finish moving example code to spring-5-security module

2018-01-16 18:26:43 -05:00 · 2018-01-16 18:26:43 -05:00 · 99887d2f1b
parent a5f6f5e035
commit 99887d2f1b
16 changed files with 374 additions and 736 deletions
--- a/spring-5-security/pom.xml
+++ b/spring-5-security/pom.xml
@ -45,6 +45,10 @@
 			<artifactId>spring-security-oauth2-jose</artifactId>
 		</dependency>

+		<dependency>
+			<groupId>org.springframework</groupId>
+			<artifactId>spring-test</artifactId>
+		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-test</artifactId>
--- a/spring-5-security/src/main/java/com/baeldung/securityextrafields/SecurityConfig.java
+++ b/spring-5-security/src/main/java/com/baeldung/securityextrafields/SecurityConfig.java
@ -15,7 +15,7 @@ import org.springframework.security.web.authentication.SimpleUrlAuthenticationFa
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@EnableWebSecurity
-@PropertySource("application-extrafields.properties")
+@PropertySource("classpath:/application-extrafields.properties")
 public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
--- a/spring-5-security/src/test/java/com/baeldung/securityextrafields/SecurityExtraFieldsTest.java
+++ b/spring-5-security/src/test/java/com/baeldung/securityextrafields/SecurityExtraFieldsTest.java
@ -11,47 +11,44 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 import java.util.ArrayList;
 import java.util.Collection;

-import org.junit.jupiter.api.BeforeEach;
-import org.junit.jupiter.api.DisplayName;
-import org.junit.jupiter.api.Test;
+import org.junit.Before;
+import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.mock.web.MockHttpSession;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.web.FilterChainProxy;
 import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
-import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit.jupiter.web.SpringJUnitWebConfig;
 import org.springframework.test.context.junit4.SpringRunner;
-import org.springframework.test.context.web.WebAppConfiguration;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.MvcResult;
 import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder;
 import org.springframework.test.web.servlet.setup.MockMvcBuilders;
 import org.springframework.web.context.WebApplicationContext;

-import com.baeldung.SpringSecurity5ExtraLoginFieldsApplication;
-
-@WebAppConfiguration
-@SpringJUnitWebConfig
@RunWith(SpringRunner.class)
-@ContextConfiguration(classes = SpringSecurity5ExtraLoginFieldsApplication.class)
+@SpringJUnitWebConfig
+@SpringBootTest(classes = SpringExtraLoginFieldsApplication.class)
 public class SecurityExtraFieldsTest {
    
    @Autowired
    private FilterChainProxy springSecurityFilterChain;
    
+    @Autowired
+    private WebApplicationContext wac;
+
    private MockMvc mockMvc;  

-    @BeforeEach
-    public void setup(WebApplicationContext wac) {
+    @Before
+    public void setup() {
        this.mockMvc = MockMvcBuilders.webAppContextSetup(wac)
            .apply(springSecurity(springSecurityFilterChain)).build();
    }

-    @DisplayName("Access of root path redirects to index")
    @Test
    public void givenRootPathAccess_thenRedirectToIndex() throws Exception {
        this.mockMvc.perform(get("/"))
@ -59,7 +56,6 @@ public class SecurityExtraFieldsTest {
                .andExpect(redirectedUrlPattern("/index*"));
    }

-    @DisplayName("Unauthenticated access of secured resource redirects to login page")
    @Test
    public void givenSecuredResource_whenAccessUnauthenticated_thenRequiresAuthentication() throws Exception {
        this.mockMvc.perform(get("/user/index"))
@ -67,7 +63,6 @@ public class SecurityExtraFieldsTest {
            .andExpect(redirectedUrlPattern("**/login"));
    }

-    @DisplayName("Succesfull auth on login page redirects and extra field exists")
    @Test
    public void givenAccessSecuredResource_whenAuthenticated_thenAuthHasExtraFields() throws Exception {
        MockHttpServletRequestBuilder securedResourceAccess = get("/user/index");
--- a/spring-5/pom.xml
+++ b/spring-5/pom.xml
@ -34,18 +34,6 @@
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-web</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter-web</artifactId>
-		</dependency>
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-thymeleaf</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.thymeleaf.extras</groupId>
-            <artifactId>thymeleaf-extras-springsecurity4</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
--- a/spring-5/src/main/java/com/baeldung/SpringSecurity5ExtraLoginFieldsApplication.java
+++ b/spring-5/src/main/java/com/baeldung/SpringSecurity5ExtraLoginFieldsApplication.java
@ -1,15 +0,0 @@
-package com.baeldung;
-
-import org.springframework.boot.SpringApplication;
-import org.springframework.boot.autoconfigure.SpringBootApplication;
-import org.springframework.context.annotation.ComponentScan;
-
-@ComponentScan(basePackages = {"com.baeldung.securityextrafields"})
-@SpringBootApplication
-public class SpringSecurity5ExtraLoginFieldsApplication {
-
-    public static void main(String[] args) {
-        SpringApplication.run(SpringSecurity5ExtraLoginFieldsApplication.class, args);
-    }
-
-}
--- a/spring-5/src/main/java/com/baeldung/securityextrafields/CustomAuthenticationFilter.java
+++ b/spring-5/src/main/java/com/baeldung/securityextrafields/CustomAuthenticationFilter.java
@ -1,54 +0,0 @@
-package com.baeldung.securityextrafields;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.security.authentication.AuthenticationServiceException;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
-
-public class CustomAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
-
-    public static final String SPRING_SECURITY_FORM_DOMAIN_KEY = "domain";
-
-    @Override
-    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) 
-        throws AuthenticationException {
-
-        if (!request.getMethod()
-            .equals("POST")) {
-            throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());
-        }
-
-        UsernamePasswordAuthenticationToken authRequest = getAuthRequest(request);
-        setDetails(request, authRequest);
-        return this.getAuthenticationManager()
-            .authenticate(authRequest);
-    }
-
-    private UsernamePasswordAuthenticationToken getAuthRequest(HttpServletRequest request) {
-        String username = obtainUsername(request);
-        String password = obtainPassword(request);
-        String domain = obtainDomain(request);
-
-        if (username == null) {
-            username = "";
-        }
-        if (password == null) {
-            password = "";
-        }
-        if (domain == null) {
-            domain = "";
-        }
-
-        String usernameDomain = String.format("%s%s%s", username.trim(), 
-            String.valueOf(Character.LINE_SEPARATOR), domain);
-        return new UsernamePasswordAuthenticationToken(usernameDomain, password);        
-    }
-
-    private String obtainDomain(HttpServletRequest request) {
-        return request.getParameter(SPRING_SECURITY_FORM_DOMAIN_KEY);
-    }
-}
--- a/spring-5/src/main/java/com/baeldung/securityextrafields/CustomUserDetailsService.java
+++ b/spring-5/src/main/java/com/baeldung/securityextrafields/CustomUserDetailsService.java
@ -1,32 +0,0 @@
-package com.baeldung.securityextrafields;
-
-import org.apache.commons.lang3.StringUtils;
-import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.core.userdetails.UsernameNotFoundException;
-import org.springframework.stereotype.Service;
-
-@Service("userDetailsService")
-public class CustomUserDetailsService implements UserDetailsService {
-
-    private final UserRepository userRepository;
- 
-    public CustomUserDetailsService(UserRepository userRepository) {
-        this.userRepository = userRepository;
-    }
-
-    @Override
-    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
-        String[] usernameAndDomain = StringUtils.split(username, String.valueOf(Character.LINE_SEPARATOR));
-        if (usernameAndDomain == null || usernameAndDomain.length != 2) {
-            throw new UsernameNotFoundException("Username and domain must be provided");
-        }
-        User user = userRepository.findUser(usernameAndDomain[0], usernameAndDomain[1]);
-        if (user == null) {
-            throw new UsernameNotFoundException(
-                String.format("Username not found for domain, username=%s, domain=%s", 
-                    usernameAndDomain[0], usernameAndDomain[1]));
-        }
-        return user;
-    }
-}
--- a/spring-5/src/main/java/com/baeldung/securityextrafields/CustomUserRepository.java
+++ b/spring-5/src/main/java/com/baeldung/securityextrafields/CustomUserRepository.java
@ -1,26 +0,0 @@
-package com.baeldung.securityextrafields;
-
-import java.util.ArrayList;
-import java.util.Collection;
-
-import org.apache.commons.lang3.StringUtils;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.stereotype.Repository;
-
-@Repository("userRepository")
-public class CustomUserRepository implements UserRepository {
-
-    @Override
-    public User findUser(String username, String domain) {
-        if (StringUtils.isAnyBlank(username, domain)) {
-            return null;
-        } else {
-            Collection<? extends GrantedAuthority> authorities = new ArrayList<>();
-            User user =  new User(username, domain, 
-                "$2a$10$U3GhSMpsMSOE8Kqsbn58/edxDBKlVuYMh7qk/7ErApYFjJzi2VG5K", true, 
-                true, true, true, authorities);
-            return user;
-        }
-    }
-
-}
--- a/spring-5/src/main/java/com/baeldung/securityextrafields/SecurityConfig.java
+++ b/spring-5/src/main/java/com/baeldung/securityextrafields/SecurityConfig.java
@ -1,63 +0,0 @@
-package com.baeldung.securityextrafields;
-
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.authentication.AuthenticationProvider;
-import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
-import org.springframework.security.crypto.password.PasswordEncoder;
-import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
-import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
-
-@EnableWebSecurity
-public class SecurityConfig extends WebSecurityConfigurerAdapter {
-
-    @Autowired
-    private UserDetailsService userDetailsService;
-
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        
-        http
-            .addFilterBefore(authenticationFilter(), UsernamePasswordAuthenticationFilter.class)
-            .authorizeRequests()
-                .antMatchers("/css/**", "/index").permitAll()
-                .antMatchers("/user/**").authenticated()
-            .and()
-            .formLogin().loginPage("/login")
-            .and()
-            .logout()
-            .logoutUrl("/logout");
-    }
-
-    public CustomAuthenticationFilter authenticationFilter() throws Exception {
-        CustomAuthenticationFilter filter = new CustomAuthenticationFilter();
-        filter.setAuthenticationManager(authenticationManagerBean());
-        filter.setAuthenticationFailureHandler(failureHandler());
-        return filter;
-    }
-
-    @Autowired
-    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
-            auth.authenticationProvider(authProvider());                            
-    }
-
-    public AuthenticationProvider authProvider() {
-        DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
-        provider.setUserDetailsService(userDetailsService);
-        provider.setPasswordEncoder(passwordEncoder());
-        return provider;
-    }
-
-    public SimpleUrlAuthenticationFailureHandler failureHandler() {
-        return new SimpleUrlAuthenticationFailureHandler("/login?error=true");
-    }
-
-    public PasswordEncoder passwordEncoder() {
-        return new BCryptPasswordEncoder();
-    }
-}
--- a/spring-5/src/main/java/com/baeldung/securityextrafields/User.java
+++ b/spring-5/src/main/java/com/baeldung/securityextrafields/User.java
@ -1,23 +0,0 @@
-package com.baeldung.securityextrafields;
-
-import java.util.Collection;
-
-import org.springframework.security.core.GrantedAuthority;
-
-public class User extends org.springframework.security.core.userdetails.User {
-
-    private static final long serialVersionUID = 1L;
-
-    private final String domain;
-
-    public User(String username, String domain, String password, boolean enabled, 
-        boolean accountNonExpired, boolean credentialsNonExpired, 
-        boolean accountNonLocked, Collection<? extends GrantedAuthority> authorities) {
-        super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
-        this.domain = domain;
-    }
-
-    public String getDomain() {
-        return domain;
-    }
-}
--- a/spring-5/src/main/java/com/baeldung/securityextrafields/UserRepository.java
+++ b/spring-5/src/main/java/com/baeldung/securityextrafields/UserRepository.java
@ -1,7 +0,0 @@
-package com.baeldung.securityextrafields;
-
-public interface UserRepository {
-
-    public User findUser(String username, String domain);
-    
-}
--- a/spring-5/src/main/java/com/baeldung/securityextrafields/WebController.java
+++ b/spring-5/src/main/java/com/baeldung/securityextrafields/WebController.java
@ -1,51 +0,0 @@
-package com.baeldung.securityextrafields;
-
-import java.util.Optional;
-
-import org.springframework.security.authentication.AnonymousAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.stereotype.Controller;
-import org.springframework.ui.Model;
-import org.springframework.web.bind.annotation.RequestMapping;
-
-@Controller
-public class WebController {
-
-    @RequestMapping("/")
-    public String root() {
-        return "redirect:/index";
-    }
-
-    @RequestMapping("/index")
-    public String index(Model model) {
-        getDomain().ifPresent(d -> {
-            model.addAttribute("domain", d);
-        });
-        return "index";
-    }
-
-    @RequestMapping("/user/index")
-    public String userIndex(Model model) {
-        getDomain().ifPresent(d -> {
-            model.addAttribute("domain", d);
-        });
-        return "user/index";
-    }
-
-    @RequestMapping("/login")
-    public String login() {
-        return "login";
-    }
-
-    private Optional<String> getDomain() {
-        Authentication auth = SecurityContextHolder.getContext()
-            .getAuthentication(); 
-        String domain = null;
-        if (auth != null && !auth.getClass().equals(AnonymousAuthenticationToken.class)) {
-            User user = (User) auth.getPrincipal();
-            domain = user.getDomain();
-        }
-        return Optional.ofNullable(domain);
-    }
-}
--- a/spring-5/src/main/resources/static/css/main.css
+++ b/spring-5/src/main/resources/static/css/main.css
@ -1,18 +0,0 @@
-body {
-    font-family: sans;
-    font-size: 1em;
-}
-
-p.error {
-    font-weight: bold;
-    color: red;
-}
-
-div.logout {
-    float: right;
-}
-
-.formfield {
-	margin: 0.5em;
-	padding: 0.3em;
-}
--- a/spring-5/src/main/resources/templates/index.html
+++ b/spring-5/src/main/resources/templates/index.html
@ -1,24 +0,0 @@
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org" xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4">
-    <head>
-        <title>Spring Security - Login With Extra Fields</title>
-        <meta charset="utf-8" />
-        <link rel="stylesheet" href="/css/main.css" th:href="@{/css/main.css}" />
-    </head>
-    <body>
-        <div th:fragment="logout" class="logout" sec:authorize="isAuthenticated()">
-            Logged in user: <span sec:authentication="name"></span> |
-            domain: <span th:text="${domain}">Some Domain</span>
-            <div>
-                <form action="#" th:action="@{/logout}" method="post">
-                    <input type="submit" value="Logout" />
-                </form>
-            </div>
-        </div>
-        <h1>Hello Spring Security</h1>
-        <p>This is an unsecured page, but you can access the secured pages after authenticating.</p>
-        <ul>
-            <li>Go to the <a href="/user/index" th:href="@{/user/index}">secured pages</a></li>
-        </ul>
-    </body>
-</html>
--- a/spring-5/src/main/resources/templates/login.html
+++ b/spring-5/src/main/resources/templates/login.html
@ -1,23 +0,0 @@
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
-    <head>
-        <title>Login page</title>
-        <meta charset="utf-8" />
-        <link rel="stylesheet" href="/css/main.css" th:href="@{/css/main.css}" />
-	</head>
-    <body>
-        <h1>Login page</h1>
-        <p>Example: user / domain / password</p>
-        <p th:if="${param.error}" class="error">Invalid user, password, or domain</p>
-        <form th:action="@{/login}" method="post">
-            <label for="username">Username</label>:
-            <input class="formfield" type="text" id="username" name="username" autofocus="autofocus" /> <br />
-            <label for="domain">Domain</label>:
-            <input class="formfield" type="text" id="domain" name="domain" /> <br />
-            <label for="password">Password</label>:
-            <input class="formfield" type="password" id="password" name="password" /> <br />
-            <input type="submit" value="Log in" />
-        </form>
-        <p><a href="/index" th:href="@{/index}">Back to home page</a></p>
-    </body>
-</html>
--- a/spring-5/src/main/resources/templates/user/index.html
+++ b/spring-5/src/main/resources/templates/user/index.html
@ -1,13 +0,0 @@
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
-    <head>
-        <title>Spring Security - Login With Extra Fields</title>
-        <meta charset="utf-8" />
-        <link rel="stylesheet" href="/css/main.css" th:href="@{/css/main.css}" />
-    </head>
-    <body>
-        <div th:replace="index::logout"></div>
-        <h1>This is a secured page!</h1>
-        <p><a href="/index" th:href="@{/index}">Back to home page</a></p>
-    </body>
-</html>