Merge pull request #8648 from kwoyke/BAEL-20886

BAEL-20886: Move spring-boot-security into spring-boot-modules

spring-boot-modules/pom.xml

@@ -46,6 +46,7 @@
         <module>spring-boot-properties</module>
         <module>spring-boot-property-exp</module>
         <module>spring-boot-runtime</module>
+        <module>spring-boot-security</module>
         <module>spring-boot-springdoc</module>
         <module>spring-boot-testing</module>
         <module>spring-boot-vue</module>

spring-boot-modules/spring-boot-security/README.md

@@ -0,0 +1,19 @@
+## Spring Boot Security
+
+This module contains articles about Spring Boot Security
+
+### Relevant Articles:
+
+- [Spring Boot Security Auto-Configuration](https://www.baeldung.com/spring-boot-security-autoconfiguration)
+- [Spring Security for Spring Boot Integration Tests](https://www.baeldung.com/spring-security-integration-tests)
+- [Introduction to Spring Security Taglibs](https://www.baeldung.com/spring-security-taglibs)
+
+### Spring Boot Security Auto-Configuration
+
+- mvn clean install 
+- uncomment actuator dependency simultaneously with the line from basic auth main class
+- uncomment security properties for easy testing. If not random will be generated.
+
+### CURL commands
+
+- curl -X POST -u baeldung-admin:baeldung -d grant_type=client_credentials -d username=baeldung-admin -d password=baeldung http://localhost:8080/oauth/token

spring-boot-modules/spring-boot-security/pom.xml

@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <artifactId>spring-boot-security</artifactId>
+    <name>spring-boot-security</name>
+    <description>Spring Boot Security Auto-Configuration</description>
+    <packaging>jar</packaging>
+
+    <parent>
+        <groupId>com.baeldung</groupId>
+        <artifactId>parent-boot-2</artifactId>
+        <version>0.0.1-SNAPSHOT</version>
+        <relativePath>../../parent-boot-2</relativePath>
+    </parent>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security.oauth</groupId>
+            <artifactId>spring-security-oauth2</artifactId>
+            <version>2.4.0.RELEASE</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-core</artifactId>
+            <version>5.2.1.RELEASE</version>
+        </dependency>
+        <dependency>
+            <groupId>commons-io</groupId>
+            <artifactId>commons-io</artifactId>
+            <version>2.6</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security.oauth.boot</groupId>
+            <artifactId>spring-security-oauth2-autoconfigure</artifactId>
+            <version>2.2.2.RELEASE</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+
+        <!-- security taglib -->
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-taglibs</artifactId>
+        </dependency>
+
+        <!-- JSTL -->
+        <dependency>
+            <groupId>org.apache.tomcat.embed</groupId>
+            <artifactId>tomcat-embed-jasper</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>jstl</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-test</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-test</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-autoconfigure</artifactId>
+<!--            <version>2.1.1.RELEASE</version>-->
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+            </plugin>
+        </plugins>
+    </build>
+
+    <properties>
+        <start-class>com.baeldung.springbootsecurity.basic_auth.SpringBootSecurityApplication</start-class>
+    </properties>
+
+</project>

spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/integrationtesting/MethodSecurityConfigurer.java

@@ -0,0 +1,13 @@
+package com.baeldung.integrationtesting;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
+
+@Configuration
+@EnableGlobalMethodSecurity(
+    prePostEnabled = true,
+    securedEnabled = true)
+public class MethodSecurityConfigurer extends GlobalMethodSecurityConfiguration {
+
+}

spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/integrationtesting/SecuredApplication.java

@@ -0,0 +1,13 @@
+package com.baeldung.integrationtesting;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class SecuredApplication {
+
+    public static void main(String[] args) {
+        SpringApplication.run(SecuredApplication.class, args);
+    }
+
+}

spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/integrationtesting/SecuredController.java

@@ -0,0 +1,21 @@
+package com.baeldung.integrationtesting;
+
+import java.util.Arrays;
+import java.util.List;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+public class SecuredController {
+
+    @GetMapping("/public/hello")
+    public List<String> publicHello() {
+        return Arrays.asList("Hello", "World", "from", "Public");
+    }
+
+    @GetMapping("/private/hello")
+    public List<String> privateHello() {
+        return Arrays.asList("Hello", "World", "from", "Private");
+    }
+
+}

spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/integrationtesting/SecuredService.java

@@ -0,0 +1,13 @@
+package com.baeldung.integrationtesting;
+
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.stereotype.Service;
+
+@Service
+public class SecuredService {
+
+    @PreAuthorize("authenticated")
+    public String sayHelloSecured() {
+        return "Hello user.";
+    }
+}

spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/integrationtesting/WebSecurityConfigurer.java

@@ -0,0 +1,40 @@
+package com.baeldung.integrationtesting;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+
+@Configuration
+public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        
+        BCryptPasswordEncoder encoder = passwordEncoder();
+        
+        auth.inMemoryAuthentication()
+            .passwordEncoder(encoder)
+            .withUser("spring")
+            .password(encoder.encode("secret"))
+            .roles("USER");
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.authorizeRequests()
+            .antMatchers("/private/**")
+            .hasRole("USER")
+            .antMatchers("/public/**")
+            .permitAll()
+            .and()
+            .httpBasic();
+    }
+
+    @Bean
+    public BCryptPasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+}

spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/springbootsecurity/autoconfig/SpringBootSecurityApplication.java

@@ -0,0 +1,15 @@
+package com.baeldung.springbootsecurity.autoconfig;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
+
+@SpringBootApplication(exclude = {
+  SecurityAutoConfiguration.class
+  //    ,ManagementWebSecurityAutoConfiguration.class
+}, scanBasePackages = "com.baeldung.springbootsecurity.autoconfig")
+public class SpringBootSecurityApplication {
+    public static void main(String[] args) {
+        SpringApplication.run(SpringBootSecurityApplication.class, args);
+    }
+}

spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/springbootsecurity/autoconfig/config/BasicConfiguration.java

@@ -0,0 +1,38 @@
+package com.baeldung.springbootsecurity.autoconfig.config;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.factory.PasswordEncoderFactories;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+@Configuration
+@EnableWebSecurity
+public class BasicConfiguration extends WebSecurityConfigurerAdapter {
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+    	PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
+    	auth
+          .inMemoryAuthentication()
+          .withUser("user")
+          .password(encoder.encode("password"))
+          .roles("USER")
+          .and()
+          .withUser("admin")
+          .password(encoder.encode("admin"))
+          .roles("USER", "ADMIN");
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http
+          .authorizeRequests()
+          .anyRequest()
+          .authenticated()
+          .and()
+          .httpBasic();
+    }
+}

spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/springbootsecurity/oauth2resource/SpringBootOAuth2ResourceApplication.java

@@ -0,0 +1,30 @@
+package com.baeldung.springbootsecurity.oauth2resource;
+
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.builder.SpringApplicationBuilder;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@EnableResourceServer
+@SpringBootApplication(scanBasePackages = "com.baeldung.springbootsecurity.oauth2resource")
+public class SpringBootOAuth2ResourceApplication {
+
+    public static void main(String[] args) {
+        new SpringApplicationBuilder()
+          .profiles("resource")
+          .sources(SpringBootOAuth2ResourceApplication.class)
+          .build()
+          .run(args);
+    }
+
+    @RestController
+    class SecuredResourceController {
+
+        @GetMapping("/securedResource")
+        public String securedResource() {
+            return "Baeldung Secured Resource OK";
+        }
+
+    }
+}

spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/springbootsecurity/oauth2server/SpringBootAuthorizationServerApplication.java

@@ -0,0 +1,47 @@
+package com.baeldung.springbootsecurity.oauth2server;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.annotation.CurrentSecurityContext;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.security.Principal;
+
+@EnableResourceServer
+@EnableAuthorizationServer
+@SpringBootApplication(scanBasePackages = "com.baeldung.springbootsecurity.oauth2server")
+public class SpringBootAuthorizationServerApplication {
+
+    private static final Logger logger = LoggerFactory.getLogger(SpringBootAuthorizationServerApplication.class);
+
+    public static void main(String[] args) {
+        SpringApplication.run(SpringBootAuthorizationServerApplication.class, args);
+    }
+
+    @RestController
+    class UserController {
+
+        @GetMapping("/user")
+        public Principal user(Principal user) {
+            return user;
+        }
+
+        @GetMapping("/authentication")
+        public Object getAuthentication(@CurrentSecurityContext(expression = "authentication") Authentication authentication) {
+            logger.info("authentication -> {}", authentication);
+            return authentication.getDetails();
+        }
+
+        @GetMapping("/principal")
+        public String getPrincipal(@CurrentSecurityContext(expression = "authentication.principal") Principal principal) {
+            logger.info("principal -> {}", principal);
+            return principal.getName();
+        }
+    }
+}

spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/springbootsecurity/oauth2server/config/AuthenticationMananagerConfig.java

@@ -0,0 +1,18 @@
+package com.baeldung.springbootsecurity.oauth2server.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+@Configuration
+@Profile("authz")
+public class AuthenticationMananagerConfig extends WebSecurityConfigurerAdapter {
+
+    @Bean
+    @Override
+    public AuthenticationManager authenticationManagerBean() throws Exception {
+        return super.authenticationManagerBean();
+    }
+}

spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/springbootsecurity/oauth2server/config/AuthorizationServerConfig.java

@@ -0,0 +1,46 @@
+package com.baeldung.springbootsecurity.oauth2server.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
+
+@Configuration
+@Profile("authz")
+public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
+
+    @Autowired
+    private AuthenticationManager authenticationManager;
+
+    @Override
+    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
+        endpoints.authenticationManager(authenticationManager);
+    }
+
+    @Override
+    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
+        clients
+          .inMemory()
+          .withClient("baeldung")
+          .secret(passwordEncoder().encode("baeldung"))
+          .authorizedGrantTypes("client_credentials", "password", "authorization_code")
+          .scopes("openid", "read")
+          .autoApprove(true)
+          .and()
+          .withClient("baeldung-admin")
+          .secret(passwordEncoder().encode("baeldung"))
+          .authorizedGrantTypes("authorization_code", "client_credentials", "refresh_token")
+          .scopes("read", "write")
+          .autoApprove(true);
+    }
+    
+    @Bean
+    public BCryptPasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+}

spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/springbootsecurity/oauth2server/config/WebSecurityConfiguration.java

@@ -0,0 +1,17 @@
+package com.baeldung.springbootsecurity.oauth2server.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+@Configuration
+@Profile("!authz")
+public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
+
+    @Bean
+    public AuthenticationManager customAuthenticationManager() throws Exception {
+        return authenticationManager();
+    }
+}

spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/springbootsecurity/oauth2sso/SpringBootOAuth2SsoApplication.java

@@ -0,0 +1,19 @@
+package com.baeldung.springbootsecurity.oauth2sso;
+
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
+import org.springframework.boot.builder.SpringApplicationBuilder;
+
+@EnableOAuth2Sso
+@SpringBootApplication(scanBasePackages = "com.baeldung.springbootsecurity.oauth2sso")
+public class SpringBootOAuth2SsoApplication {
+
+    public static void main(String[] args) {
+        new SpringApplicationBuilder()
+          .profiles("sso")
+          .sources(SpringBootOAuth2SsoApplication.class)
+          .build()
+          .run(args);
+    }
+}

spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/springsecuritytaglibs/HomeController.java

@@ -0,0 +1,14 @@
+package com.baeldung.springsecuritytaglibs;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+@Controller
+@RequestMapping("/")
+public class HomeController {
+    
+    @RequestMapping
+    public String home() {
+        return "home";
+    }
+}

spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/springsecuritytaglibs/SpringBootSecurityTagLibsApplication.java

@@ -0,0 +1,9 @@
+package com.baeldung.springsecuritytaglibs;
+
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.context.annotation.PropertySource;
+
+@SpringBootApplication
+@PropertySource("classpath:application-taglibs.properties")
+public class SpringBootSecurityTagLibsApplication {
+}

spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/springsecuritytaglibs/config/SpringBootSecurityTagLibsConfig.java

@@ -0,0 +1,40 @@
+package com.baeldung.springsecuritytaglibs.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+
+@Configuration
+@EnableWebSecurity
+public class SpringBootSecurityTagLibsConfig extends WebSecurityConfigurerAdapter {
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        BCryptPasswordEncoder encoder = passwordEncoder();
+        auth.inMemoryAuthentication()
+            .passwordEncoder(encoder)
+            .withUser("testUser")
+            .password(encoder.encode("password"))
+            .roles("ADMIN");
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        // @formatter:off
+        http.csrf()
+                .and()
+            .authorizeRequests()
+                .antMatchers("/userManagement").hasRole("ADMIN")
+                .anyRequest().permitAll().and().httpBasic();
+        // @formatter:on
+    }
+    
+    @Bean
+    public BCryptPasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+}

spring-boot-modules/spring-boot-security/src/main/resources/application-authz.properties

@@ -0,0 +1,3 @@
+spring.security.user.password=password
+security.oauth2.client.client-id=client
+security.oauth2.client.client-secret=secret

spring-boot-modules/spring-boot-security/src/main/resources/application-resource.properties

@@ -0,0 +1,2 @@
+server.port=8081
+security.oauth2.resource.userInfoUri=http://localhost:8080/user

spring-boot-modules/spring-boot-security/src/main/resources/application-sso.properties

@@ -0,0 +1,9 @@
+server.port=8082
+security.oauth2.client.clientId=<generated_app_id>
+security.oauth2.client.clientSecret=<app_secret>
+security.oauth2.client.accessTokenUri=https://graph.facebook.com/oauth/access_token
+security.oauth2.client.userAuthorizationUri=https://www.facebook.com/dialog/oauth
+security.oauth2.client.tokenName=oauth_token
+security.oauth2.client.authenticationScheme=query
+security.oauth2.client.clientAuthenticationScheme=form
+security.oauth2.resource.userInfoUri=https://graph.facebook.com/me

spring-boot-modules/spring-boot-security/src/main/resources/application-taglibs.properties

@@ -0,0 +1,3 @@
+#jsp config
+spring.mvc.view.prefix= /WEB-INF/views/
+spring.mvc.view.suffix= .jsp

spring-boot-modules/spring-boot-security/src/main/resources/application.properties

@@ -0,0 +1,4 @@
+#spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration
+#security.user.password=password
+#security.oauth2.client.client-id=client
+#security.oauth2.client.client-secret=secret

spring-boot-modules/spring-boot-security/src/main/resources/logback.xml

@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+        <encoder>
+            <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n
+            </pattern>
+        </encoder>
+    </appender>
+
+    <root level="INFO">
+        <appender-ref ref="STDOUT" />
+    </root>
+</configuration>

spring-boot-modules/spring-boot-security/src/main/resources/static/index.html

@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>Index</title>
+</head>
+<body>
+Welcome to Baeldung Secured Page !!!
+</body>
+</html>

spring-boot-modules/spring-boot-security/src/main/webapp/WEB-INF/views/home.jsp

@@ -0,0 +1,38 @@
+<%@ page language="java" contentType="text/html; charset=UTF-8"
+    pageEncoding="UTF-8"%>
+<%@ taglib prefix="sec"
+    uri="http://www.springframework.org/security/tags"%>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<sec:csrfMetaTags />
+<title>Home Page</title>
+</head>
+<body>    
+    <sec:authorize access="!isAuthenticated()">
+        Login
+    </sec:authorize>
+    
+    <sec:authorize access="isAuthenticated()">
+        Logout
+    </sec:authorize>
+    
+    <sec:authorize access="isAuthenticated()">
+        <h2>
+            Welcome back, <sec:authentication property="name" />
+        </h2>         
+        <sec:authorize access="hasRole('ADMIN')">
+            Manage Users
+        </sec:authorize>
+        <form method="post">
+            <sec:csrfInput />
+            Text Field: <br /> <input type="text" name="textField" />
+            <input type="submit" value="Submit form with CSRF input">
+        </form>
+        <sec:authorize url="/userManagement">
+            <a href="/userManagement">Manage Users</a>
+        </sec:authorize>
+    </sec:authorize>
+</body>
+</html>

spring-boot-modules/spring-boot-security/src/test/java/com/baeldung/integrationtesting/SecuredControllerRestTemplateIntegrationTest.java

@@ -0,0 +1,34 @@
+package com.baeldung.integrationtesting;
+
+import static org.junit.Assert.assertEquals;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.boot.test.web.client.TestRestTemplate;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.test.context.junit4.SpringRunner;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)
+public class SecuredControllerRestTemplateIntegrationTest {
+
+    @Autowired
+    private TestRestTemplate template;
+
+    @Test
+    public void givenRequestOnPrivateService_shouldFailWith401() throws Exception {
+        ResponseEntity<String> result = template.getForEntity("/private/hello", String.class);
+        assertEquals(HttpStatus.UNAUTHORIZED, result.getStatusCode());
+    }
+
+    @Test
+    public void givenAuthRequestOnPrivateService_shouldSucceedWith200() throws Exception {
+        ResponseEntity<String> result = template.withBasicAuth("spring", "secret")
+            .getForEntity("/private/hello", String.class);
+        assertEquals(HttpStatus.OK, result.getStatusCode());
+    }
+
+}

spring-boot-modules/spring-boot-security/src/test/java/com/baeldung/integrationtesting/SecuredControllerSpringBootIntegrationTest.java

@@ -0,0 +1,52 @@
+package com.baeldung.integrationtesting;
+
+import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.http.MediaType;
+import org.springframework.security.test.context.support.WithMockUser;
+import org.springframework.test.context.junit4.SpringRunner;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.setup.MockMvcBuilders;
+import org.springframework.web.context.WebApplicationContext;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)
+public class SecuredControllerSpringBootIntegrationTest {
+
+    @Autowired
+    private WebApplicationContext context;
+
+    private MockMvc mvc;
+
+    @Before
+    public void setup() {
+        mvc = MockMvcBuilders
+                .webAppContextSetup(context)
+                .apply(springSecurity())
+                .build();
+    }
+
+    @Test
+    public void givenRequestOnPrivateService_shouldFailWith401() throws Exception {
+        mvc.perform(get("/private/hello")
+                        .contentType(MediaType.APPLICATION_JSON))
+                    .andExpect(status().isUnauthorized());
+    }
+
+    @WithMockUser("spring")
+    @Test
+    public void givenAuthRequestOnPrivateService_shouldSucceedWith200() throws Exception {
+        mvc.perform(get("/private/hello")
+                .contentType(MediaType.APPLICATION_JSON))
+            .andExpect(status().isOk());
+    }
+
+}

spring-boot-modules/spring-boot-security/src/test/java/com/baeldung/integrationtesting/SecuredControllerWebMvcIntegrationTest.java

@@ -0,0 +1,39 @@
+package com.baeldung.integrationtesting;
+
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
+import org.springframework.http.MediaType;
+import org.springframework.security.test.context.support.WithMockUser;
+import org.springframework.test.context.junit4.SpringRunner;
+import org.springframework.test.web.servlet.MockMvc;
+
+import com.baeldung.integrationtesting.SecuredController;
+
+@RunWith(SpringRunner.class)
+@WebMvcTest(SecuredController.class)
+public class SecuredControllerWebMvcIntegrationTest {
+
+    @Autowired
+    private MockMvc mvc;
+
+    @Test
+    public void givenRequestOnPrivateService_shouldFailWith401() throws Exception {
+        mvc.perform(get("/private/hello")
+                        .contentType(MediaType.APPLICATION_JSON))
+                    .andExpect(status().isUnauthorized());
+    }
+
+    @WithMockUser(value = "spring")
+    @Test
+    public void givenAuthRequestOnPrivateService_shouldSucceedWith200() throws Exception {
+        mvc.perform(get("/private/hello")
+                .contentType(MediaType.APPLICATION_JSON))
+            .andExpect(status().isOk());
+    }
+
+}

spring-boot-modules/spring-boot-security/src/test/java/com/baeldung/integrationtesting/SecuredMethodSpringBootIntegrationTest.java

@@ -0,0 +1,32 @@
+package com.baeldung.integrationtesting;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
+import org.springframework.security.test.context.support.WithMockUser;
+import org.springframework.test.context.junit4.SpringRunner;
+
+import com.baeldung.integrationtesting.SecuredService;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest
+public class SecuredMethodSpringBootIntegrationTest {
+
+    @Autowired
+    private SecuredService service;
+
+    @Test(expected = AuthenticationCredentialsNotFoundException.class)
+    public void givenUnauthenticated_whenCallService_thenThrowsException() {
+        service.sayHelloSecured();
+    }
+
+    @WithMockUser(username="spring")
+    @Test
+    public void givenAuthenticated_whenCallServiceWithSecured_thenOk() {
+        assertThat(service.sayHelloSecured()).isNotBlank();
+    }   
+}

spring-boot-modules/spring-boot-security/src/test/java/com/baeldung/springbootsecurity/autoconfig/config/BasicConfigurationIntegrationTest.java

@@ -0,0 +1,56 @@
+package com.baeldung.springbootsecurity.autoconfig.config;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static org.springframework.boot.test.context.SpringBootTest.WebEnvironment.RANDOM_PORT;
+
+import java.io.IOException;
+import java.net.MalformedURLException;
+import java.net.URL;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.web.client.TestRestTemplate;
+import org.springframework.boot.web.server.LocalServerPort;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.test.context.junit4.SpringRunner;
+
+import com.baeldung.springbootsecurity.autoconfig.SpringBootSecurityApplication;
+@RunWith(SpringRunner.class)
+@SpringBootTest(webEnvironment = RANDOM_PORT, classes = SpringBootSecurityApplication.class)
+public class BasicConfigurationIntegrationTest {
+
+    TestRestTemplate restTemplate;
+    URL base;
+
+    @LocalServerPort int port;
+
+    @Before
+    public void setUp() throws MalformedURLException {
+        restTemplate = new TestRestTemplate("user", "password");
+        base = new URL("http://localhost:" + port);
+    }
+
+    @Test
+    public void whenLoggedUserRequestsHomePage_ThenSuccess() throws IllegalStateException, IOException {
+        ResponseEntity<String> response = restTemplate.getForEntity(base.toString(), String.class);
+
+        assertEquals(HttpStatus.OK, response.getStatusCode());
+        assertTrue(response
+          .getBody()
+          .contains("Baeldung"));
+    }
+
+    @Test
+    public void whenUserWithWrongCredentials_thenUnauthorizedPage() throws IllegalStateException, IOException {
+        restTemplate = new TestRestTemplate("user", "wrongpassword");
+        ResponseEntity<String> response = restTemplate.getForEntity(base.toString(), String.class);
+
+        assertEquals(HttpStatus.UNAUTHORIZED, response.getStatusCode());
+        assertNull(response.getBody());
+    }
+}

spring-boot-modules/spring-boot-security/src/test/java/com/baeldung/springbootsecurity/oauth2server/CustomConfigAuthorizationServerIntegrationTest.java

@@ -0,0 +1,89 @@
+package com.baeldung.springbootsecurity.oauth2server;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.web.server.LocalServerPort;
+import org.springframework.security.oauth2.client.OAuth2RestTemplate;
+import org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException;
+import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsResourceDetails;
+import org.springframework.security.oauth2.common.OAuth2AccessToken;
+import org.springframework.test.context.ActiveProfiles;
+import org.springframework.test.context.junit4.SpringRunner;
+
+import java.net.URL;
+import java.util.regex.Pattern;
+
+import static java.util.Collections.singletonList;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+import static org.springframework.boot.test.context.SpringBootTest.WebEnvironment.RANDOM_PORT;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest(webEnvironment = RANDOM_PORT, classes = SpringBootAuthorizationServerApplication.class)
+@ActiveProfiles("authz")
+public class CustomConfigAuthorizationServerIntegrationTest extends OAuth2IntegrationTestSupport {
+
+    @LocalServerPort
+    private int port;
+
+    @Before
+    public void setUp() throws Exception {
+        base = new URL("http://localhost:" + port);
+    }
+
+    @Test
+    public void givenOAuth2Context_whenAccessTokenIsRequested_ThenAccessTokenValueIsNotNull() {
+        ClientCredentialsResourceDetails resourceDetails = getClientCredentialsResourceDetails("baeldung", singletonList("read"));
+        OAuth2RestTemplate restTemplate = getOAuth2RestTemplate(resourceDetails);
+
+        OAuth2AccessToken accessToken = restTemplate.getAccessToken();
+
+        assertNotNull(accessToken);
+    }
+
+    @Test
+    public void givenOAuth2Context_whenAccessingAuthentication_ThenRespondTokenDetails() {
+        ClientCredentialsResourceDetails resourceDetails = getClientCredentialsResourceDetails("baeldung", singletonList("read"));
+        OAuth2RestTemplate restTemplate = getOAuth2RestTemplate(resourceDetails);
+
+        String authentication = executeGetRequest(restTemplate, "/authentication");
+
+        Pattern pattern = Pattern.compile("\\{\"remoteAddress\":\".*" +
+                "\",\"sessionId\":null,\"tokenValue\":\".*" +
+                "\",\"tokenType\":\"Bearer\",\"decodedDetails\":null}");
+        assertTrue("authentication", pattern.matcher(authentication).matches());
+    }
+
+    @Test
+    public void givenOAuth2Context_whenAccessingPrincipal_ThenRespondBaeldung() {
+        ClientCredentialsResourceDetails resourceDetails = getClientCredentialsResourceDetails("baeldung", singletonList("read"));
+        OAuth2RestTemplate restTemplate = getOAuth2RestTemplate(resourceDetails);
+
+        String principal = executeGetRequest(restTemplate, "/principal");
+
+        assertEquals("baeldung", principal);
+    }
+
+    @Test(expected = OAuth2AccessDeniedException.class)
+    public void givenOAuth2Context_whenAccessTokenIsRequestedWithInvalidException_ThenExceptionIsThrown() {
+        ClientCredentialsResourceDetails resourceDetails = getClientCredentialsResourceDetails("baeldung", singletonList("write"));
+        OAuth2RestTemplate restTemplate = getOAuth2RestTemplate(resourceDetails);
+
+        restTemplate.getAccessToken();
+    }
+
+    @Test
+    public void givenOAuth2Context_whenAccessTokenIsRequestedByClientWithWriteScope_ThenAccessTokenIsNotNull() {
+        ClientCredentialsResourceDetails resourceDetails = getClientCredentialsResourceDetails("baeldung-admin", singletonList("write"));
+        OAuth2RestTemplate restTemplate = getOAuth2RestTemplate(resourceDetails);
+
+        OAuth2AccessToken accessToken = restTemplate.getAccessToken();
+
+        assertNotNull(accessToken);
+    }
+
+}
+

spring-boot-modules/spring-boot-security/src/test/java/com/baeldung/springbootsecurity/oauth2server/DefaultConfigAuthorizationServerIntegrationTest.java

@@ -0,0 +1,32 @@
+package com.baeldung.springbootsecurity.oauth2server;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.security.oauth2.client.OAuth2RestTemplate;
+import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsResourceDetails;
+import org.springframework.security.oauth2.common.OAuth2AccessToken;
+import org.springframework.test.context.junit4.SpringRunner;
+
+import static java.util.Arrays.asList;
+import static org.junit.Assert.assertNotNull;
+import static org.springframework.boot.test.context.SpringBootTest.WebEnvironment.RANDOM_PORT;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest(webEnvironment = RANDOM_PORT, classes = SpringBootAuthorizationServerApplication.class,
+                properties = { "security.oauth2.client.client-id=client", "security.oauth2.client.client-secret=baeldung" })
+public class DefaultConfigAuthorizationServerIntegrationTest extends OAuth2IntegrationTestSupport {
+
+    @Test
+    public void givenOAuth2Context_whenAccessTokenIsRequested_ThenAccessTokenValueIsNotNull() {
+        ClientCredentialsResourceDetails resourceDetails = getClientCredentialsResourceDetails("client", asList("read", "write"));
+        OAuth2RestTemplate restTemplate = getOAuth2RestTemplate(resourceDetails);
+
+        OAuth2AccessToken accessToken = restTemplate.getAccessToken();
+
+        assertNotNull(accessToken);
+
+    }
+
+}
+

spring-boot-modules/spring-boot-security/src/test/java/com/baeldung/springbootsecurity/oauth2server/OAuth2IntegrationTestSupport.java

@@ -0,0 +1,53 @@
+package com.baeldung.springbootsecurity.oauth2server;
+
+import org.apache.commons.io.IOUtils;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
+import org.springframework.security.oauth2.client.DefaultOAuth2ClientContext;
+import org.springframework.security.oauth2.client.OAuth2RestTemplate;
+import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsResourceDetails;
+import org.springframework.web.client.RequestCallback;
+import org.springframework.web.client.ResponseExtractor;
+
+import java.net.URL;
+import java.nio.charset.Charset;
+import java.util.List;
+
+import static java.lang.String.format;
+import static java.util.Collections.singletonList;
+import static org.springframework.http.HttpMethod.GET;
+
+public class OAuth2IntegrationTestSupport {
+
+    public static final ResponseExtractor<String> EXTRACT_BODY_AS_STRING = clientHttpResponse ->
+            IOUtils.toString(clientHttpResponse.getBody(), Charset.defaultCharset());
+    private static final RequestCallback DO_NOTHING_CALLBACK = request -> {
+    };
+
+    @Value("${local.server.port}")
+    protected int port;
+
+    protected URL base;
+
+    protected ClientCredentialsResourceDetails getClientCredentialsResourceDetails(final String clientId, final List<String> scopes) {
+        ClientCredentialsResourceDetails resourceDetails = new ClientCredentialsResourceDetails();
+        resourceDetails.setAccessTokenUri(format("http://localhost:%d/oauth/token", port));
+        resourceDetails.setClientId(clientId);
+        resourceDetails.setClientSecret("baeldung");
+        resourceDetails.setScope(scopes);
+        resourceDetails.setGrantType("client_credentials");
+        return resourceDetails;
+    }
+
+    protected OAuth2RestTemplate getOAuth2RestTemplate(final ClientCredentialsResourceDetails resourceDetails) {
+        DefaultOAuth2ClientContext clientContext = new DefaultOAuth2ClientContext();
+        OAuth2RestTemplate restTemplate = new OAuth2RestTemplate(resourceDetails, clientContext);
+        restTemplate.setMessageConverters(singletonList(new MappingJackson2HttpMessageConverter()));
+        return restTemplate;
+    }
+
+    protected String executeGetRequest(OAuth2RestTemplate restTemplate, String path) {
+        return restTemplate.execute(base.toString() + path, GET, DO_NOTHING_CALLBACK, EXTRACT_BODY_AS_STRING);
+    }
+
+}

spring-boot-modules/spring-boot-security/src/test/java/com/baeldung/springsecuritytaglibs/HomeControllerUnitTest.java

@@ -0,0 +1,60 @@
+package com.baeldung.springsecuritytaglibs;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.boot.test.web.client.TestRestTemplate;
+import org.springframework.test.context.junit4.SpringRunner;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT, classes = SpringBootSecurityTagLibsApplication.class)
+public class HomeControllerUnitTest {
+
+    @Autowired
+    private TestRestTemplate restTemplate;
+
+    @Test
+    public void whenUserIsAuthenticatedThenAuthenticatedSectionsShowOnSite() throws Exception {
+        String body = this.restTemplate.withBasicAuth("testUser", "password")
+            .getForEntity("/", String.class)
+            .getBody();
+
+        // test <sec:authorize access="!isAuthenticated()">
+        assertFalse(body.contains("Login"));
+
+        // test <sec:authorize access="isAuthenticated()">
+        assertTrue(body.contains("Logout"));
+
+        // test <sec:authorize access="hasRole('ADMIN')">
+        assertTrue(body.contains("Manage Users"));
+
+        // test <sec:authentication property="principal.username" />
+        assertTrue(body.contains("testUser"));
+
+        // test <sec:authorize url="/adminOnlyURL">
+        assertTrue(body.contains("<a href=\"/userManagement\">"));
+
+        // test <sec:csrfInput />
+        assertTrue(body.contains("<input type=\"hidden\" name=\"_csrf\" value=\""));
+
+        // test <sec:csrfMetaTags />
+        assertTrue(body.contains("<meta name=\"_csrf_parameter\" content=\"_csrf\" />"));
+    }
+
+    @Test
+    public void whenUserIsNotAuthenticatedThenOnlyAnonymousSectionsShowOnSite() throws Exception {
+        String body = this.restTemplate.getForEntity("/", String.class)
+            .getBody();
+
+        // test <sec:authorize access="!isAuthenticated()">
+        assertTrue(body.contains("Login"));
+
+        // test <sec:authorize access="isAuthenticated()">
+        assertFalse(body.contains("Logout"));
+    }
+}