Примеры к занятию 23 (Spring Security Авторизация)

2026-05-23 10:50:34 +00:00 · 2020-11-21 10:22:14 +03:00
parent 65bcb51e8d
commit be2ca76887
15 changed files with 304 additions and 0 deletions
@@ -0,0 +1,10 @@
+package ru.otus.spring.data;
+
+import org.springframework.data.annotation.Id;
+import org.springframework.data.mongodb.core.mapping.Document;
+
+@Document
+public class Account {
+    @Id
+    private Integer id;
+}
@@ -0,0 +1,3 @@
+logging:
+  level:
+    root: error
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>ru.otus</groupId>
+    <artifactId>spring-framework-23-security-authorization</artifactId>
+    <version>1.0-SNAPSHOT</version>
+
+    <parent>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-starter-parent</artifactId>
+        <version>2.3.3.RELEASE</version>
+    </parent>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-thymeleaf</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+            </plugin>
+        </plugins>
+    </build>
+</project>
@@ -0,0 +1,17 @@
+package ru.otus.spring;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+
+@EnableWebSecurity
+@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
+@SpringBootApplication
+public class SpringSecurity23Sample {
+
+    public static void main( String[] args ) {
+        SpringApplication.run( SpringSecurity23Sample.class );
+    }
+
+}
@@ -0,0 +1,57 @@
+package ru.otus.spring.rest;
+
+import org.springframework.security.access.annotation.Secured;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestParam;
+import ru.otus.spring.service.MyService;
+
+@Controller
+public class PagesController {
+
+    private final MyService myService;
+
+    public PagesController(MyService myService) {
+        this.myService = myService;
+    }
+
+    @GetMapping("/")
+    public String indexPage() {
+        return "index";
+    }
+
+    @GetMapping("/public")
+    public String publicPage( ) {
+        return "public";
+    }
+
+    @GetMapping("/user")
+    public String userPage() {
+        myService.onlyUser();
+        return "user";
+    }
+
+    @GetMapping("/admin")
+    @Secured( "ADMIN" )
+    public String adminPage(  ) {
+        myService.onlyUser();
+        //myService.onlyAdmin();
+        return "admin";
+    }
+
+    @GetMapping("/authenticated")
+    public String authenticatedPage() {
+        UserDetails userDetails = (UserDetails) SecurityContextHolder
+                .getContext().getAuthentication().getPrincipal();
+        System.out.println(userDetails.getUsername());
+        return "authenticated";
+    }
+
+    @GetMapping("/success")
+    public String successPage() {
+        return "success";
+    }
+}
@@ -0,0 +1,76 @@
+package ru.otus.spring.security;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+
+import java.util.Collection;
+
+@EnableWebSecurity
+@Configuration
+public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
+
+
+    @Override
+    public void configure(WebSecurity web) {
+        web.ignoring().antMatchers("/");
+    }
+
+    @Override
+    public void configure(HttpSecurity http) throws Exception {
+        http.csrf().disable()
+                //.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                //.and()
+                .authorizeRequests().antMatchers("/public").permitAll()
+                .and()
+                .authorizeRequests().antMatchers("/authenticated", "/success").authenticated()
+                .and()
+                .authorizeRequests().antMatchers("/user").hasAnyRole( "ADMIN", "USER" )
+
+                .and()
+                .authorizeRequests().antMatchers("/admin").hasRole( "ADMIN" )
+                .and()
+                .formLogin()
+                .and()
+                .logout().logoutUrl("/logout");
+    }
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new PasswordEncoder() {
+            @Override
+            public String encode(CharSequence charSequence) {
+                return charSequence.toString();
+            }
+
+            @Override
+            public boolean matches(CharSequence charSequence, String s) {
+                return charSequence.toString().equals(s);
+            }
+        };
+    }
+
+    @Autowired
+    public void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth.inMemoryAuthentication()
+                .withUser("admin").password("password").roles("ADMIN")
+                .and()
+                .withUser("user").password("password").roles("USER")
+                .and()
+                .withUser("manager").password("manager").roles("MANAGER", "USER");
+    }
+}
@@ -0,0 +1,16 @@
+package ru.otus.spring.service;
+
+import org.springframework.security.access.annotation.Secured;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.stereotype.Service;
+
+@Service
+public class MyService {
+    @PreAuthorize("hasRole('ROLE_USER')")
+    public String onlyUser() {
+        return "My love";
+    }
+
+    @Secured( "ADMIN" )
+    public void onlyAdmin() {}
+}
@@ -0,0 +1,9 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8"/>
+</head>
+<body>
+Страница с доступом только админу
+</body>
+</html>
@@ -0,0 +1,9 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8"/>
+</head>
+<body>
+Только для аторизованных
+</body>
+</html>
@@ -0,0 +1,9 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8"/>
+</head>
+<body>
+Вам доступ запрещён!
+</body>
+</html>
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html lang="en" xmlns:th="http://www.thymeleaf.org">
+<head>
+    <meta charset="UTF-8"/>
+</head>
+<body>
+<a th:href="@{public}">/public</a>
+<br>
+<a th:href="@{authenticated}">/authenticated</a>
+<br>
+<a th:href="@{user}">/user</a>
+<br>
+<a th:href="@{admin}">/admin</a>
+</body>
+</html>
@@ -0,0 +1,9 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8"/>
+</head>
+<body>
+Доступ к MANAGER
+</body>
+</html>
@@ -0,0 +1,9 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8"/>
+</head>
+<body>
+Доступен всем
+</body>
+</html>
@@ -0,0 +1,9 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8"/>
+</head>
+<body>
+Вы успешно вошли !
+</body>
+</html>
@@ -0,0 +1,9 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8"/>
+</head>
+<body>
+Доступ к USER
+</body>
+</html>