In this
post, I am going to explain how to secure the apis using spring-security
module. We are going to maintain an in-memory collection that store user
details like username and password. We are going to allow the users who are
from our database and others will get unauthorized message.
How can
we achieve the above scenario?
Step 1: Extend the class 'WebSecurityConfigurerAdapter'
@Configuration @EnableWebSecurity public class ApplicationSecurityConfiguration extends WebSecurityConfigurerAdapter { ...... ...... }
Step 2:
Override
'userDetailsService' method.
@Override @Bean public UserDetailsService userDetailsService() { UserDetails krishnas = User.withDefaultPasswordEncoder().username("krishna").password("password123").roles("USER", "ADMIN").build(); UserDetails rams = User.withDefaultPasswordEncoder().username("rama553").password("rama123").roles("USER").build(); List<UserDetails> userDetails = Arrays.asList(krishnas, rams); return new InMemoryUserDetailsManager(userDetails); }
As you see
above snippet, I created two users krishna and rama553. krishna is given with
USER and ADMIN roles, whereas rama is given with USER role.
Find the
below working application.
ApplicationSecurityConfiguration.java
package com.sample.app.config; import java.util.Arrays; import java.util.List; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.provisioning.InMemoryUserDetailsManager; @Configuration @EnableWebSecurity public class ApplicationSecurityConfiguration extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity httpSecurity) throws Exception { httpSecurity.csrf().disable().authorizeRequests().antMatchers("/", "/public/*", "/css/*", "/js/*").permitAll() .anyRequest().authenticated().and().httpBasic(); } @Override @Bean public UserDetailsService userDetailsService() { UserDetails krishnas = User.withDefaultPasswordEncoder().username("krishna").password("password123").roles("USER", "ADMIN").build(); UserDetails rams = User.withDefaultPasswordEncoder().username("rama553").password("rama123").roles("USER").build(); List<UserDetails> userDetails = Arrays.asList(krishnas, rams); return new InMemoryUserDetailsManager(userDetails); } }
EmployeeController.java
package com.sample.app.controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RestController; @RestController @RequestMapping("employees/") public class EmployeeController { @RequestMapping(value = "registered/count", method = RequestMethod.GET) public String countEmps() { return "Total Registered Employees : "+ 1024; } }
HelloWorldController.java
package com.sample.app.controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; @RestController public class HelloWorldController { @RequestMapping("/") public String homePage() { return "Welcome to Spring boot Application Development using Spring Security"; } @RequestMapping("/public/aboutme") public String aboutMe() { return "I am securied by spring security module"; } }
App.java
package com.sample.app; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; @SpringBootApplication public class App { public static void main(String[] args) { SpringApplication.run(App.class, args); } }
pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>springSecurity</groupId> <artifactId>springSecurity</artifactId> <version>1</version> <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>2.1.6.RELEASE</version> </parent> <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> </dependencies> </project>
Total
project structure looks like below.
Run
App.java.
Open the
url 'http://localhost:8080/employees/registered/count' in browser.
Enter
username as ‘krishna’ and password as ‘password123’ and click on OK button.
You can
see below kind of screen.
You can
download complete working application from below link.
No comments:
Post a Comment