Spring Security Taglibs (#4947)

* BAEL-1846: Java Image to Base64 String

* Move from using main method to Junit test

* Update to use environment variables for testing

* reformat and add test file

* spring boot jsp security taglibs

* add more test

* add more test

* refactor spring config

* refactor spring config

* Update README.md

* fi alignment

* fix requested comments

* additional tests and content

* additional tests and content

* update examples

* Delete Readme file

* edit form example

* adding example for spring boot security tag libs

* Remove old tag libs module

spring-boot-security/pom.xml

@@ -45,6 +45,23 @@
             <artifactId>spring-boot-starter-web</artifactId>
         </dependency>
         
+        <!-- security taglib -->
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-taglibs</artifactId>
+        </dependency>
+
+        <!-- JSTL -->
+        <dependency>
+            <groupId>org.apache.tomcat.embed</groupId>
+            <artifactId>tomcat-embed-jasper</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>jstl</artifactId>
+        </dependency>
+
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-test</artifactId>

spring-boot-security/src/main/java/com/baeldung/springsecuritytaglibs/HomeController.java

@@ -0,0 +1,14 @@
+package com.baeldung.springsecuritytaglibs;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+@Controller
+@RequestMapping("/")
+public class HomeController {
+    
+    @RequestMapping
+    public String home() {
+        return "home";
+    }
+}

spring-boot-security/src/main/java/com/baeldung/springsecuritytaglibs/SpringBootSecurityTagLibsApplication.java

@@ -0,0 +1,9 @@
+package com.baeldung.springsecuritytaglibs;
+
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.context.annotation.PropertySource;
+
+@SpringBootApplication
+@PropertySource("classpath:application-taglibs.properties")
+public class SpringBootSecurityTagLibsApplication {
+}

spring-boot-security/src/main/java/com/baeldung/springsecuritytaglibs/config/SpringBootSecurityTagLibsConfig.java

@@ -0,0 +1,31 @@
+package com.baeldung.springsecuritytaglibs.config;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+@Configuration
+@EnableWebSecurity
+public class SpringBootSecurityTagLibsConfig extends WebSecurityConfigurerAdapter {
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth.inMemoryAuthentication()
+            .withUser("testUser")
+            .password("password")
+            .roles("ADMIN");
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        // @formatter:off
+        http.csrf()
+                .and()
+            .authorizeRequests()
+                .antMatchers("/userManagement").hasRole("ADMIN")
+                .anyRequest().permitAll().and().httpBasic();
+        // @formatter:on
+    }
+}

spring-boot-security/src/main/resources/application-taglibs.properties

@@ -0,0 +1,3 @@
+#jsp config
+spring.mvc.view.prefix: /WEB-INF/views/
+spring.mvc.view.suffix: .jsp

spring-boot-security/src/main/webapp/WEB-INF/views/home.jsp

@@ -0,0 +1,38 @@
+<%@ page language="java" contentType="text/html; charset=UTF-8"
+    pageEncoding="UTF-8"%>
+<%@ taglib prefix="sec"
+    uri="http://www.springframework.org/security/tags"%>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<sec:csrfMetaTags />
+<title>Home Page</title>
+</head>
+<body>    
+    <sec:authorize access="!isAuthenticated()">
+        Login
+    </sec:authorize>
+    
+    <sec:authorize access="isAuthenticated()">
+        Logout
+    </sec:authorize>
+    
+    <sec:authorize access="isAuthenticated()">
+        <h2>
+            Welcome back, <sec:authentication property="name" />
+        </h2>         
+        <sec:authorize access="hasRole('ADMIN')">
+            Manage Users
+        </sec:authorize>
+        <form method="post">
+            <sec:csrfInput />
+            Text Field: <br /> <input type="text" name="textField" />
+            <input type="submit" value="Submit form with CSRF input">
+        </form>
+        <sec:authorize url="/userManagement">
+            <a href="/userManagement">Manage Users</a>
+        </sec:authorize>
+    </sec:authorize>
+</body>
+</html>

spring-boot-security/src/test/java/com/baeldung/springsecuritytaglibs/HomeControllerUnitTest.java

@@ -0,0 +1,60 @@
+package com.baeldung.springsecuritytaglibs;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.boot.test.web.client.TestRestTemplate;
+import org.springframework.test.context.junit4.SpringRunner;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT, classes = SpringBootSecurityTagLibsApplication.class)
+public class HomeControllerUnitTest {
+
+    @Autowired
+    private TestRestTemplate restTemplate;
+
+    @Test
+    public void whenUserIsAuthenticatedThenAuthenticatedSectionsShowOnSite() throws Exception {
+        String body = this.restTemplate.withBasicAuth("testUser", "password")
+            .getForEntity("/", String.class)
+            .getBody();
+
+        // test <sec:authorize access="!isAuthenticated()">
+        assertFalse(body.contains("Login"));
+
+        // test <sec:authorize access="isAuthenticated()">
+        assertTrue(body.contains("Logout"));
+
+        // test <sec:authorize access="hasRole('ADMIN')">
+        assertTrue(body.contains("Manage Users"));
+
+        // test <sec:authentication property="principal.username" />
+        assertTrue(body.contains("testUser"));
+
+        // test <sec:authorize url="/adminOnlyURL">
+        assertTrue(body.contains("<a href=\"/userManagement\">"));
+
+        // test <sec:csrfInput />
+        assertTrue(body.contains("<input type=\"hidden\" name=\"_csrf\" value=\""));
+
+        // test <sec:csrfMetaTags />
+        assertTrue(body.contains("<meta name=\"_csrf_parameter\" content=\"_csrf\" />"));
+    }
+
+    @Test
+    public void whenUserIsNotAuthenticatedThenOnlyAnonymousSectionsShowOnSite() throws Exception {
+        String body = this.restTemplate.getForEntity("/", String.class)
+            .getBody();
+
+        // test <sec:authorize access="!isAuthenticated()">
+        assertTrue(body.contains("Login"));
+
+        // test <sec:authorize access="isAuthenticated()">
+        assertFalse(body.contains("Logout"));
+    }
+}