iSharkFly-Docs/java-tutorials
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

JAVA-29309 Upgrade spring-security-web-digest-auth (#15757)

Browse Source 
* JAVA-29309 Upgrade spring-security-web-digest-auth

* JAVA-29309 Remove commented line

---------

Co-authored-by: timis1 <noreplay@yahoo.com>
This commit is contained in:
timis1 2024-02-05 22:47:55 +02:00 committed by GitHub
parent 7280037213
commit bda3903057
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
7 changed files with 64 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
spring-security-modules/spring-security-web-digest-auth/pom.xml
View File

@ -10,9 +10,9 @@
<parent> <parent>
<groupId>com.baeldung</groupId> <groupId>com.baeldung</groupId>
<artifactId>parent-spring-5</artifactId> <artifactId>parent-spring-6</artifactId>
<version>0.0.1-SNAPSHOT</version> <version>0.0.1-SNAPSHOT</version>
<relativePath>../../parent-spring-5</relativePath> <relativePath>../../parent-spring-6</relativePath>
</parent> </parent>
<dependencies> <dependencies>
@ -86,16 +86,15 @@
</dependency> </dependency>
<!-- web --> <!-- web -->
<dependency> <dependency>
<groupId>javax.servlet</groupId> <groupId>jakarta.servlet</groupId>
<artifactId>javax.servlet-api</artifactId> <artifactId>jakarta.servlet-api</artifactId>
<version>${javax.servlet-api.version}</version> <version>${jakarta.servlet-api.version}</version>
<scope>provided</scope> <scope>provided</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>javax.servlet</groupId> <groupId>jakarta.servlet.jsp.jstl</groupId>
<artifactId>jstl</artifactId> <artifactId>jakarta.servlet.jsp.jstl-api</artifactId>
<version>${jstl.version}</version> <version>${jakarta.jstl-api.version}</version>
<scope>runtime</scope>
</dependency> </dependency>
<!-- util --> <!-- util -->
<dependency> <dependency>
@ -104,9 +103,9 @@
<version>${guava.version}</version> <version>${guava.version}</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.apache.httpcomponents</groupId> <groupId>org.apache.httpcomponents.core5</groupId>
<artifactId>httpcore</artifactId> <artifactId>httpcore5</artifactId>
<version>${httpcore.version}</version> <version>${httpcore5.version}</version>
<exclusions> <exclusions>
<exclusion> <exclusion>
<artifactId>commons-logging</artifactId> <artifactId>commons-logging</artifactId>
@ -115,9 +114,9 @@
</exclusions> </exclusions>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.apache.httpcomponents</groupId> <groupId>org.apache.httpcomponents.client5</groupId>
<artifactId>httpclient</artifactId> <artifactId>httpclient5</artifactId>
<version>${httpclient.version}</version> <version>${httpclient5.version}</version>
<exclusions> <exclusions>
<exclusion> <exclusion>
<artifactId>commons-logging</artifactId> <artifactId>commons-logging</artifactId>
@ -172,10 +171,12 @@
<properties> <properties>
<!-- Spring --> <!-- Spring -->
<org.springframework.security.version>4.2.6.RELEASE</org.springframework.security.version> <org.springframework.security.version>6.1.5</org.springframework.security.version>
<!-- util --> <!-- util -->
<httpcore.version>4.4.5</httpcore.version> <httpcore5.version>5.2.4</httpcore5.version>
<httpclient.version>4.5.2</httpclient.version> <httpclient5.version>5.3</httpclient5.version>
<jakarta.servlet-api.version>6.1.0-M1</jakarta.servlet-api.version>
<jakarta.jstl-api.version>3.0.0</jakarta.jstl-api.version>
<!-- Maven plugins --> <!-- Maven plugins -->
<cargo-maven2-plugin.version>1.6.1</cargo-maven2-plugin.version> <cargo-maven2-plugin.version>1.6.1</cargo-maven2-plugin.version>
</properties> </properties>

9
spring-security-modules/spring-security-web-digest-auth/src/main/java/com/baeldung/basic/MyBasicAuthenticationEntryPoint.java
View File

@ -3,9 +3,8 @@ package com.baeldung.basic;
import java.io.IOException; import java.io.IOException;
import java.io.PrintWriter; import java.io.PrintWriter;
import javax.servlet.ServletException; import jakarta.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint; import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
@ -15,7 +14,7 @@ import org.springframework.stereotype.Component;
public class MyBasicAuthenticationEntryPoint extends BasicAuthenticationEntryPoint { public class MyBasicAuthenticationEntryPoint extends BasicAuthenticationEntryPoint {
@Override @Override
public void commence(final HttpServletRequest request, final HttpServletResponse response, final AuthenticationException authException) throws IOException, ServletException { public void commence(final HttpServletRequest request, final HttpServletResponse response, final AuthenticationException authException) throws IOException {
response.addHeader("WWW-Authenticate", "Basic realm=\"" + getRealmName() + "\""); response.addHeader("WWW-Authenticate", "Basic realm=\"" + getRealmName() + "\"");
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
final PrintWriter writer = response.getWriter(); final PrintWriter writer = response.getWriter();
@ -23,7 +22,7 @@ public class MyBasicAuthenticationEntryPoint extends BasicAuthenticationEntryPoi
} }
@Override @Override
public void afterPropertiesSet() throws Exception { public void afterPropertiesSet() {
setRealmName("Baeldung"); setRealmName("Baeldung");
super.afterPropertiesSet(); super.afterPropertiesSet();
} }

22
spring-security-modules/spring-security-web-digest-auth/src/main/java/com/baeldung/client/HttpComponentsClientHttpRequestFactoryDigestAuth.java
View File

@ -1,13 +1,14 @@
package com.baeldung.client; package com.baeldung.client;
import org.apache.http.HttpHost; import org.apache.hc.client5.http.auth.AuthCache;
import org.apache.http.client.AuthCache; import org.apache.hc.client5.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.HttpClient; import org.apache.hc.client5.http.classic.HttpClient;
import org.apache.http.client.protocol.HttpClientContext; import org.apache.hc.client5.http.impl.auth.BasicAuthCache;
import org.apache.http.impl.auth.DigestScheme; import org.apache.hc.client5.http.impl.auth.DigestScheme;
import org.apache.http.impl.client.BasicAuthCache; import org.apache.hc.client5.http.protocol.HttpClientContext;
import org.apache.http.protocol.BasicHttpContext; import org.apache.hc.core5.http.HttpHost;
import org.apache.http.protocol.HttpContext; import org.apache.hc.core5.http.protocol.BasicHttpContext;
import org.apache.hc.core5.http.protocol.HttpContext;
import org.springframework.http.HttpMethod; import org.springframework.http.HttpMethod;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory; import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
@ -21,8 +22,6 @@ public class HttpComponentsClientHttpRequestFactoryDigestAuth extends HttpCompon
this.host = host; this.host = host;
} }
//
@Override @Override
protected HttpContext createHttpContext(final HttpMethod httpMethod, final URI uri) { protected HttpContext createHttpContext(final HttpMethod httpMethod, final URI uri) {
return createHttpContext(); return createHttpContext();
@ -34,7 +33,8 @@ public class HttpComponentsClientHttpRequestFactoryDigestAuth extends HttpCompon
// Generate DIGEST scheme object, initialize it and add it to the local auth cache // Generate DIGEST scheme object, initialize it and add it to the local auth cache
final DigestScheme digestAuth = new DigestScheme(); final DigestScheme digestAuth = new DigestScheme();
// If we already know the realm name // If we already know the realm name
digestAuth.overrideParamter("realm", "Custom Realm Name"); digestAuth.initPreemptive(new UsernamePasswordCredentials("user1", "user1Pass".toCharArray()),
"", "Custom Realm Name");
// digestAuth.overrideParamter("nonce", "MTM3NTU2OTU4MDAwNzoyYWI5YTQ5MTlhNzc5N2UxMGM5M2Y5M2ViOTc4ZmVhNg=="); // digestAuth.overrideParamter("nonce", "MTM3NTU2OTU4MDAwNzoyYWI5YTQ5MTlhNzc5N2UxMGM5M2Y5M2ViOTc4ZmVhNg==");
authCache.put(host, digestAuth); authCache.put(host, digestAuth);

28
spring-security-modules/spring-security-web-digest-auth/src/main/java/com/baeldung/spring/ClientConfig.java
View File

@ -1,18 +1,19 @@
package com.baeldung.spring; package com.baeldung.spring;
import org.apache.http.HttpHost; import org.apache.hc.client5.http.auth.AuthScope;
import org.apache.http.auth.AuthScope; import org.apache.hc.client5.http.auth.CredentialsProvider;
import org.apache.http.auth.UsernamePasswordCredentials; import org.apache.hc.client5.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.CredentialsProvider; import org.apache.hc.client5.http.impl.auth.BasicCredentialsProvider;
import org.apache.http.impl.client.BasicCredentialsProvider; import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
import org.apache.http.impl.client.CloseableHttpClient; import org.apache.hc.client5.http.impl.classic.HttpClientBuilder;
import org.apache.http.impl.client.HttpClientBuilder; import org.apache.hc.core5.http.HttpHost;
import com.baeldung.client.HttpComponentsClientHttpRequestFactoryDigestAuth;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory; import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.web.client.RestTemplate; import org.springframework.web.client.RestTemplate;
import com.baeldung.client.HttpComponentsClientHttpRequestFactoryDigestAuth;
@Configuration @Configuration
public class ClientConfig { public class ClientConfig {
private static final String DEFAULT_USER = "user1"; private static final String DEFAULT_USER = "user1";
@ -24,7 +25,7 @@ public class ClientConfig {
@Bean @Bean
public RestTemplate restTemplate() { public RestTemplate restTemplate() {
HttpHost host = new HttpHost("localhost", 8080, "http"); HttpHost host = new HttpHost("http", "localhost", 8080);
CloseableHttpClient client = HttpClientBuilder.create(). CloseableHttpClient client = HttpClientBuilder.create().
setDefaultCredentialsProvider(provider()).useSystemProperties().build(); setDefaultCredentialsProvider(provider()).useSystemProperties().build();
HttpComponentsClientHttpRequestFactory requestFactory = HttpComponentsClientHttpRequestFactory requestFactory =
@ -34,10 +35,11 @@ public class ClientConfig {
} }
private CredentialsProvider provider() { private CredentialsProvider provider() {
CredentialsProvider provider = new BasicCredentialsProvider(); BasicCredentialsProvider provider = new BasicCredentialsProvider();
UsernamePasswordCredentials credentials = UsernamePasswordCredentials credentials = new UsernamePasswordCredentials(DEFAULT_USER, DEFAULT_PASS.toCharArray());
new UsernamePasswordCredentials("user1", "user1Pass"); //defining null and -1 it applies to any host and any port
provider.setCredentials(AuthScope.ANY, credentials); final AuthScope authScope = new AuthScope(null, -1);
provider.setCredentials(authScope, credentials);
return provider; return provider;
} }

6
spring-security-modules/spring-security-web-digest-auth/src/main/java/com/baeldung/spring/MvcConfig.java
View File

@ -5,13 +5,13 @@ import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.ViewResolver; import org.springframework.web.servlet.ViewResolver;
import org.springframework.web.servlet.config.annotation.EnableWebMvc; import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry; import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import org.springframework.web.servlet.view.InternalResourceViewResolver; import org.springframework.web.servlet.view.InternalResourceViewResolver;
import org.springframework.web.servlet.view.JstlView; import org.springframework.web.servlet.view.JstlView;
@Configuration @Configuration
@EnableWebMvc @EnableWebMvc
public class MvcConfig extends WebMvcConfigurerAdapter { public class MvcConfig implements WebMvcConfigurer {
public MvcConfig() { public MvcConfig() {
super(); super();
@ -21,8 +21,6 @@ public class MvcConfig extends WebMvcConfigurerAdapter {
@Override @Override
public void addViewControllers(final ViewControllerRegistry registry) { public void addViewControllers(final ViewControllerRegistry registry) {
super.addViewControllers(registry);
registry.addViewController("/homepage.html"); registry.addViewController("/homepage.html");
} }

12
spring-security-modules/spring-security-web-digest-auth/src/main/resources/webSecurityConfig.xml
View File

@ -1,9 +1,11 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans" <beans:beans xmlns="http://www.springframework.org/schema/security"
xsi:schemaLocation=" xmlns:beans="http://www.springframework.org/schema/beans"
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd" xsi:schemaLocation="http://www.springframework.org/schema/beans
> https://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
https://www.springframework.org/schema/security/spring-security.xsd">
<beans:bean id="digestFilter" class="org.springframework.security.web.authentication.www.DigestAuthenticationFilter"> <beans:bean id="digestFilter" class="org.springframework.security.web.authentication.www.DigestAuthenticationFilter">
<beans:property name="userDetailsService" ref="userService"/> <beans:property name="userDetailsService" ref="userService"/>

11
spring-security-modules/spring-security-web-digest-auth/src/test/java/com/baeldung/client/RawClientLiveTest.java
View File

@ -2,11 +2,12 @@ package com.baeldung.client;
import java.io.IOException; import java.io.IOException;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import com.baeldung.spring.ClientConfig; import com.baeldung.spring.ClientConfig;
import org.apache.hc.client5.http.classic.methods.HttpGet;
import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
import org.apache.hc.client5.http.impl.classic.HttpClientBuilder;
import org.apache.hc.core5.http.HttpResponse;
import org.junit.Test; import org.junit.Test;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.ContextConfiguration;
@ -24,7 +25,7 @@ public class RawClientLiveTest {
CloseableHttpClient httpClient = HttpClientBuilder.create().build(); CloseableHttpClient httpClient = HttpClientBuilder.create().build();
HttpGet getMethod = new HttpGet("http://localhost:8082/spring-security-rest-basic-auth/api/bars/1"); HttpGet getMethod = new HttpGet("http://localhost:8082/spring-security-rest-basic-auth/api/bars/1");
HttpResponse response = httpClient.execute(getMethod); HttpResponse response = httpClient.execute(getMethod);
System.out.println("HTTP Status of response: " + response.getStatusLine().getStatusCode()); System.out.println("HTTP Status of response: " + response.getCode());
} }
} }