This is an automated email from the ASF dual-hosted git repository. jamesbognar pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/juneau-petstore.git
commit 3f5287aa9a1c2090ae4cefd07a45a41eeb7e60b4 Author: COMVIVA\ishita.singh <[email protected]> AuthorDate: Thu Oct 17 01:09:46 2019 +0530 Added spring security support --- juneau-petstore-server/pom.xml | 24 +++++++++++++-- .../petstore/config/SpringSecurityConfig.java | 35 ++++++++++++++++++++++ 2 files changed, 57 insertions(+), 2 deletions(-) diff --git a/juneau-petstore-server/pom.xml b/juneau-petstore-server/pom.xml index 1b4cfa1..9dc3f39 100644 --- a/juneau-petstore-server/pom.xml +++ b/juneau-petstore-server/pom.xml @@ -91,12 +91,32 @@ <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-data-jpa</artifactId> </dependency> - + + <!-- Spring Security --> + <dependency> + <groupId>org.springframework.boot</groupId> + <artifactId>spring-boot-starter-security</artifactId> + </dependency> + <dependency> + <groupId>org.springframework.security</groupId> + <artifactId>spring-security-config</artifactId> + </dependency> + <dependency> + <groupId>org.springframework.security</groupId> + <artifactId>spring-security-core</artifactId> + <version>5.1.5.RELEASE</version> + </dependency> + <!-- Cache --> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-cache</artifactId> - </dependency> + </dependency> + + <dependency> + <groupId>org.springframework.boot</groupId> + <artifactId>spring-boot-test-autoconfigure</artifactId> + </dependency> </dependencies> <build> diff --git a/juneau-petstore-server/src/main/java/org/apache/juneau/petstore/config/SpringSecurityConfig.java b/juneau-petstore-server/src/main/java/org/apache/juneau/petstore/config/SpringSecurityConfig.java new file mode 100644 index 0000000..593a430 --- /dev/null +++ b/juneau-petstore-server/src/main/java/org/apache/juneau/petstore/config/SpringSecurityConfig.java @@ -0,0 +1,35 @@ +package org.apache.juneau.petstore.config; + +import org.springframework.context.annotation.Configuration; +import org.springframework.http.HttpMethod; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; + +@Configuration +public class SpringSecurityConfig extends WebSecurityConfigurerAdapter{ + + @Override + protected void configure(AuthenticationManagerBuilder auth) throws Exception { + + auth.inMemoryAuthentication() + .withUser("user").password("{noop}password").roles("USER") + .and() + .withUser("admin").password("{noop}password").roles("USER", "ADMIN"); + + } + + @Override + protected void configure(HttpSecurity http) throws Exception { + + http + .authorizeRequests() + .antMatchers(HttpMethod.POST, "/pet").hasRole("ADMIN") + .antMatchers(HttpMethod.PUT, "/pet/**").hasRole("ADMIN") + .antMatchers(HttpMethod.DELETE, "/pet/**").hasRole("ADMIN") + .and() + .csrf().disable() + .formLogin().disable(); + } + +}
