[BAEL-1410] Spring Boot Security auto-configuration (#3329)

* [BAEL-1410] Spring Boot Security Auto-Configuration * [BAEL-1410] Added some tests for incorrect credentials use case * [BAEL-1410] Added readme and some code improvements
2017-12-31 17:04:37 +02:00
parent 62e53959ef
commit 8de8770eec
10 changed files with 349 additions and 1 deletions
@@ -0,0 +1,56 @@
+package com.baeldung.springbootsecurity;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.boot.context.embedded.LocalServerPort;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.web.client.TestRestTemplate;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.test.context.ActiveProfiles;
+import org.springframework.test.context.junit4.SpringRunner;
+
+import java.io.IOException;
+import java.net.MalformedURLException;
+import java.net.URL;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+import static org.springframework.boot.test.context.SpringBootTest.WebEnvironment.RANDOM_PORT;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest(webEnvironment = RANDOM_PORT)
+@ActiveProfiles("basic")
+public class BasicConfigurationIntegrationTest {
+
+    TestRestTemplate restTemplate;
+    URL base;
+
+    @LocalServerPort int port;
+
+    @Before
+    public void setUp() throws MalformedURLException {
+        restTemplate = new TestRestTemplate("user", "password");
+        base = new URL("http://localhost:" + port);
+    }
+
+    @Test
+    public void whenLoggedUserRequestsHomePage_ThenSuccess() throws IllegalStateException, IOException {
+        ResponseEntity<String> response = restTemplate.getForEntity(base.toString(), String.class);
+        assertEquals(HttpStatus.OK, response.getStatusCode());
+        assertTrue(response
+          .getBody()
+          .contains("Baeldung"));
+    }
+
+    @Test
+    public void whenUserWithWrongCredentialsRequestsHomePage_ThenUnauthorizedPage() throws IllegalStateException, IOException {
+        restTemplate = new TestRestTemplate("user", "wrongpassword");
+        ResponseEntity<String> response = restTemplate.getForEntity(base.toString(), String.class);
+        assertEquals(HttpStatus.UNAUTHORIZED, response.getStatusCode());
+        assertTrue(response
+          .getBody()
+          .contains("Unauthorized"));
+    }
+}
@@ -0,0 +1,106 @@
+package com.baeldung.springbootsecurity;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.context.embedded.LocalServerPort;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.web.client.TestRestTemplate;
+import org.springframework.http.*;
+import org.springframework.test.context.ActiveProfiles;
+import org.springframework.test.context.junit4.SpringRunner;
+import org.springframework.util.LinkedMultiValueMap;
+import org.springframework.util.MultiValueMap;
+
+import java.util.Collections;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import static org.junit.Assert.*;
+import static org.springframework.boot.test.context.SpringBootTest.WebEnvironment.RANDOM_PORT;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest(webEnvironment = RANDOM_PORT)
+@ActiveProfiles("form")
+public class FormConfigurationIntegrationTest {
+
+    @Autowired TestRestTemplate restTemplate;
+    @LocalServerPort int port;
+
+    @Test
+    public void whenLoginPageIsRequested_ThenSuccess() {
+        HttpHeaders httpHeaders = new HttpHeaders();
+        httpHeaders.setAccept(Collections.singletonList(MediaType.TEXT_HTML));
+        ResponseEntity<String> responseEntity = restTemplate.exchange("/login", HttpMethod.GET, new HttpEntity<Void>(httpHeaders), String.class);
+        assertEquals(HttpStatus.OK, responseEntity.getStatusCode());
+        assertTrue(responseEntity
+          .getBody()
+          .contains("_csrf"));
+    }
+
+    @Test
+    public void whenTryingToLoginWithCorrectCredentials_ThenAuthenticateWithSuccess() {
+        HttpHeaders httpHeaders = getHeaders();
+        httpHeaders.setAccept(Collections.singletonList(MediaType.TEXT_HTML));
+        httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
+        MultiValueMap<String, String> form = getFormSubmitCorrectCredentials();
+        ResponseEntity<String> responseEntity = this.restTemplate.exchange("/login", HttpMethod.POST, new HttpEntity<>(form, httpHeaders), String.class);
+        assertEquals(responseEntity.getStatusCode(), HttpStatus.FOUND);
+        assertTrue(responseEntity
+          .getHeaders()
+          .getLocation()
+          .toString()
+          .endsWith(this.port + "/"));
+        assertNotNull(responseEntity
+          .getHeaders()
+          .get("Set-Cookie"));
+    }
+
+    @Test
+    public void whenTryingToLoginWithInorrectCredentials_ThenAuthenticationFailed() {
+        HttpHeaders httpHeaders = getHeaders();
+        httpHeaders.setAccept(Collections.singletonList(MediaType.TEXT_HTML));
+        httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
+        MultiValueMap<String, String> form = getFormSubmitIncorrectCredentials();
+        ResponseEntity<String> responseEntity = this.restTemplate.exchange("/login", HttpMethod.POST, new HttpEntity<>(form, httpHeaders), String.class);
+        assertEquals(responseEntity.getStatusCode(), HttpStatus.FOUND);
+        assertTrue(responseEntity
+          .getHeaders()
+          .getLocation()
+          .toString()
+          .endsWith(this.port + "/login?error"));
+        assertNull(responseEntity
+          .getHeaders()
+          .get("Set-Cookie"));
+    }
+
+    private MultiValueMap<String, String> getFormSubmitCorrectCredentials() {
+        MultiValueMap<String, String> form = new LinkedMultiValueMap<>();
+        form.set("username", "user");
+        form.set("password", "password");
+        return form;
+    }
+
+    private MultiValueMap<String, String> getFormSubmitIncorrectCredentials() {
+        MultiValueMap<String, String> form = new LinkedMultiValueMap<>();
+        form.set("username", "user");
+        form.set("password", "wrongpassword");
+        return form;
+    }
+
+    private HttpHeaders getHeaders() {
+        HttpHeaders headers = new HttpHeaders();
+        ResponseEntity<String> page = this.restTemplate.getForEntity("/login", String.class);
+        assertEquals(page.getStatusCode(), HttpStatus.OK);
+        String cookie = page
+          .getHeaders()
+          .getFirst("Set-Cookie");
+        headers.set("Cookie", cookie);
+        Pattern pattern = Pattern.compile("(?s).*name=\"_csrf\".*?value=\"([^\"]+).*");
+        Matcher matcher = pattern.matcher(page.getBody());
+        assertTrue(matcher.matches());
+        headers.set("X-CSRF-TOKEN", matcher.group(1));
+        return headers;
+    }
+
+}