Spring Security for a Java EE Application (#2185)

* Introduction to JAX-WS[http://jira.baeldung.com/browse/BAEL-611]

* Introduction to JAX-WS[http://jira.baeldung.com/browse/BAEL-611]

* Removed unnecessary comment

* Introduction to JAX-WS[http://jira.baeldung.com/browse/BAEL-611]
Added Exception test cases

* Applied baeldung formatter in Eclipse

* Merged from https://github.com/eugenp/tutorials
Introduction to JAX-WS[http://jira.baeldung.com/browse/BAEL-611]

* Revert "Merged from https://github.com/eugenp/tutorials"

This reverts commit 74447a163b9e3f244a2578315fbdb525d20cd16b.

* Introduction to JAX-WS[http://jira.baeldung.com/browse/BAEL-611]

* Introduction to JAX-WS[http://jira.baeldung.com/browse/BAEL-611]

* Spring Security for a Java EE Application[http://jira.baeldung.com/browse/BAEL-884]
This commit is contained in:
Eunice A. Obugyei 2017-07-01 21:09:51 +00:00 committed by Zeger Hendrikse
parent 9f9024c539
commit 37360b9f29
10 changed files with 231 additions and 0 deletions

View File

@ -31,6 +31,7 @@
<arquillian-glassfish.version>1.0.0.Final</arquillian-glassfish.version> <arquillian-glassfish.version>1.0.0.Final</arquillian-glassfish.version>
<maven-war-plugin.version>2.6</maven-war-plugin.version> <maven-war-plugin.version>2.6</maven-war-plugin.version>
<org.springframework.security.version>4.2.2.RELEASE</org.springframework.security.version>
</properties> </properties>
<prerequisites> <prerequisites>
@ -136,6 +137,34 @@
<artifactId>standard</artifactId> <artifactId>standard</artifactId>
<version>1.1.2</version> <version>1.1.2</version>
</dependency> </dependency>
<dependency>
<groupId>javax.mvc</groupId>
<artifactId>javax.mvc-api</artifactId>
<version>20160715</version>
</dependency>
<dependency>
<groupId>org.glassfish.ozark</groupId>
<artifactId>ozark</artifactId>
<version>20160715</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${org.springframework.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${org.springframework.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>${org.springframework.security.version}</version>
</dependency>
</dependencies> </dependencies>
<build> <build>
@ -378,4 +407,18 @@
</properties> </properties>
</profile> </profile>
</profiles> </profiles>
<repositories>
<repository>
<id>bintray-mvc-spec-maven</id>
<name>bintray</name>
<url>http://dl.bintray.com/mvc-spec/maven</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>false</enabled>
</snapshots>
</repository>
</repositories>
</project> </project>

View File

@ -0,0 +1,13 @@
package com.baeldung.springSecurity;
import javax.ws.rs.ApplicationPath;
import javax.ws.rs.core.Application;
/**
* Application class required by JAX-RS. If you don't want to have any
* prefix in the URL, you can set the application path to "/".
*/
@ApplicationPath("/")
public class ApplicationConfig extends Application {
}

View File

@ -0,0 +1,10 @@
package com.baeldung.springSecurity;
import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {
public SecurityWebApplicationInitializer() {
super(SpringSecurityConfig.class);
}
}

View File

@ -0,0 +1,46 @@
package com.baeldung.springSecurity;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user1")
.password("user1Pass")
.roles("USER")
.and()
.withUser("admin")
.password("adminPass")
.roles("ADMIN");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf()
.disable()
.authorizeRequests()
.antMatchers("/auth/login*")
.anonymous()
.antMatchers("/home/admin*")
.hasRole("ADMIN")
.anyRequest()
.authenticated()
.and()
.formLogin()
.loginPage("/auth/login")
.defaultSuccessUrl("/home", true)
.failureUrl("/auth/login?error=true")
.and()
.logout()
.logoutSuccessUrl("/auth/login");
}
}

View File

@ -0,0 +1,28 @@
package com.baeldung.springSecurity.controller;
import javax.mvc.annotation.Controller;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
@Path("/home")
@Controller
public class HomeController {
@GET
public String home() {
return "home.jsp";
}
@GET
@Path("/user")
public String admin() {
return "user.jsp";
}
@GET
@Path("/admin")
public String user() {
return "admin.jsp";
}
}

View File

@ -0,0 +1,15 @@
package com.baeldung.springSecurity.controller;
import javax.mvc.annotation.Controller;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
@Path("/auth/login")
@Controller
public class LoginController {
@GET
public String login() {
return "login.jsp";
}
}

View File

@ -0,0 +1,12 @@
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>
<html>
<head></head>
<body>
<h1>Welcome to the ADMIN page</h1>
<a href="<c:url value="/logout" />">Logout</a>
</body>
</html>

View File

@ -0,0 +1,26 @@
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>
<html>
<head></head>
<body>
<h1>This is the body of the sample view</h1>
<security:authorize access="hasRole('USER')">
This text is only visible to a user
<br/> <br/>
<a href="<c:url value="/home/user" />">Restricted Admin Page</a>
<br/> <br/>
</security:authorize>
<security:authorize access="hasRole('ADMIN')">
This text is only visible to an admin
<br/>
<a href="<c:url value="/home/admin" />">Admin Page</a>
<br/>
</security:authorize>
<a href="<c:url value="/logout" />">Logout</a>
</body>
</html>

View File

@ -0,0 +1,26 @@
<html>
<head></head>
<body>
<h1>Login</h1>
<form name='f' action="/auth/login" method='POST'>
<table>
<tr>
<td>User:</td>
<td><input type='text' name='username' value=''></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='password'/></td>
</tr>
<tr>
<td><input name="submit" type="submit" value="submit"/></td>
</tr>
</table>
</form>
</body>
</html>

View File

@ -0,0 +1,12 @@
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>
<html>
<head></head>
<body>
<h1>Welcome to the Restricted Admin page</h1>
<a href="<c:url value="/logout" />">Logout</a>
</body>
</html>