some security work and doc cleanup

spring-security-login/README.md

@@ -1,7 +1,14 @@
 =========
 
-Relevant Articles: 
+## Spring Security Login Tutorial
+
+
+### Build the Project
+```
+mvn clean install
+```
+
+
+### Relevant Articles: 
 - [Spring Security Form Login](http://www.baeldung.com/spring-security-login)
 - [Spring Security Logout](http://www.baeldung.com/spring-security-logout)
-
-

spring-security-rest-full/README.md

@@ -1 +1,16 @@
 =========
+
+## Spring Security REST Tutorial
+
+
+### Build the Project
+```
+mvn clean install
+```
+
+
+### Use the REST Service
+
+```
+curl http://localhost:8080/spring-security-rest-full/foos
+```

spring-security-rest-full/src/main/java/org/baeldung/persistence/service/impl/FooService.java

@@ -1,14 +1,19 @@
 package org.baeldung.persistence.service.impl;
 
+import java.util.List;
+
 import org.baeldung.persistence.dao.IFooDao;
 import org.baeldung.persistence.model.Foo;
 import org.baeldung.persistence.service.IFooService;
 import org.baeldung.persistence.service.common.AbstractService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.repository.PagingAndSortingRepository;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
+import com.google.common.collect.Lists;
+
 @Service
 @Transactional
 public class FooService extends AbstractService<Foo> implements IFooService {
@@ -27,4 +32,13 @@ public class FooService extends AbstractService<Foo> implements IFooService {
         return dao;
     }
 
+    // overridden to be secured
+
+    @Override
+    @Transactional(readOnly = true)
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    public List<Foo> findAll() {
+        return Lists.newArrayList(getDao().findAll());
+    }
+
 }

spring-security-rest-full/src/main/java/org/baeldung/web/controller/FooController.java

@@ -1,6 +1,7 @@
 package org.baeldung.web.controller;
 
 import java.net.URI;
+import java.util.List;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -41,12 +42,20 @@ public class FooController {
 
     // API
 
+    // read
+
     @RequestMapping(value = "/{id}", method = RequestMethod.GET)
     @ResponseBody
     public Foo findOne(@PathVariable("id") final Long id, final UriComponentsBuilder uriBuilder, final HttpServletResponse response) {
         return service.findOne(id);
     }
 
+    @RequestMapping(method = RequestMethod.GET)
+    @ResponseBody
+    public List<Foo> findAll() {
+        return service.findAll();
+    }
+
     @RequestMapping(value = "admin/foo/{id}", method = RequestMethod.GET)
     @ResponseBody
     public Foo get(@PathVariable("id") final Long id, final HttpServletRequest request, final HttpServletResponse response) {
@@ -56,15 +65,6 @@ public class FooController {
         return resourceById;
     }
 
-    @RequestMapping(value = "admin/foo", method = RequestMethod.POST)
-    @ResponseStatus(HttpStatus.CREATED)
-    public void create(@RequestBody final Foo resource, final HttpServletRequest request, final HttpServletResponse response) {
-        Preconditions.checkNotNull(resource);
-        final Long idOfCreatedResource = service.create(resource).getId();
-
-        eventPublisher.publishEvent(new ResourceCreated(this, request, response, idOfCreatedResource));
-    }
-
     @RequestMapping(value = "admin", method = RequestMethod.GET)
     @ResponseStatus(value = HttpStatus.NO_CONTENT)
     public void adminRoot(final HttpServletRequest request, final HttpServletResponse response) {
@@ -74,4 +74,16 @@ public class FooController {
         final String linkToFoo = LinkUtil.createLinkHeader(fooUri.toASCIIString(), "collection");
         response.addHeader("Link", linkToFoo);
     }
+
+    // write
+
+    @RequestMapping(value = "admin/foo", method = RequestMethod.POST)
+    @ResponseStatus(HttpStatus.CREATED)
+    public void create(@RequestBody final Foo resource, final HttpServletRequest request, final HttpServletResponse response) {
+        Preconditions.checkNotNull(resource);
+        final Long idOfCreatedResource = service.create(resource).getId();
+
+        eventPublisher.publishEvent(new ResourceCreated(this, request, response, idOfCreatedResource));
+    }
+
 }

spring-security-rest-full/src/main/resources/webSecurityConfig.xml

@@ -1,25 +1,26 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<beans:beans xmlns="http://www.springframework.org/schema/security"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"
-	xsi:schemaLocation="
+<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"
+    xsi:schemaLocation="
 		http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
 		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd">
 
-	<http pattern="/securityNone" security="none" />
+    <http pattern="/securityNone" security="none" />
 
-	<http use-expressions="true">
-		<intercept-url pattern="/**" access="isAuthenticated()" />
+    <http use-expressions="true">
+        <intercept-url pattern="/**" access="isAuthenticated()" />
 
-		<http-basic />
+        <http-basic />
 
-	</http>
+    </http>
 
-	<authentication-manager>
-		<authentication-provider>
-			<user-service>
-				<user name="user1" password="user1Pass" authorities="ROLE_USER" />
-			</user-service>
-		</authentication-provider>
-	</authentication-manager>
+    <authentication-manager>
+        <authentication-provider>
+            <user-service>
+                <user name="user1" password="user1Pass" authorities="ROLE_USER" />
+            </user-service>
+        </authentication-provider>
+    </authentication-manager>
+
+    <global-method-security pre-post-annotations="enabled" />
 
 </beans:beans>