From da6d32796cd224c8347e43cfd1ca7bfffbd7d860 Mon Sep 17 00:00:00 2001 From: kataus Date: Sat, 29 May 2021 09:37:40 +0300 Subject: [PATCH] =?UTF-8?q?=D0=9F=D1=80=D0=B8=D0=BC=D0=B5=D1=80=D1=8B=20?= =?UTF-8?q?=D0=BA=20=D0=B7=D0=B0=D0=BD=D1=8F=D1=82=D0=B8=D1=8E=20=D0=BF?= =?UTF-8?q?=D0=BE=20Spring=20Security=20=D0=B0=D0=B2=D1=82=D0=BE=D1=80?= =?UTF-8?q?=D0=B8=D0=B7=D0=B0=D1=86=D0=B8=D1=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- 2021-02/spring-24/pom.xml | 47 ++++++++++++ .../otus/spring/SpringSecurity24Sample.java | 17 +++++ .../ru/otus/spring/rest/PagesController.java | 57 ++++++++++++++ .../spring/rest/SecurityControllerAdvice.java | 16 ++++ .../security/SecurityConfiguration.java | 76 +++++++++++++++++++ .../ru/otus/spring/service/MyService.java | 16 ++++ .../src/main/resources/templates/admin.html | 9 +++ .../resources/templates/authenticated.html | 9 +++ .../src/main/resources/templates/error.html | 9 +++ .../src/main/resources/templates/index.html | 15 ++++ .../src/main/resources/templates/manager.html | 9 +++ .../src/main/resources/templates/public.html | 9 +++ .../src/main/resources/templates/success.html | 9 +++ .../src/main/resources/templates/user.html | 9 +++ 14 files changed, 307 insertions(+) create mode 100644 2021-02/spring-24/pom.xml create mode 100644 2021-02/spring-24/src/main/java/ru/otus/spring/SpringSecurity24Sample.java create mode 100644 2021-02/spring-24/src/main/java/ru/otus/spring/rest/PagesController.java create mode 100644 2021-02/spring-24/src/main/java/ru/otus/spring/rest/SecurityControllerAdvice.java create mode 100644 2021-02/spring-24/src/main/java/ru/otus/spring/security/SecurityConfiguration.java create mode 100644 2021-02/spring-24/src/main/java/ru/otus/spring/service/MyService.java create mode 100644 2021-02/spring-24/src/main/resources/templates/admin.html create mode 100644 2021-02/spring-24/src/main/resources/templates/authenticated.html create mode 100644 2021-02/spring-24/src/main/resources/templates/error.html create mode 100644 2021-02/spring-24/src/main/resources/templates/index.html create mode 100644 2021-02/spring-24/src/main/resources/templates/manager.html create mode 100644 2021-02/spring-24/src/main/resources/templates/public.html create mode 100644 2021-02/spring-24/src/main/resources/templates/success.html create mode 100644 2021-02/spring-24/src/main/resources/templates/user.html diff --git a/2021-02/spring-24/pom.xml b/2021-02/spring-24/pom.xml new file mode 100644 index 00000000..7e8a5601 --- /dev/null +++ b/2021-02/spring-24/pom.xml @@ -0,0 +1,47 @@ + + + 4.0.0 + + ru.otus + spring-framework-24-security-authorization + 1.0-SNAPSHOT + + + org.springframework.boot + spring-boot-starter-parent + 2.3.3.RELEASE + + + + + org.springframework.boot + spring-boot-starter + + + + org.springframework.boot + spring-boot-starter-web + + + + org.springframework.boot + spring-boot-starter-thymeleaf + + + + org.springframework.boot + spring-boot-starter-security + + + + + + + org.springframework.boot + spring-boot-maven-plugin + + + + diff --git a/2021-02/spring-24/src/main/java/ru/otus/spring/SpringSecurity24Sample.java b/2021-02/spring-24/src/main/java/ru/otus/spring/SpringSecurity24Sample.java new file mode 100644 index 00000000..ba8fd4fc --- /dev/null +++ b/2021-02/spring-24/src/main/java/ru/otus/spring/SpringSecurity24Sample.java @@ -0,0 +1,17 @@ +package ru.otus.spring; + +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; + +@EnableWebSecurity +@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true) +@SpringBootApplication +public class SpringSecurity24Sample { + + public static void main( String[] args ) { + SpringApplication.run( SpringSecurity24Sample.class ); + } + +} diff --git a/2021-02/spring-24/src/main/java/ru/otus/spring/rest/PagesController.java b/2021-02/spring-24/src/main/java/ru/otus/spring/rest/PagesController.java new file mode 100644 index 00000000..9ffbf988 --- /dev/null +++ b/2021-02/spring-24/src/main/java/ru/otus/spring/rest/PagesController.java @@ -0,0 +1,57 @@ +package ru.otus.spring.rest; + +import org.springframework.security.access.annotation.Secured; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PathVariable; +import org.springframework.web.bind.annotation.RequestParam; +import ru.otus.spring.service.MyService; + +@Controller +public class PagesController { + + private final MyService myService; + + public PagesController(MyService myService) { + this.myService = myService; + } + + @GetMapping("/") + public String indexPage() { + return "index"; + } + + @GetMapping("/public") + public String publicPage( ) { + return "public"; + } + + @GetMapping("/user") + public String userPage() { +// myService.onlyUser(); + return "user"; + } + + @GetMapping("/admin") +// @Secured( "ADMIN" ) + public String adminPage( ) { + myService.onlyUser(); + //myService.onlyAdmin(); + return "admin"; + } + + @GetMapping("/authenticated") + public String authenticatedPage() { + UserDetails userDetails = (UserDetails) SecurityContextHolder + .getContext().getAuthentication().getPrincipal(); + System.out.println(userDetails.getUsername()); + return "authenticated"; + } + + @GetMapping("/success") + public String successPage() { + return "success"; + } +} diff --git a/2021-02/spring-24/src/main/java/ru/otus/spring/rest/SecurityControllerAdvice.java b/2021-02/spring-24/src/main/java/ru/otus/spring/rest/SecurityControllerAdvice.java new file mode 100644 index 00000000..267b080d --- /dev/null +++ b/2021-02/spring-24/src/main/java/ru/otus/spring/rest/SecurityControllerAdvice.java @@ -0,0 +1,16 @@ +package ru.otus.spring.rest; + +import org.springframework.http.ResponseEntity; +import org.springframework.security.access.AccessDeniedException; +import org.springframework.web.bind.annotation.ControllerAdvice; +import org.springframework.web.bind.annotation.ExceptionHandler; + +import java.util.Optional; + +@ControllerAdvice +public class SecurityControllerAdvice { + @ExceptionHandler(AccessDeniedException.class) + public ResponseEntity accessError(){ + return ResponseEntity.of( Optional.of( "Неудачник" )); + } +} diff --git a/2021-02/spring-24/src/main/java/ru/otus/spring/security/SecurityConfiguration.java b/2021-02/spring-24/src/main/java/ru/otus/spring/security/SecurityConfiguration.java new file mode 100644 index 00000000..3989d010 --- /dev/null +++ b/2021-02/spring-24/src/main/java/ru/otus/spring/security/SecurityConfiguration.java @@ -0,0 +1,76 @@ +package ru.otus.spring.security; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.builders.WebSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.config.http.SessionCreationPolicy; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.provisioning.InMemoryUserDetailsManager; + +import java.util.Collection; + +@EnableWebSecurity +@Configuration +public class SecurityConfiguration extends WebSecurityConfigurerAdapter { + + + @Override + public void configure(WebSecurity web) { + web.ignoring().antMatchers("/"); + } + + @Override + public void configure(HttpSecurity http) throws Exception { + http.csrf().disable() + //.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) + //.and() + .authorizeRequests().antMatchers("/public").permitAll() + .and() + .authorizeRequests().antMatchers("/authenticated", "/success").authenticated() + .and() + .authorizeRequests().antMatchers("/user").hasAnyRole( "ADMIN", "USER" ) + + .and() + .authorizeRequests().antMatchers("/admin").hasRole( "ADMIN" ) + .and() + .formLogin() + .and() + .logout().logoutUrl("/logout"); + } + + @Bean + public PasswordEncoder passwordEncoder() { + return new PasswordEncoder() { + @Override + public String encode(CharSequence charSequence) { + return charSequence.toString(); + } + + @Override + public boolean matches(CharSequence charSequence, String s) { + return charSequence.toString().equals(s); + } + }; + } + + @Autowired + public void configure(AuthenticationManagerBuilder auth) throws Exception { + auth.inMemoryAuthentication() + .withUser("admin").password("password").roles("ADMIN") + .and() + .withUser("user").password("password").roles("USER") + .and() + .withUser("manager").password("manager").roles("MANAGER", "USER"); + } +} diff --git a/2021-02/spring-24/src/main/java/ru/otus/spring/service/MyService.java b/2021-02/spring-24/src/main/java/ru/otus/spring/service/MyService.java new file mode 100644 index 00000000..064ad676 --- /dev/null +++ b/2021-02/spring-24/src/main/java/ru/otus/spring/service/MyService.java @@ -0,0 +1,16 @@ +package ru.otus.spring.service; + +import org.springframework.security.access.annotation.Secured; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.stereotype.Service; + +@Service +public class MyService { + @PreAuthorize("hasRole('ROLE_USER') && {new java.util.Random().nextInt()%2 == 0}") + public String onlyUser() { + return "My love"; + } + + @Secured( "ADMIN" ) + public void onlyAdmin() {} +} diff --git a/2021-02/spring-24/src/main/resources/templates/admin.html b/2021-02/spring-24/src/main/resources/templates/admin.html new file mode 100644 index 00000000..aa1c9563 --- /dev/null +++ b/2021-02/spring-24/src/main/resources/templates/admin.html @@ -0,0 +1,9 @@ + + + + + + +Страница с доступом только админу + + diff --git a/2021-02/spring-24/src/main/resources/templates/authenticated.html b/2021-02/spring-24/src/main/resources/templates/authenticated.html new file mode 100644 index 00000000..e4756c01 --- /dev/null +++ b/2021-02/spring-24/src/main/resources/templates/authenticated.html @@ -0,0 +1,9 @@ + + + + + + +Только для аторизованных + + diff --git a/2021-02/spring-24/src/main/resources/templates/error.html b/2021-02/spring-24/src/main/resources/templates/error.html new file mode 100644 index 00000000..f28b51df --- /dev/null +++ b/2021-02/spring-24/src/main/resources/templates/error.html @@ -0,0 +1,9 @@ + + + + + + +Вам доступ запрещён! + + diff --git a/2021-02/spring-24/src/main/resources/templates/index.html b/2021-02/spring-24/src/main/resources/templates/index.html new file mode 100644 index 00000000..d4c54ecd --- /dev/null +++ b/2021-02/spring-24/src/main/resources/templates/index.html @@ -0,0 +1,15 @@ + + + + + + +/public +
+/authenticated +
+/user +
+/admin + + diff --git a/2021-02/spring-24/src/main/resources/templates/manager.html b/2021-02/spring-24/src/main/resources/templates/manager.html new file mode 100644 index 00000000..dd4a77af --- /dev/null +++ b/2021-02/spring-24/src/main/resources/templates/manager.html @@ -0,0 +1,9 @@ + + + + + + +Доступ к MANAGER + + diff --git a/2021-02/spring-24/src/main/resources/templates/public.html b/2021-02/spring-24/src/main/resources/templates/public.html new file mode 100644 index 00000000..77188469 --- /dev/null +++ b/2021-02/spring-24/src/main/resources/templates/public.html @@ -0,0 +1,9 @@ + + + + + + +Доступен всем + + diff --git a/2021-02/spring-24/src/main/resources/templates/success.html b/2021-02/spring-24/src/main/resources/templates/success.html new file mode 100644 index 00000000..4e2a37cd --- /dev/null +++ b/2021-02/spring-24/src/main/resources/templates/success.html @@ -0,0 +1,9 @@ + + + + + + +Вы успешно вошли ! + + diff --git a/2021-02/spring-24/src/main/resources/templates/user.html b/2021-02/spring-24/src/main/resources/templates/user.html new file mode 100644 index 00000000..a794bc2d --- /dev/null +++ b/2021-02/spring-24/src/main/resources/templates/user.html @@ -0,0 +1,9 @@ + + + + + + +Доступ к USER + +