Moved the module to spring security modules
This commit is contained in:
+71
@@ -0,0 +1,71 @@
|
||||
package com.spring.security.kotlin.dsl
|
||||
|
||||
import org.springframework.boot.autoconfigure.SpringBootApplication
|
||||
import org.springframework.boot.runApplication
|
||||
import org.springframework.context.annotation.Configuration
|
||||
import org.springframework.context.support.beans
|
||||
import org.springframework.core.annotation.Order
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
|
||||
import org.springframework.security.config.web.servlet.invoke
|
||||
import org.springframework.security.core.userdetails.User
|
||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager
|
||||
import org.springframework.web.servlet.function.ServerResponse
|
||||
import org.springframework.web.servlet.function.router
|
||||
|
||||
@EnableWebSecurity
|
||||
@SpringBootApplication
|
||||
class SpringSecurityKotlinApplication
|
||||
|
||||
@Order(1)
|
||||
@Configuration
|
||||
class AdminSecurityConfiguration : WebSecurityConfigurerAdapter() {
|
||||
override fun configure(http: HttpSecurity?) {
|
||||
http {
|
||||
authorizeRequests {
|
||||
authorize("/greetings/**", hasAuthority("ROLE_ADMIN"))
|
||||
}
|
||||
httpBasic {}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@Configuration
|
||||
class BasicSecurityConfiguration : WebSecurityConfigurerAdapter() {
|
||||
override fun configure(http: HttpSecurity?) {
|
||||
http {
|
||||
authorizeRequests {
|
||||
authorize("/**", permitAll)
|
||||
}
|
||||
httpBasic {}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
fun main(args: Array<String>) {
|
||||
runApplication<SpringSecurityKotlinApplication>(*args) {
|
||||
addInitializers( beans {
|
||||
bean {
|
||||
fun user(user: String, password: String, vararg roles: String) =
|
||||
User
|
||||
.withDefaultPasswordEncoder()
|
||||
.username(user)
|
||||
.password(password)
|
||||
.roles(*roles)
|
||||
.build()
|
||||
|
||||
InMemoryUserDetailsManager(user("user", "password", "USER")
|
||||
, user("admin", "password", "USER", "ADMIN"))
|
||||
}
|
||||
|
||||
bean {
|
||||
router {
|
||||
GET("/greetings") {
|
||||
request -> request.principal().map { it.name }.map { ServerResponse.ok().body(mapOf("greeting" to "Hello $it")) }.orElseGet { ServerResponse.badRequest().build() }
|
||||
}
|
||||
}
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
+1
@@ -0,0 +1 @@
|
||||
server.port=9090
|
||||
+35
@@ -0,0 +1,35 @@
|
||||
package com.spring.security.kotlin.dsl
|
||||
|
||||
import org.junit.jupiter.api.Test
|
||||
import org.junit.runner.RunWith
|
||||
import org.springframework.beans.factory.annotation.Autowired
|
||||
import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc
|
||||
import org.springframework.boot.test.context.SpringBootTest
|
||||
import org.springframework.security.test.context.support.WithMockUser
|
||||
import org.springframework.test.context.junit4.SpringRunner
|
||||
import org.springframework.test.web.servlet.MockMvc
|
||||
import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.*
|
||||
import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user
|
||||
import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic
|
||||
import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated
|
||||
import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.unauthenticated
|
||||
import org.springframework.test.web.servlet.get
|
||||
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*
|
||||
import org.springframework.test.web.servlet.result.MockMvcResultMatchers.status
|
||||
|
||||
@RunWith(SpringRunner::class)
|
||||
@SpringBootTest
|
||||
@AutoConfigureMockMvc
|
||||
class SpringSecurityKotlinApplicationTests {
|
||||
|
||||
@Autowired
|
||||
private lateinit var mockMvc: MockMvc
|
||||
|
||||
@Test
|
||||
fun `ordinary user not permitted to access the endpoint`() {
|
||||
this.mockMvc
|
||||
.perform(get("/greetings")
|
||||
.with(httpBasic("user", "password")))
|
||||
.andExpect(unauthenticated())
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user