Bael 4582: Custom Authentication using shared secret (#13801)
* Spring custom security filter add * Integration Tests add * Add Project into parent pom * refactor code * refactor code * remove .env and refactor code * refactor code * exclude auto configuration * Refactored code * removed ssl certificate for security * Set session management to statelees * Refactor tests * Refactor authentication logic * Refactor authentication logic * Refactor authentication logic * Remove unused code * Remove unused code * Remove unused appconfig
This commit is contained in:
Saikat Chakraborty
GitHub
parent
00ca91bd58
commit
d37926eddf
|
|
@ -33,6 +33,7 @@
|
|||
<module>spring-security-web-boot-2</module>
|
||||
<module>spring-security-web-boot-3</module>
|
||||
<module>spring-security-web-boot-4</module>
|
||||
<module>spring-security-web-boot-5</module>
|
||||
<module>spring-security-web-digest-auth</module>
|
||||
<module>spring-security-web-login</module>
|
||||
<module>spring-security-web-login-2</module>
|
||||
|
|
|
|||
|
|
@ -0,0 +1,51 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<project xmlns="http://maven.apache.org/POM/4.0.0"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<artifactId>spring-security-web-boot-5</artifactId>
|
||||
<version>0.0.1-SNAPSHOT</version>
|
||||
<name>spring-security-web-boot-5</name>
|
||||
<packaging>jar</packaging>
|
||||
<description>Spring Security Custom Auth Application</description>
|
||||
|
||||
<parent>
|
||||
<groupId>com.baeldung</groupId>
|
||||
<artifactId>parent-boot-2</artifactId>
|
||||
<version>0.0.1-SNAPSHOT</version>
|
||||
<relativePath>../../parent-boot-2</relativePath>
|
||||
</parent>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-web</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-security</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-test</artifactId>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-maven-plugin</artifactId>
|
||||
<executions>
|
||||
<execution>
|
||||
<goals>
|
||||
<goal>repackage</goal>
|
||||
</goals>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
|
||||
</project>
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
package com.baeldung.customauth;
|
||||
|
||||
import org.springframework.boot.SpringApplication;
|
||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||
|
||||
@SpringBootApplication
|
||||
public class SpringSecurityApplication {
|
||||
|
||||
public static void main(String[] args) {
|
||||
SpringApplication.run(SpringSecurityApplication.class, args);
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,36 @@
|
|||
package com.baeldung.customauth.authprovider;
|
||||
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.security.authentication.AuthenticationProvider;
|
||||
import org.springframework.security.authentication.BadCredentialsException;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import java.util.ArrayList;
|
||||
|
||||
@Service
|
||||
public class RequestHeaderAuthenticationProvider implements AuthenticationProvider {
|
||||
|
||||
@Value("${api.auth.secret}")
|
||||
private String apiAuthSecret;
|
||||
|
||||
|
||||
@Override
|
||||
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
|
||||
String authSecretKey = String.valueOf(authentication.getPrincipal());
|
||||
|
||||
if(StringUtils.isBlank(authSecretKey) || !authSecretKey.equals(apiAuthSecret)) {
|
||||
throw new BadCredentialsException("Bad Request Header Credentials");
|
||||
}
|
||||
|
||||
return new PreAuthenticatedAuthenticationToken(authentication.getPrincipal(), null, new ArrayList<>());
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean supports(Class<?> authentication) {
|
||||
return authentication.equals(PreAuthenticatedAuthenticationToken.class);
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,68 @@
|
|||
package com.baeldung.customauth.configuration;
|
||||
|
||||
import com.baeldung.customauth.authprovider.RequestHeaderAuthenticationProvider;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.ProviderManager;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter;
|
||||
import org.springframework.security.web.header.HeaderWriterFilter;
|
||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
||||
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.util.Collections;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class SecurityConfig {
|
||||
|
||||
private final RequestHeaderAuthenticationProvider requestHeaderAuthenticationProvider;
|
||||
|
||||
@Value("${api.auth.header.name}")
|
||||
private String apiAuthHeaderName;
|
||||
|
||||
@Autowired
|
||||
public SecurityConfig( RequestHeaderAuthenticationProvider requestHeaderAuthenticationProvider){
|
||||
this.requestHeaderAuthenticationProvider = requestHeaderAuthenticationProvider;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http.cors().and().csrf()
|
||||
.disable()
|
||||
.sessionManagement()
|
||||
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
|
||||
.and()
|
||||
.addFilterAfter(requestHeaderAuthenticationFilter(), HeaderWriterFilter.class)
|
||||
.authorizeHttpRequests()
|
||||
.antMatchers(HttpMethod.GET,"/health").permitAll()
|
||||
.antMatchers("/api/**").authenticated().and()
|
||||
.exceptionHandling().authenticationEntryPoint((request, response, authException) ->
|
||||
response.sendError(HttpServletResponse.SC_UNAUTHORIZED));
|
||||
|
||||
return http.build();
|
||||
}
|
||||
|
||||
@Bean
|
||||
public RequestHeaderAuthenticationFilter requestHeaderAuthenticationFilter() {
|
||||
RequestHeaderAuthenticationFilter filter = new RequestHeaderAuthenticationFilter();
|
||||
filter.setPrincipalRequestHeader(apiAuthHeaderName);
|
||||
filter.setExceptionIfHeaderMissing(false);
|
||||
filter.setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher("/api/**"));
|
||||
filter.setAuthenticationManager(authenticationManager());
|
||||
|
||||
return filter;
|
||||
}
|
||||
|
||||
@Bean
|
||||
protected AuthenticationManager authenticationManager() {
|
||||
return new ProviderManager(Collections.singletonList(requestHeaderAuthenticationProvider));
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
package com.baeldung.customauth.controller;
|
||||
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
@RestController
|
||||
public class ApiController {
|
||||
|
||||
@GetMapping(path = "/api/hello")
|
||||
public String hello(){
|
||||
return "hello";
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
package com.baeldung.customauth.controller;
|
||||
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
@RestController
|
||||
public class HealthCheckController {
|
||||
|
||||
@GetMapping(path = "/health")
|
||||
public String getHealthStatus(){
|
||||
return "OK";
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
spring.application.name=spring-security-app
|
||||
server.servlet.context-path=/app
|
||||
server.port=8085
|
||||
api.auth.header.name=x-auth-secret-key
|
||||
logging.level.org.springframework.security=DEBUG
|
||||
|
|
@ -0,0 +1,16 @@
|
|||
package com.baeldung.customauth;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.springframework.boot.test.context.SpringBootTest;
|
||||
import org.springframework.test.context.junit.jupiter.SpringExtension;
|
||||
|
||||
|
||||
@ExtendWith(SpringExtension.class)
|
||||
@SpringBootTest(classes = SpringSecurityApplication.class)
|
||||
class SpringContextTest {
|
||||
|
||||
@Test
|
||||
void whenSpringContextIsBootstrapped_thenNoExceptions() {
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,68 @@
|
|||
package com.baeldung.customauth.controller;
|
||||
|
||||
import com.baeldung.customauth.SpringSecurityApplication;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.springframework.boot.test.context.SpringBootTest;
|
||||
import org.springframework.boot.test.web.client.TestRestTemplate;
|
||||
import org.springframework.http.*;
|
||||
import org.springframework.test.context.junit.jupiter.SpringExtension;
|
||||
|
||||
import java.net.URI;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
|
||||
|
||||
@SpringBootTest(classes = SpringSecurityApplication.class,
|
||||
webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT)
|
||||
@ExtendWith(SpringExtension.class)
|
||||
class ApiControllerIntegrationTest {
|
||||
|
||||
private final TestRestTemplate restTemplate = new TestRestTemplate();
|
||||
|
||||
private static final String API_ENDPOINT = "http://localhost:8080/app/api/hello";
|
||||
|
||||
@Test
|
||||
void givenAuthHeaderSecretIsValid_whenApiControllerCalled_thenReturnOk() throws Exception {
|
||||
HttpHeaders headers = new HttpHeaders();
|
||||
headers.add("x-auth-secret-key", "test-secret");
|
||||
|
||||
ResponseEntity<String> response = restTemplate.exchange(new URI(API_ENDPOINT), HttpMethod.GET,
|
||||
new HttpEntity<>(headers), String.class);
|
||||
|
||||
assertEquals(HttpStatus.OK, response.getStatusCode());
|
||||
assertEquals("hello", response.getBody());
|
||||
}
|
||||
|
||||
@Test
|
||||
void givenAAuthHeaderIsInvalid_whenApiControllerCalled_thenReturnUnAuthorised() throws Exception {
|
||||
HttpHeaders headers = new HttpHeaders();
|
||||
headers.add("x-auth-secret-key", "invalid");
|
||||
|
||||
ResponseEntity<String> response = restTemplate.exchange(new URI(API_ENDPOINT), HttpMethod.GET,
|
||||
new HttpEntity<>(headers), String.class);
|
||||
|
||||
assertEquals(HttpStatus.UNAUTHORIZED, response.getStatusCode());
|
||||
}
|
||||
|
||||
@Test
|
||||
void givenAuthHeaderNameIsInValid_whenApiControllerCalled_thenReturnUnAuthorised() throws Exception {
|
||||
HttpHeaders headers = new HttpHeaders();
|
||||
headers.add("x-auth-secret", "test-secret");
|
||||
|
||||
ResponseEntity<String> response = restTemplate.exchange(new URI(API_ENDPOINT), HttpMethod.GET,
|
||||
new HttpEntity<>(headers), String.class);
|
||||
|
||||
assertEquals(HttpStatus.UNAUTHORIZED, response.getStatusCode());
|
||||
}
|
||||
|
||||
@Test
|
||||
void givenAuthHeaderIsMissing_whenApiControllerCalled_thenReturnUnAuthorised() throws Exception {
|
||||
HttpHeaders headers = new HttpHeaders();
|
||||
|
||||
ResponseEntity<String> response = restTemplate.exchange(new URI(API_ENDPOINT), HttpMethod.GET,
|
||||
new HttpEntity<>(headers), String.class);
|
||||
|
||||
assertEquals(HttpStatus.UNAUTHORIZED, response.getStatusCode());
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,34 @@
|
|||
package com.baeldung.customauth.controller;
|
||||
|
||||
import com.baeldung.customauth.SpringSecurityApplication;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.springframework.boot.test.context.SpringBootTest;
|
||||
import org.springframework.boot.test.web.client.TestRestTemplate;
|
||||
import org.springframework.http.*;
|
||||
import org.springframework.test.context.junit.jupiter.SpringExtension;
|
||||
|
||||
import java.net.URI;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
|
||||
@SpringBootTest(classes = SpringSecurityApplication.class,
|
||||
webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT)
|
||||
@ExtendWith(SpringExtension.class)
|
||||
class HealthCheckControllerIntegrationTest {
|
||||
|
||||
private final TestRestTemplate restTemplate = new TestRestTemplate();
|
||||
|
||||
private static final String HEALTH_CHECK_ENDPOINT = "http://localhost:8080/app/health";
|
||||
|
||||
@Test
|
||||
void givenApplicationIsRunning_whenHealthCheckControllerCalled_thenReturnOk() throws Exception {
|
||||
HttpHeaders headers = new HttpHeaders();
|
||||
|
||||
ResponseEntity<String> response = restTemplate.exchange(new URI(HEALTH_CHECK_ENDPOINT), HttpMethod.GET,
|
||||
new HttpEntity<>(headers), String.class);
|
||||
|
||||
assertEquals(HttpStatus.OK, response.getStatusCode());
|
||||
assertEquals("OK", response.getBody());
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
spring.application.name=spring-security-app
|
||||
server.servlet.context-path=/app
|
||||
server.port=8080
|
||||
api.auth.header.name=x-auth-secret-key
|
||||
api.auth.secret=test-secret
|
||||
Loading…
Reference in New Issue