iSharkFly-Docs/java-tutorials
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

some security work and doc cleanup

Browse Source
This commit is contained in:
eugenp 2013-07-02 13:54:41 +03:00
parent 29608c0b36
commit 125073a9d9
5 changed files with 76 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
spring-security-login/README.md
View File

@ -1,7 +1,14 @@
========= =========
Relevant Articles: ## Spring Security Login Tutorial
### Build the Project
```
mvn clean install
```
### Relevant Articles:
- [Spring Security Form Login](http://www.baeldung.com/spring-security-login) - [Spring Security Form Login](http://www.baeldung.com/spring-security-login)
- [Spring Security Logout](http://www.baeldung.com/spring-security-logout) - [Spring Security Logout](http://www.baeldung.com/spring-security-logout)

15
spring-security-rest-full/README.md
View File

@ -1 +1,16 @@
========= =========
## Spring Security REST Tutorial
### Build the Project
```
mvn clean install
```
### Use the REST Service
```
curl http://localhost:8080/spring-security-rest-full/foos
```

14
spring-security-rest-full/src/main/java/org/baeldung/persistence/service/impl/FooService.java
View File

@ -1,14 +1,19 @@
package org.baeldung.persistence.service.impl; package org.baeldung.persistence.service.impl;
import java.util.List;
import org.baeldung.persistence.dao.IFooDao; import org.baeldung.persistence.dao.IFooDao;
import org.baeldung.persistence.model.Foo; import org.baeldung.persistence.model.Foo;
import org.baeldung.persistence.service.IFooService; import org.baeldung.persistence.service.IFooService;
import org.baeldung.persistence.service.common.AbstractService; import org.baeldung.persistence.service.common.AbstractService;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.repository.PagingAndSortingRepository; import org.springframework.data.repository.PagingAndSortingRepository;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Service; import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional; import org.springframework.transaction.annotation.Transactional;
import com.google.common.collect.Lists;
@Service @Service
@Transactional @Transactional
public class FooService extends AbstractService<Foo> implements IFooService { public class FooService extends AbstractService<Foo> implements IFooService {
@ -27,4 +32,13 @@ public class FooService extends AbstractService<Foo> implements IFooService {
return dao; return dao;
} }
// overridden to be secured
@Override
@Transactional(readOnly = true)
@PreAuthorize("hasRole('ROLE_ADMIN')")
public List<Foo> findAll() {
return Lists.newArrayList(getDao().findAll());
}
} }

30
spring-security-rest-full/src/main/java/org/baeldung/web/controller/FooController.java
View File

@ -1,6 +1,7 @@
package org.baeldung.web.controller; package org.baeldung.web.controller;
import java.net.URI; import java.net.URI;
import java.util.List;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
@ -41,12 +42,20 @@ public class FooController {
// API // API
// read
@RequestMapping(value = "/{id}", method = RequestMethod.GET) @RequestMapping(value = "/{id}", method = RequestMethod.GET)
@ResponseBody @ResponseBody
public Foo findOne(@PathVariable("id") final Long id, final UriComponentsBuilder uriBuilder, final HttpServletResponse response) { public Foo findOne(@PathVariable("id") final Long id, final UriComponentsBuilder uriBuilder, final HttpServletResponse response) {
return service.findOne(id); return service.findOne(id);
} }
@RequestMapping(method = RequestMethod.GET)
@ResponseBody
public List<Foo> findAll() {
return service.findAll();
}
@RequestMapping(value = "admin/foo/{id}", method = RequestMethod.GET) @RequestMapping(value = "admin/foo/{id}", method = RequestMethod.GET)
@ResponseBody @ResponseBody
public Foo get(@PathVariable("id") final Long id, final HttpServletRequest request, final HttpServletResponse response) { public Foo get(@PathVariable("id") final Long id, final HttpServletRequest request, final HttpServletResponse response) {
@ -56,15 +65,6 @@ public class FooController {
return resourceById; return resourceById;
} }
@RequestMapping(value = "admin/foo", method = RequestMethod.POST)
@ResponseStatus(HttpStatus.CREATED)
public void create(@RequestBody final Foo resource, final HttpServletRequest request, final HttpServletResponse response) {
Preconditions.checkNotNull(resource);
final Long idOfCreatedResource = service.create(resource).getId();
eventPublisher.publishEvent(new ResourceCreated(this, request, response, idOfCreatedResource));
}
@RequestMapping(value = "admin", method = RequestMethod.GET) @RequestMapping(value = "admin", method = RequestMethod.GET)
@ResponseStatus(value = HttpStatus.NO_CONTENT) @ResponseStatus(value = HttpStatus.NO_CONTENT)
public void adminRoot(final HttpServletRequest request, final HttpServletResponse response) { public void adminRoot(final HttpServletRequest request, final HttpServletResponse response) {
@ -74,4 +74,16 @@ public class FooController {
final String linkToFoo = LinkUtil.createLinkHeader(fooUri.toASCIIString(), "collection"); final String linkToFoo = LinkUtil.createLinkHeader(fooUri.toASCIIString(), "collection");
response.addHeader("Link", linkToFoo); response.addHeader("Link", linkToFoo);
} }
// write
@RequestMapping(value = "admin/foo", method = RequestMethod.POST)
@ResponseStatus(HttpStatus.CREATED)
public void create(@RequestBody final Foo resource, final HttpServletRequest request, final HttpServletResponse response) {
Preconditions.checkNotNull(resource);
final Long idOfCreatedResource = service.create(resource).getId();
eventPublisher.publishEvent(new ResourceCreated(this, request, response, idOfCreatedResource));
}
} }

31
spring-security-rest-full/src/main/resources/webSecurityConfig.xml
View File

@ -1,25 +1,26 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security" <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans" xsi:schemaLocation="
xsi:schemaLocation="
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd"> http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd">
<http pattern="/securityNone" security="none" /> <http pattern="/securityNone" security="none" />
<http use-expressions="true"> <http use-expressions="true">
<intercept-url pattern="/**" access="isAuthenticated()" /> <intercept-url pattern="/**" access="isAuthenticated()" />
<http-basic /> <http-basic />
</http> </http>
<authentication-manager> <authentication-manager>
<authentication-provider> <authentication-provider>
<user-service> <user-service>
<user name="user1" password="user1Pass" authorities="ROLE_USER" /> <user name="user1" password="user1Pass" authorities="ROLE_USER" />
</user-service> </user-service>
</authentication-provider> </authentication-provider>
</authentication-manager> </authentication-manager>
<global-method-security pre-post-annotations="enabled" />
</beans:beans> </beans:beans>