From 8dc92aa09ccc2f5882436867be55f0d1c7028e9b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20R=C3=A4del?= Date: Thu, 4 Aug 2016 17:54:02 +0200 Subject: [PATCH] Working demo to demonstrate keystore creation and SSL. --- .../basic-secured-server/pom.xml | 58 +++++++++++++++++++ .../spring/security/x509/UserController.java | 19 ++++++ .../x509/X509AuthenticationServer.java | 11 ++++ .../src/main/resources/application.properties | 8 +++ .../src/main/resources/templates/user.html | 9 +++ .../x509/X509AuthenticationServerTests.java | 14 +++++ spring-security-x509/keystore/Makefile | 24 +++++--- ...{UserResource.java => UserController.java} | 0 8 files changed, 134 insertions(+), 9 deletions(-) create mode 100644 spring-security-x509/basic-secured-server/pom.xml create mode 100644 spring-security-x509/basic-secured-server/src/main/java/com/baeldung/spring/security/x509/UserController.java create mode 100644 spring-security-x509/basic-secured-server/src/main/java/com/baeldung/spring/security/x509/X509AuthenticationServer.java create mode 100644 spring-security-x509/basic-secured-server/src/main/resources/application.properties create mode 100644 spring-security-x509/basic-secured-server/src/main/resources/templates/user.html create mode 100644 spring-security-x509/basic-secured-server/src/test/java/com/baeldung/spring/security/x509/X509AuthenticationServerTests.java rename spring-security-x509/server/src/main/java/com/baeldung/spring/security/x509/{UserResource.java => UserController.java} (100%) diff --git a/spring-security-x509/basic-secured-server/pom.xml b/spring-security-x509/basic-secured-server/pom.xml new file mode 100644 index 0000000000..e8a65a02cf --- /dev/null +++ b/spring-security-x509/basic-secured-server/pom.xml @@ -0,0 +1,58 @@ + + + 4.0.0 + + com.baeldung.spring.security + basic-secured-server + 0.0.1-SNAPSHOT + jar + + basic-secured-server + Spring x.509 Authentication Demo + + + org.springframework.boot + spring-boot-starter-parent + 1.4.0.RELEASE + + + + + UTF-8 + UTF-8 + 1.8 + + + + + org.springframework.boot + spring-boot-starter-security + + + org.springframework.boot + spring-boot-starter-web + + + org.springframework.boot + spring-boot-starter-thymeleaf + + + + org.springframework.boot + spring-boot-starter-test + test + + + + + + + org.springframework.boot + spring-boot-maven-plugin + + + + + + diff --git a/spring-security-x509/basic-secured-server/src/main/java/com/baeldung/spring/security/x509/UserController.java b/spring-security-x509/basic-secured-server/src/main/java/com/baeldung/spring/security/x509/UserController.java new file mode 100644 index 0000000000..dfe000a3d0 --- /dev/null +++ b/spring-security-x509/basic-secured-server/src/main/java/com/baeldung/spring/security/x509/UserController.java @@ -0,0 +1,19 @@ +package com.baeldung.spring.security.x509; + +import org.springframework.security.core.Authentication; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.stereotype.Controller; +import org.springframework.ui.Model; +import org.springframework.web.bind.annotation.RequestMapping; + +import java.security.Principal; + +@Controller +public class UserController { + @RequestMapping(value = "/user") + public String user(Model model, Principal principal) { + UserDetails currentUser = (UserDetails) ((Authentication) principal).getPrincipal(); + model.addAttribute("username", currentUser.getUsername()); + return "user"; + } +} diff --git a/spring-security-x509/basic-secured-server/src/main/java/com/baeldung/spring/security/x509/X509AuthenticationServer.java b/spring-security-x509/basic-secured-server/src/main/java/com/baeldung/spring/security/x509/X509AuthenticationServer.java new file mode 100644 index 0000000000..02a3bf45d6 --- /dev/null +++ b/spring-security-x509/basic-secured-server/src/main/java/com/baeldung/spring/security/x509/X509AuthenticationServer.java @@ -0,0 +1,11 @@ +package com.baeldung.spring.security.x509; + +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; + +@SpringBootApplication +public class X509AuthenticationServer { + public static void main(String[] args) { + SpringApplication.run(X509AuthenticationServer.class, args); + } +} diff --git a/spring-security-x509/basic-secured-server/src/main/resources/application.properties b/spring-security-x509/basic-secured-server/src/main/resources/application.properties new file mode 100644 index 0000000000..1eed9cbbb0 --- /dev/null +++ b/spring-security-x509/basic-secured-server/src/main/resources/application.properties @@ -0,0 +1,8 @@ +server.ssl.key-store=../keystore/keystore.jks +server.ssl.key-store-password=${PASSWORD} +server.ssl.key-alias=${HOSTNAME} +server.ssl.key-password=${PASSWORD} +server.ssl.enabled=true +server.port=8443 +security.user.name=Admin +security.user.password=admin \ No newline at end of file diff --git a/spring-security-x509/basic-secured-server/src/main/resources/templates/user.html b/spring-security-x509/basic-secured-server/src/main/resources/templates/user.html new file mode 100644 index 0000000000..81159e757a --- /dev/null +++ b/spring-security-x509/basic-secured-server/src/main/resources/templates/user.html @@ -0,0 +1,9 @@ + + + +X.509 Authentication Demo + + +

Hello !

+ + \ No newline at end of file diff --git a/spring-security-x509/basic-secured-server/src/test/java/com/baeldung/spring/security/x509/X509AuthenticationServerTests.java b/spring-security-x509/basic-secured-server/src/test/java/com/baeldung/spring/security/x509/X509AuthenticationServerTests.java new file mode 100644 index 0000000000..0b9a11552a --- /dev/null +++ b/spring-security-x509/basic-secured-server/src/test/java/com/baeldung/spring/security/x509/X509AuthenticationServerTests.java @@ -0,0 +1,14 @@ +package com.baeldung.spring.security.x509; + +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.test.context.junit4.SpringRunner; + +@RunWith(SpringRunner.class) +@SpringBootTest +public class X509AuthenticationServerTests { + @Test + public void contextLoads() { + } +} diff --git a/spring-security-x509/keystore/Makefile b/spring-security-x509/keystore/Makefile index 62f2e1395e..7f0c5e3077 100644 --- a/spring-security-x509/keystore/Makefile +++ b/spring-security-x509/keystore/Makefile @@ -1,6 +1,7 @@ PASSWORD=changeit KEYSTORE=keystore.jks HOSTNAME=localhost +CLIENTNAME=cid # CN = Common Name # OU = Organization Unit # O = Organization Name @@ -11,14 +12,14 @@ HOSTNAME=localhost DNAME_CA='CN=Baeldung CA,OU=baeldung.com,O=Baeldung,L=SomeCity,ST=SomeState,C=CC' # For server certificates, the Common Name (CN) must be the hostname DNAME_HOST='CN=$(HOSTNAME),OU=baeldung.com,O=Baeldung,L=SomeCity,ST=SomeState,C=CC' +DNAME_CLIENT='CN=$(CLIENTNAME),OU=baeldung.com,O=Baeldung,L=SomeCity,ST=SomeState,C=CC' TRUSTSTORE=truststore.jks -CLIENTNAME=cid all: clean create-keystore add-host create-truststore add-client create-keystore: # Generate a certificate authority (CA) - keytool -genkey -alias ca \ + keytool -genkey -alias ca -ext BC=ca:true \ -keyalg RSA -keysize 4096 -sigalg SHA512withRSA -keypass $(PASSWORD) \ -validity 3650 -dname $(DNAME_CA) \ -keystore $(KEYSTORE) -storepass $(PASSWORD) @@ -30,7 +31,7 @@ add-host: -validity 3650 -dname $(DNAME_HOST) \ -keystore $(KEYSTORE) -storepass $(PASSWORD) # Generate a host certificate signing request - keytool -certreq -alias $(HOSTNAME) \ + keytool -certreq -alias $(HOSTNAME) -ext BC=ca:true \ -keyalg RSA -keysize 4096 -sigalg SHA512withRSA \ -validity 3650 -file "$(HOSTNAME).csr" \ -keystore $(KEYSTORE) -storepass $(PASSWORD) @@ -44,10 +45,14 @@ add-host: -file "$(HOSTNAME).crt" \ -keystore $(KEYSTORE) -storepass $(PASSWORD) -create-truststore: - # Export certificate authority into truststore - keytool -export -alias ca -file ca.crt \ +export-authority: + # Export certificate authority + keytool -export -alias ca -file ca.crt -rfc \ -keystore $(KEYSTORE) -storepass $(PASSWORD) + + +create-truststore: export-authority + # Import certificate authority into a new truststore keytool -import -trustcacerts -noprompt -alias ca -file ca.crt \ -keystore $(TRUSTSTORE) -storepass $(PASSWORD) @@ -55,10 +60,10 @@ add-client: # Generate client certificate keytool -genkey -alias $(CLIENTNAME) \ -keyalg RSA -keysize 4096 -sigalg SHA512withRSA -keypass $(PASSWORD) \ - -validity 3650 -dname $(DNAME_HOST) \ + -validity 3650 -dname $(DNAME_CLIENT) \ -keystore $(TRUSTSTORE) -storepass $(PASSWORD) # Generate a host certificate signing request - keytool -certreq -alias $(CLIENTNAME) \ + keytool -certreq -alias $(CLIENTNAME) -ext BC=ca:true \ -keyalg RSA -keysize 4096 -sigalg SHA512withRSA \ -validity 3650 -file "$(CLIENTNAME).csr" \ -keystore $(TRUSTSTORE) -storepass $(PASSWORD) @@ -73,4 +78,5 @@ add-client: -keystore $(TRUSTSTORE) -storepass $(PASSWORD) clean: - rm -f $(KEYSTORE) *.csr *.crt $(TRUSTSTORE) + # Remove generated artifacts + find . ! -name Makefile -type f -exec rm -f {} \; diff --git a/spring-security-x509/server/src/main/java/com/baeldung/spring/security/x509/UserResource.java b/spring-security-x509/server/src/main/java/com/baeldung/spring/security/x509/UserController.java similarity index 100% rename from spring-security-x509/server/src/main/java/com/baeldung/spring/security/x509/UserResource.java rename to spring-security-x509/server/src/main/java/com/baeldung/spring/security/x509/UserController.java