Spring Security Taglibs (#4947)
* BAEL-1846: Java Image to Base64 String * Move from using main method to Junit test * Update to use environment variables for testing * reformat and add test file * spring boot jsp security taglibs * add more test * add more test * refactor spring config * refactor spring config * Update README.md * fi alignment * fix requested comments * additional tests and content * additional tests and content * update examples * Delete Readme file * edit form example * adding example for spring boot security tag libs * Remove old tag libs module
This commit is contained in:
parent
aa2822c5fc
commit
be05fabb4e
|
@ -44,6 +44,23 @@
|
|||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-web</artifactId>
|
||||
</dependency>
|
||||
|
||||
<!-- security taglib -->
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-taglibs</artifactId>
|
||||
</dependency>
|
||||
|
||||
<!-- JSTL -->
|
||||
<dependency>
|
||||
<groupId>org.apache.tomcat.embed</groupId>
|
||||
<artifactId>tomcat-embed-jasper</artifactId>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>javax.servlet</groupId>
|
||||
<artifactId>jstl</artifactId>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
|
|
|
@ -0,0 +1,14 @@
|
|||
package com.baeldung.springsecuritytaglibs;
|
||||
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
|
||||
@Controller
|
||||
@RequestMapping("/")
|
||||
public class HomeController {
|
||||
|
||||
@RequestMapping
|
||||
public String home() {
|
||||
return "home";
|
||||
}
|
||||
}
|
|
@ -0,0 +1,9 @@
|
|||
package com.baeldung.springsecuritytaglibs;
|
||||
|
||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||
import org.springframework.context.annotation.PropertySource;
|
||||
|
||||
@SpringBootApplication
|
||||
@PropertySource("classpath:application-taglibs.properties")
|
||||
public class SpringBootSecurityTagLibsApplication {
|
||||
}
|
|
@ -0,0 +1,31 @@
|
|||
package com.baeldung.springsecuritytaglibs.config;
|
||||
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class SpringBootSecurityTagLibsConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
||||
auth.inMemoryAuthentication()
|
||||
.withUser("testUser")
|
||||
.password("password")
|
||||
.roles("ADMIN");
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
// @formatter:off
|
||||
http.csrf()
|
||||
.and()
|
||||
.authorizeRequests()
|
||||
.antMatchers("/userManagement").hasRole("ADMIN")
|
||||
.anyRequest().permitAll().and().httpBasic();
|
||||
// @formatter:on
|
||||
}
|
||||
}
|
|
@ -0,0 +1,3 @@
|
|||
#jsp config
|
||||
spring.mvc.view.prefix: /WEB-INF/views/
|
||||
spring.mvc.view.suffix: .jsp
|
|
@ -1,4 +1,4 @@
|
|||
#spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration
|
||||
#security.user.password=password
|
||||
#security.oauth2.client.client-id=client
|
||||
#security.oauth2.client.client-secret=secret
|
||||
#security.oauth2.client.client-secret=secret
|
|
@ -0,0 +1,38 @@
|
|||
<%@ page language="java" contentType="text/html; charset=UTF-8"
|
||||
pageEncoding="UTF-8"%>
|
||||
<%@ taglib prefix="sec"
|
||||
uri="http://www.springframework.org/security/tags"%>
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
|
||||
<sec:csrfMetaTags />
|
||||
<title>Home Page</title>
|
||||
</head>
|
||||
<body>
|
||||
<sec:authorize access="!isAuthenticated()">
|
||||
Login
|
||||
</sec:authorize>
|
||||
|
||||
<sec:authorize access="isAuthenticated()">
|
||||
Logout
|
||||
</sec:authorize>
|
||||
|
||||
<sec:authorize access="isAuthenticated()">
|
||||
<h2>
|
||||
Welcome back, <sec:authentication property="name" />
|
||||
</h2>
|
||||
<sec:authorize access="hasRole('ADMIN')">
|
||||
Manage Users
|
||||
</sec:authorize>
|
||||
<form method="post">
|
||||
<sec:csrfInput />
|
||||
Text Field: <br /> <input type="text" name="textField" />
|
||||
<input type="submit" value="Submit form with CSRF input">
|
||||
</form>
|
||||
<sec:authorize url="/userManagement">
|
||||
<a href="/userManagement">Manage Users</a>
|
||||
</sec:authorize>
|
||||
</sec:authorize>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,60 @@
|
|||
package com.baeldung.springsecuritytaglibs;
|
||||
|
||||
import static org.junit.Assert.assertFalse;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.test.context.SpringBootTest;
|
||||
import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
|
||||
import org.springframework.boot.test.web.client.TestRestTemplate;
|
||||
import org.springframework.test.context.junit4.SpringRunner;
|
||||
|
||||
@RunWith(SpringRunner.class)
|
||||
@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT, classes = SpringBootSecurityTagLibsApplication.class)
|
||||
public class HomeControllerUnitTest {
|
||||
|
||||
@Autowired
|
||||
private TestRestTemplate restTemplate;
|
||||
|
||||
@Test
|
||||
public void whenUserIsAuthenticatedThenAuthenticatedSectionsShowOnSite() throws Exception {
|
||||
String body = this.restTemplate.withBasicAuth("testUser", "password")
|
||||
.getForEntity("/", String.class)
|
||||
.getBody();
|
||||
|
||||
// test <sec:authorize access="!isAuthenticated()">
|
||||
assertFalse(body.contains("Login"));
|
||||
|
||||
// test <sec:authorize access="isAuthenticated()">
|
||||
assertTrue(body.contains("Logout"));
|
||||
|
||||
// test <sec:authorize access="hasRole('ADMIN')">
|
||||
assertTrue(body.contains("Manage Users"));
|
||||
|
||||
// test <sec:authentication property="principal.username" />
|
||||
assertTrue(body.contains("testUser"));
|
||||
|
||||
// test <sec:authorize url="/adminOnlyURL">
|
||||
assertTrue(body.contains("<a href=\"/userManagement\">"));
|
||||
|
||||
// test <sec:csrfInput />
|
||||
assertTrue(body.contains("<input type=\"hidden\" name=\"_csrf\" value=\""));
|
||||
|
||||
// test <sec:csrfMetaTags />
|
||||
assertTrue(body.contains("<meta name=\"_csrf_parameter\" content=\"_csrf\" />"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void whenUserIsNotAuthenticatedThenOnlyAnonymousSectionsShowOnSite() throws Exception {
|
||||
String body = this.restTemplate.getForEntity("/", String.class)
|
||||
.getBody();
|
||||
|
||||
// test <sec:authorize access="!isAuthenticated()">
|
||||
assertTrue(body.contains("Login"));
|
||||
|
||||
// test <sec:authorize access="isAuthenticated()">
|
||||
assertFalse(body.contains("Logout"));
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue