move multiple login project (#1140)

spring-security-custom-permission/pom.xml

@@ -129,6 +129,12 @@
             <version>${spring-security-taglibs.version}</version>
         </dependency>
 		
+		 <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-core</artifactId>
+            <version>${spring-security-core.version}</version>
+        </dependency>
+
         <dependency>
             <groupId>javax.servlet.jsp.jstl</groupId>
             <artifactId>jstl-api</artifactId>
@@ -280,11 +286,15 @@
         <start-class>org.baeldung.Application</start-class>
         <!--If you want to run the example with the voters comment the tag above and uncomment the one below-->
         <!--<start-class>org.baeldung.voter.VoterApplication</start-class>-->
+        <!--If you want to run the example with the multiple logins, comment the tag above and uncomment the one below-->
+        <!--<start-class>org.baeldung.multiplelogin.MultipleLoginApplication</start-class>-->
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <java.version>1.8</java.version>
         <derby.version>10.13.1.1</derby.version>
         <taglibs-standard.version>1.1.2</taglibs-standard.version>
         <spring-security-taglibs.version>4.2.0.RELEASE</spring-security-taglibs.version>
+		  <spring-security-core.version>4.2.0.RELEASE</spring-security-core.version>
+      
         <jstl.version>1.2</jstl.version>
         <rest-assured.version>2.4.0</rest-assured.version>
         <cargo-maven2-plugin.version>1.6.1</cargo-maven2-plugin.version>

spring-security-custom-permission/src/main/java/org/baeldung/Application.java

@@ -9,7 +9,7 @@ import org.springframework.context.annotation.FilterType;
 
 @Configuration
 @EnableAutoConfiguration
-@ComponentScan(excludeFilters = @ComponentScan.Filter(type = FilterType.REGEX, pattern = "org.baeldung.voter.*"))
+@ComponentScan(excludeFilters = {@ComponentScan.Filter(type = FilterType.REGEX, pattern = "org.baeldung.voter.*"), @ComponentScan.Filter(type = FilterType.REGEX, pattern = "org.baeldung.multiplelogin.*")})
 public class Application extends SpringBootServletInitializer {
     public static void main(String[] args) {
         SpringApplication.run(Application.class, args);

spring-security-custom-permission/src/main/java/org/baeldung/multiplelogin/MultipleLoginApplication.java

@@ -0,0 +1,22 @@
+package org.baeldung.multiplelogin;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
+import org.springframework.boot.context.web.SpringBootServletInitializer;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.builder.SpringApplicationBuilder;
+
+@SpringBootApplication
+@ComponentScan("org.baeldung.multiplelogin")
+public class MultipleLoginApplication extends SpringBootServletInitializer {
+    public static void main(String[] args) {
+        SpringApplication.run(MultipleLoginApplication.class, args);
+    }
+	
+	@Override
+	protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
+		return application.sources(MultipleLoginApplication.class);
+	}
+}

spring-security-custom-permission/src/main/java/org/baeldung/multiplelogin/MultipleLoginMvcConfig.java

@@ -0,0 +1,45 @@
+package org.baeldung.multiplelogin;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.ViewResolver;
+import org.springframework.web.servlet.config.annotation.EnableWebMvc;
+import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
+import org.springframework.web.servlet.view.InternalResourceViewResolver;
+import org.springframework.web.servlet.view.JstlView;
+import org.springframework.context.annotation.ComponentScan;
+
+@EnableWebMvc
+@Configuration
+@ComponentScan("org.baeldung.controller")
+public class MultipleLoginMvcConfig extends WebMvcConfigurerAdapter {
+
+    public MultipleLoginMvcConfig() {
+        super();
+    }
+
+    // API
+
+    @Override
+    public void addViewControllers(final ViewControllerRegistry registry) {
+        super.addViewControllers(registry);
+
+        registry.addViewController("/anonymous.html");
+
+        registry.addViewController("/login.html");
+        registry.addViewController("/homepage.html");
+        registry.addViewController("/console.html");
+    }
+
+    @Bean
+    public ViewResolver viewResolver() {
+        final InternalResourceViewResolver bean = new InternalResourceViewResolver();
+
+        bean.setViewClass(JstlView.class);
+        bean.setPrefix("/WEB-INF/view/");
+        bean.setSuffix(".jsp");
+
+        return bean;
+    }
+}

spring-security-custom-permission/src/main/java/org/baeldung/multiplelogin/MultipleLoginSecurityConfig.java

@@ -0,0 +1,122 @@
+package org.baeldung.multiplelogin;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.TestingAuthenticationProvider;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+
+@Configuration
+@EnableWebSecurity
+public class MultipleLoginSecurityConfig {
+
+    @Bean
+    public UserDetailsService userDetailsService() throws Exception {
+        InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
+        manager.createUser(User.withUsername("user")
+            .password("userPass")
+            .roles("USER")
+            .build());
+        manager.createUser(User.withUsername("admin")
+            .password("adminPass")
+            .roles("ADMIN")
+            .build());
+        return manager;
+    }
+
+    @Configuration
+    @Order(1)
+    public static class App1ConfigurationAdapter extends WebSecurityConfigurerAdapter {
+
+        public App1ConfigurationAdapter() {
+            super();
+        }
+
+        @Override
+        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+            auth.inMemoryAuthentication()
+                .withUser("admin")
+                .password("admin")
+                .roles("ADMIN");
+        }
+
+        @Override
+        protected void configure(HttpSecurity http) throws Exception {
+            http.antMatcher("/admin*")
+                .authorizeRequests()
+                .anyRequest()
+                .hasRole("ADMIN")
+                // log in
+                .and()
+                .formLogin()
+                .loginPage("/loginAdmin")
+                .loginProcessingUrl("/admin_login")
+                .failureUrl("/loginAdmin?error=loginError")
+                .defaultSuccessUrl("/adminPage")
+                // logout
+                .and()
+                .logout()
+                .logoutUrl("/admin_logout")
+                .logoutSuccessUrl("/protectedLinks")
+                .deleteCookies("JSESSIONID")
+                .and()
+                .exceptionHandling()
+                .accessDeniedPage("/403")
+                .and()
+                .csrf()
+                .disable();
+        }
+    }
+
+    @Configuration
+    @Order(2)
+    public static class App2ConfigurationAdapter extends WebSecurityConfigurerAdapter {
+
+        public App2ConfigurationAdapter() {
+            super();
+        }
+
+        @Override
+        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+            auth.inMemoryAuthentication()
+                .withUser("user")
+                .password("user")
+                .roles("USER");
+        }
+
+        protected void configure(HttpSecurity http) throws Exception {
+            http.antMatcher("/user*")
+                .authorizeRequests()
+                .anyRequest()
+                .hasRole("USER")
+                // log in
+                .and()
+                .formLogin()
+                .loginPage("/loginUser")
+                .loginProcessingUrl("/user_login")
+                .failureUrl("/loginUser?error=loginError")
+                .defaultSuccessUrl("/userPage")
+                // logout
+                .and()
+                .logout()
+                .logoutUrl("/user_logout")
+                .logoutSuccessUrl("/protectedLinks")
+                .deleteCookies("JSESSIONID")
+                .and()
+                .exceptionHandling()
+                .accessDeniedPage("/403")
+                .and()
+                .csrf()
+                .disable();
+        }
+    }
+
+}

spring-security-custom-permission/src/main/java/org/baeldung/multiplelogin/UsersController.java

@@ -0,0 +1,38 @@
+package org.baeldung.multiplelogin;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+@Controller
+public class UsersController {
+
+    @RequestMapping("/protectedLinks")
+    public String getAnonymousPage() {
+        return "protectedLinks";
+    }
+
+    @RequestMapping("/userPage")
+    public String getUserPage() {
+        return "userPage";
+    }
+
+    @RequestMapping("/adminPage")
+    public String getAdminPage() {
+        return "adminPage";
+    }
+
+    @RequestMapping("/loginAdmin")
+    public String getAdminLoginPage() {
+        return "loginAdmin";
+    }
+
+    @RequestMapping("/loginUser")
+    public String getUserLoginPage() {
+        return "loginUser";
+    }
+
+    @RequestMapping("/403")
+    public String getAccessDeniedPage() {
+        return "403";
+    }
+}

spring-security-custom-permission/src/main/resources/templates/403.html

@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
+<title></title>
+</head>
+<body>
+You do not have permission to view this page.
+</body>
+</html>

spring-security-custom-permission/src/main/resources/templates/adminPage.html

@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
+<title>Insert title here</title>
+</head>
+<body>
+Welcome admin! <a th:href="@{/admin_logout}" >Logout</a>
+
+<br /><br />
+<a th:href="@{/protectedLinks}" >Back to links</a>
+</body>
+</html>

spring-security-custom-permission/src/main/resources/templates/login.html

@@ -0,0 +1,27 @@
+<html>
+<head></head>
+
+<body>
+    <h1>Login</h1>
+
+    <form name='f' action="login" method='POST'>
+
+        <table>
+            <tr>
+                <td>User:</td>
+                <td><input type="text" name="username"></td>
+            </tr>
+            <tr>
+                <td>Password:</td>
+                <td><input type="password" name="password" /></td>
+            </tr>
+			
+            <tr>
+                <td><input name="submit" type="submit" value="submit" /></td>
+            </tr>
+        </table>
+
+    </form>
+
+</body>
+</html>

spring-security-custom-permission/src/main/resources/templates/loginAdmin.html

@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
+<title>Insert title here</title>
+</head>
+<body>
+
+    <p>Admin login page</p>
+    <form name="f" action="admin_login" method="POST">
+
+        <table>
+            <tr>
+                <td>User:</td>
+                <td><input type="text" name="username" /></td>
+            </tr>
+            <tr>
+                <td>Password:</td>
+                <td><input type="password" name="password" /></td>
+            </tr>
+            <tr>
+                <td><input name="submit" type="submit" value="submit" /></td>
+            </tr>
+        </table>
+
+    </form>
+
+    <p th:if="${param.error}">Login failed!</p>
+
+</body>
+</html>

spring-security-custom-permission/src/main/resources/templates/loginUser.html

@@ -0,0 +1,30 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
+<title>Login</title>
+</head>
+<body>
+
+    <p>User login page</p>
+	
+    <form name="f" action="user_login" method="POST">	
+        <table>
+            <tr>
+                <td>User:</td>
+                <td><input type="text" name="username" /></td>
+            </tr>
+            <tr>
+                <td>Password:</td>
+                <td><input type="password" name="password" /></td>
+            </tr>
+            <tr>
+                <td><input name="submit" type="submit" value="submit" /></td>
+            </tr>
+        </table>
+
+    </form>
+    <p th:if="${param.error}">Login failed!</p>
+
+</body>
+</html>

spring-security-custom-permission/src/main/resources/templates/protectedLinks.html

@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
+<title>Insert title here</title>
+</head>
+<body>
+
+<a th:href="@{/userPage}">User page</a>
+<br />
+<a th:href="@{/adminPage}">Admin page</a>
+</body>
+</html>

spring-security-custom-permission/src/main/resources/templates/userPage.html

@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
+<title>Insert title here</title>
+</head>
+<body>
+Welcome user! <a th:href="@{/user_logout}" >Logout</a>
+<br /><br />
+<a th:href="@{/protectedLinks}" >Back to links</a>
+</body>
+</html>