5th labs: security

wpfat_exercises/pom.xml

@@ -66,6 +66,16 @@
             <artifactId>hibernate-validator</artifactId>
             <version>8.0.0.Final</version>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-config</artifactId>
+            <version>6.0.2</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-web</artifactId>
+            <version>6.0.2</version>
+        </dependency>
     </dependencies>
 
 </project>

wpfat_exercises/src/main/java/pl/sudra/configuration/SecurityConfiguration.java

@@ -0,0 +1,65 @@
+package pl.sudra.configuration;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
+
+@Configuration
+@EnableWebSecurity
+@EnableMethodSecurity
+public class SecurityConfiguration {
+    @Bean
+    public InMemoryUserDetailsManager userDetailsService() {
+        UserDetails user = User.withDefaultPasswordEncoder()
+                .username("user")
+                .password("user")
+                .roles("USER")
+                .build();
+        UserDetails admin = User.withDefaultPasswordEncoder()
+                .username("admin")
+                .password("admin")
+                .roles("ADMIN", "USER")
+                .build();
+        UserDetails student = User.withDefaultPasswordEncoder()
+                .username("student")
+                .password("student")
+                .roles("STUDENT")
+                .build();
+        return new InMemoryUserDetailsManager(user, admin, student);
+    }
+
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http
+                .authorizeHttpRequests((authz) -> authz
+                        .requestMatchers("/appUsers*").hasRole("ADMIN")
+                        .requestMatchers("/exampleOne").hasAuthority("ROLE_USER")
+                        .requestMatchers("/exampleTwo").hasAnyAuthority("ROLE_STUDENT", "ROLE_ADMIN")
+                        .requestMatchers("/exampleThree").hasRole("STUDENT")
+                        .requestMatchers("/login*").anonymous()
+                        .anyRequest().authenticated()
+                )
+//                .formLogin(form -> form
+//                        .permitAll()
+//                )
+                .formLogin(form -> form
+                        .loginPage("/login")
+                        .usernameParameter("login")
+                        .passwordParameter("password")
+                        .failureUrl("/login?error")
+                        .defaultSuccessUrl("/", true)
+                        .permitAll()
+                )
+                .exceptionHandling(logout -> logout
+                        .accessDeniedPage("/accessDenied")
+                )
+                .httpBasic();
+        return http.build();
+    }
+}

wpfat_exercises/src/main/java/pl/sudra/configuration/SecurityWebApplicationInitializer.java

@@ -0,0 +1,6 @@
+package pl.sudra.configuration;
+
+import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
+
+public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {
+}

wpfat_exercises/src/main/java/pl/sudra/configuration/SpringConfiguration.java

@@ -22,6 +22,7 @@ import java.util.Locale;
 @Configuration
 @EnableWebMvc
 @ComponentScan("pl.sudra")
+//@Import({SecurityConfiguration.class})
 public class SpringConfiguration implements WebMvcConfigurer {
     @Bean
     public InternalResourceViewResolver viewResolver() {

wpfat_exercises/src/main/java/pl/sudra/configuration/SpringInit.java

@@ -10,7 +10,7 @@ import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatche
 public class SpringInit extends AbstractAnnotationConfigDispatcherServletInitializer {
 
     protected Class<?>[] getRootConfigClasses() {
-        return new Class[]{SpringConfiguration.class, HibernatePersistenceConfiguration.class};
+        return new Class[]{SecurityConfiguration.class, SpringConfiguration.class, HibernatePersistenceConfiguration.class};
     }
 
     protected Class<?>[] getServletConfigClasses() {

wpfat_exercises/src/main/java/pl/sudra/controller/ExampleController.java

@@ -0,0 +1,22 @@
+package pl.sudra.controller;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+@Controller
+public class ExampleController {
+    @RequestMapping(value = "/exampleOne")
+    public String exampleOne() {
+        return "exampleOne";
+    }
+
+    @RequestMapping(value = "/exampleTwo")
+    public String exampleTwo() {
+        return "exampleTwo";
+    }
+
+    @RequestMapping(value = "/exampleThree")
+    public String exampleThree() {
+        return "exampleThree";
+    }
+}

wpfat_exercises/src/main/java/pl/sudra/controller/SpringSecurityCustomPagesController.java

@@ -0,0 +1,27 @@
+package pl.sudra.controller;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+
+@Controller
+public class SpringSecurityCustomPagesController {
+    @RequestMapping(value = "/login")
+    public String customLogin(@RequestParam(value = "error", required = false) String error,
+                              @RequestParam(value = "login", required = false) String logout,
+                              Model model) {
+        if (error != null) {
+            model.addAttribute("error", "Invalid usernameand password!");
+        }
+        if (logout != null) {
+            model.addAttribute("msg", "You've been logged out succesfully.");
+        }
+        return "login";
+    }
+
+    @RequestMapping(value = "/accessDenied")
+    public String accessDenied() {
+        return "accessDenied";
+    }
+}

wpfat_exercises/src/main/webapp/accessDenied.jsp

@@ -0,0 +1,11 @@
+<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
+<%@ page contentType="text/html;charset=UTF-8" language="java" %>
+
+<html>
+<head>
+    <title>Access denied</title>
+</head>
+<body>
+<spring:message code="label.accessDenied"/>
+</body>
+</html>

wpfat_exercises/src/main/webapp/exampleOne.jsp

@@ -0,0 +1,9 @@
+<%@ page contentType="text/html;charset=UTF-8" language="java" %>
+<html>
+<head>
+    <title>Example one</title>
+</head>
+<body>
+Example one.
+</body>
+</html>

wpfat_exercises/src/main/webapp/exampleThree.jsp

@@ -0,0 +1,9 @@
+<%@ page contentType="text/html;charset=UTF-8" language="java" %>
+<html>
+<head>
+    <title>Example three</title>
+</head>
+<body>
+Example three.
+</body>
+</html>

wpfat_exercises/src/main/webapp/exampleTwo.jsp

@@ -0,0 +1,9 @@
+<%@ page contentType="text/html;charset=UTF-8" language="java" %>
+<html>
+<head>
+    <title>Example two</title>
+</head>
+<body>
+Example Two.
+</body>
+</html>

wpfat_exercises/src/main/webapp/hello.jsp

@@ -1,3 +1,4 @@
+<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
 <%@ page contentType="text/html;charset-UTF-@" %>
 <html>
 <head>
@@ -7,6 +8,15 @@
 <h3>Hello World!</h3>
 
 <a href="${pageContext.request.contextPath}/appUsers">App Users page</a>
+<br/>
+
+<br/>
+<a href="/exampleOne"><spring:message code="label.example"/> 1</a>
+<br/>
+<a href="/exampleTwo"><spring:message code="label.example"/> 2</a>
+<br/>
+<a href="/exampleThree"><spring:message code="label.example"/> 3</a>
+<br/>
 
 <br/>
 ${serverTime}
@@ -14,5 +24,26 @@ ${serverTime}
 <br/>
 ${message}
 
+<script>
+    function formSubmit() {
+        document.getElementById("logoutForm").submit();
+    }
+</script>
+
+<%-- csrf for log out --%>
+<form action="/logout" method="post" id="logoutForm">
+    <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
+</form>
+
+<br/>
+<div>
+    <c:if test="${pageContext.request.userPrincipal.name != null}">
+        <p>
+            <spring:message code="label.welcome"/> : ${pageContext.request.userPrincipal.name}
+            <a href="javascript:formSubmit()"> Logout</a>
+        </p>
+    </c:if>
+</div>
+
 </body>
 </html>

wpfat_exercises/src/main/webapp/login.jsp

@@ -0,0 +1,76 @@
+<%@page contentType="text/html;charset=UTF-8" language="java" %>
+<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
+
+<html>
+<head>
+    <title>Login Page</title>
+    <style>
+        .error {
+            padding: 15px;
+            margin-bottom: 20px;
+            border: 1px solid transparent;
+            border-radius: 4px;
+            color: #a94442;
+            background-color: #f2dede;
+            vorder-color: #ebccd1;
+        }
+
+        .msg {
+            padding: 15px;
+            margin-bottom: 20px;
+            border: 1px solid transparent;
+            border-radius: 4px;
+            color: #31708f;
+            background-color: #d9edf7;
+            vorder-color: #bce8f1;
+        }
+
+        #login-box {
+            width: 300px;
+            padding: 20px;
+            margin: 10px auto;
+            background: #fff;
+            -webkit-border-radius: 2px;
+            -moz-border-radius: 2px;
+            border: 1px solid #000;
+        }
+    </style>
+</head>
+<body onload='document.loginForm.username.focus();'>
+<h3>Spring Security Custom Login Page</h3>
+<div id="login-box">
+    <h3>Login with Username and Password</h3>
+
+    <c:if test="${not empty error}">
+        <div class="error">${error}</div>
+    </c:if>
+    <c:if test="${not empty msg}">
+        <div class="msg">${msg}</div>
+    </c:if>
+
+    <form name='loginForm' action="<c:url value='/login'/>" method='POST'>
+        <table>
+            <tr>
+                <td>AppUser:</td>
+                <td>
+                    <input type='text' name="login" value="">
+                </td>
+            </tr>
+            <tr>
+                <td>Password:</td>
+                <td>
+                    <input type='password' name="password">
+                </td>
+            </tr>
+            <tr>
+                <td colspan="2">
+                    <input name="submit" type="submit" value="submit"/>
+                <td/>
+            </tr>
+        </table>
+
+        <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
+    </form>
+</div>
+</body>
+</html>

wpfat_exercises/src/main/webapp/resources/i18n/messages_de.properties

@@ -9,4 +9,8 @@ label.editAppUser   =   Benutzer bearbeiten
 error.field.required=   Feld ist obligatorisch
 error.email.invalid =   Falsche E-Mail-Adresse
 error.size.firstName=   Die Großße muss zwischen {min} und {max} liegen.
-# in einer alteren Version der Bibliotek {2} und {1}
+# in einer alteren Version der Bibliotek {2} und {1}
+label.welcome       =   Willkomen
+label.example       =   Beispiel
+
+label.accessDenied  =   Zugriff verweigert

wpfat_exercises/src/main/webapp/resources/i18n/messages_en.properties

@@ -9,4 +9,8 @@ label.userList      =   List of App Users
 error.field.required=   Field is required
 error.email.invalid =   Invalid email
 error.size.firstName=   Size must be between {min} and {max}.
-# in older library version {2} and {1}
+# in older library version {2} and {1}
+label.welcome       =   Welcome
+label.example       =   Example
+
+label.accessDenied  =   Access denied

wpfat_exercises/src/main/webapp/resources/i18n/messages_pl.properties

@@ -9,4 +9,8 @@ label.userList      =   Lista użytkowników aplikacji
 error.field.required=   Pole jest wymagane
 error.email.invalid =   Błędny adres mailowy
 error.size.firstName=   Długość musi być pomiędzy {min} i {max}.
-# w starszej wersji biblioteki {2} i {1}
+# w starszej wersji biblioteki {2} i {1}
+label.welcome       =   Witaj
+label.example       =   Przykład
+
+label.accessDenied  =   Odmowa dostępu