2 login pages config (#1081)

* 2 login pages config * fix links * small fix * fix formatting
2017-02-07 06:13:18 +02:00 · 2017-02-07 06:13:18 +02:00 · 24760595fa
parent 47889bc227
commit 24760595fa
10 changed files with 316 additions and 0 deletions
--- a/spring-mvc-forms/pom.xml
+++ b/spring-mvc-forms/pom.xml
@ -46,6 +46,23 @@
        	<artifactId>commons-fileupload</artifactId>
        	<version>${fileupload.version}</version>
        </dependency>
+        
+         <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-web</artifactId>
+            <version>${org.springframework.security.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-config</artifactId>
+            <version>${org.springframework.security.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-taglibs</artifactId>
+            <version>${org.springframework.security.version}</version>
+        </dependency>
+        
    </dependencies>
    <profiles>
        <!-- Local -->
@ -98,6 +115,7 @@
        <hibernate-validator.version>5.3.3.Final</hibernate-validator.version>
        <deploy-path>enter-location-of-server</deploy-path>
 		<fileupload.version>1.3.2</fileupload.version>
+		<org.springframework.security.version>4.2.1.RELEASE</org.springframework.security.version>
    </properties>

 </project>
--- a/spring-mvc-forms/src/main/java/com/baeldung/springmvcforms/configuration/SecurityConfig.java
+++ b/spring-mvc-forms/src/main/java/com/baeldung/springmvcforms/configuration/SecurityConfig.java
@ -0,0 +1,122 @@
+package com.baeldung.springmvcforms.configuration;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.TestingAuthenticationProvider;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig {
+
+    @Bean
+    public UserDetailsService userDetailsService() throws Exception {
+        InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
+        manager.createUser(User.withUsername("user")
+            .password("userPass")
+            .roles("USER")
+            .build());
+        manager.createUser(User.withUsername("admin")
+            .password("adminPass")
+            .roles("ADMIN")
+            .build());
+        return manager;
+    }
+
+    @Configuration
+    @Order(1)
+    public static class App1ConfigurationAdapter extends WebSecurityConfigurerAdapter {
+
+        public App1ConfigurationAdapter() {
+            super();
+        }
+
+        @Override
+        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+            auth.inMemoryAuthentication()
+                .withUser("admin")
+                .password("admin")
+                .roles("ADMIN");
+        }
+
+        @Override
+        protected void configure(HttpSecurity http) throws Exception {
+            http.antMatcher("/admin*")
+                .authorizeRequests()
+                .anyRequest()
+                .hasRole("ADMIN")
+                // log in
+                .and()
+                .formLogin()
+                .loginPage("/loginAdmin")
+                .loginProcessingUrl("/admin_login")
+                .failureUrl("/loginAdmin?error=loginError")
+                .defaultSuccessUrl("/adminPage")
+                // logout
+                .and()
+                .logout()
+                .logoutUrl("/admin_logout")
+                .logoutSuccessUrl("/protectedLinks")
+                .deleteCookies("JSESSIONID")
+                .and()
+                .exceptionHandling()
+                .accessDeniedPage("/403")
+                .and()
+                .csrf()
+                .disable();
+        }
+    }
+
+    @Configuration
+    @Order(2)
+    public static class App2ConfigurationAdapter extends WebSecurityConfigurerAdapter {
+
+        public App2ConfigurationAdapter() {
+            super();
+        }
+
+        @Override
+        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+            auth.inMemoryAuthentication()
+                .withUser("user")
+                .password("user")
+                .roles("USER");
+        }
+
+        protected void configure(HttpSecurity http) throws Exception {
+            http.antMatcher("/user*")
+                .authorizeRequests()
+                .anyRequest()
+                .hasRole("USER")
+                // log in
+                .and()
+                .formLogin()
+                .loginPage("/loginUser")
+                .loginProcessingUrl("/user_login")
+                .failureUrl("/loginUser?error=loginError")
+                .defaultSuccessUrl("/userPage")
+                // logout
+                .and()
+                .logout()
+                .logoutUrl("/user_logout")
+                .logoutSuccessUrl("/protectedLinks")
+                .deleteCookies("JSESSIONID")
+                .and()
+                .exceptionHandling()
+                .accessDeniedPage("/403")
+                .and()
+                .csrf()
+                .disable();
+        }
+    }
+
+}
--- a/spring-mvc-forms/src/main/java/com/baeldung/springmvcforms/configuration/WebInitializer.java
+++ b/spring-mvc-forms/src/main/java/com/baeldung/springmvcforms/configuration/WebInitializer.java
@ -3,6 +3,7 @@ package com.baeldung.springmvcforms.configuration;
 import org.springframework.web.WebApplicationInitializer;
 import org.springframework.web.context.ContextLoaderListener;
 import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
+import org.springframework.web.filter.DelegatingFilterProxy;
 import org.springframework.web.servlet.DispatcherServlet;

 import javax.servlet.ServletContext;
@ -24,6 +25,9 @@ public class WebInitializer implements WebApplicationInitializer {

 		servlet.setLoadOnStartup(1);
 		servlet.addMapping("/");
+		
+		container.addFilter("springSecurityFilterChain", new DelegatingFilterProxy("springSecurityFilterChain"))
+        .addMappingForUrlPatterns(null, false, "/*");
 	}
 //	@Override
 //	public void onStartup(ServletContext container) {
--- a/spring-mvc-forms/src/main/java/com/baeldung/springmvcforms/controller/UsersController.java
+++ b/spring-mvc-forms/src/main/java/com/baeldung/springmvcforms/controller/UsersController.java
@ -0,0 +1,38 @@
+package com.baeldung.springmvcforms.controller;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+@Controller
+public class UsersController {
+
+    @RequestMapping("/protectedLinks")
+    public String getAnonymousPage() {
+        return "protectedLinks";
+    }
+
+    @RequestMapping("/userPage")
+    public String getUserPage() {
+        return "userPage";
+    }
+
+    @RequestMapping("/adminPage")
+    public String getAdminPage() {
+        return "adminPage";
+    }
+
+    @RequestMapping("/loginAdmin")
+    public String getAdminLoginPage() {
+        return "loginAdmin";
+    }
+
+    @RequestMapping("/loginUser")
+    public String getUserLoginPage() {
+        return "loginUser";
+    }
+
+    @RequestMapping("/403")
+    public String getAccessDeniedPage() {
+        return "403";
+    }
+}
--- a/spring-mvc-forms/src/main/webapp/WEB-INF/views/403.jsp
+++ b/spring-mvc-forms/src/main/webapp/WEB-INF/views/403.jsp
@ -0,0 +1,12 @@
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
+    pageEncoding="ISO-8859-1"%>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title></title>
+</head>
+<body>
+Your do not have permission to view this page.
+</body>
+</html>
--- a/spring-mvc-forms/src/main/webapp/WEB-INF/views/adminPage.jsp
+++ b/spring-mvc-forms/src/main/webapp/WEB-INF/views/adminPage.jsp
@ -0,0 +1,16 @@
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
+    pageEncoding="ISO-8859-1"%>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Insert title here</title>
+</head>
+<body>
+Welcome admin! <a href="<c:url value='/admin_logout' /> " >Logout</a>
+
+<br /><br />
+<a href="<c:url value='/protectedLinks' /> " >Back to links</a>
+</body>
+</html>
--- a/spring-mvc-forms/src/main/webapp/WEB-INF/views/loginAdmin.jsp
+++ b/spring-mvc-forms/src/main/webapp/WEB-INF/views/loginAdmin.jsp
@ -0,0 +1,38 @@
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
+	pageEncoding="ISO-8859-1"%>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Insert title here</title>
+</head>
+<body>
+
+    <p>Admin login page</p>
+    <form name="f" action="admin_login" method="POST">
+
+        <table>
+            <tr>
+                <td>User:</td>
+                <td><input type="text" name="username" value=""></td>
+            </tr>
+            <tr>
+                <td>Password:</td>
+                <td><input type="password" name="password" /></td>
+            </tr>
+            <tr>
+                <td><input name="submit" type="submit" value="submit" /></td>
+            </tr>
+        </table>
+
+    </form>
+
+    <%
+        if (request.getParameter("error") != null) {
+            out.println("Login failed!");
+        }
+    %>
+
+</body>
+</html>
--- a/spring-mvc-forms/src/main/webapp/WEB-INF/views/loginUser.jsp
+++ b/spring-mvc-forms/src/main/webapp/WEB-INF/views/loginUser.jsp
@ -0,0 +1,37 @@
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
+	pageEncoding="ISO-8859-1"%>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Login</title>
+</head>
+<body>
+
+    <p>User login page</p>
+	
+    <form name="f" action="user_login" method="POST">	
+        <table>
+            <tr>
+                <td>User:</td>
+                <td><input type="text" name="username" value=""></td>
+            </tr>
+            <tr>
+                <td>Password:</td>
+                <td><input type="password" name="password" /></td>
+            </tr>
+            <tr>
+                <td><input name="submit" type="submit" value="submit" /></td>
+            </tr>
+        </table>
+
+    </form>
+    <%
+        if (request.getParameter("error") != null) {
+            out.println("Login failed!");
+        }
+    %>
+
+</body>
+</html>
--- a/spring-mvc-forms/src/main/webapp/WEB-INF/views/protectedLinks.jsp
+++ b/spring-mvc-forms/src/main/webapp/WEB-INF/views/protectedLinks.jsp
@ -0,0 +1,16 @@
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
+    pageEncoding="ISO-8859-1"%>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Insert title here</title>
+</head>
+<body>
+
+<a href="<c:url value="/userPage" />">User page</a>
+<br />
+<a href="<c:url value="/adminPage" />">Admin page</a>
+</body>
+</html>
--- a/spring-mvc-forms/src/main/webapp/WEB-INF/views/userPage.jsp
+++ b/spring-mvc-forms/src/main/webapp/WEB-INF/views/userPage.jsp
@ -0,0 +1,15 @@
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
+    pageEncoding="ISO-8859-1"%>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Insert title here</title>
+</head>
+<body>
+Welcome user! <a href="<c:url value='/user_logout' /> " >Logout</a>
+<br /><br />
+<a href="<c:url value='/protectedLinks' /> " >Back to links</a>
+</body>
+</html>