BAEL-4019: Exploring Java Security frameworks
This commit is contained in:
parent
77bec48917
commit
9b4ee4aae3
|
@ -0,0 +1,4 @@
|
|||
|
||||
/.idea/
|
||||
/target/
|
||||
/apache-shiro.iml
|
|
@ -0,0 +1,8 @@
|
|||
## Java Security
|
||||
|
||||
This module contains articles about Java security frameworks
|
||||
|
||||
### Relevant articles:
|
||||
|
||||
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
|
||||
/.idea/
|
||||
/target/
|
||||
/apache-shiro.iml
|
|
@ -0,0 +1,40 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<artifactId>apache-shiro</artifactId>
|
||||
<name>apache-shiro</name>
|
||||
|
||||
<parent>
|
||||
<groupId>com.baeldung</groupId>
|
||||
<artifactId>java-security</artifactId>
|
||||
<version>1.0-SNAPSHOT</version>
|
||||
</parent>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-freemarker</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.apache.shiro</groupId>
|
||||
<artifactId>shiro-spring-boot-web-starter</artifactId>
|
||||
<version>${apache-shiro-core-version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.apache.shiro</groupId>
|
||||
<artifactId>shiro-core</artifactId>
|
||||
<version>${apache-shiro-core-version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.slf4j</groupId>
|
||||
<artifactId>jcl-over-slf4j</artifactId>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
<properties>
|
||||
<apache-shiro-core-version>1.5.3</apache-shiro-core-version>
|
||||
</properties>
|
||||
|
||||
</project>
|
|
@ -0,0 +1,92 @@
|
|||
package com.baeldung.shiro;
|
||||
|
||||
import java.sql.Connection;
|
||||
import java.sql.SQLException;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collection;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
import org.apache.shiro.authc.AuthenticationException;
|
||||
import org.apache.shiro.authc.AuthenticationInfo;
|
||||
import org.apache.shiro.authc.AuthenticationToken;
|
||||
import org.apache.shiro.authc.SimpleAuthenticationInfo;
|
||||
import org.apache.shiro.authc.UnknownAccountException;
|
||||
import org.apache.shiro.authc.UsernamePasswordToken;
|
||||
import org.apache.shiro.authz.AuthorizationInfo;
|
||||
import org.apache.shiro.authz.SimpleAuthorizationInfo;
|
||||
import org.apache.shiro.realm.jdbc.JdbcRealm;
|
||||
import org.apache.shiro.subject.PrincipalCollection;
|
||||
|
||||
public class CustomRealm extends JdbcRealm {
|
||||
|
||||
private Map<String, String> credentials = new HashMap<>();
|
||||
private Map<String, Set<String>> roles = new HashMap<>();
|
||||
private Map<String, Set<String>> permissions = new HashMap<>();
|
||||
|
||||
{
|
||||
credentials.put("Tom", "password");
|
||||
credentials.put("Jerry", "password");
|
||||
|
||||
roles.put("Jerry", new HashSet<>(Arrays.asList("ADMIN")));
|
||||
roles.put("Tom", new HashSet<>(Arrays.asList("USER")));
|
||||
|
||||
permissions.put("ADMIN", new HashSet<>(Arrays.asList("READ", "WRITE")));
|
||||
permissions.put("USER", new HashSet<>(Arrays.asList("READ")));
|
||||
}
|
||||
|
||||
@Override
|
||||
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
|
||||
|
||||
UsernamePasswordToken userToken = (UsernamePasswordToken) token;
|
||||
|
||||
if (userToken.getUsername() == null || userToken.getUsername()
|
||||
.isEmpty() || !credentials.containsKey(userToken.getUsername())) {
|
||||
throw new UnknownAccountException("User doesn't exist");
|
||||
}
|
||||
|
||||
return new SimpleAuthenticationInfo(userToken.getUsername(), credentials.get(userToken.getUsername()), getName());
|
||||
}
|
||||
|
||||
@Override
|
||||
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
|
||||
Set<String> roles = new HashSet<>();
|
||||
Set<String> permissions = new HashSet<>();
|
||||
|
||||
for (Object user : principals) {
|
||||
try {
|
||||
roles.addAll(getRoleNamesForUser(null, (String) user));
|
||||
permissions.addAll(getPermissions(null, null, roles));
|
||||
} catch (SQLException e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
}
|
||||
SimpleAuthorizationInfo authInfo = new SimpleAuthorizationInfo(roles);
|
||||
authInfo.setStringPermissions(permissions);
|
||||
return authInfo;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected Set<String> getRoleNamesForUser(Connection conn, String username) throws SQLException {
|
||||
if (!roles.containsKey(username)) {
|
||||
throw new SQLException("User doesn't exist");
|
||||
}
|
||||
return roles.get(username);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected Set<String> getPermissions(Connection conn, String username, Collection<String> roles) throws SQLException {
|
||||
Set<String> userPermissions = new HashSet<>();
|
||||
|
||||
for (String role : roles) {
|
||||
if (!permissions.containsKey(role)) {
|
||||
throw new SQLException("Role doesn't exist");
|
||||
}
|
||||
userPermissions.addAll(permissions.get(role));
|
||||
}
|
||||
return userPermissions;
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,32 @@
|
|||
package com.baeldung.shiro;
|
||||
|
||||
import org.apache.shiro.realm.Realm;
|
||||
import org.apache.shiro.spring.web.config.DefaultShiroFilterChainDefinition;
|
||||
import org.apache.shiro.spring.web.config.ShiroFilterChainDefinition;
|
||||
import org.springframework.boot.SpringApplication;
|
||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
|
||||
@SpringBootApplication
|
||||
public class ShiroApplication {
|
||||
|
||||
public static void main(String... args) {
|
||||
SpringApplication.run(ShiroApplication.class, args);
|
||||
}
|
||||
|
||||
@Bean
|
||||
public Realm realm() {
|
||||
return new CustomRealm();
|
||||
}
|
||||
|
||||
@Bean
|
||||
public ShiroFilterChainDefinition shiroFilterChainDefinition() {
|
||||
DefaultShiroFilterChainDefinition filter = new DefaultShiroFilterChainDefinition();
|
||||
|
||||
filter.addPathDefinition("/home", "authc");
|
||||
filter.addPathDefinition("/**", "anon");
|
||||
|
||||
return filter;
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,95 @@
|
|||
package com.baeldung.shiro.controllers;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
import org.apache.shiro.SecurityUtils;
|
||||
import org.apache.shiro.authc.AuthenticationException;
|
||||
import org.apache.shiro.authc.UsernamePasswordToken;
|
||||
import org.apache.shiro.subject.Subject;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.ui.Model;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.PostMapping;
|
||||
import org.springframework.web.servlet.mvc.support.RedirectAttributes;
|
||||
|
||||
import com.baeldung.shiro.models.UserCredentials;
|
||||
|
||||
@Controller
|
||||
public class ShiroController {
|
||||
|
||||
@GetMapping("/")
|
||||
public String index() {
|
||||
return "index";
|
||||
}
|
||||
|
||||
@GetMapping("/login")
|
||||
public String showLoginPage() {
|
||||
return "login";
|
||||
}
|
||||
|
||||
@PostMapping("/login")
|
||||
public String doLogin(HttpServletRequest req, UserCredentials credentials, RedirectAttributes attr) {
|
||||
|
||||
Subject subject = SecurityUtils.getSubject();
|
||||
|
||||
if (!subject.isAuthenticated()) {
|
||||
UsernamePasswordToken token = new UsernamePasswordToken(credentials.getUsername(), credentials.getPassword());
|
||||
try {
|
||||
subject.login(token);
|
||||
} catch (AuthenticationException ae) {
|
||||
ae.printStackTrace();
|
||||
attr.addFlashAttribute("error", "Invalid Credentials");
|
||||
return "redirect:/login";
|
||||
}
|
||||
}
|
||||
return "redirect:/home";
|
||||
}
|
||||
|
||||
@GetMapping("/home")
|
||||
public String getMeHome(Model model) {
|
||||
|
||||
addUserAttributes(model);
|
||||
|
||||
return "home";
|
||||
}
|
||||
|
||||
@GetMapping("/admin")
|
||||
public String adminOnly(Model model) {
|
||||
addUserAttributes(model);
|
||||
|
||||
Subject currentUser = SecurityUtils.getSubject();
|
||||
if (currentUser.hasRole("ADMIN")) {
|
||||
model.addAttribute("adminContent", "only admin can view this");
|
||||
}
|
||||
return "home";
|
||||
}
|
||||
|
||||
@PostMapping("/logout")
|
||||
public String logout() {
|
||||
Subject subject = SecurityUtils.getSubject();
|
||||
subject.logout();
|
||||
return "redirect:/";
|
||||
}
|
||||
|
||||
private void addUserAttributes(Model model) {
|
||||
Subject currentUser = SecurityUtils.getSubject();
|
||||
String permission = "";
|
||||
|
||||
if (currentUser.hasRole("ADMIN")) {
|
||||
model.addAttribute("role", "ADMIN");
|
||||
} else if (currentUser.hasRole("USER")) {
|
||||
model.addAttribute("role", "USER");
|
||||
}
|
||||
|
||||
if (currentUser.isPermitted("READ")) {
|
||||
permission = permission + " READ";
|
||||
}
|
||||
|
||||
if (currentUser.isPermitted("WRITE")) {
|
||||
permission = permission + " WRITE";
|
||||
}
|
||||
model.addAttribute("username", currentUser.getPrincipal());
|
||||
model.addAttribute("permission", permission);
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,28 @@
|
|||
package com.baeldung.shiro.models;
|
||||
|
||||
public class UserCredentials {
|
||||
|
||||
private String username;
|
||||
private String password;
|
||||
|
||||
public String getUsername() {
|
||||
return username;
|
||||
}
|
||||
|
||||
public void setUsername(String username) {
|
||||
this.username = username;
|
||||
}
|
||||
|
||||
public String getPassword() {
|
||||
return password;
|
||||
}
|
||||
|
||||
public void setPassword(String password) {
|
||||
this.password = password;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return "username = " + getUsername();
|
||||
}
|
||||
}
|
|
@ -0,0 +1,16 @@
|
|||
server:
|
||||
port: 8081
|
||||
|
||||
logging:
|
||||
level:
|
||||
root: WARN
|
||||
org.springframework.web: INFO
|
||||
|
||||
shiro:
|
||||
loginUrl: /login
|
||||
successUrl: /home
|
||||
unauthorizedUrl: /login
|
||||
|
||||
spring:
|
||||
freemarker:
|
||||
suffix: .ftl
|
|
@ -0,0 +1,19 @@
|
|||
<html>
|
||||
<head>
|
||||
<title>Home Page</title>
|
||||
</head>
|
||||
<body style="margin-left: 30px;">
|
||||
<h1>Welcome ${username}!</h1>
|
||||
<p><strong>Role</strong>: ${role}</p>
|
||||
<p><strong>Permissions</strong></p>
|
||||
<p>${permission}</p>
|
||||
<a href="/admin">Admin only</a>
|
||||
<#if adminContent??>
|
||||
${adminContent}
|
||||
</#if>
|
||||
<br>
|
||||
<form role="form" action="/logout" method="POST">
|
||||
<input type="Submit" value="Logout" />
|
||||
</form>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,10 @@
|
|||
<html>
|
||||
<head>
|
||||
<title>Index</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Welcome Guest!</h1>
|
||||
<br>
|
||||
<a href="/login">Login</a>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,25 @@
|
|||
<html>
|
||||
<head>
|
||||
<title>Login</title>
|
||||
</head>
|
||||
<body style="margin-left: 30px;">
|
||||
<h3>Login</h3>
|
||||
<br>
|
||||
<form action="/login" method="post">
|
||||
<#if (error?length > 0)??>
|
||||
<p style="color:darkred;">${error}</p>
|
||||
<#else>
|
||||
</#if>
|
||||
|
||||
<label for="username">Username</label>
|
||||
<br>
|
||||
<input type="text" name="username">
|
||||
<br><br>
|
||||
<label for="password">Password</label>
|
||||
<br>
|
||||
<input type="password" name="password">
|
||||
<br><br>
|
||||
<input type="submit" value="Submit">
|
||||
</form>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,18 @@
|
|||
package com.baeldung.shiro;
|
||||
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.springframework.boot.test.context.SpringBootTest;
|
||||
import org.springframework.test.context.junit.jupiter.SpringExtension;
|
||||
|
||||
@ExtendWith(SpringExtension.class)
|
||||
@SpringBootTest(classes = { ShiroApplication.class })
|
||||
public class SpringContextTest {
|
||||
|
||||
@Test
|
||||
public void whenSpringContextIsBootstrapped_thenNoExceptions() {
|
||||
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,22 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<artifactId>java-security</artifactId>
|
||||
<version>1.0-SNAPSHOT</version>
|
||||
<name>java-security</name>
|
||||
<packaging>pom</packaging>
|
||||
|
||||
<parent>
|
||||
<groupId>com.baeldung</groupId>
|
||||
<artifactId>parent-boot-2</artifactId>
|
||||
<version>0.0.1-SNAPSHOT</version>
|
||||
<relativePath>../parent-boot-2</relativePath>
|
||||
</parent>
|
||||
|
||||
<modules>
|
||||
<module>apache-shiro</module>
|
||||
<module>spring-security</module>
|
||||
</modules>
|
||||
|
||||
</project>
|
|
@ -0,0 +1,4 @@
|
|||
|
||||
/.idea/
|
||||
/target/
|
||||
/apache-shiro.iml
|
|
@ -0,0 +1,31 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<artifactId>spring-security</artifactId>
|
||||
<name>spring-security</name>
|
||||
|
||||
<parent>
|
||||
<groupId>com.baeldung</groupId>
|
||||
<artifactId>java-security</artifactId>
|
||||
<version>1.0-SNAPSHOT</version>
|
||||
</parent>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-web</artifactId>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-freemarker</artifactId>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-security</artifactId>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
</project>
|
|
@ -0,0 +1,12 @@
|
|||
package com.baeldung.springsecurity;
|
||||
|
||||
import org.springframework.boot.SpringApplication;
|
||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||
|
||||
@SpringBootApplication
|
||||
public class Application {
|
||||
|
||||
public static void main(String[] args) {
|
||||
SpringApplication.run(Application.class, args);
|
||||
}
|
||||
}
|
|
@ -0,0 +1,45 @@
|
|||
package com.baeldung.springsecurity.config;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
|
||||
@EnableWebSecurity
|
||||
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests(authorize -> authorize.antMatchers("/index", "/login")
|
||||
.permitAll()
|
||||
.antMatchers("/home", "/logout")
|
||||
.authenticated()
|
||||
.antMatchers("/admin/**")
|
||||
.hasRole("ADMIN"))
|
||||
.formLogin(formLogin -> formLogin.loginPage("/login")
|
||||
.failureUrl("/login-error"));
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
||||
auth.inMemoryAuthentication()
|
||||
.withUser("Jerry")
|
||||
.password(passwordEncoder().encode("password"))
|
||||
.authorities("READ", "WRITE")
|
||||
.roles("ADMIN")
|
||||
.and()
|
||||
.withUser("Tom")
|
||||
.password(passwordEncoder().encode("password"))
|
||||
.authorities("READ")
|
||||
.roles("USER");
|
||||
}
|
||||
|
||||
@Bean
|
||||
public PasswordEncoder passwordEncoder() {
|
||||
return new BCryptPasswordEncoder();
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,79 @@
|
|||
package com.baeldung.springsecurity.web;
|
||||
|
||||
import java.util.Collection;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
import org.springframework.security.authentication.AnonymousAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.ui.Model;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.PostMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
|
||||
@Controller
|
||||
public class SpringController {
|
||||
|
||||
@GetMapping("/")
|
||||
public String index() {
|
||||
return "index";
|
||||
}
|
||||
|
||||
@GetMapping("/login")
|
||||
public String showLoginPage() {
|
||||
return "login";
|
||||
}
|
||||
|
||||
@RequestMapping("/login-error")
|
||||
public String loginError(Model model) {
|
||||
model.addAttribute("error", "Invalid Credentials");
|
||||
return "login";
|
||||
}
|
||||
|
||||
@PostMapping("/login")
|
||||
public String doLogin(HttpServletRequest req) {
|
||||
return "redirect:/home";
|
||||
}
|
||||
|
||||
@GetMapping("/home")
|
||||
public String showHomePage(HttpServletRequest req, Model model) {
|
||||
addUserAttributes(model);
|
||||
return "home";
|
||||
}
|
||||
|
||||
@GetMapping("/admin")
|
||||
public String adminOnly(HttpServletRequest req, Model model) {
|
||||
addUserAttributes(model);
|
||||
model.addAttribute("adminContent", "only admin can view this");
|
||||
return "home";
|
||||
}
|
||||
|
||||
private void addUserAttributes(Model model) {
|
||||
Authentication auth = SecurityContextHolder.getContext()
|
||||
.getAuthentication();
|
||||
if (auth != null && !auth.getClass()
|
||||
.equals(AnonymousAuthenticationToken.class)) {
|
||||
User user = (User) auth.getPrincipal();
|
||||
model.addAttribute("username", user.getUsername());
|
||||
|
||||
Collection<GrantedAuthority> authorities = user.getAuthorities();
|
||||
|
||||
for (GrantedAuthority authority : authorities) {
|
||||
if (authority.getAuthority()
|
||||
.contains("USER")) {
|
||||
model.addAttribute("role", "USER");
|
||||
model.addAttribute("permissions", "READ");
|
||||
} else if (authority.getAuthority()
|
||||
.contains("ADMIN")) {
|
||||
model.addAttribute("role", "ADMIN");
|
||||
model.addAttribute("permissions", "READ WRITE");
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,12 @@
|
|||
server:
|
||||
port: 8080
|
||||
|
||||
logging:
|
||||
level:
|
||||
root: WARN
|
||||
org.springframework.web: INFO
|
||||
org.springframework.security: INFO
|
||||
|
||||
spring:
|
||||
freemarker:
|
||||
suffix: .ftl
|
|
@ -0,0 +1,20 @@
|
|||
<html>
|
||||
<head>
|
||||
<title>Home Page</title>
|
||||
</head>
|
||||
<body style="margin-left: 30px;">
|
||||
<h1>Welcome ${username}!</h1>
|
||||
<p><strong>Role</strong>: ${role}</p>
|
||||
<p><strong>Permissions</strong></p>
|
||||
<p>${permissions}</p>
|
||||
<a href="/admin">Admin only</a>
|
||||
<#if adminContent??>
|
||||
${adminContent}
|
||||
</#if>
|
||||
<br>
|
||||
<form role="form" action="/logout" method="POST">
|
||||
<input type="Submit" value="Logout" />
|
||||
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
|
||||
</form>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,10 @@
|
|||
<html>
|
||||
<head>
|
||||
<title>Index</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Welcome Guest!</h1>
|
||||
<br>
|
||||
Go to the <a href="/home">secured page
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,26 @@
|
|||
<html>
|
||||
<head>
|
||||
<title>Login</title>
|
||||
</head>
|
||||
<body style="margin-left: 30px;">
|
||||
<h3>Login</h3>
|
||||
<br>
|
||||
<form action="/login" method="post">
|
||||
<#if (error?length > 0)??>
|
||||
<p style="color:darkred;">${error}</p>
|
||||
<#else>
|
||||
</#if>
|
||||
|
||||
<label for="username">Username</label>
|
||||
<br>
|
||||
<input type="text" name="username">
|
||||
<br><br>
|
||||
<label for="password">Password</label>
|
||||
<br>
|
||||
<input type="password" name="password">
|
||||
<br><br>
|
||||
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
|
||||
<input type="submit" value="Submit">
|
||||
</form>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,17 @@
|
|||
package com.baeldung.springsecurity;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.springframework.boot.test.context.SpringBootTest;
|
||||
import org.springframework.test.context.junit.jupiter.SpringExtension;
|
||||
|
||||
@ExtendWith(SpringExtension.class)
|
||||
@SpringBootTest(classes = { Application.class })
|
||||
public class SpringContextTest {
|
||||
|
||||
@Test
|
||||
public void whenSpringContextIsBootstrapped_thenNoExceptions() {
|
||||
|
||||
}
|
||||
|
||||
}
|
Loading…
Reference in New Issue