diff --git a/spring-security-mvc-custom/README.md b/spring-security-mvc-custom/README.md
index 14bac6c454..2c0be4768e 100644
--- a/spring-security-mvc-custom/README.md
+++ b/spring-security-mvc-custom/README.md
@@ -8,7 +8,10 @@ The "REST With Spring" Classes: http://github.learnspringsecurity.com
### Relevant Articles:
- [Spring Security Remember Me](http://www.baeldung.com/spring-security-remember-me)
- [Redirect to different pages after Login with Spring Security](http://www.baeldung.com/spring_redirect_after_login)
-
+- [Changing Spring Model Parameters with Handler Interceptor](http://www.baeldung.com/spring-model-parameters-with-handler-interceptor)
+- [Introduction to Spring MVC HandlerInterceptor](http://www.baeldung.com/spring-mvc-handlerinterceptor)
+- [Using a Custom Spring MVC’s Handler Interceptor to Manage Sessions](http://www.baeldung.com/spring-mvc-custom-handler-interceptor)
+- [A Guide to CSRF Protection in Spring Security](http://www.baeldung.com/spring-security-csrf)
### Build the Project
```
diff --git a/spring-security-mvc-custom/pom.xml b/spring-security-mvc-custom/pom.xml
index 4a7e9419cc..805792b795 100644
--- a/spring-security-mvc-custom/pom.xml
+++ b/spring-security-mvc-custom/pom.xml
@@ -113,6 +113,40 @@
+
+
+ com.fasterxml.jackson.core
+ jackson-databind
+ ${jackson-databind.version}
+
+
+
+ org.apache.commons
+ commons-lang3
+ ${commons-lang3.version}
+
+
+
+ com.google.guava
+ guava
+ ${guava.version}
+
+
+
+
+
+ org.springframework
+ spring-test
+ ${org.springframework.version}
+ test
+
+
+
+ org.springframework.security
+ spring-security-test
+ ${org.springframework.security.version}
+ test
+
@@ -174,7 +208,8 @@
19.0
3.5
-
+ 2.9.1
+
4.5.2
4.4.5
diff --git a/spring-security-mvc-custom/src/main/java/org/baeldung/spring/MvcConfig.java b/spring-security-mvc-custom/src/main/java/org/baeldung/spring/MvcConfig.java
index 2229516633..3b97afc22d 100644
--- a/spring-security-mvc-custom/src/main/java/org/baeldung/spring/MvcConfig.java
+++ b/spring-security-mvc-custom/src/main/java/org/baeldung/spring/MvcConfig.java
@@ -1,9 +1,14 @@
package org.baeldung.spring;
+import org.baeldung.web.interceptor.LoggerInterceptor;
+import org.baeldung.web.interceptor.SessionTimerInterceptor;
+import org.baeldung.web.interceptor.UserInterceptor;
import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.ViewResolver;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
import org.springframework.web.servlet.view.InternalResourceViewResolver;
@@ -11,6 +16,7 @@ import org.springframework.web.servlet.view.JstlView;
@EnableWebMvc
@Configuration
+@ComponentScan("org.baeldung.web.controller")
public class MvcConfig extends WebMvcConfigurerAdapter {
public MvcConfig() {
@@ -28,6 +34,7 @@ public class MvcConfig extends WebMvcConfigurerAdapter {
registry.addViewController("/login.html");
registry.addViewController("/homepage.html");
registry.addViewController("/console.html");
+ registry.addViewController("/csrfHome.html");
}
@Bean
@@ -40,4 +47,11 @@ public class MvcConfig extends WebMvcConfigurerAdapter {
return bean;
}
+
+ @Override
+ public void addInterceptors(final InterceptorRegistry registry) {
+ registry.addInterceptor(new LoggerInterceptor());
+ registry.addInterceptor(new UserInterceptor());
+ registry.addInterceptor(new SessionTimerInterceptor());
+ }
}
\ No newline at end of file
diff --git a/spring-security-rest-full/src/main/java/org/baeldung/web/controller/BankController.java b/spring-security-mvc-custom/src/main/java/org/baeldung/web/controller/BankController.java
similarity index 97%
rename from spring-security-rest-full/src/main/java/org/baeldung/web/controller/BankController.java
rename to spring-security-mvc-custom/src/main/java/org/baeldung/web/controller/BankController.java
index e87d5f3dd4..1a4322c611 100644
--- a/spring-security-rest-full/src/main/java/org/baeldung/web/controller/BankController.java
+++ b/spring-security-mvc-custom/src/main/java/org/baeldung/web/controller/BankController.java
@@ -12,7 +12,6 @@ import org.springframework.web.bind.annotation.ResponseStatus;
// to test csrf
@Controller
-@RequestMapping(value = "/auth/")
public class BankController {
private final Logger logger = LoggerFactory.getLogger(getClass());
diff --git a/spring-security-mvc-custom/src/main/java/org/baeldung/web/controller/FooController.java b/spring-security-mvc-custom/src/main/java/org/baeldung/web/controller/FooController.java
new file mode 100644
index 0000000000..5a3c85d220
--- /dev/null
+++ b/spring-security-mvc-custom/src/main/java/org/baeldung/web/controller/FooController.java
@@ -0,0 +1,59 @@
+package org.baeldung.web.controller;
+
+import static org.apache.commons.lang3.RandomStringUtils.randomAlphabetic;
+
+import java.util.Arrays;
+import java.util.List;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.baeldung.web.dto.Foo;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationEventPublisher;
+import org.springframework.http.HttpStatus;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.bind.annotation.ResponseStatus;
+import org.springframework.web.util.UriComponentsBuilder;
+
+@Controller
+@RequestMapping(value = "/auth/foos")
+public class FooController {
+
+ @Autowired
+ private ApplicationEventPublisher eventPublisher;
+
+ public FooController() {
+ super();
+ }
+
+ // API
+
+ // read - single
+
+ @RequestMapping(value = "/{id}", method = RequestMethod.GET)
+ @ResponseBody
+ public Foo findById(@PathVariable("id") final Long id, final UriComponentsBuilder uriBuilder, final HttpServletResponse response) {
+ return new Foo(randomAlphabetic(6));
+ }
+
+ // read - multiple
+
+ @RequestMapping(method = RequestMethod.GET)
+ @ResponseBody
+ public List findAll() {
+ return Arrays.asList(new Foo(randomAlphabetic(6)));
+ }
+
+ // write - just for test
+ @RequestMapping(method = RequestMethod.POST)
+ @ResponseStatus(HttpStatus.CREATED)
+ @ResponseBody
+ public Foo create(@RequestBody final Foo foo) {
+ return foo;
+ }
+}
\ No newline at end of file
diff --git a/spring-security-mvc-custom/src/main/java/org/baeldung/web/dto/Foo.java b/spring-security-mvc-custom/src/main/java/org/baeldung/web/dto/Foo.java
new file mode 100644
index 0000000000..02283e7df9
--- /dev/null
+++ b/spring-security-mvc-custom/src/main/java/org/baeldung/web/dto/Foo.java
@@ -0,0 +1,80 @@
+package org.baeldung.web.dto;
+
+import java.io.Serializable;
+
+public class Foo implements Serializable {
+
+ private long id;
+
+ private String name;
+
+ public Foo() {
+ super();
+ }
+
+ public Foo(final String name) {
+ super();
+
+ this.name = name;
+ }
+
+ // API
+
+ public long getId() {
+ return id;
+ }
+
+ public void setId(final long id) {
+ this.id = id;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public void setName(final String name) {
+ this.name = name;
+ }
+
+ //
+
+ @Override
+ public int hashCode() {
+ final int prime = 31;
+ int result = 1;
+ result = prime * result + ((name == null) ? 0 : name.hashCode());
+ return result;
+ }
+
+ @Override
+ public boolean equals(final Object obj) {
+ if (this == obj) {
+ return true;
+ }
+ if (obj == null) {
+ return false;
+ }
+ if (getClass() != obj.getClass()) {
+ return false;
+ }
+ final Foo other = (Foo) obj;
+ if (name == null) {
+ if (other.name != null) {
+ return false;
+ }
+ } else if (!name.equals(other.name)) {
+ return false;
+ }
+ return true;
+ }
+
+ @Override
+ public String toString() {
+ final StringBuilder builder = new StringBuilder();
+ builder.append("Foo [name=")
+ .append(name)
+ .append("]");
+ return builder.toString();
+ }
+
+}
\ No newline at end of file
diff --git a/spring-security-rest-full/src/main/java/org/baeldung/web/interceptor/LoggerInterceptor.java b/spring-security-mvc-custom/src/main/java/org/baeldung/web/interceptor/LoggerInterceptor.java
similarity index 100%
rename from spring-security-rest-full/src/main/java/org/baeldung/web/interceptor/LoggerInterceptor.java
rename to spring-security-mvc-custom/src/main/java/org/baeldung/web/interceptor/LoggerInterceptor.java
diff --git a/spring-security-rest-full/src/main/java/org/baeldung/web/interceptor/SessionTimerInterceptor.java b/spring-security-mvc-custom/src/main/java/org/baeldung/web/interceptor/SessionTimerInterceptor.java
similarity index 100%
rename from spring-security-rest-full/src/main/java/org/baeldung/web/interceptor/SessionTimerInterceptor.java
rename to spring-security-mvc-custom/src/main/java/org/baeldung/web/interceptor/SessionTimerInterceptor.java
diff --git a/spring-security-rest-full/src/main/java/org/baeldung/web/interceptor/UserInterceptor.java b/spring-security-mvc-custom/src/main/java/org/baeldung/web/interceptor/UserInterceptor.java
similarity index 100%
rename from spring-security-rest-full/src/main/java/org/baeldung/web/interceptor/UserInterceptor.java
rename to spring-security-mvc-custom/src/main/java/org/baeldung/web/interceptor/UserInterceptor.java
diff --git a/spring-security-mvc-custom/src/main/resources/webSecurityConfig.xml b/spring-security-mvc-custom/src/main/resources/webSecurityConfig.xml
index f31f36655c..f2ecaba5c8 100644
--- a/spring-security-mvc-custom/src/main/resources/webSecurityConfig.xml
+++ b/spring-security-mvc-custom/src/main/resources/webSecurityConfig.xml
@@ -33,4 +33,8 @@
+
+
\ No newline at end of file
diff --git a/spring-security-rest-full/src/main/webapp/WEB-INF/view/csrfHome.jsp b/spring-security-mvc-custom/src/main/webapp/WEB-INF/view/csrfHome.jsp
similarity index 100%
rename from spring-security-rest-full/src/main/webapp/WEB-INF/view/csrfHome.jsp
rename to spring-security-mvc-custom/src/main/webapp/WEB-INF/view/csrfHome.jsp
diff --git a/spring-security-rest-full/src/test/java/org/baeldung/security/csrf/CsrfAbstractIntegrationTest.java b/spring-security-mvc-custom/src/test/java/org/baeldung/security/csrf/CsrfAbstractIntegrationTest.java
similarity index 93%
rename from spring-security-rest-full/src/test/java/org/baeldung/security/csrf/CsrfAbstractIntegrationTest.java
rename to spring-security-mvc-custom/src/test/java/org/baeldung/security/csrf/CsrfAbstractIntegrationTest.java
index 6e70f979c8..44424bf7f9 100644
--- a/spring-security-rest-full/src/test/java/org/baeldung/security/csrf/CsrfAbstractIntegrationTest.java
+++ b/spring-security-mvc-custom/src/test/java/org/baeldung/security/csrf/CsrfAbstractIntegrationTest.java
@@ -5,7 +5,7 @@ import static org.springframework.security.test.web.servlet.request.SecurityMock
import javax.servlet.Filter;
-import org.baeldung.persistence.model.Foo;
+import org.baeldung.web.dto.Foo;
import org.junit.Before;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
@@ -14,15 +14,15 @@ import org.springframework.test.context.web.WebAppConfiguration;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.request.RequestPostProcessor;
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
-import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.context.WebApplicationContext;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
+
+
@RunWith(SpringJUnit4ClassRunner.class)
@WebAppConfiguration
-@Transactional
public abstract class CsrfAbstractIntegrationTest {
@Autowired
diff --git a/spring-security-mvc-custom/src/test/java/org/baeldung/security/csrf/CsrfDisabledIntegrationTest.java b/spring-security-mvc-custom/src/test/java/org/baeldung/security/csrf/CsrfDisabledIntegrationTest.java
new file mode 100644
index 0000000000..1d16e08514
--- /dev/null
+++ b/spring-security-mvc-custom/src/test/java/org/baeldung/security/csrf/CsrfDisabledIntegrationTest.java
@@ -0,0 +1,25 @@
+package org.baeldung.security.csrf;
+
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+import org.baeldung.security.spring.SecurityWithoutCsrfConfig;
+import org.baeldung.spring.MvcConfig;
+import org.junit.Test;
+import org.springframework.http.MediaType;
+import org.springframework.test.context.ContextConfiguration;
+
+@ContextConfiguration(classes = { SecurityWithoutCsrfConfig.class, MvcConfig.class })
+public class CsrfDisabledIntegrationTest extends CsrfAbstractIntegrationTest {
+
+ @Test
+ public void givenNotAuth_whenAddFoo_thenUnauthorized() throws Exception {
+ mvc.perform(post("/auth/foos").contentType(MediaType.APPLICATION_JSON).content(createFoo())).andExpect(status().isUnauthorized());
+ }
+
+ @Test
+ public void givenAuth_whenAddFoo_thenCreated() throws Exception {
+ mvc.perform(post("/auth/foos").contentType(MediaType.APPLICATION_JSON).content(createFoo()).with(testUser())).andExpect(status().isCreated());
+ }
+
+}
diff --git a/spring-security-rest-full/src/test/java/org/baeldung/security/csrf/CsrfEnabledIntegrationTest.java b/spring-security-mvc-custom/src/test/java/org/baeldung/security/csrf/CsrfEnabledIntegrationTest.java
similarity index 90%
rename from spring-security-rest-full/src/test/java/org/baeldung/security/csrf/CsrfEnabledIntegrationTest.java
rename to spring-security-mvc-custom/src/test/java/org/baeldung/security/csrf/CsrfEnabledIntegrationTest.java
index 939b745de8..9d882973bd 100644
--- a/spring-security-rest-full/src/test/java/org/baeldung/security/csrf/CsrfEnabledIntegrationTest.java
+++ b/spring-security-mvc-custom/src/test/java/org/baeldung/security/csrf/CsrfEnabledIntegrationTest.java
@@ -5,13 +5,12 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
import org.baeldung.security.spring.SecurityWithCsrfConfig;
-import org.baeldung.spring.PersistenceConfig;
-import org.baeldung.spring.WebConfig;
+import org.baeldung.spring.MvcConfig;
import org.junit.Test;
import org.springframework.http.MediaType;
import org.springframework.test.context.ContextConfiguration;
-@ContextConfiguration(classes = { SecurityWithCsrfConfig.class, PersistenceConfig.class, WebConfig.class })
+@ContextConfiguration(classes = { SecurityWithCsrfConfig.class, MvcConfig.class })
public class CsrfEnabledIntegrationTest extends CsrfAbstractIntegrationTest {
@Test
diff --git a/spring-security-rest-full/src/test/java/org/baeldung/security/spring/SecurityWithCsrfConfig.java b/spring-security-mvc-custom/src/test/java/org/baeldung/security/spring/SecurityWithCsrfConfig.java
similarity index 82%
rename from spring-security-rest-full/src/test/java/org/baeldung/security/spring/SecurityWithCsrfConfig.java
rename to spring-security-mvc-custom/src/test/java/org/baeldung/security/spring/SecurityWithCsrfConfig.java
index 97ae1f1dd2..9600977e37 100644
--- a/spring-security-rest-full/src/test/java/org/baeldung/security/spring/SecurityWithCsrfConfig.java
+++ b/spring-security-mvc-custom/src/test/java/org/baeldung/security/spring/SecurityWithCsrfConfig.java
@@ -1,8 +1,5 @@
package org.baeldung.security.spring;
-import org.baeldung.web.error.CustomAccessDeniedHandler;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
@@ -12,14 +9,10 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
-@EnableAutoConfiguration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityWithCsrfConfig extends WebSecurityConfigurerAdapter {
- @Autowired
- private CustomAccessDeniedHandler accessDeniedHandler;
-
public SecurityWithCsrfConfig() {
super();
}
@@ -46,8 +39,6 @@ public class SecurityWithCsrfConfig extends WebSecurityConfigurerAdapter {
.and()
.httpBasic()
.and()
- .exceptionHandling().accessDeniedHandler(accessDeniedHandler)
- .and()
.headers().cacheControl().disable()
;
// @formatter:on
diff --git a/spring-security-rest-full/src/main/java/org/baeldung/security/spring/SecurityWithoutCsrfConfig.java b/spring-security-mvc-custom/src/test/java/org/baeldung/security/spring/SecurityWithoutCsrfConfig.java
similarity index 72%
rename from spring-security-rest-full/src/main/java/org/baeldung/security/spring/SecurityWithoutCsrfConfig.java
rename to spring-security-mvc-custom/src/test/java/org/baeldung/security/spring/SecurityWithoutCsrfConfig.java
index f1a78d1472..f7dbd5b42c 100644
--- a/spring-security-rest-full/src/main/java/org/baeldung/security/spring/SecurityWithoutCsrfConfig.java
+++ b/spring-security-mvc-custom/src/test/java/org/baeldung/security/spring/SecurityWithoutCsrfConfig.java
@@ -1,8 +1,5 @@
package org.baeldung.security.spring;
-import org.baeldung.web.error.CustomAccessDeniedHandler;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
@@ -12,16 +9,10 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
-@EnableAutoConfiguration
-//
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
-// @ImportResource({ "classpath:webSecurityConfig.xml" })
public class SecurityWithoutCsrfConfig extends WebSecurityConfigurerAdapter {
- @Autowired
- private CustomAccessDeniedHandler accessDeniedHandler;
-
public SecurityWithoutCsrfConfig() {
super();
}
@@ -42,18 +33,15 @@ public class SecurityWithoutCsrfConfig extends WebSecurityConfigurerAdapter {
protected void configure(final HttpSecurity http) throws Exception {
// @formatter:off
http
- .csrf().disable()
.authorizeRequests()
- .antMatchers("/auth/admin/*").hasRole("ADMIN")
- .antMatchers("/auth/*").hasAnyRole("ADMIN","USER")
- .antMatchers("/*").permitAll()
+ .antMatchers("/auth/admin/*").hasAnyRole("ROLE_ADMIN")
+ .anyRequest().authenticated()
.and()
.httpBasic()
.and()
- // .exceptionHandling().accessDeniedPage("/my-error-page")
- .exceptionHandling().accessDeniedHandler(accessDeniedHandler)
- .and()
.headers().cacheControl().disable()
+ .and()
+ .csrf().disable()
;
// @formatter:on
}
diff --git a/spring-security-rest-full/src/test/java/org/baeldung/web/interceptor/LoggerInterceptorIntegrationTest.java b/spring-security-mvc-custom/src/test/java/org/baeldung/web/interceptor/LoggerInterceptorIntegrationTest.java
similarity index 83%
rename from spring-security-rest-full/src/test/java/org/baeldung/web/interceptor/LoggerInterceptorIntegrationTest.java
rename to spring-security-mvc-custom/src/test/java/org/baeldung/web/interceptor/LoggerInterceptorIntegrationTest.java
index 44dc860e62..c33c9a04e8 100644
--- a/spring-security-rest-full/src/test/java/org/baeldung/web/interceptor/LoggerInterceptorIntegrationTest.java
+++ b/spring-security-mvc-custom/src/test/java/org/baeldung/web/interceptor/LoggerInterceptorIntegrationTest.java
@@ -4,8 +4,7 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
import org.baeldung.security.spring.SecurityWithoutCsrfConfig;
-import org.baeldung.spring.PersistenceConfig;
-import org.baeldung.spring.WebConfig;
+import org.baeldung.spring.MvcConfig;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -16,13 +15,11 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.context.web.WebAppConfiguration;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
-import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.context.WebApplicationContext;
@RunWith(SpringJUnit4ClassRunner.class)
@WebAppConfiguration
-@Transactional
-@ContextConfiguration(classes = { SecurityWithoutCsrfConfig.class, PersistenceConfig.class, WebConfig.class })
+@ContextConfiguration(classes = { SecurityWithoutCsrfConfig.class, MvcConfig.class })
public class LoggerInterceptorIntegrationTest {
@Autowired
@@ -46,7 +43,8 @@ public class LoggerInterceptorIntegrationTest {
*/
@Test
public void testInterceptors() throws Exception {
- mockMvc.perform(get("/graph.html")).andExpect(status().isOk());
+ mockMvc.perform(get("/login.html"))
+ .andExpect(status().isOk());
}
}
diff --git a/spring-security-rest-full/src/test/java/org/baeldung/web/interceptor/SessionTimerInterceptorIntegrationTest.java b/spring-security-mvc-custom/src/test/java/org/baeldung/web/interceptor/SessionTimerInterceptorIntegrationTest.java
similarity index 78%
rename from spring-security-rest-full/src/test/java/org/baeldung/web/interceptor/SessionTimerInterceptorIntegrationTest.java
rename to spring-security-mvc-custom/src/test/java/org/baeldung/web/interceptor/SessionTimerInterceptorIntegrationTest.java
index d62fab0670..bdc1be2c44 100644
--- a/spring-security-rest-full/src/test/java/org/baeldung/web/interceptor/SessionTimerInterceptorIntegrationTest.java
+++ b/spring-security-mvc-custom/src/test/java/org/baeldung/web/interceptor/SessionTimerInterceptorIntegrationTest.java
@@ -6,8 +6,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
import javax.servlet.http.HttpSession;
import org.baeldung.security.spring.SecurityWithoutCsrfConfig;
-import org.baeldung.spring.PersistenceConfig;
-import org.baeldung.spring.WebConfig;
+import org.baeldung.spring.MvcConfig;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -20,13 +19,11 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.context.web.WebAppConfiguration;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
-import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.context.WebApplicationContext;
@RunWith(SpringJUnit4ClassRunner.class)
@WebAppConfiguration
-@Transactional
-@ContextConfiguration(classes = { SecurityWithoutCsrfConfig.class, PersistenceConfig.class, WebConfig.class })
+@ContextConfiguration(classes = { SecurityWithoutCsrfConfig.class, MvcConfig.class })
@WithMockUser(username = "admin", roles = { "USER", "ADMIN" })
public class SessionTimerInterceptorIntegrationTest {
@@ -47,9 +44,14 @@ public class SessionTimerInterceptorIntegrationTest {
*/
@Test
public void testInterceptors() throws Exception {
- HttpSession session = mockMvc.perform(get("/auth/admin")).andExpect(status().is2xxSuccessful()).andReturn().getRequest().getSession();
+ HttpSession session = mockMvc.perform(get("/auth/foos"))
+ .andExpect(status().is2xxSuccessful())
+ .andReturn()
+ .getRequest()
+ .getSession();
Thread.sleep(51000);
- mockMvc.perform(get("/auth/admin").session((MockHttpSession) session)).andExpect(status().is2xxSuccessful());
+ mockMvc.perform(get("/auth/foos").session((MockHttpSession) session))
+ .andExpect(status().is2xxSuccessful());
}
}
diff --git a/spring-security-rest-full/src/test/java/org/baeldung/web/interceptor/UserInterceptorIntegrationTest.java b/spring-security-mvc-custom/src/test/java/org/baeldung/web/interceptor/UserInterceptorIntegrationTest.java
similarity index 84%
rename from spring-security-rest-full/src/test/java/org/baeldung/web/interceptor/UserInterceptorIntegrationTest.java
rename to spring-security-mvc-custom/src/test/java/org/baeldung/web/interceptor/UserInterceptorIntegrationTest.java
index f995f86145..a85fd999a6 100644
--- a/spring-security-rest-full/src/test/java/org/baeldung/web/interceptor/UserInterceptorIntegrationTest.java
+++ b/spring-security-mvc-custom/src/test/java/org/baeldung/web/interceptor/UserInterceptorIntegrationTest.java
@@ -1,8 +1,10 @@
package org.baeldung.web.interceptor;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
import org.baeldung.security.spring.SecurityWithoutCsrfConfig;
-import org.baeldung.spring.PersistenceConfig;
-import org.baeldung.spring.WebConfig;
+import org.baeldung.spring.MvcConfig;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -14,16 +16,11 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.context.web.WebAppConfiguration;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
-import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.context.WebApplicationContext;
-import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
-import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
-
@RunWith(SpringJUnit4ClassRunner.class)
@WebAppConfiguration
-@Transactional
-@ContextConfiguration(classes = { SecurityWithoutCsrfConfig.class, PersistenceConfig.class, WebConfig.class })
+@ContextConfiguration(classes = { SecurityWithoutCsrfConfig.class, MvcConfig.class })
@WithMockUser(username = "admin", roles = { "USER", "ADMIN" })
public class UserInterceptorIntegrationTest {
@@ -46,7 +43,8 @@ public class UserInterceptorIntegrationTest {
*/
@Test
public void testInterceptors() throws Exception {
- mockMvc.perform(get("/auth/admin")).andExpect(status().is2xxSuccessful());
+ mockMvc.perform(get("/auth/foos"))
+ .andExpect(status().is2xxSuccessful());
}
}
diff --git a/spring-security-rest-full/.springBeans b/spring-security-rest-full/.springBeans
index f100c6afbe..b01040d91b 100644
--- a/spring-security-rest-full/.springBeans
+++ b/spring-security-rest-full/.springBeans
@@ -1,18 +1,16 @@
1
-
+
- java:org.baeldung.security.spring.SecurityWithoutCsrfConfig
src/main/webapp/WEB-INF/api-servlet.xml
java:org.baeldung.spring.Application
- java:org.baeldung.security.spring.SecurityWithCsrfConfig
diff --git a/spring-security-rest-full/README.md b/spring-security-rest-full/README.md
index d5bd8be52b..2737bd5465 100644
--- a/spring-security-rest-full/README.md
+++ b/spring-security-rest-full/README.md
@@ -8,12 +8,10 @@ The "REST With Spring" Classes: http://bit.ly/restwithspring
The "Learn Spring Security" Classes: http://github.learnspringsecurity.com
### Relevant Articles:
-- [Spring Security Expressions - hasRole Example](http://www.baeldung.com/spring-security-expressions-basic)
- [REST Pagination in Spring](http://www.baeldung.com/2012/01/18/rest-pagination-in-spring/)
- [HATEOAS for a Spring REST Service](http://www.baeldung.com/2011/11/13/rest-service-discoverability-with-spring-part-5/)
- [REST API Discoverability and HATEOAS](http://www.baeldung.com/2011/11/06/restful-web-service-discoverability-part-4/)
- [ETags for REST with Spring](http://www.baeldung.com/2013/01/11/etags-for-rest-with-spring/)
-- [Error Handling for REST with Spring 3](http://www.baeldung.com/2013/01/31/exception-handling-for-rest-with-spring-3-2/)
- [Integration Testing with the Maven Cargo plugin](http://www.baeldung.com/2011/10/16/how-to-set-up-integration-testing-with-the-maven-cargo-plugin/)
- [Introduction to Spring Data JPA](http://www.baeldung.com/2011/12/22/the-persistence-layer-with-spring-data-jpa/)
- [Project Configuration with Spring](http://www.baeldung.com/2012/03/12/project-configuration-with-spring/)
@@ -24,11 +22,6 @@ The "Learn Spring Security" Classes: http://github.learnspringsecurity.com
- [Metrics for your Spring REST API](http://www.baeldung.com/spring-rest-api-metrics)
- [REST Query Language with RSQL](http://www.baeldung.com/rest-api-search-language-rsql-fiql)
- [Spring RestTemplate Tutorial](http://www.baeldung.com/rest-template)
-- [A Guide to CSRF Protection in Spring Security](http://www.baeldung.com/spring-security-csrf)
-- [Intro to Spring Security Expressions](http://www.baeldung.com/spring-security-expressions)
-- [Changing Spring Model Parameters with Handler Interceptor](http://www.baeldung.com/spring-model-parameters-with-handler-interceptor)
-- [Introduction to Spring MVC HandlerInterceptor](http://www.baeldung.com/spring-mvc-handlerinterceptor)
-- [Using a Custom Spring MVC’s Handler Interceptor to Manage Sessions](http://www.baeldung.com/spring-mvc-custom-handler-interceptor)
- [Bootstrap a Web Application with Spring 4](http://www.baeldung.com/bootstraping-a-web-application-with-spring-and-java-based-configuration)
- [REST Query Language – Implementing OR Operation](http://www.baeldung.com/rest-api-query-search-or-operation)
diff --git a/spring-security-rest-full/pom.xml b/spring-security-rest-full/pom.xml
index 2b559ddefc..12a611431e 100644
--- a/spring-security-rest-full/pom.xml
+++ b/spring-security-rest-full/pom.xml
@@ -38,17 +38,6 @@
provided
-
-
-
- org.springframework.security
- spring-security-web
-
-
- org.springframework.security
- spring-security-config
-
-
@@ -220,10 +209,6 @@
test
-
- org.springframework.security
- spring-security-test
-
diff --git a/spring-security-rest-full/src/main/java/org/baeldung/persistence/service/impl/FooService.java b/spring-security-rest-full/src/main/java/org/baeldung/persistence/service/impl/FooService.java
index 49f9ec7e97..376082b2d5 100644
--- a/spring-security-rest-full/src/main/java/org/baeldung/persistence/service/impl/FooService.java
+++ b/spring-security-rest-full/src/main/java/org/baeldung/persistence/service/impl/FooService.java
@@ -10,7 +10,6 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.domain.Page;
import org.springframework.data.domain.Pageable;
import org.springframework.data.repository.PagingAndSortingRepository;
-import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
@@ -36,6 +35,7 @@ public class FooService extends AbstractService implements IFooService {
// custom methods
+ @Override
public Foo retrieveByName(final String name) {
return dao.retrieveByName(name);
}
@@ -44,7 +44,6 @@ public class FooService extends AbstractService implements IFooService {
@Override
@Transactional(readOnly = true)
- @PreAuthorize("hasRole('ROLE_ADMIN')")
public List findAll() {
return Lists.newArrayList(getDao().findAll());
}
diff --git a/spring-security-rest-full/src/main/java/org/baeldung/spring/WebConfig.java b/spring-security-rest-full/src/main/java/org/baeldung/spring/WebConfig.java
index efdb2bc8d4..86cb93175a 100644
--- a/spring-security-rest-full/src/main/java/org/baeldung/spring/WebConfig.java
+++ b/spring-security-rest-full/src/main/java/org/baeldung/spring/WebConfig.java
@@ -1,14 +1,10 @@
package org.baeldung.spring;
-import org.baeldung.web.interceptor.LoggerInterceptor;
-import org.baeldung.web.interceptor.SessionTimerInterceptor;
-import org.baeldung.web.interceptor.UserInterceptor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.ViewResolver;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
-import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
import org.springframework.web.servlet.view.InternalResourceViewResolver;
@@ -35,15 +31,7 @@ public class WebConfig extends WebMvcConfigurerAdapter {
public void addViewControllers(final ViewControllerRegistry registry) {
super.addViewControllers(registry);
registry.addViewController("/graph.html");
- registry.addViewController("/csrfHome.html");
registry.addViewController("/homepage.html");
}
- @Override
- public void addInterceptors(final InterceptorRegistry registry) {
- registry.addInterceptor(new LoggerInterceptor());
- registry.addInterceptor(new UserInterceptor());
- registry.addInterceptor(new SessionTimerInterceptor());
- }
-
}
\ No newline at end of file
diff --git a/spring-security-rest-full/src/main/java/org/baeldung/web/controller/RootController.java b/spring-security-rest-full/src/main/java/org/baeldung/web/controller/RootController.java
index 8b63275b66..e23da6420d 100644
--- a/spring-security-rest-full/src/main/java/org/baeldung/web/controller/RootController.java
+++ b/spring-security-rest-full/src/main/java/org/baeldung/web/controller/RootController.java
@@ -11,7 +11,6 @@ import org.baeldung.web.metric.IMetricService;
import org.baeldung.web.util.LinkUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
-import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
@@ -53,7 +52,6 @@ public class RootController {
return metricService.getFullMetric();
}
- @PreAuthorize("hasRole('ROLE_ADMIN')")
@RequestMapping(value = "/status-metric", method = RequestMethod.GET)
@ResponseBody
public Map getStatusMetric() {
@@ -70,16 +68,5 @@ public class RootController {
return result;
}
- @RequestMapping(value = "/admin/x", method = RequestMethod.GET)
- @ResponseBody
- public String sampleAdminPage() {
- return "Hello";
- }
-
- @RequestMapping(value = "/my-error-page", method = RequestMethod.GET)
- @ResponseBody
- public String sampleErrorPage() {
- return "Error Occurred";
- }
}
diff --git a/spring-security-rest-full/src/main/java/org/baeldung/web/error/RestResponseEntityExceptionHandler.java b/spring-security-rest-full/src/main/java/org/baeldung/web/error/RestResponseEntityExceptionHandler.java
index e9d34aa9cf..b593116c4a 100644
--- a/spring-security-rest-full/src/main/java/org/baeldung/web/error/RestResponseEntityExceptionHandler.java
+++ b/spring-security-rest-full/src/main/java/org/baeldung/web/error/RestResponseEntityExceptionHandler.java
@@ -11,13 +11,11 @@ import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.http.converter.HttpMessageNotReadableException;
-import org.springframework.security.access.AccessDeniedException;
import org.springframework.web.bind.MethodArgumentNotValidException;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.context.request.WebRequest;
import org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler;
-//import org.springframework.security.access.AccessDeniedException;
@ControllerAdvice
public class RestResponseEntityExceptionHandler extends ResponseEntityExceptionHandler {
@@ -55,12 +53,6 @@ public class RestResponseEntityExceptionHandler extends ResponseEntityExceptionH
return handleExceptionInternal(ex, bodyOfResponse, headers, HttpStatus.BAD_REQUEST, request);
}
- // 403
- @ExceptionHandler({ AccessDeniedException.class })
- public ResponseEntity