From be05fabb4e1d2f7bbe4f3dc4c3428b1a44b0bb36 Mon Sep 17 00:00:00 2001
From: Hai Nguyen <nnhai1991@gmail.com>
Date: Fri, 31 Aug 2018 02:19:13 +0800
Subject: [PATCH] Spring Security Taglibs (#4947)

* BAEL-1846: Java Image to Base64 String

* Move from using main method to Junit test

* Update to use environment variables for testing

* reformat and add test file

* spring boot jsp security taglibs

* add more test

* add more test

* refactor spring config

* refactor spring config

* Update README.md

* fi alignment

* fix requested comments

* additional tests and content

* additional tests and content

* update examples

* Delete Readme file

* edit form example

* adding example for spring boot security tag libs

* Remove old tag libs module
---
 spring-boot-security/pom.xml                  | 17 ++++++
 .../springsecuritytaglibs/HomeController.java | 14 +++++
 .../SpringBootSecurityTagLibsApplication.java |  9 +++
 .../SpringBootSecurityTagLibsConfig.java      | 31 ++++++++++
 .../resources/application-taglibs.properties  |  3 +
 .../src/main/resources/application.properties |  2 +-
 .../src/main/webapp/WEB-INF/views/home.jsp    | 38 ++++++++++++
 .../HomeControllerUnitTest.java               | 60 +++++++++++++++++++
 8 files changed, 173 insertions(+), 1 deletion(-)
 create mode 100644 spring-boot-security/src/main/java/com/baeldung/springsecuritytaglibs/HomeController.java
 create mode 100644 spring-boot-security/src/main/java/com/baeldung/springsecuritytaglibs/SpringBootSecurityTagLibsApplication.java
 create mode 100644 spring-boot-security/src/main/java/com/baeldung/springsecuritytaglibs/config/SpringBootSecurityTagLibsConfig.java
 create mode 100644 spring-boot-security/src/main/resources/application-taglibs.properties
 create mode 100644 spring-boot-security/src/main/webapp/WEB-INF/views/home.jsp
 create mode 100644 spring-boot-security/src/test/java/com/baeldung/springsecuritytaglibs/HomeControllerUnitTest.java

diff --git a/spring-boot-security/pom.xml b/spring-boot-security/pom.xml
index 5283a69c2d..18d292c8a1 100644
--- a/spring-boot-security/pom.xml
+++ b/spring-boot-security/pom.xml
@@ -44,6 +44,23 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-web</artifactId>
         </dependency>
+        
+        <!-- security taglib -->
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-taglibs</artifactId>
+        </dependency>
+
+        <!-- JSTL -->
+        <dependency>
+            <groupId>org.apache.tomcat.embed</groupId>
+            <artifactId>tomcat-embed-jasper</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>jstl</artifactId>
+        </dependency>
 
         <dependency>
             <groupId>org.springframework.boot</groupId>
diff --git a/spring-boot-security/src/main/java/com/baeldung/springsecuritytaglibs/HomeController.java b/spring-boot-security/src/main/java/com/baeldung/springsecuritytaglibs/HomeController.java
new file mode 100644
index 0000000000..eca093a76f
--- /dev/null
+++ b/spring-boot-security/src/main/java/com/baeldung/springsecuritytaglibs/HomeController.java
@@ -0,0 +1,14 @@
+package com.baeldung.springsecuritytaglibs;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+@Controller
+@RequestMapping("/")
+public class HomeController {
+    
+    @RequestMapping
+    public String home() {
+        return "home";
+    }
+}
diff --git a/spring-boot-security/src/main/java/com/baeldung/springsecuritytaglibs/SpringBootSecurityTagLibsApplication.java b/spring-boot-security/src/main/java/com/baeldung/springsecuritytaglibs/SpringBootSecurityTagLibsApplication.java
new file mode 100644
index 0000000000..397ea47f96
--- /dev/null
+++ b/spring-boot-security/src/main/java/com/baeldung/springsecuritytaglibs/SpringBootSecurityTagLibsApplication.java
@@ -0,0 +1,9 @@
+package com.baeldung.springsecuritytaglibs;
+
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.context.annotation.PropertySource;
+
+@SpringBootApplication
+@PropertySource("classpath:application-taglibs.properties")
+public class SpringBootSecurityTagLibsApplication {
+}
diff --git a/spring-boot-security/src/main/java/com/baeldung/springsecuritytaglibs/config/SpringBootSecurityTagLibsConfig.java b/spring-boot-security/src/main/java/com/baeldung/springsecuritytaglibs/config/SpringBootSecurityTagLibsConfig.java
new file mode 100644
index 0000000000..665dd0bce9
--- /dev/null
+++ b/spring-boot-security/src/main/java/com/baeldung/springsecuritytaglibs/config/SpringBootSecurityTagLibsConfig.java
@@ -0,0 +1,31 @@
+package com.baeldung.springsecuritytaglibs.config;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+@Configuration
+@EnableWebSecurity
+public class SpringBootSecurityTagLibsConfig extends WebSecurityConfigurerAdapter {
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth.inMemoryAuthentication()
+            .withUser("testUser")
+            .password("password")
+            .roles("ADMIN");
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        // @formatter:off
+        http.csrf()
+                .and()
+            .authorizeRequests()
+                .antMatchers("/userManagement").hasRole("ADMIN")
+                .anyRequest().permitAll().and().httpBasic();
+        // @formatter:on
+    }
+}
\ No newline at end of file
diff --git a/spring-boot-security/src/main/resources/application-taglibs.properties b/spring-boot-security/src/main/resources/application-taglibs.properties
new file mode 100644
index 0000000000..218868405f
--- /dev/null
+++ b/spring-boot-security/src/main/resources/application-taglibs.properties
@@ -0,0 +1,3 @@
+#jsp config
+spring.mvc.view.prefix: /WEB-INF/views/
+spring.mvc.view.suffix: .jsp
diff --git a/spring-boot-security/src/main/resources/application.properties b/spring-boot-security/src/main/resources/application.properties
index c2b8d70dc6..e776132359 100644
--- a/spring-boot-security/src/main/resources/application.properties
+++ b/spring-boot-security/src/main/resources/application.properties
@@ -1,4 +1,4 @@
 #spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration
 #security.user.password=password
 #security.oauth2.client.client-id=client
-#security.oauth2.client.client-secret=secret
+#security.oauth2.client.client-secret=secret
\ No newline at end of file
diff --git a/spring-boot-security/src/main/webapp/WEB-INF/views/home.jsp b/spring-boot-security/src/main/webapp/WEB-INF/views/home.jsp
new file mode 100644
index 0000000000..80ecd61cb5
--- /dev/null
+++ b/spring-boot-security/src/main/webapp/WEB-INF/views/home.jsp
@@ -0,0 +1,38 @@
+<%@ page language="java" contentType="text/html; charset=UTF-8"
+    pageEncoding="UTF-8"%>
+<%@ taglib prefix="sec"
+    uri="http://www.springframework.org/security/tags"%>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<sec:csrfMetaTags />
+<title>Home Page</title>
+</head>
+<body>    
+    <sec:authorize access="!isAuthenticated()">
+        Login
+    </sec:authorize>
+    
+    <sec:authorize access="isAuthenticated()">
+        Logout
+    </sec:authorize>
+    
+    <sec:authorize access="isAuthenticated()">
+        <h2>
+            Welcome back, <sec:authentication property="name" />
+        </h2>         
+        <sec:authorize access="hasRole('ADMIN')">
+            Manage Users
+        </sec:authorize>
+        <form method="post">
+            <sec:csrfInput />
+            Text Field: <br /> <input type="text" name="textField" />
+            <input type="submit" value="Submit form with CSRF input">
+        </form>
+        <sec:authorize url="/userManagement">
+            <a href="/userManagement">Manage Users</a>
+        </sec:authorize>
+    </sec:authorize>
+</body>
+</html>
\ No newline at end of file
diff --git a/spring-boot-security/src/test/java/com/baeldung/springsecuritytaglibs/HomeControllerUnitTest.java b/spring-boot-security/src/test/java/com/baeldung/springsecuritytaglibs/HomeControllerUnitTest.java
new file mode 100644
index 0000000000..0585c06a59
--- /dev/null
+++ b/spring-boot-security/src/test/java/com/baeldung/springsecuritytaglibs/HomeControllerUnitTest.java
@@ -0,0 +1,60 @@
+package com.baeldung.springsecuritytaglibs;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.boot.test.web.client.TestRestTemplate;
+import org.springframework.test.context.junit4.SpringRunner;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT, classes = SpringBootSecurityTagLibsApplication.class)
+public class HomeControllerUnitTest {
+
+    @Autowired
+    private TestRestTemplate restTemplate;
+
+    @Test
+    public void whenUserIsAuthenticatedThenAuthenticatedSectionsShowOnSite() throws Exception {
+        String body = this.restTemplate.withBasicAuth("testUser", "password")
+            .getForEntity("/", String.class)
+            .getBody();
+
+        // test <sec:authorize access="!isAuthenticated()">
+        assertFalse(body.contains("Login"));
+
+        // test <sec:authorize access="isAuthenticated()">
+        assertTrue(body.contains("Logout"));
+
+        // test <sec:authorize access="hasRole('ADMIN')">
+        assertTrue(body.contains("Manage Users"));
+
+        // test <sec:authentication property="principal.username" />
+        assertTrue(body.contains("testUser"));
+
+        // test <sec:authorize url="/adminOnlyURL">
+        assertTrue(body.contains("<a href=\"/userManagement\">"));
+
+        // test <sec:csrfInput />
+        assertTrue(body.contains("<input type=\"hidden\" name=\"_csrf\" value=\""));
+
+        // test <sec:csrfMetaTags />
+        assertTrue(body.contains("<meta name=\"_csrf_parameter\" content=\"_csrf\" />"));
+    }
+
+    @Test
+    public void whenUserIsNotAuthenticatedThenOnlyAnonymousSectionsShowOnSite() throws Exception {
+        String body = this.restTemplate.getForEntity("/", String.class)
+            .getBody();
+
+        // test <sec:authorize access="!isAuthenticated()">
+        assertTrue(body.contains("Login"));
+
+        // test <sec:authorize access="isAuthenticated()">
+        assertFalse(body.contains("Logout"));
+    }
+}