From 0d5a18622d75b3fa8162c05bede6683789396871 Mon Sep 17 00:00:00 2001 From: sampadawagde Date: Thu, 9 Jul 2020 18:03:55 +0530 Subject: [PATCH] BAEL-4019: moved code to existing module apache-shiro --- apache-shiro/pom.xml | 11 ++- .../java/com/baeldung/shiro/CustomRealm.java | 96 ++++++++++++++++++ .../com/baeldung/shiro/ShiroApplication.java | 33 +++++++ .../shiro/controllers/ShiroController.java | 99 +++++++++++++++++++ .../shiro/models/UserCredentials.java | 28 ++++++ .../baeldung/springsecurity/Application.java | 19 ++++ .../springsecurity/config/SecurityConfig.java | 45 +++++++++ .../springsecurity/web/SpringController.java | 79 +++++++++++++++ .../resources/templates/comparison/home.ftl | 19 ++++ .../resources/templates/comparison/index.ftl | 10 ++ .../resources/templates/comparison/login.ftl | 25 +++++ .../com/baeldung/shiro/SpringContextTest.java | 18 ++++ .../springsecurity/SpringContextTest.java | 17 ++++ 13 files changed, 498 insertions(+), 1 deletion(-) create mode 100644 apache-shiro/src/main/java/com/baeldung/shiro/CustomRealm.java create mode 100644 apache-shiro/src/main/java/com/baeldung/shiro/ShiroApplication.java create mode 100644 apache-shiro/src/main/java/com/baeldung/shiro/controllers/ShiroController.java create mode 100644 apache-shiro/src/main/java/com/baeldung/shiro/models/UserCredentials.java create mode 100644 apache-shiro/src/main/java/com/baeldung/springsecurity/Application.java create mode 100644 apache-shiro/src/main/java/com/baeldung/springsecurity/config/SecurityConfig.java create mode 100644 apache-shiro/src/main/java/com/baeldung/springsecurity/web/SpringController.java create mode 100644 apache-shiro/src/main/resources/templates/comparison/home.ftl create mode 100644 apache-shiro/src/main/resources/templates/comparison/index.ftl create mode 100644 apache-shiro/src/main/resources/templates/comparison/login.ftl create mode 100644 apache-shiro/src/test/java/com/baeldung/shiro/SpringContextTest.java create mode 100644 apache-shiro/src/test/java/com/baeldung/springsecurity/SpringContextTest.java diff --git a/apache-shiro/pom.xml b/apache-shiro/pom.xml index 3df6283437..59bb91d400 100644 --- a/apache-shiro/pom.xml +++ b/apache-shiro/pom.xml @@ -39,10 +39,19 @@ jcl-over-slf4j runtime + + + org.springframework.boot + spring-boot-starter-web + + + org.springframework.boot + spring-boot-starter-security + - 1.4.0 + 1.5.3 1.2.17 diff --git a/apache-shiro/src/main/java/com/baeldung/shiro/CustomRealm.java b/apache-shiro/src/main/java/com/baeldung/shiro/CustomRealm.java new file mode 100644 index 0000000000..f1daed45aa --- /dev/null +++ b/apache-shiro/src/main/java/com/baeldung/shiro/CustomRealm.java @@ -0,0 +1,96 @@ +package com.baeldung.shiro; + +import java.sql.Connection; +import java.sql.SQLException; +import java.util.Arrays; +import java.util.Collection; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Map; +import java.util.Set; + +import org.apache.shiro.authc.AuthenticationException; +import org.apache.shiro.authc.AuthenticationInfo; +import org.apache.shiro.authc.AuthenticationToken; +import org.apache.shiro.authc.SimpleAuthenticationInfo; +import org.apache.shiro.authc.UnknownAccountException; +import org.apache.shiro.authc.UsernamePasswordToken; +import org.apache.shiro.authz.AuthorizationInfo; +import org.apache.shiro.authz.SimpleAuthorizationInfo; +import org.apache.shiro.realm.jdbc.JdbcRealm; +import org.apache.shiro.subject.PrincipalCollection; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class CustomRealm extends JdbcRealm { + + private Logger logger = LoggerFactory.getLogger(CustomRealm.class); + + private Map credentials = new HashMap<>(); + private Map> roles = new HashMap<>(); + private Map> permissions = new HashMap<>(); + + { + credentials.put("Tom", "password"); + credentials.put("Jerry", "password"); + + roles.put("Jerry", new HashSet<>(Arrays.asList("ADMIN"))); + roles.put("Tom", new HashSet<>(Arrays.asList("USER"))); + + permissions.put("ADMIN", new HashSet<>(Arrays.asList("READ", "WRITE"))); + permissions.put("USER", new HashSet<>(Arrays.asList("READ"))); + } + + @Override + protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { + + UsernamePasswordToken userToken = (UsernamePasswordToken) token; + + if (userToken.getUsername() == null || userToken.getUsername() + .isEmpty() || !credentials.containsKey(userToken.getUsername())) { + throw new UnknownAccountException("User doesn't exist"); + } + + return new SimpleAuthenticationInfo(userToken.getUsername(), credentials.get(userToken.getUsername()), getName()); + } + + @Override + protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { + Set roles = new HashSet<>(); + Set permissions = new HashSet<>(); + + for (Object user : principals) { + try { + roles.addAll(getRoleNamesForUser(null, (String) user)); + permissions.addAll(getPermissions(null, null, roles)); + } catch (SQLException e) { + logger.error(e.getMessage()); + } + } + SimpleAuthorizationInfo authInfo = new SimpleAuthorizationInfo(roles); + authInfo.setStringPermissions(permissions); + return authInfo; + } + + @Override + protected Set getRoleNamesForUser(Connection conn, String username) throws SQLException { + if (!roles.containsKey(username)) { + throw new SQLException("User doesn't exist"); + } + return roles.get(username); + } + + @Override + protected Set getPermissions(Connection conn, String username, Collection roles) throws SQLException { + Set userPermissions = new HashSet<>(); + + for (String role : roles) { + if (!permissions.containsKey(role)) { + throw new SQLException("Role doesn't exist"); + } + userPermissions.addAll(permissions.get(role)); + } + return userPermissions; + } + +} diff --git a/apache-shiro/src/main/java/com/baeldung/shiro/ShiroApplication.java b/apache-shiro/src/main/java/com/baeldung/shiro/ShiroApplication.java new file mode 100644 index 0000000000..f383382c86 --- /dev/null +++ b/apache-shiro/src/main/java/com/baeldung/shiro/ShiroApplication.java @@ -0,0 +1,33 @@ +package com.baeldung.shiro; + +import org.apache.shiro.realm.Realm; +import org.apache.shiro.spring.web.config.DefaultShiroFilterChainDefinition; +import org.apache.shiro.spring.web.config.ShiroFilterChainDefinition; +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration; +import org.springframework.context.annotation.Bean; + +@SpringBootApplication(exclude = SecurityAutoConfiguration.class) +public class ShiroApplication { + + public static void main(String... args) { + SpringApplication.run(ShiroApplication.class, args); + } + + @Bean + public Realm customRealm() { + return new CustomRealm(); + } + + @Bean + public ShiroFilterChainDefinition shiroFilterChainDefinition() { + DefaultShiroFilterChainDefinition filter = new DefaultShiroFilterChainDefinition(); + + filter.addPathDefinition("/home", "authc"); + filter.addPathDefinition("/**", "anon"); + + return filter; + } + +} diff --git a/apache-shiro/src/main/java/com/baeldung/shiro/controllers/ShiroController.java b/apache-shiro/src/main/java/com/baeldung/shiro/controllers/ShiroController.java new file mode 100644 index 0000000000..7205c44173 --- /dev/null +++ b/apache-shiro/src/main/java/com/baeldung/shiro/controllers/ShiroController.java @@ -0,0 +1,99 @@ +package com.baeldung.shiro.controllers; + +import javax.servlet.http.HttpServletRequest; + +import org.apache.shiro.SecurityUtils; +import org.apache.shiro.authc.AuthenticationException; +import org.apache.shiro.authc.UsernamePasswordToken; +import org.apache.shiro.subject.Subject; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.stereotype.Controller; +import org.springframework.ui.Model; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.servlet.mvc.support.RedirectAttributes; + +import com.baeldung.shiro.models.UserCredentials; + +@Controller +public class ShiroController { + + private Logger logger = LoggerFactory.getLogger(ShiroController.class); + + @GetMapping("/") + public String getIndex() { + return "comparison/index"; + } + + @GetMapping("/login") + public String showLoginPage() { + return "comparison/login"; + } + + @PostMapping("/login") + public String doLogin(HttpServletRequest req, UserCredentials credentials, RedirectAttributes attr) { + + Subject subject = SecurityUtils.getSubject(); + + if (!subject.isAuthenticated()) { + UsernamePasswordToken token = new UsernamePasswordToken(credentials.getUsername(), credentials.getPassword()); + try { + subject.login(token); + } catch (AuthenticationException ae) { + logger.error(ae.getMessage()); + attr.addFlashAttribute("error", "Invalid Credentials"); + return "redirect:/login"; + } + } + return "redirect:/home"; + } + + @GetMapping("/home") + public String getMeHome(Model model) { + + addUserAttributes(model); + + return "comparison/home"; + } + + @GetMapping("/admin") + public String adminOnly(Model model) { + addUserAttributes(model); + + Subject currentUser = SecurityUtils.getSubject(); + if (currentUser.hasRole("ADMIN")) { + model.addAttribute("adminContent", "only admin can view this"); + } + return "comparison/home"; + } + + @PostMapping("/logout") + public String logout() { + Subject subject = SecurityUtils.getSubject(); + subject.logout(); + return "redirect:/"; + } + + private void addUserAttributes(Model model) { + Subject currentUser = SecurityUtils.getSubject(); + String permission = ""; + + if (currentUser.hasRole("ADMIN")) { + model.addAttribute("role", "ADMIN"); + } else if (currentUser.hasRole("USER")) { + model.addAttribute("role", "USER"); + } + + if (currentUser.isPermitted("READ")) { + permission = permission + " READ"; + } + + if (currentUser.isPermitted("WRITE")) { + permission = permission + " WRITE"; + } + model.addAttribute("username", currentUser.getPrincipal()); + model.addAttribute("permission", permission); + } + +} diff --git a/apache-shiro/src/main/java/com/baeldung/shiro/models/UserCredentials.java b/apache-shiro/src/main/java/com/baeldung/shiro/models/UserCredentials.java new file mode 100644 index 0000000000..5dbafa30ec --- /dev/null +++ b/apache-shiro/src/main/java/com/baeldung/shiro/models/UserCredentials.java @@ -0,0 +1,28 @@ +package com.baeldung.shiro.models; + +public class UserCredentials { + + private String username; + private String password; + + public String getUsername() { + return username; + } + + public void setUsername(String username) { + this.username = username; + } + + public String getPassword() { + return password; + } + + public void setPassword(String password) { + this.password = password; + } + + @Override + public String toString() { + return "username = " + getUsername(); + } +} diff --git a/apache-shiro/src/main/java/com/baeldung/springsecurity/Application.java b/apache-shiro/src/main/java/com/baeldung/springsecurity/Application.java new file mode 100644 index 0000000000..61adfb9cb6 --- /dev/null +++ b/apache-shiro/src/main/java/com/baeldung/springsecurity/Application.java @@ -0,0 +1,19 @@ +package com.baeldung.springsecurity; + +import org.apache.shiro.spring.boot.autoconfigure.ShiroAnnotationProcessorAutoConfiguration; +import org.apache.shiro.spring.boot.autoconfigure.ShiroAutoConfiguration; +import org.apache.shiro.spring.config.web.autoconfigure.ShiroWebAutoConfiguration; +import org.apache.shiro.spring.config.web.autoconfigure.ShiroWebFilterConfiguration; +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; + +@SpringBootApplication(exclude = {ShiroAutoConfiguration.class, + ShiroAnnotationProcessorAutoConfiguration.class, + ShiroWebAutoConfiguration.class, + ShiroWebFilterConfiguration.class}) +public class Application { + + public static void main(String[] args) { + SpringApplication.run(Application.class, args); + } +} \ No newline at end of file diff --git a/apache-shiro/src/main/java/com/baeldung/springsecurity/config/SecurityConfig.java b/apache-shiro/src/main/java/com/baeldung/springsecurity/config/SecurityConfig.java new file mode 100644 index 0000000000..3fa5632db9 --- /dev/null +++ b/apache-shiro/src/main/java/com/baeldung/springsecurity/config/SecurityConfig.java @@ -0,0 +1,45 @@ +package com.baeldung.springsecurity.config; + +import org.springframework.context.annotation.Bean; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.crypto.password.PasswordEncoder; + +@EnableWebSecurity +public class SecurityConfig extends WebSecurityConfigurerAdapter { + + @Override + protected void configure(HttpSecurity http) throws Exception { + http.csrf().disable().authorizeRequests(authorize -> authorize.antMatchers("/index", "/login") + .permitAll() + .antMatchers("/home", "/logout") + .authenticated() + .antMatchers("/admin/**") + .hasRole("ADMIN")) + .formLogin(formLogin -> formLogin.loginPage("/login") + .failureUrl("/login-error")); + } + + @Override + protected void configure(AuthenticationManagerBuilder auth) throws Exception { + auth.inMemoryAuthentication() + .withUser("Jerry") + .password(passwordEncoder().encode("password")) + .authorities("READ", "WRITE") + .roles("ADMIN") + .and() + .withUser("Tom") + .password(passwordEncoder().encode("password")) + .authorities("READ") + .roles("USER"); + } + + @Bean + public PasswordEncoder passwordEncoder() { + return new BCryptPasswordEncoder(); + } + +} diff --git a/apache-shiro/src/main/java/com/baeldung/springsecurity/web/SpringController.java b/apache-shiro/src/main/java/com/baeldung/springsecurity/web/SpringController.java new file mode 100644 index 0000000000..1bde241bf9 --- /dev/null +++ b/apache-shiro/src/main/java/com/baeldung/springsecurity/web/SpringController.java @@ -0,0 +1,79 @@ +package com.baeldung.springsecurity.web; + +import java.util.Collection; + +import javax.servlet.http.HttpServletRequest; + +import org.springframework.security.authentication.AnonymousAuthenticationToken; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.core.userdetails.User; +import org.springframework.stereotype.Controller; +import org.springframework.ui.Model; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestMapping; + +@Controller +public class SpringController { + + @GetMapping("/") + public String getIndex() { + return "comparison/index"; + } + + @GetMapping("/login") + public String showLoginPage() { + return "comparison/login"; + } + + @RequestMapping("/login-error") + public String loginError(Model model) { + model.addAttribute("error", "Invalid Credentials"); + return "comparison/login"; + } + + @PostMapping("/login") + public String doLogin(HttpServletRequest req) { + return "redirect:/home"; + } + + @GetMapping("/home") + public String showHomePage(HttpServletRequest req, Model model) { + addUserAttributes(model); + return "comparison/home"; + } + + @GetMapping("/admin") + public String adminOnly(HttpServletRequest req, Model model) { + addUserAttributes(model); + model.addAttribute("adminContent", "only admin can view this"); + return "comparison/home"; + } + + private void addUserAttributes(Model model) { + Authentication auth = SecurityContextHolder.getContext() + .getAuthentication(); + if (auth != null && !auth.getClass() + .equals(AnonymousAuthenticationToken.class)) { + User user = (User) auth.getPrincipal(); + model.addAttribute("username", user.getUsername()); + + Collection authorities = user.getAuthorities(); + + for (GrantedAuthority authority : authorities) { + if (authority.getAuthority() + .contains("USER")) { + model.addAttribute("role", "USER"); + model.addAttribute("permission", "READ"); + } else if (authority.getAuthority() + .contains("ADMIN")) { + model.addAttribute("role", "ADMIN"); + model.addAttribute("permission", "READ WRITE"); + } + } + } + } + +} diff --git a/apache-shiro/src/main/resources/templates/comparison/home.ftl b/apache-shiro/src/main/resources/templates/comparison/home.ftl new file mode 100644 index 0000000000..37eb3d1812 --- /dev/null +++ b/apache-shiro/src/main/resources/templates/comparison/home.ftl @@ -0,0 +1,19 @@ + + + Home Page + + +

Welcome ${username}!

+

Role: ${role}

+

Permissions

+

${permission}

+Admin only +<#if adminContent??> + ${adminContent} + +
+
+ +
+ + \ No newline at end of file diff --git a/apache-shiro/src/main/resources/templates/comparison/index.ftl b/apache-shiro/src/main/resources/templates/comparison/index.ftl new file mode 100644 index 0000000000..8f35c0af1b --- /dev/null +++ b/apache-shiro/src/main/resources/templates/comparison/index.ftl @@ -0,0 +1,10 @@ + + + Index + + +

Welcome Guest!

+
+ Go to the secured page + + \ No newline at end of file diff --git a/apache-shiro/src/main/resources/templates/comparison/login.ftl b/apache-shiro/src/main/resources/templates/comparison/login.ftl new file mode 100644 index 0000000000..7340f47204 --- /dev/null +++ b/apache-shiro/src/main/resources/templates/comparison/login.ftl @@ -0,0 +1,25 @@ + + + Login + + +

Login

+
+
+ <#if (error?length > 0)??> +

${error}

+ <#else> + + + +
+ +

+ +
+ +

+ +
+ + \ No newline at end of file diff --git a/apache-shiro/src/test/java/com/baeldung/shiro/SpringContextTest.java b/apache-shiro/src/test/java/com/baeldung/shiro/SpringContextTest.java new file mode 100644 index 0000000000..0b5e690403 --- /dev/null +++ b/apache-shiro/src/test/java/com/baeldung/shiro/SpringContextTest.java @@ -0,0 +1,18 @@ +package com.baeldung.shiro; + + +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.test.context.junit.jupiter.SpringExtension; + +@ExtendWith(SpringExtension.class) +@SpringBootTest(classes = { ShiroApplication.class }) +public class SpringContextTest { + + @Test + public void whenSpringContextIsBootstrapped_thenNoExceptions() { + + } + +} \ No newline at end of file diff --git a/apache-shiro/src/test/java/com/baeldung/springsecurity/SpringContextTest.java b/apache-shiro/src/test/java/com/baeldung/springsecurity/SpringContextTest.java new file mode 100644 index 0000000000..a3adfa30c4 --- /dev/null +++ b/apache-shiro/src/test/java/com/baeldung/springsecurity/SpringContextTest.java @@ -0,0 +1,17 @@ +package com.baeldung.springsecurity; + +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.test.context.junit.jupiter.SpringExtension; + +@ExtendWith(SpringExtension.class) +@SpringBootTest(classes = { Application.class }) +public class SpringContextTest { + + @Test + public void whenSpringContextIsBootstrapped_thenNoExceptions() { + + } + +} \ No newline at end of file