diff --git a/pom.xml b/pom.xml
index 0bd8136a356ef2c0d48a0ef12f222dfdd04b1db5..f44028cea0bd670c573d741628af1d4247c024a9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -18,6 +18,13 @@
<java.version>17</java.version>
</properties>
<dependencies>
+ <!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-security -->
+ <dependency>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-security</artifactId>
+ <version>3.2.0</version>
+ </dependency>
+
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
diff --git a/src/main/java/fr/but3/tp509/Security.java b/src/main/java/fr/but3/tp509/Security.java
new file mode 100644
index 0000000000000000000000000000000000000000..720cbec725bbaf8c746249029bdc3e005e9240dd
--- /dev/null
+++ b/src/main/java/fr/but3/tp509/Security.java
@@ -0,0 +1,60 @@
+package fr.but3.tp509;
+
+import jakarta.servlet.DispatcherType;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.provisioning.JdbcUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
+import org.springframework.web.servlet.handler.HandlerMappingIntrospector;
+
+import javax.sql.DataSource;
+
+@Configuration
+@EnableWebSecurity
+public class Security {
+
+ @Autowired
+ DataSource dataSource;
+
+ @Bean
+ public JdbcUserDetailsManager udm() {
+ return new JdbcUserDetailsManager(dataSource);
+ }
+
+ @Bean
+ public SecurityFilterChain mesautorisations(HttpSecurity http, HandlerMappingIntrospector introspector) throws Exception {
+ MvcRequestMatcher.Builder mvc = new MvcRequestMatcher.Builder(introspector);
+ return http.authorizeHttpRequests((authorize) -> authorize.dispatcherTypeMatchers(DispatcherType.FORWARD)
+ .permitAll().requestMatchers(mvc.pattern("/"))
+ .permitAll().requestMatchers(mvc.pattern("/private"))
+ .authenticated().anyRequest().permitAll())
+ .formLogin(Customizer.withDefaults()).logout((configurer) -> {
+ configurer.logoutUrl("/logout").logoutSuccessUrl("/public");
+ }).rememberMe((configurer) -> configurer.useSecureCookie(true)).build();
+ }
+
+// @Bean
+// public UserDetailsService mesutilisateurs() {
+// String usersByUsernameQuery = "select username, password, enabled from t1 where username = ?";
+// String authsByUserQuery = "select username, authority from t2 where username = ?";
+//
+// JdbcUserDetailsManager users = new JdbcUserDetailsManager(dataSource);
+//
+// userDetailsManager.setUsersByUsernameQuery(usersByUsernameQuery);
+// userDetailsManager.setAuthoritiesByUsernameQuery(authsByUserQuery);
+//
+// return users;
+// }
+
+// @Bean
+// public PasswordEncoder encoder() {
+// return new BCryptPasswordEncoder();
+// }
+//
+}
+// $2a$10$2OPCwbH78n9AdfuD5Nq8ROT4atyfguBGaoOAYGRZ2btdlj9lzu1DS
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index a7bc00c35eee24b382e26e56dbe94caf9f0625fd..edbd1f8406e998d988797617f3ff41d0fb00bf47 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -9,4 +9,7 @@ spring.datasource.password=moi
spring.jpa.show-sql=true
## Hibernate Properties
# Hibernate ddl auto (create, create-drop, validate, update)
-spring.jpa.hibernate.ddl-auto=update
\ No newline at end of file
+spring.jpa.hibernate.ddl-auto=update
+# Security
+spring.security.user.name=user
+spring.security.user.password=000000
diff --git a/src/main/resources/data.sql b/src/main/resources/data.sql
new file mode 100644
index 0000000000000000000000000000000000000000..55ac83a47d32d21c0590a3dabbc3678ff4e0644d
--- /dev/null
+++ b/src/main/resources/data.sql
@@ -0,0 +1,11 @@
+truncate users cascade;
+truncate authorities cascade;
+
+insert into users values('john', '{bcrypt}$2a$10$2OPCwbH78n9AdfuD5Nq8ROT4atyfguBGaoOAYGRZ2btdlj9lzu1DS', true);
+insert into authorities values('john', 'ADMIN');
+
+INSERT INTO users VALUES ('paul','{MD5}6c63212ab48e8401eaf6b59b95d816a9',TRUE);
+INSERT INTO users VALUES ('pierre','{noop}pierre',TRUE);
+
+INSERT INTO authorities VALUES ('paul', 'USER');
+INSERT INTO authorities VALUES ('pierre', 'USER');
diff --git a/src/main/resources/schema.sql b/src/main/resources/schema.sql
new file mode 100644
index 0000000000000000000000000000000000000000..3911c8e603cee526dc039fe6a61ea5538b776016
--- /dev/null
+++ b/src/main/resources/schema.sql
@@ -0,0 +1,15 @@
+DROP TABLE IF EXISTS authorities CASCADE;
+DROP TABLE IF EXISTS users CASCADE;
+
+CREATE TABLE users(
+ username VARCHAR(50) NOT NULL,
+ password VARCHAR(100) NOT NULL,
+ enabled BOOLEAN NOT NULL DEFAULT TRUE,
+ PRIMARY KEY (username)
+);
+
+CREATE TABLE authorities(
+ username VARCHAR(50) NOT NULL,
+ authority VARCHAR(50) NOT NULL,
+ FOREIGN KEY (username) REFERENCES users (username)
+)
\ No newline at end of file
diff --git a/src/main/webapp/WEB-INF/jsp/private/v2.jsp b/src/main/webapp/WEB-INF/jsp/private/v2.jsp
index 298ad00dc0e35a6388c0dff03b1a3d3fe7040f9c..cf43be9a1df16df9475be23a9476105043d6cbc0 100644
--- a/src/main/webapp/WEB-INF/jsp/private/v2.jsp
+++ b/src/main/webapp/WEB-INF/jsp/private/v2.jsp
@@ -3,6 +3,6 @@
<title>V2</title>
</head>
<body>
- <h1>Cette page est privée</h1>
+ <h1>Cette page est privée: <%= request.getRemoteUser() %></h1>
</body>
</html>
diff --git a/src/main/webapp/WEB-INF/jsp/public/v1.jsp b/src/main/webapp/WEB-INF/jsp/public/v1.jsp
index a2b188f36c8daeac3dac44b33b9154b63f435d55..e71e0c17cee15cbf1073970caaf9173abcf0b589 100644
--- a/src/main/webapp/WEB-INF/jsp/public/v1.jsp
+++ b/src/main/webapp/WEB-INF/jsp/public/v1.jsp
@@ -3,6 +3,6 @@
<title>V1</title>
</head>
<body>
- <h1>V1</h1>
+ <h1>V1: <%= request.getRemoteUser() %></h1>
</body>
</html>
\ No newline at end of file