From 7b256aa060c7fb0be7ecd4458b20793d946316ef Mon Sep 17 00:00:00 2001
From: Doha2012 <dohae243@gmail.com>
Date: Tue, 11 Sep 2018 21:41:30 +0200
Subject: [PATCH] whitelist ip range (#5221)

---
 .../java/org/baeldung/ip/IpApplication.java   | 12 +++++
 .../CustomIpAuthenticationProvider.java       | 53 +++++++++++++++++++
 .../baeldung/ip/config/SecurityConfig.java    | 36 +++++++++++++
 .../baeldung/ip/config/SecurityXmlConfig.java |  9 ++++
 .../org/baeldung/ip/web/MainController.java   | 21 ++++++++
 .../src/main/resources/spring-security-ip.xml | 21 ++++++++
 .../java/org/baeldung/web/IpLiveTest.java     | 27 ++++++++++
 7 files changed, 179 insertions(+)
 create mode 100644 spring-security-mvc-boot/src/main/java/org/baeldung/ip/IpApplication.java
 create mode 100644 spring-security-mvc-boot/src/main/java/org/baeldung/ip/config/CustomIpAuthenticationProvider.java
 create mode 100644 spring-security-mvc-boot/src/main/java/org/baeldung/ip/config/SecurityConfig.java
 create mode 100644 spring-security-mvc-boot/src/main/java/org/baeldung/ip/config/SecurityXmlConfig.java
 create mode 100644 spring-security-mvc-boot/src/main/java/org/baeldung/ip/web/MainController.java
 create mode 100644 spring-security-mvc-boot/src/main/resources/spring-security-ip.xml
 create mode 100644 spring-security-mvc-boot/src/test/java/org/baeldung/web/IpLiveTest.java

diff --git a/spring-security-mvc-boot/src/main/java/org/baeldung/ip/IpApplication.java b/spring-security-mvc-boot/src/main/java/org/baeldung/ip/IpApplication.java
new file mode 100644
index 0000000000..fd270686a2
--- /dev/null
+++ b/spring-security-mvc-boot/src/main/java/org/baeldung/ip/IpApplication.java
@@ -0,0 +1,12 @@
+package org.baeldung.ip;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
+
+@SpringBootApplication
+public class IpApplication extends SpringBootServletInitializer {
+    public static void main(String[] args) {
+        SpringApplication.run(IpApplication.class, args);
+    }
+}
diff --git a/spring-security-mvc-boot/src/main/java/org/baeldung/ip/config/CustomIpAuthenticationProvider.java b/spring-security-mvc-boot/src/main/java/org/baeldung/ip/config/CustomIpAuthenticationProvider.java
new file mode 100644
index 0000000000..078dd81259
--- /dev/null
+++ b/spring-security-mvc-boot/src/main/java/org/baeldung/ip/config/CustomIpAuthenticationProvider.java
@@ -0,0 +1,53 @@
+package org.baeldung.ip.config;
+
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.web.authentication.WebAuthenticationDetails;
+import org.springframework.stereotype.Component;
+
+@Component
+public class CustomIpAuthenticationProvider implements AuthenticationProvider {
+    
+   Set<String> whitelist = new HashSet<String>();
+
+    public CustomIpAuthenticationProvider() {
+        super();
+        whitelist.add("11.11.11.11");
+        whitelist.add("127.0.0.1");
+    }
+
+    @Override
+    public Authentication authenticate(Authentication auth) throws AuthenticationException {
+        WebAuthenticationDetails details = (WebAuthenticationDetails) auth.getDetails();
+        String userIp = details.getRemoteAddress();
+        if(! whitelist.contains(userIp)){
+            throw new BadCredentialsException("Invalid IP Address");
+        }
+        final String name = auth.getName();
+        final String password = auth.getCredentials().toString();
+        
+        if (name.equals("john") && password.equals("123")) {
+        List<GrantedAuthority> authorities =new ArrayList<GrantedAuthority>();
+        authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
+        return new UsernamePasswordAuthenticationToken(name, password, authorities);
+        }
+        else{
+            throw new BadCredentialsException("Invalid username or password");
+        }
+    }
+
+    @Override
+    public boolean supports(Class<?> authentication) {
+        return authentication.equals(UsernamePasswordAuthenticationToken.class);
+    }
+}
diff --git a/spring-security-mvc-boot/src/main/java/org/baeldung/ip/config/SecurityConfig.java b/spring-security-mvc-boot/src/main/java/org/baeldung/ip/config/SecurityConfig.java
new file mode 100644
index 0000000000..b4ed8277d6
--- /dev/null
+++ b/spring-security-mvc-boot/src/main/java/org/baeldung/ip/config/SecurityConfig.java
@@ -0,0 +1,36 @@
+package org.baeldung.ip.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Autowired
+    private CustomIpAuthenticationProvider authenticationProvider;
+
+    @Override
+    protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
+       auth.inMemoryAuthentication().withUser("john").password("{noop}123").authorities("ROLE_USER");
+     //   auth.authenticationProvider(authenticationProvider);
+    }
+
+    @Override
+    protected void configure(final HttpSecurity http) throws Exception {
+        // @formatter:off
+        http.authorizeRequests()
+            .antMatchers("/login").permitAll()
+//            .antMatchers("/foos/**").hasIpAddress("11.11.11.11")
+            .antMatchers("/foos/**").access("isAuthenticated() and hasIpAddress('11.11.11.11')")
+            .anyRequest().authenticated()
+            .and().formLogin().permitAll()
+            .and().csrf().disable();
+        // @formatter:on
+    }
+
+}
\ No newline at end of file
diff --git a/spring-security-mvc-boot/src/main/java/org/baeldung/ip/config/SecurityXmlConfig.java b/spring-security-mvc-boot/src/main/java/org/baeldung/ip/config/SecurityXmlConfig.java
new file mode 100644
index 0000000000..1d22ca4c67
--- /dev/null
+++ b/spring-security-mvc-boot/src/main/java/org/baeldung/ip/config/SecurityXmlConfig.java
@@ -0,0 +1,9 @@
+package org.baeldung.ip.config;
+
+
+//@Configuration
+//@EnableWebSecurity
+//@ImportResource({ "classpath:spring-security-ip.xml" })
+public class SecurityXmlConfig {
+   
+}
\ No newline at end of file
diff --git a/spring-security-mvc-boot/src/main/java/org/baeldung/ip/web/MainController.java b/spring-security-mvc-boot/src/main/java/org/baeldung/ip/web/MainController.java
new file mode 100644
index 0000000000..da5db5e825
--- /dev/null
+++ b/spring-security-mvc-boot/src/main/java/org/baeldung/ip/web/MainController.java
@@ -0,0 +1,21 @@
+package org.baeldung.ip.web;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.baeldung.custom.persistence.model.Foo;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+@Controller
+public class MainController {
+
+    @RequestMapping(method = RequestMethod.GET, value = "/foos/{id}")
+    @ResponseBody
+    public Foo findById(@PathVariable final long id, HttpServletRequest request) {
+        return new Foo("Sample");
+    }
+
+}
diff --git a/spring-security-mvc-boot/src/main/resources/spring-security-ip.xml b/spring-security-mvc-boot/src/main/resources/spring-security-ip.xml
new file mode 100644
index 0000000000..31796ad134
--- /dev/null
+++ b/spring-security-mvc-boot/src/main/resources/spring-security-ip.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
+  xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
+    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
+
+    <security:authentication-manager>
+        <security:authentication-provider>
+            <security:user-service>
+                <security:user name="john" password="{noop}123" authorities="ROLE_USER" />
+            </security:user-service>
+        </security:authentication-provider>
+    </security:authentication-manager>
+
+    <security:http>
+        <security:form-login/>
+        <security:intercept-url pattern="/login" access="permitAll()" />
+        <security:intercept-url pattern="/foos/**" access="hasIpAddress('11.11.11.11')" />
+        <security:intercept-url pattern="/**" access="isAuthenticated()" />
+    </security:http>
+</beans>
diff --git a/spring-security-mvc-boot/src/test/java/org/baeldung/web/IpLiveTest.java b/spring-security-mvc-boot/src/test/java/org/baeldung/web/IpLiveTest.java
new file mode 100644
index 0000000000..e12e2f87b0
--- /dev/null
+++ b/spring-security-mvc-boot/src/test/java/org/baeldung/web/IpLiveTest.java
@@ -0,0 +1,27 @@
+package org.baeldung.web;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+import io.restassured.RestAssured;
+import io.restassured.response.Response;
+
+import org.junit.Test;
+
+
+public class IpLiveTest {
+
+    @Test
+    public void givenUser_whenGetHomePage_thenOK() {
+        final Response response = RestAssured.given().auth().form("john", "123").get("http://localhost:8082/");
+        assertEquals(200, response.getStatusCode());
+        assertTrue(response.asString().contains("Welcome"));
+    }
+    
+    @Test
+    public void givenUserWithWrongIP_whenGetFooById_thenForbidden() {
+        final Response response = RestAssured.given().auth().form("john", "123").get("http://localhost:8082/foos/1");
+        assertEquals(403, response.getStatusCode());
+        assertTrue(response.asString().contains("Forbidden"));
+    }
+   
+}
\ No newline at end of file