iSharkFly-Docs
/
java-tutorials
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

BAEL-1489: Applying suggested changes and updating to 2.0.0.RC2

This commit is contained in:
Holger Steinhauer 2018-02-25 10:39:01 +00:00
parent 75b3301cc3
commit 73f248ffdd
3 changed files with 27 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
spring-5-security/pom.xml
View File

@ -12,7 +12,7 @@
<parent> <parent>
<groupId>org.springframework.boot</groupId> <groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId> <artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.0.M7</version> <version>2.0.0.RC2</version>
<relativePath /> <!-- lookup parent from repository --> <relativePath /> <!-- lookup parent from repository -->
</parent> </parent>

22
spring-5-security/src/main/java/com/baeldung/passwordstorage/BaeldungPasswordEncoderSetup.java
View File

@ -2,12 +2,9 @@ package com.baeldung.passwordstorage;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationListener; import org.springframework.context.ApplicationListener;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationEventPublisher;
import org.springframework.security.authentication.DefaultAuthenticationEventPublisher;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.event.AuthenticationSuccessEvent; import org.springframework.security.authentication.event.AuthenticationSuccessEvent;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
@ -18,23 +15,20 @@ public class BaeldungPasswordEncoderSetup {
private final static Logger LOG = LoggerFactory.getLogger(BaeldungPasswordEncoderSetup.class); private final static Logger LOG = LoggerFactory.getLogger(BaeldungPasswordEncoderSetup.class);
@Bean
public AuthenticationEventPublisher authenticationEventPublisher(final ApplicationEventPublisher publisher) {
return new DefaultAuthenticationEventPublisher(publisher);
}
@Bean @Bean
public ApplicationListener<AuthenticationSuccessEvent> authenticationSuccessListener(final PasswordEncoder encoder) { public ApplicationListener<AuthenticationSuccessEvent> authenticationSuccessListener(final PasswordEncoder encoder) {
return (AuthenticationSuccessEvent event) -> { return (AuthenticationSuccessEvent event) -> {
final Authentication authentication = event.getAuthentication(); final Authentication auth = event.getAuthentication();
if (authentication instanceof UsernamePasswordAuthenticationToken && authentication.getCredentials() != null) { if (auth instanceof UsernamePasswordAuthenticationToken && auth.getCredentials() != null) {
final CharSequence clearTextPassword = (CharSequence) authentication.getCredentials(); // 1
final String newPasswordHash = encoder.encode(clearTextPassword); // 2
LOG.info("New password hash {} for user {}", newPasswordHash, authentication.getName()); final CharSequence clearTextPass = (CharSequence) auth.getCredentials(); // 1
final String newPasswordHash = encoder.encode(clearTextPass); // 2
((UsernamePasswordAuthenticationToken) authentication).eraseCredentials(); // 3 LOG.info("New password hash {} for user {}", newPasswordHash, auth.getName());
((UsernamePasswordAuthenticationToken) auth).eraseCredentials(); // 3
} }
}; };
} }

37
spring-5-security/src/main/java/com/baeldung/passwordstorage/PasswordStorageWebSecurityConfigurer.java
View File

@ -1,54 +1,53 @@
package com.baeldung.passwordstorage; package com.baeldung.passwordstorage;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationEventPublisher;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.DelegatingPasswordEncoder; import org.springframework.security.crypto.password.DelegatingPasswordEncoder;
import org.springframework.security.crypto.password.MessageDigestPasswordEncoder; import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.crypto.password.StandardPasswordEncoder;
import org.springframework.security.crypto.scrypt.SCryptPasswordEncoder; import org.springframework.security.crypto.scrypt.SCryptPasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import java.util.Collections;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map; import java.util.Map;
@Configuration @Configuration
public class PasswordStorageWebSecurityConfigurer extends WebSecurityConfigurerAdapter { public class PasswordStorageWebSecurityConfigurer extends WebSecurityConfigurerAdapter {
private final AuthenticationEventPublisher eventPublisher;
private final UserDetailsService userDetailsService;
@Autowired
public PasswordStorageWebSecurityConfigurer(AuthenticationEventPublisher eventPublisher, UserDetailsService userDetailsService) {
this.eventPublisher = eventPublisher;
this.userDetailsService = userDetailsService;
}
@Override @Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception { protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.eraseCredentials(false) // 4 auth.eraseCredentials(false) // 4
.authenticationEventPublisher(eventPublisher) .userDetailsService(getUserDefaultDetailsService())
.userDetailsService(userDetailsService)
.passwordEncoder(passwordEncoder()); .passwordEncoder(passwordEncoder());
} }
@Bean
public UserDetailsService getUserDefaultDetailsService() {
User testUser = new User("baeldung", "{noop}SpringSecurity5", Collections.emptyList());
return new InMemoryUserDetailsManager(testUser);
}
@Bean @Bean
public PasswordEncoder passwordEncoder() { public PasswordEncoder passwordEncoder() {
// set up the list of supported encoders and their prefixes // set up the list of supported encoders and their prefixes
String encodingId = "bcrypt"; PasswordEncoder defaultEncoder = new StandardPasswordEncoder();
Map<String, PasswordEncoder> encoders = new HashMap<>(); Map<String, PasswordEncoder> encoders = new HashMap<>();
encoders.put(encodingId, new BCryptPasswordEncoder()); encoders.put("bcrypt", new BCryptPasswordEncoder());
encoders.put("scrypt", new SCryptPasswordEncoder()); encoders.put("scrypt", new SCryptPasswordEncoder());
encoders.put("SHA-256", new MessageDigestPasswordEncoder("SHA-256")); encoders.put("noop", NoOpPasswordEncoder.getInstance());
DelegatingPasswordEncoder delegatingPasswordEncoder = new DelegatingPasswordEncoder(encodingId, encoders); DelegatingPasswordEncoder passwordEncoder = new DelegatingPasswordEncoder("bcrypt", encoders);
delegatingPasswordEncoder.setDefaultPasswordEncoderForMatches(encoders.get(encodingId)); passwordEncoder.setDefaultPasswordEncoderForMatches(defaultEncoder);
return delegatingPasswordEncoder; return passwordEncoder;
} }
} }