spring boot jsp security taglibs

spring-boot-security-taglibs/.gitignore

@@ -0,0 +1,13 @@
+*.class
+
+#folders#
+/target
+/neoDb*
+/data
+/src/main/webapp/WEB-INF/classes
+*/META-INF/*
+
+# Packaged files #
+*.jar
+*.war
+*.ear

spring-boot-security-taglibs/README.md

@@ -0,0 +1,19 @@
+=========
+
+## Spring Security Login Example Project
+
+###The Course
+The "Learn Spring Security" Classes: http://github.learnspringsecurity.com
+
+### Relevant Articles: 
+- [Spring Security Form Login](http://www.baeldung.com/spring-security-login)
+- [Spring Security Logout](http://www.baeldung.com/spring-security-logout)
+- [Spring Security Expressions – hasRole Example](http://www.baeldung.com/spring-security-expressions-basic)
+- [Spring HTTP/HTTPS Channel Security](http://www.baeldung.com/spring-channel-security-https)
+- [Spring Security - Customize the 403 Forbidden/Access Denied Page](http://www.baeldung.com/spring-security-custom-access-denied-page)
+- [Spring Security – Redirect to the Previous URL After Login](http://www.baeldung.com/spring-security-redirect-login)
+
+### Build the Project
+```
+mvn clean install
+```

spring-boot-security-taglibs/pom.xml

@@ -0,0 +1,84 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+
+	<artifactId>spring-boot-security-taglibs</artifactId>
+	<packaging>jar</packaging>
+	<name>spring-boot-security-taglibs</name>
+	<description>spring 5 security sample project</description>
+
+	<parent>
+		<groupId>com.baeldung</groupId>
+		<artifactId>parent-boot-2</artifactId>
+		<version>0.0.1-SNAPSHOT</version>
+		<relativePath>../parent-boot-2</relativePath>
+	</parent>
+
+	<dependencies>
+
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-security</artifactId>
+		</dependency>
+
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-web</artifactId>
+		</dependency>
+
+		<!-- security taglib -->
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-taglibs</artifactId>
+		</dependency>
+
+		<!-- JSTL -->
+		<dependency>
+			<groupId>org.apache.tomcat.embed</groupId>
+			<artifactId>tomcat-embed-jasper</artifactId>
+			<scope>provided</scope>
+		</dependency>
+		<dependency>
+			<groupId>javax.servlet</groupId>
+			<artifactId>jstl</artifactId>
+		</dependency>
+		<!-- test -->
+		<dependency>
+			<groupId>net.sourceforge.htmlunit</groupId>
+			<artifactId>htmlunit</artifactId>
+		</dependency>
+
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-test</artifactId>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-test</artifactId>
+			<scope>test</scope>
+		</dependency>
+
+	</dependencies>
+
+	<build>
+		<finalName>spring-5-security-taglibs</finalName>
+		<resources>
+			<resource>
+				<directory>src/main/resources</directory>
+				<filtering>true</filtering>
+			</resource>
+		</resources>
+
+		<plugins>
+		</plugins>
+
+	</build>
+
+	<properties>
+		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
+		<java.version>1.8</java.version>
+	</properties>
+
+</project>

spring-boot-security-taglibs/src/main/java/org/baeldung/security/Application.java

@@ -0,0 +1,23 @@
+package org.baeldung.security;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.builder.SpringApplicationBuilder;
+import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
+
+@SpringBootApplication
+public class Application extends SpringBootServletInitializer {
+
+    public Application() {
+        super();
+    }
+
+    public static void main(String[] args) {
+        SpringApplication.run(Application.class, args);
+    }
+
+    @Override
+    protected SpringApplicationBuilder configure(SpringApplicationBuilder builder) {
+        return builder.sources(Application.class);
+    }
+}

spring-boot-security-taglibs/src/main/java/org/baeldung/security/HomeController.java

@@ -0,0 +1,18 @@
+package org.baeldung.security;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+@Controller
+@RequestMapping("/")
+public class HomeController {
+
+    @RequestMapping("")
+    public String home(HttpServletRequest request, HttpServletResponse response) {
+        return "home";
+    }
+
+}

spring-boot-security-taglibs/src/main/java/org/baeldung/security/SecurityConfig.java

@@ -0,0 +1,70 @@
+package org.baeldung.security;
+
+import java.util.HashSet;
+import java.util.Set;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.BeanIds;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+    private static final String ROLE_PREFIX = "ROLE_";
+    public static final String DEFAULT_PASSWORD = "password";
+    @Bean
+    static PasswordEncoder bCryptPasswordEncoder() {
+        return new BCryptPasswordEncoder(10);
+    }
+    
+    @Bean
+    UserDetailsService customUserDetailsService() {
+        return new UserDetailsService() {
+			
+			@Override
+			public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+				//authenticate and return dummy user
+		        Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
+				authorities.add(new SimpleGrantedAuthority(ROLE_PREFIX + username));
+				return new User(username, bCryptPasswordEncoder().encode(DEFAULT_PASSWORD), authorities);
+			}
+		};
+    }
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth.userDetailsService(customUserDetailsService()).passwordEncoder(bCryptPasswordEncoder());
+
+    }
+
+    @Bean(name = BeanIds.AUTHENTICATION_MANAGER)
+    @Override
+    public AuthenticationManager authenticationManagerBean() throws Exception {
+        return super.authenticationManager();
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.csrf();
+        http.headers().frameOptions().sameOrigin();
+       
+        http.antMatcher("/**").userDetailsService(customUserDetailsService())
+            .authorizeRequests()
+            .antMatchers("/**").permitAll()
+            .and()
+            .httpBasic();
+    }
+}

spring-boot-security-taglibs/src/main/resources/application.properties

@@ -0,0 +1,8 @@
+#jsp config
+spring.mvc.view.prefix: /WEB-INF/views/
+spring.mvc.view.suffix: .jsp
+spring.http.encoding.charset=UTF-8
+# Enable http encoding support.
+spring.http.encoding.enabled=true
+# Force the encoding to the configured charset on HTTP requests and responses.
+spring.http.encoding.force=true

spring-boot-security-taglibs/src/main/webapp/WEB-INF/views/home.jsp

@@ -0,0 +1,20 @@
+<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
+    pageEncoding="ISO-8859-1"%>
+<%@ taglib prefix="security"
+           uri="http://www.springframework.org/security/tags" %>
+    
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Home Page</title>
+</head>
+<body>
+     <security:authorize access="isAuthenticated()">
+        AUTHENTICATED
+     </security:authorize>
+    <security:authorize access="hasRole('ADMIN')">
+        ADMIN ROLE
+    </security:authorize>
+</body>
+</html>

spring-boot-security-taglibs/src/test/java/org/baeldung/security/HomeControllerTest.java

@@ -0,0 +1,27 @@
+package org.baeldung.security;
+
+import static org.junit.Assert.assertTrue;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.boot.test.web.client.TestRestTemplate;
+import org.springframework.test.context.junit4.SpringRunner;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)
+public class HomeControllerTest {
+	
+    @Autowired
+    private TestRestTemplate restTemplate;
+
+	@Test
+	public void home() throws Exception {
+		String body = this.restTemplate.withBasicAuth("ADMIN", SecurityConfig.DEFAULT_PASSWORD).getForEntity("/", String.class).getBody();
+		System.out.println(body);
+		assertTrue(body.contains("AUTHENTICATED"));
+		assertTrue(body.contains("ADMIN ROLE"));
+	}
+}