1
0
mirror of synced 2026-07-05 10:50:03 +00:00

Use xml / javaconfig folders for samples

Fixes gh-3752
This commit is contained in:
Joe Grandja
2016-04-11 10:47:06 -04:00
committed by Rob Winch
parent 2c85fb05d0
commit 945a21a3fb
543 changed files with 828 additions and 430 deletions
@@ -0,0 +1,61 @@
/*
* Copyright 2011 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.samples
import geb.spock.*
import spock.lang.Shared
import spock.lang.Stepwise
import org.springframework.security.samples.pages.*
/**
* Tests the CAS sample application using service tickets.
*
* @author Rob Winch
*/
@Stepwise
class JaasXmlTests extends GebReportingSpec {
def 'access home page with unauthenticated works'() {
when: 'Unauthenticated user accesses the Home Page'
to HomePage
then: 'The home page is displayed'
at HomePage
}
def 'access secure page with unauthenticated requires login'() {
when: 'Unauthenticated user accesses the Secure Page'
securePage LoginPage
then: 'The login page is displayed'
at LoginPage
}
def 'authenticated user is sent to original page'() {
when: 'user authenticates'
login()
then: 'The secure page is displayed'
at SecurePage
}
def 'authenticated user logs out'() {
when: 'user logs out'
logout()
then: 'the default logout success page is displayed'
at LogoutPage
when: 'Unauthenticated user accesses the Secure Page'
via SecurePage
then: 'The login page is displayed'
at LoginPage
}
}
@@ -0,0 +1,31 @@
/*
* Copyright 2011 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.samples.pages;
import geb.*
/**
* The home page
*
* @author Rob Winch
*/
class HomePage extends Page {
static url = ''
static at = { assert driver.title == 'Home Page'; true}
static content = {
securePage(to: [SecurePage,LoginPage]) { $('a').click() }
}
}
@@ -0,0 +1,37 @@
/*
* Copyright 2011 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.samples.pages;
import geb.*
/**
* The login page.
*
* @author Rob Winch
*/
class LoginPage extends Page {
static url = 'login'
static at = { assert driver.title == 'Login Page'; true}
static content = {
login(required:false) { user='user', password='user' ->
loginForm.username = user
loginForm.password = password
submit.click()
}
loginForm { $('form') }
submit { $('input', type: 'submit') }
}
}
@@ -0,0 +1,28 @@
/*
* Copyright 2011 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.samples.pages
import geb.Page
/**
* The login page.
*
* @author Rob Winch
*/
class LogoutPage extends LoginPage {
static url = 'login'
static at = { assert driver.title == 'Login Page' && $('p').text() == 'You have been logged out'; true}
}
@@ -0,0 +1,32 @@
/*
* Copyright 2011 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.samples.pages
import geb.Page
/**
* The home page
*
* @author Rob Winch
*/
class SecurePage extends Page {
static url = 'secure/'
static at = { assert driver.title == 'Security Debug Information'; true}
static content = {
message { $('p').text() }
logout { $('input', type: 'submit').click() }
}
}
@@ -0,0 +1,34 @@
/*
* Copyright 2010-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package samples.jaas;
import java.security.Principal;
import java.util.Collections;
import java.util.Set;
import org.springframework.security.authentication.jaas.AuthorityGranter;
/**
* An AuthorityGranter that always grants "ROLE_USER".
*
* @author Rob Winch
*/
public class RoleUserAuthorityGranter implements AuthorityGranter {
public Set<String> grant(Principal principal) {
return Collections.singleton("ROLE_USER");
}
}
@@ -0,0 +1,106 @@
/*
* Copyright 2010-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package samples.jaas;
import java.io.Serializable;
import java.security.Principal;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
/**
* A LoginModule that will allow login if the username equals the password. Upon
* successful authentication it adds the username as a Principal.
*
* @author Rob Winch
*/
public class UsernameEqualsPasswordLoginModule implements LoginModule {
// ~ Instance fields
// ================================================================================================
private String password;
private String username;
private Subject subject;
// ~ Methods
// ========================================================================================================
public boolean abort() throws LoginException {
return true;
}
public boolean commit() throws LoginException {
return true;
}
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map<String, ?> sharedState, Map<String, ?> options) {
this.subject = subject;
try {
NameCallback nameCallback = new NameCallback("prompt");
PasswordCallback passwordCallback = new PasswordCallback("prompt", false);
callbackHandler.handle(new Callback[] { nameCallback, passwordCallback });
password = new String(passwordCallback.getPassword());
username = nameCallback.getName();
}
catch (Exception e) {
throw new RuntimeException(e);
}
}
public boolean login() throws LoginException {
if (username == null || !username.equals(password)) {
throw new LoginException("username is not equal to password");
}
if ("".equals(username)) {
throw new LoginException("username cannot be empty string");
}
subject.getPrincipals().add(new UsernamePrincipal(username));
return true;
}
public boolean logout() throws LoginException {
return true;
}
private static class UsernamePrincipal implements Principal, Serializable {
private final String username;
public UsernamePrincipal(String username) {
this.username = username;
}
public String getName() {
return username;
}
public String toString() {
return "Principal [name=" + getName() + "]";
}
private static final long serialVersionUID = 8049681145355488137L;
}
}
@@ -0,0 +1,52 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sec="http://www.springframework.org/schema/security"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd">
<sec:http auto-config="true" jaas-api-provision="true">
<sec:intercept-url pattern="/secure/**" access="isAuthenticated()"/>
</sec:http>
<sec:authentication-manager>
<sec:authentication-provider ref="jaasAuthProvider"/>
</sec:authentication-manager>
<bean id="jaasAuthProvider"
class="org.springframework.security.authentication.jaas.DefaultJaasAuthenticationProvider">
<property name="configuration">
<bean
class="org.springframework.security.authentication.jaas.memory.InMemoryConfiguration">
<constructor-arg>
<map>
<entry key="SPRINGSECURITY">
<array>
<bean class="javax.security.auth.login.AppConfigurationEntry">
<constructor-arg
value="samples.jaas.UsernameEqualsPasswordLoginModule" />
<constructor-arg>
<util:constant
static-field="javax.security.auth.login.AppConfigurationEntry$LoginModuleControlFlag.REQUIRED" />
</constructor-arg>
<constructor-arg>
<map></map>
</constructor-arg>
</bean>
</array>
</entry>
</map>
</constructor-arg>
</bean>
</property>
<property name="authorityGranters">
<list>
<bean class="samples.jaas.RoleUserAuthorityGranter" />
</list>
</property>
</bean>
</beans>
@@ -0,0 +1,12 @@
<configuration>
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
</encoder>
</appender>
<root level="WARN">
<appender-ref ref="STDOUT" />
</root>
</configuration>
@@ -0,0 +1,63 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
- JAAS web application
-
-->
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<display-name>JAAS Sample Application</display-name>
<!--
- Location of the XML file that defines the root application context
- Applied by ContextLoaderListener.
-->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:applicationContext-security.xml
</param-value>
</context-param>
<!-- Nothing below here needs to be modified -->
<context-param>
<param-name>webAppRootKey</param-name>
<param-value>jaas.root</param-value>
</context-param>
<filter>
<filter-name>localizationFilter</filter-name>
<filter-class>org.springframework.web.filter.RequestContextFilter</filter-class>
</filter>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>localizationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--
- Loads the root application context of this web app at startup.
- The application context is then available via
- WebApplicationContextUtils.getWebApplicationContext(servletContext).
-->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
@@ -0,0 +1,24 @@
<%@ page import="javax.security.auth.Subject" %>
<%@ page import="java.security.AccessController" %>
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
<html>
<head><title>Home Page</title></head>
<body>
<h1>Home Page</h1>
<p>
Anyone can view this page.
</p>
<p>
Your principal object is....: <%= request.getUserPrincipal() %>
</p>
<p>
Subject.getSubject(AccessController.getContext()) is....: <%= Subject.getSubject(AccessController.getContext()) %>
</p>
<p>
<sec:authorize url='/secure/index.jsp'>You can currently access "/secure" URLs.</sec:authorize>
</p>
<p>
<a href="secure/index.jsp">Secure page</a></p>
</body>
</html>
@@ -0,0 +1,58 @@
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
<%@ page import="javax.security.auth.Subject" %>
<%@ page import="java.security.AccessController" %>
<%@ page import="org.springframework.security.core.context.SecurityContextHolder" %>
<%@ page import="org.springframework.security.core.Authentication" %>
<%@ page import="org.springframework.security.core.GrantedAuthority" %>
<html>
<head>
<title>Security Debug Information</title>
</head>
<body>
<h3>Security Debug Information</h3>
<%
Subject subject = Subject.getSubject(AccessController.getContext());
if(subject != null) { %>
<p>
Subject.getSubject(AccessController.getContext()) is....: <%= subject %>
</p>
<%} %>
<%
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth != null) { %>
<p>
Authentication object is of type: <em><%= auth.getClass().getName() %></em>
</p>
<p>
Authentication object as a String: <br/><br/><%= auth.toString() %>
</p>
Authentication object holds the following granted authorities:<br /><br />
<%
for (GrantedAuthority authority : auth.getAuthorities()) { %>
<%= authority %> (<em>getAuthority()</em>: <%= authority.getAuthority() %>)<br />
<% }
%>
<p><b>Success! Your web filters appear to be properly configured!</b></p>
<%
} else {
%>
Authentication object is null.<br />
This is an error and your Spring Security application will not operate properly until corrected.<br /><br />
<% }
%>
<form action="<c:url value="/logout"/>" method="post">
<input type="submit" value="Log Out"/>
<sec:csrfInput/>
</form>
</body>
</html>