Bael 1964 (#4881)

* Added initial code for BAEL-1964, in-memory authentication application

* Switched to default security encoder instead of a specific one

spring-5-security/src/main/java/com/baeldung/inmemory/InMemoryAuthApplication.java

@@ -0,0 +1,14 @@
+package com.baeldung.inmemory;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class InMemoryAuthApplication {
+
+    public static void main(String[] args) {
+        SpringApplication.run(InMemoryAuthApplication.class, args);
+    }
+
+
+}

spring-5-security/src/main/java/com/baeldung/inmemory/InMemoryAuthController.java

@@ -0,0 +1,21 @@
+package com.baeldung.inmemory;
+
+import java.util.Arrays;
+import java.util.List;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+public class InMemoryAuthController {
+
+    @GetMapping("/public/hello")
+    public List<String> publicHello() {
+        return Arrays.asList("Hello", "World", "from", "Public");
+    }
+
+    @GetMapping("/private/hello")
+    public List<String> privateHello() {
+        return Arrays.asList("Hello", "World", "from", "Private");
+    }
+
+}

spring-5-security/src/main/java/com/baeldung/inmemory/InMemoryAuthWebSecurityConfigurer.java

@@ -0,0 +1,34 @@
+package com.baeldung.inmemory;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.factory.PasswordEncoderFactories;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+@Configuration
+public class InMemoryAuthWebSecurityConfigurer extends WebSecurityConfigurerAdapter {
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();        
+        auth.inMemoryAuthentication()
+            .passwordEncoder(encoder)
+            .withUser("spring")
+            .password(encoder.encode("secret"))            
+            .roles("USER");
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.authorizeRequests()
+            .antMatchers("/private/**")
+            .authenticated()
+            .antMatchers("/public/**")
+            .permitAll()
+            .and()
+            .httpBasic();
+    }
+
+}

spring-5-security/src/test/java/com/baeldung/inmemory/InMemoryAuthControllerTest.java

@@ -0,0 +1,48 @@
+package com.baeldung.inmemory;
+
+import static org.junit.Assert.assertEquals;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.boot.test.web.client.TestRestTemplate;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.test.context.junit4.SpringRunner;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest(classes = InMemoryAuthApplication.class, webEnvironment = WebEnvironment.RANDOM_PORT)
+public class InMemoryAuthControllerTest {
+
+    @Autowired
+    private TestRestTemplate template;
+
+    @Test
+    public void givenRequestOnPublicService_shouldSucceedWith200() throws Exception {
+        ResponseEntity<String> result = template.getForEntity("/public/hello", String.class);
+        assertEquals(HttpStatus.OK, result.getStatusCode());
+    }
+
+    @Test
+    public void givenRequestOnPrivateService_shouldFailWith401() throws Exception {
+        ResponseEntity<String> result = template.getForEntity("/private/hello", String.class);
+        assertEquals(HttpStatus.UNAUTHORIZED, result.getStatusCode());
+    }
+
+    @Test
+    public void givenAuthRequestOnPrivateService_shouldSucceedWith200() throws Exception {
+        ResponseEntity<String> result = template.withBasicAuth("spring", "secret")
+            .getForEntity("/private/hello", String.class);
+        assertEquals(HttpStatus.OK, result.getStatusCode());
+    }
+    
+    @Test
+    public void givenInvalidAuthRequestOnPrivateService_shouldSucceedWith200() throws Exception {
+        ResponseEntity<String> result = template.withBasicAuth("spring", "wrong")
+            .getForEntity("/private/hello", String.class);
+        assertEquals(HttpStatus.UNAUTHORIZED, result.getStatusCode());
+    }
+
+}