From d18ed14ffc6c01d7bcc654cd06dbe41cfdfcf65c Mon Sep 17 00:00:00 2001 From: VladimirMagerov Date: Fri, 27 Feb 2026 15:05:40 +0300 Subject: [PATCH] 2025-11 spring-ss-auth-jwt --- 2025-11/spring-22-SS-auth/WebFlux/pom.xml | 62 ++++++++++++ .../java/ru/otus/spring/WebFluxStarter.java | 22 +++++ .../main/java/ru/otus/spring/data/Person.java | 41 ++++++++ .../ru/otus/spring/data/PersonRepository.java | 11 +++ .../ru/otus/spring/rest/PersonController.java | 34 +++++++ .../security/SecurityConfiguration.java | 49 ++++++++++ .../src/main/resources/application.yml | 1 + .../main/resources/static/authenticated.html | 9 ++ .../src/main/resources/static/index.html | 11 +++ .../src/main/resources/static/public.html | 9 ++ 2025-11/spring-22-SS-auth/classwork/pom.xml | 54 +++++++++++ .../spring/SpringSecurityAuthorization.java | 13 +++ .../spring/controller/PagesController.java | 60 ++++++++++++ .../controller/SecurityControllerAdvice.java | 16 +++ .../security/MethodSecurityConfiguration.java | 12 +++ .../security/SecurityConfiguration.java | 57 +++++++++++ .../ru/otus/spring/service/MyService.java | 18 ++++ .../src/main/resources/application.yml | 1 + .../src/main/resources/templates/admin.html | 9 ++ .../resources/templates/authenticated.html | 9 ++ .../src/main/resources/templates/error.html | 9 ++ .../src/main/resources/templates/index.html | 15 +++ .../src/main/resources/templates/manager.html | 9 ++ .../src/main/resources/templates/public.html | 9 ++ .../src/main/resources/templates/success.html | 9 ++ .../src/main/resources/templates/user.html | 9 ++ 2025-11/spring-22-SS-auth/jwt/pom.xml | 78 +++++++++++++++ .../java/ru/otus/security/jwt/JwtStarter.java | 12 +++ .../security/jwt/config/SecurityConfig.java | 97 +++++++++++++++++++ .../jwt/controller/HelloController.java | 14 +++ .../jwt/controller/TokenController.java | 40 ++++++++ .../jwt/src/main/resources/app.key | 28 ++++++ .../jwt/src/main/resources/app.pub | 9 ++ .../jwt/src/main/resources/application.yml | 10 ++ .../src/main/resources/templates/index.html | 11 +++ 2025-11/spring-22-SS-auth/solution2/pom.xml | 54 +++++++++++ .../spring/SpringSecurityAuthorization.java | 13 +++ .../spring/controller/PagesController.java | 58 +++++++++++ .../security/MethodSecurityConfiguration.java | 7 ++ .../security/SecurityConfiguration.java | 50 ++++++++++ .../ru/otus/spring/service/MyService.java | 13 +++ .../src/main/resources/templates/admin.html | 9 ++ .../resources/templates/authenticated.html | 9 ++ .../src/main/resources/templates/error.html | 9 ++ .../src/main/resources/templates/index.html | 17 ++++ .../src/main/resources/templates/manager.html | 9 ++ .../src/main/resources/templates/public.html | 9 ++ .../src/main/resources/templates/success.html | 9 ++ .../src/main/resources/templates/user.html | 9 ++ 49 files changed, 1132 insertions(+) create mode 100644 2025-11/spring-22-SS-auth/WebFlux/pom.xml create mode 100644 2025-11/spring-22-SS-auth/WebFlux/src/main/java/ru/otus/spring/WebFluxStarter.java create mode 100644 2025-11/spring-22-SS-auth/WebFlux/src/main/java/ru/otus/spring/data/Person.java create mode 100644 2025-11/spring-22-SS-auth/WebFlux/src/main/java/ru/otus/spring/data/PersonRepository.java create mode 100644 2025-11/spring-22-SS-auth/WebFlux/src/main/java/ru/otus/spring/rest/PersonController.java create mode 100644 2025-11/spring-22-SS-auth/WebFlux/src/main/java/ru/otus/spring/security/SecurityConfiguration.java create mode 100644 2025-11/spring-22-SS-auth/WebFlux/src/main/resources/application.yml create mode 100644 2025-11/spring-22-SS-auth/WebFlux/src/main/resources/static/authenticated.html create mode 100644 2025-11/spring-22-SS-auth/WebFlux/src/main/resources/static/index.html create mode 100644 2025-11/spring-22-SS-auth/WebFlux/src/main/resources/static/public.html create mode 100644 2025-11/spring-22-SS-auth/classwork/pom.xml create mode 100644 2025-11/spring-22-SS-auth/classwork/src/main/java/ru/otus/spring/SpringSecurityAuthorization.java create mode 100644 2025-11/spring-22-SS-auth/classwork/src/main/java/ru/otus/spring/controller/PagesController.java create mode 100644 2025-11/spring-22-SS-auth/classwork/src/main/java/ru/otus/spring/controller/SecurityControllerAdvice.java create mode 100644 2025-11/spring-22-SS-auth/classwork/src/main/java/ru/otus/spring/security/MethodSecurityConfiguration.java create mode 100644 2025-11/spring-22-SS-auth/classwork/src/main/java/ru/otus/spring/security/SecurityConfiguration.java create mode 100644 2025-11/spring-22-SS-auth/classwork/src/main/java/ru/otus/spring/service/MyService.java create mode 100644 2025-11/spring-22-SS-auth/classwork/src/main/resources/application.yml create mode 100644 2025-11/spring-22-SS-auth/classwork/src/main/resources/templates/admin.html create mode 100644 2025-11/spring-22-SS-auth/classwork/src/main/resources/templates/authenticated.html create mode 100644 2025-11/spring-22-SS-auth/classwork/src/main/resources/templates/error.html create mode 100644 2025-11/spring-22-SS-auth/classwork/src/main/resources/templates/index.html create mode 100644 2025-11/spring-22-SS-auth/classwork/src/main/resources/templates/manager.html create mode 100644 2025-11/spring-22-SS-auth/classwork/src/main/resources/templates/public.html create mode 100644 2025-11/spring-22-SS-auth/classwork/src/main/resources/templates/success.html create mode 100644 2025-11/spring-22-SS-auth/classwork/src/main/resources/templates/user.html create mode 100644 2025-11/spring-22-SS-auth/jwt/pom.xml create mode 100644 2025-11/spring-22-SS-auth/jwt/src/main/java/ru/otus/security/jwt/JwtStarter.java create mode 100644 2025-11/spring-22-SS-auth/jwt/src/main/java/ru/otus/security/jwt/config/SecurityConfig.java create mode 100644 2025-11/spring-22-SS-auth/jwt/src/main/java/ru/otus/security/jwt/controller/HelloController.java create mode 100644 2025-11/spring-22-SS-auth/jwt/src/main/java/ru/otus/security/jwt/controller/TokenController.java create mode 100644 2025-11/spring-22-SS-auth/jwt/src/main/resources/app.key create mode 100644 2025-11/spring-22-SS-auth/jwt/src/main/resources/app.pub create mode 100644 2025-11/spring-22-SS-auth/jwt/src/main/resources/application.yml create mode 100644 2025-11/spring-22-SS-auth/jwt/src/main/resources/templates/index.html create mode 100644 2025-11/spring-22-SS-auth/solution2/pom.xml create mode 100644 2025-11/spring-22-SS-auth/solution2/src/main/java/ru/otus/spring/SpringSecurityAuthorization.java create mode 100644 2025-11/spring-22-SS-auth/solution2/src/main/java/ru/otus/spring/controller/PagesController.java create mode 100644 2025-11/spring-22-SS-auth/solution2/src/main/java/ru/otus/spring/security/MethodSecurityConfiguration.java create mode 100644 2025-11/spring-22-SS-auth/solution2/src/main/java/ru/otus/spring/security/SecurityConfiguration.java create mode 100644 2025-11/spring-22-SS-auth/solution2/src/main/java/ru/otus/spring/service/MyService.java create mode 100644 2025-11/spring-22-SS-auth/solution2/src/main/resources/templates/admin.html create mode 100644 2025-11/spring-22-SS-auth/solution2/src/main/resources/templates/authenticated.html create mode 100644 2025-11/spring-22-SS-auth/solution2/src/main/resources/templates/error.html create mode 100644 2025-11/spring-22-SS-auth/solution2/src/main/resources/templates/index.html create mode 100644 2025-11/spring-22-SS-auth/solution2/src/main/resources/templates/manager.html create mode 100644 2025-11/spring-22-SS-auth/solution2/src/main/resources/templates/public.html create mode 100644 2025-11/spring-22-SS-auth/solution2/src/main/resources/templates/success.html create mode 100644 2025-11/spring-22-SS-auth/solution2/src/main/resources/templates/user.html diff --git a/2025-11/spring-22-SS-auth/WebFlux/pom.xml b/2025-11/spring-22-SS-auth/WebFlux/pom.xml new file mode 100644 index 00000000..3eda6d55 --- /dev/null +++ b/2025-11/spring-22-SS-auth/WebFlux/pom.xml @@ -0,0 +1,62 @@ + + + 4.0.0 + + ru.otus + spring-framework-27-webflux + 1.0-SNAPSHOT + + + org.springframework.boot + spring-boot-starter-parent + 3.2.5 + + + + + org.springframework.boot + spring-boot-starter-webflux + + + + org.springframework.boot + spring-boot-starter-thymeleaf + + + + org.springframework.security + spring-security-core + + + org.springframework.security + spring-security-config + + + org.springframework.security + spring-security-web + + + + org.springframework.boot + spring-boot-starter-data-mongodb-reactive + + + + de.flapdoodle.embed + de.flapdoodle.embed.mongo + 4.6.1 + + + + + + + org.springframework.boot + spring-boot-maven-plugin + + + + + diff --git a/2025-11/spring-22-SS-auth/WebFlux/src/main/java/ru/otus/spring/WebFluxStarter.java b/2025-11/spring-22-SS-auth/WebFlux/src/main/java/ru/otus/spring/WebFluxStarter.java new file mode 100644 index 00000000..7a06898e --- /dev/null +++ b/2025-11/spring-22-SS-auth/WebFlux/src/main/java/ru/otus/spring/WebFluxStarter.java @@ -0,0 +1,22 @@ +package ru.otus.spring; + +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.context.annotation.Bean; +import org.springframework.core.io.ClassPathResource; +import org.springframework.web.reactive.function.server.RouterFunction; +import org.springframework.web.reactive.function.server.RouterFunctions; +import org.springframework.web.reactive.function.server.ServerResponse; + +@SpringBootApplication +public class WebFluxStarter { + + public static void main( String[] args ) { + SpringApplication.run( WebFluxStarter.class ); + } + + @Bean + RouterFunction staticResourceRouter() { + return RouterFunctions.resources( "/**.html", new ClassPathResource( "static/" ) ); + } +} diff --git a/2025-11/spring-22-SS-auth/WebFlux/src/main/java/ru/otus/spring/data/Person.java b/2025-11/spring-22-SS-auth/WebFlux/src/main/java/ru/otus/spring/data/Person.java new file mode 100644 index 00000000..bedf08b0 --- /dev/null +++ b/2025-11/spring-22-SS-auth/WebFlux/src/main/java/ru/otus/spring/data/Person.java @@ -0,0 +1,41 @@ +package ru.otus.spring.data; + +import org.springframework.data.annotation.Id; +import org.springframework.data.mongodb.core.mapping.Document; + +@Document +public class Person { + + @Id + private String id; + + private String name; + + public Person() { + } + + public Person( String name ) { + this.name = name; + } + + public Person( String id, String name ) { + this.id = id; + this.name = name; + } + + public String getId() { + return id; + } + + public void setId( String id ) { + this.id = id; + } + + public String getName() { + return name; + } + + public void setName( String name ) { + this.name = name; + } +} diff --git a/2025-11/spring-22-SS-auth/WebFlux/src/main/java/ru/otus/spring/data/PersonRepository.java b/2025-11/spring-22-SS-auth/WebFlux/src/main/java/ru/otus/spring/data/PersonRepository.java new file mode 100644 index 00000000..8f5f3d67 --- /dev/null +++ b/2025-11/spring-22-SS-auth/WebFlux/src/main/java/ru/otus/spring/data/PersonRepository.java @@ -0,0 +1,11 @@ +package ru.otus.spring.data; + +import org.springframework.data.mongodb.repository.ReactiveMongoRepository; +import org.springframework.stereotype.Repository; +import reactor.core.publisher.Mono; + +@Repository +public interface PersonRepository extends ReactiveMongoRepository { + + Mono findByName( String string ); +} diff --git a/2025-11/spring-22-SS-auth/WebFlux/src/main/java/ru/otus/spring/rest/PersonController.java b/2025-11/spring-22-SS-auth/WebFlux/src/main/java/ru/otus/spring/rest/PersonController.java new file mode 100644 index 00000000..7af4b0a9 --- /dev/null +++ b/2025-11/spring-22-SS-auth/WebFlux/src/main/java/ru/otus/spring/rest/PersonController.java @@ -0,0 +1,34 @@ +package ru.otus.spring.rest; + +import org.springframework.web.bind.annotation.*; +import reactor.core.publisher.Flux; +import reactor.core.publisher.Mono; +import ru.otus.spring.data.Person; +import ru.otus.spring.data.PersonRepository; + +@RestController +public class PersonController { + + private final PersonRepository personRepository; + + public PersonController( PersonRepository personRepository ) { + this.personRepository = personRepository; + } + + @GetMapping("/person") + public Flux getAll() { + return personRepository.findAll(); + } + + @GetMapping("/person/find") + public Mono find( @RequestParam("name") String name ) { + return personRepository.findByName( name ) + .cache(); + } + + + @PostMapping("/person") + public Mono savePerson( @RequestBody Person person ) { + return personRepository.save( person ); + } +} diff --git a/2025-11/spring-22-SS-auth/WebFlux/src/main/java/ru/otus/spring/security/SecurityConfiguration.java b/2025-11/spring-22-SS-auth/WebFlux/src/main/java/ru/otus/spring/security/SecurityConfiguration.java new file mode 100644 index 00000000..5dfc9dc7 --- /dev/null +++ b/2025-11/spring-22-SS-auth/WebFlux/src/main/java/ru/otus/spring/security/SecurityConfiguration.java @@ -0,0 +1,49 @@ +package ru.otus.spring.security; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.http.HttpMethod; +import org.springframework.security.config.Customizer; +import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity; +import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; +import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity; +import org.springframework.security.config.web.server.ServerHttpSecurity; +import org.springframework.security.core.userdetails.MapReactiveUserDetailsService; +import org.springframework.security.core.userdetails.ReactiveUserDetailsService; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.crypto.password.NoOpPasswordEncoder; +import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.web.server.SecurityWebFilterChain; + +@EnableWebFluxSecurity +@Configuration +public class SecurityConfiguration { + + @Bean + public SecurityWebFilterChain springWebFilterChain( ServerHttpSecurity http ) { + return http + .authorizeExchange((exchanges)->exchanges + .pathMatchers( HttpMethod.GET, "/authenticated.html" ).authenticated() + .pathMatchers( "/person" ).hasAnyRole( "USER" ) + .anyExchange().permitAll() + ) + .formLogin( Customizer.withDefaults()) + .build(); + } + + @Bean + public PasswordEncoder passwordEncoder() { + return NoOpPasswordEncoder.getInstance(); + } + + @Bean + public ReactiveUserDetailsService userDetailsService() { + UserDetails user = User + .withUsername( "user" ) + .password( "password" ) + .roles( "USER" ) + .build(); + return new MapReactiveUserDetailsService( user ); + } +} diff --git a/2025-11/spring-22-SS-auth/WebFlux/src/main/resources/application.yml b/2025-11/spring-22-SS-auth/WebFlux/src/main/resources/application.yml new file mode 100644 index 00000000..add8d9b3 --- /dev/null +++ b/2025-11/spring-22-SS-auth/WebFlux/src/main/resources/application.yml @@ -0,0 +1 @@ +spring.mongodb.embedded.version: 4.6.1 \ No newline at end of file diff --git a/2025-11/spring-22-SS-auth/WebFlux/src/main/resources/static/authenticated.html b/2025-11/spring-22-SS-auth/WebFlux/src/main/resources/static/authenticated.html new file mode 100644 index 00000000..9f8b0d7e --- /dev/null +++ b/2025-11/spring-22-SS-auth/WebFlux/src/main/resources/static/authenticated.html @@ -0,0 +1,9 @@ + + + + + + +Только для авторизованных + + diff --git a/2025-11/spring-22-SS-auth/WebFlux/src/main/resources/static/index.html b/2025-11/spring-22-SS-auth/WebFlux/src/main/resources/static/index.html new file mode 100644 index 00000000..a89ba331 --- /dev/null +++ b/2025-11/spring-22-SS-auth/WebFlux/src/main/resources/static/index.html @@ -0,0 +1,11 @@ + + + + + + +/public.html +
+/authenticated.html + + diff --git a/2025-11/spring-22-SS-auth/WebFlux/src/main/resources/static/public.html b/2025-11/spring-22-SS-auth/WebFlux/src/main/resources/static/public.html new file mode 100644 index 00000000..77188469 --- /dev/null +++ b/2025-11/spring-22-SS-auth/WebFlux/src/main/resources/static/public.html @@ -0,0 +1,9 @@ + + + + + + +Доступен всем + + diff --git a/2025-11/spring-22-SS-auth/classwork/pom.xml b/2025-11/spring-22-SS-auth/classwork/pom.xml new file mode 100644 index 00000000..747bcc45 --- /dev/null +++ b/2025-11/spring-22-SS-auth/classwork/pom.xml @@ -0,0 +1,54 @@ + + + 4.0.0 + + ru.otus + classwork + 1.0-SNAPSHOT + + + org.springframework.boot + spring-boot-starter-parent + 3.2.5 + + + + + UTF-8 + UTF-8 + 17 + + + + + org.springframework.boot + spring-boot-starter + + + + org.springframework.boot + spring-boot-starter-web + + + + org.springframework.boot + spring-boot-starter-thymeleaf + + + + org.springframework.boot + spring-boot-starter-security + + + + + + + org.springframework.boot + spring-boot-maven-plugin + + + + diff --git a/2025-11/spring-22-SS-auth/classwork/src/main/java/ru/otus/spring/SpringSecurityAuthorization.java b/2025-11/spring-22-SS-auth/classwork/src/main/java/ru/otus/spring/SpringSecurityAuthorization.java new file mode 100644 index 00000000..6b3bf909 --- /dev/null +++ b/2025-11/spring-22-SS-auth/classwork/src/main/java/ru/otus/spring/SpringSecurityAuthorization.java @@ -0,0 +1,13 @@ +package ru.otus.spring; + +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; + +@SpringBootApplication +public class SpringSecurityAuthorization { + + public static void main(String[] args) { + SpringApplication.run(SpringSecurityAuthorization.class); + } + +} diff --git a/2025-11/spring-22-SS-auth/classwork/src/main/java/ru/otus/spring/controller/PagesController.java b/2025-11/spring-22-SS-auth/classwork/src/main/java/ru/otus/spring/controller/PagesController.java new file mode 100644 index 00000000..80a1674b --- /dev/null +++ b/2025-11/spring-22-SS-auth/classwork/src/main/java/ru/otus/spring/controller/PagesController.java @@ -0,0 +1,60 @@ +package ru.otus.spring.controller; + +import org.springframework.security.access.annotation.Secured; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.GetMapping; +import ru.otus.spring.service.MyService; + +@Controller +public class PagesController { + + private final MyService myService; + + public PagesController(MyService myService) { + this.myService = myService; + } + + @GetMapping("/") + public String indexPage() { + return "index"; + } + + @GetMapping("/public") + public String publicPage() { + return "public"; + } + + @GetMapping("/user") + public String userPage() { + myService.onlyUser(); + return "user"; + } + + @GetMapping("/manager") + public String managerPage() { + return "manager"; + } + + @GetMapping("/admin") + @Secured("ROLE_ADMIN") + public String adminPage() { + //myService.onlyUser(); + myService.onlyAdmin(); + return "admin"; + } + + @GetMapping("/authenticated") + public String authenticatedPage() { + UserDetails userDetails = (UserDetails) SecurityContextHolder + .getContext().getAuthentication().getPrincipal(); + System.out.println(userDetails.getUsername()); + return "authenticated"; + } + + @GetMapping("/success") + public String successPage() { + return "success"; + } +} diff --git a/2025-11/spring-22-SS-auth/classwork/src/main/java/ru/otus/spring/controller/SecurityControllerAdvice.java b/2025-11/spring-22-SS-auth/classwork/src/main/java/ru/otus/spring/controller/SecurityControllerAdvice.java new file mode 100644 index 00000000..bdbb5ea3 --- /dev/null +++ b/2025-11/spring-22-SS-auth/classwork/src/main/java/ru/otus/spring/controller/SecurityControllerAdvice.java @@ -0,0 +1,16 @@ +package ru.otus.spring.controller; + +import org.springframework.http.ResponseEntity; +import org.springframework.security.access.AccessDeniedException; +import org.springframework.web.bind.annotation.ControllerAdvice; +import org.springframework.web.bind.annotation.ExceptionHandler; + +import java.util.Optional; + +@ControllerAdvice +public class SecurityControllerAdvice { + @ExceptionHandler(AccessDeniedException.class) + public ResponseEntity accessError() { + return ResponseEntity.of(Optional.of("Неудачник")); + } +} diff --git a/2025-11/spring-22-SS-auth/classwork/src/main/java/ru/otus/spring/security/MethodSecurityConfiguration.java b/2025-11/spring-22-SS-auth/classwork/src/main/java/ru/otus/spring/security/MethodSecurityConfiguration.java new file mode 100644 index 00000000..286fb5fe --- /dev/null +++ b/2025-11/spring-22-SS-auth/classwork/src/main/java/ru/otus/spring/security/MethodSecurityConfiguration.java @@ -0,0 +1,12 @@ +package ru.otus.spring.security; + +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; + +@EnableGlobalMethodSecurity( + securedEnabled = true, + prePostEnabled = true +) +@Configuration +public class MethodSecurityConfiguration { +} diff --git a/2025-11/spring-22-SS-auth/classwork/src/main/java/ru/otus/spring/security/SecurityConfiguration.java b/2025-11/spring-22-SS-auth/classwork/src/main/java/ru/otus/spring/security/SecurityConfiguration.java new file mode 100644 index 00000000..084ae162 --- /dev/null +++ b/2025-11/spring-22-SS-auth/classwork/src/main/java/ru/otus/spring/security/SecurityConfiguration.java @@ -0,0 +1,57 @@ +package ru.otus.spring.security; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.Customizer; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.crypto.password.NoOpPasswordEncoder; +import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.provisioning.InMemoryUserDetailsManager; +import org.springframework.security.web.SecurityFilterChain; + +import java.util.ArrayList; + +@EnableWebSecurity +@Configuration +public class SecurityConfiguration { + + @Bean + public SecurityFilterChain securityFilterChain( HttpSecurity http ) throws Exception { + http + .csrf( AbstractHttpConfigurer::disable ) + .authorizeHttpRequests( ( authorize ) -> authorize + .requestMatchers( "/public", "/" ).permitAll() + .requestMatchers( "/authenticated", "/success", "/admin" ).authenticated() + .requestMatchers( "/manager/**" ).hasAnyRole( "MANAGER", "ADMIN" ) + .requestMatchers( "/user" ).hasAnyRole( "ADMIN", "USER" ) + .anyRequest().permitAll() + ) + .formLogin( Customizer.withDefaults() ) + + ; + return http.build(); + } + + @Bean + public PasswordEncoder passwordEncoder() { + return NoOpPasswordEncoder.getInstance(); + } + + @Bean + public InMemoryUserDetailsManager userDetailsService() { + var users = new ArrayList(); + users.add( User + .withUsername("admin").password("password").roles("ADMIN") + .build() ); + users.add( User + .withUsername("user").password("password").roles("USER") + .build() ); + return new InMemoryUserDetailsManager(users); + + } +} diff --git a/2025-11/spring-22-SS-auth/classwork/src/main/java/ru/otus/spring/service/MyService.java b/2025-11/spring-22-SS-auth/classwork/src/main/java/ru/otus/spring/service/MyService.java new file mode 100644 index 00000000..29a9db38 --- /dev/null +++ b/2025-11/spring-22-SS-auth/classwork/src/main/java/ru/otus/spring/service/MyService.java @@ -0,0 +1,18 @@ +package ru.otus.spring.service; + +import org.springframework.security.access.annotation.Secured; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.stereotype.Service; + +@Service +public class MyService { + + @PreAuthorize("hasRole('ROLE_USER') && {new java.util.Random().nextInt()%2 == 0}") + public String onlyUser() { + return "My love"; + } + + @Secured("ROLE_ADMIN") + public void onlyAdmin() { + } +} diff --git a/2025-11/spring-22-SS-auth/classwork/src/main/resources/application.yml b/2025-11/spring-22-SS-auth/classwork/src/main/resources/application.yml new file mode 100644 index 00000000..85cef7cd --- /dev/null +++ b/2025-11/spring-22-SS-auth/classwork/src/main/resources/application.yml @@ -0,0 +1 @@ +server.port: 8080 \ No newline at end of file diff --git a/2025-11/spring-22-SS-auth/classwork/src/main/resources/templates/admin.html b/2025-11/spring-22-SS-auth/classwork/src/main/resources/templates/admin.html new file mode 100644 index 00000000..aa1c9563 --- /dev/null +++ b/2025-11/spring-22-SS-auth/classwork/src/main/resources/templates/admin.html @@ -0,0 +1,9 @@ + + + + + + +Страница с доступом только админу + + diff --git a/2025-11/spring-22-SS-auth/classwork/src/main/resources/templates/authenticated.html b/2025-11/spring-22-SS-auth/classwork/src/main/resources/templates/authenticated.html new file mode 100644 index 00000000..e4756c01 --- /dev/null +++ b/2025-11/spring-22-SS-auth/classwork/src/main/resources/templates/authenticated.html @@ -0,0 +1,9 @@ + + + + + + +Только для аторизованных + + diff --git a/2025-11/spring-22-SS-auth/classwork/src/main/resources/templates/error.html b/2025-11/spring-22-SS-auth/classwork/src/main/resources/templates/error.html new file mode 100644 index 00000000..f28b51df --- /dev/null +++ b/2025-11/spring-22-SS-auth/classwork/src/main/resources/templates/error.html @@ -0,0 +1,9 @@ + + + + + + +Вам доступ запрещён! + + diff --git a/2025-11/spring-22-SS-auth/classwork/src/main/resources/templates/index.html b/2025-11/spring-22-SS-auth/classwork/src/main/resources/templates/index.html new file mode 100644 index 00000000..d4c54ecd --- /dev/null +++ b/2025-11/spring-22-SS-auth/classwork/src/main/resources/templates/index.html @@ -0,0 +1,15 @@ + + + + + + +/public +
+/authenticated +
+/user +
+/admin + + diff --git a/2025-11/spring-22-SS-auth/classwork/src/main/resources/templates/manager.html b/2025-11/spring-22-SS-auth/classwork/src/main/resources/templates/manager.html new file mode 100644 index 00000000..dd4a77af --- /dev/null +++ b/2025-11/spring-22-SS-auth/classwork/src/main/resources/templates/manager.html @@ -0,0 +1,9 @@ + + + + + + +Доступ к MANAGER + + diff --git a/2025-11/spring-22-SS-auth/classwork/src/main/resources/templates/public.html b/2025-11/spring-22-SS-auth/classwork/src/main/resources/templates/public.html new file mode 100644 index 00000000..77188469 --- /dev/null +++ b/2025-11/spring-22-SS-auth/classwork/src/main/resources/templates/public.html @@ -0,0 +1,9 @@ + + + + + + +Доступен всем + + diff --git a/2025-11/spring-22-SS-auth/classwork/src/main/resources/templates/success.html b/2025-11/spring-22-SS-auth/classwork/src/main/resources/templates/success.html new file mode 100644 index 00000000..4e2a37cd --- /dev/null +++ b/2025-11/spring-22-SS-auth/classwork/src/main/resources/templates/success.html @@ -0,0 +1,9 @@ + + + + + + +Вы успешно вошли ! + + diff --git a/2025-11/spring-22-SS-auth/classwork/src/main/resources/templates/user.html b/2025-11/spring-22-SS-auth/classwork/src/main/resources/templates/user.html new file mode 100644 index 00000000..a794bc2d --- /dev/null +++ b/2025-11/spring-22-SS-auth/classwork/src/main/resources/templates/user.html @@ -0,0 +1,9 @@ + + + + + + +Доступ к USER + + diff --git a/2025-11/spring-22-SS-auth/jwt/pom.xml b/2025-11/spring-22-SS-auth/jwt/pom.xml new file mode 100644 index 00000000..87fbb4a2 --- /dev/null +++ b/2025-11/spring-22-SS-auth/jwt/pom.xml @@ -0,0 +1,78 @@ + + + 4.0.0 + + ru.otus + spring-framework-27-jwt + 1.0-SNAPSHOT + + + org.springframework.boot + spring-boot-starter-parent + 3.2.5 + + + + 2.6.11 + + + + + org.springframework.boot + spring-boot-starter-web + + + + org.springframework.boot + spring-boot-starter-thymeleaf + + + + org.springframework.boot + spring-boot-starter-security + + + + org.springframework.boot + spring-boot-starter-oauth2-resource-server + + + + org.springdoc + springdoc-openapi-ui + 1.6.9 + + + + org.webjars + jquery + 3.4.1 + + + org.webjars + bootstrap + 4.3.1 + + + org.webjars + webjars-locator-core + + + org.webjars + js-cookie + 2.1.0 + + + + + + + + org.springframework.boot + spring-boot-maven-plugin + + + + diff --git a/2025-11/spring-22-SS-auth/jwt/src/main/java/ru/otus/security/jwt/JwtStarter.java b/2025-11/spring-22-SS-auth/jwt/src/main/java/ru/otus/security/jwt/JwtStarter.java new file mode 100644 index 00000000..79f664b0 --- /dev/null +++ b/2025-11/spring-22-SS-auth/jwt/src/main/java/ru/otus/security/jwt/JwtStarter.java @@ -0,0 +1,12 @@ +package ru.otus.security.jwt; + + +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; + +@SpringBootApplication +public class JwtStarter { + public static void main(String[] args){ + SpringApplication.run( JwtStarter.class, args ); + } +} diff --git a/2025-11/spring-22-SS-auth/jwt/src/main/java/ru/otus/security/jwt/config/SecurityConfig.java b/2025-11/spring-22-SS-auth/jwt/src/main/java/ru/otus/security/jwt/config/SecurityConfig.java new file mode 100644 index 00000000..ec5e4451 --- /dev/null +++ b/2025-11/spring-22-SS-auth/jwt/src/main/java/ru/otus/security/jwt/config/SecurityConfig.java @@ -0,0 +1,97 @@ +package ru.otus.security.jwt.config; + +import com.nimbusds.jose.jwk.JWK; +import com.nimbusds.jose.jwk.JWKSet; +import com.nimbusds.jose.jwk.RSAKey; +import com.nimbusds.jose.jwk.source.ImmutableJWKSet; +import com.nimbusds.jose.jwk.source.JWKSource; +import com.nimbusds.jose.proc.SecurityContext; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.Customizer; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; +import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer; +import org.springframework.security.config.http.SessionCreationPolicy; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.oauth2.jwt.JwtDecoder; +import org.springframework.security.oauth2.jwt.JwtEncoder; +import org.springframework.security.oauth2.jwt.NimbusJwtDecoder; +import org.springframework.security.oauth2.jwt.NimbusJwtEncoder; +import org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationEntryPoint; +import org.springframework.security.oauth2.server.resource.web.access.BearerTokenAccessDeniedHandler; +import org.springframework.security.provisioning.InMemoryUserDetailsManager; +import org.springframework.security.web.SecurityFilterChain; + +import java.security.interfaces.RSAPrivateKey; +import java.security.interfaces.RSAPublicKey; + +@Configuration +public class SecurityConfig { + + @Value("${jwt.public.key}") + RSAPublicKey key; + + @Value("${jwt.private.key}") + RSAPrivateKey priv; + + @Bean + public SecurityFilterChain securityFilterChain( HttpSecurity http ) throws Exception { + + http + .authorizeHttpRequests( ( authorize ) -> authorize + .anyRequest().authenticated() + ) + .csrf( AbstractHttpConfigurer::disable ) + //.httpBasic( Customizer.withDefaults() ) + .oauth2ResourceServer(oauth2 -> oauth2.jwt(Customizer.withDefaults())) + .sessionManagement( ( session ) -> session.sessionCreationPolicy( SessionCreationPolicy.STATELESS ) ) + .exceptionHandling( ( exceptions ) -> exceptions + .authenticationEntryPoint( new BearerTokenAuthenticationEntryPoint() ) + .accessDeniedHandler( new BearerTokenAccessDeniedHandler() ) + ); + + return http.build(); + } + + @Bean + UserDetailsService users() { + + return new InMemoryUserDetailsManager( + User.withUsername( "user" ) + .password( "password" ) + .authorities( "app", "admin", "manager", "the_best" ) + .build() + ); + } + + @Bean + public PasswordEncoder passwordEncoder() { + return new PasswordEncoder() { + @Override + public String encode( CharSequence charSequence ) { + return charSequence.toString(); + } + + @Override + public boolean matches( CharSequence charSequence, String s ) { + return charSequence.toString().equals( s ); + } + }; + } + + @Bean + JwtDecoder jwtDecoder() { + return NimbusJwtDecoder.withPublicKey( this.key ).build(); + } + + @Bean + JwtEncoder jwtEncoder() { + JWK jwk = new RSAKey.Builder( this.key ).privateKey( this.priv ).build(); + JWKSource jwks = new ImmutableJWKSet<>( new JWKSet( jwk ) ); + return new NimbusJwtEncoder( jwks ); + } +} diff --git a/2025-11/spring-22-SS-auth/jwt/src/main/java/ru/otus/security/jwt/controller/HelloController.java b/2025-11/spring-22-SS-auth/jwt/src/main/java/ru/otus/security/jwt/controller/HelloController.java new file mode 100644 index 00000000..4ff42a49 --- /dev/null +++ b/2025-11/spring-22-SS-auth/jwt/src/main/java/ru/otus/security/jwt/controller/HelloController.java @@ -0,0 +1,14 @@ +package ru.otus.security.jwt.controller; + +import org.springframework.security.core.Authentication; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RestController; + +@RestController +public class HelloController { + + @GetMapping("/hello") + public String hello( Authentication authentication ) { + return "Hello, " + authentication.getName() + "!"; + } +} diff --git a/2025-11/spring-22-SS-auth/jwt/src/main/java/ru/otus/security/jwt/controller/TokenController.java b/2025-11/spring-22-SS-auth/jwt/src/main/java/ru/otus/security/jwt/controller/TokenController.java new file mode 100644 index 00000000..02ddac7b --- /dev/null +++ b/2025-11/spring-22-SS-auth/jwt/src/main/java/ru/otus/security/jwt/controller/TokenController.java @@ -0,0 +1,40 @@ +package ru.otus.security.jwt.controller; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.oauth2.jwt.JwtClaimsSet; +import org.springframework.security.oauth2.jwt.JwtEncoder; +import org.springframework.security.oauth2.jwt.JwtEncoderParameters; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RestController; + +import java.time.Instant; +import java.util.stream.Collectors; + +@RestController +public class TokenController { + + @Autowired + JwtEncoder encoder; + + @PostMapping("/token") + public String token( Authentication authentication) { + Instant now = Instant.now(); + long expiry = 36000L; + // @formatter:off + String scope = authentication.getAuthorities().stream() + .map(GrantedAuthority::getAuthority) + .collect( Collectors.joining(",")); + JwtClaimsSet claims = JwtClaimsSet.builder() + .issuer("self") + .issuedAt(now) + .expiresAt(now.plusSeconds(expiry)) + .subject(authentication.getName()) + .claim("scope", scope) + .claim("claimTest", "123") + .build(); + // @formatter:on + return this.encoder.encode( JwtEncoderParameters.from(claims)).getTokenValue(); + } +} diff --git a/2025-11/spring-22-SS-auth/jwt/src/main/resources/app.key b/2025-11/spring-22-SS-auth/jwt/src/main/resources/app.key new file mode 100644 index 00000000..53510079 --- /dev/null +++ b/2025-11/spring-22-SS-auth/jwt/src/main/resources/app.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDcWWomvlNGyQhA +iB0TcN3sP2VuhZ1xNRPxr58lHswC9Cbtdc2hiSbe/sxAvU1i0O8vaXwICdzRZ1JM +g1TohG9zkqqjZDhyw1f1Ic6YR/OhE6NCpqERy97WMFeW6gJd1i5inHj/W19GAbqK +LhSHGHqIjyo0wlBf58t+qFt9h/EFBVE/LAGQBsg/jHUQCxsLoVI2aSELGIw2oSDF +oiljwLaQl0n9khX5ZbiegN3OkqodzCYHwWyu6aVVj8M1W9RIMiKmKr09s/gf31Nc +3WjvjqhFo1rTuurWGgKAxJLL7zlJqAKjGWbIT4P6h/1Kwxjw6X23St3OmhsG6HIn ++jl1++MrAgMBAAECggEBAMf820wop3pyUOwI3aLcaH7YFx5VZMzvqJdNlvpg1jbE +E2Sn66b1zPLNfOIxLcBG8x8r9Ody1Bi2Vsqc0/5o3KKfdgHvnxAB3Z3dPh2WCDek +lCOVClEVoLzziTuuTdGO5/CWJXdWHcVzIjPxmK34eJXioiLaTYqN3XKqKMdpD0ZG +mtNTGvGf+9fQ4i94t0WqIxpMpGt7NM4RHy3+Onggev0zLiDANC23mWrTsUgect/7 +62TYg8g1bKwLAb9wCBT+BiOuCc2wrArRLOJgUkj/F4/gtrR9ima34SvWUyoUaKA0 +bi4YBX9l8oJwFGHbU9uFGEMnH0T/V0KtIB7qetReywkCgYEA9cFyfBIQrYISV/OA ++Z0bo3vh2aL0QgKrSXZ924cLt7itQAHNZ2ya+e3JRlTczi5mnWfjPWZ6eJB/8MlH +Gpn12o/POEkU+XjZZSPe1RWGt5g0S3lWqyx9toCS9ACXcN9tGbaqcFSVI73zVTRA +8J9grR0fbGn7jaTlTX2tnlOTQ60CgYEA5YjYpEq4L8UUMFkuj+BsS3u0oEBnzuHd +I9LEHmN+CMPosvabQu5wkJXLuqo2TxRnAznsA8R3pCLkdPGoWMCiWRAsCn979TdY +QbqO2qvBAD2Q19GtY7lIu6C35/enQWzJUMQE3WW0OvjLzZ0l/9mA2FBRR+3F9A1d +rBdnmv0c3TcCgYEAi2i+ggVZcqPbtgrLOk5WVGo9F1GqUBvlgNn30WWNTx4zIaEk +HSxtyaOLTxtq2odV7Kr3LGiKxwPpn/T+Ief+oIp92YcTn+VfJVGw4Z3BezqbR8lA +Uf/+HF5ZfpMrVXtZD4Igs3I33Duv4sCuqhEvLWTc44pHifVloozNxYfRfU0CgYBN +HXa7a6cJ1Yp829l62QlJKtx6Ymj95oAnQu5Ez2ROiZMqXRO4nucOjGUP55Orac1a +FiGm+mC/skFS0MWgW8evaHGDbWU180wheQ35hW6oKAb7myRHtr4q20ouEtQMdQIF +snV39G1iyqeeAsf7dxWElydXpRi2b68i3BIgzhzebQKBgQCdUQuTsqV9y/JFpu6H +c5TVvhG/ubfBspI5DhQqIGijnVBzFT//UfIYMSKJo75qqBEyP2EJSmCsunWsAFsM +TszuiGTkrKcZy9G0wJqPztZZl2F2+bJgnA6nBEV7g5PA4Af+QSmaIhRwqGDAuROR +47jndeyIaMTNETEmOnms+as17g== +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/2025-11/spring-22-SS-auth/jwt/src/main/resources/app.pub b/2025-11/spring-22-SS-auth/jwt/src/main/resources/app.pub new file mode 100644 index 00000000..0b2ee7b3 --- /dev/null +++ b/2025-11/spring-22-SS-auth/jwt/src/main/resources/app.pub @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3FlqJr5TRskIQIgdE3Dd +7D9lboWdcTUT8a+fJR7MAvQm7XXNoYkm3v7MQL1NYtDvL2l8CAnc0WdSTINU6IRv +c5Kqo2Q4csNX9SHOmEfzoROjQqahEcve1jBXluoCXdYuYpx4/1tfRgG6ii4Uhxh6 +iI8qNMJQX+fLfqhbfYfxBQVRPywBkAbIP4x1EAsbC6FSNmkhCxiMNqEgxaIpY8C2 +kJdJ/ZIV+WW4noDdzpKqHcwmB8FsrumlVY/DNVvUSDIipiq9PbP4H99TXN1o746o +RaNa07rq1hoCgMSSy+85SagCoxlmyE+D+of9SsMY8Ol9t0rdzpobBuhyJ/o5dfvj +KwIDAQAB +-----END PUBLIC KEY----- \ No newline at end of file diff --git a/2025-11/spring-22-SS-auth/jwt/src/main/resources/application.yml b/2025-11/spring-22-SS-auth/jwt/src/main/resources/application.yml new file mode 100644 index 00000000..ad5d3850 --- /dev/null +++ b/2025-11/spring-22-SS-auth/jwt/src/main/resources/application.yml @@ -0,0 +1,10 @@ +logging: + level: + root: INFO + org.springframework.web: INFO + org.springframework.security: INFO +# org.springframework.boot.autoconfigure: DEBUG + +jwt: + private.key: classpath:app.key + public.key: classpath:app.pub \ No newline at end of file diff --git a/2025-11/spring-22-SS-auth/jwt/src/main/resources/templates/index.html b/2025-11/spring-22-SS-auth/jwt/src/main/resources/templates/index.html new file mode 100644 index 00000000..fa9cb9f6 --- /dev/null +++ b/2025-11/spring-22-SS-auth/jwt/src/main/resources/templates/index.html @@ -0,0 +1,11 @@ + + + + + + + +
+/swagger + + diff --git a/2025-11/spring-22-SS-auth/solution2/pom.xml b/2025-11/spring-22-SS-auth/solution2/pom.xml new file mode 100644 index 00000000..a2c07373 --- /dev/null +++ b/2025-11/spring-22-SS-auth/solution2/pom.xml @@ -0,0 +1,54 @@ + + + 4.0.0 + + ru.otus + solution2 + 1.0-SNAPSHOT + + + org.springframework.boot + spring-boot-starter-parent + 2.7.8 + + + + + UTF-8 + UTF-8 + 17 + + + + + org.springframework.boot + spring-boot-starter + + + + org.springframework.boot + spring-boot-starter-web + + + + org.springframework.boot + spring-boot-starter-thymeleaf + + + + org.springframework.boot + spring-boot-starter-security + + + + + + + org.springframework.boot + spring-boot-maven-plugin + + + + diff --git a/2025-11/spring-22-SS-auth/solution2/src/main/java/ru/otus/spring/SpringSecurityAuthorization.java b/2025-11/spring-22-SS-auth/solution2/src/main/java/ru/otus/spring/SpringSecurityAuthorization.java new file mode 100644 index 00000000..6b3bf909 --- /dev/null +++ b/2025-11/spring-22-SS-auth/solution2/src/main/java/ru/otus/spring/SpringSecurityAuthorization.java @@ -0,0 +1,13 @@ +package ru.otus.spring; + +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; + +@SpringBootApplication +public class SpringSecurityAuthorization { + + public static void main(String[] args) { + SpringApplication.run(SpringSecurityAuthorization.class); + } + +} diff --git a/2025-11/spring-22-SS-auth/solution2/src/main/java/ru/otus/spring/controller/PagesController.java b/2025-11/spring-22-SS-auth/solution2/src/main/java/ru/otus/spring/controller/PagesController.java new file mode 100644 index 00000000..b367fe8d --- /dev/null +++ b/2025-11/spring-22-SS-auth/solution2/src/main/java/ru/otus/spring/controller/PagesController.java @@ -0,0 +1,58 @@ +package ru.otus.spring.controller; + +import org.springframework.security.access.annotation.Secured; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.GetMapping; +import ru.otus.spring.service.MyService; + +@Controller +public class PagesController { + + private final MyService myService; + + public PagesController(MyService myService) { + this.myService = myService; + } + + @GetMapping("/") + public String indexPage() { + return "index"; + } + + @GetMapping("/public") + public String publicPage() { + return "public"; + } + + @GetMapping("/user") + public String userPage() { + return "user"; + } + + @GetMapping("/manager") + public String managerPage() { + myService.onlyAdmin(); + return "manager"; + } + + @GetMapping("/admin") + @Secured("ROLE_ADMIN") + public String adminPage() { + return "admin"; + } + + @GetMapping("/authenticated") + public String authenticatedPage() { + UserDetails userDetails = (UserDetails) SecurityContextHolder + .getContext().getAuthentication().getPrincipal(); + System.out.println(userDetails.getUsername()); + return "authenticated"; + } + + @GetMapping("/success") + public String successPage() { + return "success"; + } +} diff --git a/2025-11/spring-22-SS-auth/solution2/src/main/java/ru/otus/spring/security/MethodSecurityConfiguration.java b/2025-11/spring-22-SS-auth/solution2/src/main/java/ru/otus/spring/security/MethodSecurityConfiguration.java new file mode 100644 index 00000000..7add513b --- /dev/null +++ b/2025-11/spring-22-SS-auth/solution2/src/main/java/ru/otus/spring/security/MethodSecurityConfiguration.java @@ -0,0 +1,7 @@ +package ru.otus.spring.security; + +import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; + +@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true) +public class MethodSecurityConfiguration { +} diff --git a/2025-11/spring-22-SS-auth/solution2/src/main/java/ru/otus/spring/security/SecurityConfiguration.java b/2025-11/spring-22-SS-auth/solution2/src/main/java/ru/otus/spring/security/SecurityConfiguration.java new file mode 100644 index 00000000..64e5216b --- /dev/null +++ b/2025-11/spring-22-SS-auth/solution2/src/main/java/ru/otus/spring/security/SecurityConfiguration.java @@ -0,0 +1,50 @@ +package ru.otus.spring.security; + +import org.springframework.context.annotation.Bean; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.provisioning.InMemoryUserDetailsManager; +import org.springframework.security.web.SecurityFilterChain; + +import java.util.ArrayList; + +@EnableWebSecurity +public class SecurityConfiguration { + + + @Bean + public SecurityFilterChain securityFilterChain( HttpSecurity http ) throws Exception { + http + .csrf().disable() + .authorizeHttpRequests( ( authorize ) -> authorize + .antMatchers( "/public", "/" ).permitAll() + .antMatchers( "/authenticated", "/success" ).authenticated() + .antMatchers( "/manager" ).hasRole("MANAGER") + .antMatchers( "/user/**" ).hasAnyRole( "USER", "MANAGER" ) + // /user/add /user/delete /user/delete/update + .anyRequest().denyAll() + ) + .formLogin() + + ; + return http.build(); + } + + @Bean + public InMemoryUserDetailsManager userDetailsService() { + var users = new ArrayList(); + users.add( User + .withDefaultPasswordEncoder().username( "admin" ).password( "password" ).roles( "ADMIN" ) + .build() ); + users.add( User + .withDefaultPasswordEncoder().username( "user" ).password( "password" ).roles( "USER" ) + .build() ); + users.add( User + .withDefaultPasswordEncoder().username( "manager" ).password( "password" ).roles( "MANAGER" ) + .build() ); + return new InMemoryUserDetailsManager( users ); + + } +} diff --git a/2025-11/spring-22-SS-auth/solution2/src/main/java/ru/otus/spring/service/MyService.java b/2025-11/spring-22-SS-auth/solution2/src/main/java/ru/otus/spring/service/MyService.java new file mode 100644 index 00000000..0adcbd3b --- /dev/null +++ b/2025-11/spring-22-SS-auth/solution2/src/main/java/ru/otus/spring/service/MyService.java @@ -0,0 +1,13 @@ +package ru.otus.spring.service; + +import org.springframework.security.access.annotation.Secured; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.stereotype.Service; + +@Service +public class MyService { + + @PreAuthorize("hasRole('ROLE_MANAGER') && {new java.util.Random().nextInt()%2 == 0}") + public void onlyAdmin() { + } +} diff --git a/2025-11/spring-22-SS-auth/solution2/src/main/resources/templates/admin.html b/2025-11/spring-22-SS-auth/solution2/src/main/resources/templates/admin.html new file mode 100644 index 00000000..aa1c9563 --- /dev/null +++ b/2025-11/spring-22-SS-auth/solution2/src/main/resources/templates/admin.html @@ -0,0 +1,9 @@ + + + + + + +Страница с доступом только админу + + diff --git a/2025-11/spring-22-SS-auth/solution2/src/main/resources/templates/authenticated.html b/2025-11/spring-22-SS-auth/solution2/src/main/resources/templates/authenticated.html new file mode 100644 index 00000000..9f8b0d7e --- /dev/null +++ b/2025-11/spring-22-SS-auth/solution2/src/main/resources/templates/authenticated.html @@ -0,0 +1,9 @@ + + + + + + +Только для авторизованных + + diff --git a/2025-11/spring-22-SS-auth/solution2/src/main/resources/templates/error.html b/2025-11/spring-22-SS-auth/solution2/src/main/resources/templates/error.html new file mode 100644 index 00000000..f28b51df --- /dev/null +++ b/2025-11/spring-22-SS-auth/solution2/src/main/resources/templates/error.html @@ -0,0 +1,9 @@ + + + + + + +Вам доступ запрещён! + + diff --git a/2025-11/spring-22-SS-auth/solution2/src/main/resources/templates/index.html b/2025-11/spring-22-SS-auth/solution2/src/main/resources/templates/index.html new file mode 100644 index 00000000..9a8b9382 --- /dev/null +++ b/2025-11/spring-22-SS-auth/solution2/src/main/resources/templates/index.html @@ -0,0 +1,17 @@ + + + + + + +/public +
+/authenticated +
+/user +
+/manager +
+/admin + + diff --git a/2025-11/spring-22-SS-auth/solution2/src/main/resources/templates/manager.html b/2025-11/spring-22-SS-auth/solution2/src/main/resources/templates/manager.html new file mode 100644 index 00000000..dd4a77af --- /dev/null +++ b/2025-11/spring-22-SS-auth/solution2/src/main/resources/templates/manager.html @@ -0,0 +1,9 @@ + + + + + + +Доступ к MANAGER + + diff --git a/2025-11/spring-22-SS-auth/solution2/src/main/resources/templates/public.html b/2025-11/spring-22-SS-auth/solution2/src/main/resources/templates/public.html new file mode 100644 index 00000000..77188469 --- /dev/null +++ b/2025-11/spring-22-SS-auth/solution2/src/main/resources/templates/public.html @@ -0,0 +1,9 @@ + + + + + + +Доступен всем + + diff --git a/2025-11/spring-22-SS-auth/solution2/src/main/resources/templates/success.html b/2025-11/spring-22-SS-auth/solution2/src/main/resources/templates/success.html new file mode 100644 index 00000000..4e2a37cd --- /dev/null +++ b/2025-11/spring-22-SS-auth/solution2/src/main/resources/templates/success.html @@ -0,0 +1,9 @@ + + + + + + +Вы успешно вошли ! + + diff --git a/2025-11/spring-22-SS-auth/solution2/src/main/resources/templates/user.html b/2025-11/spring-22-SS-auth/solution2/src/main/resources/templates/user.html new file mode 100644 index 00000000..a794bc2d --- /dev/null +++ b/2025-11/spring-22-SS-auth/solution2/src/main/resources/templates/user.html @@ -0,0 +1,9 @@ + + + + + + +Доступ к USER + +