commit
82c4b59059
|
@ -0,0 +1,13 @@
|
||||||
|
package com.baeldung.permitallanonymous;
|
||||||
|
|
||||||
|
import org.springframework.boot.SpringApplication;
|
||||||
|
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||||
|
import org.springframework.context.annotation.ComponentScan;
|
||||||
|
|
||||||
|
@SpringBootApplication
|
||||||
|
@ComponentScan("com.baeldung.permitallanonymous.*")
|
||||||
|
public class SecuredEcommerceApplication {
|
||||||
|
public static void main(String[] args) {
|
||||||
|
SpringApplication.run(SecuredEcommerceApplication.class, args);
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,29 @@
|
||||||
|
package com.baeldung.permitallanonymous.controller;
|
||||||
|
|
||||||
|
import org.springframework.web.bind.annotation.GetMapping;
|
||||||
|
import org.springframework.web.bind.annotation.ResponseBody;
|
||||||
|
import org.springframework.web.bind.annotation.RestController;
|
||||||
|
|
||||||
|
@RestController
|
||||||
|
public class EcommerceController {
|
||||||
|
|
||||||
|
//can be accessed by only logged-in users
|
||||||
|
@GetMapping("/private/showCart")
|
||||||
|
public @ResponseBody String showCart() {
|
||||||
|
return "Show Cart";
|
||||||
|
}
|
||||||
|
|
||||||
|
//can we accessed by both anonymous and authenticated users
|
||||||
|
@GetMapping("/public/showProducts")
|
||||||
|
public @ResponseBody String listProducts() {
|
||||||
|
return "List Products";
|
||||||
|
}
|
||||||
|
|
||||||
|
//can be access by only anonymous users not by authenticated users
|
||||||
|
@GetMapping("/public/registerUser")
|
||||||
|
public @ResponseBody String registerUser() {
|
||||||
|
return "Register User";
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,33 @@
|
||||||
|
package com.baeldung.permitallanonymous.filter;
|
||||||
|
|
||||||
|
import org.slf4j.Logger;
|
||||||
|
import org.slf4j.LoggerFactory;
|
||||||
|
import org.springframework.security.authentication.AnonymousAuthenticationToken;
|
||||||
|
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||||
|
import org.springframework.security.core.Authentication;
|
||||||
|
import org.springframework.security.core.context.SecurityContextHolder;
|
||||||
|
import org.springframework.web.filter.OncePerRequestFilter;
|
||||||
|
|
||||||
|
import javax.servlet.FilterChain;
|
||||||
|
import javax.servlet.ServletException;
|
||||||
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
import java.io.IOException;
|
||||||
|
|
||||||
|
public class AuditInterceptor extends OncePerRequestFilter {
|
||||||
|
private final Logger logger = LoggerFactory.getLogger(AuditInterceptor.class);
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
|
||||||
|
throws ServletException, IOException {
|
||||||
|
|
||||||
|
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
|
||||||
|
if (authentication instanceof AnonymousAuthenticationToken) {
|
||||||
|
logger.info("Audit anonymous user");
|
||||||
|
}
|
||||||
|
if (authentication instanceof UsernamePasswordAuthenticationToken) {
|
||||||
|
logger.info("Audit registered user");
|
||||||
|
}
|
||||||
|
filterChain.doFilter(request, response);
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,46 @@
|
||||||
|
package com.baeldung.permitallanonymous.security;
|
||||||
|
|
||||||
|
import com.baeldung.permitallanonymous.filter.AuditInterceptor;
|
||||||
|
import org.springframework.context.annotation.Bean;
|
||||||
|
import org.springframework.context.annotation.Configuration;
|
||||||
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
|
import org.springframework.security.core.userdetails.User;
|
||||||
|
import org.springframework.security.core.userdetails.UserDetails;
|
||||||
|
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||||
|
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||||
|
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||||
|
import org.springframework.security.web.SecurityFilterChain;
|
||||||
|
import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
|
||||||
|
|
||||||
|
@Configuration
|
||||||
|
@EnableWebSecurity
|
||||||
|
public class EcommerceWebSecurityConfig {
|
||||||
|
@Bean
|
||||||
|
public InMemoryUserDetailsManager userDetailsService(PasswordEncoder passwordEncoder) {
|
||||||
|
UserDetails user = User.withUsername("spring")
|
||||||
|
.password(passwordEncoder.encode("secret"))
|
||||||
|
.roles("USER")
|
||||||
|
.build();
|
||||||
|
|
||||||
|
return new InMemoryUserDetailsManager(user);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||||
|
http.addFilterAfter(new AuditInterceptor(), AnonymousAuthenticationFilter.class)
|
||||||
|
.authorizeRequests()
|
||||||
|
.antMatchers("/private/**").authenticated().and().httpBasic()
|
||||||
|
.and().authorizeRequests()
|
||||||
|
.antMatchers("/public/showProducts").permitAll()
|
||||||
|
.antMatchers("/public/registerUser").anonymous();
|
||||||
|
|
||||||
|
return http.build();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
public BCryptPasswordEncoder passwordEncoder() {
|
||||||
|
return new BCryptPasswordEncoder();
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,70 @@
|
||||||
|
package com.baeldung.permitallanonymous;
|
||||||
|
|
||||||
|
import org.junit.Test;
|
||||||
|
import org.junit.runner.RunWith;
|
||||||
|
import org.slf4j.Logger;
|
||||||
|
import org.slf4j.LoggerFactory;
|
||||||
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
|
import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
|
||||||
|
import org.springframework.boot.test.context.SpringBootTest;
|
||||||
|
import org.springframework.security.test.context.support.WithAnonymousUser;
|
||||||
|
import org.springframework.security.test.context.support.WithMockUser;
|
||||||
|
import org.springframework.test.context.junit4.SpringRunner;
|
||||||
|
import org.springframework.test.web.servlet.MockMvc;
|
||||||
|
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
||||||
|
import org.springframework.test.web.servlet.result.MockMvcResultMatchers;
|
||||||
|
|
||||||
|
@RunWith(SpringRunner.class)
|
||||||
|
@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT, classes = SecuredEcommerceApplication.class)
|
||||||
|
@AutoConfigureMockMvc
|
||||||
|
public class SecureEcommerceApplicationUnitTest {
|
||||||
|
@Autowired
|
||||||
|
private MockMvc mockMvc;
|
||||||
|
private static final Logger logger = LoggerFactory.getLogger(SecureEcommerceApplicationUnitTest.class);
|
||||||
|
|
||||||
|
@WithAnonymousUser
|
||||||
|
@Test
|
||||||
|
public void givenAnonymousUser_whenAccessToUserRegisterPage_thenAllowAccess() throws Exception {
|
||||||
|
mockMvc.perform(MockMvcRequestBuilders.get("/public/registerUser"))
|
||||||
|
.andExpect(MockMvcResultMatchers.status().isOk())
|
||||||
|
.andExpect(MockMvcResultMatchers.content().string("Register User"));
|
||||||
|
}
|
||||||
|
|
||||||
|
@WithMockUser(username = "spring", password = "secret")
|
||||||
|
@Test
|
||||||
|
public void givenAuthenticatedUser_whenAccessToUserRegisterPage_thenDenyAccess() throws Exception {
|
||||||
|
mockMvc.perform(MockMvcRequestBuilders.get("/public/registerUser"))
|
||||||
|
.andExpect(MockMvcResultMatchers.status().isForbidden());
|
||||||
|
}
|
||||||
|
|
||||||
|
@WithMockUser(username = "spring", password = "secret")
|
||||||
|
@Test
|
||||||
|
public void givenAuthenticatedUser_whenAccessToProductLinePage_thenAllowAccess() throws Exception {
|
||||||
|
mockMvc.perform(MockMvcRequestBuilders.get("/public/showProducts"))
|
||||||
|
.andExpect(MockMvcResultMatchers.status().isOk())
|
||||||
|
.andExpect(MockMvcResultMatchers.content().string("List Products"));
|
||||||
|
}
|
||||||
|
|
||||||
|
@WithAnonymousUser
|
||||||
|
@Test
|
||||||
|
public void givenAnonymousUser_whenAccessToProductLinePage_thenAllowAccess() throws Exception {
|
||||||
|
mockMvc.perform(MockMvcRequestBuilders.get("/public/showProducts"))
|
||||||
|
.andExpect(MockMvcResultMatchers.status().isOk())
|
||||||
|
.andExpect(MockMvcResultMatchers.content().string("List Products"));
|
||||||
|
}
|
||||||
|
|
||||||
|
@WithMockUser(username = "spring", password = "secret")
|
||||||
|
@Test
|
||||||
|
public void givenAuthenticatedUser_whenAccessToCartPage_thenAllowAccess() throws Exception {
|
||||||
|
mockMvc.perform(MockMvcRequestBuilders.get("/private/showCart"))
|
||||||
|
.andExpect(MockMvcResultMatchers.status().isOk())
|
||||||
|
.andExpect(MockMvcResultMatchers.content().string("Show Cart"));
|
||||||
|
}
|
||||||
|
|
||||||
|
@WithAnonymousUser
|
||||||
|
@Test
|
||||||
|
public void givenAnonymousUser_whenAccessToCartPage_thenDenyAccess() throws Exception {
|
||||||
|
mockMvc.perform(MockMvcRequestBuilders.get("/private/showCart"))
|
||||||
|
.andExpect(MockMvcResultMatchers.status().isUnauthorized());
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue