BAEL-9148 Fix Java EE Annotations Project

- Added new jee-7-security module that contains only security related code previously part of jee-7 module
- Added new jee-7-security in parent pom.xml

jee-7-security/README.md

@@ -0,0 +1,2 @@
+### Relevant Articles:
+- [Securing Java EE with Spring Security](http://www.baeldung.com/java-ee-spring-security)

jee-7-security/pom.xml

@@ -0,0 +1,102 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <artifactId>jee-7-security</artifactId>
+    <version>1.0-SNAPSHOT</version>
+    <packaging>war</packaging>
+    <name>jee-7-security</name>
+    <description>JavaEE 7 Spring Security Application</description>
+
+    <parent>
+        <groupId>com.baeldung</groupId>
+        <artifactId>parent-modules</artifactId>
+        <version>1.0.0-SNAPSHOT</version>
+    </parent>
+
+    <dependencies>
+        <dependency>
+            <groupId>javax</groupId>
+            <artifactId>javaee-api</artifactId>
+            <version>${javaee_api.version}</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.sun.faces</groupId>
+            <artifactId>jsf-api</artifactId>
+            <version>${com.sun.faces.jsf.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>com.sun.faces</groupId>
+            <artifactId>jsf-impl</artifactId>
+            <version>${com.sun.faces.jsf.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>jstl</artifactId>
+            <version>${jstl.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>javax.servlet-api</artifactId>
+            <version>${javax.servlet-api.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>javax.servlet.jsp</groupId>
+            <artifactId>jsp-api</artifactId>
+            <version>${jsp-api.version}</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>taglibs</groupId>
+            <artifactId>standard</artifactId>
+            <version>${taglibs.standard.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>javax.mvc</groupId>
+            <artifactId>javax.mvc-api</artifactId>
+            <version>1.0-pr</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-web</artifactId>
+            <version>${org.springframework.security.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-config</artifactId>
+            <version>${org.springframework.security.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-taglibs</artifactId>
+            <version>${org.springframework.security.version}</version>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-war-plugin</artifactId>
+                <version>${maven-war-plugin.version}</version>
+                <configuration>
+                    <warSourceDirectory>src/main/webapp</warSourceDirectory>
+                    <failOnMissingWebXml>false</failOnMissingWebXml>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+
+    <properties>
+        <javaee_api.version>7.0</javaee_api.version>
+        <com.sun.faces.jsf.version>2.2.14</com.sun.faces.jsf.version>
+        <jsp-api.version>2.2</jsp-api.version>
+        <taglibs.standard.version>1.1.2</taglibs.standard.version>
+        <org.springframework.security.version>4.2.3.RELEASE</org.springframework.security.version>
+    </properties>
+
+</project>

jee-7-security/src/main/java/com/baeldung/springsecurity/SecurityWebApplicationInitializer.java

@@ -0,0 +1,10 @@
+package com.baeldung.springsecurity;
+
+import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
+
+public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {
+
+    public SecurityWebApplicationInitializer() {
+        super(SpringSecurityConfig.class);
+    }
+}

jee-7-security/src/main/java/com/baeldung/springsecurity/SpringSecurityConfig.java

@@ -0,0 +1,46 @@
+package com.baeldung.springsecurity;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+@Configuration
+@EnableWebSecurity
+public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth
+          .inMemoryAuthentication()
+          .withUser("user1")
+          .password("user1Pass")
+          .roles("USER")
+          .and()
+          .withUser("admin")
+          .password("adminPass")
+          .roles("ADMIN");
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http
+          .csrf()
+          .disable()
+          .authorizeRequests()
+          .antMatchers("/auth/login*")
+          .anonymous()
+          .antMatchers("/home/admin*")
+          .hasRole("ADMIN")
+          .anyRequest()
+          .authenticated()
+          .and()
+          .formLogin()
+          .loginPage("/auth/login")
+          .defaultSuccessUrl("/home", true)
+          .failureUrl("/auth/login?error=true")
+          .and()
+          .logout()
+          .logoutSuccessUrl("/auth/login");
+    }
+}

jee-7-security/src/main/java/com/baeldung/springsecurity/controller/HomeController.java

@@ -0,0 +1,28 @@
+package com.baeldung.springsecurity.controller;
+
+import javax.mvc.annotation.Controller;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+
+@Path("/home")
+@Controller
+public class HomeController {
+
+    @GET
+    public String home() {
+        return "home.jsp";
+    }
+
+    @GET
+    @Path("/user")
+    public String admin() {
+        return "user.jsp";
+    }
+
+    @GET
+    @Path("/admin")
+    public String user() {
+        return "admin.jsp";
+    }
+
+}

jee-7-security/src/main/java/com/baeldung/springsecurity/controller/LoginController.java

@@ -0,0 +1,16 @@
+package com.baeldung.springsecurity.controller;
+
+import javax.mvc.annotation.Controller;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+
+@Path("/login")
+@Controller
+public class LoginController {
+
+    @GET
+    public String login() {
+    	System.out.println("Login");
+        return "login.jsp";
+    }
+}

jee-7-security/src/main/resources/logback.xml

@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+        <encoder>
+            <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n
+            </pattern>
+        </encoder>
+    </appender>
+
+    <root level="DEBUG">
+        <appender-ref ref="STDOUT" />
+    </root>
+</configuration>

jee-7-security/src/main/webapp/WEB-INF/faces-config.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<faces-config
+    xmlns="http://java.sun.com/xml/ns/javaee"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+    http://java.sun.com/xml/ns/javaee/web-facesconfig_2_0.xsd"
+    version="2.0">
+</faces-config>

jee-7-security/src/main/webapp/WEB-INF/spring/security.xml

@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<b:beans xmlns="http://www.springframework.org/schema/security"
+         xmlns:b="http://www.springframework.org/schema/beans"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+		 http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
+
+    <authentication-manager>
+        <authentication-provider>
+            <user-service>
+                <user name="user" password="user123" authorities="ROLE_USER" />
+            </user-service>
+        </authentication-provider>
+    </authentication-manager>
+
+    <http auto-config='true' use-expressions="true">
+        <form-login default-target-url="/secure.jsp" />
+        <intercept-url pattern="/" access="isAnonymous()" />
+        <intercept-url pattern="/index.jsp" access="isAnonymous()" />
+        <intercept-url pattern="/secure.jsp" access="hasRole('ROLE_USER')" />
+    </http>
+
+</b:beans>

jee-7-security/src/main/webapp/WEB-INF/views/admin.jsp

@@ -0,0 +1,12 @@
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
+<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>
+<html>
+<head></head>
+
+<body>
+    <h1>Welcome to the ADMIN page</h1>
+
+    <a href="<c:url value="/logout" />">Logout</a>
+
+</body>
+</html>

jee-7-security/src/main/webapp/WEB-INF/views/home.jsp

@@ -0,0 +1,26 @@
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
+<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>
+<html>
+<head></head>
+
+<body>
+    <h1>This is the body of the sample view</h1>
+
+    <security:authorize access="hasRole('USER')">
+        This text is only visible to a user
+        <br/> <br/>
+        <a href="<c:url value="/home/user" />">Restricted Admin Page</a>
+        <br/> <br/>
+    </security:authorize>
+	
+    <security:authorize access="hasRole('ADMIN')">
+        This text is only visible to an admin
+        <br/>
+        <a href="<c:url value="/home/admin" />">Admin Page</a>
+        <br/>
+    </security:authorize>
+
+    <a href="<c:url value="/logout" />">Logout</a>
+
+</body>
+</html>

jee-7-security/src/main/webapp/WEB-INF/views/login.jsp

@@ -0,0 +1,26 @@
+<html>
+<head></head>
+
+<body>
+<h1>Login</h1>
+
+<form name='f' action="/auth/login" method='POST'>
+
+    <table>
+        <tr>
+            <td>User:</td>
+            <td><input type='text' name='username' value=''></td>
+        </tr>
+        <tr>
+            <td>Password:</td>
+            <td><input type='password' name='password'/></td>
+        </tr>
+        <tr>
+            <td><input name="submit" type="submit" value="submit"/></td>
+        </tr>
+    </table>
+
+</form>
+
+</body>
+</html>

jee-7-security/src/main/webapp/WEB-INF/views/user.jsp

@@ -0,0 +1,12 @@
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
+<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>
+<html>
+<head></head>
+
+<body>
+    <h1>Welcome to the Restricted Admin page</h1>
+
+    <a href="<c:url value="/logout" />">Logout</a>
+
+</body>
+</html>

jee-7-security/src/main/webapp/WEB-INF/web.xml

@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
+		xmlns="http://java.sun.com/xml/ns/javaee" 
+		xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" 
+		version="3.0">
+  <!-- The bare minimum needed for JSF 2.2 is a servlet 2.5 or later
+       declaration (this uses 3.0) and the mapping for the FacesServlet.
+       Setting PROJECT_STAGE to Development is highly recommended
+       during initial development so that you get more helpful
+       error messages. Whether you want server-side state saving
+       (default) or client-side is a more complicated question:
+       client-side uses more bandwidth but fewer server resources.
+       Client-side also helps to avoid the dreaded view expired exceptions.
+      
+       From JSF 2 and PrimeFaces tutorial 
+       at http://www.coreservlets.com/JSF-Tutorial/jsf2/
+  -->
+  <servlet>
+    <servlet-name>Faces Servlet</servlet-name>
+    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
+  </servlet>
+  <servlet-mapping>
+    <servlet-name>Faces Servlet</servlet-name>
+    <url-pattern>*.jsf</url-pattern>
+  </servlet-mapping>
+  <context-param>
+    <param-name>javax.faces.PROJECT_STAGE</param-name>
+    <param-value>Development</param-value>
+  </context-param>
+  <context-param>
+    <description>State saving method: 'client' or 'server' (default). See JSF Specification section 2.5.2</description>
+    <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
+    <param-value>client</param-value>
+  </context-param>
+  <!-- If you go to http://host/project/ (with no file name), it will
+       try index.jsf first, welcome.jsf next, and so forth.
+   -->
+
+
+  <!-- UNCOMMENT THE FOLLOWING SECTION FOR SPRING SECURITY XML CONFIGURATION-->
+
+  <!--<context-param>-->
+    <!--<param-name>contextConfigLocation</param-name>-->
+    <!--<param-value>-->
+      <!--/WEB-INF/spring/*.xml-->
+    <!--</param-value>-->
+  <!--</context-param>-->
+
+  <!--<filter>-->
+    <!--<filter-name>springSecurityFilterChain</filter-name>-->
+    <!--<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>-->
+  <!--</filter>-->
+
+  <!--<filter-mapping>-->
+    <!--<filter-name>springSecurityFilterChain</filter-name>-->
+    <!--<url-pattern>/*</url-pattern>-->
+  <!--</filter-mapping>-->
+
+  <!--<listener>-->
+    <!--<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>-->
+  <!--</listener>-->
+
+  <!-- END SPRING SECURITY XML CONFIGURATION-->
+
+  <welcome-file-list>
+    <welcome-file>index.jsf</welcome-file>
+    <welcome-file>welcome.jsf</welcome-file>
+    <welcome-file>index.html</welcome-file>
+    <welcome-file>index.jsp</welcome-file>
+  </welcome-file-list>
+</web-app>

jee-7-security/src/main/webapp/index.jsp

@@ -0,0 +1,11 @@
+<%@ page contentType="text/html;charset=UTF-8" language="java" %>
+<html>
+  <head>
+    <title>Index Page</title>
+  </head>
+  <body>
+  Non-secured Index Page
+  <br>
+  <a href="/login">Login</a>
+  </body>
+</html>

jee-7-security/src/main/webapp/secure.jsp

@@ -0,0 +1,24 @@
+<%@ page language="java" contentType="text/html; charset=UTF-8"
+         pageEncoding="UTF-8"%>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+<%@ taglib uri="http://www.springframework.org/security/tags" prefix="sec" %>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+    <title>Home Page</title>
+</head>
+<body>
+<h3>Home Page</h3>
+
+<p>
+    Hello <b><c:out value="${pageContext.request.remoteUser}"/></b><br>
+    Roles: <b><sec:authentication property="principal.authorities" /></b>
+</p>
+
+<form action="logout" method="post">
+    <input type="submit" value="Logout" />
+    <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
+</form>
+</body>
+</html>

pom.xml

@@ -399,6 +399,7 @@
 				<module>javafx</module>
 				<module>jgroups</module>
 				<module>jee-7</module>
+				<module>jee-7-security</module>
 				<module>jhipster</module>
 				<module>jjwt</module>
 				<module>jsf</module>
@@ -1303,6 +1304,7 @@
 				<module>javafx</module>
 				<module>jgroups</module>
 				<module>jee-7</module>
+				<module>jee-7-security</module>
 				<module>jjwt</module>
 				<module>jsf</module>
 				<module>json-path</module>