iSharkFly-Docs/java-tutorials
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/JonCook/tutorials

Browse Source
This commit is contained in:
Jonathan Cook
2019-10-23 15:01:44 +02:00
parent db85c8f275
commit 684ec0d2e3
20486 changed files with 1642483 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
spring-security-x509/README.md
+6
View File
@@ -0,0 +1,6 @@
## Spring Security X.509
This module contains articles about X.509 authentication with Spring Security
### Relevant Articles:
- [X.509 Authentication in Spring Security](https://www.baeldung.com/x-509-authentication-in-spring-security)
spring-security-x509/keystore/Makefile
+92
View File
@@ -0,0 +1,92 @@
PASSWORD=changeit
KEYSTORE=keystore.jks
HOSTNAME=localhost
CLIENTNAME=cid
CLIENT_PRIVATE_KEY="${CLIENTNAME}_pk"
# CN = Common Name
# OU = Organization Unit
# O = Organization Name
# L = Locality Name
# ST = State Name
# C = Country (2-letter Country Code)
# E = Email
DNAME_CA='CN=Baeldung CA,OU=baeldung.com,O=Baeldung,L=SomeCity,ST=SomeState,C=CC'
# For server certificates, the Common Name (CN) must be the hostname
DNAME_HOST='CN=$(HOSTNAME),OU=baeldung.com,O=Baeldung,L=SomeCity,ST=SomeState,C=CC'
DNAME_CLIENT='CN=$(CLIENTNAME),OU=baeldung.com,O=Baeldung,L=SomeCity,ST=SomeState,C=CC'
TRUSTSTORE=truststore.jks
all: clean create-keystore add-host create-truststore add-client
create-keystore:
# Generate a certificate authority (CA)
keytool -genkey -alias ca -ext san=dns:localhost,ip:127.0.0.1 -ext BC=ca:true \
-keyalg RSA -keysize 4096 -sigalg SHA512withRSA -keypass $(PASSWORD) \
-validity 3650 -dname $(DNAME_CA) \
-keystore $(KEYSTORE) -storepass $(PASSWORD)
add-host:
# Generate a host certificate
keytool -genkey -alias $(HOSTNAME) -ext san=dns:localhost,ip:127.0.0.1 \
-keyalg RSA -keysize 4096 -sigalg SHA512withRSA -keypass $(PASSWORD) \
-validity 3650 -dname $(DNAME_HOST) \
-keystore $(KEYSTORE) -storepass $(PASSWORD)
# Generate a host certificate signing request
keytool -certreq -alias $(HOSTNAME) -ext san=dns:localhost,ip:127.0.0.1 -ext BC=ca:true \
-keyalg RSA -keysize 4096 -sigalg SHA512withRSA \
-validity 3650 -file "$(HOSTNAME).csr" \
-keystore $(KEYSTORE) -storepass $(PASSWORD)
# Generate signed certificate with the certificate authority
keytool -gencert -alias ca -ext san=dns:localhost,ip:127.0.0.1 \
-validity 3650 -sigalg SHA512withRSA \
-infile "$(HOSTNAME).csr" -outfile "$(HOSTNAME).crt" -rfc \
-keystore $(KEYSTORE) -storepass $(PASSWORD)
# Import signed certificate into the keystore
keytool -import -trustcacerts -alias $(HOSTNAME) -ext san=dns:localhost,ip:127.0.0.1 \
-file "$(HOSTNAME).crt" \
-keystore $(KEYSTORE) -storepass $(PASSWORD)
export-authority:
# Export certificate authority
keytool -export -alias ca -ext san=dns:localhost,ip:127.0.0.1 -file ca.crt -rfc \
-keystore $(KEYSTORE) -storepass $(PASSWORD)
create-truststore: export-authority
# Import certificate authority into a new truststore
keytool -import -trustcacerts -noprompt -alias ca -ext san=dns:localhost,ip:127.0.0.1 -file ca.crt \
-keystore $(TRUSTSTORE) -storepass $(PASSWORD)
add-client:
# Generate client certificate
keytool -genkey -alias $(CLIENT_PRIVATE_KEY) -ext san=dns:localhost,ip:127.0.0.1 \
-keyalg RSA -keysize 4096 -sigalg SHA512withRSA -keypass $(PASSWORD) \
-validity 3650 -dname $(DNAME_CLIENT) \
-keystore $(TRUSTSTORE) -storepass $(PASSWORD)
# Generate a host certificate signing request
keytool -certreq -alias $(CLIENT_PRIVATE_KEY) -ext san=dns:localhost,ip:127.0.0.1 -ext BC=ca:true \
-keyalg RSA -keysize 4096 -sigalg SHA512withRSA \
-validity 3650 -file "$(CLIENTNAME).csr" \
-keystore $(TRUSTSTORE) -storepass $(PASSWORD)
# Generate signed certificate with the certificate authority
keytool -gencert -alias ca -ext san=dns:localhost,ip:127.0.0.1 \
-validity 3650 -sigalg SHA512withRSA \
-infile "$(CLIENTNAME).csr" -outfile "$(CLIENTNAME).crt" -rfc \
-keystore $(KEYSTORE) -storepass $(PASSWORD)
# Import signed certificate into the truststore
keytool -import -trustcacerts -alias $(CLIENTNAME) -ext san=dns:localhost,ip:127.0.0.1 \
-file "$(CLIENTNAME).crt" \
-keystore $(TRUSTSTORE) -storepass $(PASSWORD)
# Export private certificate for importing into a browser
keytool -importkeystore -srcalias $(CLIENT_PRIVATE_KEY) -ext san=dns:localhost,ip:127.0.0.1 \
-srckeystore $(TRUSTSTORE) -srcstorepass $(PASSWORD) \
-destkeystore "$(CLIENTNAME).p12" -deststorepass $(PASSWORD) \
-deststoretype PKCS12
# Delete client private key as truststore should not contain any private keys
keytool -delete -alias $(CLIENT_PRIVATE_KEY) \
-keystore $(TRUSTSTORE) -storepass $(PASSWORD)
clean:
# Remove generated artifacts
find . \( -name "$(CLIENTNAME)*" -o -name "$(HOSTNAME)*" -o -name "$(KEYSTORE)" -o -name "$(TRUSTSTORE)" -o -name ca.crt \) -type f -exec rm -f {} \;
spring-security-x509/keystore/keystore.jks
BIN
View File
Binary file not shown.
spring-security-x509/pom.xml
+38
View File
@@ -0,0 +1,38 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.baeldung</groupId>
<artifactId>spring-security-x509</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>spring-security-x509</name>
<packaging>pom</packaging>
<parent>
<artifactId>parent-boot-1</artifactId>
<groupId>com.baeldung</groupId>
<version>0.0.1-SNAPSHOT</version>
<relativePath>../parent-boot-1</relativePath>
</parent>
<modules>
<module>spring-security-x509-basic-auth</module>
<module>spring-security-x509-client-auth</module>
</modules>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
</dependencies>
</project>
spring-security-x509/spring-security-x509-basic-auth/pom.xml
+38
View File
@@ -0,0 +1,38 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<artifactId>spring-security-x509-basic-auth</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>spring-security-x509-basic-auth</name>
<packaging>jar</packaging>
<description>Spring x.509 Authentication Demo</description>
<parent>
<groupId>com.baeldung</groupId>
<artifactId>spring-security-x509</artifactId>
<version>0.0.1-SNAPSHOT</version>
</parent>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
<excludes>
<exclude>**/*IntegrationTest.java</exclude>
<exclude>**/*IntTest.java</exclude>
<exclude>**/*LiveTest.java</exclude>
</excludes>
</configuration>
</plugin>
</plugins>
</build>
</project>
spring-security-x509/spring-security-x509-basic-auth/src/main/java/com/baeldung/spring/security/x509/UserController.java
+21
View File
@@ -0,0 +1,21 @@
package com.baeldung.spring.security.x509;
import java.security.Principal;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
@Controller
public class UserController {
@PreAuthorize("hasAuthority('ROLE_USER')")
@RequestMapping(value = "/user")
public String user(Model model, Principal principal) {
UserDetails currentUser = (UserDetails) ((Authentication) principal).getPrincipal();
model.addAttribute("username", currentUser.getUsername());
return "user";
}
}
spring-security-x509/spring-security-x509-basic-auth/src/main/java/com/baeldung/spring/security/x509/X509AuthenticationServer.java
+16
View File
@@ -0,0 +1,16 @@
package com.baeldung.spring.security.x509;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@SpringBootApplication
@EnableWebSecurity
public class X509AuthenticationServer extends WebSecurityConfigurerAdapter {
public static void main(String[] args) {
SpringApplication.run(X509AuthenticationServer.class, args);
}
}
spring-security-x509/spring-security-x509-basic-auth/src/main/resources/application.properties
+8
View File
@@ -0,0 +1,8 @@
server.ssl.key-store=../keystore/keystore.jks
server.ssl.key-store-password=changeit
server.ssl.key-alias=localhost
server.ssl.key-password=changeit
server.ssl.enabled=true
server.port=8443
security.user.name=Admin
security.user.password=admin
spring-security-x509/spring-security-x509-basic-auth/src/main/resources/logback.xml
+13
View File
@@ -0,0 +1,13 @@
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n
</pattern>
</encoder>
</appender>
<root level="INFO">
<appender-ref ref="STDOUT" />
</root>
</configuration>
spring-security-x509/spring-security-x509-basic-auth/src/main/resources/templates/user.html
+11
View File
@@ -0,0 +1,11 @@
<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<head>
<title>X.509 Authentication Demo</title>
</head>
<body>
<h2>
Hello <span th:text="${username}" />!
</h2>
</body>
</html>
spring-security-x509/spring-security-x509-basic-auth/src/test/java/com/baeldung/spring/security/x509/X509AuthenticationServerIntegrationTest.java
+14
View File
@@ -0,0 +1,14 @@
package com.baeldung.spring.security.x509;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.test.context.junit4.SpringRunner;
@RunWith(SpringRunner.class)
@SpringBootTest
public class X509AuthenticationServerIntegrationTest {
@Test
public void contextLoads() {
}
}
spring-security-x509/spring-security-x509-basic-auth/src/test/java/org/baeldung/SpringContextIntegrationTest.java
+17
View File
@@ -0,0 +1,17 @@
package org.baeldung;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.test.context.junit4.SpringRunner;
import com.baeldung.spring.security.x509.X509AuthenticationServer;
@RunWith(SpringRunner.class)
@SpringBootTest(classes = X509AuthenticationServer.class)
public class SpringContextIntegrationTest {
@Test
public void whenSpringContextIsBootstrapped_thenNoExceptions() {
}
}
spring-security-x509/spring-security-x509-basic-auth/src/test/java/org/baeldung/SpringContextTest.java
+17
View File
@@ -0,0 +1,17 @@
package org.baeldung;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.test.context.junit4.SpringRunner;
import com.baeldung.spring.security.x509.X509AuthenticationServer;
@RunWith(SpringRunner.class)
@SpringBootTest(classes = X509AuthenticationServer.class)
public class SpringContextTest {
@Test
public void whenSpringContextIsBootstrapped_thenNoExceptions() {
}
}
spring-security-x509/spring-security-x509-client-auth/pom.xml
+73
View File
@@ -0,0 +1,73 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<artifactId>spring-security-x509-client-auth</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>spring-security-x509-client-auth</name>
<packaging>jar</packaging>
<description>Spring x.509 Client Authentication Demo</description>
<parent>
<groupId>com.baeldung</groupId>
<artifactId>spring-security-x509</artifactId>
<version>0.0.1-SNAPSHOT</version>
</parent>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
<excludes>
<exclude>**/*IntegrationTest.java</exclude>
<exclude>**/*IntTest.java</exclude>
<exclude>**/*LiveTest.java</exclude>
</excludes>
</configuration>
</plugin>
</plugins>
</build>
<profiles>
<profile>
<id>integration</id>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<executions>
<execution>
<phase>integration-test</phase>
<goals>
<goal>test</goal>
</goals>
<configuration>
<excludes>
<exclude>**/*LiveTest.java</exclude>
</excludes>
<includes>
<include>**/*IntegrationTest.java</include>
<include>**/*IntTest.java</include>
</includes>
</configuration>
</execution>
</executions>
<configuration>
<systemPropertyVariables>
<test.mime>json</test.mime>
</systemPropertyVariables>
</configuration>
</plugin>
</plugins>
</build>
</profile>
</profiles>
</project>
spring-security-x509/spring-security-x509-client-auth/src/main/java/com/baeldung/spring/security/x509/UserController.java
+21
View File
@@ -0,0 +1,21 @@
package com.baeldung.spring.security.x509;
import java.security.Principal;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
@Controller
public class UserController {
@PreAuthorize("hasAuthority('ROLE_USER')")
@RequestMapping(value = "/user")
public String user(Model model, Principal principal) {
UserDetails currentUser = (UserDetails) ((Authentication) principal).getPrincipal();
model.addAttribute("username", currentUser.getUsername());
return "user";
}
}
spring-security-x509/spring-security-x509-client-auth/src/main/java/com/baeldung/spring/security/x509/X509AuthenticationServer.java
+41
View File
@@ -0,0 +1,41 @@
package com.baeldung.spring.security.x509;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
@SpringBootApplication
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class X509AuthenticationServer extends WebSecurityConfigurerAdapter {
public static void main(String[] args) {
SpringApplication.run(X509AuthenticationServer.class, args);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().authenticated().and().x509().subjectPrincipalRegex("CN=(.*?)(?:,|$)").userDetailsService(userDetailsService());
}
@Bean
public UserDetailsService userDetailsService() {
return new UserDetailsService() {
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
if (username.equals("cid")) {
return new User(username, "", AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_USER"));
}
throw new UsernameNotFoundException("User not found!");
}
};
}
}
spring-security-x509/spring-security-x509-client-auth/src/main/resources/application.properties
+11
View File
@@ -0,0 +1,11 @@
server.ssl.key-store=../keystore/keystore.jks
server.ssl.key-store-password=changeit
server.ssl.key-alias=localhost
server.ssl.key-password=changeit
server.ssl.enabled=true
server.port=8443
security.user.name=Admin
security.user.password=admin
server.ssl.trust-store=../keystore/truststore.jks
server.ssl.trust-store-password=changeit
server.ssl.client-auth=need
spring-security-x509/spring-security-x509-client-auth/src/main/resources/keystore.jks
BIN
View File
Binary file not shown.
spring-security-x509/spring-security-x509-client-auth/src/main/resources/logback.xml
+13
View File
@@ -0,0 +1,13 @@
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n
</pattern>
</encoder>
</appender>
<root level="INFO">
<appender-ref ref="STDOUT" />
</root>
</configuration>
spring-security-x509/spring-security-x509-client-auth/src/main/resources/templates/user.html
+9
View File
@@ -0,0 +1,9 @@
<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<head>
<title>X.509 Authentication Demo</title>
</head>
<body>
<h2>Hello <span th:text="${username}"/>!</h2>
</body>
</html>
spring-security-x509/spring-security-x509-client-auth/src/test/java/com/baeldung/spring/security/x509/X509AuthenticationServerIntegrationTest.java
+14
View File
@@ -0,0 +1,14 @@
package com.baeldung.spring.security.x509;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.test.context.junit4.SpringRunner;
@RunWith(SpringRunner.class)
@SpringBootTest
public class X509AuthenticationServerIntegrationTest {
@Test
public void contextLoads() {
}
}
spring-security-x509/spring-security-x509-client-auth/src/test/java/org/baeldung/SpringContextIntegrationTest.java
+17
View File
@@ -0,0 +1,17 @@
package org.baeldung;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.test.context.junit4.SpringRunner;
import com.baeldung.spring.security.x509.X509AuthenticationServer;
@RunWith(SpringRunner.class)
@SpringBootTest(classes = X509AuthenticationServer.class)
public class SpringContextIntegrationTest {
@Test
public void whenSpringContextIsBootstrapped_thenNoExceptions() {
}
}
spring-security-x509/spring-security-x509-client-auth/src/test/java/org/baeldung/SpringContextTest.java
+17
View File
@@ -0,0 +1,17 @@
package org.baeldung;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.test.context.junit4.SpringRunner;
import com.baeldung.spring.security.x509.X509AuthenticationServer;
@RunWith(SpringRunner.class)
@SpringBootTest(classes = X509AuthenticationServer.class)
public class SpringContextTest {
@Test
public void whenSpringContextIsBootstrapped_thenNoExceptions() {
}
}