From 2c6635bef2f5ead9c938af231a31b78674a2f924 Mon Sep 17 00:00:00 2001
From: Sandip Singh <sandip.03934@gmail.com>
Date: Sun, 21 Oct 2018 23:58:43 +0530
Subject: [PATCH] BAEL-2262 Added code for demonstration of HTTPS enabled
 Spring Boot Application

---
 spring-security-mvc-boot/pom.xml              |   6 +-
 .../baeldung/ssl/HttpsEnabledApplication.java |  14 ++++
 .../java/org/baeldung/ssl/SecurityConfig.java |  36 ++++++++++
 .../org/baeldung/ssl/WelcomeController.java   |  15 ++++
 .../main/resources/application-ssl.properties |  20 ++++++
 .../src/main/resources/keystore/baeldung.p12  | Bin 0 -> 2603 bytes
 .../main/resources/templates/ssl/welcome.html |   1 +
 .../web/HttpsApplicationIntegrationTest.java  |  67 ++++++++++++++++++
 8 files changed, 158 insertions(+), 1 deletion(-)
 create mode 100644 spring-security-mvc-boot/src/main/java/org/baeldung/ssl/HttpsEnabledApplication.java
 create mode 100644 spring-security-mvc-boot/src/main/java/org/baeldung/ssl/SecurityConfig.java
 create mode 100644 spring-security-mvc-boot/src/main/java/org/baeldung/ssl/WelcomeController.java
 create mode 100644 spring-security-mvc-boot/src/main/resources/application-ssl.properties
 create mode 100644 spring-security-mvc-boot/src/main/resources/keystore/baeldung.p12
 create mode 100644 spring-security-mvc-boot/src/main/resources/templates/ssl/welcome.html
 create mode 100644 spring-security-mvc-boot/src/test/java/org/baeldung/web/HttpsApplicationIntegrationTest.java

diff --git a/spring-security-mvc-boot/pom.xml b/spring-security-mvc-boot/pom.xml
index 4090beab99..d2316ddca5 100644
--- a/spring-security-mvc-boot/pom.xml
+++ b/spring-security-mvc-boot/pom.xml
@@ -229,12 +229,16 @@
         <!--<start-class>org.baeldung.multiplelogin.MultipleLoginApplication</start-class> -->
         <!--If you want to run the example with the multiple http elements, 
             comment the tag above and uncomment the one below -->
-        <!--<start-class>org.baeldung.multipleentrypoints.MultipleEntryPointsApplication</start-class> -->
+        <!--<start-class>org.baeldung.multipleentrypoints.MultipleEntryPointsApplication</start-class>-->
+        <!--If you want to run the example with the Https enabled endpoints,
+            comment the tag above and uncomment the one below -->
+       <!-- <start-class>org.baeldung.ssl.HttpsEnabledApplication</start-class> -->
 
         <taglibs-standard.version>1.1.2</taglibs-standard.version>
         <jstl.version>1.2</jstl.version>
         <cargo-maven2-plugin.version>1.6.1</cargo-maven2-plugin.version>
         <ehcache-core.version>2.6.11</ehcache-core.version>
+        <java.version>1.8</java.version>
     </properties>
 
 </project>
diff --git a/spring-security-mvc-boot/src/main/java/org/baeldung/ssl/HttpsEnabledApplication.java b/spring-security-mvc-boot/src/main/java/org/baeldung/ssl/HttpsEnabledApplication.java
new file mode 100644
index 0000000000..70fe30abdc
--- /dev/null
+++ b/spring-security-mvc-boot/src/main/java/org/baeldung/ssl/HttpsEnabledApplication.java
@@ -0,0 +1,14 @@
+package org.baeldung.ssl;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class HttpsEnabledApplication {
+
+    public static void main(String... args) {
+        SpringApplication application = new SpringApplication(HttpsEnabledApplication.class);
+        application.setAdditionalProfiles("ssl");
+        application.run(args);
+    }
+}
diff --git a/spring-security-mvc-boot/src/main/java/org/baeldung/ssl/SecurityConfig.java b/spring-security-mvc-boot/src/main/java/org/baeldung/ssl/SecurityConfig.java
new file mode 100644
index 0000000000..98a59b11bb
--- /dev/null
+++ b/spring-security-mvc-boot/src/main/java/org/baeldung/ssl/SecurityConfig.java
@@ -0,0 +1,36 @@
+package org.baeldung.ssl;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+@EnableWebSecurity
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Override
+    public void configure(AuthenticationManagerBuilder auth) throws Exception {
+
+        auth.inMemoryAuthentication()
+            .withUser("memuser")
+            .password(passwordEncoder().encode("pass"))
+            .roles("USER");
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.httpBasic()
+            .and()
+            .authorizeRequests()
+            .antMatchers("/**")
+            .authenticated();
+    }
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+}
diff --git a/spring-security-mvc-boot/src/main/java/org/baeldung/ssl/WelcomeController.java b/spring-security-mvc-boot/src/main/java/org/baeldung/ssl/WelcomeController.java
new file mode 100644
index 0000000000..72ad8abb85
--- /dev/null
+++ b/spring-security-mvc-boot/src/main/java/org/baeldung/ssl/WelcomeController.java
@@ -0,0 +1,15 @@
+package org.baeldung.ssl;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+@Controller
+public class WelcomeController {
+
+    @GetMapping("/welcome")
+    public String welcome() {
+        return "ssl/welcome";
+    }
+
+}
diff --git a/spring-security-mvc-boot/src/main/resources/application-ssl.properties b/spring-security-mvc-boot/src/main/resources/application-ssl.properties
new file mode 100644
index 0000000000..090b775d03
--- /dev/null
+++ b/spring-security-mvc-boot/src/main/resources/application-ssl.properties
@@ -0,0 +1,20 @@
+
+http.port=8080
+
+server.port=8443
+
+security.require-ssl=true
+
+# The format used for the keystore
+server.ssl.key-store-type=PKCS12
+# The path to the keystore containing the certificate
+server.ssl.key-store=classpath:keystore/baeldung.p12
+# The password used to generate the certificate
+server.ssl.key-store-password=password
+# The alias mapped to the certificate
+server.ssl.key-alias=baeldung
+
+#trust store location
+trust.store=classpath:keystore/baeldung.p12
+#trust store password
+trust.store.password=password
diff --git a/spring-security-mvc-boot/src/main/resources/keystore/baeldung.p12 b/spring-security-mvc-boot/src/main/resources/keystore/baeldung.p12
new file mode 100644
index 0000000000000000000000000000000000000000..cd8eb284297009e987aa1a1d6b53c48af587776e
GIT binary patch
literal 2603
zcmY+EXEYlM8^;r3M9o+w1hFbbqGHbuyEIm+snTk!hO1FpR7GP|aZ6j;auK8UtQAG7
zV$YhT2qmc9Vcsg&`=0l`_uLQ9dCvL$|IhRBhaz(+vH)38WbiCI7!hqAy~_jS08+@{
zK@b_-cZ|DGWH#S_MQko0G8^s~V~@v<{lx#SxVeBV6f)>1iVWICDY0|?A0I!5f`s^3
zu&dJJ6F~Z?bJm7OhKe^z>^=)CfQ|u?L7h6GkAgI65DwJB{KM&_MXKTI9lIqxhN`1}
z`A*KRClYJWaEY_s^N|voc6A00ThR7qHjQvZX+gn$-BvCy^h*XX<xTNv<}#w&H(PI{
z@*DR=*iQn4s<9Zo29qgc|EW{cR$k3xSU2nRXEUi;_==`Z*4o}mKJg1?$OldwG-}I@
zX{zp53hbfF3B^p_iq^f6qU}o<t-5zW+Xsdp>d@(9FFl&uIA(ye3~t$x%OvdtZ6kea
z?f2mYKd}#kcfPd2Qj@BWsJYAQV?UWEV$3xr?2MMkh<@aOLyI5fS+HWE`b(`(J^ht}
zkR*eWyqT*v5%MaZOvmUzs+mdtjC<oZ*dXgS;ow=oV)AfXBL6cj(PcGmSH{VEu=!%n
zUO%bd?cU1lMBrc=@E?B+;qB6p_@H|F63sY=sCAY0A;~Y?ukzZ~p<(&*%C_6U>G$7e
zk&q|W%V|!jeWjxuJY*Pp@C-pN0z$3MU$4}90$#HPd)>y0K?<6Y7T0Chq0uk<Fobcf
zoV*hA+6t8)-fxHcUeGB89u9_RPuH6@lqIK<Gs!&4dG+RAwY_|-=57MDt23Ic0S-ki
z@9TCH$iY=hZnWsS!1vMTQd9iPK57mtGeVoFn^!_&ERMLLHUTA$8!De9=a^^cWJ&j`
zs(Ueq$dB3>e7wbomuc|C+<LJyVrf%&tKm&WQ}H<7#^Ih(<)BT;=eVQiQ0X1k&KBp5
zvd7|a>P#-z{m`<D?qUw1Z&W-Tihf{;t_|P%gE9Kw6fzj8oXCpy&4o|ypMPtMt{#+^
z1bcQ)C|TN{WMm9!TP)!y`S-`VmBZ~s?k{f_5mwkwCOp=IC}cE*<&_otati9S<=1Fs
zcwjg(W;b^db~dTor+w7y>4c1|1GBI(woGP!Qhl7t_2@B=gTCU}klA|2uD~LA$B|Hf
z9?q|vYv$T8RN`JF0)WU?;jGXd*@?42n)lJLP?O%qsJ(!~)+G!#4|R;Q2h*6mO8XIX
z_P~j+liPKyQLV85WsE0HQ+2F7!T=w$#*rGM@2eK}v3Xvw^kEK*b_!6)K@Oy{^#nzK
zYsydd{?(y@;X^STEU`R(o3B3DQ=gQ{TalEFacTQ$WwZ_3$NLf1A`ue15ske5Gbvrn
zM<Q{StNU(urEjz5L5W*6T5DCeY*x3iPm}vTq~ul;%6h#IS9})WFSWil3G<u>VwpM5
z$^;r{*cZwNsXDeph+W0HFoH3@>rvgs;VhhQP@SeG3Lch{p&iNZS<<GwXe0@r(=eCe
zcY_N;>9O-`k>9`V^$Bvi__Z&f2RwKK4svAZO_QzY-Q+9boQ0)of~0dFq|de&s}-DZ
zouW8d&sajPQE^wEim{+NZ&76^e#4I@Eafg)-eAhQByD>`a|b0n*iCC6(-a?G59!K!
z%WNH4FA|B~`8ZHpAgsSh=iwt@gM6V;X^Lic=Ze*TrTDT{<TyBQ=@vL{Fvd3Lz7Wr2
zb2cieq@jMpuG6GeF{UuNJEQ&DVJh{<cJ-H)Kz??9FEb;}$>_smO{wb$xT3!aB9Ix$
zDHJb#IrUW=`ki_aY+ttWxkRR7JPdppxA8pLHc788pN$m`*!udm1)o>{gp13CMePDg
z>Tgwoh14K0et;X`2EZNQ1Hc0U0lxt}Q8ND&gw=#V5C?BxcWE^ZbsbGD4K!Lq9j$XL
zP=~)u9PGzVH91CSS%84!rTb3;{Fi0f|6^H4*Oa*e3xdCLeiF;!_o?h<e_o~kS~i>v
z0tk<&E}^>5tfsiw#0xZ84jjfMZW)O9@|xuvB=#S<e_og!fU-?dtD_#$Aqc3%)zOA2
zO5bU|KXJg&T)inD-Ccp^ZWW4bagdCG*&t*9k`yO)a`#q2sTXd!A4~5pQcm1{$f+H~
zdKa;sBo0ALVK`pk7_vQrH@w7pLRD@D`@JbAsid8C7WejX`-&us*6cNF!nBsiaCEM~
zN&W8Y7Tnl`OE!~uM`BoWeqyls1aH!yRFrCSor3(0^PsDsKb)bzw_4Pee`J@H=?N)=
zO%INXh&*Ti5(RqAlQ<S0`(alKi*-v-W?vy<ejg+?4$!l%^=^0S1n^m94$pR^l_5A<
zU4#|p^tJ@$()A~d*CB^tUHQ<!_FdkWbL6@wId+y^653xoet=jRRKYK$D)(sSO&@H!
zGOD0)&m||l`I>%RSw(YvpJl=fC<ne^9xk)3(eii=QDOfQ=Vb@$e14-);#BuzH8-RY
z&Vpe<gq`}tJKs4y*>sPWzeWCMix(mA7RsU@{fe{o=X<vD*qh^4!J<p!v$*=2)8N7?
z)!b%*LSrR9oHCrq0VokaD6~rt!CTGVCz^@azFJG~@IQmcKCiYZzrT~|1mmO)C23w5
zwCdrq)P!eVfN94K^7&OnQW84pCNtc`#!~9wwpyhO_hs3Dkl#S;CL_K5*Qv!JrTV$A
zEYp4wc~AIn)ej6F-LE`rA0a`wBUzQn{rXEP2|>y>Pp*}`%+i`nlk|N9x!FxG2)|X4
zEKw@1^=34F&2qQi9j@PN8d^HCdnwkH+SwDtAaoOs>MrPVqq+6GsLWG{iP!raR{296
zn)bo1Ypxj{s&Zq3PJ)r!`Io^PGnnr+kk7{UX+IJgRt#f%T8fU$?%w|Vop*RwEGqa{
z(WG3c0FW|}N4&}s$|j#R<j=LxdAR|Sc!p#odj2U>GGV2oSE>W{OZ@E-b47trP;YC$
z=vPW$1m1o3sc292)J35Y(%$!P4;0VKD5xumEa}b>FU<cjKmGMH)UfhiWBHKl+#yu*
z#2Ijm)y0X6^K4JUBW}HT?qn+7DLG#5T?JQz!5JoZ<j3O`Vmr!;K1G^drFvW1ro@O`
zcp!PD4x)SMrNN3%LroX;$RxNg)zP`?K_tvJfWK!iBsbC~Y=%QLyMgWII(9ZKtA%`W
ze{I#r2+;K`n=D}O^yj4BIqCL(LJvt!R^gP$9E+Okv<I`$3IEYh!!^j5b0s`7T?{GE
zU+`K6sHyZmd(rYS!}*qKQ{IaP<){uPoZudcG}>(NpzSChk7S=$(X9<JpR7vrJ5}`b
zvB;>73=-bj9{y};Q81=IyKM8_P=YATS4wx<d7&iL8Epk$^+6e;WKdvsw$r?<EaGec
zkkFQc(CjGQM1Fm!k+kS!CU>XidLc;YHIX!VEoy)KSNh5GdGhbD-AIfz3o9_1@)sB)
B#c}`u

literal 0
HcmV?d00001

diff --git a/spring-security-mvc-boot/src/main/resources/templates/ssl/welcome.html b/spring-security-mvc-boot/src/main/resources/templates/ssl/welcome.html
new file mode 100644
index 0000000000..93b3577f5c
--- /dev/null
+++ b/spring-security-mvc-boot/src/main/resources/templates/ssl/welcome.html
@@ -0,0 +1 @@
+<h1>Welcome to Secured Site</h1>
\ No newline at end of file
diff --git a/spring-security-mvc-boot/src/test/java/org/baeldung/web/HttpsApplicationIntegrationTest.java b/spring-security-mvc-boot/src/test/java/org/baeldung/web/HttpsApplicationIntegrationTest.java
new file mode 100644
index 0000000000..63b421604a
--- /dev/null
+++ b/spring-security-mvc-boot/src/test/java/org/baeldung/web/HttpsApplicationIntegrationTest.java
@@ -0,0 +1,67 @@
+package org.baeldung.web;
+
+import org.apache.http.client.HttpClient;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.http.ssl.SSLContextBuilder;
+import org.baeldung.ssl.HttpsEnabledApplication;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.core.io.Resource;
+import org.springframework.http.*;
+import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
+import org.springframework.test.context.ActiveProfiles;
+import org.springframework.test.context.junit4.SpringRunner;
+import org.springframework.web.client.RestTemplate;
+
+import javax.net.ssl.SSLContext;
+import java.util.Base64;
+
+import static org.junit.Assert.assertEquals;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest(classes = HttpsEnabledApplication.class, webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT)
+@ActiveProfiles("ssl")
+public class HttpsApplicationIntegrationTest {
+
+    private static final String WELCOME_URL = "https://localhost:8443/welcome";
+
+    @Value("${trust.store}")
+    private Resource trustStore;
+
+    @Value("${trust.store.password}")
+    private String trustStorePassword;
+
+    @Test
+    public void whenGETanHTTPSResource_thenCorrectResponse() throws Exception {
+        ResponseEntity<String> response = restTemplate().exchange(WELCOME_URL, HttpMethod.GET, new HttpEntity<String>(withAuthorization("memuser", "pass")), String.class);
+
+        assertEquals("<h1>Welcome to Secured Site</h1>", response.getBody());
+        assertEquals(HttpStatus.OK, response.getStatusCode());
+    }
+
+    RestTemplate restTemplate() throws Exception {
+        SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(trustStore.getURL(), trustStorePassword.toCharArray())
+            .build();
+        SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(sslContext);
+        HttpClient httpClient = HttpClients.custom()
+            .setSSLSocketFactory(socketFactory)
+            .build();
+        HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory(httpClient);
+        return new RestTemplate(factory);
+    }
+
+    HttpHeaders withAuthorization(String userName, String password) {
+        return new HttpHeaders() {
+            {
+                String auth = userName + ":" + password;
+                String authHeader = "Basic " + new String(Base64.getEncoder()
+                    .encode(auth.getBytes()));
+                set("Authorization", authHeader);
+            }
+        };
+    }
+
+}