add security configuration

2017-01-22 16:23:07 +02:00 · 2017-01-22 16:23:07 +02:00 · 8f590967c9
parent 2f4fcc0b9b
commit 8f590967c9
9 changed files with 192 additions and 20 deletions
--- a/spring-cloud/spring-cloud-rest/spring-cloud-rest-client/pom.xml
+++ b/spring-cloud/spring-cloud-rest/spring-cloud-rest-client/pom.xml
@ -15,7 +15,7 @@
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
 		<version>1.4.3.RELEASE</version>
-		<relativePath/> <!-- lookup parent from repository -->
+		<relativePath /> <!-- lookup parent from repository -->
 	</parent>

 	<properties>
@ -27,25 +27,37 @@

 	<dependencies>
 		<dependency>
-		    <groupId>org.springframework.cloud</groupId>
-		    <artifactId>spring-cloud-starter-eureka</artifactId>
+			<groupId>org.springframework.cloud</groupId>
+			<artifactId>spring-cloud-starter-eureka</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-data-jpa</artifactId>
 		</dependency>
 		<dependency>
-		    <groupId>com.h2database</groupId>
-		    <artifactId>h2</artifactId>
+			<groupId>com.h2database</groupId>
+			<artifactId>h2</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-web</artifactId>
 		</dependency>
 		<dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-data-rest</artifactId>
-        </dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-data-rest</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-security</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.session</groupId>
+			<artifactId>spring-session</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-data-redis</artifactId>
+		</dependency>

 		<dependency>
 			<groupId>org.springframework.boot</groupId>
@ -53,11 +65,11 @@
 			<scope>test</scope>
 		</dependency>
 		<dependency>
-		    <groupId>io.rest-assured</groupId>
-		    <artifactId>rest-assured</artifactId>
-		    <version>${rest-assured.version}</version>
+			<groupId>io.rest-assured</groupId>
+			<artifactId>rest-assured</artifactId>
+			<version>${rest-assured.version}</version>
 		</dependency>
-		
+
 	</dependencies>

 	<dependencyManagement>
@ -78,6 +90,16 @@
 				<groupId>org.springframework.boot</groupId>
 				<artifactId>spring-boot-maven-plugin</artifactId>
 			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-surefire-plugin</artifactId>
+				<configuration>
+					<excludes>
+						<exclude>**/*IntegrationTest.java</exclude>
+						<exclude>**/*LiveTest.java</exclude>
+					</excludes>
+				</configuration>
+			</plugin>
 		</plugins>
 	</build>

--- a/spring-cloud/spring-cloud-rest/spring-cloud-rest-client/src/main/java/org/baeldung/SessionConfig.java
+++ b/spring-cloud/spring-cloud-rest/spring-cloud-rest-client/src/main/java/org/baeldung/SessionConfig.java
@ -0,0 +1,8 @@
+package org.baeldung;
+
+import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
+import org.springframework.session.web.context.AbstractHttpSessionApplicationInitializer;
+
+@EnableRedisHttpSession
+public class SessionConfig extends AbstractHttpSessionApplicationInitializer {
+}
--- a/spring-cloud/spring-cloud-rest/spring-cloud-rest-client/src/main/resources/application.properties
+++ b/spring-cloud/spring-cloud-rest/spring-cloud-rest-client/src/main/resources/application.properties
@ -1,9 +1,19 @@
+#### cloud
 spring.application.name=spring-cloud-eureka-client
 server.port=0
-eureka.client.serviceUrl.defaultZone=${EUREKA_URI:http://localhost:8761/eureka}
+eureka.client.serviceUrl.defaultZone=${EUREKA_URI:http://system:systemPass@localhost:8761/eureka}
 eureka.instance.preferIpAddress=true

+#### persistence
 spring.datasource.driver-class-name=org.h2.Driver
 spring.datasource.url=jdbc:h2:mem:cloud_rest;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE
 spring.datasource.username=sa
-spring.datasource.password=
+spring.datasource.password=
+
+#### security
+security.basic.enabled=true
+security.basic.path=/**
+security.user.name=user
+security.user.password=userPass
+security.user.role=USER
+security.sessions=always
--- a/spring-cloud/spring-cloud-rest/spring-cloud-rest-client/src/test/java/org/baeldung/RestApiLiveTest.java
+++ b/spring-cloud/spring-cloud-rest/spring-cloud-rest-client/src/test/java/org/baeldung/RestApiLiveTest.java
@ -1,5 +1,6 @@
 package org.baeldung;

+import static io.restassured.RestAssured.preemptive;
 import static org.apache.commons.lang3.RandomStringUtils.randomAlphabetic;
 import static org.apache.commons.lang3.RandomStringUtils.randomNumeric;
 import static org.junit.Assert.assertEquals;
@ -8,6 +9,7 @@ import io.restassured.RestAssured;
 import io.restassured.response.Response;

 import org.baeldung.persistence.model.Book;
+import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.springframework.boot.test.context.SpringBootTest;
@ -22,6 +24,11 @@ public class RestApiLiveTest {

    private static final String API_URI = "http://localhost:8084/books";

+    @Before
+    public void setUp() {
+        RestAssured.authentication = preemptive().basic("user", "userPass");
+    }
+
    // GET

    @Test
@ -148,14 +155,14 @@ public class RestApiLiveTest {

    // =============================== Util

-    public Book createRandomBook() {
+    private Book createRandomBook() {
        final Book book = new Book();
        book.setTitle(randomAlphabetic(10));
        book.setAuthor(randomAlphabetic(15));
        return book;
    }

-    public String createBookAsUri(Book book) {
+    private String createBookAsUri(Book book) {
        final Response response = RestAssured.given()
            .contentType(MediaType.APPLICATION_JSON_VALUE)
            .body(book)
@ -163,4 +170,5 @@ public class RestApiLiveTest {
        return response.jsonPath()
            .get("_links.self.href");
    }
+
 }
--- a/spring-cloud/spring-cloud-rest/spring-cloud-rest-client/src/test/java/org/baeldung/SessionLiveTest.java
+++ b/spring-cloud/spring-cloud-rest/spring-cloud-rest-client/src/test/java/org/baeldung/SessionLiveTest.java
@ -0,0 +1,75 @@
+package org.baeldung;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+import io.restassured.RestAssured;
+import io.restassured.response.Response;
+
+import java.util.Set;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.http.HttpStatus;
+import org.springframework.test.context.junit4.SpringRunner;
+
+import redis.clients.jedis.Jedis;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest(classes = { SpringCloudRestClientApplication.class, SessionConfig.class }, webEnvironment = WebEnvironment.DEFINED_PORT)
+public class SessionLiveTest {
+
+    private Jedis jedis;
+    private static final String API_URI = "http://localhost:8084/books";
+
+    @Before
+    public void setUp() {
+        jedis = new Jedis("localhost", 6379);
+        jedis.flushAll();
+    }
+
+    @Test
+    public void whenStart_thenNoSessionsExist() {
+        final Set<String> result = jedis.keys("*");
+        assertEquals(0, result.size());
+    }
+
+    @Test
+    public void givenUnauthorizeUser_whenAccessResources_then_unAuthorized() {
+        final Response response = RestAssured.get(API_URI);
+        assertEquals(HttpStatus.UNAUTHORIZED.value(), response.getStatusCode());
+    }
+
+    @Test
+    public void givenAuthorizedUser_whenDeleteSession_thenUnauthorized() {
+        // authorize User
+        Response response = RestAssured.given()
+            .auth()
+            .preemptive()
+            .basic("user", "userPass")
+            .get(API_URI);
+        assertEquals(HttpStatus.OK.value(), response.getStatusCode());
+        final String sessionCookie = response.getCookie("SESSION");
+
+        // check redis
+        final Set<String> redisResult = jedis.keys("*");
+        assertTrue(redisResult.size() > 0);
+
+        // login with cookie
+        response = RestAssured.given()
+            .cookie("SESSION", sessionCookie)
+            .get(API_URI);
+        assertEquals(HttpStatus.OK.value(), response.getStatusCode());
+
+        // empty redis
+        jedis.flushAll();
+
+        // login with cookie again
+        response = RestAssured.given()
+            .cookie("SESSION", sessionCookie)
+            .get(API_URI);
+        assertEquals(HttpStatus.UNAUTHORIZED.value(), response.getStatusCode());
+    }
+}
--- a/spring-cloud/spring-cloud-rest/spring-cloud-rest-client/src/test/resources/application.properties
+++ b/spring-cloud/spring-cloud-rest/spring-cloud-rest-client/src/test/resources/application.properties
@ -1,9 +1,19 @@
+#### cloud
 spring.application.name=spring-cloud-eureka-client
 server.port=8084
-eureka.client.serviceUrl.defaultZone=${EUREKA_URI:http://localhost:8761/eureka}
+eureka.client.serviceUrl.defaultZone=${EUREKA_URI:http://system:systemPass@localhost:8761/eureka}
 eureka.instance.preferIpAddress=true

+#### persistence
 spring.datasource.driver-class-name=org.h2.Driver
 spring.datasource.url=jdbc:h2:mem:cloud_rest;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE
 spring.datasource.username=sa
-spring.datasource.password=
+spring.datasource.password=
+
+#### security
+security.basic.enabled=true
+security.basic.path=/**
+security.user.name=user
+security.user.password=userPass
+security.user.role=USER
+security.sessions=always
--- a/spring-cloud/spring-cloud-rest/spring-cloud-rest-server/pom.xml
+++ b/spring-cloud/spring-cloud-rest/spring-cloud-rest-server/pom.xml
@ -30,7 +30,19 @@
 		    <groupId>org.springframework.cloud</groupId>
 		    <artifactId>spring-cloud-starter-eureka-server</artifactId>
 		</dependency>
-
+		<dependency>
+		    <groupId>org.springframework.boot</groupId>
+		    <artifactId>spring-boot-starter-security</artifactId>
+		</dependency>
+		<dependency>
+		    <groupId>org.springframework.session</groupId>
+		    <artifactId>spring-session</artifactId>
+		</dependency>
+		<dependency>
+		    <groupId>org.springframework.boot</groupId>
+		    <artifactId>spring-boot-starter-data-redis</artifactId>
+		</dependency>
+		
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-test</artifactId>
@ -56,6 +68,16 @@
 				<groupId>org.springframework.boot</groupId>
 				<artifactId>spring-boot-maven-plugin</artifactId>
 			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-surefire-plugin</artifactId>
+				<configuration>
+					<excludes>
+						<exclude>**/*IntegrationTest.java</exclude>
+						<exclude>**/*LiveTest.java</exclude>
+					</excludes>
+				</configuration>
+			</plugin>
 		</plugins>
 	</build>

--- a/spring-cloud/spring-cloud-rest/spring-cloud-rest-server/src/main/java/org/baeldung/SessionConfig.java
+++ b/spring-cloud/spring-cloud-rest/spring-cloud-rest-server/src/main/java/org/baeldung/SessionConfig.java
@ -0,0 +1,8 @@
+package org.baeldung;
+
+import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
+import org.springframework.session.web.context.AbstractHttpSessionApplicationInitializer;
+
+@EnableRedisHttpSession
+public class SessionConfig extends AbstractHttpSessionApplicationInitializer {
+}
--- a/spring-cloud/spring-cloud-rest/spring-cloud-rest-server/src/main/resources/application.properties
+++ b/spring-cloud/spring-cloud-rest/spring-cloud-rest-server/src/main/resources/application.properties
@ -1,3 +1,12 @@
+#### cloud
 server.port=8761
 eureka.client.registerWithEureka=false
-eureka.client.fetchRegistry=false
+eureka.client.fetchRegistry=false
+
+#### security
+security.basic.enabled=true
+security.basic.path=/**
+security.user.name=system
+security.user.password=systemPass
+security.user.role=ADMIN
+security.sessions=always