Reticulating splines... (C) whatthecommit.com

Author: daggerok

.github/workflows/ci.yml

@@ -1,7 +1,7 @@
 name: CI
 on: [push]
 env:
-  CI: 'true'
+  SPRING_PROFILES_ACTIVE: ci
 jobs:
   step-0-application-without-security:
     strategy:
@@ -57,13 +57,74 @@ jobs:
       with:
         java-version: ${{ matrix.java }}
     - run: command -v docker >/dev/null 2>&1 || { echo >&2 "I require docker but it's not installed.  Aborting."; exit 1; }
-    #- run: type docker >/dev/null 2>&1 || { echo >&2 "I require docker but it's not installed.  Aborting."; exit 1; }
     #- run: hash docker 2>/dev/null || { echo >&2 "I require docker but it's not installed.  Aborting."; exit 1; }
     - run: sudo apt-get install -y httpie
     - run: npm i -g wait-port
     - run: cd $GITHUB_WORKSPACE && ./mvnw -f step-0-application-without-security
     - run: ( bash $GITHUB_WORKSPACE/step-0-application-without-security/target/*jar --spring.profiles.active=ci & ) || echo ...
     - run: wait-port 8080
     - run: http get :8080
-    - run: cd $GITHUB_WORKSPACE && ./mvnw -f step-0-test-application-without-security -Dgroups=e2e -Pe2e
+    - run: cd $GITHUB_WORKSPACE && ./mvnw -f step-0-test-application-without-security -Dgroups=e2e
     - run: http --ignore-stdin post :8080/actuator/shutdown
+  step-1-application-with-default-spring-security:
+    strategy:
+      matrix:
+        java: [11]
+        os: [ubuntu-latest]
+    runs-on: ${{ matrix.os }}
+    name: java-${{ matrix.java }} step-1-application-with-default-spring-security
+    steps:
+    - uses: actions/checkout@v1
+    - uses: actions/cache@v1
+      with:
+        path: ~/.m2
+        key: ${{ runner.os }}-maven-${{ hashFiles('**/mvnw') }}
+        restore-keys: |
+          ${{ runner.os }}-docker-
+          ${{ runner.os }}-maven-
+          ${{ runner.os }}-node-
+          ${{ runner.os }}-npm-
+          ${{ runner.os }}-
+    - uses: actions/cache@v1
+      with:
+        path: ~/.docker
+        key: ${{ runner.os }}-docker-${{ hashFiles('**/mvnw') }}
+        restore-keys: |
+          ${{ runner.os }}-docker-
+          ${{ runner.os }}-maven-
+          ${{ runner.os }}-node-
+          ${{ runner.os }}-npm-
+          ${{ runner.os }}-
+    - uses: actions/cache@v1
+      with:
+        path: ~/.npm
+        key: ${{ runner.os }}-npm-${{ hashFiles('**/mvnw') }}
+        restore-keys: |
+          ${{ runner.os }}-docker-
+          ${{ runner.os }}-maven-
+          ${{ runner.os }}-node-
+          ${{ runner.os }}-npm-
+          ${{ runner.os }}-
+    - uses: actions/cache@v1
+      with:
+        path: ~/.node
+        key: ${{ runner.os }}-maven-${{ hashFiles('**/mvnw') }}
+        restore-keys: |
+          ${{ runner.os }}-docker-
+          ${{ runner.os }}-maven-
+          ${{ runner.os }}-node-
+          ${{ runner.os }}-npm-
+          ${{ runner.os }}-
+    - uses: actions/setup-node@v1
+    - uses: actions/setup-java@v1
+      with:
+        java-version: ${{ matrix.java }}
+    - run: type docker >/dev/null 2>&1 || { echo >&2 "I require docker but it's not installed.  Aborting."; exit 1; }
+    - run: sudo apt-get install -y httpie
+    - run: npm i -g wait-port
+    - run: cd $GITHUB_WORKSPACE && ./mvnw -f step-1-application-with-default-spring-security
+    - run: ( bash $GITHUB_WORKSPACE/step-1-application-with-default-spring-security/target/*jar & ) || echo ...
+    - run: wait-port 8080
+    - run: http get :8080
+    - run: cd $GITHUB_WORKSPACE && ./mvnw -f step-1-test-application-with-default-spring-security -Dgroups=e2e -Pci
+    - run: http --ignore-stdin -a user:pwd post :8080/actuator/shutdown

.idea/runConfigurations/Step_1_app.xml

@@ -3,12 +3,13 @@ Learn Spring Security by baby steps from zero to pro!
 
 ## Table of Content
 * [Step 0: No security](#step-0)
+* [Step 1: Add authentication](#step-1)
 * [Versioning and releasing](#maven)
 * [Resources and used links](#resources)
 
 ## step: 0
 
-let's use simple spring boot web app
+let's use simple spring boot web app without security at all!
 
 ### application
 
@@ -57,10 +58,12 @@ finally, to gracefully shutdown application under test on CI builds,
 add actuator dependency:
 
 ```xml
+  <dependencies>
     <dependency>
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-actuator</artifactId>
     </dependency>
+  </dependencies>
 ```
 
 with according configurations in `application.yaml` file:
@@ -113,11 +116,12 @@ class AppTest extends AbstractTest {
 
   @Test
   void test() {
-    open("http://127.0.0.1:8080");
-    var h1 = $("h1");
+    open("http://127.0.0.1:8080"); // open home page...
+    var h1 = $("h1");              // find there <h1> tag...
     log.info("h1 html: {}", h1);
-    h1.shouldBe(exist, visible)
-      .shouldHave(text("hello"));
+    h1.shouldBe(exist, visible)    // element should be inside DOM
+      .shouldHave(text("hello"));  // textContent of the tag should
+                                   // contains expected content...
   }
 }
 ```
@@ -133,6 +137,58 @@ java -jar ./step-0-application-without-security/target/*jar --spring.profiles.ac
 http post :8080/actuator/shutdown
 ```
 
+## step: 1
+
+in this step we are going to implement simple authentication.
+it's mean everyone who logged in, can access all available
+resources.
+
+### application
+
+add required dependencies:
+
+```xml
+  <dependencies>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-security</artifactId>
+    </dependency>
+  </dependencies>
+```
+
+update `application.yaml` configuration with desired user password:
+
+```yaml
+spring:
+  security:
+    user:
+      password: pwd
+```
+
+### test application
+
+now, let's update test according to configured security as follows:
+
+```java
+@Log4j2
+@AllArgsConstructor
+class AppTest extends AbstractTest {
+
+  @Test
+  void test() {
+    open("http://127.0.0.1:8080");
+    // we should be redirected to login page, so lets authenticate!
+    $("#username").setValue("user");
+    $("#password").setValue("pwd").submit();
+    // everything else is with no changes...
+    var h1 = $("h1");
+    log.info("h1 html: {}", h1);
+    h1.shouldBe(exist, visible)
+      .shouldHave(text("hello"));
+  }
+}
+```
+
 ## maven
 
 we will be releasing after each important step! so it will be easy simply checkout needed version from git tag.

.idea/runConfigurations/Step_2_test.xml

@@ -11,6 +11,8 @@
   <modules>
     <module>step-0-application-without-security</module>
     <module>step-0-test-application-without-security</module>
+    <module>step-1-application-with-default-spring-security</module>
+    <module>step-1-test-application-with-default-spring-security</module>
   </modules>
   <properties>
     <encoding>UTF-8</encoding>
@@ -164,7 +166,13 @@
   </build>
   <profiles>
     <profile>
-      <id>e2e</id>
+      <id>ci</id>
+      <activation>
+        <property>
+          <name>env.SPRING_PROFILES_ACTIVE</name>
+          <value>ci</value>
+        </property>
+      </activation>
       <build>
         <plugins>
           <plugin>

README.md

@@ -5,6 +5,7 @@
   <parent>
     <artifactId>spring-security-basics</artifactId>
     <groupId>com.giuthub.daggerok</groupId>
+    <relativePath>..</relativePath>
     <version>1.0.1</version>
   </parent>
   <packaging>jar</packaging>

pom.xml

@@ -5,6 +5,7 @@
   <parent>
     <artifactId>spring-security-basics</artifactId>
     <groupId>com.giuthub.daggerok</groupId>
+    <relativePath>..</relativePath>
     <version>1.0.1</version>
   </parent>
   <packaging>jar</packaging>

step-0-application-without-security/pom.xml

@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <parent>
+    <artifactId>spring-security-basics</artifactId>
+    <groupId>com.giuthub.daggerok</groupId>
+    <relativePath>..</relativePath>
+    <version>1.0.1</version>
+  </parent>
+  <packaging>jar</packaging>
+  <modelVersion>4.0.0</modelVersion>
+  <artifactId>step-1-application-with-default-spring-security</artifactId>
+  <dependencies>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-web</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-actuator</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-security</artifactId>
+    </dependency>
+  </dependencies>
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-maven-plugin</artifactId>
+      </plugin>
+    </plugins>
+  </build>
+</project>

step-0-test-application-without-security/pom.xml

@@ -0,0 +1,42 @@
+package daggerok;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
+import org.springframework.boot.actuate.context.ShutdownEndpoint;
+import org.springframework.boot.actuate.health.HealthEndpoint;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
+
+@Controller
+class IndexPage {
+
+  @GetMapping("/")
+  String index() {
+    return "index.html";
+  }
+}
+
+@EnableWebSecurity
+class MyWebSecurity extends WebSecurityConfigurerAdapter {
+  @Override
+  protected void configure(HttpSecurity http) throws Exception {
+    http.authorizeRequests()
+          .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
+          .anyRequest().authenticated()//.fullyAuthenticated()//
+        .and()
+          .csrf().disable()
+        .formLogin()
+    ;
+  }
+}
+
+@SpringBootApplication
+public class App {
+  public static void main(String[] args) {
+    SpringApplication.run(App.class, args);
+  }
+}

step-1-application-with-default-spring-security/pom.xml

@@ -0,0 +1,19 @@
+spring:
+  security:
+    user:
+      password: pwd
+  output:
+    ansi:
+      enabled: always
+---
+spring:
+  profiles: ci
+management:
+  endpoint:
+    shutdown:
+      enabled: true
+  endpoints:
+    web:
+      exposure:
+        include: >
+          shutdown

step-1-application-with-default-spring-security/src/main/java/daggerok/App.java

@@ -0,0 +1,12 @@
+<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <meta http-equiv="X-UA-Compatible" content="ie=edge">
+  <title>Home page | spring-security baby-steps</title>
+</head>
+<body>
+<h1>Hello!</h1>
+</body>
+</html>