BAEL-2226

2019-02-05 00:11:09 +03:00
parent 191039ffc6
commit a0ff77a3fd
7 changed files with 183 additions and 0 deletions
--- a/spring-security-cors/src/main/java/com/baeldung/springbootsecuritycors/basicauth/SpringBootSecurityApplication.java
+++ b/spring-security-cors/src/main/java/com/baeldung/springbootsecuritycors/basicauth/SpringBootSecurityApplication.java
@@ -0,0 +1,14 @@
+package com.baeldung.springbootsecuritycors.basicauth;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication(scanBasePackages = "com.baeldung.springbootsecuritycors")
+@EnableAutoConfiguration
+public class SpringBootSecurityApplication {
+
+    public static void main(String[] args) {
+        SpringApplication.run(SpringBootSecurityApplication.class, args);
+    }
+}
--- a/spring-security-cors/src/main/java/com/baeldung/springbootsecuritycors/basicauth/config/WebSecurityConfig.java
+++ b/spring-security-cors/src/main/java/com/baeldung/springbootsecuritycors/basicauth/config/WebSecurityConfig.java
@@ -0,0 +1,33 @@
+package com.baeldung.springbootsecuritycors.basicauth.config;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+@Configuration
+@EnableWebSecurity
+public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth
+            .inMemoryAuthentication()
+                .withUser("user")
+                .password("{noop}password")
+                .roles("USER");
+    }
+
+@Override
+protected void configure(HttpSecurity http) throws Exception {
+    http
+        .csrf().disable()
+        .cors().and() //disable this line to reproduce the CORS 401
+        .authorizeRequests()
+            .anyRequest()
+            .authenticated()
+            .and()
+        .httpBasic();
+}
+}
--- a/spring-security-cors/src/main/java/com/baeldung/springbootsecuritycors/controller/ResourceController.java
+++ b/spring-security-cors/src/main/java/com/baeldung/springbootsecuritycors/controller/ResourceController.java
@@ -0,0 +1,17 @@
+package com.baeldung.springbootsecuritycors.controller;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.springframework.web.bind.annotation.CrossOrigin;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@CrossOrigin
+public class ResourceController {
+
+    @RequestMapping("/user")
+    public String user(HttpServletRequest request) {
+        return request.getUserPrincipal().getName();
+    }
+}
--- a/spring-security-cors/src/main/resources/application.properties
+++ b/spring-security-cors/src/main/resources/application.properties
@@ -0,0 +1,3 @@
+server.port=8080
+
+
--- a/spring-security-cors/src/main/resources/logback.xml
+++ b/spring-security-cors/src/main/resources/logback.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+        <encoder>
+            <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n
+            </pattern>
+        </encoder>
+    </appender>
+
+    <root level="INFO">
+        <appender-ref ref="STDOUT" />
+    </root>
+</configuration>
--- a/spring-security-cors/src/test/java/com/baeldung/springbootsecurityrest/BasicAuthConfigurationIntegrationTest.java
+++ b/spring-security-cors/src/test/java/com/baeldung/springbootsecurityrest/BasicAuthConfigurationIntegrationTest.java
@@ -0,0 +1,33 @@
+package com.baeldung.springbootsecurityrest;
+
+import static org.junit.Assert.assertEquals;
+import static org.springframework.boot.test.context.SpringBootTest.WebEnvironment.RANDOM_PORT;
+
+import java.io.IOException;
+import java.net.URISyntaxException;
+import java.net.URL;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.web.client.TestRestTemplate;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.test.context.junit4.SpringRunner;
+import org.springframework.web.client.RestClientException;
+
+import com.baeldung.springbootsecuritycors.basicauth.SpringBootSecurityApplication;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest(webEnvironment = RANDOM_PORT, classes = SpringBootSecurityApplication.class)
+public class BasicAuthConfigurationIntegrationTest {
+
+    @Test
+    public void givenCredentials_whenRequested_thenLogin() throws IllegalStateException, IOException, RestClientException, URISyntaxException {
+        TestRestTemplate restTemplate = new TestRestTemplate();
+        URL base = new URL("http://192.168.1.101:8082/user");
+        ResponseEntity<String> response = restTemplate.withBasicAuth("user", "password").postForEntity(base.toURI(), null, String.class);
+        assertEquals(HttpStatus.OK, response.getStatusCode());
+    }
+    
+}