BAEL - 1916 (#4705)

* BAEL - 1916

* BAEL - 1916

Added JUnit tests

* BAEL-1916

Renamed the project

* Renamed the project

spring-security-angular/server/src/main/java/com/baeldung/springbootsecurityrest/basicauth/SpringBootSecurityApplication.java

@@ -0,0 +1,14 @@
+package com.baeldung.springbootsecurityrest.basicauth;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication(scanBasePackages = "com.baeldung.springbootsecurityrest")
+@EnableAutoConfiguration
+public class SpringBootSecurityApplication {
+
+    public static void main(String[] args) {
+        SpringApplication.run(SpringBootSecurityApplication.class, args);
+    }
+}

spring-security-angular/server/src/main/java/com/baeldung/springbootsecurityrest/basicauth/config/BasicAuthConfiguration.java

@@ -0,0 +1,34 @@
+package com.baeldung.springbootsecurityrest.basicauth.config;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+@Configuration
+@EnableWebSecurity
+public class BasicAuthConfiguration extends WebSecurityConfigurerAdapter {
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth
+          .inMemoryAuthentication()
+          .withUser("user")
+          .password("password")
+          .roles("USER");
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.csrf().disable()
+          .authorizeRequests()
+          .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
+          .antMatchers("/login").permitAll()
+          .anyRequest()
+          .authenticated()
+          .and()
+          .httpBasic();
+    }
+}

spring-security-angular/server/src/main/java/com/baeldung/springbootsecurityrest/controller/UserController.java

@@ -0,0 +1,32 @@
+package com.baeldung.springbootsecurityrest.controller;
+
+import java.security.Principal;
+import java.util.Base64;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.springframework.web.bind.annotation.CrossOrigin;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import com.baeldung.springbootsecurityrest.vo.User;
+
+@RestController
+@CrossOrigin
+public class UserController {
+
+	@RequestMapping("/login")
+	public boolean login(@RequestBody User user) {
+		if(user.getUserName().equals("user") && user.getPassword().equals("password")) {
+			return true;
+		} 
+		return false;
+	}
+	
+	@RequestMapping("/user")
+	public Principal user(HttpServletRequest request) {
+		String authToken = request.getHeader("Authorization").substring("Basic".length()).trim();
+		return () ->  new String(Base64.getDecoder().decode(authToken)).split(":")[0];
+	}
+}

spring-security-angular/server/src/main/java/com/baeldung/springbootsecurityrest/vo/User.java

@@ -0,0 +1,21 @@
+package com.baeldung.springbootsecurityrest.vo;
+
+
+public class User {
+
+	private String userName;
+	private String password;
+	
+	public String getUserName() {
+		return userName;
+	}
+	public void setUserName(String userName) {
+		this.userName = userName;
+	}
+	public String getPassword() {
+		return password;
+	}
+	public void setPassword(String password) {
+		this.password = password;
+	}
+}

spring-security-angular/server/src/main/resources/application.properties

@@ -0,0 +1,5 @@
+#spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration
+#security.user.password=password
+#security.oauth2.client.client-id=client
+#security.oauth2.client.client-secret=secret
+server.port=8082

spring-security-angular/server/src/test/java/com/baeldung/springbootsecurityrest/BasicAuthConfigurationIntegrationTest.java

@@ -0,0 +1,87 @@
+package com.baeldung.springbootsecurityrest;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+import static org.springframework.boot.test.context.SpringBootTest.WebEnvironment.RANDOM_PORT;
+
+import java.io.IOException;
+import java.net.MalformedURLException;
+import java.net.URL;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.boot.context.embedded.LocalServerPort;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.web.client.TestRestTemplate;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.test.context.junit4.SpringRunner;
+
+import com.baeldung.springbootsecurityrest.basicauth.SpringBootSecurityApplication;
+import com.baeldung.springbootsecurityrest.vo.User;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest(webEnvironment = RANDOM_PORT, classes = SpringBootSecurityApplication.class)
+public class BasicAuthConfigurationIntegrationTest {
+
+    TestRestTemplate restTemplate;
+    URL base;
+
+    @LocalServerPort int port;
+
+    @Before
+    public void setUp() throws MalformedURLException {
+        restTemplate = new TestRestTemplate("user", "password");
+        base = new URL("http://localhost:" + port);
+    }
+
+    @Test
+    public void givenCorrectCredentials_whenLogin_ThenSuccess() throws IllegalStateException, IOException {
+    	restTemplate = new TestRestTemplate();
+    	User user = new User();
+    	user.setUserName("user");
+    	user.setPassword("password");
+        ResponseEntity<String> response = restTemplate.postForEntity(base.toString()+"/login",user, String.class);
+
+        assertEquals(HttpStatus.OK, response.getStatusCode());
+        assertTrue(response
+          .getBody()
+          .contains("true"));
+    }
+    
+    @Test
+    public void givenWrongCredentials_whenLogin_ThenReturnFalse() throws IllegalStateException, IOException {
+    	restTemplate = new TestRestTemplate();
+    	User user = new User();
+    	user.setUserName("user");
+    	user.setPassword("wrongpassword");
+        ResponseEntity<String> response = restTemplate.postForEntity(base.toString()+"/login",user, String.class);
+
+        assertEquals(HttpStatus.OK, response.getStatusCode());
+        assertTrue(response
+          .getBody()
+          .contains("false"));
+    }
+    
+    @Test
+    public void givenLoggedInUser_whenRequestsHomePage_ThenSuccess() throws IllegalStateException, IOException {
+        ResponseEntity<String> response = restTemplate.getForEntity(base.toString()+"/user", String.class);
+
+        assertEquals(HttpStatus.OK, response.getStatusCode());
+        assertTrue(response
+          .getBody()
+          .contains("user"));
+    }
+
+    @Test
+    public void givenWrongCredentials_whenRequestsHomePage_ThenUnauthorized() throws IllegalStateException, IOException {
+        restTemplate = new TestRestTemplate("user", "wrongpassword");
+        ResponseEntity<String> response = restTemplate.getForEntity(base.toString()+"/user", String.class);
+
+        assertEquals(HttpStatus.UNAUTHORIZED, response.getStatusCode());
+        assertTrue(response
+          .getBody()
+          .contains("Unauthorized"));
+    }
+}