├── .gitignore ├── README.md ├── docs ├── release.md └── rickroll-demo.gif ├── mvnw ├── mvnw.cmd ├── pom.xml ├── renovate.json └── src ├── main ├── java │ └── be │ │ └── tomcools │ │ └── rickrollsecurity │ │ ├── RickRollConfiguration.java │ │ ├── RickRollConfigurationProperties.java │ │ └── RickRollFilter.java └── resources │ └── META-INF │ └── spring │ └── org.springframework.boot.autoconfigure.AutoConfiguration.imports └── test ├── java └── be │ └── tomcools │ └── rickrollsecurity │ ├── AlternateVideoTests.java │ ├── IntegrationTestApplication.java │ └── RickrollSecuritySpringBootStarterApplicationTests.java └── resources └── test.properties /.gitignore: -------------------------------------------------------------------------------- 1 | HELP.md 2 | target/ 3 | !.mvn/wrapper/maven-wrapper.jar 4 | !**/src/main/** 5 | !**/src/test/** 6 | 7 | ### STS ### 8 | .apt_generated 9 | .classpath 10 | .factorypath 11 | .project 12 | .settings 13 | .springBeans 14 | .sts4-cache 15 | 16 | ### IntelliJ IDEA ### 17 | .idea 18 | *.iws 19 | *.iml 20 | *.ipr 21 | 22 | ### NetBeans ### 23 | /nbproject/private/ 24 | /nbbuild/ 25 | /dist/ 26 | /nbdist/ 27 | /.nb-gradle/ 28 | build/ 29 | 30 | ### VS Code ### 31 | .vscode/ 32 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Rickroll Security Spring Boot Starter 2 | 3 | This starter will reroute configured paths and/or file extensions to a video of Rick Astley - Never Gonna Give You Up. 4 | 5 | ![Demo](https://github.com/TomCools/rickroll-security-spring-boot-starter/blob/main/docs/rickroll-demo.gif) 6 | 7 | ## Contribute 8 | 9 | Just make a pull request ;) There is not much in this repo. 10 | 11 | ## Example Use Case 12 | 13 | Noob hackers often try to access secure pages. The Spring Actuator endpoints are an example where a hacker could do some serious damage. You could put a password on it and you definatly should...but then they don't learn anything. So what you can do is move the actual actuator paths and replace them with Rick Astley! That'll make them think twice! 14 | 15 | ``` 16 | management.endpoints.web.base-path=/manage 17 | rickroll.paths=/actuator 18 | ``` 19 | 20 | Some might even try to reach common PHP pages, such as "/wp-admin/install.php". If you serve no PHP, you can even redirect all requests for PHP pages (or another extension of your choice) to Rick! 21 | 22 | ``` 23 | rickroll.file-extensions=php 24 | ``` 25 | 26 | ## Configuration 27 | 28 | Add the following dependency to your POM. 29 | 30 | ```xml 31 | 32 | be.tomcools 33 | rickroll-security-spring-boot-starter 34 | VERSION_HERE 35 | 36 | ``` 37 | 38 | Paths you want to redirect can be configured in your Spring Application Properties: 39 | 40 | ``` 41 | rickroll.paths=/admin,/tomcools,/**/bye-bye/* 42 | rickroll.file-extensions=php 43 | ``` 44 | 45 | As of version 1.2.0, we are adding alternative RickRoll videos. 46 | These can be selected by setting the *rickroll.version=**VERSION_NAME*** property. 47 | 48 | Available versions: 49 | 50 | | VERSION_NAME | URL | 51 | |---------------|----------------------------------------------| 52 | | original | https://www.youtube.com/watch?v=dQw4w9WgXcQ | 53 | | scary-pockets | https://www.youtube.com/watch?v=sQnoZUR6fvY | 54 | | metal-caleb | https://www.youtube.com/watch?v=MXMf_ni0Msk | 55 | 56 | Since version 1.3.0, it's possible to use patterns as path configurations. Patterns give more flexibility and help to reduce the total amount of configured paths. 57 | Request URIs will be checked on a match using an [`AntPathMatcher`](https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/util/AntPathMatcher.html). 58 | 59 | ## FAQ 60 | 61 | ### If I have a RestController mapped to /admin and I also add /admin in the rickroll.paths. What will happen? 62 | 63 | Why don't you try that for yourself? #evillaugh 64 | 65 | The implementation is based on a `Filter.class`. So anything that happens after the filter will be replaced by some nice music. 66 | In case of a RestController, since this comes after the Filter...you will be rickroll'd. 67 | 68 | ### Why did you hardcode the Rickroll URL? 69 | Let's face it. That video will only be removed from the internet in case of an apocalyptic event. In which case, this project won't matter much either. 70 | We are allowing PRs to add alternative URLs. These will be validated by us before being added to available options. 71 | 72 | 73 | ## Special Thanks 74 | - [Liam Hammet for the original Tweet that started all this madness.](https://twitter.com/LiamHammett/status/1260984553570570240) 75 | - [Andy Wilkinson to suggest the idea of adding it to Spring.](https://twitter.com/ankinson/status/1261724332553900034) 76 | - [My amazing wife](https://twitter.com/HenderickxSilke) for putting up with me and all my sillyness. <3 77 | - [Rick Astley for never giving me up, nor letting me down.](https://www.youtube.com/watch?v=dQw4w9WgXcQ) 78 | -------------------------------------------------------------------------------- /docs/release.md: -------------------------------------------------------------------------------- 1 | # How to publish something to Maven Central. 2 | 3 | Using JReleaser: https://jreleaser.org/guide/latest/examples/maven/index.html 4 | 5 | - Set version: `mvn versions:set` 6 | - Stage artifacts: `mvn -Ppublication` 7 | - (Dry) Run JReleaser: `mvn -Djreleaser.dry.run=true jreleaser:full-release` 8 | 9 | Afterwards, set next snapshot version. 10 | -------------------------------------------------------------------------------- /docs/rickroll-demo.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TomCools/rickroll-security-spring-boot-starter/7e01762282dda6bb1681f37706e5326104f4709a/docs/rickroll-demo.gif -------------------------------------------------------------------------------- /mvnw: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # ---------------------------------------------------------------------------- 3 | # Licensed to the Apache Software Foundation (ASF) under one 4 | # or more contributor license agreements. See the NOTICE file 5 | # distributed with this work for additional information 6 | # regarding copyright ownership. The ASF licenses this file 7 | # to you under the Apache License, Version 2.0 (the 8 | # "License"); you may not use this file except in compliance 9 | # with the License. You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, 14 | # software distributed under the License is distributed on an 15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 | # KIND, either express or implied. See the License for the 17 | # specific language governing permissions and limitations 18 | # under the License. 19 | # ---------------------------------------------------------------------------- 20 | 21 | # ---------------------------------------------------------------------------- 22 | # Maven Start Up Batch script 23 | # 24 | # Required ENV vars: 25 | # ------------------ 26 | # JAVA_HOME - location of a JDK home dir 27 | # 28 | # Optional ENV vars 29 | # ----------------- 30 | # M2_HOME - location of maven2's installed home dir 31 | # MAVEN_OPTS - parameters passed to the Java VM when running Maven 32 | # e.g. to debug Maven itself, use 33 | # set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 34 | # MAVEN_SKIP_RC - flag to disable loading of mavenrc files 35 | # ---------------------------------------------------------------------------- 36 | 37 | if [ -z "$MAVEN_SKIP_RC" ] ; then 38 | 39 | if [ -f /etc/mavenrc ] ; then 40 | . /etc/mavenrc 41 | fi 42 | 43 | if [ -f "$HOME/.mavenrc" ] ; then 44 | . "$HOME/.mavenrc" 45 | fi 46 | 47 | fi 48 | 49 | # OS specific support. $var _must_ be set to either true or false. 50 | cygwin=false; 51 | darwin=false; 52 | mingw=false 53 | case "`uname`" in 54 | CYGWIN*) cygwin=true ;; 55 | MINGW*) mingw=true;; 56 | Darwin*) darwin=true 57 | # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home 58 | # See https://developer.apple.com/library/mac/qa/qa1170/_index.html 59 | if [ -z "$JAVA_HOME" ]; then 60 | if [ -x "/usr/libexec/java_home" ]; then 61 | export JAVA_HOME="`/usr/libexec/java_home`" 62 | else 63 | export JAVA_HOME="/Library/Java/Home" 64 | fi 65 | fi 66 | ;; 67 | esac 68 | 69 | if [ -z "$JAVA_HOME" ] ; then 70 | if [ -r /etc/gentoo-release ] ; then 71 | JAVA_HOME=`java-config --jre-home` 72 | fi 73 | fi 74 | 75 | if [ -z "$M2_HOME" ] ; then 76 | ## resolve links - $0 may be a link to maven's home 77 | PRG="$0" 78 | 79 | # need this for relative symlinks 80 | while [ -h "$PRG" ] ; do 81 | ls=`ls -ld "$PRG"` 82 | link=`expr "$ls" : '.*-> $.*$$'` 83 | if expr "$link" : '/.*' > /dev/null; then 84 | PRG="$link" 85 | else 86 | PRG="`dirname "$PRG"`/$link" 87 | fi 88 | done 89 | 90 | saveddir=`pwd` 91 | 92 | M2_HOME=`dirname "$PRG"`/.. 93 | 94 | # make it fully qualified 95 | M2_HOME=`cd "$M2_HOME" && pwd` 96 | 97 | cd "$saveddir" 98 | # echo Using m2 at $M2_HOME 99 | fi 100 | 101 | # For Cygwin, ensure paths are in UNIX format before anything is touched 102 | if $cygwin ; then 103 | [ -n "$M2_HOME" ] && 104 | M2_HOME=`cygpath --unix "$M2_HOME"` 105 | [ -n "$JAVA_HOME" ] && 106 | JAVA_HOME=`cygpath --unix "$JAVA_HOME"` 107 | [ -n "$CLASSPATH" ] && 108 | CLASSPATH=`cygpath --path --unix "$CLASSPATH"` 109 | fi 110 | 111 | # For Mingw, ensure paths are in UNIX format before anything is touched 112 | if $mingw ; then 113 | [ -n "$M2_HOME" ] && 114 | M2_HOME="`(cd "$M2_HOME"; pwd)`" 115 | [ -n "$JAVA_HOME" ] && 116 | JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`" 117 | fi 118 | 119 | if [ -z "$JAVA_HOME" ]; then 120 | javaExecutable="`which javac`" 121 | if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '$[^ ]*$'`" = "no" ]; then 122 | # readlink(1) is not available as standard on Solaris 10. 123 | readLink=`which readlink` 124 | if [ ! `expr "$readLink" : '$[^ ]*$'` = "no" ]; then 125 | if $darwin ; then 126 | javaHome="`dirname \"$javaExecutable\"`" 127 | javaExecutable="`cd \"$javaHome\" && pwd -P`/javac" 128 | else 129 | javaExecutable="`readlink -f \"$javaExecutable\"`" 130 | fi 131 | javaHome="`dirname \"$javaExecutable\"`" 132 | javaHome=`expr "$javaHome" : '$.*$/bin'` 133 | JAVA_HOME="$javaHome" 134 | export JAVA_HOME 135 | fi 136 | fi 137 | fi 138 | 139 | if [ -z "$JAVACMD" ] ; then 140 | if [ -n "$JAVA_HOME" ] ; then 141 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 142 | # IBM's JDK on AIX uses strange locations for the executables 143 | JAVACMD="$JAVA_HOME/jre/sh/java" 144 | else 145 | JAVACMD="$JAVA_HOME/bin/java" 146 | fi 147 | else 148 | JAVACMD="`which java`" 149 | fi 150 | fi 151 | 152 | if [ ! -x "$JAVACMD" ] ; then 153 | echo "Error: JAVA_HOME is not defined correctly." >&2 154 | echo " We cannot execute $JAVACMD" >&2 155 | exit 1 156 | fi 157 | 158 | if [ -z "$JAVA_HOME" ] ; then 159 | echo "Warning: JAVA_HOME environment variable is not set." 160 | fi 161 | 162 | CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher 163 | 164 | # traverses directory structure from process work directory to filesystem root 165 | # first directory with .mvn subdirectory is considered project base directory 166 | find_maven_basedir() { 167 | 168 | if [ -z "$1" ] 169 | then 170 | echo "Path not specified to find_maven_basedir" 171 | return 1 172 | fi 173 | 174 | basedir="$1" 175 | wdir="$1" 176 | while [ "$wdir" != '/' ] ; do 177 | if [ -d "$wdir"/.mvn ] ; then 178 | basedir=$wdir 179 | break 180 | fi 181 | # workaround for JBEAP-8937 (on Solaris 10/Sparc) 182 | if [ -d "${wdir}" ]; then 183 | wdir=`cd "$wdir/.."; pwd` 184 | fi 185 | # end of workaround 186 | done 187 | echo "${basedir}" 188 | } 189 | 190 | # concatenates all lines of a file 191 | concat_lines() { 192 | if [ -f "$1" ]; then 193 | echo "$(tr -s '\n' ' ' < "$1")" 194 | fi 195 | } 196 | 197 | BASE_DIR=`find_maven_basedir "$(pwd)"` 198 | if [ -z "$BASE_DIR" ]; then 199 | exit 1; 200 | fi 201 | 202 | ########################################################################################## 203 | # Extension to allow automatically downloading the maven-wrapper.jar from Maven-central 204 | # This allows using the maven wrapper in projects that prohibit checking in binary data. 205 | ########################################################################################## 206 | if [ -r "$BASE_DIR/.mvn/wrapper/maven-wrapper.jar" ]; then 207 | if [ "$MVNW_VERBOSE" = true ]; then 208 | echo "Found .mvn/wrapper/maven-wrapper.jar" 209 | fi 210 | else 211 | if [ "$MVNW_VERBOSE" = true ]; then 212 | echo "Couldn't find .mvn/wrapper/maven-wrapper.jar, downloading it ..." 213 | fi 214 | if [ -n "$MVNW_REPOURL" ]; then 215 | jarUrl="$MVNW_REPOURL/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar" 216 | else 217 | jarUrl="https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar" 218 | fi 219 | while IFS="=" read key value; do 220 | case "$key" in (wrapperUrl) jarUrl="$value"; break ;; 221 | esac 222 | done < "$BASE_DIR/.mvn/wrapper/maven-wrapper.properties" 223 | if [ "$MVNW_VERBOSE" = true ]; then 224 | echo "Downloading from: $jarUrl" 225 | fi 226 | wrapperJarPath="$BASE_DIR/.mvn/wrapper/maven-wrapper.jar" 227 | if $cygwin; then 228 | wrapperJarPath=`cygpath --path --windows "$wrapperJarPath"` 229 | fi 230 | 231 | if command -v wget > /dev/null; then 232 | if [ "$MVNW_VERBOSE" = true ]; then 233 | echo "Found wget ... using wget" 234 | fi 235 | if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then 236 | wget "$jarUrl" -O "$wrapperJarPath" 237 | else 238 | wget --http-user=$MVNW_USERNAME --http-password=$MVNW_PASSWORD "$jarUrl" -O "$wrapperJarPath" 239 | fi 240 | elif command -v curl > /dev/null; then 241 | if [ "$MVNW_VERBOSE" = true ]; then 242 | echo "Found curl ... using curl" 243 | fi 244 | if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then 245 | curl -o "$wrapperJarPath" "$jarUrl" -f 246 | else 247 | curl --user $MVNW_USERNAME:$MVNW_PASSWORD -o "$wrapperJarPath" "$jarUrl" -f 248 | fi 249 | 250 | else 251 | if [ "$MVNW_VERBOSE" = true ]; then 252 | echo "Falling back to using Java to download" 253 | fi 254 | javaClass="$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.java" 255 | # For Cygwin, switch paths to Windows format before running javac 256 | if $cygwin; then 257 | javaClass=`cygpath --path --windows "$javaClass"` 258 | fi 259 | if [ -e "$javaClass" ]; then 260 | if [ ! -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then 261 | if [ "$MVNW_VERBOSE" = true ]; then 262 | echo " - Compiling MavenWrapperDownloader.java ..." 263 | fi 264 | # Compiling the Java class 265 | ("$JAVA_HOME/bin/javac" "$javaClass") 266 | fi 267 | if [ -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then 268 | # Running the downloader 269 | if [ "$MVNW_VERBOSE" = true ]; then 270 | echo " - Running MavenWrapperDownloader.java ..." 271 | fi 272 | ("$JAVA_HOME/bin/java" -cp .mvn/wrapper MavenWrapperDownloader "$MAVEN_PROJECTBASEDIR") 273 | fi 274 | fi 275 | fi 276 | fi 277 | ########################################################################################## 278 | # End of extension 279 | ########################################################################################## 280 | 281 | export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"} 282 | if [ "$MVNW_VERBOSE" = true ]; then 283 | echo $MAVEN_PROJECTBASEDIR 284 | fi 285 | MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS" 286 | 287 | # For Cygwin, switch paths to Windows format before running java 288 | if $cygwin; then 289 | [ -n "$M2_HOME" ] && 290 | M2_HOME=`cygpath --path --windows "$M2_HOME"` 291 | [ -n "$JAVA_HOME" ] && 292 | JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"` 293 | [ -n "$CLASSPATH" ] && 294 | CLASSPATH=`cygpath --path --windows "$CLASSPATH"` 295 | [ -n "$MAVEN_PROJECTBASEDIR" ] && 296 | MAVEN_PROJECTBASEDIR=`cygpath --path --windows "$MAVEN_PROJECTBASEDIR"` 297 | fi 298 | 299 | # Provide a "standardized" way to retrieve the CLI args that will 300 | # work with both Windows and non-Windows executions. 301 | MAVEN_CMD_LINE_ARGS="$MAVEN_CONFIG $@" 302 | export MAVEN_CMD_LINE_ARGS 303 | 304 | WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain 305 | 306 | exec "$JAVACMD" \ 307 | $MAVEN_OPTS \ 308 | -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \ 309 | "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \ 310 | ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@" 311 | -------------------------------------------------------------------------------- /mvnw.cmd: -------------------------------------------------------------------------------- 1 | @REM ---------------------------------------------------------------------------- 2 | @REM Licensed to the Apache Software Foundation (ASF) under one 3 | @REM or more contributor license agreements. See the NOTICE file 4 | @REM distributed with this work for additional information 5 | @REM regarding copyright ownership. The ASF licenses this file 6 | @REM to you under the Apache License, Version 2.0 (the 7 | @REM "License"); you may not use this file except in compliance 8 | @REM with the License. You may obtain a copy of the License at 9 | @REM 10 | @REM http://www.apache.org/licenses/LICENSE-2.0 11 | @REM 12 | @REM Unless required by applicable law or agreed to in writing, 13 | @REM software distributed under the License is distributed on an 14 | @REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | @REM KIND, either express or implied. See the License for the 16 | @REM specific language governing permissions and limitations 17 | @REM under the License. 18 | @REM ---------------------------------------------------------------------------- 19 | 20 | @REM ---------------------------------------------------------------------------- 21 | @REM Maven Start Up Batch script 22 | @REM 23 | @REM Required ENV vars: 24 | @REM JAVA_HOME - location of a JDK home dir 25 | @REM 26 | @REM Optional ENV vars 27 | @REM M2_HOME - location of maven2's installed home dir 28 | @REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands 29 | @REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a keystroke before ending 30 | @REM MAVEN_OPTS - parameters passed to the Java VM when running Maven 31 | @REM e.g. to debug Maven itself, use 32 | @REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 33 | @REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files 34 | @REM ---------------------------------------------------------------------------- 35 | 36 | @REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on' 37 | @echo off 38 | @REM set title of command window 39 | title %0 40 | @REM enable echoing by setting MAVEN_BATCH_ECHO to 'on' 41 | @if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO% 42 | 43 | @REM set %HOME% to equivalent of $HOME 44 | if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%") 45 | 46 | @REM Execute a user defined script before this one 47 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre 48 | @REM check for pre script, once with legacy .bat ending and once with .cmd ending 49 | if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat" 50 | if exist "%HOME%\mavenrc_pre.cmd" call "%HOME%\mavenrc_pre.cmd" 51 | :skipRcPre 52 | 53 | @setlocal 54 | 55 | set ERROR_CODE=0 56 | 57 | @REM To isolate internal variables from possible post scripts, we use another setlocal 58 | @setlocal 59 | 60 | @REM ==== START VALIDATION ==== 61 | if not "%JAVA_HOME%" == "" goto OkJHome 62 | 63 | echo. 64 | echo Error: JAVA_HOME not found in your environment. >&2 65 | echo Please set the JAVA_HOME variable in your environment to match the >&2 66 | echo location of your Java installation. >&2 67 | echo. 68 | goto error 69 | 70 | :OkJHome 71 | if exist "%JAVA_HOME%\bin\java.exe" goto init 72 | 73 | echo. 74 | echo Error: JAVA_HOME is set to an invalid directory. >&2 75 | echo JAVA_HOME = "%JAVA_HOME%" >&2 76 | echo Please set the JAVA_HOME variable in your environment to match the >&2 77 | echo location of your Java installation. >&2 78 | echo. 79 | goto error 80 | 81 | @REM ==== END VALIDATION ==== 82 | 83 | :init 84 | 85 | @REM Find the project base dir, i.e. the directory that contains the folder ".mvn". 86 | @REM Fallback to current working directory if not found. 87 | 88 | set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR% 89 | IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir 90 | 91 | set EXEC_DIR=%CD% 92 | set WDIR=%EXEC_DIR% 93 | :findBaseDir 94 | IF EXIST "%WDIR%"\.mvn goto baseDirFound 95 | cd .. 96 | IF "%WDIR%"=="%CD%" goto baseDirNotFound 97 | set WDIR=%CD% 98 | goto findBaseDir 99 | 100 | :baseDirFound 101 | set MAVEN_PROJECTBASEDIR=%WDIR% 102 | cd "%EXEC_DIR%" 103 | goto endDetectBaseDir 104 | 105 | :baseDirNotFound 106 | set MAVEN_PROJECTBASEDIR=%EXEC_DIR% 107 | cd "%EXEC_DIR%" 108 | 109 | :endDetectBaseDir 110 | 111 | IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig 112 | 113 | @setlocal EnableExtensions EnableDelayedExpansion 114 | for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a 115 | @endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS% 116 | 117 | :endReadAdditionalConfig 118 | 119 | SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe" 120 | set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar" 121 | set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain 122 | 123 | set DOWNLOAD_URL="https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar" 124 | 125 | FOR /F "tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO ( 126 | IF "%%A"=="wrapperUrl" SET DOWNLOAD_URL=%%B 127 | ) 128 | 129 | @REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central 130 | @REM This allows using the maven wrapper in projects that prohibit checking in binary data. 131 | if exist %WRAPPER_JAR% ( 132 | if "%MVNW_VERBOSE%" == "true" ( 133 | echo Found %WRAPPER_JAR% 134 | ) 135 | ) else ( 136 | if not "%MVNW_REPOURL%" == "" ( 137 | SET DOWNLOAD_URL="%MVNW_REPOURL%/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar" 138 | ) 139 | if "%MVNW_VERBOSE%" == "true" ( 140 | echo Couldn't find %WRAPPER_JAR%, downloading it ... 141 | echo Downloading from: %DOWNLOAD_URL% 142 | ) 143 | 144 | powershell -Command "&{"^ 145 | "$webclient = new-object System.Net.WebClient;"^ 146 | "if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {"^ 147 | "$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');"^ 148 | "}"^ 149 | "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%DOWNLOAD_URL%', '%WRAPPER_JAR%')"^ 150 | "}" 151 | if "%MVNW_VERBOSE%" == "true" ( 152 | echo Finished downloading %WRAPPER_JAR% 153 | ) 154 | ) 155 | @REM End of extension 156 | 157 | @REM Provide a "standardized" way to retrieve the CLI args that will 158 | @REM work with both Windows and non-Windows executions. 159 | set MAVEN_CMD_LINE_ARGS=%* 160 | 161 | %MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %* 162 | if ERRORLEVEL 1 goto error 163 | goto end 164 | 165 | :error 166 | set ERROR_CODE=1 167 | 168 | :end 169 | @endlocal & set ERROR_CODE=%ERROR_CODE% 170 | 171 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPost 172 | @REM check for post script, once with legacy .bat ending and once with .cmd ending 173 | if exist "%HOME%\mavenrc_post.bat" call "%HOME%\mavenrc_post.bat" 174 | if exist "%HOME%\mavenrc_post.cmd" call "%HOME%\mavenrc_post.cmd" 175 | :skipRcPost 176 | 177 | @REM pause the script if MAVEN_BATCH_PAUSE is set to 'on' 178 | if "%MAVEN_BATCH_PAUSE%" == "on" pause 179 | 180 | if "%MAVEN_TERMINATE_CMD%" == "on" exit %ERROR_CODE% 181 | 182 | exit /B %ERROR_CODE% 183 | -------------------------------------------------------------------------------- /pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 4 | 4.0.0 5 | 6 | org.springframework.boot 7 | spring-boot-starter-parent 8 | 3.2.5 9 | 10 | 11 | be.tomcools 12 | rickroll-security-spring-boot-starter 13 | 3.2.0-SNAPSHOT 14 | rickroll-security-spring-boot-starter 15 | Redirects common security endpoints to Rick Astley - Never Gonna Give You Up 16 | 17 | https://github.com/TomCools/rickroll-security-spring-boot-starter 18 | 19 | 20 | Apache License, Version 2.0 21 | http://www.apache.org/licenses/LICENSE-2.0.txt 22 | 23 | 24 | 25 | 26 | Tom Cools 27 | tom.cools@live.be 28 | https://www.tomcools.be 29 | 30 | 31 | 32 | Tom Cools 33 | https://www.tomcools.be 34 | 35 | 36 | https://github.com/TomCools/rickroll-security-spring-boot-starter 37 | scm:git:https://github.com/TomCools/rickroll-security-spring-boot-starter.git 38 | scm:git:https://github.com/TomCools/rickroll-security-spring-boot-starter.git 39 | 40 | rickroll-security-spring-boot-starter-0.0.1 41 | 42 | 43 | 44 | ossrh 45 | https://oss.sonatype.org/content/repositories/snapshots 46 | 47 | 48 | ossrh 49 | https://oss.sonatype.org/service/local/staging/deploy/maven2/ 50 | 51 | 52 | 53 | 54 | 17 55 | true 56 | 57 | 58 | 59 | 60 | org.springframework.boot 61 | spring-boot-starter 62 | 63 | 64 | org.springframework.boot 65 | spring-boot-starter-web 66 | 67 | 68 | 69 | org.springframework.boot 70 | spring-boot-starter-test 71 | test 72 | 73 | 74 | org.junit.vintage 75 | junit-vintage-engine 76 | 77 | 78 | 79 | 80 | org.springframework.boot 81 | spring-boot-starter-security 82 | test 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | org.apache.maven.plugins 93 | maven-deploy-plugin 94 | 3.0.0 95 | 96 | 97 | org.apache.maven.plugins 98 | maven-compiler-plugin 99 | 3.11.0 100 | 101 | 102 | org.apache.maven.plugins 103 | maven-javadoc-plugin 104 | 3.4.1 105 | 106 | 107 | org.apache.maven.plugins 108 | maven-sources-plugin 109 | 3.2.1 110 | 111 | 112 | org.jreleaser 113 | jreleaser-maven-plugin 114 | 1.12.0 115 | 116 | 117 | 118 | 119 | 120 | org.jreleaser 121 | jreleaser-maven-plugin 122 | 123 | 124 | 125 | 2024 Tom Cools 126 | 127 | 128 | ALWAYS 129 | true 130 | 131 | 132 | 133 | 134 | true 135 | TomCools 136 | github.com 137 | https://api.github.com 138 | 139 | ALWAYS 140 | conventional-commits 141 | 142 | true 143 | 144 | 145 | 146 | 147 | 148 | 149 | ALWAYS 150 | 151 | ALWAYS 152 | https://mastodon.social/ 153 | 🚀 {{projectNameCapitalized}} {{projectVersion}} has been released! 154 | 155 | 156 | ALWAYS 157 | https://bsky.social 158 | tcoolsit.bsky.social 159 | 160 | 🚀 {{projectNameCapitalized}} {{projectVersion}} has been released! 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 1.11.0 169 | 170 | 171 | 172 | ALWAYS 173 | https://oss.sonatype.org/service/local 174 | https://s01.oss.sonatype.org/content/repositories/snapshots/ 175 | true 176 | true 177 | true 178 | target/staging-deploy 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | false 187 | 188 | be.tomcools:jreleaser-demo-extension:1.0.0 189 | 190 | 191 | be.tomcools.jreleaser.AsciiArtSteps 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | publication 206 | 207 | local::file:./target/staging-deploy 208 | 209 | 210 | deploy 211 | 212 | 213 | org.apache.maven.plugins 214 | maven-javadoc-plugin 215 | 216 | 217 | attach-javadocs 218 | 219 | jar 220 | 221 | 222 | true 223 | 224 | 225 | 226 | 227 | 228 | org.apache.maven.plugins 229 | maven-source-plugin 230 | 231 | 232 | attach-sources 233 | 234 | jar 235 | 236 | 237 | true 238 | 239 | 240 | 241 | 242 | 243 | 244 | 245 | 246 | 247 | -------------------------------------------------------------------------------- /renovate.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | "extends": [ 4 | "config:base" 5 | ] 6 | } 7 | -------------------------------------------------------------------------------- /src/main/java/be/tomcools/rickrollsecurity/RickRollConfiguration.java: -------------------------------------------------------------------------------- 1 | package be.tomcools.rickrollsecurity; 2 | 3 | 4 | import jakarta.servlet.Filter; 5 | import org.slf4j.Logger; 6 | import org.slf4j.LoggerFactory; 7 | import org.springframework.beans.factory.annotation.Autowired; 8 | import org.springframework.boot.autoconfigure.AutoConfiguration; 9 | import org.springframework.boot.autoconfigure.condition.ConditionalOnClass; 10 | import org.springframework.context.annotation.Bean; 11 | 12 | 13 | @AutoConfiguration 14 | @ConditionalOnClass(Filter.class) 15 | public class RickRollConfiguration { 16 | private static final Logger LOGGER = LoggerFactory.getLogger(RickRollConfiguration.class); 17 | 18 | @Autowired 19 | RickRollConfigurationProperties properties; 20 | 21 | @Bean 22 | public RickRollFilter filter() { 23 | LOGGER.info("Rickrolling paths: {}", String.join(", ", properties.getPaths())); 24 | LOGGER.info("Rickrolling extensions: {}", String.join(", ", properties.getFileExtensions())); 25 | return new RickRollFilter(properties); 26 | } 27 | 28 | } 29 | -------------------------------------------------------------------------------- /src/main/java/be/tomcools/rickrollsecurity/RickRollConfigurationProperties.java: -------------------------------------------------------------------------------- 1 | package be.tomcools.rickrollsecurity; 2 | 3 | import org.springframework.boot.autoconfigure.AutoConfiguration; 4 | import org.springframework.boot.context.properties.ConfigurationProperties; 5 | 6 | import java.util.ArrayList; 7 | import java.util.List; 8 | 9 | @AutoConfiguration 10 | @ConfigurationProperties(prefix = "rickroll") 11 | public class RickRollConfigurationProperties { 12 | 13 | private List paths; 14 | private List fileExtensions; 15 | private Version version = Version.ORIGINAL; 16 | 17 | public List getFileExtensions() { 18 | if(fileExtensions == null) { 19 | return new ArrayList<>(); 20 | } 21 | return fileExtensions; 22 | } 23 | 24 | public void setFileExtensions(List fileExtensions) { 25 | this.fileExtensions = fileExtensions; 26 | } 27 | 28 | public List getPaths() { 29 | if(paths == null) { 30 | return new ArrayList<>(); 31 | } 32 | return paths; 33 | } 34 | 35 | public void setPaths(List paths) { 36 | this.paths = paths; 37 | } 38 | 39 | void setVersion(Version version) { 40 | this.version = version; 41 | } 42 | 43 | public String getVersionUrl() { 44 | return version.url; 45 | } 46 | 47 | enum Version { 48 | 49 | ORIGINAL("https://www.youtube.com/watch?v=dQw4w9WgXcQ"), 50 | METAL_CALEB("https://www.youtube.com/watch?v=MXMf_ni0Msk"), 51 | SCARY_POCKETS("https://www.youtube.com/watch?v=sQnoZUR6fvY"); 52 | 53 | final String url; 54 | 55 | private Version(String url) { 56 | this.url = url; 57 | } 58 | } 59 | } 60 | -------------------------------------------------------------------------------- /src/main/java/be/tomcools/rickrollsecurity/RickRollFilter.java: -------------------------------------------------------------------------------- 1 | package be.tomcools.rickrollsecurity; 2 | 3 | import jakarta.servlet.*; 4 | import jakarta.servlet.http.HttpServletRequest; 5 | import jakarta.servlet.http.HttpServletResponse; 6 | import org.springframework.core.Ordered; 7 | import org.springframework.core.annotation.Order; 8 | import org.springframework.util.AntPathMatcher; 9 | import org.springframework.util.PathMatcher; 10 | 11 | import java.io.IOException; 12 | 13 | @Order(Ordered.HIGHEST_PRECEDENCE) 14 | public class RickRollFilter implements Filter { 15 | private static final PathMatcher PATH_MATCHER = new AntPathMatcher(); 16 | 17 | private final RickRollConfigurationProperties properties; 18 | 19 | public RickRollFilter(RickRollConfigurationProperties properties) { 20 | this.properties = properties; 21 | } 22 | 23 | @Override 24 | public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { 25 | HttpServletRequest request = (HttpServletRequest) servletRequest; 26 | HttpServletResponse response = (HttpServletResponse) servletResponse; 27 | String requestUri = request.getRequestURI(); 28 | for (String path : properties.getPaths()) { 29 | if (PATH_MATCHER.match(path, requestUri)) { 30 | rickroll(response); 31 | return; 32 | } 33 | } 34 | for (String path : properties.getFileExtensions()) { 35 | if (requestUri.endsWith(path)) { 36 | rickroll(response); 37 | return; 38 | } 39 | } 40 | filterChain.doFilter(servletRequest, servletResponse); 41 | } 42 | 43 | private void rickroll(HttpServletResponse response) throws IOException { 44 | response.sendRedirect(properties.getVersionUrl()); 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports: -------------------------------------------------------------------------------- 1 | be.tomcools.rickrollsecurity.RickRollConfiguration 2 | be.tomcools.rickrollsecurity.RickRollConfigurationProperties -------------------------------------------------------------------------------- /src/test/java/be/tomcools/rickrollsecurity/AlternateVideoTests.java: -------------------------------------------------------------------------------- 1 | package be.tomcools.rickrollsecurity; 2 | 3 | import be.tomcools.rickrollsecurity.RickRollConfigurationProperties.Version; 4 | import org.junit.jupiter.api.Test; 5 | import org.springframework.beans.factory.annotation.Autowired; 6 | import org.springframework.boot.test.context.SpringBootTest; 7 | 8 | import static org.assertj.core.api.Assertions.assertThat; 9 | 10 | @SpringBootTest(properties = "rickroll.version=scary-pockets") 11 | class AlternateVideoTests { 12 | 13 | @Autowired 14 | RickRollConfigurationProperties properties; 15 | 16 | @Test 17 | void picksUpAlternateVideo() { 18 | assertThat(properties.getVersionUrl()).isEqualTo(Version.SCARY_POCKETS.url); 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /src/test/java/be/tomcools/rickrollsecurity/IntegrationTestApplication.java: -------------------------------------------------------------------------------- 1 | package be.tomcools.rickrollsecurity; 2 | 3 | import org.springframework.boot.autoconfigure.SpringBootApplication; 4 | import org.springframework.context.annotation.Bean; 5 | import org.springframework.security.config.annotation.web.builders.HttpSecurity; 6 | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; 7 | import org.springframework.security.web.SecurityFilterChain; 8 | 9 | @SpringBootApplication 10 | @EnableWebSecurity 11 | public class IntegrationTestApplication { 12 | 13 | @Bean 14 | public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { 15 | http.authorizeHttpRequests(authorize -> authorize 16 | .requestMatchers("/test-path/**").permitAll() 17 | .requestMatchers("/**secured/**").authenticated() 18 | .anyRequest().permitAll() 19 | ); 20 | 21 | return http.build(); 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /src/test/java/be/tomcools/rickrollsecurity/RickrollSecuritySpringBootStarterApplicationTests.java: -------------------------------------------------------------------------------- 1 | package be.tomcools.rickrollsecurity; 2 | 3 | import org.junit.jupiter.api.Test; 4 | import org.junit.jupiter.params.ParameterizedTest; 5 | import org.junit.jupiter.params.provider.CsvSource; 6 | import org.springframework.beans.factory.annotation.Autowired; 7 | import org.springframework.boot.test.context.SpringBootTest; 8 | import org.springframework.boot.test.web.client.TestRestTemplate; 9 | import org.springframework.http.HttpMethod; 10 | import org.springframework.http.HttpStatus; 11 | import org.springframework.http.ResponseEntity; 12 | import org.springframework.test.context.TestPropertySource; 13 | 14 | import static org.assertj.core.api.Assertions.assertThat; 15 | 16 | @TestPropertySource(locations = "classpath:test.properties") 17 | @SpringBootTest(webEnvironment= SpringBootTest.WebEnvironment.RANDOM_PORT) 18 | class RickrollSecuritySpringBootStarterApplicationTests { 19 | 20 | @Autowired 21 | TestRestTemplate template; 22 | 23 | @Test 24 | void testRedirectForPath() { 25 | test("/test-path", true); 26 | } 27 | 28 | @Test 29 | void testRedirectForSecuredPath() { 30 | test("/test-path-secured", true); 31 | } 32 | 33 | @Test 34 | void testRedirectForPathSubdirectoryMatch() { 35 | test("/test-path/rick-roll", true); 36 | } 37 | 38 | @Test 39 | void testRedirectForSubPathNoMatch() { 40 | test("/rick-roll/test-path", false); 41 | } 42 | 43 | @Test 44 | void testRedirectForFileExtension() { 45 | test("/extension.php", true); 46 | } 47 | 48 | @Test 49 | void testRedirectForFileExtensionSecuredPath() { 50 | test("/secured/extension.php", true); 51 | } 52 | 53 | @Test 54 | void testNonSetupNotFound() { 55 | test("/UNKNOWN_PATH", false); 56 | } 57 | 58 | private void test(String path, boolean rickRolled) { 59 | ResponseEntity forEntity = template.getForEntity(path, String.class); 60 | 61 | assertThat(forEntity.getStatusCode().equals(HttpStatus.FOUND)) 62 | .withFailMessage("Path %s resulted in unexpected result %s".formatted(path, forEntity)) 63 | .isEqualTo(rickRolled); 64 | } 65 | } 66 | -------------------------------------------------------------------------------- /src/test/resources/test.properties: -------------------------------------------------------------------------------- 1 | rickroll.paths=/test-path,/test-path/**,/test-path-secured/** 2 | rickroll.file-extensions=php 3 | --------------------------------------------------------------------------------