diff --git a/spring-5-security/src/main/java/com/baeldung/inmemory/InMemoryAuthApplication.java b/spring-5-security/src/main/java/com/baeldung/inmemory/InMemoryAuthApplication.java new file mode 100644 index 0000000000..6ccfd04553 --- /dev/null +++ b/spring-5-security/src/main/java/com/baeldung/inmemory/InMemoryAuthApplication.java @@ -0,0 +1,14 @@ +package com.baeldung.inmemory; + +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; + +@SpringBootApplication +public class InMemoryAuthApplication { + + public static void main(String[] args) { + SpringApplication.run(InMemoryAuthApplication.class, args); + } + + +} diff --git a/spring-5-security/src/main/java/com/baeldung/inmemory/InMemoryAuthController.java b/spring-5-security/src/main/java/com/baeldung/inmemory/InMemoryAuthController.java new file mode 100644 index 0000000000..ff7ae9a131 --- /dev/null +++ b/spring-5-security/src/main/java/com/baeldung/inmemory/InMemoryAuthController.java @@ -0,0 +1,21 @@ +package com.baeldung.inmemory; + +import java.util.Arrays; +import java.util.List; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RestController; + +@RestController +public class InMemoryAuthController { + + @GetMapping("/public/hello") + public List publicHello() { + return Arrays.asList("Hello", "World", "from", "Public"); + } + + @GetMapping("/private/hello") + public List privateHello() { + return Arrays.asList("Hello", "World", "from", "Private"); + } + +} diff --git a/spring-5-security/src/main/java/com/baeldung/inmemory/InMemoryAuthWebSecurityConfigurer.java b/spring-5-security/src/main/java/com/baeldung/inmemory/InMemoryAuthWebSecurityConfigurer.java new file mode 100644 index 0000000000..4b32a1126e --- /dev/null +++ b/spring-5-security/src/main/java/com/baeldung/inmemory/InMemoryAuthWebSecurityConfigurer.java @@ -0,0 +1,34 @@ +package com.baeldung.inmemory; + +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.crypto.factory.PasswordEncoderFactories; +import org.springframework.security.crypto.password.PasswordEncoder; + +@Configuration +public class InMemoryAuthWebSecurityConfigurer extends WebSecurityConfigurerAdapter { + + @Override + protected void configure(AuthenticationManagerBuilder auth) throws Exception { + PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder(); + auth.inMemoryAuthentication() + .passwordEncoder(encoder) + .withUser("spring") + .password(encoder.encode("secret")) + .roles("USER"); + } + + @Override + protected void configure(HttpSecurity http) throws Exception { + http.authorizeRequests() + .antMatchers("/private/**") + .authenticated() + .antMatchers("/public/**") + .permitAll() + .and() + .httpBasic(); + } + +} diff --git a/spring-5-security/src/test/java/com/baeldung/inmemory/InMemoryAuthControllerTest.java b/spring-5-security/src/test/java/com/baeldung/inmemory/InMemoryAuthControllerTest.java new file mode 100644 index 0000000000..7a8ea7b248 --- /dev/null +++ b/spring-5-security/src/test/java/com/baeldung/inmemory/InMemoryAuthControllerTest.java @@ -0,0 +1,48 @@ +package com.baeldung.inmemory; + +import static org.junit.Assert.assertEquals; + +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.boot.test.context.SpringBootTest.WebEnvironment; +import org.springframework.boot.test.web.client.TestRestTemplate; +import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; +import org.springframework.test.context.junit4.SpringRunner; + +@RunWith(SpringRunner.class) +@SpringBootTest(classes = InMemoryAuthApplication.class, webEnvironment = WebEnvironment.RANDOM_PORT) +public class InMemoryAuthControllerTest { + + @Autowired + private TestRestTemplate template; + + @Test + public void givenRequestOnPublicService_shouldSucceedWith200() throws Exception { + ResponseEntity result = template.getForEntity("/public/hello", String.class); + assertEquals(HttpStatus.OK, result.getStatusCode()); + } + + @Test + public void givenRequestOnPrivateService_shouldFailWith401() throws Exception { + ResponseEntity result = template.getForEntity("/private/hello", String.class); + assertEquals(HttpStatus.UNAUTHORIZED, result.getStatusCode()); + } + + @Test + public void givenAuthRequestOnPrivateService_shouldSucceedWith200() throws Exception { + ResponseEntity result = template.withBasicAuth("spring", "secret") + .getForEntity("/private/hello", String.class); + assertEquals(HttpStatus.OK, result.getStatusCode()); + } + + @Test + public void givenInvalidAuthRequestOnPrivateService_shouldSucceedWith200() throws Exception { + ResponseEntity result = template.withBasicAuth("spring", "wrong") + .getForEntity("/private/hello", String.class); + assertEquals(HttpStatus.UNAUTHORIZED, result.getStatusCode()); + } + +}