From 1ce2f37b064ad6cdfdbd02f90d2c518f4cf69187 Mon Sep 17 00:00:00 2001
From: Quentin Barlet <quentin.barlet.etu@univ-lille.fr>
Date: Tue, 9 Jan 2024 13:20:50 +0100
Subject: [PATCH] tmp

---
 pom.xml                                    |  7 +++
 src/main/java/fr/but3/tp509/Security.java  | 60 ++++++++++++++++++++++
 src/main/resources/application.properties  |  5 +-
 src/main/resources/data.sql                | 11 ++++
 src/main/resources/schema.sql              | 15 ++++++
 src/main/webapp/WEB-INF/jsp/private/v2.jsp |  2 +-
 src/main/webapp/WEB-INF/jsp/public/v1.jsp  |  2 +-
 7 files changed, 99 insertions(+), 3 deletions(-)
 create mode 100644 src/main/java/fr/but3/tp509/Security.java
 create mode 100644 src/main/resources/data.sql
 create mode 100644 src/main/resources/schema.sql

diff --git a/pom.xml b/pom.xml
index 0bd8136..f44028c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -18,6 +18,13 @@
         <java.version>17</java.version>
     </properties>
     <dependencies>
+        <!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-security -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+            <version>3.2.0</version>
+        </dependency>
+
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-actuator</artifactId>
diff --git a/src/main/java/fr/but3/tp509/Security.java b/src/main/java/fr/but3/tp509/Security.java
new file mode 100644
index 0000000..720cbec
--- /dev/null
+++ b/src/main/java/fr/but3/tp509/Security.java
@@ -0,0 +1,60 @@
+package fr.but3.tp509;
+
+import jakarta.servlet.DispatcherType;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.provisioning.JdbcUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
+import org.springframework.web.servlet.handler.HandlerMappingIntrospector;
+
+import javax.sql.DataSource;
+
+@Configuration
+@EnableWebSecurity
+public class Security {
+
+    @Autowired
+    DataSource dataSource;
+
+    @Bean
+    public JdbcUserDetailsManager udm() {
+        return new JdbcUserDetailsManager(dataSource);
+    }
+
+    @Bean
+    public SecurityFilterChain mesautorisations(HttpSecurity http, HandlerMappingIntrospector introspector) throws Exception {
+        MvcRequestMatcher.Builder mvc = new MvcRequestMatcher.Builder(introspector);
+        return http.authorizeHttpRequests((authorize) -> authorize.dispatcherTypeMatchers(DispatcherType.FORWARD)
+                                                                  .permitAll().requestMatchers(mvc.pattern("/"))
+                                                                  .permitAll().requestMatchers(mvc.pattern("/private"))
+                                                                  .authenticated().anyRequest().permitAll())
+                   .formLogin(Customizer.withDefaults()).logout((configurer) -> {
+                    configurer.logoutUrl("/logout").logoutSuccessUrl("/public");
+                }).rememberMe((configurer) -> configurer.useSecureCookie(true)).build();
+    }
+
+//    @Bean
+//    public UserDetailsService mesutilisateurs() {
+//        String usersByUsernameQuery = "select username, password, enabled from t1 where username = ?";
+//        String authsByUserQuery = "select username, authority from t2 where username = ?";
+//
+//        JdbcUserDetailsManager users = new JdbcUserDetailsManager(dataSource);
+//
+//        userDetailsManager.setUsersByUsernameQuery(usersByUsernameQuery);
+//        userDetailsManager.setAuthoritiesByUsernameQuery(authsByUserQuery);
+//
+//        return users;
+//    }
+
+//    @Bean
+//    public PasswordEncoder encoder() {
+//        return new BCryptPasswordEncoder();
+//    }
+//
+}
+// $2a$10$2OPCwbH78n9AdfuD5Nq8ROT4atyfguBGaoOAYGRZ2btdlj9lzu1DS
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index a7bc00c..edbd1f8 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -9,4 +9,7 @@ spring.datasource.password=moi
 spring.jpa.show-sql=true
 ## Hibernate Properties
 # Hibernate ddl auto (create, create-drop, validate, update)
-spring.jpa.hibernate.ddl-auto=update
\ No newline at end of file
+spring.jpa.hibernate.ddl-auto=update
+# Security
+spring.security.user.name=user
+spring.security.user.password=000000
diff --git a/src/main/resources/data.sql b/src/main/resources/data.sql
new file mode 100644
index 0000000..55ac83a
--- /dev/null
+++ b/src/main/resources/data.sql
@@ -0,0 +1,11 @@
+truncate users cascade;
+truncate authorities cascade;
+
+insert into users values('john', '{bcrypt}$2a$10$2OPCwbH78n9AdfuD5Nq8ROT4atyfguBGaoOAYGRZ2btdlj9lzu1DS', true);
+insert into authorities values('john', 'ADMIN');
+
+INSERT INTO users VALUES ('paul','{MD5}6c63212ab48e8401eaf6b59b95d816a9',TRUE);
+INSERT INTO users VALUES ('pierre','{noop}pierre',TRUE);
+
+INSERT INTO authorities VALUES ('paul', 'USER');
+INSERT INTO authorities VALUES ('pierre', 'USER');
diff --git a/src/main/resources/schema.sql b/src/main/resources/schema.sql
new file mode 100644
index 0000000..3911c8e
--- /dev/null
+++ b/src/main/resources/schema.sql
@@ -0,0 +1,15 @@
+DROP TABLE IF EXISTS authorities CASCADE;
+DROP TABLE IF EXISTS users CASCADE;
+
+CREATE TABLE users(
+    username VARCHAR(50) NOT NULL,
+    password VARCHAR(100) NOT NULL,
+    enabled BOOLEAN NOT NULL DEFAULT TRUE,
+    PRIMARY KEY (username)
+);
+
+CREATE TABLE authorities(
+    username VARCHAR(50) NOT NULL,
+    authority VARCHAR(50) NOT NULL,
+    FOREIGN KEY (username) REFERENCES users (username)
+)
\ No newline at end of file
diff --git a/src/main/webapp/WEB-INF/jsp/private/v2.jsp b/src/main/webapp/WEB-INF/jsp/private/v2.jsp
index 298ad00..cf43be9 100644
--- a/src/main/webapp/WEB-INF/jsp/private/v2.jsp
+++ b/src/main/webapp/WEB-INF/jsp/private/v2.jsp
@@ -3,6 +3,6 @@
         <title>V2</title>
     </head>
     <body>
-        <h1>Cette page est privée</h1>
+        <h1>Cette page est privée: <%= request.getRemoteUser() %></h1>
     </body>
 </html>
diff --git a/src/main/webapp/WEB-INF/jsp/public/v1.jsp b/src/main/webapp/WEB-INF/jsp/public/v1.jsp
index a2b188f..e71e0c1 100644
--- a/src/main/webapp/WEB-INF/jsp/public/v1.jsp
+++ b/src/main/webapp/WEB-INF/jsp/public/v1.jsp
@@ -3,6 +3,6 @@
         <title>V1</title>
     </head>
     <body>
-        <h1>V1</h1>
+        <h1>V1: <%= request.getRemoteUser() %></h1>
     </body>
 </html>
\ No newline at end of file
-- 
GitLab