BAEL-20886: Move spring-boot-security into spring-boot-modules

2020-01-30 10:02:25 +01:00
parent edc39bfffd
commit a5e51972ec
37 changed files with 3 additions and 4 deletions
@@ -0,0 +1,13 @@
+package com.baeldung.integrationtesting;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
+
+@Configuration
+@EnableGlobalMethodSecurity(
+    prePostEnabled = true,
+    securedEnabled = true)
+public class MethodSecurityConfigurer extends GlobalMethodSecurityConfiguration {
+
+}
@@ -0,0 +1,13 @@
+package com.baeldung.integrationtesting;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class SecuredApplication {
+
+    public static void main(String[] args) {
+        SpringApplication.run(SecuredApplication.class, args);
+    }
+
+}
@@ -0,0 +1,21 @@
+package com.baeldung.integrationtesting;
+
+import java.util.Arrays;
+import java.util.List;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+public class SecuredController {
+
+    @GetMapping("/public/hello")
+    public List<String> publicHello() {
+        return Arrays.asList("Hello", "World", "from", "Public");
+    }
+
+    @GetMapping("/private/hello")
+    public List<String> privateHello() {
+        return Arrays.asList("Hello", "World", "from", "Private");
+    }
+
+}
@@ -0,0 +1,13 @@
+package com.baeldung.integrationtesting;
+
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.stereotype.Service;
+
+@Service
+public class SecuredService {
+
+    @PreAuthorize("authenticated")
+    public String sayHelloSecured() {
+        return "Hello user.";
+    }
+}
@@ -0,0 +1,40 @@
+package com.baeldung.integrationtesting;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+
+@Configuration
+public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        
+        BCryptPasswordEncoder encoder = passwordEncoder();
+        
+        auth.inMemoryAuthentication()
+            .passwordEncoder(encoder)
+            .withUser("spring")
+            .password(encoder.encode("secret"))
+            .roles("USER");
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.authorizeRequests()
+            .antMatchers("/private/**")
+            .hasRole("USER")
+            .antMatchers("/public/**")
+            .permitAll()
+            .and()
+            .httpBasic();
+    }
+
+    @Bean
+    public BCryptPasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+}
@@ -0,0 +1,15 @@
+package com.baeldung.springbootsecurity.autoconfig;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
+
+@SpringBootApplication(exclude = {
+  SecurityAutoConfiguration.class
+  //    ,ManagementWebSecurityAutoConfiguration.class
+}, scanBasePackages = "com.baeldung.springbootsecurity.autoconfig")
+public class SpringBootSecurityApplication {
+    public static void main(String[] args) {
+        SpringApplication.run(SpringBootSecurityApplication.class, args);
+    }
+}
@@ -0,0 +1,38 @@
+package com.baeldung.springbootsecurity.autoconfig.config;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.factory.PasswordEncoderFactories;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+@Configuration
+@EnableWebSecurity
+public class BasicConfiguration extends WebSecurityConfigurerAdapter {
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+    	PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
+    	auth
+          .inMemoryAuthentication()
+          .withUser("user")
+          .password(encoder.encode("password"))
+          .roles("USER")
+          .and()
+          .withUser("admin")
+          .password(encoder.encode("admin"))cl
+          .roles("USER", "ADMIN");
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http
+          .authorizeRequests()
+          .anyRequest()
+          .authenticated()
+          .and()
+          .httpBasic();
+    }
+}
@@ -0,0 +1,30 @@
+package com.baeldung.springbootsecurity.oauth2resource;
+
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.builder.SpringApplicationBuilder;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@EnableResourceServer
+@SpringBootApplication(scanBasePackages = "com.baeldung.springbootsecurity.oauth2resource")
+public class SpringBootOAuth2ResourceApplication {
+
+    public static void main(String[] args) {
+        new SpringApplicationBuilder()
+          .profiles("resource")
+          .sources(SpringBootOAuth2ResourceApplication.class)
+          .build()
+          .run(args);
+    }
+
+    @RestController
+    class SecuredResourceController {
+
+        @GetMapping("/securedResource")
+        public String securedResource() {
+            return "Baeldung Secured Resource OK";
+        }
+
+    }
+}
@@ -0,0 +1,47 @@
+package com.baeldung.springbootsecurity.oauth2server;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.annotation.CurrentSecurityContext;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.security.Principal;
+
+@EnableResourceServer
+@EnableAuthorizationServer
+@SpringBootApplication(scanBasePackages = "com.baeldung.springbootsecurity.oauth2server")
+public class SpringBootAuthorizationServerApplication {
+
+    private static final Logger logger = LoggerFactory.getLogger(SpringBootAuthorizationServerApplication.class);
+
+    public static void main(String[] args) {
+        SpringApplication.run(SpringBootAuthorizationServerApplication.class, args);
+    }
+
+    @RestController
+    class UserController {
+
+        @GetMapping("/user")
+        public Principal user(Principal user) {
+            return user;
+        }
+
+        @GetMapping("/authentication")
+        public Object getAuthentication(@CurrentSecurityContext(expression = "authentication") Authentication authentication) {
+            logger.info("authentication -> {}", authentication);
+            return authentication.getDetails();
+        }
+
+        @GetMapping("/principal")
+        public String getPrincipal(@CurrentSecurityContext(expression = "authentication.principal") Principal principal) {
+            logger.info("principal -> {}", principal);
+            return principal.getName();
+        }
+    }
+}
@@ -0,0 +1,18 @@
+package com.baeldung.springbootsecurity.oauth2server.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+@Configuration
+@Profile("authz")
+public class AuthenticationMananagerConfig extends WebSecurityConfigurerAdapter {
+
+    @Bean
+    @Override
+    public AuthenticationManager authenticationManagerBean() throws Exception {
+        return super.authenticationManagerBean();
+    }
+}
@@ -0,0 +1,46 @@
+package com.baeldung.springbootsecurity.oauth2server.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
+
+@Configuration
+@Profile("authz")
+public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
+
+    @Autowired
+    private AuthenticationManager authenticationManager;
+
+    @Override
+    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
+        endpoints.authenticationManager(authenticationManager);
+    }
+
+    @Override
+    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
+        clients
+          .inMemory()
+          .withClient("baeldung")
+          .secret(passwordEncoder().encode("baeldung"))
+          .authorizedGrantTypes("client_credentials", "password", "authorization_code")
+          .scopes("openid", "read")
+          .autoApprove(true)
+          .and()
+          .withClient("baeldung-admin")
+          .secret(passwordEncoder().encode("baeldung"))
+          .authorizedGrantTypes("authorization_code", "client_credentials", "refresh_token")
+          .scopes("read", "write")
+          .autoApprove(true);
+    }
+    
+    @Bean
+    public BCryptPasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+}
@@ -0,0 +1,17 @@
+package com.baeldung.springbootsecurity.oauth2server.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+@Configuration
+@Profile("!authz")
+public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
+
+    @Bean
+    public AuthenticationManager customAuthenticationManager() throws Exception {
+        return authenticationManager();
+    }
+}
@@ -0,0 +1,19 @@
+package com.baeldung.springbootsecurity.oauth2sso;
+
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
+import org.springframework.boot.builder.SpringApplicationBuilder;
+
+@EnableOAuth2Sso
+@SpringBootApplication(scanBasePackages = "com.baeldung.springbootsecurity.oauth2sso")
+public class SpringBootOAuth2SsoApplication {
+
+    public static void main(String[] args) {
+        new SpringApplicationBuilder()
+          .profiles("sso")
+          .sources(SpringBootOAuth2SsoApplication.class)
+          .build()
+          .run(args);
+    }
+}
@@ -0,0 +1,14 @@
+package com.baeldung.springsecuritytaglibs;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+@Controller
+@RequestMapping("/")
+public class HomeController {
+    
+    @RequestMapping
+    public String home() {
+        return "home";
+    }
+}
@@ -0,0 +1,9 @@
+package com.baeldung.springsecuritytaglibs;
+
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.context.annotation.PropertySource;
+
+@SpringBootApplication
+@PropertySource("classpath:application-taglibs.properties")
+public class SpringBootSecurityTagLibsApplication {
+}
@@ -0,0 +1,40 @@
+package com.baeldung.springsecuritytaglibs.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+
+@Configuration
+@EnableWebSecurity
+public class SpringBootSecurityTagLibsConfig extends WebSecurityConfigurerAdapter {
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        BCryptPasswordEncoder encoder = passwordEncoder();
+        auth.inMemoryAuthentication()
+            .passwordEncoder(encoder)
+            .withUser("testUser")
+            .password(encoder.encode("password"))
+            .roles("ADMIN");
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        // @formatter:off
+        http.csrf()
+                .and()
+            .authorizeRequests()
+                .antMatchers("/userManagement").hasRole("ADMIN")
+                .anyRequest().permitAll().and().httpBasic();
+        // @formatter:on
+    }
+    
+    @Bean
+    public BCryptPasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+}
@@ -0,0 +1,3 @@
+spring.security.user.password=password
+security.oauth2.client.client-id=client
+security.oauth2.client.client-secret=secret
@@ -0,0 +1,2 @@
+server.port=8081
+security.oauth2.resource.userInfoUri=http://localhost:8080/user
@@ -0,0 +1,9 @@
+server.port=8082
+security.oauth2.client.clientId=<generated_app_id>
+security.oauth2.client.clientSecret=<app_secret>
+security.oauth2.client.accessTokenUri=https://graph.facebook.com/oauth/access_token
+security.oauth2.client.userAuthorizationUri=https://www.facebook.com/dialog/oauth
+security.oauth2.client.tokenName=oauth_token
+security.oauth2.client.authenticationScheme=query
+security.oauth2.client.clientAuthenticationScheme=form
+security.oauth2.resource.userInfoUri=https://graph.facebook.com/me
@@ -0,0 +1,3 @@
+#jsp config
+spring.mvc.view.prefix= /WEB-INF/views/
+spring.mvc.view.suffix= .jsp
@@ -0,0 +1,4 @@
+#spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration
+#security.user.password=password
+#security.oauth2.client.client-id=client
+#security.oauth2.client.client-secret=secret
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+        <encoder>
+            <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n
+            </pattern>
+        </encoder>
+    </appender>
+
+    <root level="INFO">
+        <appender-ref ref="STDOUT" />
+    </root>
+</configuration>
@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>Index</title>
+</head>
+<body>
+Welcome to Baeldung Secured Page !!!
+</body>
+</html>
@@ -0,0 +1,38 @@
+<%@ page language="java" contentType="text/html; charset=UTF-8"
+    pageEncoding="UTF-8"%>
+<%@ taglib prefix="sec"
+    uri="http://www.springframework.org/security/tags"%>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<sec:csrfMetaTags />
+<title>Home Page</title>
+</head>
+<body>    
+    <sec:authorize access="!isAuthenticated()">
+        Login
+    </sec:authorize>
+    
+    <sec:authorize access="isAuthenticated()">
+        Logout
+    </sec:authorize>
+    
+    <sec:authorize access="isAuthenticated()">
+        <h2>
+            Welcome back, <sec:authentication property="name" />
+        </h2>         
+        <sec:authorize access="hasRole('ADMIN')">
+            Manage Users
+        </sec:authorize>
+        <form method="post">
+            <sec:csrfInput />
+            Text Field: <br /> <input type="text" name="textField" />
+            <input type="submit" value="Submit form with CSRF input">
+        </form>
+        <sec:authorize url="/userManagement">
+            <a href="/userManagement">Manage Users</a>
+        </sec:authorize>
+    </sec:authorize>
+</body>
+</html>