moving spring-security-config module classes to spring-security-web-boot3

2021-10-13 16:39:17 +05:30
parent ebf1b91b7f
commit 13d9e44671
19 changed files with 15 additions and 168 deletions
--- a/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/cachecontrol/AppRunner.java
+++ b/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/cachecontrol/AppRunner.java
@@ -0,0 +1,12 @@
+package com.baeldung.cachecontrol;
+
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class AppRunner {
+    public static void main(String[] args) {
+        SpringApplication.run(AppRunner.class, args);
+    }
+}
--- a/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/cachecontrol/ResourceEndpoint.java
+++ b/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/cachecontrol/ResourceEndpoint.java
@@ -0,0 +1,48 @@
+package com.baeldung.cachecontrol;
+
+import com.baeldung.cachecontrol.model.TimestampDto;
+import com.baeldung.cachecontrol.model.UserDto;
+import org.springframework.http.CacheControl;
+import org.springframework.http.ResponseEntity;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+
+import java.time.LocalDateTime;
+import java.time.ZoneOffset;
+import java.util.concurrent.TimeUnit;
+
+@Controller
+public class ResourceEndpoint {
+
+    @GetMapping(value = "/default/users/{name}")
+    public ResponseEntity<UserDto> getUserWithDefaultCaching(@PathVariable String name) {
+        return ResponseEntity.ok(new UserDto(name));
+    }
+
+    @GetMapping("/users/{name}")
+    public ResponseEntity<UserDto> getUser(@PathVariable String name) {
+        return ResponseEntity
+          .ok()
+          .cacheControl(CacheControl.maxAge(60, TimeUnit.SECONDS))
+          .body(new UserDto(name));
+    }
+
+    @GetMapping("/timestamp")
+    public ResponseEntity<TimestampDto> getServerTimestamp() {
+        return ResponseEntity
+          .ok()
+          .cacheControl(CacheControl.noStore())
+          .body(new TimestampDto(LocalDateTime
+            .now()
+            .toInstant(ZoneOffset.UTC)
+            .toEpochMilli()));
+    }
+
+    @GetMapping("/private/users/{name}")
+    public ResponseEntity<UserDto> getUserNotCached(@PathVariable String name) {
+        return ResponseEntity
+          .ok()
+          .body(new UserDto(name));
+    }
+}
--- a/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/cachecontrol/config/SpringSecurityConfig.java
+++ b/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/cachecontrol/config/SpringSecurityConfig.java
@@ -0,0 +1,17 @@
+package com.baeldung.cachecontrol.config;
+
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+@Configuration
+@EnableWebSecurity
+@EnableGlobalMethodSecurity(prePostEnabled = true)
+public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {}
+}
--- a/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/cachecontrol/model/TimestampDto.java
+++ b/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/cachecontrol/model/TimestampDto.java
@@ -0,0 +1,10 @@
+package com.baeldung.cachecontrol.model;
+
+
+public class TimestampDto {
+    public final Long timestamp;
+
+    public TimestampDto(Long timestamp) {
+        this.timestamp = timestamp;
+    }
+}
--- a/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/cachecontrol/model/UserDto.java
+++ b/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/cachecontrol/model/UserDto.java
@@ -0,0 +1,11 @@
+package com.baeldung.cachecontrol.model;
+
+
+public class UserDto {
+    public final String name;
+
+    public UserDto(String name) {
+        this.name = name;
+    }
+
+}
--- a/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/cors/basicauth/SpringBootSecurityApplication.java
+++ b/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/cors/basicauth/SpringBootSecurityApplication.java
@@ -0,0 +1,14 @@
+package com.baeldung.cors.basicauth;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication(scanBasePackages = "com.baeldung.cors")
+@EnableAutoConfiguration
+public class SpringBootSecurityApplication {
+
+    public static void main(String[] args) {
+        SpringApplication.run(SpringBootSecurityApplication.class, args);
+    }
+}
--- a/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/cors/basicauth/config/WebSecurityConfig.java
+++ b/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/cors/basicauth/config/WebSecurityConfig.java
@@ -0,0 +1,19 @@
+package com.baeldung.cors.basicauth.config;
+
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+@EnableWebSecurity
+public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http
+            .authorizeRequests()
+                .anyRequest().authenticated()
+                .and()
+            .httpBasic();
+       http.cors(); //disable this line to reproduce the CORS 401
+    }
+}
--- a/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/cors/controller/ResourceController.java
+++ b/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/cors/controller/ResourceController.java
@@ -0,0 +1,17 @@
+package com.baeldung.cors.controller;
+
+import org.springframework.web.bind.annotation.CrossOrigin;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.security.Principal;
+
+@RestController
+@CrossOrigin("http://localhost:4200")
+public class ResourceController {
+
+    @GetMapping("/user")
+    public String user(Principal principal) {
+        return principal.getName();
+    }
+}
--- a/spring-security-modules/spring-security-web-boot-3/src/test/java/com/baeldung/cachecontrol/ResourceEndpointIntegrationTest.java
+++ b/spring-security-modules/spring-security-web-boot-3/src/test/java/com/baeldung/cachecontrol/ResourceEndpointIntegrationTest.java
@@ -0,0 +1,48 @@
+package com.baeldung.cachecontrol;
+
+import io.restassured.http.ContentType;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.web.server.LocalServerPort;
+import org.springframework.test.context.junit4.SpringRunner;
+
+import static io.restassured.RestAssured.given;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT, classes = AppRunner.class)
+public class ResourceEndpointIntegrationTest {
+
+    @LocalServerPort
+    private int serverPort;
+
+    @Test
+    public void whenGetRequestForUser_shouldRespondWithDefaultCacheHeaders() {
+        given().when().get(getBaseUrl() + "/default/users/Michael").then().headers("Cache-Control", "no-cache, no-store, max-age=0, must-revalidate").header("Pragma", "no-cache");
+    }
+
+    @Test
+    public void whenGetRequestForUser_shouldRespondMaxAgeCacheControl() {
+        given().when().get(getBaseUrl() + "/users/Michael").then().header("Cache-Control", "max-age=60");
+    }
+
+    @Test
+    public void givenServiceEndpoint_whenGetRequestForUser_shouldResponseWithCacheControlMaxAge() {
+        given().when().get(getBaseUrl() + "/users/Michael").then().contentType(ContentType.JSON).and().statusCode(200).and().header("Cache-Control", "max-age=60");
+    }
+
+    @Test
+    public void givenServiceEndpoint_whenGetRequestForNotCacheableContent_shouldResponseWithCacheControlNoCache() {
+        given().when().get(getBaseUrl() + "/timestamp").then().contentType(ContentType.JSON).and().statusCode(200).and().header("Cache-Control", "no-store");
+    }
+
+    @Test
+    public void givenServiceEndpoint_whenGetRequestForPrivateUser_shouldResponseWithSecurityDefaultCacheControl() {
+        given().when().get(getBaseUrl() + "/private/users/Michael").then().contentType(ContentType.JSON).and().statusCode(200).and().header("Cache-Control", "no-cache, no-store, max-age=0, must-revalidate");
+    }
+
+    private String getBaseUrl() {
+        return String.format("http://localhost:%d", serverPort);
+    }
+
+}
--- a/spring-security-modules/spring-security-web-boot-3/src/test/java/com/baeldung/cachecontrol/SpringContextTest.java
+++ b/spring-security-modules/spring-security-web-boot-3/src/test/java/com/baeldung/cachecontrol/SpringContextTest.java
@@ -0,0 +1,15 @@
+package com.baeldung.cachecontrol;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.junit4.SpringRunner;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest(classes = AppRunner.class)
+public class SpringContextTest {
+
+    @Test
+    public void whenSpringContextIsBootstrapped_thenNoExceptions() {
+    }
+}
--- a/spring-security-modules/spring-security-web-boot-3/src/test/java/com/baeldung/cors/ResourceControllerUnitTest.java
+++ b/spring-security-modules/spring-security-web-boot-3/src/test/java/com/baeldung/cors/ResourceControllerUnitTest.java
@@ -0,0 +1,41 @@
+package com.baeldung.cors;
+
+import com.baeldung.cors.basicauth.SpringBootSecurityApplication;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers;
+import org.springframework.test.context.junit4.SpringRunner;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.setup.MockMvcBuilders;
+import org.springframework.web.context.WebApplicationContext;
+
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.options;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest(classes = { SpringBootSecurityApplication.class })
+public class ResourceControllerUnitTest {
+
+    private MockMvc mockMvc;
+
+    @Autowired
+    private WebApplicationContext wac;
+
+    @Before
+    public void setUp() {
+        this.mockMvc = MockMvcBuilders.webAppContextSetup(wac)
+            .apply(SecurityMockMvcConfigurers.springSecurity())
+            .build();
+    }
+
+    @Test
+    public void givenPreFlightRequest_whenPerfomed_shouldReturnOK() throws Exception {
+        mockMvc.perform(options("/user")
+            .header("Access-Control-Request-Method", "GET")
+            .header("Origin", "http://localhost:4200"))
+            .andExpect(status().isOk());
+    }
+}