52 finished security, starting boot

09-ps-data-jpa/09-ps-data-jpa.gradle

@@ -2,10 +2,9 @@ dependencies {
     compile project(':00-ps-core')
     compile misc.joda, spring.jdbc, spring.contextSupport, misc.h2, misc.commons, misc.hikari,
             hibernate.ehcache, hibernate.em, hibernate.core, hibernate.validator,
-            spring.aop, spring.orm, spring.data, misc.aspectjweaver, misc.aspectjrt, misc.cglib
+            spring.aop, spring.orm, spring.data, misc.aspectjweaver, misc.aspectjrt, misc.cglib,spring.securityConfig
 
-    testCompile tests.junit, tests.easymock, tests.jmock, tests.mockito, spring.test, tests.hamcrestCore,
-            tests.hamcrestLib
+    testCompile tests.junit
 }
 
 test {

09-ps-data-jpa/src/main/java/com/ps/services/impl/UserServiceImpl.java

@@ -6,10 +6,12 @@
 import com.ps.repos.UserRepo;
 import com.ps.services.UserService;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.annotation.Secured;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Propagation;
 import org.springframework.transaction.annotation.Transactional;
 
+import javax.annotation.security.RolesAllowed;
 import java.util.List;
 
 import static com.ps.util.RecordBuilder.buildUser;
@@ -29,6 +31,8 @@ public UserServiceImpl(UserRepo userRepo) {
     }
 
     @Override
+    //@Secured("ROLE_ADMIN")
+    @RolesAllowed("ROLE_ADMIN")
     public User findById(Long id) {
         return userRepo.findOne(id);
     }

10-ps-mvc-boot/10-ps-mvc-boot.gradle

@@ -0,0 +1,27 @@
+buildscript {
+    repositories {
+        mavenCentral()
+    }
+    dependencies {
+        classpath boot.springBootPlugin
+    }
+}
+
+apply plugin: 'spring-boot'
+
+jar {
+    baseName = 'mvc-boot'
+    version = '1.0-SNAPSHOT'
+}
+
+dependencies {
+
+    compile(boot.starterWeb) {
+        exclude module: "spring-boot-starter-tomcat"
+    }
+    //compile project(':09-ps-data-jpa')
+    compile boot.starterJetty, boot.actuator, boot.yaml
+
+    testCompile tests.junit
+}
+

10-ps-mvc-boot/src/main/java/com/ps/init/AppSettings.java

@@ -1,8 +1,9 @@
-package com.book.init;
+package com.ps.init;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.boot.context.properties.ConfigurationProperties;
+
 import javax.annotation.PostConstruct;
 import javax.validation.constraints.NotNull;
 

10-ps-mvc-boot/src/main/java/com/ps/init/Application.java

@@ -1,7 +1,20 @@
 package com.ps.init;
 
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.context.annotation.ComponentScan;
+
 /**
  * Created by iuliana.cosmina on 8/15/16.
  */
+@SpringBootApplication
+@ComponentScan(basePackages = {"com.ps.init", "com.ps.web"})
+@EnableConfigurationProperties(AppSettings.class)
 public class Application {
+
+    public static void main(String[] args) {
+        SpringApplication.run(Application.class, args);
+    }
+
 }

10-ps-mvc-boot/src/main/resources/banner.txt

@@ -4,4 +4,4 @@
 /    |    \  |_> >  | \/\  ___/ \___ \ \___ \
 \____|__  /   __/|__|    \___  >____  >____  >
 ========\/|__|===============\/=====\/=====\/
-:: Spring Boot ::           (v.1.2.6.RELEASE)
+:: Spring Boot ::           (v.1.4.1.RELEASE)

11-ps-security-practice/11-ps-security-practice.gradle

@@ -18,7 +18,7 @@ test {
 
 gretty {
     port = 8080
-    contextPath = '/mvc-basic'
+    contextPath = '/mvc-security'
 }
 
 war {

11-ps-security-practice/src/main/java/com/ps/config/SecurityConfig.java

@@ -6,6 +6,7 @@
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.web.csrf.CsrfTokenRepository;
@@ -15,17 +16,20 @@
  * Created by iuliana.cosmina on 8/16/16.
  */
 @Configuration
-@EnableWebSecurity
-@EnableGlobalMethodSecurity(securedEnabled = true)
+// TODO 49. Enable support for Spring Security
+// TODO 50. Enable support for securing methods using JSR 250 annotations
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
+    @Override
+    public void configure(WebSecurity web) throws Exception {
+        web.ignoring().antMatchers("/resources/**","/images/**","/styles/**");
+    }
+
     @Autowired
     public void configureGlobal(AuthenticationManagerBuilder auth) {
         try {
-            auth.inMemoryAuthentication().withUser("john").password("doe").roles("USER")
-                    .and()
-                    .withUser("jane").password("doe").roles("USER,ADMIN")
-                    .and().withUser("admin").password("admin").roles("ADMIN");
+            // TODO 51. Configure users john, jane and admin as described in home.jsp
+            auth.inMemoryAuthentication();
         } catch (Exception e) {
             e.printStackTrace();
         }
@@ -35,8 +39,7 @@ public void configureGlobal(AuthenticationManagerBuilder auth) {
     protected void configure(HttpSecurity http) throws Exception {
         http
                 .authorizeRequests()
-                .antMatchers("/resources/**","/images/**","/styles/**").permitAll()
-                .antMatchers("/users/show").hasRole("ADMIN")
+                //TODO 52. All URL matching /users/show/**  must be available only to users with role ADMIN
                 .antMatchers("/**").hasAnyRole("ADMIN","USER")
                 .anyRequest()
                 .authenticated()
@@ -66,4 +69,4 @@ public CsrfTokenRepository repo() {
         return repo;
     }
 
-}
+}

11-ps-security-practice/src/main/java/com/ps/config/WebConfig.java

@@ -44,6 +44,8 @@ public void configureDefaultServletHandling(DefaultServletHandlerConfigurer conf
     public void addViewControllers(ViewControllerRegistry registry) {
         registry.addViewController("/").setViewName("home");
         registry.addViewController("/home").setViewName("home");
+        registry.addViewController("/auth").setViewName("auth");
+        registry.addViewController("/cancel").setViewName("cancel");
     }
 
     @Bean

11-ps-security-practice/src/main/java/com/ps/init/SecurityWebApplicationInitializer.java

@@ -1,9 +1,8 @@
 package com.ps.init;
 
-import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
-
 /**
  * Created by iuliana.cosmina on 9/14/15.
  */
-public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {
+//TODO 48. Modify this class to register the DelegatingFilterProxy bean
+public class SecurityWebApplicationInitializer  {
 }

11-ps-security-practice/src/main/java/com/ps/init/WebInitializer.java

@@ -18,7 +18,7 @@ public class WebInitializer extends AbstractAnnotationConfigDispatcherServletIni
     @Override
     protected Class<?>[] getRootConfigClasses() {
         return new Class<?>[]{
-                SecurityConfig.class
+              // TODO 53. Set the security context as root context
         };
     }
 

11-ps-security-practice/src/main/java/com/ps/web/UserController.java

@@ -40,7 +40,7 @@ public String list(Model model) {
 	/**
 	 * Handles requests to show detail about one user.
 	 */
-	@RequestMapping(value = "/{id:[\\d]*}", method = RequestMethod.GET)
+	@RequestMapping(value = "/show/{id:[\\d]*}", method = RequestMethod.GET)
 	public String show(@PathVariable Long id, Model model) throws NotFoundException {
 		User user = userService.findById(id);
 		if (user == null) {