Spring Security integration

2024-05-14 16:35:03 +02:00 · 2024-05-14 16:35:03 +02:00 · 5fca251f88
commit 5fca251f88
parent 55ee3581f1
2 changed files with 61 additions and 3 deletions
--- a/view/pom.xml
+++ b/view/pom.xml
@ -107,6 +107,14 @@
            <groupId>org.springframework</groupId>
            <artifactId>spring-webmvc</artifactId>
        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-web</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-config</artifactId>
+        </dependency>

        <!--  Servlet API, needed for compilation. -->
        <dependency>
--- a/view/src/main/java/ApplicationBootstrap.java
+++ b/view/src/main/java/ApplicationBootstrap.java
@ -6,21 +6,32 @@ import jakarta.persistence.EntityManager;
 import jakarta.persistence.EntityManagerFactory;
 import jakarta.servlet.ServletContext;
 import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRegistration;
 import org.apache.wicket.protocol.http.WicketFilter;
 import org.apache.wicket.spring.injection.annot.SpringComponentInjector;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.task.SimpleAsyncTaskExecutor;
 import org.springframework.orm.jpa.LocalEntityManagerFactoryBean;
 import org.springframework.orm.jpa.SharedEntityManagerCreator;
 import org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.transaction.PlatformTransactionManager;
 import org.springframework.transaction.annotation.EnableTransactionManagement;
 import org.springframework.web.WebApplicationInitializer;
 import org.springframework.web.context.ContextLoaderListener;
 import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
+import org.springframework.web.filter.DelegatingFilterProxy;
 import org.springframework.web.servlet.DispatcherServlet;
+import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 import se.su.dsv.scipro.SciProApplication;
 import se.su.dsv.scipro.daisyExternal.http.DaisyAPI;
 import se.su.dsv.scipro.daisyExternal.http.DaisyAPIImpl;
@ -84,7 +95,6 @@ public class ApplicationBootstrap implements WebApplicationInitializer {
        webApplicationContext.register(SciProApplication.class);
        webApplicationContext.register(CurrentProfile.class);
        webApplicationContext.register(Config.class);
-        webApplicationContext.scan("se.su.dsv.scipro.api");
        webApplicationContext.refresh();

        servletContext.addListener(new ContextLoaderListener(webApplicationContext));
@ -102,8 +112,48 @@ public class ApplicationBootstrap implements WebApplicationInitializer {
        servletContext.addFilter("wicket-filter", filter)
                .addMappingForUrlPatterns(null, true, "/*");

-        servletContext.addServlet("spring-web", new DispatcherServlet(webApplicationContext))
-                .addMapping("/api/*");
+        AnnotationConfigWebApplicationContext dispatcherApplicationContext = new AnnotationConfigWebApplicationContext();
+        dispatcherApplicationContext.register(WebConfig.class);
+        dispatcherApplicationContext.setParent(webApplicationContext);
+        dispatcherApplicationContext.setServletContext(servletContext);
+
+        ServletRegistration.Dynamic dispatcher = servletContext.addServlet(
+                "spring-web",
+                new DispatcherServlet(dispatcherApplicationContext));
+        dispatcher.setLoadOnStartup(1);
+        dispatcher.addMapping("/api/*");
+
+        DelegatingFilterProxy springSecurityFilterChain = new DelegatingFilterProxy("springSecurityFilterChain", dispatcherApplicationContext);
+        servletContext.addFilter("spring-security-filter", springSecurityFilterChain)
+                .addMappingForServletNames(null, false, "spring-web");
+    }
+
+    @Configuration
+    @EnableWebMvc
+    @EnableWebSecurity
+    @ComponentScan("se.su.dsv.scipro.api")
+    public static class WebConfig {
+        @Bean
+        public SecurityFilterChain basicAuth(HttpSecurity http)
+                throws Exception
+        {
+            return http
+                    .httpBasic(Customizer.withDefaults())
+                    .authorizeHttpRequests(authorize -> authorize
+                            .anyRequest().authenticated())
+                    .build();
+        }
+
+        @Bean
+        public UserDetailsService userDetailsService() {
+            UserDetails userDetails = org.springframework.security.core.userdetails.User.withDefaultPasswordEncoder()
+                    .username("user")
+                    .password("password")
+                    .roles("USER")
+                    .build();
+
+            return new InMemoryUserDetailsManager(userDetails);
+        }
    }

    @Configuration