleHttpElems/login.html

@@ -0,0 +1,27 @@
+<html>
+<head></head>
+
+<body>
+    <h1>Login</h1>
+
+    <form name='f' action="user/login" method='POST'>
+
+        <table>
+            <tr>
+                <td>Username:</td>
+                <td><input type="text" name="username" /></td>
+            </tr>
+            <tr>
+                <td>Password:</td>
+                <td><input type="password" name="password" /></td>
+            </tr>
+			
+            <tr>
+                <td><input name="submit" type="submit" value="submit" /></td>
+            </tr>
+        </table>
+
+    </form>
+
+</body>
+</html>

spring-security-mvc-boot/src/main/resources/templates/multipleHttpElems/multipleHttpLinks.html

@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta charset="ISO-8859-1" />
+<title>Multiple Http Elements Links</title>
+</head>
+<body>
+
+<a th:href="@{/admin/myAdminPage}">Admin page</a>
+<br />
+<a th:href="@{/user/myUserPage}">User page</a>
+<br />
+<a th:href="@{/guest/myGuestPage}">Guest page</a>
+
+</body>
+</html>

spring-security-mvc-boot/src/main/resources/templates/multipleHttpElems/myAdminPage.html

@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta charset="ISO-8859-1" />
+<title>Admin Page</title>
+</head>
+<body>
+Welcome admin!
+
+<br /><br />
+<a th:href="@{/multipleHttpLinks}" >Back to links</a>
+</body>
+</html>

spring-security-mvc-boot/src/main/resources/templates/multipleHttpElems/myGuestPage.html

@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta charset="ISO-8859-1" />
+<title>Guest Page</title>
+</head>
+<body>
+Welcome guest!
+
+<br /><br />
+<a th:href="@{/multipleHttpLinks}" >Back to links</a>
+</body>
+</html>

spring-security-mvc-boot/src/main/resources/templates/multipleHttpElems/myUserPage.html

@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta charset="ISO-8859-1" />
+<title>User Page</title>
+</head>
+<body>
+Welcome user! <a th:href="@{/user/logout}" >Logout</a>
+
+<br /><br />
+<a th:href="@{/multipleHttpLinks}" >Back to links</a>
+</body>
+</html>

spring-security-mvc-boot/src/test/java/org/baeldung/web/MultipleEntryPointsTest.java

@@ -0,0 +1,64 @@
+package org.baeldung.web;
+
+import org.baeldung.multipleentrypoints.MultipleEntryPointsApplication;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.security.web.FilterChainProxy;
+import org.springframework.test.context.junit4.SpringRunner;
+import org.springframework.test.context.web.WebAppConfiguration;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.setup.MockMvcBuilders;
+import org.springframework.web.context.WebApplicationContext;
+
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.*;
+
+@RunWith(SpringRunner.class)
+@WebAppConfiguration
+@SpringBootTest(classes = MultipleEntryPointsApplication.class)
+public class MultipleEntryPointsTest {
+    @Autowired
+    private WebApplicationContext wac;
+
+    @Autowired
+    private FilterChainProxy springSecurityFilterChain;
+
+    private MockMvc mockMvc;
+
+    @Before
+    public void setup() {
+        this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).addFilter(springSecurityFilterChain).build();
+    }
+
+    @Test
+    public void whenTestAdminCredentials_thenOk() throws Exception {
+        mockMvc.perform(get("/admin/myAdminPage")).andExpect(status().isUnauthorized());
+
+        mockMvc.perform(get("/admin/myAdminPage").with(httpBasic("admin", "adminPass"))).andExpect(status().isOk());
+
+        mockMvc.perform(get("/user/myUserPage").with(user("admin").password("adminPass").roles("ADMIN"))).andExpect(status().isForbidden());
+
+    }
+
+    @Test
+    public void whenTestUserCredentials_thenOk() throws Exception {
+        mockMvc.perform(get("/user/myUserPage")).andExpect(status().isFound());
+
+        mockMvc.perform(get("/user/myUserPage").with(user("user").password("userPass").roles("USER"))).andExpect(status().isOk());
+
+        mockMvc.perform(get("/admin/myAdminPage").with(user("user").password("userPass").roles("USER"))).andExpect(status().isForbidden());
+    }
+
+    @Test
+    public void givenAnyUser_whenGetGuestPage_thenOk() throws Exception {
+        mockMvc.perform(get("/guest/myGuestPage")).andExpect(status().isOk());
+
+        mockMvc.perform(get("/guest/myGuestPage").with(user("user").password("userPass").roles("USER"))).andExpect(status().isOk());
+
+        mockMvc.perform(get("/guest/myGuestPage").with(httpBasic("admin", "adminPass"))).andExpect(status().isOk());
+    }
+}