BAEL-797 Adding login form and security changes to support login

spring-cloud/spring-cloud-bootstrap/gateway/src/main/angular/ui/src/app/app.component.html

@@ -6,10 +6,10 @@
   <div class="collapse navbar-collapse" id="navbarCollapse">
     <ul class="navbar-nav mr-auto">
     </ul>
-    <form class="form-inline mt-2 mt-md-0">
+    <form (ngSubmit)="onLogin(f)" class="form-inline mt-2 mt-md-0" #f="ngForm">
-      <input class="form-control mr-sm-2" type="text" placeholder="Username">
+      <input name="username" [(ngModel)]="credentials.username" required class="form-control mr-sm-2" type="text" placeholder="Username">
-      <input class="form-control mr-sm-2" type="password" placeholder="Password">
+      <input name="password" [(ngModel)]="credentials.password" required class="form-control mr-sm-2" type="password" placeholder="Password">
-      <button class="btn btn-outline-success my-2 my-sm-0" type="submit">Login</button>
+      <button class="btn btn-outline-success my-2 my-sm-0" type="submit" [disabled]="!f.valid">Login</button>
     </form>
   </div>
 </nav>

spring-cloud/spring-cloud-bootstrap/gateway/src/main/angular/ui/src/app/app.component.ts

@@ -1,4 +1,5 @@
 import {Component} from "@angular/core";
+import {NgForm} from "@angular/forms";
 
 @Component({
   selector: 'app-root',
@@ -6,5 +7,12 @@ import {Component} from "@angular/core";
   styleUrls: ['./app.component.css']
 })
 export class AppComponent {
-  title = 'app works!';
+  credentials = {
+    username: '',
+    password: ''
+  };
+
+  onLogin(form: NgForm) {
+    console.log(form);
+  }
 }

spring-cloud/spring-cloud-bootstrap/gateway/src/main/java/com/baeldung/spring/cloud/bootstrap/gateway/SecurityConfig.java

@@ -1,11 +1,15 @@
 package com.baeldung.spring.cloud.bootstrap.gateway;
 
+import com.baeldung.spring.cloud.bootstrap.gateway.filter.CsrfHeaderFilter;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.csrf.CsrfFilter;
+import org.springframework.security.web.csrf.CsrfTokenRepository;
+import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
 
 @EnableWebSecurity
 @Configuration
@@ -21,19 +25,26 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
     @Override
     protected void configure(HttpSecurity http) throws Exception {
-        http.authorizeRequests()
+        http
+            .httpBasic()
+            .and()
+        .authorizeRequests()
             .antMatchers("/*").permitAll()
             .antMatchers("/book-service/books").permitAll()
             .antMatchers("/zipkin/**").permitAll()
             .antMatchers("/eureka/**").hasRole("ADMIN")
             .anyRequest().authenticated()
             .and()
-        .formLogin()
-            .and()
         .logout().permitAll()
-            .logoutSuccessUrl("/book-service/books").permitAll()
+            .logoutSuccessUrl("/").permitAll()
             .and()
-        .csrf()
+        .addFilterAfter(new CsrfHeaderFilter(), CsrfFilter.class)
-            .disable();
+        .csrf().csrfTokenRepository(csrfTokenRepository());
+    }
+
+    private CsrfTokenRepository csrfTokenRepository() {
+        HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
+        repository.setHeaderName("X-XSRF-TOKEN");
+        return repository;
     }
 }

spring-cloud/spring-cloud-bootstrap/gateway/src/main/java/com/baeldung/spring/cloud/bootstrap/gateway/filter/CsrfHeaderFilter.java

@@ -0,0 +1,29 @@
+package com.baeldung.spring.cloud.bootstrap.gateway.filter;
+
+import org.springframework.security.web.csrf.CsrfToken;
+import org.springframework.web.filter.OncePerRequestFilter;
+import org.springframework.web.util.WebUtils;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+public class CsrfHeaderFilter extends OncePerRequestFilter {
+    @Override
+    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
+        CsrfToken csrfToken = (CsrfToken) httpServletRequest.getAttribute(CsrfToken.class.getName());
+        if (csrfToken != null) {
+            Cookie cookie = WebUtils.getCookie(httpServletRequest, "XSRF-TOKEN");
+            String token = csrfToken.getToken();
+            if (cookie == null || token != null && !token.equals(cookie.getValue())) {
+                cookie = new Cookie("XSRF-TOKEN", token);
+                cookie.setPath("/");
+                httpServletResponse.addCookie(cookie);
+            }
+        }
+        filterChain.doFilter(httpServletRequest, httpServletResponse);
+    }
+}