iSharkFly-Docs/java-tutorials
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

JAVA-6 : new module spring-security-mvc-boot-2

Browse Source
This commit is contained in:
sampadawagde 2020-02-17 21:53:47 +05:30
parent aecfad9448
commit b9f2e17456
64 changed files with 1758 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
spring-security-modules/spring-security-mvc-boot-2/README.md Normal file
View File

@ -0,0 +1,13 @@
## Spring Boot Security MVC
This module contains articles about Spring Security with Spring MVC in Boot applications
### The Course
The "REST With Spring" Classes: http://github.learnspringsecurity.com
### Relevant Articles:
- [Multiple Entry Points in Spring Security](https://www.baeldung.com/spring-security-multiple-entry-points)
- [Multiple Authentication Providers in Spring Security](https://www.baeldung.com/spring-security-multiple-auth-providers)
- [Two Login Pages with Spring Security](https://www.baeldung.com/spring-security-two-login-pages)
- [HTTPS using Self-Signed Certificate in Spring Boot](https://www.baeldung.com/spring-boot-https-self-signed-certificate)
- [Spring Security: Exploring JDBC Authentication](https://www.baeldung.com/spring-security-jdbc-authentication)

3
spring-security-modules/spring-security-mvc-boot-2/WebContent/META-INF/MANIFEST.MF Normal file
View File

@ -0,0 +1,3 @@
Manifest-Version: 1.0
Class-Path:

246
spring-security-modules/spring-security-mvc-boot-2/pom.xml Normal file
View File

@ -0,0 +1,246 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<artifactId>spring-security-mvc-boot-2</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>spring-security-mvc-boot-2</name>
<packaging>war</packaging>
<description>Spring Security MVC Boot - 2</description>
<parent>
<groupId>com.baeldung</groupId>
<artifactId>parent-boot-2</artifactId>
<version>0.0.1-SNAPSHOT</version>
<relativePath>../../parent-boot-2</relativePath>
</parent>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity5</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-data</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
</dependency>
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.hamcrest</groupId>
<artifactId>hamcrest-core</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.hamcrest</groupId>
<artifactId>hamcrest-library</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>taglibs</groupId>
<artifactId>standard</artifactId>
<version>${taglibs-standard.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
</dependency>
<dependency>
<groupId>javax.servlet.jsp.jstl</groupId>
<artifactId>jstl-api</artifactId>
<version>${jstl.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context-support</artifactId>
</dependency>
<dependency>
<groupId>net.sf.ehcache</groupId>
<artifactId>ehcache-core</artifactId>
<version>${ehcache-core.version}</version>
<type>jar</type>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.codehaus.cargo</groupId>
<artifactId>cargo-maven2-plugin</artifactId>
<version>${cargo-maven2-plugin.version}</version>
<configuration>
<wait>true</wait>
<container>
<containerId>tomcat8x</containerId>
<type>embedded</type>
<systemProperties>
<!-- <provPersistenceTarget>cargo</provPersistenceTarget> -->
</systemProperties>
</container>
<configuration>
<properties>
<cargo.servlet.port>8082</cargo.servlet.port>
</properties>
</configuration>
</configuration>
</plugin>
</plugins>
</build>
<profiles>
<profile>
<id>live</id>
<build>
<plugins>
<plugin>
<groupId>org.codehaus.cargo</groupId>
<artifactId>cargo-maven2-plugin</artifactId>
<executions>
<execution>
<id>start-server</id>
<phase>pre-integration-test</phase>
<goals>
<goal>start</goal>
</goals>
</execution>
<execution>
<id>stop-server</id>
<phase>post-integration-test</phase>
<goals>
<goal>stop</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<executions>
<execution>
<phase>integration-test</phase>
<goals>
<goal>test</goal>
</goals>
<configuration>
<excludes>
<exclude>none</exclude>
</excludes>
<includes>
<include>**/*LiveTest.java</include>
</includes>
<systemPropertyVariables>
<webTarget>cargo</webTarget>
</systemPropertyVariables>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>entryPoints</id>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<executions>
<execution>
<phase>integration-test</phase>
<goals>
<goal>test</goal>
</goals>
<configuration>
<excludes>
<exclude>**/*LiveTest.java</exclude>
<exclude>**/*IntegrationTest.java</exclude>
<exclude>**/*IntTest.java</exclude>
</excludes>
<includes>
<include>**/*EntryPointsTest.java</include>
</includes>
</configuration>
</execution>
</executions>
<configuration>
<systemPropertyVariables>
<test.mime>json</test.mime>
</systemPropertyVariables>
</configuration>
</plugin>
</plugins>
</build>
</profile>
</profiles>
<properties>
<start-class>org.baeldung.custom.Application</start-class>
<!--If you want to run the example with the multiple logins, comment
the tag above and uncomment the one below -->
<!--<start-class>org.baeldung.multiplelogin.MultipleLoginApplication</start-class> -->
<!--If you want to run the example with the multiple http elements,
comment the tag above and uncomment the one below -->
<!--<start-class>org.baeldung.multipleentrypoints.MultipleEntryPointsApplication</start-class> -->
<!--If you want to run the example with the Https enabled endpoints,
comment the tag above and uncomment the one below -->
<!-- <start-class>org.baeldung.ssl.HttpsEnabledApplication</start-class> -->
<taglibs-standard.version>1.1.2</taglibs-standard.version>
<cargo-maven2-plugin.version>1.6.1</cargo-maven2-plugin.version>
<ehcache-core.version>2.6.11</ehcache-core.version>
</properties>
</project>

17
spring-security-modules/spring-security-mvc-boot-2/src/main/java/org/baeldung/jdbcauthentication/h2/H2JdbcAuthenticationApplication.java Normal file
View File

@ -0,0 +1,17 @@
package org.baeldung.jdbcauthentication.h2;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.PropertySource;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@SpringBootApplication
@EnableWebSecurity
@PropertySource("classpath:application-defaults.properties")
public class H2JdbcAuthenticationApplication {
public static void main(String[] args) {
SpringApplication.run(H2JdbcAuthenticationApplication.class, args);
}
}

51
spring-security-modules/spring-security-mvc-boot-2/src/main/java/org/baeldung/jdbcauthentication/h2/config/SecurityConfiguration.java Normal file
View File

@ -0,0 +1,51 @@
package org.baeldung.jdbcauthentication.h2.config;
import javax.sql.DataSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.authorizeRequests()
.antMatchers("/h2-console/**")
.permitAll()
.anyRequest()
.authenticated()
.and()
.formLogin()
.permitAll();
httpSecurity.csrf()
.ignoringAntMatchers("/h2-console/**");
httpSecurity.headers()
.frameOptions()
.sameOrigin();
}
@Autowired
private DataSource dataSource;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication()
.dataSource(dataSource)
.withDefaultSchema()
.withUser(User.withUsername("user")
.password(passwordEncoder().encode("pass"))
.roles("USER"));
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}

17
spring-security-modules/spring-security-mvc-boot-2/src/main/java/org/baeldung/jdbcauthentication/h2/web/UserController.java Normal file
View File

@ -0,0 +1,17 @@
package org.baeldung.jdbcauthentication.h2.web;
import java.security.Principal;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
@RequestMapping("/principal")
public class UserController {
@GetMapping
public Principal retrievePrincipal(Principal principal) {
return principal;
}
}

15
spring-security-modules/spring-security-mvc-boot-2/src/main/java/org/baeldung/jdbcauthentication/mysql/MySqlJdbcAuthenticationApplication.java Normal file
View File

@ -0,0 +1,15 @@
package org.baeldung.jdbcauthentication.mysql;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.PropertySource;
@SpringBootApplication
@PropertySource("classpath:application-mysql.properties")
public class MySqlJdbcAuthenticationApplication {
public static void main(String[] args) {
SpringApplication.run(MySqlJdbcAuthenticationApplication.class, args);
}
}

35
spring-security-modules/spring-security-mvc-boot-2/src/main/java/org/baeldung/jdbcauthentication/mysql/config/SecurityConfiguration.java Normal file
View File

@ -0,0 +1,35 @@
package org.baeldung.jdbcauthentication.mysql.config;
import javax.sql.DataSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
@Configuration
public class SecurityConfiguration {
@Autowired
private DataSource dataSource;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication()
.dataSource(dataSource)
.usersByUsernameQuery("select email,password,enabled "
+ "from bael_users "
+ "where email = ?")
.authoritiesByUsernameQuery("select email,authority "
+ "from authorities "
+ "where email = ?");
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}

17
spring-security-modules/spring-security-mvc-boot-2/src/main/java/org/baeldung/jdbcauthentication/mysql/web/UserController.java Normal file
View File

@ -0,0 +1,17 @@
package org.baeldung.jdbcauthentication.mysql.web;
import java.security.Principal;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
@RequestMapping("/principal")
public class UserController {
@GetMapping
public Principal retrievePrincipal(Principal principal) {
return principal;
}
}

15
spring-security-modules/spring-security-mvc-boot-2/src/main/java/org/baeldung/jdbcauthentication/postgre/PostgreJdbcAuthenticationApplication.java Normal file
View File

@ -0,0 +1,15 @@
package org.baeldung.jdbcauthentication.postgre;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.PropertySource;
@SpringBootApplication
@PropertySource("classpath:application-postgre.properties")
public class PostgreJdbcAuthenticationApplication {
public static void main(String[] args) {
SpringApplication.run(PostgreJdbcAuthenticationApplication.class, args);
}
}

29
spring-security-modules/spring-security-mvc-boot-2/src/main/java/org/baeldung/jdbcauthentication/postgre/config/SecurityConfiguration.java Normal file
View File

@ -0,0 +1,29 @@
package org.baeldung.jdbcauthentication.postgre.config;
import javax.sql.DataSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
@Configuration
public class SecurityConfiguration {
@Autowired
private DataSource dataSource;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication()
.dataSource(dataSource);
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}

17
spring-security-modules/spring-security-mvc-boot-2/src/main/java/org/baeldung/jdbcauthentication/postgre/web/UserController.java Normal file
View File

@ -0,0 +1,17 @@
package org.baeldung.jdbcauthentication.postgre.web;
import java.security.Principal;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
@RequestMapping("/principal")
public class UserController {
@GetMapping
public Principal retrievePrincipal(Principal principal) {
return principal;
}
}

31
spring-security-modules/spring-security-mvc-boot-2/src/main/java/org/baeldung/multipleauthproviders/CustomAuthenticationProvider.java Normal file
View File

@ -0,0 +1,31 @@
package org.baeldung.multipleauthproviders;
import java.util.Collections;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.stereotype.Component;
@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {
@Override
public Authentication authenticate(Authentication auth) throws AuthenticationException {
final String username = auth.getName();
final String password = auth.getCredentials()
.toString();
if ("externaluser".equals(username) && "pass".equals(password)) {
return new UsernamePasswordAuthenticationToken(username, password, Collections.emptyList());
} else {
throw new BadCredentialsException("External system authentication failed");
}
}
@Override
public boolean supports(Class<?> auth) {
return auth.equals(UsernamePasswordAuthenticationToken.class);
}
}

13
spring-security-modules/spring-security-mvc-boot-2/src/main/java/org/baeldung/multipleauthproviders/MultipleAuthController.java Normal file
View File

@ -0,0 +1,13 @@
package org.baeldung.multipleauthproviders;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class MultipleAuthController {
@GetMapping("/api/ping")
public String getPing() {
return "OK";
}
}

14
spring-security-modules/spring-security-mvc-boot-2/src/main/java/org/baeldung/multipleauthproviders/MultipleAuthProvidersApplication.java Normal file
View File

@ -0,0 +1,14 @@
package org.baeldung.multipleauthproviders;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.PropertySource;
@SpringBootApplication
@PropertySource("classpath:application-defaults.properties")
// @ImportResource({ "classpath*:spring-security-multiple-auth-providers.xml" })
public class MultipleAuthProvidersApplication {
public static void main(String[] args) {
SpringApplication.run(MultipleAuthProvidersApplication.class, args);
}
}

42
spring-security-modules/spring-security-mvc-boot-2/src/main/java/org/baeldung/multipleauthproviders/MultipleAuthProvidersSecurityConfig.java Normal file
View File

@ -0,0 +1,42 @@
package org.baeldung.multipleauthproviders;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
@EnableWebSecurity
public class MultipleAuthProvidersSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
CustomAuthenticationProvider customAuthProvider;
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(customAuthProvider);
auth.inMemoryAuthentication()
.withUser("memuser")
.password(passwordEncoder().encode("pass"))
.roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.httpBasic()
.and()
.authorizeRequests()
.antMatchers("/api/**")
.authenticated();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}

14
spring-security-modules/spring-security-mvc-boot-2/src/main/java/org/baeldung/multipleentrypoints/MultipleEntryPointsApplication.java Normal file
View File

@ -0,0 +1,14 @@
package org.baeldung.multipleentrypoints;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.PropertySource;
@SpringBootApplication
@PropertySource("classpath:application-defaults.properties")
// @ImportResource({"classpath*:spring-security-multiple-entry.xml"})
public class MultipleEntryPointsApplication {
public static void main(String[] args) {
SpringApplication.run(MultipleEntryPointsApplication.class, args);
}
}

99
spring-security-modules/spring-security-mvc-boot-2/src/main/java/org/baeldung/multipleentrypoints/MultipleEntryPointsSecurityConfig.java Normal file
View File

@ -0,0 +1,99 @@
package org.baeldung.multipleentrypoints;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
@Configuration
@EnableWebSecurity
public class MultipleEntryPointsSecurityConfig {
@Bean
public UserDetailsService userDetailsService() throws Exception {
InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
manager.createUser(User.withUsername("user").password(encoder().encode("userPass")).roles("USER").build());
manager.createUser(User.withUsername("admin").password(encoder().encode("adminPass")).roles("ADMIN").build());
return manager;
}
@Bean
public PasswordEncoder encoder() {
return new BCryptPasswordEncoder();
}
@Configuration
@Order(1)
public static class App1ConfigurationAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
//@formatter:off
http.antMatcher("/admin/**")
.authorizeRequests().anyRequest().hasRole("ADMIN")
.and().httpBasic().authenticationEntryPoint(authenticationEntryPoint())
.and().exceptionHandling().accessDeniedPage("/403");
//@formatter:on
}
@Bean
public AuthenticationEntryPoint authenticationEntryPoint(){
BasicAuthenticationEntryPoint entryPoint = new BasicAuthenticationEntryPoint();
entryPoint.setRealmName("admin realm");
return entryPoint;
}
}
@Configuration
@Order(2)
public static class App2ConfigurationAdapter extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
//@formatter:off
http.antMatcher("/user/**")
.authorizeRequests().anyRequest().hasRole("USER")
.and().formLogin().loginProcessingUrl("/user/login")
.failureUrl("/userLogin?error=loginError").defaultSuccessUrl("/user/myUserPage")
.and().logout().logoutUrl("/user/logout").logoutSuccessUrl("/multipleHttpLinks")
.deleteCookies("JSESSIONID")
.and().exceptionHandling()
.defaultAuthenticationEntryPointFor(loginUrlauthenticationEntryPointWithWarning(), new AntPathRequestMatcher("/user/private/**"))
.defaultAuthenticationEntryPointFor(loginUrlauthenticationEntryPoint(), new AntPathRequestMatcher("/user/general/**"))
.accessDeniedPage("/403")
.and().csrf().disable();
//@formatter:on
}
@Bean
public AuthenticationEntryPoint loginUrlauthenticationEntryPoint(){
return new LoginUrlAuthenticationEntryPoint("/userLogin");
}
@Bean
public AuthenticationEntryPoint loginUrlauthenticationEntryPointWithWarning(){
return new LoginUrlAuthenticationEntryPoint("/userLoginWithWarning");
}
}
@Configuration
@Order(3)
public static class App3ConfigurationAdapter extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/guest/**").authorizeRequests().anyRequest().permitAll();
}
}
}

48
spring-security-modules/spring-security-mvc-boot-2/src/main/java/org/baeldung/multipleentrypoints/PagesController.java Normal file
View File

@ -0,0 +1,48 @@
package org.baeldung.multipleentrypoints;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
@Controller
public class PagesController {
@RequestMapping("/multipleHttpLinks")
public String getMultipleHttpLinksPage() {
return "multipleHttpElems/multipleHttpLinks";
}
@RequestMapping("/admin/myAdminPage")
public String getAdminPage() {
return "multipleHttpElems/myAdminPage";
}
@RequestMapping("/user/general/myUserPage")
public String getUserPage() {
return "multipleHttpElems/myUserPage";
}
@RequestMapping("/user/private/myPrivateUserPage")
public String getPrivateUserPage() {
return "multipleHttpElems/myPrivateUserPage";
}
@RequestMapping("/guest/myGuestPage")
public String getGuestPage() {
return "multipleHttpElems/myGuestPage";
}
@RequestMapping("/userLogin")
public String getUserLoginPage() {
return "multipleHttpElems/login";
}
@RequestMapping("/userLoginWithWarning")
public String getUserLoginPageWithWarning() {
return "multipleHttpElems/loginWithWarning";
}
@RequestMapping("/403")
public String getAccessDeniedPage() {
return "403";
}
}

15
spring-security-modules/spring-security-mvc-boot-2/src/main/java/org/baeldung/multiplelogin/MultipleLoginApplication.java Normal file
View File

@ -0,0 +1,15 @@
package org.baeldung.multiplelogin;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.PropertySource;
@SpringBootApplication
@PropertySource("classpath:application-defaults.properties")
@ComponentScan("org.baeldung.multiplelogin")
public class MultipleLoginApplication {
public static void main(String[] args) {
SpringApplication.run(MultipleLoginApplication.class, args);
}
}

44
spring-security-modules/spring-security-mvc-boot-2/src/main/java/org/baeldung/multiplelogin/MultipleLoginMvcConfig.java Normal file
View File

@ -0,0 +1,44 @@
package org.baeldung.multiplelogin;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.ViewResolver;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
import org.springframework.web.servlet.view.InternalResourceViewResolver;
import org.springframework.web.servlet.view.JstlView;
import org.springframework.context.annotation.ComponentScan;
@EnableWebMvc
@Configuration
@ComponentScan("org.baeldung.controller")
public class MultipleLoginMvcConfig implements WebMvcConfigurer {
public MultipleLoginMvcConfig() {
super();
}
// API
@Override
public void addViewControllers(final ViewControllerRegistry registry) {
registry.addViewController("/anonymous.html");
registry.addViewController("/login.html");
registry.addViewController("/homepage.html");
registry.addViewController("/console.html");
}
@Bean
public ViewResolver viewResolver() {
final InternalResourceViewResolver bean = new InternalResourceViewResolver();
bean.setViewClass(JstlView.class);
bean.setPrefix("/WEB-INF/view/");
bean.setSuffix(".jsp");
return bean;
}
}

78
spring-security-modules/spring-security-mvc-boot-2/src/main/java/org/baeldung/multiplelogin/MultipleLoginSecurityConfig.java Normal file
View File

@ -0,0 +1,78 @@
package org.baeldung.multiplelogin;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
@Configuration
@EnableWebSecurity
public class MultipleLoginSecurityConfig {
@Bean
public UserDetailsService userDetailsService() throws Exception {
InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
manager.createUser(User.withUsername("user").password(encoder().encode("userPass")).roles("USER").build());
manager.createUser(User.withUsername("admin").password(encoder().encode("adminPass")).roles("ADMIN").build());
return manager;
}
@Bean
public static PasswordEncoder encoder() {
return new BCryptPasswordEncoder();
}
@Configuration
@Order(1)
public static class App1ConfigurationAdapter extends WebSecurityConfigurerAdapter {
public App1ConfigurationAdapter() {
super();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("admin").password(encoder().encode("admin")).roles("ADMIN");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/admin*").authorizeRequests().anyRequest().hasRole("ADMIN")
// log in
.and().formLogin().loginPage("/loginAdmin").loginProcessingUrl("/admin_login").failureUrl("/loginAdmin?error=loginError").defaultSuccessUrl("/adminPage")
// logout
.and().logout().logoutUrl("/admin_logout").logoutSuccessUrl("/protectedLinks").deleteCookies("JSESSIONID").and().exceptionHandling().accessDeniedPage("/403").and().csrf().disable();
}
}
@Configuration
@Order(2)
public static class App2ConfigurationAdapter extends WebSecurityConfigurerAdapter {
public App2ConfigurationAdapter() {
super();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("user").password(encoder().encode("user")).roles("USER");
}
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/user*").authorizeRequests().anyRequest().hasRole("USER")
// log in
.and().formLogin().loginPage("/loginUser").loginProcessingUrl("/user_login").failureUrl("/loginUser?error=loginError").defaultSuccessUrl("/userPage")
// logout
.and().logout().logoutUrl("/user_logout").logoutSuccessUrl("/protectedLinks").deleteCookies("JSESSIONID").and().exceptionHandling().accessDeniedPage("/403").and().csrf().disable();
}
}
}

38
spring-security-modules/spring-security-mvc-boot-2/src/main/java/org/baeldung/multiplelogin/UsersController.java Normal file
View File

@ -0,0 +1,38 @@
package org.baeldung.multiplelogin;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
@Controller
public class UsersController {
@GetMapping("/protectedLinks")
public String getAnonymousPage() {
return "protectedLinks";
}
@GetMapping("/userPage")
public String getUserPage() {
return "userPage";
}
@GetMapping("/adminPage")
public String getAdminPage() {
return "adminPage";
}
@GetMapping("/loginAdmin")
public String getAdminLoginPage() {
return "loginAdmin";
}
@GetMapping("/loginUser")
public String getUserLoginPage() {
return "loginUser";
}
@GetMapping("/403")
public String getAccessDeniedPage() {
return "403";
}
}

16
spring-security-modules/spring-security-mvc-boot-2/src/main/java/org/baeldung/ssl/HttpsEnabledApplication.java Normal file
View File

@ -0,0 +1,16 @@
package org.baeldung.ssl;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.PropertySource;
@SpringBootApplication
@PropertySource("classpath:application-defaults.properties")
public class HttpsEnabledApplication {
public static void main(String... args) {
SpringApplication application = new SpringApplication(HttpsEnabledApplication.class);
application.setAdditionalProfiles("ssl");
application.run(args);
}
}

16
spring-security-modules/spring-security-mvc-boot-2/src/main/java/org/baeldung/ssl/SecurityConfig.java Normal file
View File

@ -0,0 +1,16 @@
package org.baeldung.ssl;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/**")
.permitAll();
}
}

15
spring-security-modules/spring-security-mvc-boot-2/src/main/java/org/baeldung/ssl/WelcomeController.java Normal file
View File

@ -0,0 +1,15 @@
package org.baeldung.ssl;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.ResponseBody;
@Controller
public class WelcomeController {
@GetMapping("/welcome")
public String welcome() {
return "ssl/welcome";
}
}

13
spring-security-modules/spring-security-mvc-boot-2/src/main/resources/application-defaults.properties Normal file
View File

@ -0,0 +1,13 @@
spring.datasource.driver-class-name=org.h2.Driver
spring.datasource.url=jdbc:h2:mem:security_permission;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE
spring.datasource.username=sa
spring.datasource.password=
spring.jpa.hibernate.ddl-auto=create-drop
spring.jpa.database=H2
spring.jpa.show-sql=false
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.H2Dialect
#logging.level.org.springframework.security.web.FilterChainProxy=DEBUG
spring.h2.console.enabled=true
spring.h2.console.path=/h2-console

9
spring-security-modules/spring-security-mvc-boot-2/src/main/resources/application-mysql.properties Normal file
View File

@ -0,0 +1,9 @@
spring.datasource.platform=mysql
spring.datasource.url=jdbc:mysql://localhost:3306/jdbc_authentication
spring.datasource.username=root
spring.datasource.password=pass
spring.datasource.initialization-mode=always
spring.jpa.hibernate.ddl-auto=none
spring.profiles.active=mysql

7
spring-security-modules/spring-security-mvc-boot-2/src/main/resources/application-postgre.properties Normal file
View File

@ -0,0 +1,7 @@
spring.datasource.platform=postgre
spring.datasource.url=jdbc:postgresql://localhost:5432/jdbc_authentication
spring.datasource.username=postgres
spring.datasource.password=pass
spring.datasource.initialization-mode=always
spring.jpa.hibernate.ddl-auto=none

20
spring-security-modules/spring-security-mvc-boot-2/src/main/resources/application-ssl.properties Normal file
View File

@ -0,0 +1,20 @@
http.port=8080
server.port=8443
security.require-ssl=true
# The format used for the keystore
server.ssl.key-store-type=PKCS12
# The path to the keystore containing the certificate
server.ssl.key-store=classpath:keystore/baeldung.p12
# The password used to generate the certificate
server.ssl.key-store-password=password
# The alias mapped to the certificate
server.ssl.key-alias=baeldung
#trust store location
trust.store=classpath:keystore/baeldung.p12
#trust store password
trust.store.password=password

1
spring-security-modules/spring-security-mvc-boot-2/src/main/resources/application.properties Normal file
View File

@ -0,0 +1 @@
server.port=8082

4
spring-security-modules/spring-security-mvc-boot-2/src/main/resources/data-mysql.sql Normal file
View File

@ -0,0 +1,4 @@
-- User user@email.com/pass
INSERT INTO bael_users (name, email, password, enabled) values ('user', 'user@email.com', '$2a$10$8.UnVuG9HHgffUDAlk8qfOuVGkqRzgVymGe07xd00DMxs.AQubh4a', 1);
INSERT INTO authorities (email, authority) values ('user@email.com', 'ROLE_USER');

4
spring-security-modules/spring-security-mvc-boot-2/src/main/resources/data-postgre.sql Normal file
View File

@ -0,0 +1,4 @@
-- User user/pass
INSERT INTO users (username, password, enabled) values ('user', '$2a$10$8.UnVuG9HHgffUDAlk8qfOuVGkqRzgVymGe07xd00DMxs.AQubh4a', true);
INSERT INTO authorities (username, authority) values ('user', 'ROLE_USER');

BIN
spring-security-modules/spring-security-mvc-boot-2/src/main/resources/keystore/baeldung.p12 Normal file
View File

Binary file not shown.

13
spring-security-modules/spring-security-mvc-boot-2/src/main/resources/logback.xml Normal file
View File

@ -0,0 +1,13 @@
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n
</pattern>
</encoder>
</appender>
<root level="INFO">
<appender-ref ref="STDOUT" />
</root>
</configuration>

8
spring-security-modules/spring-security-mvc-boot-2/src/main/resources/persistence-h2.properties Normal file
View File

@ -0,0 +1,8 @@
driverClassName=org.h2.Driver
url=jdbc:h2:mem:myDb;DB_CLOSE_DELAY=-1
username=sa
password=
hibernate.dialect=org.hibernate.dialect.H2Dialect
hibernate.show_sql=false
hibernate.hbm2ddl.auto=create-drop

18
spring-security-modules/spring-security-mvc-boot-2/src/main/resources/schema-mysql.sql Normal file
View File

@ -0,0 +1,18 @@
DROP TABLE IF EXISTS authorities;
DROP TABLE IF EXISTS bael_users;
CREATE TABLE bael_users (
name VARCHAR(50) NOT NULL,
email VARCHAR(50) NOT NULL,
password VARCHAR(100) NOT NULL,
enabled TINYINT NOT NULL DEFAULT 1,
PRIMARY KEY (email)
);
CREATE TABLE authorities (
email VARCHAR(50) NOT NULL,
authority VARCHAR(50) NOT NULL,
FOREIGN KEY (email) REFERENCES bael_users(email)
);
CREATE UNIQUE INDEX ix_auth_email on authorities (email,authority);

16
spring-security-modules/spring-security-mvc-boot-2/src/main/resources/schema-postgre.sql Normal file
View File

@ -0,0 +1,16 @@
DROP TABLE IF EXISTS authorities;
DROP TABLE IF EXISTS users;
CREATE TABLE users (
username varchar(50) NOT NULL PRIMARY KEY,
password varchar(100) NOT NULL,
enabled boolean not null DEFAULT true
);
CREATE TABLE authorities (
username varchar(50) NOT NULL,
authority varchar(50) NOT NULL,
CONSTRAINT foreign_authorities_users_1 foreign key(username) references users(username)
);
CREATE UNIQUE INDEX ix_auth_username on authorities (username,authority);

24
spring-security-modules/spring-security-mvc-boot-2/src/main/resources/spring-security-multiple-auth-providers.xml Normal file
View File

@ -0,0 +1,24 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="memuser" password="pass"
authorities="ROLE_USER" />
</security:user-service>
</security:authentication-provider>
<security:authentication-provider
ref="customAuthenticationProvider" />
</security:authentication-manager>
<security:http>
<security:http-basic />
<security:intercept-url pattern="/api/**"
access="isAuthenticated()" />
</security:http>
</beans>

65
spring-security-modules/spring-security-mvc-boot-2/src/main/resources/spring-security-multiple-entry.xml Normal file
View File

@ -0,0 +1,65 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="user" password="userPass" authorities="ROLE_USER"/>
<security:user name="admin" password="adminPass" authorities="ROLE_ADMIN"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
<security:http pattern="/user/general/**" use-expressions="true" auto-config="true"
entry-point-ref="loginUrlAuthenticationEntryPoint">
<security:intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
<security:form-login login-processing-url="/user/general/login"
authentication-failure-url="/userLogin?error=loginError"
default-target-url="/user/myUserPage"/>
<security:csrf disabled="true"/>
<security:access-denied-handler error-page="/403"/>
<security:logout logout-url="/user/logout" delete-cookies="JSESSIONID" logout-success-url="/multipleHttpLinks"/>
</security:http>
<bean id="loginUrlAuthenticationEntryPoint"
class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<constructor-arg name="loginFormUrl" value="/userLogin" />
</bean>
<security:http pattern="/user/private/**" use-expressions="true" auto-config="true"
entry-point-ref="loginUrlAuthenticationEntryPointWithWarning">
<security:intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>
<security:form-login login-processing-url="/user/private/login"
authentication-failure-url="/userLogin?error=loginError"
default-target-url="/user/myUserPage" />
<security:csrf disabled="true"/>
<security:access-denied-handler error-page="/403"/>
<security:logout logout-url="/user/logout" delete-cookies="JSESSIONID" logout-success-url="/multipleHttpLinks"/>
</security:http>
<bean id="loginUrlAuthenticationEntryPointWithWarning"
class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<constructor-arg name="loginFormUrl" value="/userLoginWithWarning" />
</bean>
<security:http pattern="/admin/**" use-expressions="true" auto-config="true">
<security:intercept-url pattern="/**" access="hasRole('ROLE_ADMIN')"/>
<security:http-basic entry-point-ref="authenticationEntryPoint" />
<security:access-denied-handler error-page="/403"/>
</security:http>
<bean id="authenticationEntryPoint"
class="org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint">
<property name="realmName" value="admin realm" />
</bean>
<security:http pattern="/**" use-expressions="true" auto-config="true">
<security:intercept-url pattern="/guest/**" access="permitAll()"/>
</security:http>
</beans>

10
spring-security-modules/spring-security-mvc-boot-2/src/main/resources/templates/403.html Normal file
View File

@ -0,0 +1,10 @@
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title></title>
</head>
<body>
You do not have permission to view this page.
</body>
</html>

13
spring-security-modules/spring-security-mvc-boot-2/src/main/resources/templates/adminPage.html Normal file
View File

@ -0,0 +1,13 @@
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Insert title here</title>
</head>
<body>
Welcome admin! <a th:href="@{/admin_logout}" >Logout</a>
<br /><br />
<a th:href="@{/protectedLinks}" >Back to links</a>
</body>
</html>

21
spring-security-modules/spring-security-mvc-boot-2/src/main/resources/templates/index.html Normal file
View File

@ -0,0 +1,21 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Spring Security Thymeleaf</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.2/css/bootstrap.min.css"/>
</head>
<body>
<nav class="navbar navbar-default">
<div class="container-fluid">
<div class="navbar-header">
<a class="navbar-brand">Spring Security Thymeleaf</a>
</div>
</div>
</nav>
<div class="container">
Welcome
</div>
</body>
</html>

27
spring-security-modules/spring-security-mvc-boot-2/src/main/resources/templates/login.html Normal file
View File

@ -0,0 +1,27 @@
<html>
<head></head>
<body>
<h1>Login</h1>
<form name='f' action="login" method='POST'>
<table>
<tr>
<td>User:</td>
<td><input type="text" name="username"></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" /></td>
</tr>
<tr>
<td><input name="submit" type="submit" value="submit" /></td>
</tr>
</table>
</form>
</body>
</html>

31
spring-security-modules/spring-security-mvc-boot-2/src/main/resources/templates/loginAdmin.html Normal file
View File

@ -0,0 +1,31 @@
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Insert title here</title>
</head>
<body>
<p>Admin login page</p>
<form name="f" action="admin_login" method="POST">
<table>
<tr>
<td>User:</td>
<td><input type="text" name="username" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" /></td>
</tr>
<tr>
<td><input name="submit" type="submit" value="submit" /></td>
</tr>
</table>
</form>
<p th:if="${param.error}">Login failed!</p>
</body>
</html>

30
spring-security-modules/spring-security-mvc-boot-2/src/main/resources/templates/loginUser.html Normal file
View File

@ -0,0 +1,30 @@
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Login</title>
</head>
<body>
<p>User login page</p>
<form name="f" action="user_login" method="POST">
<table>
<tr>
<td>User:</td>
<td><input type="text" name="username" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" /></td>
</tr>
<tr>
<td><input name="submit" type="submit" value="submit" /></td>
</tr>
</table>
</form>
<p th:if="${param.error}">Login failed!</p>
</body>
</html>

27
spring-security-modules/spring-security-mvc-boot-2/src/main/resources/templates/multipleHttpElems/login.html Normal file
View File

@ -0,0 +1,27 @@
<html>
<head></head>
<body>
<h1>Login</h1>
<form name='f' action="user/login" method='POST'>
<table>
<tr>
<td>Username:</td>
<td><input type="text" name="username" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" /></td>
</tr>
<tr>
<td><input name="submit" type="submit" value="submit" /></td>
</tr>
</table>
</form>
</body>
</html>

28
spring-security-modules/spring-security-mvc-boot-2/src/main/resources/templates/multipleHttpElems/loginWithWarning.html Normal file
View File

@ -0,0 +1,28 @@
<html>
<head></head>
<body>
<h1>Login</h1>
<h3>Warning! You are about to access sensible data!</h3>
<form name='f' action="user/login" method='POST'>
<table>
<tr>
<td>Username:</td>
<td><input type="text" name="username" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" /></td>
</tr>
<tr>
<td><input name="submit" type="submit" value="submit" /></td>
</tr>
</table>
</form>
</body>
</html>

18
spring-security-modules/spring-security-mvc-boot-2/src/main/resources/templates/multipleHttpElems/multipleHttpLinks.html Normal file
View File

@ -0,0 +1,18 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="ISO-8859-1" />
<title>Multiple Http Elements Links</title>
</head>
<body>
<a th:href="@{/admin/myAdminPage}">Admin page</a>
<br />
<a th:href="@{/user/general/myUserPage}">User page</a>
<br />
<a th:href="@{/user/private/myPrivateUserPage}">Private user page</a>
<br />
<a th:href="@{/guest/myGuestPage}">Guest page</a>
</body>
</html>

13
spring-security-modules/spring-security-mvc-boot-2/src/main/resources/templates/multipleHttpElems/myAdminPage.html Normal file
View File

@ -0,0 +1,13 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="ISO-8859-1" />
<title>Admin Page</title>
</head>
<body>
Welcome admin!
<br /><br />
<a th:href="@{/multipleHttpLinks}" >Back to links</a>
</body>
</html>

13
spring-security-modules/spring-security-mvc-boot-2/src/main/resources/templates/multipleHttpElems/myGuestPage.html Normal file
View File

@ -0,0 +1,13 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="ISO-8859-1" />
<title>Guest Page</title>
</head>
<body>
Welcome guest!
<br /><br />
<a th:href="@{/multipleHttpLinks}" >Back to links</a>
</body>
</html>

13
spring-security-modules/spring-security-mvc-boot-2/src/main/resources/templates/multipleHttpElems/myPrivateUserPage.html Normal file
View File

@ -0,0 +1,13 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="ISO-8859-1" />
<title>Insert title here</title>
</head>
<body>
Welcome user to your private page! <a th:href="@{/user/logout}" >Logout</a>
<br /><br />
<a th:href="@{/multipleHttpLinks}" >Back to links</a>
</body>
</html>

13
spring-security-modules/spring-security-mvc-boot-2/src/main/resources/templates/multipleHttpElems/myUserPage.html Normal file
View File

@ -0,0 +1,13 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="ISO-8859-1" />
<title>User Page</title>
</head>
<body>
Welcome user! <a th:href="@{/user/logout}" >Logout</a>
<br /><br />
<a th:href="@{/multipleHttpLinks}" >Back to links</a>
</body>
</html>

10
spring-security-modules/spring-security-mvc-boot-2/src/main/resources/templates/private.html Normal file
View File

@ -0,0 +1,10 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org"
xmlns:sec="http://www.thymeleaf.org/extras/spring-security">
<head>
<title>Private</title>
</head>
<body>
<h1>Congrats!</h1>
</body>
</html>

13
spring-security-modules/spring-security-mvc-boot-2/src/main/resources/templates/protectedLinks.html Normal file
View File

@ -0,0 +1,13 @@
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Insert title here</title>
</head>
<body>
<a th:href="@{/userPage}">User page</a>
<br />
<a th:href="@{/adminPage}">Admin page</a>
</body>
</html>

1
spring-security-modules/spring-security-mvc-boot-2/src/main/resources/templates/ssl/welcome.html Normal file
View File

@ -0,0 +1 @@
<h1>Welcome to Secured Site</h1>

12
spring-security-modules/spring-security-mvc-boot-2/src/main/resources/templates/userPage.html Normal file
View File

@ -0,0 +1,12 @@
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Insert title here</title>
</head>
<body>
Welcome user! <a th:href="@{/user_logout}" >Logout</a>
<br /><br />
<a th:href="@{/protectedLinks}" >Back to links</a>
</body>
</html>

16
spring-security-modules/spring-security-mvc-boot-2/src/test/java/org/baeldung/jdbcauthentication/h2/SpringContextTest.java Normal file
View File

@ -0,0 +1,16 @@
package org.baeldung.jdbcauthentication.h2;
import org.baeldung.jdbcauthentication.h2.H2JdbcAuthenticationApplication;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.test.context.junit4.SpringRunner;
@RunWith(SpringRunner.class)
@SpringBootTest(classes = H2JdbcAuthenticationApplication.class)
public class SpringContextTest {
@Test
public void whenSpringContextIsBootstrapped_thenNoExceptions() {
}
}

35
spring-security-modules/spring-security-mvc-boot-2/src/test/java/org/baeldung/jdbcauthentication/h2/web/UserControllerLiveTest.java Normal file
View File

@ -0,0 +1,35 @@
package org.baeldung.jdbcauthentication.h2.web;
import static io.restassured.RestAssured.given;
import static org.hamcrest.CoreMatchers.is;
import org.junit.jupiter.api.Test;
import org.springframework.http.HttpStatus;
import io.restassured.authentication.FormAuthConfig;
import io.restassured.filter.session.SessionFilter;
/**
* This Live Test requires the H2JdbcAuthenticationApplication application to be up and running
*/
public class UserControllerLiveTest {
private static final String PRINCIPAL_SVC_URL = "http://localhost:8082/principal";
@Test
public void givenExisting_whenRequestPrincipal_thenRetrieveData() throws Exception {
SessionFilter filter = new SessionFilter();
given().auth()
.form("user", "pass", new FormAuthConfig("/login", "username", "password").withCsrfFieldName("_csrf"))
.and()
.filter(filter)
.when()
.get(PRINCIPAL_SVC_URL)
.then()
.statusCode(HttpStatus.OK.value())
.and()
.body("authorities[0].authority", is("ROLE_USER"))
.body("principal.username", is("user"))
.body("name", is("user"));
}
}

35
spring-security-modules/spring-security-mvc-boot-2/src/test/java/org/baeldung/jdbcauthentication/mysql/web/UserControllerLiveTest.java Normal file
View File

@ -0,0 +1,35 @@
package org.baeldung.jdbcauthentication.mysql.web;
import static io.restassured.RestAssured.given;
import static org.hamcrest.CoreMatchers.is;
import org.junit.jupiter.api.Test;
import org.springframework.http.HttpStatus;
/**
* This Live Test requires:
* * a MySql instance running, that allows a 'root' user with password 'pass', and with a database named jdbc_authentication
* (e.g. with the following command `docker run -p 3306:3306 --name bael-mysql -e MYSQL_ROOT_PASSWORD=pass -e MYSQL_DATABASE=jdbc_authentication mysql:latest`)
* * the service up and running
*
*/
public class UserControllerLiveTest {
private static final String PRINCIPAL_SVC_URL = "http://localhost:8082/principal";
@Test
public void givenExisting_whenRequestPrincipal_thenRetrieveData() throws Exception {
given().auth()
.preemptive()
.basic("user@email.com", "pass")
.when()
.get(PRINCIPAL_SVC_URL)
.then()
.statusCode(HttpStatus.OK.value())
.and()
.body("authorities[0].authority", is("ROLE_USER"))
.body("principal.username", is("user@email.com"))
.body("name", is("user@email.com"));
}
}

35
spring-security-modules/spring-security-mvc-boot-2/src/test/java/org/baeldung/jdbcauthentication/postgre/web/UserControllerLiveTest.java Normal file
View File

@ -0,0 +1,35 @@
package org.baeldung.jdbcauthentication.postgre.web;
import static io.restassured.RestAssured.given;
import static org.hamcrest.CoreMatchers.is;
import org.junit.jupiter.api.Test;
import org.springframework.http.HttpStatus;
/**
* This Live Test requires:
* * a PostgreSQL instance running, that allows a 'root' user with password 'pass', and with a database named jdbc_authentication
* (e.g. with the following command `docker run -p 5432:5432 --name bael-postgre -e POSTGRES_PASSWORD=pass -e POSTGRES_DB=jdbc_authentication postgres:latest`)
* * the service up and running
*
*/
public class UserControllerLiveTest {
private static final String PRINCIPAL_SVC_URL = "http://localhost:8082/principal";
@Test
public void givenExisting_whenRequestPrincipal_thenRetrieveData() throws Exception {
given().auth()
.preemptive()
.basic("user", "pass")
.when()
.get(PRINCIPAL_SVC_URL)
.then()
.statusCode(HttpStatus.OK.value())
.and()
.body("authorities[0].authority", is("ROLE_USER"))
.body("principal.username", is("user"))
.body("name", is("user"));
}
}

56
spring-security-modules/spring-security-mvc-boot-2/src/test/java/org/baeldung/web/HttpsApplicationIntegrationTest.java Normal file
View File

@ -0,0 +1,56 @@
package org.baeldung.web;
import org.apache.http.client.HttpClient;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContextBuilder;
import org.baeldung.ssl.HttpsEnabledApplication;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.core.io.Resource;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.test.context.ActiveProfiles;
import org.springframework.test.context.junit4.SpringRunner;
import org.springframework.web.client.RestTemplate;
import javax.net.ssl.SSLContext;
import java.util.Collections;
import static org.junit.Assert.assertEquals;
@RunWith(SpringRunner.class)
@SpringBootTest(classes = HttpsEnabledApplication.class, webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT)
@ActiveProfiles("ssl")
public class HttpsApplicationIntegrationTest {
private static final String WELCOME_URL = "https://localhost:8443/welcome";
@Value("${trust.store}")
private Resource trustStore;
@Value("${trust.store.password}")
private String trustStorePassword;
@Test
public void whenGETanHTTPSResource_thenCorrectResponse() throws Exception {
ResponseEntity<String> response = restTemplate().getForEntity(WELCOME_URL, String.class, Collections.emptyMap());
assertEquals("<h1>Welcome to Secured Site</h1>", response.getBody());
assertEquals(HttpStatus.OK, response.getStatusCode());
}
RestTemplate restTemplate() throws Exception {
SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(trustStore.getURL(), trustStorePassword.toCharArray())
.build();
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(sslContext);
HttpClient httpClient = HttpClients.custom()
.setSSLSocketFactory(socketFactory)
.build();
HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory(httpClient);
return new RestTemplate(factory);
}
}

61
spring-security-modules/spring-security-mvc-boot-2/src/test/java/org/baeldung/web/MultipleAuthProvidersApplicationIntegrationTest.java Normal file
View File

@ -0,0 +1,61 @@
package org.baeldung.web;
import static org.assertj.core.api.Assertions.assertThat;
import java.util.Collections;
import org.baeldung.multipleauthproviders.MultipleAuthProvidersApplication;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
import org.springframework.boot.test.web.client.TestRestTemplate;
import org.springframework.http.ResponseEntity;
import org.springframework.test.context.junit4.SpringRunner;
@RunWith(SpringRunner.class)
@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT, classes = MultipleAuthProvidersApplication.class)
public class MultipleAuthProvidersApplicationIntegrationTest {
@Autowired
private TestRestTemplate restTemplate;
@Test
public void givenMemUsers_whenGetPingWithValidUser_thenOk() {
ResponseEntity<String> result = makeRestCallToGetPing("memuser", "pass");
assertThat(result.getStatusCodeValue()).isEqualTo(200);
assertThat(result.getBody()).isEqualTo("OK");
}
@Test
public void givenExternalUsers_whenGetPingWithValidUser_thenOK() {
ResponseEntity<String> result = makeRestCallToGetPing("externaluser", "pass");
assertThat(result.getStatusCodeValue()).isEqualTo(200);
assertThat(result.getBody()).isEqualTo("OK");
}
@Test
public void givenAuthProviders_whenGetPingWithNoCred_then401() {
ResponseEntity<String> result = makeRestCallToGetPing();
assertThat(result.getStatusCodeValue()).isEqualTo(401);
}
@Test
public void givenAuthProviders_whenGetPingWithBadCred_then401() {
ResponseEntity<String> result = makeRestCallToGetPing("user", "bad_password");
assertThat(result.getStatusCodeValue()).isEqualTo(401);
}
private ResponseEntity<String> makeRestCallToGetPing(String username, String password) {
return restTemplate.withBasicAuth(username, password)
.getForEntity("/api/ping", String.class, Collections.emptyMap());
}
private ResponseEntity<String> makeRestCallToGetPing() {
return restTemplate.getForEntity("/api/ping", String.class, Collections.emptyMap());
}
}

67
spring-security-modules/spring-security-mvc-boot-2/src/test/java/org/baeldung/web/MultipleEntryPointsIntegrationTest.java Normal file
View File

@ -0,0 +1,67 @@
package org.baeldung.web;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.security.web.FilterChainProxy;
import org.springframework.test.context.junit4.SpringRunner;
import org.springframework.test.context.web.WebAppConfiguration;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
import org.springframework.web.context.WebApplicationContext;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
import org.baeldung.multipleentrypoints.MultipleEntryPointsApplication;
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.*;
@RunWith(SpringRunner.class)
@WebAppConfiguration
@SpringBootTest(classes = MultipleEntryPointsApplication.class)
public class MultipleEntryPointsIntegrationTest {
@Autowired
private WebApplicationContext wac;
@Autowired
private FilterChainProxy springSecurityFilterChain;
private MockMvc mockMvc;
@Before
public void setup() {
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).addFilter(springSecurityFilterChain).build();
}
@Test
public void whenTestAdminCredentials_thenOk() throws Exception {
mockMvc.perform(get("/admin/myAdminPage")).andExpect(status().isUnauthorized());
mockMvc.perform(get("/admin/myAdminPage").with(httpBasic("admin", "adminPass"))).andExpect(status().isOk());
mockMvc.perform(get("/user/myUserPage").with(user("admin").password("adminPass").roles("ADMIN"))).andExpect(status().isForbidden());
}
@Test
public void whenTestUserCredentials_thenOk() throws Exception {
mockMvc.perform(get("/user/general/myUserPage")).andExpect(status().isFound());
mockMvc.perform(get("/user/general/myUserPage").with(user("user").password("userPass").roles("USER"))).andExpect(status().isOk());
mockMvc.perform(get("/admin/myAdminPage").with(user("user").password("userPass").roles("USER"))).andExpect(status().isForbidden());
}
@Test
public void givenAnyUser_whenGetGuestPage_thenOk() throws Exception {
mockMvc.perform(get("/guest/myGuestPage")).andExpect(status().isOk());
mockMvc.perform(get("/guest/myGuestPage").with(user("user").password("userPass").roles("USER"))).andExpect(status().isOk());
mockMvc.perform(get("/guest/myGuestPage").with(httpBasic("admin", "adminPass"))).andExpect(status().isOk());
}
}