Spring Security for a Java EE Application (#2185)

* Introduction to JAX-WS[http://jira.baeldung.com/browse/BAEL-611]

* Introduction to JAX-WS[http://jira.baeldung.com/browse/BAEL-611]

* Removed unnecessary comment

* Introduction to JAX-WS[http://jira.baeldung.com/browse/BAEL-611]
Added Exception test cases

* Applied baeldung formatter in Eclipse

* Merged from https://github.com/eugenp/tutorials
Introduction to JAX-WS[http://jira.baeldung.com/browse/BAEL-611]

* Revert "Merged from https://github.com/eugenp/tutorials"

This reverts commit 74447a163b9e3f244a2578315fbdb525d20cd16b.

* Introduction to JAX-WS[http://jira.baeldung.com/browse/BAEL-611]

* Introduction to JAX-WS[http://jira.baeldung.com/browse/BAEL-611]

* Spring Security for a Java EE Application[http://jira.baeldung.com/browse/BAEL-884]

jee7/pom.xml

@@ -31,6 +31,7 @@
 		<arquillian-glassfish.version>1.0.0.Final</arquillian-glassfish.version>
 
 		<maven-war-plugin.version>2.6</maven-war-plugin.version>
+		<org.springframework.security.version>4.2.2.RELEASE</org.springframework.security.version>
 	</properties>
 
 	<prerequisites>
@@ -136,6 +137,34 @@
 			<artifactId>standard</artifactId>
 			<version>1.1.2</version>
 		</dependency>
+
+		<dependency>
+			<groupId>javax.mvc</groupId>
+			<artifactId>javax.mvc-api</artifactId>
+			<version>20160715</version>
+		</dependency>
+		<dependency>
+			<groupId>org.glassfish.ozark</groupId>
+			<artifactId>ozark</artifactId>
+			<version>20160715</version>
+		</dependency>
+
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-web</artifactId>
+			<version>${org.springframework.security.version}</version>
+		</dependency>
+
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-config</artifactId>
+			<version>${org.springframework.security.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-taglibs</artifactId>
+			<version>${org.springframework.security.version}</version>
+		</dependency>
 	</dependencies>
 
 	<build>
@@ -378,4 +407,18 @@
 			</properties>
 		</profile>
 	</profiles>
+
+	<repositories>
+		<repository>
+			<id>bintray-mvc-spec-maven</id>
+			<name>bintray</name>
+			<url>http://dl.bintray.com/mvc-spec/maven</url>
+			<releases>
+				<enabled>true</enabled>
+			</releases>
+			<snapshots>
+				<enabled>false</enabled>
+			</snapshots>
+		</repository>
+	</repositories>
 </project>

jee7/src/main/java/com/baeldung/springSecurity/ApplicationConfig.java

@@ -0,0 +1,13 @@
+package com.baeldung.springSecurity;
+
+import javax.ws.rs.ApplicationPath;
+import javax.ws.rs.core.Application;
+
+/**
+ * Application class required by JAX-RS. If you don't want to have any
+ * prefix in the URL, you can set the application path to "/".
+ */
+@ApplicationPath("/")
+public class ApplicationConfig extends Application {
+
+}

jee7/src/main/java/com/baeldung/springSecurity/SecurityWebApplicationInitializer.java

@@ -0,0 +1,10 @@
+package com.baeldung.springSecurity;
+
+import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
+
+public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {
+
+    public SecurityWebApplicationInitializer() {
+        super(SpringSecurityConfig.class);
+    }
+}

jee7/src/main/java/com/baeldung/springSecurity/SpringSecurityConfig.java

@@ -0,0 +1,46 @@
+package com.baeldung.springSecurity;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+@Configuration
+@EnableWebSecurity
+public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth
+          .inMemoryAuthentication()
+          .withUser("user1")
+          .password("user1Pass")
+          .roles("USER")
+          .and()
+          .withUser("admin")
+          .password("adminPass")
+          .roles("ADMIN");
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http
+          .csrf()
+          .disable()
+          .authorizeRequests()
+          .antMatchers("/auth/login*")
+          .anonymous()
+          .antMatchers("/home/admin*")
+          .hasRole("ADMIN")
+          .anyRequest()
+          .authenticated()
+          .and()
+          .formLogin()
+          .loginPage("/auth/login")
+          .defaultSuccessUrl("/home", true)
+          .failureUrl("/auth/login?error=true")
+          .and()
+          .logout()
+          .logoutSuccessUrl("/auth/login");
+    }
+}

jee7/src/main/java/com/baeldung/springSecurity/controller/HomeController.java

@@ -0,0 +1,28 @@
+package com.baeldung.springSecurity.controller;
+
+import javax.mvc.annotation.Controller;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+
+@Path("/home")
+@Controller
+public class HomeController {
+
+    @GET
+    public String home() {
+        return "home.jsp";
+    }
+
+    @GET
+    @Path("/user")
+    public String admin() {
+        return "user.jsp";
+    }
+
+    @GET
+    @Path("/admin")
+    public String user() {
+        return "admin.jsp";
+    }
+
+}

jee7/src/main/java/com/baeldung/springSecurity/controller/LoginController.java

@@ -0,0 +1,15 @@
+package com.baeldung.springSecurity.controller;
+
+import javax.mvc.annotation.Controller;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+
+@Path("/auth/login")
+@Controller
+public class LoginController {
+
+    @GET
+    public String login() {
+        return "login.jsp";
+    }
+}

jee7/src/main/webapp/WEB-INF/views/admin.jsp

@@ -0,0 +1,12 @@
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
+<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>
+<html>
+<head></head>
+
+<body>
+    <h1>Welcome to the ADMIN page</h1>
+
+    <a href="<c:url value="/logout" />">Logout</a>
+
+</body>
+</html>

jee7/src/main/webapp/WEB-INF/views/home.jsp

@@ -0,0 +1,26 @@
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
+<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>
+<html>
+<head></head>
+
+<body>
+    <h1>This is the body of the sample view</h1>
+
+    <security:authorize access="hasRole('USER')">
+        This text is only visible to a user
+        <br/> <br/>
+        <a href="<c:url value="/home/user" />">Restricted Admin Page</a>
+        <br/> <br/>
+    </security:authorize>
+	
+    <security:authorize access="hasRole('ADMIN')">
+        This text is only visible to an admin
+        <br/>
+        <a href="<c:url value="/home/admin" />">Admin Page</a>
+        <br/>
+    </security:authorize>
+
+    <a href="<c:url value="/logout" />">Logout</a>
+
+</body>
+</html>

jee7/src/main/webapp/WEB-INF/views/login.jsp

@@ -0,0 +1,26 @@
+<html>
+<head></head>
+
+<body>
+<h1>Login</h1>
+
+<form name='f' action="/auth/login" method='POST'>
+
+    <table>
+        <tr>
+            <td>User:</td>
+            <td><input type='text' name='username' value=''></td>
+        </tr>
+        <tr>
+            <td>Password:</td>
+            <td><input type='password' name='password'/></td>
+        </tr>
+        <tr>
+            <td><input name="submit" type="submit" value="submit"/></td>
+        </tr>
+    </table>
+
+</form>
+
+</body>
+</html>

jee7/src/main/webapp/WEB-INF/views/user.jsp

@@ -0,0 +1,12 @@
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
+<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>
+<html>
+<head></head>
+
+<body>
+    <h1>Welcome to the Restricted Admin page</h1>
+
+    <a href="<c:url value="/logout" />">Logout</a>
+
+</body>
+</html>