iSharkFly-Docs
/
java-tutorials
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added second version to authenticate with client certificates.

This commit is contained in:
Christian Rädel 2016-08-08 01:55:42 +02:00
parent 8dc92aa09c
commit 3c76943627
11 changed files with 110 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
spring-security-x509/basic-secured-server/src/main/java/com/baeldung/spring/security/x509/UserController.java
View File

@ -1,5 +1,6 @@
package com.baeldung.spring.security.x509;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Controller;
@ -10,6 +11,7 @@ import java.security.Principal;
@Controller
public class UserController {
@PreAuthorize("hasAuthority('ROLE_USER')")
@RequestMapping(value = "/user")
public String user(Model model, Principal principal) {
UserDetails currentUser = (UserDetails) ((Authentication) principal).getPrincipal();

39
spring-security-x509/basic-secured-server/src/main/java/com/baeldung/spring/security/x509/X509AuthenticationServer.java
View File

@ -1,11 +1,48 @@
package com.baeldung.spring.security.x509;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Bean;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
@SpringBootApplication
public class X509AuthenticationServer {
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class X509AuthenticationServer extends WebSecurityConfigurerAdapter {
public static void main(String[] args) {
SpringApplication.run(X509AuthenticationServer.class, args);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().authenticated()
.and()
.x509().subjectPrincipalRegex("CN=(.*?)(?:,|$)").userDetailsService(userDetailsService());
}
@Bean
public UserDetailsService userDetailsService() {
return new UserDetailsService() {
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
if (username.equals("cid")) {
return new User(username, "", AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_USER"));
}
throw new UsernameNotFoundException("User not found!");
}
};
}
}

3
spring-security-x509/basic-secured-server/src/main/resources/application.properties
View File

@ -6,3 +6,6 @@ server.ssl.enabled=true
server.port=8443
security.user.name=Admin
security.user.password=admin
server.ssl.trust-store=../keystore/truststore.jks
server.ssl.trust-store-password=${PASSWORD}
server.ssl.client-auth=need

6
spring-security-x509/server/pom.xml → spring-security-x509/client-auth-server/pom.xml
View File

@ -4,12 +4,12 @@
<modelVersion>4.0.0</modelVersion>
<groupId>com.baeldung.spring.security</groupId>
<artifactId>server</artifactId>
<artifactId>client-auth-server</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>server</name>
<description>Spring x.509 Authentication Demo</description>
<name>client-auth-server</name>
<description>Spring x.509 Client Authentication Demo</description>
<parent>
<groupId>org.springframework.boot</groupId>

5
spring-security-x509/server/src/main/java/com/baeldung/spring/security/x509/UserController.java → spring-security-x509/client-auth-server/src/main/java/com/baeldung/spring/security/x509/UserController.java
View File

@ -1,5 +1,6 @@
package com.baeldung.spring.security.x509;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Controller;
@ -9,8 +10,8 @@ import org.springframework.web.bind.annotation.RequestMapping;
import java.security.Principal;
@Controller
public class UserResource {
public class UserController {
@PreAuthorize("hasAuthority('ROLE_USER')")
@RequestMapping(value = "/user")
public String user(Model model, Principal principal) {
UserDetails currentUser = (UserDetails) ((Authentication) principal).getPrincipal();

47
spring-security-x509/client-auth-server/src/main/java/com/baeldung/spring/security/x509/X509AuthenticationServer.java Normal file
View File

@ -0,0 +1,47 @@
package com.baeldung.spring.security.x509;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Bean;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
@SpringBootApplication
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class X509AuthenticationServer extends WebSecurityConfigurerAdapter {
public static void main(String[] args) {
SpringApplication.run(X509AuthenticationServer.class, args);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().authenticated()
.and()
.x509().subjectPrincipalRegex("CN=(.*?)(?:,|$)").userDetailsService(userDetailsService());
}
@Bean
public UserDetailsService userDetailsService() {
return new UserDetailsService() {
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
if (username.equals("cid")) {
return new User(username, "", AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_USER"));
}
throw new UsernameNotFoundException("User not found!");
}
};
}
}

5
spring-security-x509/server/src/main/resources/application.properties → spring-security-x509/client-auth-server/src/main/resources/application.properties
View File

@ -1,8 +1,11 @@
server.ssl.key-store=../keystore/keystore.jks
server.ssl.key-store-password=${PASSWORD}
server.ssl.key-alias=localhost
server.ssl.key-alias=${HOSTNAME}
server.ssl.key-password=${PASSWORD}
server.ssl.enabled=true
server.port=8443
security.user.name=Admin
security.user.password=admin
server.ssl.trust-store=../keystore/truststore.jks
server.ssl.trust-store-password=${PASSWORD}
server.ssl.client-auth=need

4
spring-security-x509/server/src/main/resources/templates/user.html → spring-security-x509/client-auth-server/src/main/resources/templates/user.html
View File

@ -1,9 +1,9 @@
<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<head>
<title>X.509 Authentication Demo</title>
<title>X.509 Authentication Demo</title>
</head>
<body>
<h2>Hello <span th:text="${username}"/>!</h2>
<h2>Hello <span th:text="${username}"/>!</h2>
</body>
</html>

2
spring-security-x509/server/src/test/java/com/baeldung/spring/security/x509/X509AuthenticationServerTests.java → spring-security-x509/client-auth-server/src/test/java/com/baeldung/spring/security/x509/X509AuthenticationServerTests.java
View File

@ -8,9 +8,7 @@ import org.springframework.test.context.junit4.SpringRunner;
@RunWith(SpringRunner.class)
@SpringBootTest
public class X509AuthenticationServerTests {
@Test
public void contextLoads() {
}
}

6
spring-security-x509/keystore/Makefile
View File

@ -2,6 +2,7 @@ PASSWORD=changeit
KEYSTORE=keystore.jks
HOSTNAME=localhost
CLIENTNAME=cid
# CN = Common Name
# OU = Organization Unit
# O = Organization Name
@ -76,6 +77,11 @@ add-client:
keytool -import -trustcacerts -alias $(CLIENTNAME) \
-file "$(CLIENTNAME).crt" \
-keystore $(TRUSTSTORE) -storepass $(PASSWORD)
# Export private certificate for importing into a browser
keytool -importkeystore -srcalias $(CLIENTNAME) \
-srckeystore $(TRUSTSTORE) -srcstorepass $(PASSWORD) \
-destkeystore "$(CLIENTNAME).p12" -deststorepass $(PASSWORD) \
-deststoretype PKCS12
clean:
# Remove generated artifacts

12
spring-security-x509/server/src/main/java/com/baeldung/spring/security/x509/X509AuthenticationServer.java
View File

@ -1,12 +0,0 @@
package com.baeldung.spring.security.x509;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class X509AuthenticationServer {
public static void main(String[] args) {
SpringApplication.run(X509AuthenticationServer.class, args);
}
}