From a0ff77a3fd8fb9105c21f9bffc018b3f430e323c Mon Sep 17 00:00:00 2001 From: TINO Date: Tue, 5 Feb 2019 00:11:09 +0300 Subject: [PATCH 1/5] BAEL-2226 --- spring-security-cors/pom.xml | 70 +++++++++++++++++++ .../SpringBootSecurityApplication.java | 14 ++++ .../basicauth/config/WebSecurityConfig.java | 33 +++++++++ .../controller/ResourceController.java | 17 +++++ .../src/main/resources/application.properties | 3 + .../src/main/resources/logback.xml | 13 ++++ ...BasicAuthConfigurationIntegrationTest.java | 33 +++++++++ 7 files changed, 183 insertions(+) create mode 100644 spring-security-cors/pom.xml create mode 100644 spring-security-cors/src/main/java/com/baeldung/springbootsecuritycors/basicauth/SpringBootSecurityApplication.java create mode 100644 spring-security-cors/src/main/java/com/baeldung/springbootsecuritycors/basicauth/config/WebSecurityConfig.java create mode 100644 spring-security-cors/src/main/java/com/baeldung/springbootsecuritycors/controller/ResourceController.java create mode 100644 spring-security-cors/src/main/resources/application.properties create mode 100644 spring-security-cors/src/main/resources/logback.xml create mode 100644 spring-security-cors/src/test/java/com/baeldung/springbootsecurityrest/BasicAuthConfigurationIntegrationTest.java diff --git a/spring-security-cors/pom.xml b/spring-security-cors/pom.xml new file mode 100644 index 0000000000..1f12c908c6 --- /dev/null +++ b/spring-security-cors/pom.xml @@ -0,0 +1,70 @@ + + + 4.0.0 + com.baeldung + spring-security-cors + 0.0.1-SNAPSHOT + jar + spring-security-cors + Spring Security CORS + + + com.baeldung + parent-modules + 1.0.0-SNAPSHOT + + + + + + org.springframework.boot + spring-boot-dependencies + 2.1.2.RELEASE + pom + import + + + + + + + + + + + org.springframework.boot + spring-boot-starter-security + + + org.springframework.boot + spring-boot-starter-web + + + + org.springframework.boot + spring-boot-starter-test + test + + + org.springframework.security + spring-security-test + test + + + + + + + org.springframework.boot + spring-boot-maven-plugin + + + + + + UTF-8 + UTF-8 + + + diff --git a/spring-security-cors/src/main/java/com/baeldung/springbootsecuritycors/basicauth/SpringBootSecurityApplication.java b/spring-security-cors/src/main/java/com/baeldung/springbootsecuritycors/basicauth/SpringBootSecurityApplication.java new file mode 100644 index 0000000000..89bf0dde5d --- /dev/null +++ b/spring-security-cors/src/main/java/com/baeldung/springbootsecuritycors/basicauth/SpringBootSecurityApplication.java @@ -0,0 +1,14 @@ +package com.baeldung.springbootsecuritycors.basicauth; + +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.EnableAutoConfiguration; +import org.springframework.boot.autoconfigure.SpringBootApplication; + +@SpringBootApplication(scanBasePackages = "com.baeldung.springbootsecuritycors") +@EnableAutoConfiguration +public class SpringBootSecurityApplication { + + public static void main(String[] args) { + SpringApplication.run(SpringBootSecurityApplication.class, args); + } +} diff --git a/spring-security-cors/src/main/java/com/baeldung/springbootsecuritycors/basicauth/config/WebSecurityConfig.java b/spring-security-cors/src/main/java/com/baeldung/springbootsecuritycors/basicauth/config/WebSecurityConfig.java new file mode 100644 index 0000000000..faa803cde9 --- /dev/null +++ b/spring-security-cors/src/main/java/com/baeldung/springbootsecuritycors/basicauth/config/WebSecurityConfig.java @@ -0,0 +1,33 @@ +package com.baeldung.springbootsecuritycors.basicauth.config; + +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; + +@Configuration +@EnableWebSecurity +public class WebSecurityConfig extends WebSecurityConfigurerAdapter { + + @Override + protected void configure(AuthenticationManagerBuilder auth) throws Exception { + auth + .inMemoryAuthentication() + .withUser("user") + .password("{noop}password") + .roles("USER"); + } + +@Override +protected void configure(HttpSecurity http) throws Exception { + http + .csrf().disable() + .cors().and() //disable this line to reproduce the CORS 401 + .authorizeRequests() + .anyRequest() + .authenticated() + .and() + .httpBasic(); +} +} diff --git a/spring-security-cors/src/main/java/com/baeldung/springbootsecuritycors/controller/ResourceController.java b/spring-security-cors/src/main/java/com/baeldung/springbootsecuritycors/controller/ResourceController.java new file mode 100644 index 0000000000..d86c25e223 --- /dev/null +++ b/spring-security-cors/src/main/java/com/baeldung/springbootsecuritycors/controller/ResourceController.java @@ -0,0 +1,17 @@ +package com.baeldung.springbootsecuritycors.controller; + +import javax.servlet.http.HttpServletRequest; + +import org.springframework.web.bind.annotation.CrossOrigin; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; + +@RestController +@CrossOrigin +public class ResourceController { + + @RequestMapping("/user") + public String user(HttpServletRequest request) { + return request.getUserPrincipal().getName(); + } +} diff --git a/spring-security-cors/src/main/resources/application.properties b/spring-security-cors/src/main/resources/application.properties new file mode 100644 index 0000000000..4835515744 --- /dev/null +++ b/spring-security-cors/src/main/resources/application.properties @@ -0,0 +1,3 @@ +server.port=8080 + + diff --git a/spring-security-cors/src/main/resources/logback.xml b/spring-security-cors/src/main/resources/logback.xml new file mode 100644 index 0000000000..7d900d8ea8 --- /dev/null +++ b/spring-security-cors/src/main/resources/logback.xml @@ -0,0 +1,13 @@ + + + + + %d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n + + + + + + + + \ No newline at end of file diff --git a/spring-security-cors/src/test/java/com/baeldung/springbootsecurityrest/BasicAuthConfigurationIntegrationTest.java b/spring-security-cors/src/test/java/com/baeldung/springbootsecurityrest/BasicAuthConfigurationIntegrationTest.java new file mode 100644 index 0000000000..483e578ed4 --- /dev/null +++ b/spring-security-cors/src/test/java/com/baeldung/springbootsecurityrest/BasicAuthConfigurationIntegrationTest.java @@ -0,0 +1,33 @@ +package com.baeldung.springbootsecurityrest; + +import static org.junit.Assert.assertEquals; +import static org.springframework.boot.test.context.SpringBootTest.WebEnvironment.RANDOM_PORT; + +import java.io.IOException; +import java.net.URISyntaxException; +import java.net.URL; + +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.boot.test.web.client.TestRestTemplate; +import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; +import org.springframework.test.context.junit4.SpringRunner; +import org.springframework.web.client.RestClientException; + +import com.baeldung.springbootsecuritycors.basicauth.SpringBootSecurityApplication; + +@RunWith(SpringRunner.class) +@SpringBootTest(webEnvironment = RANDOM_PORT, classes = SpringBootSecurityApplication.class) +public class BasicAuthConfigurationIntegrationTest { + + @Test + public void givenCredentials_whenRequested_thenLogin() throws IllegalStateException, IOException, RestClientException, URISyntaxException { + TestRestTemplate restTemplate = new TestRestTemplate(); + URL base = new URL("http://192.168.1.101:8082/user"); + ResponseEntity response = restTemplate.withBasicAuth("user", "password").postForEntity(base.toURI(), null, String.class); + assertEquals(HttpStatus.OK, response.getStatusCode()); + } + +} From 92cc03c9a516e535d4c4b9bc590ec3bda2963771 Mon Sep 17 00:00:00 2001 From: TINO Date: Tue, 5 Feb 2019 00:14:06 +0300 Subject: [PATCH 2/5] BAEL-2226 --- spring-security-cors/pom.xml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/spring-security-cors/pom.xml b/spring-security-cors/pom.xml index 1f12c908c6..0dd41e66c7 100644 --- a/spring-security-cors/pom.xml +++ b/spring-security-cors/pom.xml @@ -28,10 +28,6 @@ - - - - org.springframework.boot spring-boot-starter-security From 1c5e742d3185f628cc047c32b3cf04331ccde8cc Mon Sep 17 00:00:00 2001 From: TINO Date: Tue, 5 Feb 2019 00:15:28 +0300 Subject: [PATCH 3/5] BAEL-2226 --- spring-security-cors/src/main/resources/logback.xml | 13 ------------- 1 file changed, 13 deletions(-) delete mode 100644 spring-security-cors/src/main/resources/logback.xml diff --git a/spring-security-cors/src/main/resources/logback.xml b/spring-security-cors/src/main/resources/logback.xml deleted file mode 100644 index 7d900d8ea8..0000000000 --- a/spring-security-cors/src/main/resources/logback.xml +++ /dev/null @@ -1,13 +0,0 @@ - - - - - %d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n - - - - - - - - \ No newline at end of file From 77775c67941179adecfd296f7236947a27b3cd15 Mon Sep 17 00:00:00 2001 From: TINO Date: Tue, 12 Feb 2019 23:50:53 +0300 Subject: [PATCH 4/5] BAEL - 2226 Review comments incorporated --- .../basicauth/config/WebSecurityConfig.java | 28 ++++------------ .../controller/ResourceController.java | 12 +++---- .../src/main/resources/application.properties | 3 -- ...BasicAuthConfigurationIntegrationTest.java | 33 ------------------- 4 files changed, 13 insertions(+), 63 deletions(-) delete mode 100644 spring-security-cors/src/main/resources/application.properties delete mode 100644 spring-security-cors/src/test/java/com/baeldung/springbootsecurityrest/BasicAuthConfigurationIntegrationTest.java diff --git a/spring-security-cors/src/main/java/com/baeldung/springbootsecuritycors/basicauth/config/WebSecurityConfig.java b/spring-security-cors/src/main/java/com/baeldung/springbootsecuritycors/basicauth/config/WebSecurityConfig.java index faa803cde9..684354bf26 100644 --- a/spring-security-cors/src/main/java/com/baeldung/springbootsecuritycors/basicauth/config/WebSecurityConfig.java +++ b/spring-security-cors/src/main/java/com/baeldung/springbootsecuritycors/basicauth/config/WebSecurityConfig.java @@ -1,33 +1,19 @@ package com.baeldung.springbootsecuritycors.basicauth.config; -import org.springframework.context.annotation.Configuration; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -@Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override - protected void configure(AuthenticationManagerBuilder auth) throws Exception { - auth - .inMemoryAuthentication() - .withUser("user") - .password("{noop}password") - .roles("USER"); + protected void configure(HttpSecurity http) throws Exception { + http + .authorizeRequests() + .anyRequest().authenticated() + .and() + .httpBasic(); + http.cors(); //disable this line to reproduce the CORS 401 } - -@Override -protected void configure(HttpSecurity http) throws Exception { - http - .csrf().disable() - .cors().and() //disable this line to reproduce the CORS 401 - .authorizeRequests() - .anyRequest() - .authenticated() - .and() - .httpBasic(); -} } diff --git a/spring-security-cors/src/main/java/com/baeldung/springbootsecuritycors/controller/ResourceController.java b/spring-security-cors/src/main/java/com/baeldung/springbootsecuritycors/controller/ResourceController.java index d86c25e223..7292c7f4f4 100644 --- a/spring-security-cors/src/main/java/com/baeldung/springbootsecuritycors/controller/ResourceController.java +++ b/spring-security-cors/src/main/java/com/baeldung/springbootsecuritycors/controller/ResourceController.java @@ -1,17 +1,17 @@ package com.baeldung.springbootsecuritycors.controller; -import javax.servlet.http.HttpServletRequest; +import java.security.Principal; import org.springframework.web.bind.annotation.CrossOrigin; -import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RestController; @RestController -@CrossOrigin +@CrossOrigin("http://localhost:4200") public class ResourceController { - @RequestMapping("/user") - public String user(HttpServletRequest request) { - return request.getUserPrincipal().getName(); + @GetMapping("/user") + public String user(Principal principal) { + return principal.getName(); } } diff --git a/spring-security-cors/src/main/resources/application.properties b/spring-security-cors/src/main/resources/application.properties deleted file mode 100644 index 4835515744..0000000000 --- a/spring-security-cors/src/main/resources/application.properties +++ /dev/null @@ -1,3 +0,0 @@ -server.port=8080 - - diff --git a/spring-security-cors/src/test/java/com/baeldung/springbootsecurityrest/BasicAuthConfigurationIntegrationTest.java b/spring-security-cors/src/test/java/com/baeldung/springbootsecurityrest/BasicAuthConfigurationIntegrationTest.java deleted file mode 100644 index 483e578ed4..0000000000 --- a/spring-security-cors/src/test/java/com/baeldung/springbootsecurityrest/BasicAuthConfigurationIntegrationTest.java +++ /dev/null @@ -1,33 +0,0 @@ -package com.baeldung.springbootsecurityrest; - -import static org.junit.Assert.assertEquals; -import static org.springframework.boot.test.context.SpringBootTest.WebEnvironment.RANDOM_PORT; - -import java.io.IOException; -import java.net.URISyntaxException; -import java.net.URL; - -import org.junit.Test; -import org.junit.runner.RunWith; -import org.springframework.boot.test.context.SpringBootTest; -import org.springframework.boot.test.web.client.TestRestTemplate; -import org.springframework.http.HttpStatus; -import org.springframework.http.ResponseEntity; -import org.springframework.test.context.junit4.SpringRunner; -import org.springframework.web.client.RestClientException; - -import com.baeldung.springbootsecuritycors.basicauth.SpringBootSecurityApplication; - -@RunWith(SpringRunner.class) -@SpringBootTest(webEnvironment = RANDOM_PORT, classes = SpringBootSecurityApplication.class) -public class BasicAuthConfigurationIntegrationTest { - - @Test - public void givenCredentials_whenRequested_thenLogin() throws IllegalStateException, IOException, RestClientException, URISyntaxException { - TestRestTemplate restTemplate = new TestRestTemplate(); - URL base = new URL("http://192.168.1.101:8082/user"); - ResponseEntity response = restTemplate.withBasicAuth("user", "password").postForEntity(base.toURI(), null, String.class); - assertEquals(HttpStatus.OK, response.getStatusCode()); - } - -} From 8dbe5d6ab7a08ef0e8794c07b0ba90bd504adca8 Mon Sep 17 00:00:00 2001 From: TINO Date: Wed, 13 Feb 2019 23:46:10 +0300 Subject: [PATCH 5/5] BAEL - 2226 Test added --- .../ResourceControllerTest.java | 42 +++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 spring-security-cors/src/test/java/com/baeldung/springbootsecuritycors/ResourceControllerTest.java diff --git a/spring-security-cors/src/test/java/com/baeldung/springbootsecuritycors/ResourceControllerTest.java b/spring-security-cors/src/test/java/com/baeldung/springbootsecuritycors/ResourceControllerTest.java new file mode 100644 index 0000000000..b45529ca5f --- /dev/null +++ b/spring-security-cors/src/test/java/com/baeldung/springbootsecuritycors/ResourceControllerTest.java @@ -0,0 +1,42 @@ +package com.baeldung.springbootsecuritycors; + +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.options; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; + +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers; +import org.springframework.test.context.junit4.SpringRunner; +import org.springframework.test.web.servlet.MockMvc; +import org.springframework.test.web.servlet.setup.MockMvcBuilders; +import org.springframework.web.context.WebApplicationContext; + +import com.baeldung.springbootsecuritycors.basicauth.SpringBootSecurityApplication; + +@RunWith(SpringRunner.class) +@SpringBootTest(classes = { SpringBootSecurityApplication.class }) +public class ResourceControllerTest { + + private MockMvc mockMvc; + + @Autowired + private WebApplicationContext wac; + + @Before + public void setUp() { + this.mockMvc = MockMvcBuilders.webAppContextSetup(wac) + .apply(SecurityMockMvcConfigurers.springSecurity()) + .build(); + } + + @Test + public void givenPreFlightRequest_whenPerfomed_shouldReturnOK() throws Exception { + mockMvc.perform(options("/user") + .header("Access-Control-Request-Method", "GET") + .header("Origin", "http://localhost:4200")) + .andExpect(status().isOk()); + } +}