diff --git a/spring-security-modules/pom.xml b/spring-security-modules/pom.xml index 954b9335e4..e78b7fe80c 100644 --- a/spring-security-modules/pom.xml +++ b/spring-security-modules/pom.xml @@ -40,6 +40,7 @@ spring-security-stormpath spring-security-thymeleaf spring-security-x509 + spring-security-kotlin-dsl diff --git a/spring-security-modules/spring-security-kotlin-dsl/pom.xml b/spring-security-modules/spring-security-kotlin-dsl/pom.xml new file mode 100644 index 0000000000..2c53d19c2c --- /dev/null +++ b/spring-security-modules/spring-security-kotlin-dsl/pom.xml @@ -0,0 +1,86 @@ + + + 4.0.0 + + com.baeldung + parent-boot-2 + 0.0.1-SNAPSHOT + ../../parent-boot-2 + + + com.baeldung.spring.security.dsl + spring-security-kotlin-dsl + 1.0 + spring-security-kotlin-dsl + Spring Security Kotlin DSL + + + 11 + 1.3.72 + + + + + org.springframework.boot + spring-boot-starter-security + + + org.springframework.boot + spring-boot-starter-web + + + com.fasterxml.jackson.module + jackson-module-kotlin + + + org.jetbrains.kotlin + kotlin-reflect + + + org.jetbrains.kotlin + kotlin-stdlib-jdk8 + + + + org.projectlombok + lombok + true + + + org.springframework.boot + spring-boot-starter-test + test + + + + + ${project.basedir}/src/main/kotlin + ${project.basedir}/src/test/kotlin + + + org.springframework.boot + spring-boot-maven-plugin + + + org.jetbrains.kotlin + kotlin-maven-plugin + + + -Xjsr305=strict + + + spring + + + + + org.jetbrains.kotlin + kotlin-maven-allopen + ${kotlin.version} + + + + + + diff --git a/spring-security-modules/spring-security-kotlin-dsl/src/main/kotlin/com/baeldung/security/kotlin/dsl/SpringSecurityKotlinApplication.kt b/spring-security-modules/spring-security-kotlin-dsl/src/main/kotlin/com/baeldung/security/kotlin/dsl/SpringSecurityKotlinApplication.kt new file mode 100644 index 0000000000..27cc41c1e5 --- /dev/null +++ b/spring-security-modules/spring-security-kotlin-dsl/src/main/kotlin/com/baeldung/security/kotlin/dsl/SpringSecurityKotlinApplication.kt @@ -0,0 +1,71 @@ +package com.baeldung.security.kotlin.dsl + +import org.springframework.boot.autoconfigure.SpringBootApplication +import org.springframework.boot.runApplication +import org.springframework.context.annotation.Configuration +import org.springframework.context.support.beans +import org.springframework.core.annotation.Order +import org.springframework.security.config.annotation.web.builders.HttpSecurity +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter +import org.springframework.security.config.web.servlet.invoke +import org.springframework.security.core.userdetails.User +import org.springframework.security.provisioning.InMemoryUserDetailsManager +import org.springframework.web.servlet.function.ServerResponse +import org.springframework.web.servlet.function.router + +@EnableWebSecurity +@SpringBootApplication +class SpringSecurityKotlinApplication + +@Order(1) +@Configuration +class AdminSecurityConfiguration : WebSecurityConfigurerAdapter() { + override fun configure(http: HttpSecurity?) { + http { + authorizeRequests { + authorize("/greetings/**", hasAuthority("ROLE_ADMIN")) + } + httpBasic {} + } + } +} + +@Configuration +class BasicSecurityConfiguration : WebSecurityConfigurerAdapter() { + override fun configure(http: HttpSecurity?) { + http { + authorizeRequests { + authorize("/**", permitAll) + } + httpBasic {} + } + } +} + +fun main(args: Array) { + runApplication(*args) { + addInitializers( beans { + bean { + fun user(user: String, password: String, vararg roles: String) = + User + .withDefaultPasswordEncoder() + .username(user) + .password(password) + .roles(*roles) + .build() + + InMemoryUserDetailsManager(user("user", "password", "USER") + , user("admin", "password", "USER", "ADMIN")) + } + + bean { + router { + GET("/greetings") { + request -> request.principal().map { it.name }.map { ServerResponse.ok().body(mapOf("greeting" to "Hello $it")) }.orElseGet { ServerResponse.badRequest().build() } + } + } + } + }) + } +} diff --git a/spring-security-modules/spring-security-kotlin-dsl/src/main/resources/application.properties b/spring-security-modules/spring-security-kotlin-dsl/src/main/resources/application.properties new file mode 100644 index 0000000000..e69de29bb2 diff --git a/spring-security-modules/spring-security-kotlin-dsl/src/test/kotlin/com/spring/security/kotlin/dsl/SpringSecurityKotlinApplicationTests.kt b/spring-security-modules/spring-security-kotlin-dsl/src/test/kotlin/com/spring/security/kotlin/dsl/SpringSecurityKotlinApplicationTests.kt new file mode 100644 index 0000000000..3da8110feb --- /dev/null +++ b/spring-security-modules/spring-security-kotlin-dsl/src/test/kotlin/com/spring/security/kotlin/dsl/SpringSecurityKotlinApplicationTests.kt @@ -0,0 +1,35 @@ +package com.spring.security.kotlin.dsl + +import org.junit.jupiter.api.Test +import org.junit.runner.RunWith +import org.springframework.beans.factory.annotation.Autowired +import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc +import org.springframework.boot.test.context.SpringBootTest +import org.springframework.security.test.context.support.WithMockUser +import org.springframework.test.context.junit4.SpringRunner +import org.springframework.test.web.servlet.MockMvc +import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.* +import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user +import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic +import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated +import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.unauthenticated +import org.springframework.test.web.servlet.get +import org.springframework.test.web.servlet.request.MockMvcRequestBuilders.* +import org.springframework.test.web.servlet.result.MockMvcResultMatchers.status + +@RunWith(SpringRunner::class) +@SpringBootTest +@AutoConfigureMockMvc +class SpringSecurityKotlinApplicationTests { + + @Autowired + private lateinit var mockMvc: MockMvc + + @Test + fun `ordinary user not permitted to access the endpoint`() { + this.mockMvc + .perform(get("/greetings") + .with(httpBasic("user", "password"))) + .andExpect(unauthenticated()) + } +}