gogools
diff --git a/‎spring-security/getting-started/SecureApplication/pom.xml‎
Lines changed: 52 additions & 0 deletions b/‎spring-security/getting-started/SecureApplication/pom.xml‎
Lines changed: 52 additions & 0 deletions
diff --git a/‎spring-security/getting-started/SecureApplication/src/main/java/com/reflectoring/security/config/BasicAuthProperties.java‎
Lines changed: 58 additions & 0 deletions b/‎spring-security/getting-started/SecureApplication/src/main/java/com/reflectoring/security/config/BasicAuthProperties.java‎
Lines changed: 58 additions & 0 deletions
diff --git a/‎spring-security/getting-started/SecureApplication/src/main/java/com/reflectoring/security/config/SecurityConfiguration.java‎
Lines changed: 118 additions & 4 deletions b/‎spring-security/getting-started/SecureApplication/src/main/java/com/reflectoring/security/config/SecurityConfiguration.java‎
Lines changed: 118 additions & 4 deletions
diff --git a/‎spring-security/getting-started/SecureApplication/src/main/java/com/reflectoring/security/exception/CommonException.java‎
Lines changed: 29 additions & 0 deletions b/‎spring-security/getting-started/SecureApplication/src/main/java/com/reflectoring/security/exception/CommonException.java‎
Lines changed: 29 additions & 0 deletions
diff --git a/‎spring-security/getting-started/SecureApplication/src/main/java/com/reflectoring/security/exception/UserAuthenticationErrorHandler.java‎
Lines changed: 34 additions & 0 deletions b/‎spring-security/getting-started/SecureApplication/src/main/java/com/reflectoring/security/exception/UserAuthenticationErrorHandler.java‎
Lines changed: 34 additions & 0 deletions
diff --git a/‎spring-security/getting-started/SecureApplication/src/main/java/com/reflectoring/security/exception/UserForbiddenErrorHandler.java‎
Lines changed: 28 additions & 0 deletions b/‎spring-security/getting-started/SecureApplication/src/main/java/com/reflectoring/security/exception/UserForbiddenErrorHandler.java‎
Lines changed: 28 additions & 0 deletions
@@ -40,6 +40,37 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-thymeleaf</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.projectlombok</groupId>
+			<artifactId>lombok</artifactId>
+			<version>1.18.20</version>
+			<scope>provided</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.projectlombok</groupId>
+			<artifactId>lombok-mapstruct-binding</artifactId>
+			<version>0.2.0</version>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-data-jpa</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.mapstruct</groupId>
+			<artifactId>mapstruct</artifactId>
+			<version>1.4.2.Final</version>
+		</dependency>
+		<dependency>
+			<groupId>org.hsqldb</groupId>
+			<artifactId>hsqldb</artifactId>
+			<version>2.4.0</version>
+			<scope>runtime</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.zalando</groupId>
+			<artifactId>problem-spring-web</artifactId>
+			<version>0.27.0</version>
+		</dependency>
 	</dependencies>
 
 	<build>
@@ -48,6 +79,27 @@
 				<groupId>org.springframework.boot</groupId>
 				<artifactId>spring-boot-maven-plugin</artifactId>
 			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-compiler-plugin</artifactId>
+				<version>3.8.0</version>
+				<configuration>
+					<source>11</source>
+					<target>11</target>
+					<annotationProcessorPaths>
+						<path>
+							<groupId>org.projectlombok</groupId>
+							<artifactId>lombok</artifactId>
+							<version>1.18.20</version>
+						</path>
+						<path>
+							<groupId>org.mapstruct</groupId>
+							<artifactId>mapstruct-processor</artifactId>
+							<version>1.4.2.Final</version>
+						</path>
+					</annotationProcessorPaths>
+				</configuration>
+			</plugin>
 		</plugins>
 	</build>
 
 
@@ -0,0 +1,58 @@
+package com.reflectoring.security.config;
+
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.crypto.factory.PasswordEncoderFactories;
+
+import java.util.Map;
+import java.util.Set;
+import java.util.stream.Collectors;
+
+@ConfigurationProperties(prefix = "auth")
+public class BasicAuthProperties {
+
+    private Map<String, UserDetail> users;
+
+    public Map<String, UserDetail> getUsers() {
+        return users;
+    }
+
+    public void setUsers(Map<String, UserDetail> users) {
+        this.users = users;
+    }
+
+    public Set<UserDetails> getUserDetails() {
+        return this.users.entrySet().stream()
+                .map(entry -> User.withUsername(entry.getKey())
+                        .passwordEncoder(PasswordEncoderFactories.createDelegatingPasswordEncoder()::encode)
+                        .password(entry.getValue().getPassword())
+                        .roles(entry.getValue().getRole().toUpperCase())
+                        .build())
+                .collect(Collectors.toSet());
+    }
+
+    private static class UserDetail {
+
+        private String password;
+
+        private String role;
+
+        public String getPassword() {
+            return password;
+        }
+
+        public void setPassword(String password) {
+            this.password = password;
+        }
+
+        public String getRole() {
+            return role;
+        }
+
+        public void setRole(String role) {
+            this.role = role;
+        }
+    }
+
+}
@@ -1,21 +1,87 @@
 package com.reflectoring.security.config;
 
+import com.reflectoring.security.exception.UserAuthenticationErrorHandler;
+import com.reflectoring.security.exception.UserForbiddenErrorHandler;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.Customizer;
+import org.springframework.core.annotation.Order;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
 import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 
 @Configuration
 @EnableWebSecurity
+@EnableConfigurationProperties(BasicAuthProperties.class)
 public class SecurityConfiguration {
 
+    private final BasicAuthProperties props;
+
+    public SecurityConfiguration(BasicAuthProperties props) {
+        this.props = props;
+    }
+
+    @Bean
+    @Order(1)
+    public SecurityFilterChain bookFilterChain(HttpSecurity http) throws Exception {
+        http
+                .csrf().disable()
+                .sessionManagement(session -> session
+                        .sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+                .antMatcher("/library/**")
+                .authorizeRequests()
+                .antMatchers(HttpMethod.GET, "/library/**").hasRole("USER").anyRequest().authenticated()
+                .and()
+                .httpBasic()
+                .and()
+                .exceptionHandling(exception -> exception
+                        .authenticationEntryPoint(userAuthenticationErrorHandler())
+                        .accessDeniedHandler(new UserForbiddenErrorHandler()));
+
+        return http.build();
+    }
+
+    @Bean
+    public WebSecurityCustomizer webSecurityCustomizer() {
+        return (web) -> web.ignoring().antMatchers("/library/info");
+    }
+
+    @Bean
+    public UserDetailsService userDetailsService() {
+        return new InMemoryUserDetailsManager(props.getUserDetails());
+    }
+
+    /*@Bean
+    public AuthenticationManager authenticationManager(HttpSecurity http) throws Exception {
+
+        var builder = http.getSharedObject(AuthenticationManagerBuilder.class)
+                .userDetailsService(new InMemoryUserDetailsManager(props.getUserDetails()));
+        return builder.and().build();
+    }*/
+
+    @Bean
+    public AuthenticationEntryPoint userAuthenticationErrorHandler() {
+        UserAuthenticationErrorHandler userAuthenticationErrorHandler =
+                new UserAuthenticationErrorHandler();
+        userAuthenticationErrorHandler.setRealmName("Basic Authentication");
+        return userAuthenticationErrorHandler;
+    }
+
+    /*@Bean
+    public UsernamePasswordAuthenticationFilter usernamePasswordAuthenticationFilter(HttpSecurity http) throws Exception {
+
+        //AuthenticationEntryPoint authenticationEntryPoint = new UserAuthenticationErrorHandler();
+        return new UsernamePasswordAuthenticationFilter(authenticationManager(http));
+    }*/
+
     public static final String[] ENDPOINTS_WHITELIST = {
             "/css/**",
-            "/",
             "/login",
             "/home"
     };
@@ -26,12 +92,14 @@ public class SecurityConfiguration {
     public static final String PASSWORD = "password";
 
     @Bean
+    @Order(1)
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         // Requests
         http.authorizeRequests(request -> request.antMatchers(ENDPOINTS_WHITELIST).permitAll()
                         .anyRequest().authenticated())
                 // CSRF
                 .csrf().disable()
+                .antMatcher("/login")
                 //.formLogin(Customizer.withDefaults())
                 .formLogin(form -> form
                         .loginPage(LOGIN_URL)
@@ -53,8 +121,54 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                         .maximumSessions(1)
                         .maxSessionsPreventsLogin(true));
 
-
         return http.build();
     }
+
+        /*private AuthenticationFilter authenticationFilter(HttpSecurity http) {
+            AuthenticationFilter filter = new AuthenticationFilter(
+                    resolver(http), authenticationConverter());
+            filter.setSuccessHandler((request, response, auth) -> {});
+            return filter;
+        }
+
+        public AuthenticationConverter authenticationConverter() {
+            return new BasicAuthenticationConverter();
+        }
+
+        public AuthenticationManagerResolver<HttpServletRequest> resolver(HttpSecurity http) {
+            return request -> {
+                if (request.getPathInfo().contains("login")) {
+                    try {
+                        return customAuthenticationManager(http);
+                    } catch (Exception e) {
+                        e.printStackTrace();
+                    }
+                }
+                return null;
+            };
+        }
+
+        public AuthenticationManager customAuthenticationManager(HttpSecurity http)
+                throws Exception {
+            return http.getSharedObject(AuthenticationManagerBuilder.class)
+                    .userDetailsService(userDetailsService())
+                    .passwordEncoder(passwordEncoder())
+                    .and()
+                    .build();
+        }
+
+        public InMemoryUserDetailsManager userDetailsService() {
+            UserDetails admin = User.withUsername("user")
+                    .password(passwordEncoder().encode("userpass"))
+                    .roles("USER")
+                    .build();
+            return new InMemoryUserDetailsManager(admin);
+        }
+
+        public PasswordEncoder passwordEncoder() {
+            return new BCryptPasswordEncoder();
+        }*/
+
+
 }
 
@@ -0,0 +1,29 @@
+package com.reflectoring.security.exception;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonInclude;
+import org.zalando.problem.AbstractThrowableProblem;
+import org.zalando.problem.StatusType;
+
+import static com.fasterxml.jackson.annotation.JsonInclude.Include.NON_EMPTY;
+import static org.zalando.problem.Status.FORBIDDEN;
+import static org.zalando.problem.Status.UNAUTHORIZED;
+
+@JsonInclude(NON_EMPTY)
+@JsonIgnoreProperties({"stackTrace", "type", "title", "message", "localizedMessage", "parameters"})
+public class CommonException extends AbstractThrowableProblem {
+
+    private CommonException(StatusType status, String detail) {
+        super(null, null, status, detail, null, null, null);
+    }
+
+    public static CommonException unauthorized() {
+        return new CommonException(UNAUTHORIZED, "Unauthorised or Bad Credentials");
+    }
+
+    public static CommonException forbidden() {
+        return new CommonException(FORBIDDEN, "Forbidden");
+    }
+
+
+}
@@ -0,0 +1,34 @@
+package com.reflectoring.security.exception;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.io.PrintWriter;
+
+public class UserAuthenticationErrorHandler extends BasicAuthenticationEntryPoint {
+    private final ObjectMapper objectMapper;
+
+    public UserAuthenticationErrorHandler() {
+        this.objectMapper = new ObjectMapper();
+    }
+
+    @Override
+    public void commence(HttpServletRequest request,
+                         HttpServletResponse response,
+                         AuthenticationException ex) throws IOException {
+        /*response.setContentType("application/json");
+        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+        response.getOutputStream().println(objectMapper.writeValueAsString(CommonException.unauthorized()));
+    */
+        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+        response.addHeader("WWW-Authenticate", "Basic realm=" + getRealmName() + "");
+
+        final PrintWriter writer = response.getWriter();
+        writer.println("HTTP Status 401 : " + ex.getMessage());
+    }
+
+}
@@ -0,0 +1,28 @@
+package com.reflectoring.security.exception;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.web.access.AccessDeniedHandler;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+public class UserForbiddenErrorHandler implements AccessDeniedHandler {
+
+    private final ObjectMapper objectMapper;
+
+    public UserForbiddenErrorHandler()
+    {
+        this.objectMapper = new ObjectMapper();
+    }
+
+    @Override
+    public void handle(HttpServletRequest request,
+                       HttpServletResponse response,
+                       AccessDeniedException ex) throws IOException {
+        response.setContentType("application/json");
+        response.setStatus(HttpServletResponse.SC_FORBIDDEN);
+        response.getOutputStream().println(objectMapper.writeValueAsString(CommonException.forbidden()));
+    }
+}