Spring Security for a Java EE Application (#2185)
* Introduction to JAX-WS[http://jira.baeldung.com/browse/BAEL-611] * Introduction to JAX-WS[http://jira.baeldung.com/browse/BAEL-611] * Removed unnecessary comment * Introduction to JAX-WS[http://jira.baeldung.com/browse/BAEL-611] Added Exception test cases * Applied baeldung formatter in Eclipse * Merged from https://github.com/eugenp/tutorials Introduction to JAX-WS[http://jira.baeldung.com/browse/BAEL-611] * Revert "Merged from https://github.com/eugenp/tutorials" This reverts commit 74447a163b9e3f244a2578315fbdb525d20cd16b. * Introduction to JAX-WS[http://jira.baeldung.com/browse/BAEL-611] * Introduction to JAX-WS[http://jira.baeldung.com/browse/BAEL-611] * Spring Security for a Java EE Application[http://jira.baeldung.com/browse/BAEL-884]
This commit is contained in:
parent
9f9024c539
commit
37360b9f29
43
jee7/pom.xml
43
jee7/pom.xml
|
@ -31,6 +31,7 @@
|
||||||
<arquillian-glassfish.version>1.0.0.Final</arquillian-glassfish.version>
|
<arquillian-glassfish.version>1.0.0.Final</arquillian-glassfish.version>
|
||||||
|
|
||||||
<maven-war-plugin.version>2.6</maven-war-plugin.version>
|
<maven-war-plugin.version>2.6</maven-war-plugin.version>
|
||||||
|
<org.springframework.security.version>4.2.2.RELEASE</org.springframework.security.version>
|
||||||
</properties>
|
</properties>
|
||||||
|
|
||||||
<prerequisites>
|
<prerequisites>
|
||||||
|
@ -136,6 +137,34 @@
|
||||||
<artifactId>standard</artifactId>
|
<artifactId>standard</artifactId>
|
||||||
<version>1.1.2</version>
|
<version>1.1.2</version>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
|
||||||
|
<dependency>
|
||||||
|
<groupId>javax.mvc</groupId>
|
||||||
|
<artifactId>javax.mvc-api</artifactId>
|
||||||
|
<version>20160715</version>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.glassfish.ozark</groupId>
|
||||||
|
<artifactId>ozark</artifactId>
|
||||||
|
<version>20160715</version>
|
||||||
|
</dependency>
|
||||||
|
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.springframework.security</groupId>
|
||||||
|
<artifactId>spring-security-web</artifactId>
|
||||||
|
<version>${org.springframework.security.version}</version>
|
||||||
|
</dependency>
|
||||||
|
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.springframework.security</groupId>
|
||||||
|
<artifactId>spring-security-config</artifactId>
|
||||||
|
<version>${org.springframework.security.version}</version>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.springframework.security</groupId>
|
||||||
|
<artifactId>spring-security-taglibs</artifactId>
|
||||||
|
<version>${org.springframework.security.version}</version>
|
||||||
|
</dependency>
|
||||||
</dependencies>
|
</dependencies>
|
||||||
|
|
||||||
<build>
|
<build>
|
||||||
|
@ -378,4 +407,18 @@
|
||||||
</properties>
|
</properties>
|
||||||
</profile>
|
</profile>
|
||||||
</profiles>
|
</profiles>
|
||||||
|
|
||||||
|
<repositories>
|
||||||
|
<repository>
|
||||||
|
<id>bintray-mvc-spec-maven</id>
|
||||||
|
<name>bintray</name>
|
||||||
|
<url>http://dl.bintray.com/mvc-spec/maven</url>
|
||||||
|
<releases>
|
||||||
|
<enabled>true</enabled>
|
||||||
|
</releases>
|
||||||
|
<snapshots>
|
||||||
|
<enabled>false</enabled>
|
||||||
|
</snapshots>
|
||||||
|
</repository>
|
||||||
|
</repositories>
|
||||||
</project>
|
</project>
|
||||||
|
|
|
@ -0,0 +1,13 @@
|
||||||
|
package com.baeldung.springSecurity;
|
||||||
|
|
||||||
|
import javax.ws.rs.ApplicationPath;
|
||||||
|
import javax.ws.rs.core.Application;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Application class required by JAX-RS. If you don't want to have any
|
||||||
|
* prefix in the URL, you can set the application path to "/".
|
||||||
|
*/
|
||||||
|
@ApplicationPath("/")
|
||||||
|
public class ApplicationConfig extends Application {
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,10 @@
|
||||||
|
package com.baeldung.springSecurity;
|
||||||
|
|
||||||
|
import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
|
||||||
|
|
||||||
|
public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {
|
||||||
|
|
||||||
|
public SecurityWebApplicationInitializer() {
|
||||||
|
super(SpringSecurityConfig.class);
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,46 @@
|
||||||
|
package com.baeldung.springSecurity;
|
||||||
|
|
||||||
|
import org.springframework.context.annotation.Configuration;
|
||||||
|
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||||
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||||
|
|
||||||
|
@Configuration
|
||||||
|
@EnableWebSecurity
|
||||||
|
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||||
|
@Override
|
||||||
|
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
||||||
|
auth
|
||||||
|
.inMemoryAuthentication()
|
||||||
|
.withUser("user1")
|
||||||
|
.password("user1Pass")
|
||||||
|
.roles("USER")
|
||||||
|
.and()
|
||||||
|
.withUser("admin")
|
||||||
|
.password("adminPass")
|
||||||
|
.roles("ADMIN");
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected void configure(HttpSecurity http) throws Exception {
|
||||||
|
http
|
||||||
|
.csrf()
|
||||||
|
.disable()
|
||||||
|
.authorizeRequests()
|
||||||
|
.antMatchers("/auth/login*")
|
||||||
|
.anonymous()
|
||||||
|
.antMatchers("/home/admin*")
|
||||||
|
.hasRole("ADMIN")
|
||||||
|
.anyRequest()
|
||||||
|
.authenticated()
|
||||||
|
.and()
|
||||||
|
.formLogin()
|
||||||
|
.loginPage("/auth/login")
|
||||||
|
.defaultSuccessUrl("/home", true)
|
||||||
|
.failureUrl("/auth/login?error=true")
|
||||||
|
.and()
|
||||||
|
.logout()
|
||||||
|
.logoutSuccessUrl("/auth/login");
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,28 @@
|
||||||
|
package com.baeldung.springSecurity.controller;
|
||||||
|
|
||||||
|
import javax.mvc.annotation.Controller;
|
||||||
|
import javax.ws.rs.GET;
|
||||||
|
import javax.ws.rs.Path;
|
||||||
|
|
||||||
|
@Path("/home")
|
||||||
|
@Controller
|
||||||
|
public class HomeController {
|
||||||
|
|
||||||
|
@GET
|
||||||
|
public String home() {
|
||||||
|
return "home.jsp";
|
||||||
|
}
|
||||||
|
|
||||||
|
@GET
|
||||||
|
@Path("/user")
|
||||||
|
public String admin() {
|
||||||
|
return "user.jsp";
|
||||||
|
}
|
||||||
|
|
||||||
|
@GET
|
||||||
|
@Path("/admin")
|
||||||
|
public String user() {
|
||||||
|
return "admin.jsp";
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,15 @@
|
||||||
|
package com.baeldung.springSecurity.controller;
|
||||||
|
|
||||||
|
import javax.mvc.annotation.Controller;
|
||||||
|
import javax.ws.rs.GET;
|
||||||
|
import javax.ws.rs.Path;
|
||||||
|
|
||||||
|
@Path("/auth/login")
|
||||||
|
@Controller
|
||||||
|
public class LoginController {
|
||||||
|
|
||||||
|
@GET
|
||||||
|
public String login() {
|
||||||
|
return "login.jsp";
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,12 @@
|
||||||
|
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
|
||||||
|
<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>
|
||||||
|
<html>
|
||||||
|
<head></head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
<h1>Welcome to the ADMIN page</h1>
|
||||||
|
|
||||||
|
<a href="<c:url value="/logout" />">Logout</a>
|
||||||
|
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,26 @@
|
||||||
|
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
|
||||||
|
<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>
|
||||||
|
<html>
|
||||||
|
<head></head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
<h1>This is the body of the sample view</h1>
|
||||||
|
|
||||||
|
<security:authorize access="hasRole('USER')">
|
||||||
|
This text is only visible to a user
|
||||||
|
<br/> <br/>
|
||||||
|
<a href="<c:url value="/home/user" />">Restricted Admin Page</a>
|
||||||
|
<br/> <br/>
|
||||||
|
</security:authorize>
|
||||||
|
|
||||||
|
<security:authorize access="hasRole('ADMIN')">
|
||||||
|
This text is only visible to an admin
|
||||||
|
<br/>
|
||||||
|
<a href="<c:url value="/home/admin" />">Admin Page</a>
|
||||||
|
<br/>
|
||||||
|
</security:authorize>
|
||||||
|
|
||||||
|
<a href="<c:url value="/logout" />">Logout</a>
|
||||||
|
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,26 @@
|
||||||
|
<html>
|
||||||
|
<head></head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
<h1>Login</h1>
|
||||||
|
|
||||||
|
<form name='f' action="/auth/login" method='POST'>
|
||||||
|
|
||||||
|
<table>
|
||||||
|
<tr>
|
||||||
|
<td>User:</td>
|
||||||
|
<td><input type='text' name='username' value=''></td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>Password:</td>
|
||||||
|
<td><input type='password' name='password'/></td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td><input name="submit" type="submit" value="submit"/></td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
|
||||||
|
</form>
|
||||||
|
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,12 @@
|
||||||
|
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
|
||||||
|
<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>
|
||||||
|
<html>
|
||||||
|
<head></head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
<h1>Welcome to the Restricted Admin page</h1>
|
||||||
|
|
||||||
|
<a href="<c:url value="/logout" />">Logout</a>
|
||||||
|
|
||||||
|
</body>
|
||||||
|
</html>
|
Loading…
Reference in New Issue