First version of secured demo-server, keystore Makefile included.

spring-security-x509/keystore/Makefile

@@ -0,0 +1,76 @@
+PASSWORD=changeit
+KEYSTORE=keystore.jks
+HOSTNAME=localhost
+# CN = Common Name
+# OU = Organization Unit
+# O  = Organization Name
+# L  = Locality Name
+# ST = State Name
+# C  = Country (2-letter Country Code)
+# E  = Email
+DNAME_CA='CN=Baeldung CA,OU=baeldung.com,O=Baeldung,L=SomeCity,ST=SomeState,C=CC'
+# For server certificates, the Common Name (CN) must be the hostname
+DNAME_HOST='CN=$(HOSTNAME),OU=baeldung.com,O=Baeldung,L=SomeCity,ST=SomeState,C=CC'
+TRUSTSTORE=truststore.jks
+CLIENTNAME=cid
+
+all:	clean create-keystore add-host create-truststore add-client
+
+create-keystore:
+	# Generate a certificate authority (CA)
+	keytool -genkey -alias ca \
+	    -keyalg RSA -keysize 4096 -sigalg SHA512withRSA -keypass $(PASSWORD) \
+	    -validity 3650 -dname $(DNAME_CA) \
+	    -keystore $(KEYSTORE) -storepass $(PASSWORD)
+
+add-host:
+	# Generate a host certificate
+	keytool -genkey -alias $(HOSTNAME) \
+	    -keyalg RSA -keysize 4096 -sigalg SHA512withRSA -keypass $(PASSWORD) \
+	    -validity 3650 -dname $(DNAME_HOST) \
+	    -keystore $(KEYSTORE) -storepass $(PASSWORD)
+	# Generate a host certificate signing request
+	keytool -certreq -alias $(HOSTNAME) \
+	    -keyalg RSA -keysize 4096 -sigalg SHA512withRSA \
+	    -validity 3650 -file "$(HOSTNAME).csr" \
+	    -keystore $(KEYSTORE) -storepass $(PASSWORD)
+	# Generate signed certificate with the certificate authority
+	keytool -gencert -alias ca \
+	    -validity 3650 -sigalg SHA512withRSA \
+	    -infile "$(HOSTNAME).csr" -outfile "$(HOSTNAME).crt" -rfc \
+	    -keystore $(KEYSTORE) -storepass $(PASSWORD)
+	# Import signed certificate into the keystore
+	keytool -import -trustcacerts -alias $(HOSTNAME) \
+	    -file "$(HOSTNAME).crt" \
+	    -keystore $(KEYSTORE) -storepass $(PASSWORD)
+
+create-truststore:
+	# Export certificate authority into truststore
+	keytool -export -alias ca -file ca.crt \
+	    -keystore $(KEYSTORE) -storepass $(PASSWORD)
+	keytool -import -trustcacerts -noprompt -alias ca -file ca.crt \
+	    -keystore $(TRUSTSTORE) -storepass $(PASSWORD)
+
+add-client:
+	# Generate client certificate
+	keytool -genkey -alias $(CLIENTNAME) \
+	    -keyalg RSA -keysize 4096 -sigalg SHA512withRSA -keypass $(PASSWORD) \
+	    -validity 3650 -dname $(DNAME_HOST) \
+	    -keystore $(TRUSTSTORE) -storepass $(PASSWORD)
+	# Generate a host certificate signing request
+	keytool -certreq -alias $(CLIENTNAME) \
+	    -keyalg RSA -keysize 4096 -sigalg SHA512withRSA \
+	    -validity 3650 -file "$(CLIENTNAME).csr" \
+	    -keystore $(TRUSTSTORE) -storepass $(PASSWORD)
+	# Generate signed certificate with the certificate authority
+	keytool -gencert -alias ca \
+	    -validity 3650 -sigalg SHA512withRSA \
+	    -infile "$(CLIENTNAME).csr" -outfile "$(CLIENTNAME).crt" -rfc \
+	    -keystore $(KEYSTORE) -storepass $(PASSWORD)
+	# Import signed certificate into the truststore
+	keytool -import -trustcacerts -alias $(CLIENTNAME) \
+	    -file "$(CLIENTNAME).crt" \
+	    -keystore $(TRUSTSTORE) -storepass $(PASSWORD)
+
+clean:
+	rm -f $(KEYSTORE) *.csr *.crt $(TRUSTSTORE)

spring-security-x509/server/pom.xml

@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>com.baeldung.spring.security</groupId>
+    <artifactId>server</artifactId>
+    <version>0.0.1-SNAPSHOT</version>
+    <packaging>jar</packaging>
+
+    <name>server</name>
+    <description>Spring x.509 Authentication Demo</description>
+
+    <parent>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-starter-parent</artifactId>
+        <version>1.4.0.RELEASE</version>
+        <relativePath/> <!-- lookup parent from repository -->
+    </parent>
+
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
+        <java.version>1.8</java.version>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-thymeleaf</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-test</artifactId>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+            </plugin>
+        </plugins>
+    </build>
+
+
+</project>

spring-security-x509/server/src/main/java/com/baeldung/spring/security/x509/UserResource.java

@@ -0,0 +1,20 @@
+package com.baeldung.spring.security.x509;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+import java.security.Principal;
+
+@Controller
+public class UserResource {
+
+    @RequestMapping(value = "/user")
+    public String user(Model model, Principal principal) {
+        UserDetails currentUser = (UserDetails) ((Authentication) principal).getPrincipal();
+        model.addAttribute("username", currentUser.getUsername());
+        return "user";
+    }
+}

spring-security-x509/server/src/main/java/com/baeldung/spring/security/x509/X509AuthenticationServer.java

@@ -0,0 +1,12 @@
+package com.baeldung.spring.security.x509;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class X509AuthenticationServer {
+
+    public static void main(String[] args) {
+        SpringApplication.run(X509AuthenticationServer.class, args);
+    }
+}

spring-security-x509/server/src/main/resources/application.properties

@@ -0,0 +1,8 @@
+server.ssl.key-store=../keystore/keystore.jks
+server.ssl.key-store-password=${PASSWORD}
+server.ssl.key-alias=localhost
+server.ssl.key-password=${PASSWORD}
+server.ssl.enabled=true
+server.port=8443
+security.user.name=Admin
+security.user.password=admin

spring-security-x509/server/src/main/resources/templates/user.html

@@ -0,0 +1,9 @@
+<!DOCTYPE html>
+<html xmlns:th="http://www.thymeleaf.org">
+<head>
+    <title>X.509 Authentication Demo</title>
+</head>
+<body>
+<h2>Hello <span th:text="${username}"/>!</h2>
+</body>
+</html>

spring-security-x509/server/src/test/java/com/baeldung/spring/security/x509/X509AuthenticationServerTests.java

@@ -0,0 +1,16 @@
+package com.baeldung.spring.security.x509;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.junit4.SpringRunner;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest
+public class X509AuthenticationServerTests {
+
+    @Test
+    public void contextLoads() {
+    }
+
+}