tmp

1ce2f37b · Quentin Barlet · 401dd114 · 1ce2f37b · 1ce2f37b · 1ce2f37b
Commit 1ce2f37b authored 1 year ago by Quentin Barlet
--- a/pom.xml
+++ b/pom.xml
@@ -18,6 +18,13 @@
        <java.version>17</java.version>
    </properties>
    <dependencies>
+        <!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-security -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+            <version>3.2.0</version>
+        </dependency>
+
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-actuator</artifactId>

--- a/src/main/java/fr/but3/tp509/Security.java
+++ b/src/main/java/fr/but3/tp509/Security.java
+package fr.but3.tp509;
+
+import jakarta.servlet.DispatcherType;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.provisioning.JdbcUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
+import org.springframework.web.servlet.handler.HandlerMappingIntrospector;
+
+import javax.sql.DataSource;
+
+@Configuration
+@EnableWebSecurity
+public class Security {
+
+    @Autowired
+    DataSource dataSource;
+
+    @Bean
+    public JdbcUserDetailsManager udm() {
+        return new JdbcUserDetailsManager(dataSource);
+    }
+
+    @Bean
+    public SecurityFilterChain mesautorisations(HttpSecurity http, HandlerMappingIntrospector introspector) throws Exception {
+        MvcRequestMatcher.Builder mvc = new MvcRequestMatcher.Builder(introspector);
+        return http.authorizeHttpRequests((authorize) -> authorize.dispatcherTypeMatchers(DispatcherType.FORWARD)
+                                                                  .permitAll().requestMatchers(mvc.pattern("/"))
+                                                                  .permitAll().requestMatchers(mvc.pattern("/private"))
+                                                                  .authenticated().anyRequest().permitAll())
+                   .formLogin(Customizer.withDefaults()).logout((configurer) -> {
+                    configurer.logoutUrl("/logout").logoutSuccessUrl("/public");
+                }).rememberMe((configurer) -> configurer.useSecureCookie(true)).build();
+    }
+
+//    @Bean
+//    public UserDetailsService mesutilisateurs() {
+//        String usersByUsernameQuery = "select username, password, enabled from t1 where username = ?";
+//        String authsByUserQuery = "select username, authority from t2 where username = ?";
+//
+//        JdbcUserDetailsManager users = new JdbcUserDetailsManager(dataSource);
+//
+//        userDetailsManager.setUsersByUsernameQuery(usersByUsernameQuery);
+//        userDetailsManager.setAuthoritiesByUsernameQuery(authsByUserQuery);
+//
+//        return users;
+//    }
+
+//    @Bean
+//    public PasswordEncoder encoder() {
+//        return new BCryptPasswordEncoder();
+//    }
+//
+}
+// $2a$10$2OPCwbH78n9AdfuD5Nq8ROT4atyfguBGaoOAYGRZ2btdlj9lzu1DS
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -10,3 +10,6 @@ spring.jpa.show-sql=true
 ## Hibernate Properties
 # Hibernate ddl auto (create, create-drop, validate, update)
 spring.jpa.hibernate.ddl-auto=update
+# Security
+spring.security.user.name=user
+spring.security.user.password=000000
--- a/src/main/resources/data.sql
+++ b/src/main/resources/data.sql
+truncate users cascade;
+truncate authorities cascade;
+
+insert into users values('john', '{bcrypt}$2a$10$2OPCwbH78n9AdfuD5Nq8ROT4atyfguBGaoOAYGRZ2btdlj9lzu1DS', true);
+insert into authorities values('john', 'ADMIN');
+
+INSERT INTO users VALUES ('paul','{MD5}6c63212ab48e8401eaf6b59b95d816a9',TRUE);
+INSERT INTO users VALUES ('pierre','{noop}pierre',TRUE);
+
+INSERT INTO authorities VALUES ('paul', 'USER');
+INSERT INTO authorities VALUES ('pierre', 'USER');
--- a/src/main/resources/schema.sql
+++ b/src/main/resources/schema.sql
+DROP TABLE IF EXISTS authorities CASCADE;
+DROP TABLE IF EXISTS users CASCADE;
+
+CREATE TABLE users(
+    username VARCHAR(50) NOT NULL,
+    password VARCHAR(100) NOT NULL,
+    enabled BOOLEAN NOT NULL DEFAULT TRUE,
+    PRIMARY KEY (username)
+);
+
+CREATE TABLE authorities(
+    username VARCHAR(50) NOT NULL,
+    authority VARCHAR(50) NOT NULL,
+    FOREIGN KEY (username) REFERENCES users (username)
+)
\ No newline at end of file
--- a/src/main/webapp/WEB-INF/jsp/private/v2.jsp
+++ b/src/main/webapp/WEB-INF/jsp/private/v2.jsp
@@ -3,6 +3,6 @@
        <title>V2</title>
    </head>
    <body>
-        <h1>Cette page est privée</h1>
+        <h1>Cette page est privée: <%= request.getRemoteUser() %></h1>
    </body>
 </html>
--- a/src/main/webapp/WEB-INF/jsp/public/v1.jsp
+++ b/src/main/webapp/WEB-INF/jsp/public/v1.jsp
@@ -3,6 +3,6 @@
        <title>V1</title>
    </head>
    <body>
-        <h1>V1</h1>
+        <h1>V1: <%= request.getRemoteUser() %></h1>
    </body>
 </html>
\ No newline at end of file