BAEL-445: Update to the simple Spring Security hasRole example (#940)

* Add NDC and JBoss Logging to the demo application

* NDC for Log4j, Log4j2 and JBoss Logging

* Simplify NDC example by making it a single operation instead of two

* Make NDC example as RestController, Use JBoss Logging only as a logging bridge

* Fix merge conflicts in pull request - log-mdc pom.xml updated

* BAEL-445 Update to Spring security SpEL example

* BAEL-445: Change tabs to spaces in the updated code

spring-security-mvc-login/pom.xml

@@ -222,8 +222,8 @@
 
     <properties>
         <!-- Spring -->
-        <org.springframework.version>4.3.4.RELEASE</org.springframework.version>
+        <org.springframework.version>4.3.5.RELEASE</org.springframework.version>
-        <org.springframework.security.version>4.2.0.RELEASE</org.springframework.security.version>
+        <org.springframework.security.version>4.2.1.RELEASE</org.springframework.security.version>
 
         <!-- persistence -->
         <hibernate.version>5.2.5.Final</hibernate.version>

spring-security-mvc-login/src/main/java/org/baeldung/spring/MvcConfig.java

@@ -27,6 +27,7 @@ public class MvcConfig extends WebMvcConfigurerAdapter {
 
         registry.addViewController("/login.html");
         registry.addViewController("/homepage.html");
+        registry.addViewController("/admin/adminpage.html");
     }
 
     @Bean

spring-security-mvc-login/src/main/java/org/baeldung/spring/SecSecurityConfig.java

@@ -26,7 +26,9 @@ public class SecSecurityConfig extends WebSecurityConfigurerAdapter {
         auth.inMemoryAuthentication()
         .withUser("user1").password("user1Pass").roles("USER")
         .and()
-        .withUser("user2").password("user2Pass").roles("USER");
+        .withUser("user2").password("user2Pass").roles("USER")
+        .and()
+        .withUser("admin").password("adminPass").roles("ADMIN");
         // @formatter:on
     }
 
@@ -36,6 +38,7 @@ public class SecSecurityConfig extends WebSecurityConfigurerAdapter {
         http
         .csrf().disable()
         .authorizeRequests()
+        .antMatchers("/admin/**").hasRole("ADMIN")
         .antMatchers("/anonymous*").anonymous()
         .antMatchers("/login*").permitAll()
         .anyRequest().authenticated()

spring-security-mvc-login/src/main/resources/webSecurityConfig.xml

@@ -8,6 +8,7 @@
 >
 
     <http use-expressions="true">
+        <intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')"/>
         <intercept-url pattern="/anonymous*" access="isAnonymous()"/>
         <intercept-url pattern="/login*" access="permitAll"/>
         <intercept-url pattern="/**" access="isAuthenticated()"/>
@@ -27,6 +28,7 @@
             <user-service>
                 <user name="user1" password="user1Pass" authorities="ROLE_USER"/>
                 <user name="user2" password="user2Pass" authorities="ROLE_USER"/>
+                <user name="admin" password="adminPass" authorities="ROLE_ADMIN"/>
             </user-service>
         </authentication-provider>
     </authentication-manager>

spring-security-mvc-login/src/main/webapp/WEB-INF/view/admin/adminpage.jsp

@@ -0,0 +1,15 @@
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
+<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>
+<html>
+<head></head>
+
+<body>
+    <h1>This is the body of the sample admin page</h1>
+
+    This page is only visible to an admin
+    <br/>
+
+    <a href="<c:url value="/perform_logout" />">Logout</a>
+	
+</body>
+</html>

spring-security-mvc-login/src/main/webapp/WEB-INF/view/homepage.jsp

@@ -14,6 +14,8 @@
 	<security:authorize access="hasRole('ROLE_ADMIN')">
 		This text is only visible to an admin
 		<br/>
+        <a href="<c:url value="/admin/adminpage.html" />">Admin Page</a>
+        <br/>
 	</security:authorize>
 
 	<a href="<c:url value="/perform_logout" />">Logout</a>