From 0ee48a7d92d100a6164ee425abdb0dfdde1b4745 Mon Sep 17 00:00:00 2001 From: Sandip Singh Date: Mon, 22 Oct 2018 09:05:47 +0530 Subject: [PATCH] BAEL-2262 Removed the Basic Authentication from the HttpsEnabledApplication. --- .../java/org/baeldung/ssl/SecurityConfig.java | 26 +++---------------- .../web/HttpsApplicationIntegrationTest.java | 19 +++----------- 2 files changed, 7 insertions(+), 38 deletions(-) diff --git a/spring-security-mvc-boot/src/main/java/org/baeldung/ssl/SecurityConfig.java b/spring-security-mvc-boot/src/main/java/org/baeldung/ssl/SecurityConfig.java index 98a59b11bb..92f92d8fc7 100644 --- a/spring-security-mvc-boot/src/main/java/org/baeldung/ssl/SecurityConfig.java +++ b/spring-security-mvc-boot/src/main/java/org/baeldung/ssl/SecurityConfig.java @@ -1,36 +1,16 @@ package org.baeldung.ssl; -import org.springframework.context.annotation.Bean; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; -import org.springframework.security.crypto.password.PasswordEncoder; @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { - @Override - public void configure(AuthenticationManagerBuilder auth) throws Exception { - - auth.inMemoryAuthentication() - .withUser("memuser") - .password(passwordEncoder().encode("pass")) - .roles("USER"); - } - @Override protected void configure(HttpSecurity http) throws Exception { - http.httpBasic() - .and() - .authorizeRequests() - .antMatchers("/**") - .authenticated(); - } - - @Bean - public PasswordEncoder passwordEncoder() { - return new BCryptPasswordEncoder(); + http.authorizeRequests() + .antMatchers("/**") + .permitAll(); } } diff --git a/spring-security-mvc-boot/src/test/java/org/baeldung/web/HttpsApplicationIntegrationTest.java b/spring-security-mvc-boot/src/test/java/org/baeldung/web/HttpsApplicationIntegrationTest.java index 63b421604a..fe7883ec94 100644 --- a/spring-security-mvc-boot/src/test/java/org/baeldung/web/HttpsApplicationIntegrationTest.java +++ b/spring-security-mvc-boot/src/test/java/org/baeldung/web/HttpsApplicationIntegrationTest.java @@ -10,14 +10,15 @@ import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Value; import org.springframework.boot.test.context.SpringBootTest; import org.springframework.core.io.Resource; -import org.springframework.http.*; +import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; import org.springframework.http.client.HttpComponentsClientHttpRequestFactory; import org.springframework.test.context.ActiveProfiles; import org.springframework.test.context.junit4.SpringRunner; import org.springframework.web.client.RestTemplate; import javax.net.ssl.SSLContext; -import java.util.Base64; +import java.util.Collections; import static org.junit.Assert.assertEquals; @@ -36,7 +37,7 @@ public class HttpsApplicationIntegrationTest { @Test public void whenGETanHTTPSResource_thenCorrectResponse() throws Exception { - ResponseEntity response = restTemplate().exchange(WELCOME_URL, HttpMethod.GET, new HttpEntity(withAuthorization("memuser", "pass")), String.class); + ResponseEntity response = restTemplate().getForEntity(WELCOME_URL, String.class, Collections.emptyMap()); assertEquals("

Welcome to Secured Site

", response.getBody()); assertEquals(HttpStatus.OK, response.getStatusCode()); @@ -52,16 +53,4 @@ public class HttpsApplicationIntegrationTest { HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory(httpClient); return new RestTemplate(factory); } - - HttpHeaders withAuthorization(String userName, String password) { - return new HttpHeaders() { - { - String auth = userName + ":" + password; - String authHeader = "Basic " + new String(Base64.getEncoder() - .encode(auth.getBytes())); - set("Authorization", authHeader); - } - }; - } - }