diff --git a/spring-security-modules/spring-security-core/.gitignore b/spring-security-modules/spring-security-core/.gitignore index 83c05e60c8..9f970225ad 100644 --- a/spring-security-modules/spring-security-core/.gitignore +++ b/spring-security-modules/spring-security-core/.gitignore @@ -1,13 +1 @@ -*.class - -#folders# -/target -/neoDb* -/data -/src/main/webapp/WEB-INF/classes -*/META-INF/* - -# Packaged files # -*.jar -*.war -*.ear \ No newline at end of file +target/ \ No newline at end of file diff --git a/spring-security-modules/spring-security-core/README.md b/spring-security-modules/spring-security-core/README.md index 3579e5e759..6b1f236b7c 100644 --- a/spring-security-modules/spring-security-core/README.md +++ b/spring-security-modules/spring-security-core/README.md @@ -8,8 +8,6 @@ This module contains articles about core Spring Security - [Introduction to Spring Method Security](https://www.baeldung.com/spring-security-method-security) - [Overview and Need for DelegatingFilterProxy in Spring](https://www.baeldung.com/spring-delegating-filter-proxy) -### @PreFilter and @PostFilter annotations - -#### Build the Project +### Build the Project `mvn clean install` diff --git a/spring-security-modules/spring-security-core/src/main/java/com/baeldung/app/App.java b/spring-security-modules/spring-security-core/src/main/java/com/baeldung/app/App.java index d23df9adef..6e41a53967 100644 --- a/spring-security-modules/spring-security-core/src/main/java/com/baeldung/app/App.java +++ b/spring-security-modules/spring-security-core/src/main/java/com/baeldung/app/App.java @@ -12,9 +12,6 @@ import org.springframework.web.filter.DelegatingFilterProxy; import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer; @SpringBootApplication -@EnableJpaRepositories("com.baeldung.repository") -@ComponentScan("com.baeldung") -@EntityScan("com.baeldung.entity") public class App extends SpringBootServletInitializer { public static void main(String[] args) { SpringApplication.run(App.class, args); @@ -31,19 +28,16 @@ public class App extends SpringBootServletInitializer { @Override protected Class[] getRootConfigClasses() { - // TODO Auto-generated method stub return null; } @Override protected Class[] getServletConfigClasses() { - // TODO Auto-generated method stub return null; } @Override protected String[] getServletMappings() { - // TODO Auto-generated method stub return null; } } diff --git a/spring-security-modules/spring-security-core/src/main/java/com/baeldung/auditing/ExposeAttemptedPathAuthorizationAuditListener.java b/spring-security-modules/spring-security-core/src/main/java/com/baeldung/app/auditing/ExposeAttemptedPathAuthorizationAuditListener.java similarity index 97% rename from spring-security-modules/spring-security-core/src/main/java/com/baeldung/auditing/ExposeAttemptedPathAuthorizationAuditListener.java rename to spring-security-modules/spring-security-core/src/main/java/com/baeldung/app/auditing/ExposeAttemptedPathAuthorizationAuditListener.java index 615d14584f..d238c157df 100644 --- a/spring-security-modules/spring-security-core/src/main/java/com/baeldung/auditing/ExposeAttemptedPathAuthorizationAuditListener.java +++ b/spring-security-modules/spring-security-core/src/main/java/com/baeldung/app/auditing/ExposeAttemptedPathAuthorizationAuditListener.java @@ -1,4 +1,4 @@ -package com.baeldung.auditing; +package com.baeldung.app.auditing; import org.springframework.boot.actuate.audit.AuditEvent; import org.springframework.boot.actuate.security.AbstractAuthorizationAuditListener; diff --git a/spring-security-modules/spring-security-core/src/main/java/com/baeldung/auditing/LoginAttemptsLogger.java b/spring-security-modules/spring-security-core/src/main/java/com/baeldung/app/auditing/LoginAttemptsLogger.java similarity index 96% rename from spring-security-modules/spring-security-core/src/main/java/com/baeldung/auditing/LoginAttemptsLogger.java rename to spring-security-modules/spring-security-core/src/main/java/com/baeldung/app/auditing/LoginAttemptsLogger.java index d06c3e24e1..e775006953 100644 --- a/spring-security-modules/spring-security-core/src/main/java/com/baeldung/auditing/LoginAttemptsLogger.java +++ b/spring-security-modules/spring-security-core/src/main/java/com/baeldung/app/auditing/LoginAttemptsLogger.java @@ -1,4 +1,4 @@ -package com.baeldung.auditing; +package com.baeldung.app.auditing; import org.slf4j.Logger; import org.slf4j.LoggerFactory; diff --git a/spring-security-modules/spring-security-core/src/main/java/com/baeldung/config/DatabaseLoader.java b/spring-security-modules/spring-security-core/src/main/java/com/baeldung/app/config/DatabaseLoader.java similarity index 85% rename from spring-security-modules/spring-security-core/src/main/java/com/baeldung/config/DatabaseLoader.java rename to spring-security-modules/spring-security-core/src/main/java/com/baeldung/app/config/DatabaseLoader.java index 7f22c3ec99..9d06d5f7ac 100644 --- a/spring-security-modules/spring-security-core/src/main/java/com/baeldung/config/DatabaseLoader.java +++ b/spring-security-modules/spring-security-core/src/main/java/com/baeldung/app/config/DatabaseLoader.java @@ -1,11 +1,11 @@ -package com.baeldung.config; +package com.baeldung.app.config; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.CommandLineRunner; import org.springframework.stereotype.Component; -import com.baeldung.entity.Task; -import com.baeldung.repository.TaskRepository; +import com.baeldung.app.entity.Task; +import com.baeldung.app.repository.TaskRepository; @Component public class DatabaseLoader implements CommandLineRunner { diff --git a/spring-security-modules/spring-security-core/src/main/java/com/baeldung/config/WebSecurityConfig.java b/spring-security-modules/spring-security-core/src/main/java/com/baeldung/app/config/WebSecurityConfig.java similarity index 98% rename from spring-security-modules/spring-security-core/src/main/java/com/baeldung/config/WebSecurityConfig.java rename to spring-security-modules/spring-security-core/src/main/java/com/baeldung/app/config/WebSecurityConfig.java index be11a0fde5..15af160135 100644 --- a/spring-security-modules/spring-security-core/src/main/java/com/baeldung/config/WebSecurityConfig.java +++ b/spring-security-modules/spring-security-core/src/main/java/com/baeldung/app/config/WebSecurityConfig.java @@ -1,4 +1,4 @@ -package com.baeldung.config; +package com.baeldung.app.config; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; diff --git a/spring-security-modules/spring-security-core/src/main/java/com/baeldung/controller/TaskController.java b/spring-security-modules/spring-security-core/src/main/java/com/baeldung/app/controller/TaskController.java similarity index 89% rename from spring-security-modules/spring-security-core/src/main/java/com/baeldung/controller/TaskController.java rename to spring-security-modules/spring-security-core/src/main/java/com/baeldung/app/controller/TaskController.java index 91156354b1..a084f14eca 100644 --- a/spring-security-modules/spring-security-core/src/main/java/com/baeldung/controller/TaskController.java +++ b/spring-security-modules/spring-security-core/src/main/java/com/baeldung/app/controller/TaskController.java @@ -1,4 +1,4 @@ -package com.baeldung.controller; +package com.baeldung.app.controller; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.ResponseEntity; @@ -7,8 +7,8 @@ import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; -import com.baeldung.entity.Task; -import com.baeldung.service.TaskService; +import com.baeldung.app.entity.Task; +import com.baeldung.app.service.TaskService; @Controller @RequestMapping("api/tasks") diff --git a/spring-security-modules/spring-security-core/src/main/java/com/baeldung/entity/Task.java b/spring-security-modules/spring-security-core/src/main/java/com/baeldung/app/entity/Task.java similarity index 96% rename from spring-security-modules/spring-security-core/src/main/java/com/baeldung/entity/Task.java rename to spring-security-modules/spring-security-core/src/main/java/com/baeldung/app/entity/Task.java index 9103c342cc..d2a8a1383d 100644 --- a/spring-security-modules/spring-security-core/src/main/java/com/baeldung/entity/Task.java +++ b/spring-security-modules/spring-security-core/src/main/java/com/baeldung/app/entity/Task.java @@ -1,4 +1,4 @@ -package com.baeldung.entity; +package com.baeldung.app.entity; import javax.persistence.Entity; import javax.persistence.GeneratedValue; diff --git a/spring-security-modules/spring-security-core/src/main/java/com/baeldung/filter/CustomFilter.java b/spring-security-modules/spring-security-core/src/main/java/com/baeldung/app/filter/CustomFilter.java similarity index 96% rename from spring-security-modules/spring-security-core/src/main/java/com/baeldung/filter/CustomFilter.java rename to spring-security-modules/spring-security-core/src/main/java/com/baeldung/app/filter/CustomFilter.java index e748b373b7..7229e4606f 100644 --- a/spring-security-modules/spring-security-core/src/main/java/com/baeldung/filter/CustomFilter.java +++ b/spring-security-modules/spring-security-core/src/main/java/com/baeldung/app/filter/CustomFilter.java @@ -1,4 +1,4 @@ -package com.baeldung.filter; +package com.baeldung.app.filter; import java.io.IOException; diff --git a/spring-security-modules/spring-security-core/src/main/java/com/baeldung/repository/TaskRepository.java b/spring-security-modules/spring-security-core/src/main/java/com/baeldung/app/repository/TaskRepository.java similarity index 64% rename from spring-security-modules/spring-security-core/src/main/java/com/baeldung/repository/TaskRepository.java rename to spring-security-modules/spring-security-core/src/main/java/com/baeldung/app/repository/TaskRepository.java index afb999719c..ac0f850891 100644 --- a/spring-security-modules/spring-security-core/src/main/java/com/baeldung/repository/TaskRepository.java +++ b/spring-security-modules/spring-security-core/src/main/java/com/baeldung/app/repository/TaskRepository.java @@ -1,8 +1,8 @@ -package com.baeldung.repository; +package com.baeldung.app.repository; import org.springframework.data.repository.CrudRepository; -import com.baeldung.entity.Task; +import com.baeldung.app.entity.Task; public interface TaskRepository extends CrudRepository { diff --git a/spring-security-modules/spring-security-core/src/main/java/com/baeldung/service/TaskService.java b/spring-security-modules/spring-security-core/src/main/java/com/baeldung/app/service/TaskService.java similarity index 85% rename from spring-security-modules/spring-security-core/src/main/java/com/baeldung/service/TaskService.java rename to spring-security-modules/spring-security-core/src/main/java/com/baeldung/app/service/TaskService.java index 1269eb4fd0..20d53ac77a 100644 --- a/spring-security-modules/spring-security-core/src/main/java/com/baeldung/service/TaskService.java +++ b/spring-security-modules/spring-security-core/src/main/java/com/baeldung/app/service/TaskService.java @@ -1,12 +1,12 @@ -package com.baeldung.service; +package com.baeldung.app.service; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.access.prepost.PostFilter; import org.springframework.security.access.prepost.PreFilter; import org.springframework.stereotype.Service; -import com.baeldung.entity.Task; -import com.baeldung.repository.TaskRepository; +import com.baeldung.app.entity.Task; +import com.baeldung.app.repository.TaskRepository; @Service public class TaskService { diff --git a/spring-security-modules/spring-security-core/src/main/java/com/baeldung/denyonmissing/CustomPermissionAllowedMethodSecurityMetadataSource.java b/spring-security-modules/spring-security-core/src/main/java/com/baeldung/denyonmissing/CustomPermissionAllowedMethodSecurityMetadataSource.java new file mode 100644 index 0000000000..4bde3f5aa3 --- /dev/null +++ b/spring-security-modules/spring-security-core/src/main/java/com/baeldung/denyonmissing/CustomPermissionAllowedMethodSecurityMetadataSource.java @@ -0,0 +1,49 @@ +package com.baeldung.denyonmissing; + +import static org.springframework.security.access.annotation.Jsr250SecurityConfig.DENY_ALL_ATTRIBUTE; + +import java.lang.annotation.Annotation; +import java.lang.reflect.Method; +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; + +import org.springframework.core.annotation.AnnotationUtils; +import org.springframework.security.access.ConfigAttribute; +import org.springframework.security.access.method.AbstractFallbackMethodSecurityMetadataSource; +import org.springframework.security.access.prepost.PostAuthorize; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.stereotype.Controller; + +public class CustomPermissionAllowedMethodSecurityMetadataSource extends AbstractFallbackMethodSecurityMetadataSource { + @Override + protected Collection findAttributes(Class clazz) { + return null; + } + + @Override + protected Collection findAttributes(Method method, Class targetClass) { + Annotation[] annotations = AnnotationUtils.getAnnotations(method); + List attributes = new ArrayList<>(); + + // if the class is annotated as @Controller we should by default deny access to every method + if (AnnotationUtils.findAnnotation(targetClass, Controller.class) != null) { + attributes.add(DENY_ALL_ATTRIBUTE); + } + + if (annotations != null) { + for (Annotation a : annotations) { + // but not if the method has at least a PreAuthorize or PostAuthorize annotation + if (a instanceof PreAuthorize || a instanceof PostAuthorize) { + return null; + } + } + } + return attributes; + } + + @Override + public Collection getAllConfigAttributes() { + return null; + } +} \ No newline at end of file diff --git a/spring-security-modules/spring-security-core/src/main/java/com/baeldung/denyonmissing/DenyApplication.java b/spring-security-modules/spring-security-core/src/main/java/com/baeldung/denyonmissing/DenyApplication.java new file mode 100644 index 0000000000..d5d28ae210 --- /dev/null +++ b/spring-security-modules/spring-security-core/src/main/java/com/baeldung/denyonmissing/DenyApplication.java @@ -0,0 +1,11 @@ +package com.baeldung.denyonmissing; + +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; + +@SpringBootApplication +public class DenyApplication { + public static void main(String[] args) { + SpringApplication.run(DenyApplication.class, args); + } +} diff --git a/spring-security-modules/spring-security-core/src/main/java/com/baeldung/denyonmissing/DenyMethodSecurityConfig.java b/spring-security-modules/spring-security-core/src/main/java/com/baeldung/denyonmissing/DenyMethodSecurityConfig.java new file mode 100644 index 0000000000..695f81eb54 --- /dev/null +++ b/spring-security-modules/spring-security-core/src/main/java/com/baeldung/denyonmissing/DenyMethodSecurityConfig.java @@ -0,0 +1,29 @@ +package com.baeldung.denyonmissing; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.access.method.MethodSecurityMetadataSource; +import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; +import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.provisioning.InMemoryUserDetailsManager; + +@Configuration +@EnableWebSecurity +@EnableGlobalMethodSecurity(prePostEnabled = true) +public class DenyMethodSecurityConfig extends GlobalMethodSecurityConfiguration { + @Override + protected MethodSecurityMetadataSource customMethodSecurityMetadataSource() { + return new CustomPermissionAllowedMethodSecurityMetadataSource(); + } + + @Bean + public UserDetailsService userDetailsService() { + return new InMemoryUserDetailsManager( + User.withUsername("user").password("{noop}password").roles("USER").build(), + User.withUsername("guest").password("{noop}password").roles().build() + ); + } +} diff --git a/spring-security-modules/spring-security-core/src/main/java/com/baeldung/denyonmissing/DenyOnMissingController.java b/spring-security-modules/spring-security-core/src/main/java/com/baeldung/denyonmissing/DenyOnMissingController.java new file mode 100644 index 0000000000..ef8881d3b7 --- /dev/null +++ b/spring-security-modules/spring-security-core/src/main/java/com/baeldung/denyonmissing/DenyOnMissingController.java @@ -0,0 +1,19 @@ +package com.baeldung.denyonmissing; + +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RestController; + +@RestController +public class DenyOnMissingController { + @GetMapping(path = "hello") + @PreAuthorize("hasRole('USER')") + public String hello() { + return "Hello world!"; + } + + @GetMapping(path = "bye") + public String bye() { + return "Bye bye world!"; + } +} diff --git a/spring-security-modules/spring-security-core/src/test/java/com/baeldung/SpringContextTest.java b/spring-security-modules/spring-security-core/src/test/java/com/baeldung/app/SpringContextTest.java similarity index 93% rename from spring-security-modules/spring-security-core/src/test/java/com/baeldung/SpringContextTest.java rename to spring-security-modules/spring-security-core/src/test/java/com/baeldung/app/SpringContextTest.java index bca6450fb1..b3c31a936a 100644 --- a/spring-security-modules/spring-security-core/src/test/java/com/baeldung/SpringContextTest.java +++ b/spring-security-modules/spring-security-core/src/test/java/com/baeldung/app/SpringContextTest.java @@ -1,4 +1,4 @@ -package com.baeldung; +package com.baeldung.app; import org.junit.Test; import org.junit.runner.RunWith; diff --git a/spring-security-modules/spring-security-core/src/test/java/com/baeldung/test/LiveTest.java b/spring-security-modules/spring-security-core/src/test/java/com/baeldung/app/test/LiveTest.java similarity index 96% rename from spring-security-modules/spring-security-core/src/test/java/com/baeldung/test/LiveTest.java rename to spring-security-modules/spring-security-core/src/test/java/com/baeldung/app/test/LiveTest.java index 6bcb2e8f0f..d099173395 100644 --- a/spring-security-modules/spring-security-core/src/test/java/com/baeldung/test/LiveTest.java +++ b/spring-security-modules/spring-security-core/src/test/java/com/baeldung/app/test/LiveTest.java @@ -1,4 +1,4 @@ -package com.baeldung.test; +package com.baeldung.app.test; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post; @@ -22,7 +22,7 @@ import org.springframework.web.context.WebApplicationContext; import com.baeldung.app.App; @RunWith(SpringJUnit4ClassRunner.class) -@SpringBootTest(classes = App.class, webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT) +@SpringBootTest(classes = App.class) @FixMethodOrder(MethodSorters.NAME_ASCENDING) public class LiveTest { diff --git a/spring-security-modules/spring-security-core/src/test/java/com/baeldung/denyonmissing/DenyOnMissingControllerIntegrationTest.java b/spring-security-modules/spring-security-core/src/test/java/com/baeldung/denyonmissing/DenyOnMissingControllerIntegrationTest.java new file mode 100644 index 0000000000..b4e4154982 --- /dev/null +++ b/spring-security-modules/spring-security-core/src/test/java/com/baeldung/denyonmissing/DenyOnMissingControllerIntegrationTest.java @@ -0,0 +1,53 @@ +package com.baeldung.denyonmissing; + +import static org.hamcrest.core.Is.isA; +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; + +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; +import org.junit.rules.ExpectedException; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.security.access.AccessDeniedException; +import org.springframework.security.test.context.support.WithMockUser; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.test.web.servlet.MockMvc; +import org.springframework.test.web.servlet.setup.MockMvcBuilders; +import org.springframework.web.context.WebApplicationContext; + +@RunWith(SpringJUnit4ClassRunner.class) +@SpringBootTest(classes = DenyApplication.class) +public class DenyOnMissingControllerIntegrationTest { + @Rule + public ExpectedException expectedException = ExpectedException.none(); + + @Autowired + private WebApplicationContext context; + private MockMvc mockMvc; + + @Before + public void setUp() { + mockMvc = MockMvcBuilders.webAppContextSetup(context) + .build(); + } + + @Test + @WithMockUser(username = "user") + public void givenANormalUser_whenCallingHello_thenAccessDenied() throws Exception { + mockMvc.perform(get("/hello")) + .andExpect(status().isOk()) + .andExpect(content().string("Hello world!")); + } + + @Test + @WithMockUser(username = "user") + public void givenANormalUser_whenCallingBye_thenAccessDenied() throws Exception { + expectedException.expectCause(isA(AccessDeniedException.class)); + + mockMvc.perform(get("/bye")); + } +} \ No newline at end of file diff --git a/spring-security-modules/spring-security-core/src/test/resources/.gitignore b/spring-security-modules/spring-security-core/src/test/resources/.gitignore deleted file mode 100644 index 83c05e60c8..0000000000 --- a/spring-security-modules/spring-security-core/src/test/resources/.gitignore +++ /dev/null @@ -1,13 +0,0 @@ -*.class - -#folders# -/target -/neoDb* -/data -/src/main/webapp/WEB-INF/classes -*/META-INF/* - -# Packaged files # -*.jar -*.war -*.ear \ No newline at end of file