BAEL - 2226

Review comments incorporated
This commit is contained in:
TINO 2019-02-12 23:50:53 +03:00
parent 1c5e742d31
commit 77775c6794
4 changed files with 13 additions and 63 deletions

View File

@ -1,33 +1,19 @@
package com.baeldung.springbootsecuritycors.basicauth.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user")
.password("{noop}password")
.roles("USER");
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.httpBasic();
http.cors(); //disable this line to reproduce the CORS 401
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.cors().and() //disable this line to reproduce the CORS 401
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.httpBasic();
}
}

View File

@ -1,17 +1,17 @@
package com.baeldung.springbootsecuritycors.controller;
import javax.servlet.http.HttpServletRequest;
import java.security.Principal;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
@CrossOrigin
@CrossOrigin("http://localhost:4200")
public class ResourceController {
@RequestMapping("/user")
public String user(HttpServletRequest request) {
return request.getUserPrincipal().getName();
@GetMapping("/user")
public String user(Principal principal) {
return principal.getName();
}
}

View File

@ -1,3 +0,0 @@
server.port=8080

View File

@ -1,33 +0,0 @@
package com.baeldung.springbootsecurityrest;
import static org.junit.Assert.assertEquals;
import static org.springframework.boot.test.context.SpringBootTest.WebEnvironment.RANDOM_PORT;
import java.io.IOException;
import java.net.URISyntaxException;
import java.net.URL;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.web.client.TestRestTemplate;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.test.context.junit4.SpringRunner;
import org.springframework.web.client.RestClientException;
import com.baeldung.springbootsecuritycors.basicauth.SpringBootSecurityApplication;
@RunWith(SpringRunner.class)
@SpringBootTest(webEnvironment = RANDOM_PORT, classes = SpringBootSecurityApplication.class)
public class BasicAuthConfigurationIntegrationTest {
@Test
public void givenCredentials_whenRequested_thenLogin() throws IllegalStateException, IOException, RestClientException, URISyntaxException {
TestRestTemplate restTemplate = new TestRestTemplate();
URL base = new URL("http://192.168.1.101:8082/user");
ResponseEntity<String> response = restTemplate.withBasicAuth("user", "password").postForEntity(base.toURI(), null, String.class);
assertEquals(HttpStatus.OK, response.getStatusCode());
}
}