Spring Security Taglibs (#4947)

* BAEL-1846: Java Image to Base64 String

* Move from using main method to Junit test

* Update to use environment variables for testing

* reformat and add test file

* spring boot jsp security taglibs

* add more test

* add more test

* refactor spring config

* refactor spring config

* Update README.md

* fi alignment

* fix requested comments

* additional tests and content

* additional tests and content

* update examples

* Delete Readme file

* edit form example

* adding example for spring boot security tag libs

* Remove old tag libs module
This commit is contained in:
Hai Nguyen 2018-08-31 02:19:13 +08:00 committed by Josh Cummings
parent aa2822c5fc
commit be05fabb4e
8 changed files with 173 additions and 1 deletions

View File

@ -44,6 +44,23 @@
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<!-- security taglib -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
</dependency>
<!-- JSTL -->
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-jasper</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>

View File

@ -0,0 +1,14 @@
package com.baeldung.springsecuritytaglibs;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
@Controller
@RequestMapping("/")
public class HomeController {
@RequestMapping
public String home() {
return "home";
}
}

View File

@ -0,0 +1,9 @@
package com.baeldung.springsecuritytaglibs;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.PropertySource;
@SpringBootApplication
@PropertySource("classpath:application-taglibs.properties")
public class SpringBootSecurityTagLibsApplication {
}

View File

@ -0,0 +1,31 @@
package com.baeldung.springsecuritytaglibs.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class SpringBootSecurityTagLibsConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("testUser")
.password("password")
.roles("ADMIN");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http.csrf()
.and()
.authorizeRequests()
.antMatchers("/userManagement").hasRole("ADMIN")
.anyRequest().permitAll().and().httpBasic();
// @formatter:on
}
}

View File

@ -0,0 +1,3 @@
#jsp config
spring.mvc.view.prefix: /WEB-INF/views/
spring.mvc.view.suffix: .jsp

View File

@ -1,4 +1,4 @@
#spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration
#security.user.password=password
#security.oauth2.client.client-id=client
#security.oauth2.client.client-secret=secret
#security.oauth2.client.client-secret=secret

View File

@ -0,0 +1,38 @@
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<%@ taglib prefix="sec"
uri="http://www.springframework.org/security/tags"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<sec:csrfMetaTags />
<title>Home Page</title>
</head>
<body>
<sec:authorize access="!isAuthenticated()">
Login
</sec:authorize>
<sec:authorize access="isAuthenticated()">
Logout
</sec:authorize>
<sec:authorize access="isAuthenticated()">
<h2>
Welcome back, <sec:authentication property="name" />
</h2>
<sec:authorize access="hasRole('ADMIN')">
Manage Users
</sec:authorize>
<form method="post">
<sec:csrfInput />
Text Field: <br /> <input type="text" name="textField" />
<input type="submit" value="Submit form with CSRF input">
</form>
<sec:authorize url="/userManagement">
<a href="/userManagement">Manage Users</a>
</sec:authorize>
</sec:authorize>
</body>
</html>

View File

@ -0,0 +1,60 @@
package com.baeldung.springsecuritytaglibs;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
import org.springframework.boot.test.web.client.TestRestTemplate;
import org.springframework.test.context.junit4.SpringRunner;
@RunWith(SpringRunner.class)
@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT, classes = SpringBootSecurityTagLibsApplication.class)
public class HomeControllerUnitTest {
@Autowired
private TestRestTemplate restTemplate;
@Test
public void whenUserIsAuthenticatedThenAuthenticatedSectionsShowOnSite() throws Exception {
String body = this.restTemplate.withBasicAuth("testUser", "password")
.getForEntity("/", String.class)
.getBody();
// test <sec:authorize access="!isAuthenticated()">
assertFalse(body.contains("Login"));
// test <sec:authorize access="isAuthenticated()">
assertTrue(body.contains("Logout"));
// test <sec:authorize access="hasRole('ADMIN')">
assertTrue(body.contains("Manage Users"));
// test <sec:authentication property="principal.username" />
assertTrue(body.contains("testUser"));
// test <sec:authorize url="/adminOnlyURL">
assertTrue(body.contains("<a href=\"/userManagement\">"));
// test <sec:csrfInput />
assertTrue(body.contains("<input type=\"hidden\" name=\"_csrf\" value=\""));
// test <sec:csrfMetaTags />
assertTrue(body.contains("<meta name=\"_csrf_parameter\" content=\"_csrf\" />"));
}
@Test
public void whenUserIsNotAuthenticatedThenOnlyAnonymousSectionsShowOnSite() throws Exception {
String body = this.restTemplate.getForEntity("/", String.class)
.getBody();
// test <sec:authorize access="!isAuthenticated()">
assertTrue(body.contains("Login"));
// test <sec:authorize access="isAuthenticated()">
assertFalse(body.contains("Logout"));
}
}