├── .gitignore ├── .travis.yml ├── README.adoc ├── gradle └── wrapper │ ├── gradle-wrapper.jar │ └── gradle-wrapper.properties ├── gradlew ├── gradlew.bat ├── rest ├── build.gradle └── src │ ├── main │ ├── java │ │ └── sample │ │ │ ├── RestApplication.java │ │ │ ├── config │ │ │ └── SecurityConfig.java │ │ │ ├── data │ │ │ ├── Message.java │ │ │ ├── MessageRepository.java │ │ │ ├── User.java │ │ │ └── UserRepository.java │ │ │ ├── mvc │ │ │ ├── AdminController.java │ │ │ ├── ExploitDemoController.java │ │ │ ├── MessageController.java │ │ │ ├── SecurityController.java │ │ │ └── UserController.java │ │ │ └── security │ │ │ ├── Authz.java │ │ │ ├── CurrentUser.java │ │ │ ├── ReadableMessage.java │ │ │ └── UserRepositoryUserDetailsService.java │ ├── resources │ │ ├── application.yml │ │ ├── data.sql │ │ ├── password-encode.sql │ │ ├── static │ │ │ ├── assets │ │ │ │ ├── css │ │ │ │ │ └── custom.css │ │ │ │ ├── img │ │ │ │ │ ├── favicon.ico │ │ │ │ │ └── logo.png │ │ │ │ └── js │ │ │ │ │ ├── app │ │ │ │ │ ├── app.js │ │ │ │ │ ├── message │ │ │ │ │ │ ├── message-compose.tpl.html │ │ │ │ │ │ ├── message-list.tpl.html │ │ │ │ │ │ ├── message-view.tpl.html │ │ │ │ │ │ └── message.js │ │ │ │ │ ├── router.js │ │ │ │ │ ├── util.js │ │ │ │ │ └── xss-app.js │ │ │ │ │ └── common │ │ │ │ │ ├── directives │ │ │ │ │ └── header │ │ │ │ │ │ └── header.tpl.html │ │ │ │ │ ├── partials │ │ │ │ │ ├── alertModal.tpl.html │ │ │ │ │ └── login.tpl.html │ │ │ │ │ └── services │ │ │ │ │ ├── message-service.js │ │ │ │ │ ├── security-service.js │ │ │ │ │ ├── underscore.js │ │ │ │ │ └── user-service.js │ │ │ └── index.html │ │ └── templates │ │ │ └── xss.html │ └── webapp │ │ └── WEB-INF │ │ └── jsp │ │ └── xss │ │ ├── fix.jsp │ │ └── jsp.jsp │ └── test │ └── java │ └── sample │ ├── JsonUtil.java │ └── SpringSecurityApplicationTests.java ├── settings.gradle └── ui ├── build.gradle └── src └── main ├── java └── sample │ └── UiApplication.java ├── resources ├── application.yml ├── static │ ├── assets │ │ ├── css │ │ │ └── custom.css │ │ ├── img │ │ │ ├── favicon.ico │ │ │ └── logo.png │ │ └── js │ │ │ ├── app │ │ │ ├── app.js │ │ │ ├── message │ │ │ │ ├── message-compose.tpl.html │ │ │ │ ├── message-list.tpl.html │ │ │ │ ├── message-view.tpl.html │ │ │ │ └── message.js │ │ │ ├── router.js │ │ │ ├── util.js │ │ │ └── xss-app.js │ │ │ └── common │ │ │ ├── directives │ │ │ └── header │ │ │ │ └── header.tpl.html │ │ │ ├── partials │ │ │ └── alertModal.tpl.html │ │ │ └── services │ │ │ ├── message-service.js │ │ │ ├── security-service.js │ │ │ ├── underscore.js │ │ │ └── user-service.js │ └── index.html └── templates │ ├── custom-login.html │ └── xss.html └── webapp └── WEB-INF └── jsp └── xss ├── fix.jsp └── jsp.jsp /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/.gitignore -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/.travis.yml -------------------------------------------------------------------------------- /README.adoc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/README.adoc -------------------------------------------------------------------------------- /gradle/wrapper/gradle-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/gradle/wrapper/gradle-wrapper.jar -------------------------------------------------------------------------------- /gradle/wrapper/gradle-wrapper.properties: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/gradle/wrapper/gradle-wrapper.properties -------------------------------------------------------------------------------- /gradlew: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/gradlew -------------------------------------------------------------------------------- /gradlew.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/gradlew.bat -------------------------------------------------------------------------------- /rest/build.gradle: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/rest/build.gradle -------------------------------------------------------------------------------- /rest/src/main/java/sample/RestApplication.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/rest/src/main/java/sample/RestApplication.java -------------------------------------------------------------------------------- /rest/src/main/java/sample/config/SecurityConfig.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/rest/src/main/java/sample/config/SecurityConfig.java -------------------------------------------------------------------------------- /rest/src/main/java/sample/data/Message.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/rest/src/main/java/sample/data/Message.java -------------------------------------------------------------------------------- /rest/src/main/java/sample/data/MessageRepository.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/rest/src/main/java/sample/data/MessageRepository.java -------------------------------------------------------------------------------- /rest/src/main/java/sample/data/User.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/rest/src/main/java/sample/data/User.java -------------------------------------------------------------------------------- /rest/src/main/java/sample/data/UserRepository.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/rest/src/main/java/sample/data/UserRepository.java -------------------------------------------------------------------------------- /rest/src/main/java/sample/mvc/AdminController.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/rest/src/main/java/sample/mvc/AdminController.java -------------------------------------------------------------------------------- /rest/src/main/java/sample/mvc/ExploitDemoController.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/rest/src/main/java/sample/mvc/ExploitDemoController.java -------------------------------------------------------------------------------- /rest/src/main/java/sample/mvc/MessageController.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/rest/src/main/java/sample/mvc/MessageController.java -------------------------------------------------------------------------------- /rest/src/main/java/sample/mvc/SecurityController.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/rest/src/main/java/sample/mvc/SecurityController.java -------------------------------------------------------------------------------- /rest/src/main/java/sample/mvc/UserController.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/rest/src/main/java/sample/mvc/UserController.java -------------------------------------------------------------------------------- /rest/src/main/java/sample/security/Authz.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/rest/src/main/java/sample/security/Authz.java -------------------------------------------------------------------------------- /rest/src/main/java/sample/security/CurrentUser.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/rest/src/main/java/sample/security/CurrentUser.java -------------------------------------------------------------------------------- /rest/src/main/java/sample/security/ReadableMessage.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/rest/src/main/java/sample/security/ReadableMessage.java -------------------------------------------------------------------------------- /rest/src/main/java/sample/security/UserRepositoryUserDetailsService.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/rest/src/main/java/sample/security/UserRepositoryUserDetailsService.java -------------------------------------------------------------------------------- /rest/src/main/resources/application.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/rest/src/main/resources/application.yml -------------------------------------------------------------------------------- /rest/src/main/resources/data.sql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/rest/src/main/resources/data.sql -------------------------------------------------------------------------------- /rest/src/main/resources/password-encode.sql: -------------------------------------------------------------------------------- 1 | update user set password = '$2a$10$FBAKClV1zBIOOC9XMXf3AO8RoGXYVYsfvUdoLxGkd/BnXEn4tqT3u'; -------------------------------------------------------------------------------- /rest/src/main/resources/static/assets/css/custom.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/rest/src/main/resources/static/assets/css/custom.css -------------------------------------------------------------------------------- /rest/src/main/resources/static/assets/img/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/rest/src/main/resources/static/assets/img/favicon.ico -------------------------------------------------------------------------------- /rest/src/main/resources/static/assets/img/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/rest/src/main/resources/static/assets/img/logo.png -------------------------------------------------------------------------------- /rest/src/main/resources/static/assets/js/app/app.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/rest/src/main/resources/static/assets/js/app/app.js -------------------------------------------------------------------------------- /rest/src/main/resources/static/assets/js/app/message/message-compose.tpl.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/rest/src/main/resources/static/assets/js/app/message/message-compose.tpl.html -------------------------------------------------------------------------------- /rest/src/main/resources/static/assets/js/app/message/message-list.tpl.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/rest/src/main/resources/static/assets/js/app/message/message-list.tpl.html -------------------------------------------------------------------------------- /rest/src/main/resources/static/assets/js/app/message/message-view.tpl.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/rest/src/main/resources/static/assets/js/app/message/message-view.tpl.html -------------------------------------------------------------------------------- /rest/src/main/resources/static/assets/js/app/message/message.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/rest/src/main/resources/static/assets/js/app/message/message.js -------------------------------------------------------------------------------- /rest/src/main/resources/static/assets/js/app/router.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/rest/src/main/resources/static/assets/js/app/router.js -------------------------------------------------------------------------------- /rest/src/main/resources/static/assets/js/app/util.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/rest/src/main/resources/static/assets/js/app/util.js -------------------------------------------------------------------------------- /rest/src/main/resources/static/assets/js/app/xss-app.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/rest/src/main/resources/static/assets/js/app/xss-app.js -------------------------------------------------------------------------------- /rest/src/main/resources/static/assets/js/common/directives/header/header.tpl.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/rest/src/main/resources/static/assets/js/common/directives/header/header.tpl.html -------------------------------------------------------------------------------- /rest/src/main/resources/static/assets/js/common/partials/alertModal.tpl.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/rest/src/main/resources/static/assets/js/common/partials/alertModal.tpl.html -------------------------------------------------------------------------------- /rest/src/main/resources/static/assets/js/common/partials/login.tpl.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/rest/src/main/resources/static/assets/js/common/partials/login.tpl.html -------------------------------------------------------------------------------- /rest/src/main/resources/static/assets/js/common/services/message-service.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/rest/src/main/resources/static/assets/js/common/services/message-service.js -------------------------------------------------------------------------------- /rest/src/main/resources/static/assets/js/common/services/security-service.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/rest/src/main/resources/static/assets/js/common/services/security-service.js -------------------------------------------------------------------------------- /rest/src/main/resources/static/assets/js/common/services/underscore.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/rest/src/main/resources/static/assets/js/common/services/underscore.js -------------------------------------------------------------------------------- /rest/src/main/resources/static/assets/js/common/services/user-service.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/rest/src/main/resources/static/assets/js/common/services/user-service.js -------------------------------------------------------------------------------- /rest/src/main/resources/static/index.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/rest/src/main/resources/static/index.html -------------------------------------------------------------------------------- /rest/src/main/resources/templates/xss.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/rest/src/main/resources/templates/xss.html -------------------------------------------------------------------------------- /rest/src/main/webapp/WEB-INF/jsp/xss/fix.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/rest/src/main/webapp/WEB-INF/jsp/xss/fix.jsp -------------------------------------------------------------------------------- /rest/src/main/webapp/WEB-INF/jsp/xss/jsp.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/rest/src/main/webapp/WEB-INF/jsp/xss/jsp.jsp -------------------------------------------------------------------------------- /rest/src/test/java/sample/JsonUtil.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/rest/src/test/java/sample/JsonUtil.java -------------------------------------------------------------------------------- /rest/src/test/java/sample/SpringSecurityApplicationTests.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/rest/src/test/java/sample/SpringSecurityApplicationTests.java -------------------------------------------------------------------------------- /settings.gradle: -------------------------------------------------------------------------------- 1 | include ':rest' -------------------------------------------------------------------------------- /ui/build.gradle: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/ui/build.gradle -------------------------------------------------------------------------------- /ui/src/main/java/sample/UiApplication.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/ui/src/main/java/sample/UiApplication.java -------------------------------------------------------------------------------- /ui/src/main/resources/application.yml: -------------------------------------------------------------------------------- 1 | server: 2 | port: 8080 -------------------------------------------------------------------------------- /ui/src/main/resources/static/assets/css/custom.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/ui/src/main/resources/static/assets/css/custom.css -------------------------------------------------------------------------------- /ui/src/main/resources/static/assets/img/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/ui/src/main/resources/static/assets/img/favicon.ico -------------------------------------------------------------------------------- /ui/src/main/resources/static/assets/img/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/ui/src/main/resources/static/assets/img/logo.png -------------------------------------------------------------------------------- /ui/src/main/resources/static/assets/js/app/app.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/ui/src/main/resources/static/assets/js/app/app.js -------------------------------------------------------------------------------- /ui/src/main/resources/static/assets/js/app/message/message-compose.tpl.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/ui/src/main/resources/static/assets/js/app/message/message-compose.tpl.html -------------------------------------------------------------------------------- /ui/src/main/resources/static/assets/js/app/message/message-list.tpl.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/ui/src/main/resources/static/assets/js/app/message/message-list.tpl.html -------------------------------------------------------------------------------- /ui/src/main/resources/static/assets/js/app/message/message-view.tpl.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/ui/src/main/resources/static/assets/js/app/message/message-view.tpl.html -------------------------------------------------------------------------------- /ui/src/main/resources/static/assets/js/app/message/message.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/ui/src/main/resources/static/assets/js/app/message/message.js -------------------------------------------------------------------------------- /ui/src/main/resources/static/assets/js/app/router.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/ui/src/main/resources/static/assets/js/app/router.js -------------------------------------------------------------------------------- /ui/src/main/resources/static/assets/js/app/util.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/ui/src/main/resources/static/assets/js/app/util.js -------------------------------------------------------------------------------- /ui/src/main/resources/static/assets/js/app/xss-app.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/ui/src/main/resources/static/assets/js/app/xss-app.js -------------------------------------------------------------------------------- /ui/src/main/resources/static/assets/js/common/directives/header/header.tpl.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/ui/src/main/resources/static/assets/js/common/directives/header/header.tpl.html -------------------------------------------------------------------------------- /ui/src/main/resources/static/assets/js/common/partials/alertModal.tpl.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/ui/src/main/resources/static/assets/js/common/partials/alertModal.tpl.html -------------------------------------------------------------------------------- /ui/src/main/resources/static/assets/js/common/services/message-service.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/ui/src/main/resources/static/assets/js/common/services/message-service.js -------------------------------------------------------------------------------- /ui/src/main/resources/static/assets/js/common/services/security-service.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/ui/src/main/resources/static/assets/js/common/services/security-service.js -------------------------------------------------------------------------------- /ui/src/main/resources/static/assets/js/common/services/underscore.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/ui/src/main/resources/static/assets/js/common/services/underscore.js -------------------------------------------------------------------------------- /ui/src/main/resources/static/assets/js/common/services/user-service.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/ui/src/main/resources/static/assets/js/common/services/user-service.js -------------------------------------------------------------------------------- /ui/src/main/resources/static/index.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/ui/src/main/resources/static/index.html -------------------------------------------------------------------------------- /ui/src/main/resources/templates/custom-login.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/ui/src/main/resources/templates/custom-login.html -------------------------------------------------------------------------------- /ui/src/main/resources/templates/xss.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/ui/src/main/resources/templates/xss.html -------------------------------------------------------------------------------- /ui/src/main/webapp/WEB-INF/jsp/xss/fix.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/ui/src/main/webapp/WEB-INF/jsp/xss/fix.jsp -------------------------------------------------------------------------------- /ui/src/main/webapp/WEB-INF/jsp/xss/jsp.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rwinch/spring-security-4.1-and-beyond/HEAD/ui/src/main/webapp/WEB-INF/jsp/xss/jsp.jsp --------------------------------------------------------------------------------