add security configuration

spring-cloud/spring-cloud-rest/spring-cloud-rest-client/pom.xml

@@ -46,6 +46,18 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-data-rest</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-security</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.session</groupId>
+			<artifactId>spring-session</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-data-redis</artifactId>
+		</dependency>
 
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
@@ -78,6 +90,16 @@
 				<groupId>org.springframework.boot</groupId>
 				<artifactId>spring-boot-maven-plugin</artifactId>
 			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-surefire-plugin</artifactId>
+				<configuration>
+					<excludes>
+						<exclude>**/*IntegrationTest.java</exclude>
+						<exclude>**/*LiveTest.java</exclude>
+					</excludes>
+				</configuration>
+			</plugin>
 		</plugins>
 	</build>
 

spring-cloud/spring-cloud-rest/spring-cloud-rest-client/src/main/java/org/baeldung/SessionConfig.java

@@ -0,0 +1,8 @@
+package org.baeldung;
+
+import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
+import org.springframework.session.web.context.AbstractHttpSessionApplicationInitializer;
+
+@EnableRedisHttpSession
+public class SessionConfig extends AbstractHttpSessionApplicationInitializer {
+}

spring-cloud/spring-cloud-rest/spring-cloud-rest-client/src/main/resources/application.properties

@@ -1,9 +1,19 @@
+#### cloud
 spring.application.name=spring-cloud-eureka-client
 server.port=0
-eureka.client.serviceUrl.defaultZone=${EUREKA_URI:http://localhost:8761/eureka}
+eureka.client.serviceUrl.defaultZone=${EUREKA_URI:http://system:systemPass@localhost:8761/eureka}
 eureka.instance.preferIpAddress=true
 
+#### persistence
 spring.datasource.driver-class-name=org.h2.Driver
 spring.datasource.url=jdbc:h2:mem:cloud_rest;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE
 spring.datasource.username=sa
 spring.datasource.password=
+
+#### security
+security.basic.enabled=true
+security.basic.path=/**
+security.user.name=user
+security.user.password=userPass
+security.user.role=USER
+security.sessions=always

spring-cloud/spring-cloud-rest/spring-cloud-rest-client/src/test/java/org/baeldung/RestApiLiveTest.java

@@ -1,5 +1,6 @@
 package org.baeldung;
 
+import static io.restassured.RestAssured.preemptive;
 import static org.apache.commons.lang3.RandomStringUtils.randomAlphabetic;
 import static org.apache.commons.lang3.RandomStringUtils.randomNumeric;
 import static org.junit.Assert.assertEquals;
@@ -8,6 +9,7 @@ import io.restassured.RestAssured;
 import io.restassured.response.Response;
 
 import org.baeldung.persistence.model.Book;
+import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.springframework.boot.test.context.SpringBootTest;
@@ -22,6 +24,11 @@ public class RestApiLiveTest {
 
     private static final String API_URI = "http://localhost:8084/books";
 
+    @Before
+    public void setUp() {
+        RestAssured.authentication = preemptive().basic("user", "userPass");
+    }
+
     // GET
 
     @Test
@@ -148,14 +155,14 @@ public class RestApiLiveTest {
 
     // =============================== Util
 
-    public Book createRandomBook() {
+    private Book createRandomBook() {
         final Book book = new Book();
         book.setTitle(randomAlphabetic(10));
         book.setAuthor(randomAlphabetic(15));
         return book;
     }
 
-    public String createBookAsUri(Book book) {
+    private String createBookAsUri(Book book) {
         final Response response = RestAssured.given()
             .contentType(MediaType.APPLICATION_JSON_VALUE)
             .body(book)
@@ -163,4 +170,5 @@ public class RestApiLiveTest {
         return response.jsonPath()
             .get("_links.self.href");
     }
+
 }

spring-cloud/spring-cloud-rest/spring-cloud-rest-client/src/test/java/org/baeldung/SessionLiveTest.java

@@ -0,0 +1,75 @@
+package org.baeldung;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+import io.restassured.RestAssured;
+import io.restassured.response.Response;
+
+import java.util.Set;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.http.HttpStatus;
+import org.springframework.test.context.junit4.SpringRunner;
+
+import redis.clients.jedis.Jedis;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest(classes = { SpringCloudRestClientApplication.class, SessionConfig.class }, webEnvironment = WebEnvironment.DEFINED_PORT)
+public class SessionLiveTest {
+
+    private Jedis jedis;
+    private static final String API_URI = "http://localhost:8084/books";
+
+    @Before
+    public void setUp() {
+        jedis = new Jedis("localhost", 6379);
+        jedis.flushAll();
+    }
+
+    @Test
+    public void whenStart_thenNoSessionsExist() {
+        final Set<String> result = jedis.keys("*");
+        assertEquals(0, result.size());
+    }
+
+    @Test
+    public void givenUnauthorizeUser_whenAccessResources_then_unAuthorized() {
+        final Response response = RestAssured.get(API_URI);
+        assertEquals(HttpStatus.UNAUTHORIZED.value(), response.getStatusCode());
+    }
+
+    @Test
+    public void givenAuthorizedUser_whenDeleteSession_thenUnauthorized() {
+        // authorize User
+        Response response = RestAssured.given()
+            .auth()
+            .preemptive()
+            .basic("user", "userPass")
+            .get(API_URI);
+        assertEquals(HttpStatus.OK.value(), response.getStatusCode());
+        final String sessionCookie = response.getCookie("SESSION");
+
+        // check redis
+        final Set<String> redisResult = jedis.keys("*");
+        assertTrue(redisResult.size() > 0);
+
+        // login with cookie
+        response = RestAssured.given()
+            .cookie("SESSION", sessionCookie)
+            .get(API_URI);
+        assertEquals(HttpStatus.OK.value(), response.getStatusCode());
+
+        // empty redis
+        jedis.flushAll();
+
+        // login with cookie again
+        response = RestAssured.given()
+            .cookie("SESSION", sessionCookie)
+            .get(API_URI);
+        assertEquals(HttpStatus.UNAUTHORIZED.value(), response.getStatusCode());
+    }
+}

spring-cloud/spring-cloud-rest/spring-cloud-rest-client/src/test/resources/application.properties

@@ -1,9 +1,19 @@
+#### cloud
 spring.application.name=spring-cloud-eureka-client
 server.port=8084
-eureka.client.serviceUrl.defaultZone=${EUREKA_URI:http://localhost:8761/eureka}
+eureka.client.serviceUrl.defaultZone=${EUREKA_URI:http://system:systemPass@localhost:8761/eureka}
 eureka.instance.preferIpAddress=true
 
+#### persistence
 spring.datasource.driver-class-name=org.h2.Driver
 spring.datasource.url=jdbc:h2:mem:cloud_rest;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE
 spring.datasource.username=sa
 spring.datasource.password=
+
+#### security
+security.basic.enabled=true
+security.basic.path=/**
+security.user.name=user
+security.user.password=userPass
+security.user.role=USER
+security.sessions=always

spring-cloud/spring-cloud-rest/spring-cloud-rest-server/pom.xml

@@ -30,6 +30,18 @@
 		    <groupId>org.springframework.cloud</groupId>
 		    <artifactId>spring-cloud-starter-eureka-server</artifactId>
 		</dependency>
+		<dependency>
+		    <groupId>org.springframework.boot</groupId>
+		    <artifactId>spring-boot-starter-security</artifactId>
+		</dependency>
+		<dependency>
+		    <groupId>org.springframework.session</groupId>
+		    <artifactId>spring-session</artifactId>
+		</dependency>
+		<dependency>
+		    <groupId>org.springframework.boot</groupId>
+		    <artifactId>spring-boot-starter-data-redis</artifactId>
+		</dependency>
 		
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
@@ -56,6 +68,16 @@
 				<groupId>org.springframework.boot</groupId>
 				<artifactId>spring-boot-maven-plugin</artifactId>
 			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-surefire-plugin</artifactId>
+				<configuration>
+					<excludes>
+						<exclude>**/*IntegrationTest.java</exclude>
+						<exclude>**/*LiveTest.java</exclude>
+					</excludes>
+				</configuration>
+			</plugin>
 		</plugins>
 	</build>
 

spring-cloud/spring-cloud-rest/spring-cloud-rest-server/src/main/java/org/baeldung/SessionConfig.java

@@ -0,0 +1,8 @@
+package org.baeldung;
+
+import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
+import org.springframework.session.web.context.AbstractHttpSessionApplicationInitializer;
+
+@EnableRedisHttpSession
+public class SessionConfig extends AbstractHttpSessionApplicationInitializer {
+}

spring-cloud/spring-cloud-rest/spring-cloud-rest-server/src/main/resources/application.properties

@@ -1,3 +1,12 @@
+#### cloud
 server.port=8761
 eureka.client.registerWithEureka=false
 eureka.client.fetchRegistry=false
+
+#### security
+security.basic.enabled=true
+security.basic.path=/**
+security.user.name=system
+security.user.password=systemPass
+security.user.role=ADMIN
+security.sessions=always