Working on security

Author: gregturn

10/part1/chat/src/main/java/com/greglturnquist/learningspringboot/chat/HomeController.java

@@ -18,16 +18,14 @@
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.GetMapping;
 
-import javax.servlet.http.HttpServletRequest;
-
 /**
  * @author Greg Turnquist
  */
 @Controller
 public class HomeController {
 
 	@GetMapping("/")
-	public String index(HttpServletRequest request) {
+	public String index() {
 		return "index";
 	}
 

10/part1/chat/src/main/java/com/greglturnquist/learningspringboot/chat/SecurityConfiguration.java

@@ -15,53 +15,47 @@
  */
 package com.greglturnquist.learningspringboot.chat;
 
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.CommandLineRunner;
-import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 
 /**
  * @author Greg Turnquist
  */
 // tag::code[]
 @Configuration
-public class SecurityConfiguration extends
-				WebSecurityConfigurerAdapter {
+public class SecurityConfiguration /*extends
+				WebSecurityConfigurerAdapter*/ {
 
 	// tag::mongdb-users[]
-	@Autowired
-	public void globalUserDetails(AuthenticationManagerBuilder auth,
-					  SpringDataUserDetailsService userDetailsService)
-		throws Exception {
-
-		auth.userDetailsService(userDetailsService);
-	}
-
-	@Bean
-	CommandLineRunner initializeUsers(UserRepository repository) {
-		return args -> {
-			repository.save(new User(null, "greg", "turnquist",
-				new String[]{"ROLE_USER", "ROLE_ADMIN"}));
-
-			repository.save(new User(null, "phil", "webb",
-				new String[]{"ROLE_USER"}));
-		};
-	}
+//	@Autowired
+//	public void globalUserDetails(AuthenticationManagerBuilder auth,
+//					  SpringDataUserDetailsService userDetailsService)
+//		throws Exception {
+//
+//		auth.userDetailsService(userDetailsService);
+//	}
+//
+//	@Bean
+//	CommandLineRunner initializeUsers(UserRepository repository) {
+//		return args -> {
+//			repository.save(new User(null, "greg", "turnquist",
+//				new String[]{"ROLE_USER", "ROLE_ADMIN"}));
+//
+//			repository.save(new User(null, "phil", "webb",
+//				new String[]{"ROLE_USER"}));
+//		};
+//	}
 	// end::mongodb-users[]
 
-	@Override
-	protected void configure(HttpSecurity http) throws Exception {
-		http
-			.httpBasic()
-				.and()
-			.formLogin()
-				.and()
-			.authorizeRequests()
-				.antMatchers("/**").authenticated();
-	}
+//	@Override
+//	protected void configure(HttpSecurity http) throws Exception {
+//		http
+//			.httpBasic()
+//				.and()
+//			.formLogin()
+//				.and()
+//			.authorizeRequests()
+//				.antMatchers("/**").authenticated();
+//	}
 
 }
 // end::code[]

10/part1/chat/src/main/java/com/greglturnquist/learningspringboot/chat/SessionHeaderLoadingZuulPreFilter.java

@@ -15,40 +15,38 @@
  */
 package com.greglturnquist.learningspringboot.chat;
 
-import com.netflix.zuul.ZuulFilter;
-import com.netflix.zuul.context.RequestContext;
 import org.springframework.stereotype.Component;
 
 /**
  * @author Greg Turnquist
  */
 // tag::code[]
 @Component
-public class SessionHeaderLoadingZuulPreFilter extends ZuulFilter {
-
-	@Override
-	public String filterType() {
-		return "pre";
-	}
-
-	@Override
-	public int filterOrder() {
-		return 0;
-	}
-
-	@Override
-	public boolean shouldFilter() {
-		return true;
-	}
-
-	@Override
-	public Object run() {
-		RequestContext context = RequestContext.getCurrentContext();
-
-		context.addZuulRequestHeader("SESSION",
-			context.getRequest().getSession().getId());
-
-		return null;
-	}
+public class SessionHeaderLoadingZuulPreFilter /*extends ZuulFilter*/ {
+
+//	@Override
+//	public String filterType() {
+//		return "pre";
+//	}
+//
+//	@Override
+//	public int filterOrder() {
+//		return 0;
+//	}
+//
+//	@Override
+//	public boolean shouldFilter() {
+//		return true;
+//	}
+//
+//	@Override
+//	public Object run() {
+//		RequestContext context = RequestContext.getCurrentContext();
+//
+//		context.addZuulRequestHeader("SESSION",
+//			context.getRequest().getSession().getId());
+//
+//		return null;
+//	}
 }
 // end::code[]

10/part1/comments/src/main/java/com/greglturnquist/learningspringboot/comments/SecurityConfiguration.java

@@ -15,30 +15,26 @@
  */
 package com.greglturnquist.learningspringboot.comments;
 
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.web.session.SessionManagementFilter;
 
 /**
  * @author Greg Turnquist
  */
 // tag::code[]
 @Configuration
-public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
+public class SecurityConfiguration /*extends WebSecurityConfigurerAdapter*/ {
 
-	@Autowired
-	SpringSessionSecurityContextFilter springSessionSecurityContextFilter;
-
-	@Override
-	protected void configure(HttpSecurity http) throws Exception {
-		http
-			.addFilterAfter(springSessionSecurityContextFilter, SessionManagementFilter.class)
-			.httpBasic()
-				.and()
-			.authorizeRequests()
-				.antMatchers("/**").authenticated();
-	}
+//	@Autowired
+//	SpringSessionSecurityContextFilter springSessionSecurityContextFilter;
+//
+//	@Override
+//	protected void configure(HttpSecurity http) throws Exception {
+//		http
+//			.addFilterAfter(springSessionSecurityContextFilter, SessionManagementFilter.class)
+//			.httpBasic()
+//				.and()
+//			.authorizeRequests()
+//				.antMatchers("/**").authenticated();
+//	}
 }
 // end::code[]

10/part1/comments/src/main/java/com/greglturnquist/learningspringboot/comments/SpringSessionSecurityContextFilter.java

@@ -15,46 +15,34 @@
  */
 package com.greglturnquist.learningspringboot.comments;
 
-import java.io.IOException;
-
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
-import org.springframework.session.Session;
-import org.springframework.session.SessionRepository;
 import org.springframework.stereotype.Component;
-import org.springframework.web.filter.OncePerRequestFilter;
 
 /**
  * @author Greg Turnquist
  */
 @Component
-public class SpringSessionSecurityContextFilter extends OncePerRequestFilter {
-
-	private final SessionRepository sessionRepository;
-
-	public SpringSessionSecurityContextFilter(SessionRepository sessionRepository) {
-		this.sessionRepository = sessionRepository;
-	}
-
-	@Override
-	protected void doFilterInternal(HttpServletRequest request,
-									HttpServletResponse response,
-									FilterChain filterChain) throws ServletException, IOException {
-		String sessionId = request.getHeader("SESSION");
-		if (sessionId != null) {
-			Session session = sessionRepository.findById(sessionId);
-			if (session != null) {
-				SecurityContextHolder.setContext(
-					session.getAttribute(
-						HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY));
-			}
-		}
-		filterChain.doFilter(request, response);
-	}
+public class SpringSessionSecurityContextFilter /*extends OncePerRequestFilter*/ {
+
+//	private final SessionRepository sessionRepository;
+//
+//	public SpringSessionSecurityContextFilter(SessionRepository sessionRepository) {
+//		this.sessionRepository = sessionRepository;
+//	}
+//
+//	@Override
+//	protected void doFilterInternal(HttpServletRequest request,
+//									HttpServletResponse response,
+//									FilterChain filterChain) throws ServletException, IOException {
+//		String sessionId = request.getHeader("SESSION");
+//		if (sessionId != null) {
+//			Session session = sessionRepository.findById(sessionId);
+//			if (session != null) {
+//				SecurityContextHolder.setContext(
+//					session.getAttribute(
+//						HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY));
+//			}
+//		}
+//		filterChain.doFilter(request, response);
+//	}
 
 }

10/part1/images/src/main/java/com/greglturnquist/learningspringboot/HomeController.java

@@ -19,10 +19,7 @@
 import java.util.HashMap;
 import java.util.Map;
 
-import javax.servlet.http.HttpSession;
-
 import reactor.core.publisher.Mono;
-
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -70,7 +67,7 @@ public Mono<String> index(Model model,
 
 	@GetMapping("/token")
 	@ResponseBody
-	public Mono<Map<String, String>> token(HttpSession session) {
-		return Mono.just(Collections.singletonMap("token", session.getId()));
+	public Mono<Map<String, String>> token(@RequestHeader("SESSION") String sessionId) {
+		return Mono.just(Collections.singletonMap("token", sessionId));
 	}
 }

10/part1/images/src/main/java/com/greglturnquist/learningspringboot/SecurityConfiguration.java

@@ -15,40 +15,31 @@
  */
 package com.greglturnquist.learningspringboot;
 
-import com.greglturnquist.learningspringboot.images.SpringSessionSecurityContextFilter;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.http.HttpMethod;
-import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
-import org.springframework.security.web.session.SessionManagementFilter;
 
 /**
  * @author Greg Turnquist
  */
 // tag::code[]
 @Configuration
-@EnableGlobalMethodSecurity(prePostEnabled = true)
-public class SecurityConfiguration extends
-					WebSecurityConfigurerAdapter {
+//@EnableGlobalMethodSecurity(prePostEnabled = true)
+public class SecurityConfiguration /*extends
+					WebSecurityConfigurerAdapter*/ {
 
-	@Override
-	protected void configure(HttpSecurity http) throws Exception {
-		http
-			.httpBasic()
-				.disable()
-			.authorizeRequests()
-				.anyRequest().authenticated()
-				.and()
-			.addFilterAfter(springSessionSecurityContextFilter,
-				SessionManagementFilter.class);
-	}
-
-	@Autowired
-	SpringSessionSecurityContextFilter
-		springSessionSecurityContextFilter;
+//	@Override
+//	protected void configure(HttpSecurity http) throws Exception {
+//		http
+//			.httpBasic()
+//				.disable()
+//			.authorizeRequests()
+//				.anyRequest().authenticated()
+//				.and()
+//			.addFilterAfter(springSessionSecurityContextFilter,
+//				SessionManagementFilter.class);
+//	}
+//
+//	@Autowired
+//	SpringSessionSecurityContextFilter
+//		springSessionSecurityContextFilter;
 }
 // end::code[]

10/part1/images/src/main/java/com/greglturnquist/learningspringboot/images/InitDatabase.java

@@ -32,11 +32,11 @@ CommandLineRunner init(MongoOperations operations) {
 			operations.dropCollection(Image.class);
 
 			operations.insert(new Image("1",
-				"learning-spring-boot-cover.jpg"));
+				"learning-spring-boot-cover.jpg", "greg"));
 			operations.insert(new Image("2",
-				"learning-spring-boot-2nd-edition-cover.jpg"));
+				"learning-spring-boot-2nd-edition-cover.jpg", "greg"));
 			operations.insert(new Image("3",
-				"bazinga.png"));
+				"bazinga.png", "greg"));
 
 			operations.findAll(Image.class).forEach(image -> {
 				System.out.println(image.toString());