Moved the module to spring security modules

This commit is contained in:
musibs
2020-06-12 14:18:49 +05:30
parent bc7cb6712d
commit c481591634
5 changed files with 5 additions and 5 deletions
@@ -0,0 +1,71 @@
package com.spring.security.kotlin.dsl
import org.springframework.boot.autoconfigure.SpringBootApplication
import org.springframework.boot.runApplication
import org.springframework.context.annotation.Configuration
import org.springframework.context.support.beans
import org.springframework.core.annotation.Order
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.web.servlet.invoke
import org.springframework.security.core.userdetails.User
import org.springframework.security.provisioning.InMemoryUserDetailsManager
import org.springframework.web.servlet.function.ServerResponse
import org.springframework.web.servlet.function.router
@EnableWebSecurity
@SpringBootApplication
class SpringSecurityKotlinApplication
@Order(1)
@Configuration
class AdminSecurityConfiguration : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity?) {
http {
authorizeRequests {
authorize("/greetings/**", hasAuthority("ROLE_ADMIN"))
}
httpBasic {}
}
}
}
@Configuration
class BasicSecurityConfiguration : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity?) {
http {
authorizeRequests {
authorize("/**", permitAll)
}
httpBasic {}
}
}
}
fun main(args: Array<String>) {
runApplication<SpringSecurityKotlinApplication>(*args) {
addInitializers( beans {
bean {
fun user(user: String, password: String, vararg roles: String) =
User
.withDefaultPasswordEncoder()
.username(user)
.password(password)
.roles(*roles)
.build()
InMemoryUserDetailsManager(user("user", "password", "USER")
, user("admin", "password", "USER", "ADMIN"))
}
bean {
router {
GET("/greetings") {
request -> request.principal().map { it.name }.map { ServerResponse.ok().body(mapOf("greeting" to "Hello $it")) }.orElseGet { ServerResponse.badRequest().build() }
}
}
}
})
}
}
@@ -0,0 +1,35 @@
package com.spring.security.kotlin.dsl
import org.junit.jupiter.api.Test
import org.junit.runner.RunWith
import org.springframework.beans.factory.annotation.Autowired
import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc
import org.springframework.boot.test.context.SpringBootTest
import org.springframework.security.test.context.support.WithMockUser
import org.springframework.test.context.junit4.SpringRunner
import org.springframework.test.web.servlet.MockMvc
import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.*
import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user
import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic
import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated
import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.unauthenticated
import org.springframework.test.web.servlet.get
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*
import org.springframework.test.web.servlet.result.MockMvcResultMatchers.status
@RunWith(SpringRunner::class)
@SpringBootTest
@AutoConfigureMockMvc
class SpringSecurityKotlinApplicationTests {
@Autowired
private lateinit var mockMvc: MockMvc
@Test
fun `ordinary user not permitted to access the endpoint`() {
this.mockMvc
.perform(get("/greetings")
.with(httpBasic("user", "password")))
.andExpect(unauthenticated())
}
}