java ee 8 security api

java-ee-8-security-api/app-auth-basic-store-db/src/main/java/com/baeldung/javaee/security/AdminServlet.java

@@ -0,0 +1,22 @@
+package com.baeldung.javaee.security;
+
+import javax.servlet.ServletException;
+import javax.servlet.annotation.HttpConstraint;
+import javax.servlet.annotation.ServletSecurity;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+@WebServlet("/admin")
+@ServletSecurity(value = @HttpConstraint(rolesAllowed = {"admin_role"}))
+public class AdminServlet extends HttpServlet {
+
+    @Override
+    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+        response.getWriter().append("User :" + request.getUserPrincipal().getName() + "\n");
+        response.getWriter().append("User in Role user_role :" + request.isUserInRole("user_role") + "\n");
+        response.getWriter().append("User in Role admin_role :" + request.isUserInRole("admin_role"));
+    }
+}

java-ee-8-security-api/app-auth-basic-store-db/src/main/java/com/baeldung/javaee/security/AppConfig.java

@@ -0,0 +1,16 @@
+package com.baeldung.javaee.security;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.security.enterprise.authentication.mechanism.http.BasicAuthenticationMechanismDefinition;
+import javax.security.enterprise.authentication.mechanism.http.CustomFormAuthenticationMechanismDefinition;
+import javax.security.enterprise.identitystore.DatabaseIdentityStoreDefinition;
+
+@BasicAuthenticationMechanismDefinition(realmName = "defaultRealm")
+@DatabaseIdentityStoreDefinition(
+        dataSourceLookup = "java:comp/env/jdbc/securityDS",
+        callerQuery = "select password from users where username = ?",
+        groupsQuery = "select GROUPNAME from groups where username = ?"
+)
+@ApplicationScoped
+public class AppConfig {
+}

java-ee-8-security-api/app-auth-basic-store-db/src/main/java/com/baeldung/javaee/security/DatabaseSetupServlet.java

@@ -0,0 +1,59 @@
+package com.baeldung.javaee.security;
+
+import javax.annotation.Resource;
+import javax.annotation.sql.DataSourceDefinition;
+import javax.inject.Inject;
+import javax.security.enterprise.identitystore.Pbkdf2PasswordHash;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.sql.DataSource;
+import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.SQLException;
+
+@DataSourceDefinition(
+        name = "java:comp/env/jdbc/securityDS",
+        className = "org.h2.jdbcx.JdbcDataSource",
+        url = "jdbc:h2:~/securityTest;MODE=Oracle"
+)
+@WebServlet(value = "/init", loadOnStartup = 0)
+public class DatabaseSetupServlet extends HttpServlet {
+
+    @Resource(lookup = "java:comp/env/jdbc/securityDS")
+    private DataSource dataSource;
+
+    @Inject
+    private Pbkdf2PasswordHash passwordHash;
+
+    @Override
+    public void init() throws ServletException {
+        super.init();
+        initdb();
+    }
+
+    private void initdb() {
+        executeUpdate(dataSource, "DROP TABLE IF EXISTS USERS");
+        executeUpdate(dataSource, "DROP TABLE IF EXISTS GROUPS");
+
+        executeUpdate(dataSource, "CREATE TABLE IF NOT EXISTS USERS(username VARCHAR(64) PRIMARY KEY, password VARCHAR(255))");
+        executeUpdate(dataSource, "CREATE TABLE IF NOT EXISTS GROUPS(username VARCHAR(64), GROUPNAME VARCHAR(64))");
+
+        executeUpdate(dataSource, "INSERT INTO USERS VALUES('admin', '" + passwordHash.generate("passadmin".toCharArray()) + "')");
+        executeUpdate(dataSource, "INSERT INTO USERS VALUES('user', '" + passwordHash.generate("passuser".toCharArray()) + "')");
+
+        executeUpdate(dataSource, "INSERT INTO GROUPS VALUES('admin', 'admin_role')");
+        executeUpdate(dataSource, "INSERT INTO GROUPS VALUES('admin', 'user_role')");
+        executeUpdate(dataSource, "INSERT INTO GROUPS VALUES('user', 'user_role')");
+    }
+
+    private void executeUpdate(DataSource dataSource, String query) {
+        try (Connection connection = dataSource.getConnection()) {
+            try (PreparedStatement statement = connection.prepareStatement(query)) {
+                statement.executeUpdate();
+            }
+        } catch (SQLException e) {
+            throw new IllegalStateException(e);
+        }
+    }
+}

java-ee-8-security-api/app-auth-basic-store-db/src/main/java/com/baeldung/javaee/security/UserServlet.java

@@ -0,0 +1,25 @@
+package com.baeldung.javaee.security;
+
+import javax.annotation.security.DeclareRoles;
+import javax.inject.Inject;
+import javax.security.enterprise.SecurityContext;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.HttpConstraint;
+import javax.servlet.annotation.ServletSecurity;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+
+@WebServlet("/user")
+@ServletSecurity(value = @HttpConstraint(rolesAllowed = {"user_role"}))
+public class UserServlet extends HttpServlet {
+    @Override
+    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+        response.getWriter().append("User :" + request.getUserPrincipal().getName() + "\n");
+        response.getWriter().append("User in Role user_role :" + request.isUserInRole("user_role") + "\n");
+        response.getWriter().append("User in Role admin_role :" + request.isUserInRole("admin_role"));
+    }
+}

java-ee-8-security-api/app-auth-basic-store-db/src/main/liberty/config/server.xml

@@ -0,0 +1,9 @@
+<server description="OpenLiberty MicroProfile server">
+
+    <featureManager>
+        <feature>webProfile-8.0</feature>
+    </featureManager>
+
+    <httpEndpoint httpPort="${default.http.port}" httpsPort="${default.https.port}"
+                  id="defaultHttpEndpoint" host="*"/>
+</server>