From 08896d72bc25049417ba94e4b74bbdb3d621c812 Mon Sep 17 00:00:00 2001
From: Sunil Mogadati <sunil.mogadati@gmail.com>
Date: Thu, 29 Dec 2016 15:55:40 -0700
Subject: [PATCH] BAEL-445: Update to the simple Spring Security hasRole
 example (#940)

* Add NDC and JBoss Logging to the demo application

* NDC for Log4j, Log4j2 and JBoss Logging

* Simplify NDC example by making it a single operation instead of two

* Make NDC example as RestController, Use JBoss Logging only as a logging bridge

* Fix merge conflicts in pull request - log-mdc pom.xml updated

* BAEL-445 Update to Spring security SpEL example

* BAEL-445: Change tabs to spaces in the updated code
---
 spring-security-mvc-login/pom.xml                 |  4 ++--
 .../main/java/org/baeldung/spring/MvcConfig.java  |  1 +
 .../org/baeldung/spring/SecSecurityConfig.java    |  5 ++++-
 .../src/main/resources/webSecurityConfig.xml      |  2 ++
 .../main/webapp/WEB-INF/view/admin/adminpage.jsp  | 15 +++++++++++++++
 .../src/main/webapp/WEB-INF/view/homepage.jsp     |  2 ++
 6 files changed, 26 insertions(+), 3 deletions(-)
 create mode 100644 spring-security-mvc-login/src/main/webapp/WEB-INF/view/admin/adminpage.jsp

diff --git a/spring-security-mvc-login/pom.xml b/spring-security-mvc-login/pom.xml
index b7b64625e8..965f4fe1de 100644
--- a/spring-security-mvc-login/pom.xml
+++ b/spring-security-mvc-login/pom.xml
@@ -222,8 +222,8 @@
 
     <properties>
         <!-- Spring -->
-        <org.springframework.version>4.3.4.RELEASE</org.springframework.version>
-        <org.springframework.security.version>4.2.0.RELEASE</org.springframework.security.version>
+        <org.springframework.version>4.3.5.RELEASE</org.springframework.version>
+        <org.springframework.security.version>4.2.1.RELEASE</org.springframework.security.version>
 
         <!-- persistence -->
         <hibernate.version>5.2.5.Final</hibernate.version>
diff --git a/spring-security-mvc-login/src/main/java/org/baeldung/spring/MvcConfig.java b/spring-security-mvc-login/src/main/java/org/baeldung/spring/MvcConfig.java
index f6f3e2a429..02392df736 100644
--- a/spring-security-mvc-login/src/main/java/org/baeldung/spring/MvcConfig.java
+++ b/spring-security-mvc-login/src/main/java/org/baeldung/spring/MvcConfig.java
@@ -27,6 +27,7 @@ public class MvcConfig extends WebMvcConfigurerAdapter {
 
         registry.addViewController("/login.html");
         registry.addViewController("/homepage.html");
+        registry.addViewController("/admin/adminpage.html");
     }
 
     @Bean
diff --git a/spring-security-mvc-login/src/main/java/org/baeldung/spring/SecSecurityConfig.java b/spring-security-mvc-login/src/main/java/org/baeldung/spring/SecSecurityConfig.java
index 654c934fac..ae41a037cd 100644
--- a/spring-security-mvc-login/src/main/java/org/baeldung/spring/SecSecurityConfig.java
+++ b/spring-security-mvc-login/src/main/java/org/baeldung/spring/SecSecurityConfig.java
@@ -26,7 +26,9 @@ public class SecSecurityConfig extends WebSecurityConfigurerAdapter {
         auth.inMemoryAuthentication()
         .withUser("user1").password("user1Pass").roles("USER")
         .and()
-        .withUser("user2").password("user2Pass").roles("USER");
+        .withUser("user2").password("user2Pass").roles("USER")
+        .and()
+        .withUser("admin").password("adminPass").roles("ADMIN");
         // @formatter:on
     }
 
@@ -36,6 +38,7 @@ public class SecSecurityConfig extends WebSecurityConfigurerAdapter {
         http
         .csrf().disable()
         .authorizeRequests()
+        .antMatchers("/admin/**").hasRole("ADMIN")
         .antMatchers("/anonymous*").anonymous()
         .antMatchers("/login*").permitAll()
         .anyRequest().authenticated()
diff --git a/spring-security-mvc-login/src/main/resources/webSecurityConfig.xml b/spring-security-mvc-login/src/main/resources/webSecurityConfig.xml
index e8056dba6e..9c8fdea9ee 100644
--- a/spring-security-mvc-login/src/main/resources/webSecurityConfig.xml
+++ b/spring-security-mvc-login/src/main/resources/webSecurityConfig.xml
@@ -8,6 +8,7 @@
 >
 
     <http use-expressions="true">
+        <intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')"/>
         <intercept-url pattern="/anonymous*" access="isAnonymous()"/>
         <intercept-url pattern="/login*" access="permitAll"/>
         <intercept-url pattern="/**" access="isAuthenticated()"/>
@@ -27,6 +28,7 @@
             <user-service>
                 <user name="user1" password="user1Pass" authorities="ROLE_USER"/>
                 <user name="user2" password="user2Pass" authorities="ROLE_USER"/>
+                <user name="admin" password="adminPass" authorities="ROLE_ADMIN"/>
             </user-service>
         </authentication-provider>
     </authentication-manager>
diff --git a/spring-security-mvc-login/src/main/webapp/WEB-INF/view/admin/adminpage.jsp b/spring-security-mvc-login/src/main/webapp/WEB-INF/view/admin/adminpage.jsp
new file mode 100644
index 0000000000..813ef02d1d
--- /dev/null
+++ b/spring-security-mvc-login/src/main/webapp/WEB-INF/view/admin/adminpage.jsp
@@ -0,0 +1,15 @@
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
+<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>
+<html>
+<head></head>
+
+<body>
+    <h1>This is the body of the sample admin page</h1>
+
+    This page is only visible to an admin
+    <br/>
+
+    <a href="<c:url value="/perform_logout" />">Logout</a>
+	
+</body>
+</html>
\ No newline at end of file
diff --git a/spring-security-mvc-login/src/main/webapp/WEB-INF/view/homepage.jsp b/spring-security-mvc-login/src/main/webapp/WEB-INF/view/homepage.jsp
index 93f9dc2fbd..80f27f5466 100644
--- a/spring-security-mvc-login/src/main/webapp/WEB-INF/view/homepage.jsp
+++ b/spring-security-mvc-login/src/main/webapp/WEB-INF/view/homepage.jsp
@@ -14,6 +14,8 @@
 	<security:authorize access="hasRole('ROLE_ADMIN')">
 		This text is only visible to an admin
 		<br/>
+        <a href="<c:url value="/admin/adminpage.html" />">Admin Page</a>
+        <br/>
 	</security:authorize>
 
 	<a href="<c:url value="/perform_logout" />">Logout</a>