BAEL-797 Adding login form and security changes to support login

2017-04-16 11:24:50 -06:00 · 2017-04-16 11:24:50 -06:00 · b4ddc23ebf
parent 25e7a7a9a3
commit b4ddc23ebf
4 changed files with 59 additions and 11 deletions
--- a/spring-cloud/spring-cloud-bootstrap/gateway/src/main/angular/ui/src/app/app.component.html
+++ b/spring-cloud/spring-cloud-bootstrap/gateway/src/main/angular/ui/src/app/app.component.html
@ -6,10 +6,10 @@
  <div class="collapse navbar-collapse" id="navbarCollapse">
    <ul class="navbar-nav mr-auto">
    </ul>
-    <form class="form-inline mt-2 mt-md-0">
-      <input class="form-control mr-sm-2" type="text" placeholder="Username">
-      <input class="form-control mr-sm-2" type="password" placeholder="Password">
-      <button class="btn btn-outline-success my-2 my-sm-0" type="submit">Login</button>
+    <form (ngSubmit)="onLogin(f)" class="form-inline mt-2 mt-md-0" #f="ngForm">
+      <input name="username" [(ngModel)]="credentials.username" required class="form-control mr-sm-2" type="text" placeholder="Username">
+      <input name="password" [(ngModel)]="credentials.password" required class="form-control mr-sm-2" type="password" placeholder="Password">
+      <button class="btn btn-outline-success my-2 my-sm-0" type="submit" [disabled]="!f.valid">Login</button>
    </form>
  </div>
 </nav>
--- a/spring-cloud/spring-cloud-bootstrap/gateway/src/main/angular/ui/src/app/app.component.ts
+++ b/spring-cloud/spring-cloud-bootstrap/gateway/src/main/angular/ui/src/app/app.component.ts
@ -1,4 +1,5 @@
 import {Component} from "@angular/core";
+import {NgForm} from "@angular/forms";

@Component({
  selector: 'app-root',
@ -6,5 +7,12 @@ import {Component} from "@angular/core";
  styleUrls: ['./app.component.css']
 })
 export class AppComponent {
-  title = 'app works!';
+  credentials = {
+    username: '',
+    password: ''
+  };
+
+  onLogin(form: NgForm) {
+    console.log(form);
+  }
 }
--- a/spring-cloud/spring-cloud-bootstrap/gateway/src/main/java/com/baeldung/spring/cloud/bootstrap/gateway/SecurityConfig.java
+++ b/spring-cloud/spring-cloud-bootstrap/gateway/src/main/java/com/baeldung/spring/cloud/bootstrap/gateway/SecurityConfig.java
@ -1,11 +1,15 @@
 package com.baeldung.spring.cloud.bootstrap.gateway;

+import com.baeldung.spring.cloud.bootstrap.gateway.filter.CsrfHeaderFilter;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.csrf.CsrfFilter;
+import org.springframework.security.web.csrf.CsrfTokenRepository;
+import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;

@EnableWebSecurity
@Configuration
@ -21,19 +25,26 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
-        http.authorizeRequests()
+        http
+            .httpBasic()
+            .and()
+        .authorizeRequests()
            .antMatchers("/*").permitAll()
            .antMatchers("/book-service/books").permitAll()
            .antMatchers("/zipkin/**").permitAll()
            .antMatchers("/eureka/**").hasRole("ADMIN")
            .anyRequest().authenticated()
            .and()
-        .formLogin()
-            .and()
        .logout().permitAll()
-            .logoutSuccessUrl("/book-service/books").permitAll()
+            .logoutSuccessUrl("/").permitAll()
            .and()
-        .csrf()
-            .disable();
+        .addFilterAfter(new CsrfHeaderFilter(), CsrfFilter.class)
+        .csrf().csrfTokenRepository(csrfTokenRepository());
+    }
+
+    private CsrfTokenRepository csrfTokenRepository() {
+        HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
+        repository.setHeaderName("X-XSRF-TOKEN");
+        return repository;
    }
 }
--- a/spring-cloud/spring-cloud-bootstrap/gateway/src/main/java/com/baeldung/spring/cloud/bootstrap/gateway/filter/CsrfHeaderFilter.java
+++ b/spring-cloud/spring-cloud-bootstrap/gateway/src/main/java/com/baeldung/spring/cloud/bootstrap/gateway/filter/CsrfHeaderFilter.java
@ -0,0 +1,29 @@
+package com.baeldung.spring.cloud.bootstrap.gateway.filter;
+
+import org.springframework.security.web.csrf.CsrfToken;
+import org.springframework.web.filter.OncePerRequestFilter;
+import org.springframework.web.util.WebUtils;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+public class CsrfHeaderFilter extends OncePerRequestFilter {
+    @Override
+    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
+        CsrfToken csrfToken = (CsrfToken) httpServletRequest.getAttribute(CsrfToken.class.getName());
+        if (csrfToken != null) {
+            Cookie cookie = WebUtils.getCookie(httpServletRequest, "XSRF-TOKEN");
+            String token = csrfToken.getToken();
+            if (cookie == null || token != null && !token.equals(cookie.getValue())) {
+                cookie = new Cookie("XSRF-TOKEN", token);
+                cookie.setPath("/");
+                httpServletResponse.addCookie(cookie);
+            }
+        }
+        filterChain.doFilter(httpServletRequest, httpServletResponse);
+    }
+}