├── .gitignore
├── README.md
├── cas-server-with-ldap
    ├── pom.xml
    └── src
    │   ├── etc
    │       └── keys
    │       │   ├── jbcp_clientauth.cer
    │       │   ├── jbcp_clientauth.p12
    │       │   ├── tomcat.keystore
    │       │   └── tomcat.truststore
    │   └── main
    │       ├── resources
    │           ├── ldif
    │           │   └── calendar.ldif
    │           └── tomcat
    │           │   └── server.xml
    │       └── webapp
    │           └── WEB-INF
    │               └── deployerConfigContext.xml
├── spring-security-cas
    ├── pom.xml
    └── src
    │   ├── etc
    │       └── keys
    │       │   ├── jbcp_clientauth.cer
    │       │   ├── jbcp_clientauth.p12
    │       │   ├── tomcat.keystore
    │       │   └── tomcat.truststore
    │   └── main
    │       ├── java
    │           └── com
    │           │   └── example
    │           │       └── springsecurity
    │           │           ├── dataaccess
    │           │               ├── CalendarUserDao.java
    │           │               ├── EventDao.java
    │           │               ├── JdbcCalendarUserDao.java
    │           │               └── JdbcEventDao.java
    │           │           ├── domain
    │           │               ├── CalendarUser.java
    │           │               └── Event.java
    │           │           ├── service
    │           │               ├── CalendarService.java
    │           │               ├── DefaultCalendarService.java
    │           │               ├── UserContext.java
    │           │               └── UserContextStub.java
    │           │           └── web
    │           │               ├── config
    │           │                   └── WebMvcConfig.java
    │           │               ├── controllers
    │           │                   ├── DefaultController.java
    │           │                   ├── EchoController.java
    │           │                   ├── EventsController.java
    │           │                   └── WelcomeController.java
    │           │               └── model
    │           │                   └── CreateEventForm.java
    │       ├── resources
    │           ├── database
    │           │   └── h2
    │           │   │   ├── calendar-data.sql
    │           │   │   └── calendar-schema.sql
    │           ├── log4j.xml
    │           └── tomcat
    │           │   └── server.xml
    │       └── webapp
    │           ├── WEB-INF
    │               ├── i18n
    │               │   └── binding.properties
    │               ├── mvc-config.xml
    │               ├── spring
    │               │   ├── i18n.xml
    │               │   ├── security-cas.xml
    │               │   ├── security.xml
    │               │   └── services.xml
    │               ├── views
    │               │   ├── errors
    │               │   │   └── 403.jsp
    │               │   ├── events
    │               │   │   ├── create.jsp
    │               │   │   ├── list.jsp
    │               │   │   ├── my.jsp
    │               │   │   └── show.jsp
    │               │   ├── includes
    │               │   │   ├── footer.jsp
    │               │   │   └── header.jsp
    │               │   ├── index.jsp
    │               │   └── login.jsp
    │               └── web.xml
    │           └── resources
    │               └── css
    │                   ├── bootstrap.css
    │                   └── bootstrap.min.css
├── spring-security-db
    ├── README.md
    ├── pom.xml
    └── src
    │   ├── main
    │       ├── java
    │       │   └── com
    │       │   │   └── example
    │       │   │       └── springsecurity
    │       │   │           ├── core
    │       │   │               └── authority
    │       │   │               │   └── CalendarUserAuthorityUtils.java
    │       │   │           ├── dataaccess
    │       │   │               ├── CalendarUserDao.java
    │       │   │               ├── EventDao.java
    │       │   │               ├── JdbcCalendarUserDao.java
    │       │   │               └── JdbcEventDao.java
    │       │   │           ├── domain
    │       │   │               ├── CalendarUser.java
    │       │   │               └── Event.java
    │       │   │           ├── service
    │       │   │               ├── CalendarService.java
    │       │   │               ├── DefaultCalendarService.java
    │       │   │               ├── SpringSecurityUserContext.java
    │       │   │               ├── UserContext.java
    │       │   │               └── UserContextStub.java
    │       │   │           └── web
    │       │   │               ├── authentication
    │       │   │                   └── rememberme
    │       │   │                   │   ├── IpAwarePersistentTokenRepository.java
    │       │   │                   │   └── JdbcTokenRepositoryImplCleaner.java
    │       │   │               ├── config
    │       │   │                   └── WebMvcConfig.java
    │       │   │               ├── controllers
    │       │   │                   ├── DefaultController.java
    │       │   │                   ├── EventsController.java
    │       │   │                   ├── SignupController.java
    │       │   │                   └── WelcomeController.java
    │       │   │               └── model
    │       │   │                   ├── CreateEventForm.java
    │       │   │                   └── SignupForm.java
    │       ├── resources
    │       │   ├── database
    │       │   │   └── h2
    │       │   │   │   ├── calendar-data.sql
    │       │   │   │   ├── calendar-schema.sql
    │       │   │   │   └── security-rememberme-schema.sql
    │       │   └── log4j.xml
    │       └── webapp
    │       │   ├── WEB-INF
    │       │       ├── i18n
    │       │       │   └── binding.properties
    │       │       ├── mvc-config.xml
    │       │       ├── spring
    │       │       │   ├── cleaner.xml
    │       │       │   ├── i18n.xml
    │       │       │   ├── ipTokenRepository.xml
    │       │       │   ├── security.xml
    │       │       │   └── services.xml
    │       │       ├── views
    │       │       │   ├── errors
    │       │       │   │   └── 403.jsp
    │       │       │   ├── events
    │       │       │   │   ├── create.jsp
    │       │       │   │   ├── list.jsp
    │       │       │   │   ├── my.jsp
    │       │       │   │   └── show.jsp
    │       │       │   ├── includes
    │       │       │   │   ├── footer.jsp
    │       │       │   │   └── header.jsp
    │       │       │   ├── index.jsp
    │       │       │   ├── login.jsp
    │       │       │   └── signup
    │       │       │   │   └── form.jsp
    │       │       └── web.xml
    │       │   └── resources
    │       │       ├── css
    │       │           ├── bootstrap.css
    │       │           ├── bootstrap.min.css
    │       │           └── main.css
    │       │       └── img
    │       │           ├── springsource.png
    │       │           └── ssbooklogo.png
    │   └── test
    │       ├── java
    │           └── com
    │           │   └── example
    │           │       └── springsecurity
    │           │           └── web
    │           │               └── controllers
    │           │                   ├── Video1SpringInmemoryUserdetailServiceControllerTest.java
    │           │                   ├── Video2CustomUserDetailsServiceControllerTest.java
    │           │                   ├── Video3JdbcUserServiceControllerTest.java
    │           │                   └── util
    │           │                       ├── GenericWebContextLoader.java
    │           │                       ├── SecurityControllerTest.java
    │           │                       ├── SecurityRequestPostProcessors.java
    │           │                       └── WebContextLoader.java
    │       └── resources
    │           └── META-INF
    │               └── spring
    │                   ├── video1-spring-inmemory-userdetailservice-config
    │                       ├── mvc-config.xml
    │                       ├── security.xml
    │                       └── services.xml
    │                   ├── video2-custom-userdetailservice-config
    │                       ├── cleaner.xml
    │                       ├── ipTokenRepository.xml
    │                       ├── mvc-config.xml
    │                       ├── security.xml
    │                       └── services.xml
    │                   └── video3-jdbc-user-service-config
    │                       ├── database
    │                           └── h2
    │                           │   ├── calendar-authorities.sql
    │                           │   ├── calendar-data.sql
    │                           │   ├── calendar-saltedsha256.sql
    │                           │   ├── calendar-schema.sql
    │                           │   ├── calendar-sha256.sql
    │                           │   ├── security-groups-mappings.sql
    │                           │   ├── security-groups-schema.sql
    │                           │   ├── security-schema.sql
    │                           │   ├── security-user-authorities.sql
    │                           │   └── security-users.sql
    │                       ├── mvc-config.xml
    │                       ├── security.xml
    │                       └── services.xml
├── spring-security-ldap
    ├── README.md
    ├── pom.xml
    └── src
    │   ├── main
    │       ├── java
    │       │   └── com
    │       │   │   └── example
    │       │   │       └── springsecurity
    │       │   │           ├── dataaccess
    │       │   │               ├── CalendarUserDao.java
    │       │   │               ├── EventDao.java
    │       │   │               ├── JdbcCalendarUserDao.java
    │       │   │               └── JdbcEventDao.java
    │       │   │           ├── domain
    │       │   │               ├── CalendarUser.java
    │       │   │               └── Event.java
    │       │   │           ├── ldap
    │       │   │               └── userdetails
    │       │   │               │   └── ad
    │       │   │               │       └── ActiveDirectoryLdapAuthoritiesPopulator.java
    │       │   │           ├── service
    │       │   │               ├── CalendarService.java
    │       │   │               ├── DefaultCalendarService.java
    │       │   │               ├── UserContext.java
    │       │   │               └── UserContextStub.java
    │       │   │           └── web
    │       │   │               ├── config
    │       │   │                   └── WebMvcConfig.java
    │       │   │               ├── controllers
    │       │   │                   ├── AccountController.java
    │       │   │                   ├── DefaultController.java
    │       │   │                   ├── EventsController.java
    │       │   │                   └── WelcomeController.java
    │       │   │               └── model
    │       │   │                   └── CreateEventForm.java
    │       ├── resources
    │       │   ├── database
    │       │   │   └── h2
    │       │   │   │   ├── calendar-data.sql
    │       │   │   │   ├── calendar-schema.sql
    │       │   │   │   └── security-rememberme-schema.sql
    │       │   ├── ldif
    │       │   │   └── calendar.ldif
    │       │   └── log4j.xml
    │       └── webapp
    │       │   ├── WEB-INF
    │       │       ├── i18n
    │       │       │   └── binding.properties
    │       │       ├── mvc-config.xml
    │       │       ├── spring
    │       │       │   ├── cleaner.xml
    │       │       │   ├── i18n.xml
    │       │       │   ├── ipTokenRepository.xml
    │       │       │   ├── security.xml
    │       │       │   └── services.xml
    │       │       ├── views
    │       │       │   ├── errors
    │       │       │   │   └── 403.jsp
    │       │       │   ├── events
    │       │       │   │   ├── create.jsp
    │       │       │   │   ├── list.jsp
    │       │       │   │   ├── my.jsp
    │       │       │   │   └── show.jsp
    │       │       │   ├── includes
    │       │       │   │   ├── footer.jsp
    │       │       │   │   └── header.jsp
    │       │       │   ├── index.jsp
    │       │       │   ├── login.jsp
    │       │       │   └── signup
    │       │       │   │   └── form.jsp
    │       │       └── web.xml
    │       │   └── resources
    │       │       ├── css
    │       │           ├── bootstrap.css
    │       │           ├── bootstrap.min.css
    │       │           └── main.css
    │       │       └── img
    │       │           ├── springsource.png
    │       │           └── ssbooklogo.png
    │   └── test
    │       ├── java
    │           └── com
    │           │   └── example
    │           │       └── springsecurity
    │           │           └── web
    │           │               └── controllers
    │           │                   ├── Video4LdapProviderControllerTest.java
    │           │                   └── util
    │           │                       ├── GenericWebContextLoader.java
    │           │                       ├── LdapSecurityControllerTest.java
    │           │                       ├── LdapSecurityRequestPostProcessors.java
    │           │                       └── WebContextLoader.java
    │       └── resources
    │           └── META-INF
    │               └── spring
    │                   └── video4-ldap-provider-config
    │                       ├── database
    │                           └── h2
    │                           │   ├── calendar-data.sql
    │                           │   └── calendar-schema.sql
    │                       ├── mvc-config.xml
    │                       ├── security-ldap-explicitly.xml
    │                       ├── security.xml
    │                       └── services.xml
└── spring-security-methodlevel-security
    ├── README.md
    ├── pom.xml
    └── src
        ├── main
            ├── java
            │   └── com
            │   │   └── example
            │   │       └── springsecurity
            │   │           ├── authentication
            │   │               └── CalendarUserAuthenticationProvider.java
            │   │           ├── core
            │   │               ├── authority
            │   │               │   └── CalendarUserAuthorityUtils.java
            │   │               └── userdetails
            │   │               │   └── CalendarUserDetailsService.java
            │   │           ├── dataaccess
            │   │               ├── CalendarUserDao.java
            │   │               ├── EventDao.java
            │   │               ├── JdbcCalendarUserDao.java
            │   │               └── JdbcEventDao.java
            │   │           ├── domain
            │   │               ├── CalendarUser.java
            │   │               └── Event.java
            │   │           ├── service
            │   │               ├── CalendarService.java
            │   │               ├── DefaultCalendarService.java
            │   │               ├── SpringSecurityUserContext.java
            │   │               ├── UserContext.java
            │   │               └── UserContextStub.java
            │   │           └── web
            │   │               ├── config
            │   │                   └── WebMvcConfig.java
            │   │               ├── controllers
            │   │                   ├── DefaultController.java
            │   │                   ├── EventsController.java
            │   │                   ├── SignupController.java
            │   │                   └── WelcomeController.java
            │   │               └── model
            │   │                   ├── CreateEventForm.java
            │   │                   └── SignupForm.java
            ├── resources
            │   ├── database
            │   │   └── h2
            │   │   │   ├── calendar-data.sql
            │   │   │   └── calendar-schema.sql
            │   ├── log4j.xml
            │   └── tomcat
            │   │   └── server.xml
            └── webapp
            │   ├── WEB-INF
            │       ├── i18n
            │       │   └── binding.properties
            │       ├── mvc-config.xml
            │       ├── spring
            │       │   ├── i18n.xml
            │       │   ├── security.xml
            │       │   └── services.xml
            │       ├── views
            │       │   ├── errors
            │       │   │   └── 403.jsp
            │       │   ├── events
            │       │   │   ├── create.jsp
            │       │   │   ├── list.jsp
            │       │   │   ├── my.jsp
            │       │   │   └── show.jsp
            │       │   ├── includes
            │       │   │   ├── footer.jsp
            │       │   │   └── header.jsp
            │       │   ├── index.jsp
            │       │   ├── login.jsp
            │       │   └── signup
            │       │   │   └── form.jsp
            │       └── web.xml
            │   └── resources
            │       └── css
            │           ├── bootstrap.css
            │           └── bootstrap.min.css
        └── test
            ├── java
                └── com
                │   └── example
                │       └── springsecurity
                │           └── web
                │               └── controllers
                │                   ├── GenericWebContextLoader.java
                │                   ├── SecurityControllerTest.java
                │                   └── WebContextLoader.java
            └── resources
                ├── META-INF
                    └── spring
                    │   ├── mvc-config.xml
                    │   ├── security.xml
                    │   └── services.xml
                └── log4j.xml


/.gitignore:
--------------------------------------------------------------------------------
 1 | spring-security-db/.settings
 2 | spring-security-db/.classpath
 3 | spring-security-db/.project
 4 | spring-security-db/target
 5 | spring-security-ldap/.settings
 6 | spring-security-ldap/.classpath
 7 | spring-security-ldap/.project
 8 | spring-security-ldap/target
 9 | spring-security-cas/.settings
10 | spring-security-cas/.classpath
11 | spring-security-cas/.project
12 | spring-security-cas/target
13 | cas-server-with-ldap/.settings
14 | cas-server-with-ldap/.classpath
15 | cas-server-with-ldap/.project
16 | cas-server-with-ldap/target
17 | spring-security-methodlevel-security/.settings
18 | spring-security-methodlevel-security/.classpath
19 | spring-security-methodlevel-security/.project
20 | spring-security-methodlevel-security/target


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | Spring Security
 2 | ===============
 3 | 
 4 | [Spring Test MVC](https://github.com/SpringSource/spring-test-mvc) is a good framework for testing Spring MVC application.
 5 | 
 6 | In this sample, we demonstrated a simple Calendar application, where a regular user can create a Event and can see others event but cannot modify them. Admin user can modify other user's event as well.
 7 | 
 8 | We will demonstrate the Spring Security capability for Inmemory authorization provider, JDBC authorization provider, LDAP authorization provider, CAS Single sign on authorization provider.
 9 | 
10 | Refer to this [blog](http://krishnasblog.com/2013/02/10/spring-test-mvc-junit-testing-spring-security-layer-with-inmemorydaoimpl-2/) for more details.
11 | 


--------------------------------------------------------------------------------
/cas-server-with-ldap/src/etc/keys/jbcp_clientauth.cer:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/skprasadu/spring-security-examples/dadd0da3a5c41dc600a72b800a0cf4fffc1fc18f/cas-server-with-ldap/src/etc/keys/jbcp_clientauth.cer


--------------------------------------------------------------------------------
/cas-server-with-ldap/src/etc/keys/jbcp_clientauth.p12:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/skprasadu/spring-security-examples/dadd0da3a5c41dc600a72b800a0cf4fffc1fc18f/cas-server-with-ldap/src/etc/keys/jbcp_clientauth.p12


--------------------------------------------------------------------------------
/cas-server-with-ldap/src/etc/keys/tomcat.keystore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/skprasadu/spring-security-examples/dadd0da3a5c41dc600a72b800a0cf4fffc1fc18f/cas-server-with-ldap/src/etc/keys/tomcat.keystore


--------------------------------------------------------------------------------
/cas-server-with-ldap/src/etc/keys/tomcat.truststore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/skprasadu/spring-security-examples/dadd0da3a5c41dc600a72b800a0cf4fffc1fc18f/cas-server-with-ldap/src/etc/keys/tomcat.truststore


--------------------------------------------------------------------------------
/spring-security-cas/src/etc/keys/jbcp_clientauth.cer:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/skprasadu/spring-security-examples/dadd0da3a5c41dc600a72b800a0cf4fffc1fc18f/spring-security-cas/src/etc/keys/jbcp_clientauth.cer


--------------------------------------------------------------------------------
/spring-security-cas/src/etc/keys/jbcp_clientauth.p12:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/skprasadu/spring-security-examples/dadd0da3a5c41dc600a72b800a0cf4fffc1fc18f/spring-security-cas/src/etc/keys/jbcp_clientauth.p12


--------------------------------------------------------------------------------
/spring-security-cas/src/etc/keys/tomcat.keystore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/skprasadu/spring-security-examples/dadd0da3a5c41dc600a72b800a0cf4fffc1fc18f/spring-security-cas/src/etc/keys/tomcat.keystore


--------------------------------------------------------------------------------
/spring-security-cas/src/etc/keys/tomcat.truststore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/skprasadu/spring-security-examples/dadd0da3a5c41dc600a72b800a0cf4fffc1fc18f/spring-security-cas/src/etc/keys/tomcat.truststore


--------------------------------------------------------------------------------
/spring-security-cas/src/main/java/com/example/springsecurity/dataaccess/CalendarUserDao.java:
--------------------------------------------------------------------------------
 1 | package com.example.springsecurity.dataaccess;
 2 | 
 3 | import java.util.List;
 4 | 
 5 | import org.springframework.dao.EmptyResultDataAccessException;
 6 | 
 7 | import com.example.springsecurity.domain.CalendarUser;
 8 | 
 9 | /**
10 |  * An interface for managing {@link CalendarUser} instances.
11 |  *
12 |  * 
13 |  *
14 |  */
15 | public interface CalendarUserDao {
16 | 
17 |     /**
18 |      * Gets a {@link CalendarUser} for a specific {@link CalendarUser#getId()}.
19 |      *
20 |      * @param id
21 |      *            the {@link CalendarUser#getId()} of the {@link CalendarUser} to find.
22 |      * @return a {@link CalendarUser} for the given id. Cannot be null.
23 |      * @throws EmptyResultDataAccessException
24 |      *             if the {@link CalendarUser} cannot be found
25 |      */
26 |     CalendarUser getUser(int id);
27 | 
28 |     /**
29 |      * Finds a given {@link CalendarUser} by email address.
30 |      *
31 |      * @param email
32 |      *            the email address to use to find a {@link CalendarUser}. Cannot be null.
33 |      * @return a {@link CalendarUser} for the given email or null if one could not be found.
34 |      * @throws IllegalArgumentException
35 |      *             if email is null.
36 |      */
37 |     CalendarUser findUserByEmail(String email);
38 | 
39 | 
40 |     /**
41 |      * Finds any {@link CalendarUser} that has an email that starts with {@code partialEmail}.
42 |      *
43 |      * @param partialEmail
44 |      *            the email address to use to find {@link CalendarUser}s. Cannot be null or empty String.
45 |      * @return a List of {@link CalendarUser}s that have an email that starts with given partialEmail. The returned value
46 |      *         will never be null. If no results are found an empty List will be returned.
47 |      * @throws IllegalArgumentException
48 |      *             if email is null or empty String.
49 |      */
50 |     List<CalendarUser> findUsersByEmail(String partialEmail);
51 | 
52 |     /**
53 |      * Creates a new {@link CalendarUser}.
54 |      *
55 |      * @param user
56 |      *            the new {@link CalendarUser} to create. The {@link CalendarUser#getId()} must be null.
57 |      * @return the new {@link CalendarUser#getId()}.
58 |      * @throws IllegalArgumentException
59 |      *             if {@link CalendarUser#getId()} is non-null.
60 |      */
61 |     int createUser(CalendarUser user);
62 | }
63 | 


--------------------------------------------------------------------------------
/spring-security-cas/src/main/java/com/example/springsecurity/dataaccess/EventDao.java:
--------------------------------------------------------------------------------
 1 | package com.example.springsecurity.dataaccess;
 2 | 
 3 | import java.util.List;
 4 | 
 5 | import com.example.springsecurity.domain.Event;
 6 | import com.example.springsecurity.domain.CalendarUser;
 7 | 
 8 | /**
 9 |  * An interface for managing {@link Event}'s.
10 |  *
11 |  * 
12 |  *
13 |  */
14 | public interface EventDao {
15 | 
16 |     /**
17 |      * Given an id gets an {@link Event}.
18 |      *
19 |      * @param eventId
20 |      *            the {@link Event#getId()}
21 |      * @return the {@link Event}. Cannot be null.
22 |      * @throws RuntimeException
23 |      *             if the {@link Event} cannot be found.
24 |      */
25 |     Event getEvent(int eventId);
26 | 
27 |     /**
28 |      * Creates a {@link Event} and returns the new id for that {@link Event}.
29 |      *
30 |      * @param message
31 |      *            the {@link Event} to create. Note that the {@link Event#getId()} should be null.
32 |      * @return the new id for the {@link Event}
33 |      * @throws RuntimeException
34 |      *             if {@link Event#getId()} is non-null.
35 |      */
36 |     int createEvent(Event event);
37 | 
38 |     /**
39 |      * Finds the {@link Event}'s that are intended for the {@link CalendarUser}.
40 |      *
41 |      * @param userId
42 |      *            the {@link CalendarUser#getId()} to obtain {@link Event}'s for.
43 |      * @return a non-null {@link List} of {@link Event}'s intended for the specified {@link CalendarUser}. If the
44 |      *         {@link CalendarUser} does not exist an empty List will be returned.
45 |      */
46 |     List<Event> findForUser(int userId);
47 | 
48 |     /**
49 |      * Gets all the available {@link Event}'s.
50 |      *
51 |      * @return a non-null {@link List} of {@link Event}'s
52 |      */
53 |     List<Event> getEvents();
54 | }
55 | 


--------------------------------------------------------------------------------
/spring-security-cas/src/main/java/com/example/springsecurity/service/DefaultCalendarService.java:
--------------------------------------------------------------------------------
 1 | package com.example.springsecurity.service;
 2 | 
 3 | import java.util.List;
 4 | 
 5 | import org.springframework.beans.factory.annotation.Autowired;
 6 | import org.springframework.stereotype.Repository;
 7 | 
 8 | import com.example.springsecurity.dataaccess.EventDao;
 9 | import com.example.springsecurity.dataaccess.CalendarUserDao;
10 | import com.example.springsecurity.domain.Event;
11 | import com.example.springsecurity.domain.CalendarUser;
12 | 
13 | /**
14 |  * A default implementation of {@link CalendarService} that delegates to {@link EventDao} and {@link CalendarUserDao}.
15 |  *
16 |  * 
17 |  *
18 |  */
19 | @Repository
20 | public class DefaultCalendarService implements CalendarService {
21 |     private final EventDao eventDao;
22 |     private final CalendarUserDao userDao;
23 | 
24 |     @Autowired
25 |     public DefaultCalendarService(EventDao eventDao, CalendarUserDao userDao) {
26 |         if (eventDao == null) {
27 |             throw new IllegalArgumentException("eventDao cannot be null");
28 |         }
29 |         if (userDao == null) {
30 |             throw new IllegalArgumentException("userDao cannot be null");
31 |         }
32 |         this.eventDao = eventDao;
33 |         this.userDao = userDao;
34 |     }
35 | 
36 |     public Event getEvent(int eventId) {
37 |         return eventDao.getEvent(eventId);
38 |     }
39 | 
40 |     public int createEvent(Event event) {
41 |         return eventDao.createEvent(event);
42 |     }
43 | 
44 |     public List<Event> findForUser(int userId) {
45 |         return eventDao.findForUser(userId);
46 |     }
47 | 
48 |     public List<Event> getEvents() {
49 |         return eventDao.getEvents();
50 |     }
51 | 
52 |     public CalendarUser getUser(int id) {
53 |         return userDao.getUser(id);
54 |     }
55 | 
56 |     public CalendarUser findUserByEmail(String email) {
57 |         return userDao.findUserByEmail(email);
58 |     }
59 | 
60 |     public List<CalendarUser> findUsersByEmail(String partialEmail) {
61 |         return userDao.findUsersByEmail(partialEmail);
62 |     }
63 | 
64 |     public int createUser(CalendarUser user) {
65 |         return userDao.createUser(user);
66 |     }
67 | }


--------------------------------------------------------------------------------
/spring-security-cas/src/main/java/com/example/springsecurity/service/UserContext.java:
--------------------------------------------------------------------------------
 1 | package com.example.springsecurity.service;
 2 | 
 3 | import com.example.springsecurity.domain.CalendarUser;
 4 | 
 5 | /**
 6 |  * Manages the current {@link CalendarUser}. This demonstrates how in larger applications it is good to abstract out
 7 |  * accessing the current user to return the application specific user rather than interacting with Spring Security
 8 |  * classes directly.
 9 |  *
10 |  * 
11 |  *
12 |  */
13 | public interface UserContext {
14 | 
15 |     /**
16 |      * Gets the currently logged in {@link CalendarUser} or null if there is no authenticated user.
17 |      *
18 |      * @return
19 |      */
20 |     CalendarUser getCurrentUser();
21 | 
22 |     /**
23 |      * Sets the currently logged in {@link CalendarUser}.
24 |      * @param user the logged in {@link CalendarUser}. Cannot be null.
25 |      * @throws IllegalArgumentException if the {@link CalendarUser} is null.
26 |      */
27 |     void setCurrentUser(CalendarUser user);
28 | }
29 | 


--------------------------------------------------------------------------------
/spring-security-cas/src/main/java/com/example/springsecurity/service/UserContextStub.java:
--------------------------------------------------------------------------------
 1 | package com.example.springsecurity.service;
 2 | 
 3 | import org.springframework.beans.factory.annotation.Autowired;
 4 | import org.springframework.stereotype.Component;
 5 | 
 6 | import com.example.springsecurity.dataaccess.CalendarUserDao;
 7 | import com.example.springsecurity.domain.CalendarUser;
 8 | 
 9 | /**
10 |  * Returns the same user for every call to {@link #getCurrentUser()}. This is used prior to adding security, so that the
11 |  * rest of the application can be used.
12 |  *
13 |  * 
14 |  */
15 | @Component
16 | public class UserContextStub implements UserContext {
17 |     private final CalendarUserDao userService;
18 |     /**
19 |      * The {@link CalendarUser#getId()} for the user that is representing the currently logged in user. This can be
20 |      * modified using {@link #setCurrentUser(CalendarUser)}
21 |      */
22 |     private int currentUserId = 0;
23 | 
24 |     @Autowired
25 |     public UserContextStub(CalendarUserDao userService) {
26 |         if (userService == null) {
27 |             throw new IllegalArgumentException("userService cannot be null");
28 |         }
29 |         this.userService = userService;
30 |     }
31 | 
32 |     @Override
33 |     public CalendarUser getCurrentUser() {
34 |         return userService.getUser(currentUserId);
35 |     }
36 | 
37 |     @Override
38 |     public void setCurrentUser(CalendarUser user) {
39 |         if (user == null) {
40 |             throw new IllegalArgumentException("user cannot be null");
41 |         }
42 |         Integer currentId = user.getId();
43 |         if(currentId == null) {
44 |             throw new IllegalArgumentException("user.getId() cannot be null");
45 |         }
46 |         this.currentUserId = currentId;
47 |     }
48 | }


--------------------------------------------------------------------------------
/spring-security-cas/src/main/java/com/example/springsecurity/web/controllers/EchoController.java:
--------------------------------------------------------------------------------
 1 | package com.example.springsecurity.web.controllers;
 2 | 
 3 | import java.io.UnsupportedEncodingException;
 4 | 
 5 | import org.springframework.beans.factory.annotation.Value;
 6 | import org.springframework.security.cas.authentication.CasAuthenticationToken;
 7 | import org.springframework.security.core.context.SecurityContextHolder;
 8 | import org.springframework.stereotype.Controller;
 9 | import org.springframework.web.bind.annotation.RequestMapping;
10 | import org.springframework.web.bind.annotation.ResponseBody;
11 | import org.springframework.web.client.RestOperations;
12 | import org.springframework.web.client.RestTemplate;
13 | 
14 | /**
15 |  * Demonstrates how to use a Proxy Ticket to call a service. This client will call the Calendar applications My Events
16 |  * page and echo the JSON response back.
17 |  *
18 |  * <p>
19 |  * Note that this controller will not work until the entire Proxy Ticket authentication section has been completed.
20 |  * </p>
21 |  *
22 |  * 
23 |  *
24 |  */
25 | @Controller
26 | public class EchoController {
27 | 
28 |     private RestOperations restClient = new RestTemplate();
29 |     private String targetUrl;
30 | 
31 |     @ResponseBody
32 |     @RequestMapping("/echo")
33 |     public String echo() throws UnsupportedEncodingException {
34 |         final CasAuthenticationToken token = (CasAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
35 |         // The proxyTicket could be cached in session and reused if we wanted to
36 |         final String proxyTicket = token.getAssertion().getPrincipal().getProxyTicketFor(targetUrl);
37 | 
38 |         // Make a remote call using the proxy ticket
39 |         return restClient.getForObject(targetUrl+"?ticket={pt}", String.class, proxyTicket);
40 |     }
41 | 
42 |     @Value("#{environment['cas.service.host']}")
43 |     public void setTargetHost(String targetHost) {
44 |         this.targetUrl = "https://"+targetHost+"/calendar/events/my";
45 |     }
46 | }
47 | 


--------------------------------------------------------------------------------
/spring-security-cas/src/main/java/com/example/springsecurity/web/controllers/WelcomeController.java:
--------------------------------------------------------------------------------
 1 | package com.example.springsecurity.web.controllers;
 2 | 
 3 | import org.springframework.stereotype.Controller;
 4 | import org.springframework.web.bind.annotation.RequestMapping;
 5 | 
 6 | /**
 7 |  * This displays the welcome screen that shows what will be happening in this chapter.
 8 |  *
 9 |  * 
10 |  *
11 |  */
12 | @Controller
13 | public class WelcomeController {
14 | 
15 |     @RequestMapping("/")
16 |     public String welcome() {
17 |         return "index";
18 |     }
19 | }


--------------------------------------------------------------------------------
/spring-security-cas/src/main/java/com/example/springsecurity/web/model/CreateEventForm.java:
--------------------------------------------------------------------------------
 1 | package com.example.springsecurity.web.model;
 2 | 
 3 | import java.util.Calendar;
 4 | 
 5 | import javax.validation.constraints.NotNull;
 6 | 
 7 | import org.hibernate.validator.constraints.Email;
 8 | import org.hibernate.validator.constraints.NotEmpty;
 9 | import org.springframework.format.annotation.DateTimeFormat;
10 | 
11 | import com.example.springsecurity.domain.Event;
12 | 
13 | /**
14 |  * A form object that is used for creating a new {@link Event}. Using a different object is one way of preventing
15 |  * malicious users from filling out field that they should not (i.e. fill out a different owner field).
16 |  *
17 |  * 
18 |  *
19 |  */
20 | public class CreateEventForm {
21 |     @NotEmpty(message = "Attendee Email is required")
22 |     @Email(message = "Attendee Email must be a valid email")
23 |     private String attendeeEmail;
24 |     @NotEmpty(message = "Summary is required")
25 |     private String summary;
26 |     @NotEmpty(message = "Description is required")
27 |     private String description;
28 |     @DateTimeFormat(pattern = "yyyy-MM-dd HH:mm")
29 |     @NotNull(message = "Event Date/Time is required")
30 |     private Calendar when;
31 | 
32 |     public String getAttendeeEmail() {
33 |         return attendeeEmail;
34 |     }
35 | 
36 |     public void setAttendeeEmail(String attendeeEmail) {
37 |         this.attendeeEmail = attendeeEmail;
38 |     }
39 | 
40 |     public String getSummary() {
41 |         return summary;
42 |     }
43 | 
44 |     public void setSummary(String summary) {
45 |         this.summary = summary;
46 |     }
47 | 
48 |     public String getDescription() {
49 |         return description;
50 |     }
51 | 
52 |     public void setDescription(String description) {
53 |         this.description = description;
54 |     }
55 | 
56 |     public Calendar getWhen() {
57 |         return when;
58 |     }
59 | 
60 |     public void setWhen(Calendar when) {
61 |         this.when = when;
62 |     }
63 | }


--------------------------------------------------------------------------------
/spring-security-cas/src/main/resources/database/h2/calendar-data.sql:
--------------------------------------------------------------------------------
1 | insert into calendar_users(id,email,password,first_name,last_name) values (0,'user1@example.com','user1','User','1');
2 | insert into calendar_users(id,email,password,first_name,last_name) values (1,'admin1@example.com','admin1','Admin','1');
3 | insert into calendar_users(id,email,password,first_name,last_name) values (2,'user2@example.com','user2','User','2');
4 | 
5 | insert into events (id,when,summary,description,owner,attendee) values (100,'2013-10-04 20:30:00','Birthday Party','This is going to be a great birthday',0,1);
6 | insert into events (id,when,summary,description,owner,attendee) values (101,'2013-12-23 13:00:00','Conference Call','Call with the client',2,0);
7 | insert into events (id,when,summary,description,owner,attendee) values (102,'2014-01-23 11:30:00','Lunch','Eating lunch together',1,2);


--------------------------------------------------------------------------------
/spring-security-cas/src/main/resources/database/h2/calendar-schema.sql:
--------------------------------------------------------------------------------
 1 | create table calendar_users (
 2 |     id bigint identity,
 3 |     email varchar(256) not null unique,
 4 |     password varchar(256) not null,
 5 |     first_name varchar(256) not null,
 6 |     last_name varchar(256) not null
 7 | );
 8 | 
 9 | create table events (
10 |     id bigint identity,
11 |     when timestamp not null,
12 |     summary varchar(256) not null,
13 |     description varchar(500) not null,
14 |     owner bigint not null,
15 |     attendee bigint not null,
16 |     FOREIGN KEY(owner) REFERENCES calendar_users(id),
17 |     FOREIGN KEY(attendee) REFERENCES calendar_users(id)
18 | );


--------------------------------------------------------------------------------
/spring-security-cas/src/main/resources/log4j.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
 3 | 
 4 | <log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/" debug="false">
 5 |     <appender name="console" class="org.apache.log4j.ConsoleAppender">
 6 |         <param name="Target" value="System.out" />
 7 |         <layout class="org.apache.log4j.PatternLayout">
 8 |             <param name="ConversionPattern" value="%d [%t] %-5p %c - %m%n" />
 9 |         </layout>
10 |     </appender>
11 | 
12 | 
13 |     <logger name="org.jasig" additivity="true">
14 |         <level value="DEBUG" />
15 |     </logger>
16 |     <category name="org.springframework.security">
17 |         <priority value="DEBUG" />
18 |     </category>
19 | 
20 |     <root>
21 |         <priority value="WARN" />
22 |         <appender-ref ref="console" />
23 |     </root>
24 | </log4j:configuration>
25 | 


--------------------------------------------------------------------------------
/spring-security-cas/src/main/webapp/WEB-INF/i18n/binding.properties:
--------------------------------------------------------------------------------
1 | typeMismatch.java.util.Date=Please enter a valid date in yyyy-MM-dd HH:mm format.
2 | typeMismatch.createEventForm.when=Please enter a valid date for Event Date/Time in yyyy-MM-dd HH:mm format.


--------------------------------------------------------------------------------
/spring-security-cas/src/main/webapp/WEB-INF/mvc-config.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <beans xmlns="http://www.springframework.org/schema/beans"
 3 |     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4 |     xmlns:context="http://www.springframework.org/schema/context"
 5 |     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
 6 | 		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">
 7 | 
 8 |     <!-- Load com.example.springsecurity.web.config.WebMvcConfig -->
 9 |     <context:component-scan base-package="com.example.springsecurity.web"/>
10 | 
11 | </beans>


--------------------------------------------------------------------------------
/spring-security-cas/src/main/webapp/WEB-INF/spring/i18n.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <beans xmlns="http://www.springframework.org/schema/beans"
 3 |     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4 |     xmlns:p="http://www.springframework.org/schema/p"
 5 |     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
 6 |         http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">
 7 | 
 8 |     <bean class="org.springframework.context.support.ReloadableResourceBundleMessageSource"
 9 |           id="messageSource"
10 |           p:basenames="WEB-INF/i18n/binding"
11 |           p:fallbackToSystemLocale="false"/>
12 | </beans>
13 | 


--------------------------------------------------------------------------------
/spring-security-cas/src/main/webapp/WEB-INF/spring/security.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <bean:beans xmlns:bean="http://www.springframework.org/schema/beans"
 3 |     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4 |     xmlns="http://www.springframework.org/schema/security"
 5 |     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
 6 |         http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
 7 | 
 8 |     <http pattern="/resources/**" security="none"/>
 9 |     <http use-expressions="true" entry-point-ref="casEntryPoint">
10 |         <intercept-url pattern="/"
11 |                 access="permitAll"/>
12 |         <intercept-url pattern="/login/*"
13 |                 access="permitAll"/>
14 |         <intercept-url pattern="/logout"
15 |                 access="permitAll"/>
16 |         <intercept-url pattern="/errors/**"
17 |                 access="permitAll"/>
18 |         <intercept-url pattern="/events/"
19 |                 access="hasRole('ROLE_ADMIN')"/>
20 |         <intercept-url pattern="/admin/**"
21 |                 access="hasRole('ROLE_ADMIN')"/>
22 |         <intercept-url pattern="/**"
23 |                 access="hasRole('ROLE_USER')"/>
24 |         <access-denied-handler error-page="/errors/403"/>
25 | 
26 |         <custom-filter ref="singleLogoutFilter" before="LOGOUT_FILTER"/>
27 |         <custom-filter ref="casFilter" position="CAS_FILTER"/>
28 | 
29 |         <logout logout-url="/logout"
30 |                 logout-success-url="https://${cas.server.host}/cas/logout"/>
31 |     </http>
32 |     <authentication-manager alias="authenticationManager">
33 |         <authentication-provider ref="casAuthProvider" />
34 |     </authentication-manager>
35 | </bean:beans>
36 | 


--------------------------------------------------------------------------------
/spring-security-cas/src/main/webapp/WEB-INF/spring/services.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <beans xmlns="http://www.springframework.org/schema/beans"
 3 |     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4 |     xmlns:jdbc="http://www.springframework.org/schema/jdbc"
 5 |     xmlns:tx="http://www.springframework.org/schema/tx"
 6 |     xmlns:p="http://www.springframework.org/schema/p"
 7 |     xmlns:context="http://www.springframework.org/schema/context"
 8 |     xsi:schemaLocation="http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd
 9 |         http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
10 |         http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
11 |         http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd">
12 | 
13 |     <context:component-scan base-package="com.example.springsecurity">
14 |         <context:exclude-filter type="regex" expression="com.example.springsecurity.web.*"/>
15 |     </context:component-scan>
16 | 
17 |     <tx:annotation-driven />
18 | 
19 |     <jdbc:embedded-database id="dataSource" type="H2">
20 |         <jdbc:script location="classpath:/database/h2/calendar-schema.sql"/>
21 |         <jdbc:script location="classpath:/database/h2/calendar-data.sql"/>
22 |     </jdbc:embedded-database>
23 | 
24 |     <bean id="transactionManager"
25 |           class="org.springframework.jdbc.datasource.DataSourceTransactionManager"
26 |           p:dataSource-ref="dataSource"/>
27 | 
28 |     <bean id="jdbcTemplate"
29 |           class="org.springframework.jdbc.core.JdbcTemplate"
30 |           p:dataSource-ref="dataSource"/>
31 | </beans>


--------------------------------------------------------------------------------
/spring-security-cas/src/main/webapp/WEB-INF/views/errors/403.jsp:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="ISO-8859-1" ?>
2 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
3 |     pageEncoding="ISO-8859-1"%>
4 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
5 | 
6 | <c:set var="pageTitle" value="Access Denied" scope="request"/>
7 | <jsp:include page="../includes/header.jsp"/>
8 | <p>You are not allowed to access this page. Try logging in as admin1@example.com / admin1</p>
9 | <jsp:include page="../includes/footer.jsp"/>


--------------------------------------------------------------------------------
/spring-security-cas/src/main/webapp/WEB-INF/views/events/create.jsp:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="ISO-8859-1" ?>
 2 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
 3 |     pageEncoding="ISO-8859-1"%>
 4 | <%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
 5 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 6 | 
 7 | <c:set var="pageTitle" value="Create Event" scope="request"/>
 8 | <jsp:include page="../includes/header.jsp"/>
 9 | <form:form action="./new" method="post" modelAttribute="createEventForm" cssClass="form-horizontal">
10 |     <form:errors path="*" element="div" cssClass="alert alert-error"/>
11 |     <fieldset>
12 |         <legend>Event Information</legend>
13 |         <div class="control-group">
14 |             <label class="control-label" for="attendeeEmail">Attendee Email</label>
15 |             <div class="controls">
16 |                 <form:input class="input-xlarge" path="attendeeEmail" id="attendeeEmail"/>
17 |             </div>
18 |         </div>
19 |         <div class="control-group">
20 |             <label class="control-label" for="when">Event Date/Time (yyyy-MM-dd HH:mm)</label>
21 |             <div class="controls">
22 |                 <form:input class="input-xlarge" path="when" id="when"/>
23 |             </div>
24 |         </div>
25 |         <div class="control-group">
26 |             <label class="control-label" for="summary">Summary</label>
27 |             <div class="controls">
28 |                 <form:input class="input-xlarge" path="summary" id="summary"/>
29 |             </div>
30 |         </div>
31 |         <div class="control-group">
32 |             <label class="control-label" for="description">Description</label>
33 |             <div class="controls">
34 |                 <form:textarea class="input-xlarge" path="description" id="description" rows="5" cols="25"/>
35 |             </div>
36 |         </div>
37 |         <div class="control-group">
38 |             <div class="controls">
39 |                 <input id="submit" type="submit" value="Create"/>
40 |                 <input id="auto" type="submit" name="auto" value="Auto Populate Form"/>
41 |             </div>
42 |         </div>
43 |     </fieldset>
44 | </form:form>
45 | <jsp:include page="../includes/footer.jsp"/>


--------------------------------------------------------------------------------
/spring-security-cas/src/main/webapp/WEB-INF/views/events/list.jsp:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="ISO-8859-1" ?>
 2 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
 3 |     pageEncoding="ISO-8859-1"%>
 4 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 5 | <%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %>
 6 | 
 7 | <c:set var="pageTitle" value="All Events" scope="request"/>
 8 | <jsp:include page="../includes/header.jsp"/>
 9 | 
10 | <p>This shows all events for all users. Once security is applied it will only be viewable to administrators.</p>
11 | <c:url var="createUrl" value="/events/form"/>
12 | <div id="create" class="pull-right"><a href="${createUrl}">Create Event</a></div>
13 | <table class="table table-bordered table-striped table-condensed">
14 |     <thead>
15 |         <tr>
16 |             <th>Date/Time</th>
17 |             <th>Owner</th>
18 |             <th>Attendee</th>
19 |             <th>Summary</th>
20 |         </tr>
21 |     </thead>
22 |     <tbody>
23 |         <c:if test="${empty events}">
24 |             <tr>
25 |                 <td colspan="2" class="msg">No events.</td>
26 |             </tr>
27 |         </c:if>
28 |          <c:forEach items="${events}" var="event">
29 |             <tr>
30 |                 <fmt:formatDate value="${event.when.time}" type="both" pattern="yyyy-MM-dd HH:mm" var="when"/>
31 |                 <td><c:out value="${when}"/></td>
32 |                 <td><c:out value="${event.owner.name}" /></td>
33 |                 <td><c:out value="${event.attendee.name}" /></td>
34 |                 <c:url var="eventUrl" value="${event.id}"/>
35 |                 <td><a href="${eventUrl}"><c:out value="${event.summary}" /></a></td>
36 |             </tr>
37 |         </c:forEach>
38 |     </tbody>
39 | </table>
40 | <jsp:include page="../includes/footer.jsp"/>


--------------------------------------------------------------------------------
/spring-security-cas/src/main/webapp/WEB-INF/views/events/my.jsp:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="ISO-8859-1" ?>
 2 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
 3 |     pageEncoding="ISO-8859-1"%>
 4 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 5 | <%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %>
 6 | 
 7 | <c:set var="pageTitle" value="My Events" scope="request"/>
 8 | <jsp:include page="../includes/header.jsp"/>
 9 | 
10 | <p id="description">
11 |     Below you can find the events for
12 |     <strong><c:out value="${currentUser.email}" /></strong>.
13 |     Once security is applied this will be the events for the currently logged in user.
14 | </p>
15 | <c:url var="createUrl" value="/events/form"/>
16 | <div id="create" class="pull-right"><a href="${createUrl}">Create Event</a></div>
17 | <table class="table table-bordered table-striped table-condensed">
18 |     <thead>
19 |         <tr>
20 |             <th>Date/Time</th>
21 |             <th>Owner</th>
22 |             <th>Attendee</th>
23 |             <th>Summary</th>
24 |         </tr>
25 |     </thead>
26 |     <tbody>
27 |         <c:if test="${empty events}">
28 |             <tr>
29 |                 <td colspan="2" class="msg">No events.</td>
30 |             </tr>
31 |         </c:if>
32 |          <c:forEach items="${events}" var="event">
33 |             <tr>
34 |                 <fmt:formatDate value="${event.when.time}" type="both" pattern="yyyy-MM-dd HH:mm" var="when"/>
35 |                 <td><c:out value="${when}"/></td>
36 |                 <td><c:out value="${event.owner.name}" /></td>
37 |                 <td><c:out value="${event.attendee.name}" /></td>
38 |                 <c:url var="eventUrl" value="${event.id}"/>
39 |                 <td><a href="${eventUrl}"><c:out value="${event.summary}" /></a></td>
40 |             </tr>
41 |         </c:forEach>
42 |     </tbody>
43 | </table>
44 | <jsp:include page="../includes/footer.jsp"/>


--------------------------------------------------------------------------------
/spring-security-cas/src/main/webapp/WEB-INF/views/events/show.jsp:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="ISO-8859-1" ?>
 2 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
 3 |     pageEncoding="ISO-8859-1"%>
 4 | <%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
 5 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 6 | <%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %>
 7 | 
 8 | <c:set var="pageTitle" scope="request">
 9 |     <c:out value="Event - ${event.summary}"/>
10 | </c:set>
11 | 
12 | <jsp:include page="../includes/header.jsp"/>
13 | <dl>
14 |     <dt>Owner</dt>
15 |     <dd id="owner"><c:out value="${event.owner.lastName}, ${event.owner.firstName}"/></dd>
16 |     <dt>Attendee</dt>
17 |     <dd id="attendee"><c:out value="${event.attendee.lastName}, ${event.attendee.firstName}"/></dd>
18 |     <dt>When</dt>
19 |     <fmt:formatDate value="${event.when.time}" type="both" pattern="yyyy-MM-dd HH:mm" var="when"/>
20 |     <dd id="when"><c:out value="${when}"/></dd>
21 |     <dt>Message Details</dt>
22 |     <dd id="owner"><c:out value="${event.description}"/></dd>
23 | </dl>
24 | <jsp:include page="../includes/footer.jsp"/>


--------------------------------------------------------------------------------
/spring-security-cas/src/main/webapp/WEB-INF/views/includes/footer.jsp:
--------------------------------------------------------------------------------
1 |         </div>
2 |     </body>
3 | </html>


--------------------------------------------------------------------------------
/spring-security-cas/src/main/webapp/WEB-INF/views/index.jsp:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="ISO-8859-1" ?>
 2 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
 3 |     pageEncoding="ISO-8859-1"%>
 4 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 5 | 
 6 | <c:set var="pageTitle" value="Welcome to myCalendar!" scope="request"/>
 7 | <jsp:include page="./includes/header.jsp"/>
 8 | <p>Below you can find some highlights about myCalendar. Each sample will have a slightly different summary depending on what has been done.</p>
 9 | <h2>Chapter 9 - CAS</h2>
10 | <ul>
11 |     <li><a id="eventsLink" href="events/">All Events</a> - shows all events for all users, but only allows administrators to access the page.</li>
12 |     <li><a id="myEventsLink" href="events/my">My Events</a> - shows all events that the current user is owner or attendee.</li>
13 |     <li><a id="createEventLink" href="events/form">Create Event</a> - will allow creating a new Event with current user as the owner.</li>
14 |     <li><a id="logoutLink" href="logout">Logout</a> - allows the user to logout (will not work until we enable Single Log Out)</li>
15 |     <li><a id="echoLink" href="echo">Echo</a> - demonstrates Proxy Ticket Authentication (will not work till Proxy Ticket Authentication is setup)</li>
16 |     <li>
17 |         <a id="h2Link" href="admin/h2/">H2 Database Console</a> - Allows you to interact with the database using a web console. To use it:
18 |         <ul>
19 |             <li>Click the link above.</li>
20 |             <li>Ensure that Generic H2 (Embedded) is selected</li>
21 |             <li>Ensure that org.h2.Driver is the Driver Class</li>
22 |             <li>Enter <strong>jdbc:h2:mem:dataSource</strong> as the JDBC URL</li>
23 |             <li>Ensure that the username is sa</li>
24 |             <li>Ensure the password is left empty</li>
25 |             <li>Click Connect</li>
26 |         </ul>
27 |     </li>
28 |     <li><a id="singleLogoutLink" href="https://localhost:8443/cas/logout">Test Single Logout</a> - goes directly to the CAS server to test single logout</li>
29 | </ul>
30 | <jsp:include page="./includes/footer.jsp"/>
31 | 


--------------------------------------------------------------------------------
/spring-security-cas/src/main/webapp/WEB-INF/views/login.jsp:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="ISO-8859-1" ?>
 2 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
 3 |     pageEncoding="ISO-8859-1"%>
 4 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 5 | 
 6 | <c:set var="pageTitle" value="Please Login" scope="request"/>
 7 | <jsp:include page="./includes/header.jsp"/>
 8 | 
 9 | <c:url value="/login" var="loginUrl"/>
10 | <form action="${loginUrl}" method="post">
11 |     <c:if test="${param.error != null}">
12 |         <div class="alert alert-error">
13 |             Failed to login.
14 |             <c:if test="${SPRING_SECURITY_LAST_EXCEPTION != null}">
15 |               Reason: <c:out value="${SPRING_SECURITY_LAST_EXCEPTION.message}" />
16 |             </c:if>
17 |         </div>
18 |     </c:if>
19 |     <c:if test="${param.logout != null}">
20 |         <div class="alert alert-success">
21 |             You have been logged out.
22 |         </div>
23 |     </c:if>
24 |     <label for="username">Username</label>
25 |     <input type="text" id="username" name="username"/>
26 |     <label for="password">Password</label>
27 |     <input type="password" id="password" name="password"/>
28 |     <div class="form-actions">
29 |         <input id="submit" class="btn" name="submit" type="submit" value="Login"/>
30 |     </div>
31 | </form>
32 | <jsp:include page="./includes/footer.jsp"/>


--------------------------------------------------------------------------------
/spring-security-db/README.md:
--------------------------------------------------------------------------------
 1 | Spring Security
 2 | ===============
 3 | 
 4 | To get up quickly, download the code and run the below commands,
 5 | 
 6 |     mvn clean test -Dtest=com.example.springsecurity.web.controllers.Video1SpringInmemoryUserdetailServiceControllerTest
 7 |     
 8 |     mvn clean test -Dtest=com.example.springsecurity.web.controllers.Video3JdbcUserServiceControllerTest
 9 |     
10 | And debug the code.


--------------------------------------------------------------------------------
/spring-security-db/src/main/java/com/example/springsecurity/core/authority/CalendarUserAuthorityUtils.java:
--------------------------------------------------------------------------------
 1 | package com.example.springsecurity.core.authority;
 2 | 
 3 | import java.util.Collection;
 4 | import java.util.List;
 5 | 
 6 | import org.springframework.security.core.GrantedAuthority;
 7 | import org.springframework.security.core.authority.AuthorityUtils;
 8 | 
 9 | import com.example.springsecurity.domain.CalendarUser;
10 | 
11 | /**
12 |  * A utility class used for creating the {@link GrantedAuthority}'s given a {@link CalendarUser}. In a real solution
13 |  * this would be looked up in the existing system, but for simplicity our original system had no notion of authorities.
14 |  *
15 |  * 
16 |  *
17 |  */
18 | public final class CalendarUserAuthorityUtils {
19 |     private static final List<GrantedAuthority> ADMIN_ROLES = AuthorityUtils.createAuthorityList("ROLE_ADMIN",
20 |             "ROLE_USER");
21 |     private static final List<GrantedAuthority> USER_ROLES = AuthorityUtils.createAuthorityList("ROLE_USER");
22 | 
23 |     public static Collection<? extends GrantedAuthority> createAuthorities(CalendarUser calendarUser) {
24 |         String username = calendarUser.getEmail();
25 |         if (username.startsWith("admin")) {
26 |             return ADMIN_ROLES;
27 |         }
28 |         return USER_ROLES;
29 |     }
30 | 
31 |     private CalendarUserAuthorityUtils() {
32 |     }
33 | }
34 | 


--------------------------------------------------------------------------------
/spring-security-db/src/main/java/com/example/springsecurity/dataaccess/CalendarUserDao.java:
--------------------------------------------------------------------------------
 1 | package com.example.springsecurity.dataaccess;
 2 | 
 3 | import java.util.List;
 4 | 
 5 | import org.springframework.dao.EmptyResultDataAccessException;
 6 | 
 7 | import com.example.springsecurity.domain.CalendarUser;
 8 | 
 9 | /**
10 |  * An interface for managing {@link CalendarUser} instances.
11 |  *
12 |  * 
13 |  *
14 |  */
15 | public interface CalendarUserDao {
16 | 
17 |     /**
18 |      * Gets a {@link CalendarUser} for a specific {@link CalendarUser#getId()}.
19 |      *
20 |      * @param id
21 |      *            the {@link CalendarUser#getId()} of the {@link CalendarUser} to find.
22 |      * @return a {@link CalendarUser} for the given id. Cannot be null.
23 |      * @throws EmptyResultDataAccessException
24 |      *             if the {@link CalendarUser} cannot be found
25 |      */
26 |     CalendarUser getUser(int id);
27 | 
28 |     /**
29 |      * Finds a given {@link CalendarUser} by email address.
30 |      *
31 |      * @param email
32 |      *            the email address to use to find a {@link CalendarUser}. Cannot be null.
33 |      * @return a {@link CalendarUser} for the given email or null if one could not be found.
34 |      * @throws IllegalArgumentException
35 |      *             if email is null.
36 |      */
37 |     CalendarUser findUserByEmail(String email);
38 | 
39 | 
40 |     /**
41 |      * Finds any {@link CalendarUser} that has an email that starts with {@code partialEmail}.
42 |      *
43 |      * @param partialEmail
44 |      *            the email address to use to find {@link CalendarUser}s. Cannot be null or empty String.
45 |      * @return a List of {@link CalendarUser}s that have an email that starts with given partialEmail. The returned value
46 |      *         will never be null. If no results are found an empty List will be returned.
47 |      * @throws IllegalArgumentException
48 |      *             if email is null or empty String.
49 |      */
50 |     List<CalendarUser> findUsersByEmail(String partialEmail);
51 | 
52 |     /**
53 |      * Creates a new {@link CalendarUser}.
54 |      *
55 |      * @param user
56 |      *            the new {@link CalendarUser} to create. The {@link CalendarUser#getId()} must be null.
57 |      * @return the new {@link CalendarUser#getId()}.
58 |      * @throws IllegalArgumentException
59 |      *             if {@link CalendarUser#getId()} is non-null.
60 |      */
61 |     int createUser(CalendarUser user);
62 | }
63 | 


--------------------------------------------------------------------------------
/spring-security-db/src/main/java/com/example/springsecurity/dataaccess/EventDao.java:
--------------------------------------------------------------------------------
 1 | package com.example.springsecurity.dataaccess;
 2 | 
 3 | import java.util.List;
 4 | 
 5 | import com.example.springsecurity.domain.CalendarUser;
 6 | import com.example.springsecurity.domain.Event;
 7 | 
 8 | /**
 9 |  * An interface for managing {@link Event}'s.
10 |  *
11 |  * 
12 |  *
13 |  */
14 | public interface EventDao {
15 | 
16 |     /**
17 |      * Given an id gets an {@link Event}.
18 |      *
19 |      * @param eventId
20 |      *            the {@link Event#getId()}
21 |      * @return the {@link Event}. Cannot be null.
22 |      * @throws RuntimeException
23 |      *             if the {@link Event} cannot be found.
24 |      */
25 |     Event getEvent(int eventId);
26 | 
27 |     /**
28 |      * Creates a {@link Event} and returns the new id for that {@link Event}.
29 |      *
30 |      * @param message
31 |      *            the {@link Event} to create. Note that the {@link Event#getId()} should be null.
32 |      * @return the new id for the {@link Event}
33 |      * @throws RuntimeException
34 |      *             if {@link Event#getId()} is non-null.
35 |      */
36 |     int createEvent(Event event);
37 | 
38 |     /**
39 |      * Finds the {@link Event}'s that are intended for the {@link CalendarUser}.
40 |      *
41 |      * @param userId
42 |      *            the {@link CalendarUser#getId()} to obtain {@link Event}'s for.
43 |      * @return a non-null {@link List} of {@link Event}'s intended for the specified {@link CalendarUser}. If the
44 |      *         {@link CalendarUser} does not exist an empty List will be returned.
45 |      */
46 |     List<Event> findForUser(int userId);
47 | 
48 |     /**
49 |      * Gets all the available {@link Event}'s.
50 |      *
51 |      * @return a non-null {@link List} of {@link Event}'s
52 |      */
53 |     List<Event> getEvents();
54 | }
55 | 


--------------------------------------------------------------------------------
/spring-security-db/src/main/java/com/example/springsecurity/service/UserContext.java:
--------------------------------------------------------------------------------
 1 | package com.example.springsecurity.service;
 2 | 
 3 | import com.example.springsecurity.domain.CalendarUser;
 4 | 
 5 | /**
 6 |  * Manages the current {@link CalendarUser}. This demonstrates how in larger applications it is good to abstract out
 7 |  * accessing the current user to return the application specific user rather than interacting with Spring Security
 8 |  * classes directly.
 9 |  *
10 |  * 
11 |  *
12 |  */
13 | public interface UserContext {
14 | 
15 |     /**
16 |      * Gets the currently logged in {@link CalendarUser} or null if there is no authenticated user.
17 |      *
18 |      * @return
19 |      */
20 |     CalendarUser getCurrentUser();
21 | 
22 |     /**
23 |      * Sets the currently logged in {@link CalendarUser}.
24 |      * @param user the logged in {@link CalendarUser}. Cannot be null.
25 |      * @throws IllegalArgumentException if the {@link CalendarUser} is null.
26 |      */
27 |     void setCurrentUser(CalendarUser user);
28 | }
29 | 


--------------------------------------------------------------------------------
/spring-security-db/src/main/java/com/example/springsecurity/service/UserContextStub.java:
--------------------------------------------------------------------------------
 1 | package com.example.springsecurity.service;
 2 | 
 3 | import org.springframework.beans.factory.annotation.Autowired;
 4 | 
 5 | import com.example.springsecurity.dataaccess.CalendarUserDao;
 6 | import com.example.springsecurity.domain.CalendarUser;
 7 | 
 8 | /**
 9 |  * NOTE: This is no longer used. See {@link SpringSecurityUserContext}.
10 |  *
11 |  * Returns the same user for every call to {@link #getCurrentUser()}. This is used prior to adding security, so that the
12 |  * rest of the application can be used.
13 |  *
14 |  * 
15 |  * @see SpringSecurityUserContext
16 |  */
17 | //@Component
18 | public class UserContextStub implements UserContext {
19 |     private final CalendarUserDao userService;
20 |     /**
21 |      * The {@link CalendarUser#getId()} for the user that is representing the currently logged in user. This can be
22 |      * modified using {@link #setCurrentUser(CalendarUser)}
23 |      */
24 |     private int currentUserId = 0;
25 | 
26 |     @Autowired
27 |     public UserContextStub(CalendarUserDao userService) {
28 |         if (userService == null) {
29 |             throw new IllegalArgumentException("userService cannot be null");
30 |         }
31 |         this.userService = userService;
32 |     }
33 | 
34 |     @Override
35 |     public CalendarUser getCurrentUser() {
36 |         return userService.getUser(currentUserId);
37 |     }
38 | 
39 |     @Override
40 |     public void setCurrentUser(CalendarUser user) {
41 |         if (user == null) {
42 |             throw new IllegalArgumentException("user cannot be null");
43 |         }
44 |         Integer currentId = user.getId();
45 |         if(currentId == null) {
46 |             throw new IllegalArgumentException("user.getId() cannot be null");
47 |         }
48 |         this.currentUserId = currentId;
49 |     }
50 | }


--------------------------------------------------------------------------------
/spring-security-db/src/main/java/com/example/springsecurity/web/authentication/rememberme/JdbcTokenRepositoryImplCleaner.java:
--------------------------------------------------------------------------------
 1 | package com.example.springsecurity.web.authentication.rememberme;
 2 | 
 3 | import java.util.Date;
 4 | 
 5 | import org.slf4j.Logger;
 6 | import org.slf4j.LoggerFactory;
 7 | import org.springframework.jdbc.core.JdbcOperations;
 8 | import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;
 9 | 
10 | /**
11 |  * <p>
12 |  * A {@link Runnable} which can be used to clean expired persistent remember me tokens generated from
13 |  * {@link JdbcTokenRepositoryImpl}. Note that only a single cleanup is done in {@link #run()} so consumers must loop
14 |  * over invoking the {@link #run()} method in order to perform multiple cleanups.
15 |  * </p>
16 |  * <p>
17 |  * See the configuration file at <code>src/main/webapp/WEB-INF/spring/cleaner.xml</code> to learn how to hook in with <a
18 |  * href="http://static.springsource.org/spring/docs/3.1.x/spring-framework-reference/html/scheduling.html">Spring's
19 |  * scheduling abstraction</a>.
20 |  * </p>
21 |  *
22 |  * 
23 |  *
24 |  */
25 | public final class JdbcTokenRepositoryImplCleaner implements Runnable {
26 |     private Logger logger = LoggerFactory.getLogger(getClass());
27 |     private final JdbcOperations jdbcOperations;
28 |     private final long tokenValidityInMs;
29 | 
30 |     /**
31 |      *
32 |      * @param jdbcOperations
33 |      *            the {@link JdbcOperations} used to perform the cleanup. Cannot be null.
34 |      * @param tokenValidityInMs
35 |      *            used to calculate when a token is expired. If the {@link #run()} method is invoked, tokens older than
36 |      *            this amount of time will be deleted. Cannot be less than 1.
37 |      */
38 |     public JdbcTokenRepositoryImplCleaner(JdbcOperations jdbcOperations, long tokenValidityInMs) {
39 |         if (jdbcOperations == null) {
40 |             throw new IllegalArgumentException("jdbcOperations cannot be null");
41 |         }
42 |         if (tokenValidityInMs < 1) {
43 |             throw new IllegalArgumentException("tokenValidityInMs must be greater than 0. Got " + tokenValidityInMs);
44 |         }
45 |         this.jdbcOperations = jdbcOperations;
46 |         this.tokenValidityInMs = tokenValidityInMs;
47 |     }
48 | 
49 |     public void run() {
50 |         long expiredInMs = System.currentTimeMillis() - tokenValidityInMs;
51 |         try {
52 |             jdbcOperations.update("delete from persistent_logins where last_used <= ?", new Date(expiredInMs));
53 |         }catch(Throwable t) {
54 |             logger.error("Could not clean up expired persistent remember me tokens.",t);
55 |         }
56 |     }
57 | }
58 | 


--------------------------------------------------------------------------------
/spring-security-db/src/main/java/com/example/springsecurity/web/controllers/WelcomeController.java:
--------------------------------------------------------------------------------
 1 | package com.example.springsecurity.web.controllers;
 2 | 
 3 | import org.springframework.stereotype.Controller;
 4 | import org.springframework.web.bind.annotation.RequestMapping;
 5 | 
 6 | /**
 7 |  * This displays the welcome screen that shows what will be happening in this chapter.
 8 |  *
 9 |  * 
10 |  *
11 |  */
12 | @Controller
13 | public class WelcomeController {
14 | 
15 |     @RequestMapping("/")
16 |     public String welcome() {
17 |         return "index";
18 |     }
19 | }


--------------------------------------------------------------------------------
/spring-security-db/src/main/java/com/example/springsecurity/web/model/CreateEventForm.java:
--------------------------------------------------------------------------------
 1 | package com.example.springsecurity.web.model;
 2 | 
 3 | import java.util.Calendar;
 4 | 
 5 | import javax.validation.constraints.NotNull;
 6 | 
 7 | import org.hibernate.validator.constraints.Email;
 8 | import org.hibernate.validator.constraints.NotEmpty;
 9 | import org.springframework.format.annotation.DateTimeFormat;
10 | 
11 | import com.example.springsecurity.domain.Event;
12 | 
13 | /**
14 |  * A form object that is used for creating a new {@link Event}. Using a different object is one way of preventing
15 |  * malicious users from filling out field that they should not (i.e. fill out a different owner field).
16 |  *
17 |  * 
18 |  *
19 |  */
20 | public class CreateEventForm {
21 |     @NotEmpty(message = "Attendee Email is required")
22 |     @Email(message = "Attendee Email must be a valid email")
23 |     private String attendeeEmail;
24 |     @NotEmpty(message = "Summary is required")
25 |     private String summary;
26 |     @NotEmpty(message = "Description is required")
27 |     private String description;
28 |     @DateTimeFormat(pattern = "yyyy-MM-dd HH:mm")
29 |     @NotNull(message = "Event Date/Time is required")
30 |     private Calendar when;
31 | 
32 |     public String getAttendeeEmail() {
33 |         return attendeeEmail;
34 |     }
35 | 
36 |     public void setAttendeeEmail(String attendeeEmail) {
37 |         this.attendeeEmail = attendeeEmail;
38 |     }
39 | 
40 |     public String getSummary() {
41 |         return summary;
42 |     }
43 | 
44 |     public void setSummary(String summary) {
45 |         this.summary = summary;
46 |     }
47 | 
48 |     public String getDescription() {
49 |         return description;
50 |     }
51 | 
52 |     public void setDescription(String description) {
53 |         this.description = description;
54 |     }
55 | 
56 |     public Calendar getWhen() {
57 |         return when;
58 |     }
59 | 
60 |     public void setWhen(Calendar when) {
61 |         this.when = when;
62 |     }
63 | }


--------------------------------------------------------------------------------
/spring-security-db/src/main/java/com/example/springsecurity/web/model/SignupForm.java:
--------------------------------------------------------------------------------
 1 | package com.example.springsecurity.web.model;
 2 | 
 3 | import org.hibernate.validator.constraints.Email;
 4 | import org.hibernate.validator.constraints.NotEmpty;
 5 | 
 6 | 
 7 | public class SignupForm {
 8 |     @NotEmpty(message="First Name is required")
 9 |     private String firstName;
10 |     @NotEmpty(message="Last Name is required")
11 |     private String lastName;
12 |     @Email(message="Please provide a valid email address")
13 |     @NotEmpty(message="Email is required")
14 |     private String email;
15 |     @NotEmpty(message="Password is required")
16 |     private String password;
17 | 
18 |     /**
19 |      * Gets the email address for this user.
20 |      *
21 |      * @return
22 |      */
23 |     public String getEmail() {
24 |         return email;
25 |     }
26 | 
27 |     /**
28 |      * Gets the first name of the user.
29 |      *
30 |      * @return
31 |      */
32 |     public String getFirstName() {
33 |         return firstName;
34 |     }
35 | 
36 |     /**
37 |      * Gets the last name of the user.
38 |      *
39 |      * @return
40 |      */
41 |     public String getLastName() {
42 |         return lastName;
43 |     }
44 | 
45 |     /**
46 |      * Gets the password for this user.
47 |      *
48 |      * @return
49 |      */
50 |     public String getPassword() {
51 |         return password;
52 |     }
53 | 
54 |     public void setEmail(String email) {
55 |         this.email = email;
56 |     }
57 | 
58 |     public void setFirstName(String firstName) {
59 |         this.firstName = firstName;
60 |     }
61 |     public void setLastName(String lastName) {
62 |         this.lastName = lastName;
63 |     }
64 | 
65 |     public void setPassword(String password) {
66 |         this.password = password;
67 |     }
68 | }
69 | 


--------------------------------------------------------------------------------
/spring-security-db/src/main/resources/database/h2/calendar-data.sql:
--------------------------------------------------------------------------------
1 | insert into calendar_users(id,email,password,first_name,last_name) values (0,'user1@example.com','user1','User','1');
2 | insert into calendar_users(id,email,password,first_name,last_name) values (1,'admin1@example.com','admin1','Admin','1');
3 | insert into calendar_users(id,email,password,first_name,last_name) values (2,'user2@example.com','user2','User','2');
4 | 
5 | insert into events (id,when,summary,description,owner,attendee) values (100,'2013-10-04 20:30:00','Birthday Party','This is going to be a great birthday',0,1);
6 | insert into events (id,when,summary,description,owner,attendee) values (101,'2013-12-23 13:00:00','Conference Call','Call with the client',2,0);
7 | insert into events (id,when,summary,description,owner,attendee) values (102,'2014-01-23 11:30:00','Lunch','Eating lunch together',1,2);


--------------------------------------------------------------------------------
/spring-security-db/src/main/resources/database/h2/calendar-schema.sql:
--------------------------------------------------------------------------------
 1 | create table calendar_users (
 2 |     id bigint identity,
 3 |     email varchar(256) not null unique,
 4 |     password varchar(256) not null,
 5 |     first_name varchar(256) not null,
 6 |     last_name varchar(256) not null
 7 | );
 8 | 
 9 | create table events (
10 |     id bigint identity,
11 |     when timestamp not null,
12 |     summary varchar(256) not null,
13 |     description varchar(500) not null,
14 |     owner bigint not null,
15 |     attendee bigint not null,
16 |     FOREIGN KEY(owner) REFERENCES calendar_users(id),
17 |     FOREIGN KEY(attendee) REFERENCES calendar_users(id)
18 | );


--------------------------------------------------------------------------------
/spring-security-db/src/main/resources/database/h2/security-rememberme-schema.sql:
--------------------------------------------------------------------------------
1 | create table persistent_logins (
2 |     username varchar_ignorecase(50) not null, 
3 |     series varchar(64) primary key,
4 |     token varchar(64) not null, 
5 |     last_used timestamp not null
6 | );
7 | 


--------------------------------------------------------------------------------
/spring-security-db/src/main/resources/log4j.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
 3 | 
 4 | <log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/" debug="false">
 5 |     <appender name="console" class="org.apache.log4j.ConsoleAppender">
 6 |         <param name="Target" value="System.out" />
 7 |         <layout class="org.apache.log4j.PatternLayout">
 8 |             <param name="ConversionPattern" value="%d [%t] %-5p %c - %m%n" />
 9 |         </layout>
10 |     </appender>
11 | 
12 |     <category name="org.springframework.security">
13 |         <priority value="DEBUG" />
14 |     </category>
15 | 
16 |     <root>
17 |         <priority value="WARN" />
18 |         <appender-ref ref="console" />
19 |     </root>
20 | </log4j:configuration>
21 | 


--------------------------------------------------------------------------------
/spring-security-db/src/main/webapp/WEB-INF/i18n/binding.properties:
--------------------------------------------------------------------------------
1 | typeMismatch.java.util.Date=Please enter a valid date in yyyy-MM-dd HH:mm format.
2 | typeMismatch.createEventForm.when=Please enter a valid date for Event Date/Time in yyyy-MM-dd HH:mm format.


--------------------------------------------------------------------------------
/spring-security-db/src/main/webapp/WEB-INF/mvc-config.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <beans xmlns="http://www.springframework.org/schema/beans"
 3 | 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4 | 	xmlns:context="http://www.springframework.org/schema/context"
 5 | 	xmlns:mvc="http://www.springframework.org/schema/mvc"
 6 | 	xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
 7 | 		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
 8 | 		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
 9 | 
10 |     <!-- Load com.example.springsecurity.web.config.WebMvcConfig -->
11 |     <context:component-scan base-package="com.example.springsecurity.web"/>
12 | 
13 | 	<mvc:resources mapping="/resources/**" location="/resources/" /> 
14 | 	<mvc:view-controller path="/login/form" view-name="/login"/>    
15 | </beans>


--------------------------------------------------------------------------------
/spring-security-db/src/main/webapp/WEB-INF/spring/cleaner.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <beans xmlns="http://www.springframework.org/schema/beans"
 3 |     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4 |     xmlns:p="http://www.springframework.org/schema/p"
 5 |     xmlns:task="http://www.springframework.org/schema/task"
 6 |     xsi:schemaLocation="http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task-3.1.xsd
 7 |         http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd">
 8 | 
 9 |     <bean id="tokenRepositoryCleaner"
10 |                 class="com.example.springsecurity.web.authentication.rememberme.JdbcTokenRepositoryImplCleaner">
11 |             <constructor-arg ref="jdbcTemplate"/>
12 |             <constructor-arg value="600000"/>
13 |     </bean>
14 | 
15 |     <!-- This is only a very basic configuration, please read more about
16 |         Spring's tasks to learn how to control things like pooling.
17 |         http://static.springsource.org/spring/docs/3.1.x/spring-framework-reference/html/scheduling.html
18 |     -->
19 |     <task:scheduled-tasks>
20 |         <task:scheduled ref="tokenRepositoryCleaner"
21 |                 method="run"
22 |                 fixed-delay="600000"/>
23 |     </task:scheduled-tasks>
24 | </beans>


--------------------------------------------------------------------------------
/spring-security-db/src/main/webapp/WEB-INF/spring/i18n.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <beans xmlns="http://www.springframework.org/schema/beans"
 3 |     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4 |     xmlns:p="http://www.springframework.org/schema/p"
 5 |     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
 6 |         http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">
 7 | 
 8 |     <bean class="org.springframework.context.support.ReloadableResourceBundleMessageSource"
 9 |           id="messageSource"
10 |           p:basenames="WEB-INF/i18n/binding"
11 |           p:fallbackToSystemLocale="false"/>
12 | </beans>
13 | 


--------------------------------------------------------------------------------
/spring-security-db/src/main/webapp/WEB-INF/spring/ipTokenRepository.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <beans xmlns="http://www.springframework.org/schema/beans"
 3 |     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4 |     xmlns:p="http://www.springframework.org/schema/p"
 5 |     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
 6 |         http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">
 7 | 
 8 |     <bean id="remembermeServices"
 9 |             class="org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices">
10 |         <!-- must match remember-me's key attribute -->
11 |         <constructor-arg value="jbcpCalendar"/>
12 |         <!-- used to login the user after we login -->
13 |         <constructor-arg ref="userDetailsService"/>
14 |         <!-- the PersistentTokenRepository to use -->
15 |         <constructor-arg ref="tokenRepository"/>
16 |         <property name="parameter" value="rememberme"/>
17 |         <property name="cookieName" value="rememberme"/>
18 |     </bean>
19 |     <bean id="tokenRepository" class="com.example.springsecurity.web.authentication.rememberme.IpAwarePersistentTokenRepository">
20 |         <constructor-arg>
21 |             <bean class="org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl">
22 |                 <property name="dataSource" ref="dataSource"/>
23 |             </bean>
24 |         </constructor-arg>
25 |     </bean>
26 | </beans>
27 | 


--------------------------------------------------------------------------------
/spring-security-db/src/main/webapp/WEB-INF/spring/security.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <bean:beans xmlns:bean="http://www.springframework.org/schema/beans"
 3 |     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4 |     xmlns="http://www.springframework.org/schema/security"
 5 |     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
 6 |         http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
 7 | 
 8 |     <http pattern="/resources/**" security="none"/>
 9 |     <http auto-config="true" use-expressions="true">
10 |         <intercept-url pattern="/"
11 |                 access="permitAll"/>
12 |         <intercept-url pattern="/login/*"
13 |                 access="permitAll"/>
14 |         <intercept-url pattern="/signup/*"
15 |                 access="permitAll"/>
16 |         <intercept-url pattern="/logout"
17 |                 access="permitAll"/>
18 |         <intercept-url pattern="/errors/**"
19 |                 access="permitAll"/>
20 |         <intercept-url pattern="/events/"
21 |                 access="hasRole('ROLE_ADMIN')"/>
22 |         <intercept-url pattern="/admin/**"
23 |                 access="hasRole('ROLE_ADMIN') and fullyAuthenticated"/>
24 |         <intercept-url pattern="/**"
25 |                 access="hasRole('ROLE_USER')"/>
26 |         <access-denied-handler error-page="/errors/403"/>
27 |         <form-login login-page="/login/form"
28 |                 login-processing-url="/login"
29 |                 username-parameter="username"
30 |                 password-parameter="password"
31 |                 authentication-failure-url="/login/form?error"
32 |                 default-target-url="/default"/>
33 |         <remember-me key="jbcpCalendar"
34 |                 services-ref="remembermeServices"/>
35 |         <logout logout-url="/logout"
36 |                 logout-success-url="/login/form?logout"/>
37 |     </http>
38 |     <authentication-manager>
39 |         <authentication-provider>
40 |             <user-service id="userDetailsService">
41 |                 <user name="user1@example.com"
42 |                         password="user1"
43 |                         authorities="ROLE_USER"/>
44 |                 <user name="admin1@example.com"
45 |                         password="admin1"
46 |                         authorities="ROLE_USER,ROLE_ADMIN"/>
47 |             </user-service>
48 |         </authentication-provider>
49 |     </authentication-manager>
50 | </bean:beans>
51 | 


--------------------------------------------------------------------------------
/spring-security-db/src/main/webapp/WEB-INF/spring/services.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <beans xmlns="http://www.springframework.org/schema/beans"
 3 |     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4 |     xmlns:jdbc="http://www.springframework.org/schema/jdbc"
 5 |     xmlns:tx="http://www.springframework.org/schema/tx"
 6 |     xmlns:p="http://www.springframework.org/schema/p"
 7 |     xmlns:context="http://www.springframework.org/schema/context"
 8 |     xsi:schemaLocation="http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd
 9 |         http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
10 |         http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
11 |         http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd">
12 | 
13 |     <context:component-scan base-package="com.example.springsecurity">
14 |         <context:exclude-filter type="regex" expression="com.example.springsecurity.web.*"/>
15 |     </context:component-scan>
16 | 
17 |     <tx:annotation-driven />
18 | 
19 |     <jdbc:embedded-database id="dataSource" type="H2">
20 |         <jdbc:script location="classpath:/database/h2/calendar-schema.sql"/>
21 |         <jdbc:script location="classpath:/database/h2/calendar-data.sql"/>
22 |         <jdbc:script location="classpath:/database/h2/security-rememberme-schema.sql"/>
23 |     </jdbc:embedded-database>
24 | 
25 |     <bean id="transactionManager"
26 |           class="org.springframework.jdbc.datasource.DataSourceTransactionManager"
27 |           p:dataSource-ref="dataSource"/>
28 | 
29 |     <bean id="jdbcTemplate"
30 |           class="org.springframework.jdbc.core.JdbcTemplate"
31 |           p:dataSource-ref="dataSource"/>
32 | </beans>


--------------------------------------------------------------------------------
/spring-security-db/src/main/webapp/WEB-INF/views/errors/403.jsp:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="ISO-8859-1" ?>
2 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
3 |     pageEncoding="ISO-8859-1"%>
4 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
5 | 
6 | <c:set var="pageTitle" value="Access Denied" scope="request"/>
7 | <jsp:include page="../includes/header.jsp"/>
8 | <p>You are not allowed to access this page. Try logging in as admin1@example.com / admin1</p>
9 | <jsp:include page="../includes/footer.jsp"/>


--------------------------------------------------------------------------------
/spring-security-db/src/main/webapp/WEB-INF/views/events/create.jsp:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="ISO-8859-1" ?>
 2 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
 3 |     pageEncoding="ISO-8859-1"%>
 4 | <%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
 5 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 6 | 
 7 | <c:set var="pageTitle" value="Create Event" scope="request"/>
 8 | <jsp:include page="../includes/header.jsp"/>
 9 | <form:form action="./new" method="post" modelAttribute="createEventForm" cssClass="form-horizontal">
10 |     <form:errors path="*" element="div" cssClass="alert alert-error"/>
11 |     <fieldset>
12 |         <legend>Event Information</legend>
13 |         <div class="control-group">
14 |             <label class="control-label" for="attendeeEmail">Attendee Email</label>
15 |             <div class="controls">
16 |                 <form:input class="input-xlarge" path="attendeeEmail" id="attendeeEmail"/>
17 |             </div>
18 |         </div>
19 |         <div class="control-group">
20 |             <label class="control-label" for="when">Event Date/Time (yyyy-MM-dd HH:mm)</label>
21 |             <div class="controls">
22 |                 <form:input class="input-xlarge" path="when" id="when"/>
23 |             </div>
24 |         </div>
25 |         <div class="control-group">
26 |             <label class="control-label" for="summary">Summary</label>
27 |             <div class="controls">
28 |                 <form:input class="input-xlarge" path="summary" id="summary"/>
29 |             </div>
30 |         </div>
31 |         <div class="control-group">
32 |             <label class="control-label" for="description">Description</label>
33 |             <div class="controls">
34 |                 <form:textarea class="input-xlarge" path="description" id="description" rows="5" cols="25"/>
35 |             </div>
36 |         </div>
37 |         <div class="control-group">
38 |             <div class="controls">
39 |                 <input id="submit" type="submit" value="Create"/>
40 |                 <input id="auto" type="submit" name="auto" value="Auto Populate Form"/>
41 |             </div>
42 |         </div>
43 |     </fieldset>
44 | </form:form>
45 | <jsp:include page="../includes/footer.jsp"/>


--------------------------------------------------------------------------------
/spring-security-db/src/main/webapp/WEB-INF/views/events/list.jsp:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="ISO-8859-1" ?>
 2 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
 3 |     pageEncoding="ISO-8859-1"%>
 4 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 5 | <%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %>
 6 | 
 7 | <c:set var="pageTitle" value="All Events" scope="request"/>
 8 | <jsp:include page="../includes/header.jsp"/>
 9 | 
10 | <p>This shows all events for all users. Once security is applied it will only be viewable to administrators.</p>
11 | <c:url var="createUrl" value="/events/form"/>
12 | <div id="create" class="pull-right"><a href="${createUrl}">Create Event</a></div>
13 | <table class="table table-bordered table-striped table-condensed">
14 |     <thead>
15 |         <tr>
16 |             <th>Date/Time</th>
17 |             <th>Owner</th>
18 |             <th>Attendee</th>
19 |             <th>Summary</th>
20 |         </tr>
21 |     </thead>
22 |     <tbody>
23 |         <c:if test="${empty events}">
24 |             <tr>
25 |                 <td colspan="2" class="msg">No events.</td>
26 |             </tr>
27 |         </c:if>
28 |          <c:forEach items="${events}" var="event">
29 |             <tr>
30 |                 <fmt:formatDate value="${event.when.time}" type="both" pattern="yyyy-MM-dd HH:mm" var="when"/>
31 |                 <td><c:out value="${when}"/></td>
32 |                 <td><c:out value="${event.owner.name}" /></td>
33 |                 <td><c:out value="${event.attendee.name}" /></td>
34 |                 <c:url var="eventUrl" value="${event.id}"/>
35 |                 <td><a href="${eventUrl}"><c:out value="${event.summary}" /></a></td>
36 |             </tr>
37 |         </c:forEach>
38 |     </tbody>
39 | </table>
40 | <jsp:include page="../includes/footer.jsp"/>


--------------------------------------------------------------------------------
/spring-security-db/src/main/webapp/WEB-INF/views/events/my.jsp:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="ISO-8859-1" ?>
 2 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
 3 |     pageEncoding="ISO-8859-1"%>
 4 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 5 | <%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %>
 6 | 
 7 | <c:set var="pageTitle" value="My Events" scope="request"/>
 8 | <jsp:include page="../includes/header.jsp"/>
 9 | 
10 | <p id="description">
11 |     Below you can find the events for
12 |     <strong><c:out value="${currentUser.email}" /></strong>.
13 |     Once security is applied this will be the events for the currently logged in user.
14 | </p>
15 | <c:url var="createUrl" value="/events/form"/>
16 | <div id="create" class="pull-right"><a href="${createUrl}">Create Event</a></div>
17 | <table class="table table-bordered table-striped table-condensed">
18 |     <thead>
19 |         <tr>
20 |             <th>Date/Time</th>
21 |             <th>Owner</th>
22 |             <th>Attendee</th>
23 |             <th>Summary</th>
24 |         </tr>
25 |     </thead>
26 |     <tbody>
27 |         <c:if test="${empty events}">
28 |             <tr>
29 |                 <td colspan="2" class="msg">No events.</td>
30 |             </tr>
31 |         </c:if>
32 |          <c:forEach items="${events}" var="event">
33 |             <tr>
34 |                 <fmt:formatDate value="${event.when.time}" type="both" pattern="yyyy-MM-dd HH:mm" var="when"/>
35 |                 <td><c:out value="${when}"/></td>
36 |                 <td><c:out value="${event.owner.name}" /></td>
37 |                 <td><c:out value="${event.attendee.name}" /></td>
38 |                 <c:url var="eventUrl" value="${event.id}"/>
39 |                 <td><a href="${eventUrl}"><c:out value="${event.summary}" /></a></td>
40 |             </tr>
41 |         </c:forEach>
42 |     </tbody>
43 | </table>
44 | <jsp:include page="../includes/footer.jsp"/>


--------------------------------------------------------------------------------
/spring-security-db/src/main/webapp/WEB-INF/views/events/show.jsp:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="ISO-8859-1" ?>
 2 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
 3 |     pageEncoding="ISO-8859-1"%>
 4 | <%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
 5 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 6 | <%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %>
 7 | 
 8 | <c:set var="pageTitle" scope="request">
 9 |     <c:out value="Event - ${event.summary}"/>
10 | </c:set>
11 | 
12 | <jsp:include page="../includes/header.jsp"/>
13 | <dl>
14 |     <dt>Owner</dt>
15 |     <dd id="owner"><c:out value="${event.owner.lastName}, ${event.owner.firstName}"/></dd>
16 |     <dt>Attendee</dt>
17 |     <dd id="attendee"><c:out value="${event.attendee.lastName}, ${event.attendee.firstName}"/></dd>
18 |     <dt>When</dt>
19 |     <fmt:formatDate value="${event.when.time}" type="both" pattern="yyyy-MM-dd HH:mm" var="when"/>
20 |     <dd id="when"><c:out value="${when}"/></dd>
21 |     <dt>Message Details</dt>
22 |     <dd id="owner"><c:out value="${event.description}"/></dd>
23 | </dl>
24 | <jsp:include page="../includes/footer.jsp"/>


--------------------------------------------------------------------------------
/spring-security-db/src/main/webapp/WEB-INF/views/includes/footer.jsp:
--------------------------------------------------------------------------------
1 |         </div>
2 |     </body>
3 | </html>


--------------------------------------------------------------------------------
/spring-security-db/src/main/webapp/WEB-INF/views/index.jsp:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="ISO-8859-1" ?>
 2 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
 3 |     pageEncoding="ISO-8859-1"%>
 4 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 5 | 
 6 | <c:set var="pageTitle" value="Welcome to myCalendar!" scope="request"/>
 7 | <jsp:include page="./includes/header.jsp"/>
 8 | <p>Below you can find some highlights about myCalendar. Each sample will have a slightly different summary depending on what has been done.</p>
 9 | <h2>Chapter 6 - Remember Me</h2>
10 | <ul>
11 |  <li>This chapter discusses Spring Security's remember me feature. You may be interested in using a plugin like <a href="https://addons.mozilla.org/en-US/firefox/addon/firecookie/reviews/">Firecookie</a> for removing your JSESSIONID (to simulate closing the browser / session timing out).</li>
12 |     <li><a id="eventsLink" href="events/">All Events</a> - shows all events for all users, but only allows administrators to access the page.</li>
13 |     <li><a id="myEventsLink" href="events/my">My Events</a> - shows all events that the current user is owner or attendee.</li>
14 |     <li><a id="createEventLink" href="events/form">Create Event</a> - will allow creating a new Event with current user as the owner.</li>
15 |     <li><a id="logoutLink" href="logout">Logout</a> - allows the user to logout</li>
16 |     <li>
17 |         <a id="h2Link" href="admin/h2/">H2 Database Console</a> - Allows you to interact with the database using a web console. To use it:
18 |         <ul>
19 |             <li>Click the link above.</li>
20 |             <li>Ensure that Generic H2 (Embedded) is selected</li>
21 |             <li>Ensure that org.h2.Driver is the Driver Class</li>
22 |             <li>Enter <strong>jdbc:h2:mem:dataSource</strong> as the JDBC URL</li>
23 |             <li>Ensure that the username is sa</li>
24 |             <li>Ensure the password is left empty</li>
25 |             <li>Click Connect</li>
26 |         </ul>
27 |     </li>
28 | </ul>
29 | <jsp:include page="./includes/footer.jsp"/>
30 | 


--------------------------------------------------------------------------------
/spring-security-db/src/main/webapp/WEB-INF/views/login.jsp:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="ISO-8859-1" ?>
 2 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
 3 |     pageEncoding="ISO-8859-1"%>
 4 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 5 | 
 6 | <c:set var="pageTitle" value="Please Login" scope="request"/>
 7 | <jsp:include page="./includes/header.jsp"/>
 8 | 
 9 | <c:url value="/login" var="loginUrl"/>
10 | <form action="${loginUrl}" method="post">
11 |     <c:if test="${param.error != null}">
12 |         <div class="alert alert-error">
13 |             Failed to login.
14 |             <c:if test="${SPRING_SECURITY_LAST_EXCEPTION != null}">
15 |               Reason: <c:out value="${SPRING_SECURITY_LAST_EXCEPTION.message}" />
16 |             </c:if>
17 |         </div>
18 |     </c:if>
19 |     <c:if test="${param.logout != null}">
20 |         <div class="alert alert-success">
21 |             You have been logged out.
22 |         </div>
23 |     </c:if>
24 |     <p>
25 |         <label for="username">Username</label>
26 |         <input type="text" id="username" name="username"/>
27 |     </p>
28 |     <p>
29 |         <label for="password">Password</label>
30 |         <input type="password" id="password" name="password"/>
31 |     </p>
32 |     <p>
33 |         <label for="remember">Remember Me?</label>
34 |         <input type="checkbox" id="remember"
35 |                 name="rememberme"
36 |                 value="true"/>
37 |     </p>
38 |     <p>
39 |         <input id="submit" name="submit" type="submit" value="Login"/>
40 |     </p>
41 | </form>
42 | <jsp:include page="./includes/footer.jsp"/>


--------------------------------------------------------------------------------
/spring-security-db/src/main/webapp/WEB-INF/views/signup/form.jsp:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="ISO-8859-1" ?>
 2 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
 3 |     pageEncoding="ISO-8859-1"%>
 4 | <%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
 5 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 6 | 
 7 | <c:set var="pageTitle" value="Signup" scope="request"/>
 8 | <jsp:include page="../includes/header.jsp"/>
 9 | <form:form action="./new" method="post" modelAttribute="signupForm">
10 |     <form:errors path="*" element="div" cssClass="errors"/>
11 |     <fieldset>
12 |         <legend>User Information</legend>
13 |         <p>
14 |             <label for="firstName">First Name</label>
15 |             <form:input path="firstName" id="firstName"/>
16 |         </p>
17 |         <p>
18 |             <label for="lastName">Last Name</label>
19 |             <form:input path="lastName" id="lastName"/>
20 |         </p>
21 |         <p>
22 |             <label for="email">Email (Username)</label>
23 |             <form:input path="email" id="email"/>
24 |         </p>
25 |         <p>
26 |             <label for="password">Password</label>
27 |             <form:password path="password" id="password"/>
28 |         </p>
29 |         <p>
30 |             <input id="submit" type="submit" value="Create Account"/>
31 |         </p>
32 |     </fieldset>
33 | </form:form>
34 | <jsp:include page="../includes/footer.jsp"/>


--------------------------------------------------------------------------------
/spring-security-db/src/main/webapp/WEB-INF/web.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | 
 3 | <web-app id="calendar" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"
 4 |     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 5 |     xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
 6 |     <display-name>Calendar Web Application</display-name>
 7 |     <context-param>
 8 |         <param-name>contextConfigLocation</param-name>
 9 |         <param-value>
10 |             /WEB-INF/spring/services.xml
11 |             /WEB-INF/spring/i18n.xml
12 |             /WEB-INF/spring/security.xml
13 |             /WEB-INF/spring/cleaner.xml
14 |             /WEB-INF/spring/ipTokenRepository.xml
15 |         </param-value>
16 |     </context-param>
17 |     <listener>
18 |         <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
19 |     </listener>
20 |     <listener>
21 |         <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
22 |     </listener>
23 |     <filter>
24 |         <filter-name>springSecurityFilterChain</filter-name>
25 |         <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
26 |     </filter>
27 |     <filter-mapping>
28 |         <filter-name>springSecurityFilterChain</filter-name>
29 |         <url-pattern>/*</url-pattern>
30 |     </filter-mapping>
31 |     <servlet>
32 |         <servlet-name>h2</servlet-name>
33 |         <servlet-class>org.h2.server.web.WebServlet</servlet-class>
34 |     </servlet>
35 |     <servlet>
36 |         <servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
37 |         <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
38 |         <init-param>
39 |             <param-name>contextConfigLocation</param-name>
40 |             <param-value>
41 |                 /WEB-INF/mvc-config.xml
42 |             </param-value>
43 |         </init-param>
44 |         <load-on-startup>1</load-on-startup>
45 |     </servlet>
46 |     <servlet-mapping>
47 |         <servlet-name>h2</servlet-name>
48 |         <url-pattern>/admin/h2/*</url-pattern>
49 |     </servlet-mapping>
50 |     <servlet-mapping>
51 |         <servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
52 |         <url-pattern>/</url-pattern>
53 |     </servlet-mapping>
54 | </web-app>


--------------------------------------------------------------------------------
/spring-security-db/src/main/webapp/resources/css/main.css:
--------------------------------------------------------------------------------
  1 | * {
  2 |     margin: 0;
  3 |     padding: 0;
  4 | }
  5 | 
  6 | html, body {
  7 |     height: 100%;
  8 | }
  9 | body {
 10 |     background-color: #FFFFFF;
 11 | }
 12 | #header-container {
 13 |     color: #FFFFFF;
 14 |     background-color: #000000;
 15 | }
 16 | #header, .nav li {
 17 |     padding: .25em;
 18 |     padding-top: 2em;
 19 | }
 20 | .nav-account {
 21 |     float: right;
 22 | }
 23 | .nav {
 24 |     display: inline;
 25 | }
 26 | .inner {
 27 |     margin: 0 auto;
 28 |     width: 65%;
 29 |     padding: 1em;
 30 | }
 31 | .nav li:after {
 32 |     content: ' |';
 33 | }
 34 | .nav li:last-child:after {
 35 |     content: '';
 36 | }
 37 | 
 38 | .nav li {
 39 |     display: inline;
 40 |     list-style-type: none;
 41 | }
 42 | .nav a, th {
 43 |     color: #FFFFFF;
 44 | }
 45 | a:hover {
 46 |     text-decoration: none;
 47 | }
 48 | 
 49 | #title {
 50 |     margin: .25em 0;
 51 | }
 52 | 
 53 | #create {
 54 |     margin-top: 1em;
 55 |     float: right;
 56 | }
 57 | table {
 58 |     width: 100%;
 59 | }
 60 | 
 61 | tr:nth-child(even) {
 62 |     background-color: #EEEEEE;
 63 | }
 64 | 
 65 | th {
 66 |     background-color: #f79232;
 67 | }
 68 | td {
 69 |     padding: .25em;
 70 | }
 71 | #content li {
 72 |     margin: 1em;
 73 | }
 74 | legend {
 75 |     display: none;
 76 | }
 77 | fieldset {
 78 |     border-width: 0;
 79 | }
 80 | 
 81 | label {
 82 |     display: block;
 83 |     margin: .5em .5em .5em 0;
 84 |     font-weight: bold;
 85 | }
 86 | label[for=remember] {
 87 |     display: inline-block;
 88 | }
 89 | textarea {
 90 |     width: 95%;
 91 |     height: 10em;
 92 | }
 93 | input {
 94 |     padding: .15em;
 95 | }
 96 | input[type=text] {
 97 |     width: 25em;
 98 | }
 99 | #submit {
100 |     margin-top: 1em;
101 | }
102 | 
103 | .errors {
104 |     color: red;
105 | }
106 | .success {
107 |     color: green;
108 |     font-weight: bold;
109 |     font-size: 1.5em;
110 | }


--------------------------------------------------------------------------------
/spring-security-db/src/main/webapp/resources/img/springsource.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/skprasadu/spring-security-examples/dadd0da3a5c41dc600a72b800a0cf4fffc1fc18f/spring-security-db/src/main/webapp/resources/img/springsource.png


--------------------------------------------------------------------------------
/spring-security-db/src/main/webapp/resources/img/ssbooklogo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/skprasadu/spring-security-examples/dadd0da3a5c41dc600a72b800a0cf4fffc1fc18f/spring-security-db/src/main/webapp/resources/img/ssbooklogo.png


--------------------------------------------------------------------------------
/spring-security-db/src/test/java/com/example/springsecurity/web/controllers/Video1SpringInmemoryUserdetailServiceControllerTest.java:
--------------------------------------------------------------------------------
 1 | package com.example.springsecurity.web.controllers;
 2 | 
 3 | import org.junit.runner.RunWith;
 4 | import org.springframework.test.context.ContextConfiguration;
 5 | import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 6 | 
 7 | import com.example.springsecurity.web.controllers.util.SecurityControllerTest;
 8 | import com.example.springsecurity.web.controllers.util.WebContextLoader;
 9 | 
10 | @RunWith(SpringJUnit4ClassRunner.class)
11 | @ContextConfiguration(loader = WebContextLoader.class, value = {
12 | 		"classpath:/META-INF/spring/video1-spring-inmemory-userdetailservice-config/services.xml",
13 | 		"classpath:/META-INF/spring/video1-spring-inmemory-userdetailservice-config/security.xml",
14 | 		"classpath:/META-INF/spring/video1-spring-inmemory-userdetailservice-config/mvc-config.xml" })
15 | public class Video1SpringInmemoryUserdetailServiceControllerTest extends SecurityControllerTest {
16 | }
17 | 


--------------------------------------------------------------------------------
/spring-security-db/src/test/java/com/example/springsecurity/web/controllers/Video2CustomUserDetailsServiceControllerTest.java:
--------------------------------------------------------------------------------
 1 | package com.example.springsecurity.web.controllers;
 2 | 
 3 | import org.junit.runner.RunWith;
 4 | import org.springframework.test.context.ContextConfiguration;
 5 | import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 6 | 
 7 | import com.example.springsecurity.web.controllers.util.SecurityControllerTest;
 8 | import com.example.springsecurity.web.controllers.util.WebContextLoader;
 9 | 
10 | @RunWith(SpringJUnit4ClassRunner.class)
11 | @ContextConfiguration(loader = WebContextLoader.class, value = { "classpath:/META-INF/spring/video2-custom-userdetailservice-config/services.xml",
12 | 		"classpath:/META-INF/spring/video2-custom-userdetailservice-config/security.xml",
13 | 		"classpath:/META-INF/spring/video2-custom-userdetailservice-config/mvc-config.xml", 
14 | 		"classpath:/META-INF/spring/video2-custom-userdetailservice-config/ipTokenRepository.xml" })
15 | public class Video2CustomUserDetailsServiceControllerTest extends SecurityControllerTest {
16 | }
17 | 


--------------------------------------------------------------------------------
/spring-security-db/src/test/java/com/example/springsecurity/web/controllers/Video3JdbcUserServiceControllerTest.java:
--------------------------------------------------------------------------------
 1 | package com.example.springsecurity.web.controllers;
 2 | 
 3 | import org.junit.runner.RunWith;
 4 | import org.springframework.test.context.ContextConfiguration;
 5 | import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 6 | 
 7 | import com.example.springsecurity.web.controllers.util.SecurityControllerTest;
 8 | import com.example.springsecurity.web.controllers.util.WebContextLoader;
 9 | 
10 | @RunWith(SpringJUnit4ClassRunner.class)
11 | @ContextConfiguration(loader = WebContextLoader.class, value = { "classpath:/META-INF/spring/video3-jdbc-user-service-config/services.xml",
12 | 		"classpath:/META-INF/spring/video3-jdbc-user-service-config/security.xml",
13 | 		"classpath:/META-INF/spring/video3-jdbc-user-service-config/mvc-config.xml" })
14 | public class Video3JdbcUserServiceControllerTest extends SecurityControllerTest {
15 | }
16 | 


--------------------------------------------------------------------------------
/spring-security-db/src/test/java/com/example/springsecurity/web/controllers/util/WebContextLoader.java:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Copyright 2011 the original author or authors.
 3 |  *
 4 |  * Licensed under the Apache License, Version 2.0 (the "License");
 5 |  * you may not use this file except in compliance with the License.
 6 |  * You may obtain a copy of the License at
 7 |  *
 8 |  *      http://www.apache.org/licenses/LICENSE-2.0
 9 |  *
10 |  * Unless required by applicable law or agreed to in writing, software
11 |  * distributed under the License is distributed on an "AS IS" BASIS,
12 |  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 |  * See the License for the specific language governing permissions and
14 |  * limitations under the License.
15 |  */
16 | package com.example.springsecurity.web.controllers.util;
17 | 
18 | 
19 | public class WebContextLoader extends GenericWebContextLoader {
20 | 
21 | 	public WebContextLoader() {
22 | 		super("src/main/webapp", false);
23 | 	}
24 | 
25 | }
26 | 


--------------------------------------------------------------------------------
/spring-security-db/src/test/resources/META-INF/spring/video1-spring-inmemory-userdetailservice-config/mvc-config.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <beans xmlns="http://www.springframework.org/schema/beans"
 3 | 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4 | 	xmlns:context="http://www.springframework.org/schema/context"
 5 | 	xmlns:mvc="http://www.springframework.org/schema/mvc"
 6 | 	xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd
 7 | 		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
 8 | 		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">
 9 | 
10 |     <!-- Load com.example.springsecurity.web.config.WebMvcConfig -->
11 |     <context:component-scan base-package="com.example.springsecurity.web"/>
12 | 
13 | 	<mvc:resources mapping="/resources/**" location="/resources/" /> 
14 | 	<mvc:view-controller path="/login/form" view-name="/login"/>    
15 | </beans>


--------------------------------------------------------------------------------
/spring-security-db/src/test/resources/META-INF/spring/video1-spring-inmemory-userdetailservice-config/security.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <bean:beans xmlns:bean="http://www.springframework.org/schema/beans"
 3 |     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4 |     xmlns="http://www.springframework.org/schema/security"
 5 |     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
 6 |         http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
 7 | 
 8 | 
 9 |     <http pattern="/resources/**" security="none"/>
10 |     <http auto-config="true" use-expressions="true" create-session="ifRequired">
11 |         <intercept-url pattern="/"
12 |                 access="hasRole('ROLE_ANONYMOUS') or hasRole('ROLE_USER')"/>
13 |         <intercept-url pattern="/login/*"
14 |                 access="hasRole('ROLE_ANONYMOUS') or hasRole('ROLE_USER')"/>
15 |         <intercept-url pattern="/logout"
16 |                 access="hasRole('ROLE_ANONYMOUS') or hasRole('ROLE_USER')"/>
17 |         <intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')"/>
18 |         <intercept-url pattern="/events/" access="hasRole('ROLE_ADMIN')"/>
19 |         <intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>
20 | 
21 |         <form-login login-page="/login/form"
22 |                 login-processing-url="/login"
23 |                 username-parameter="username"
24 |                 password-parameter="password"
25 |                 authentication-failure-url="/login/form?error"/>
26 |         <logout logout-url="/logout"
27 |                 logout-success-url="/login/form?logout"/>
28 |     </http>
29 |     <authentication-manager>
30 |         <authentication-provider>
31 |             <user-service>
32 |                 <user name="user1@example.com"
33 |                         password="user1"
34 |                         authorities="ROLE_USER"/>
35 |                 <user name="admin1@example.com"
36 |                         password="admin1"
37 |                         authorities="ROLE_USER,ROLE_ADMIN"/>
38 |             </user-service>
39 |         </authentication-provider>
40 |     </authentication-manager>
41 | </bean:beans>
42 | 


--------------------------------------------------------------------------------
/spring-security-db/src/test/resources/META-INF/spring/video1-spring-inmemory-userdetailservice-config/services.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <beans xmlns="http://www.springframework.org/schema/beans"
 3 |     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4 |     xmlns:jdbc="http://www.springframework.org/schema/jdbc"
 5 |     xmlns:tx="http://www.springframework.org/schema/tx"
 6 |     xmlns:p="http://www.springframework.org/schema/p"
 7 |     xmlns:context="http://www.springframework.org/schema/context"
 8 |     xsi:schemaLocation="http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc.xsd
 9 |         http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
10 |         http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
11 |         http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd">
12 | 
13 |     <context:component-scan base-package="com.example.springsecurity">
14 |         <context:exclude-filter type="regex" expression="com.example.springsecurity.web.*"/>
15 |     </context:component-scan>
16 | 
17 |     <tx:annotation-driven />
18 | 
19 |     <jdbc:embedded-database id="dataSource" type="H2">
20 |         <jdbc:script location="classpath:/database/h2/calendar-schema.sql"/>
21 |         <jdbc:script location="classpath:/database/h2/calendar-data.sql"/>
22 |     </jdbc:embedded-database>
23 | 
24 |     <bean id="transactionManager"
25 |           class="org.springframework.jdbc.datasource.DataSourceTransactionManager"
26 |           p:dataSource-ref="dataSource"/>
27 | 
28 |     <bean id="jdbcTemplate"
29 |           class="org.springframework.jdbc.core.JdbcTemplate"
30 |           p:dataSource-ref="dataSource"/>
31 | </beans>


--------------------------------------------------------------------------------
/spring-security-db/src/test/resources/META-INF/spring/video2-custom-userdetailservice-config/cleaner.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <beans xmlns="http://www.springframework.org/schema/beans"
 3 |     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4 |     xmlns:p="http://www.springframework.org/schema/p"
 5 |     xmlns:task="http://www.springframework.org/schema/task"
 6 |     xsi:schemaLocation="http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task-3.1.xsd
 7 |         http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd">
 8 | 
 9 |     <bean id="tokenRepositoryCleaner"
10 |                 class="com.example.springsecurity.web.authentication.rememberme.JdbcTokenRepositoryImplCleaner">
11 |             <constructor-arg ref="jdbcTemplate"/>
12 |             <constructor-arg value="600000"/>
13 |     </bean>
14 | 
15 |     <!-- This is only a very basic configuration, please read more about
16 |         Spring's tasks to learn how to control things like pooling.
17 |         http://static.springsource.org/spring/docs/3.1.x/spring-framework-reference/html/scheduling.html
18 |     -->
19 |     <task:scheduled-tasks>
20 |         <task:scheduled ref="tokenRepositoryCleaner"
21 |                 method="run"
22 |                 fixed-delay="600000"/>
23 |     </task:scheduled-tasks>
24 | </beans>


--------------------------------------------------------------------------------
/spring-security-db/src/test/resources/META-INF/spring/video2-custom-userdetailservice-config/ipTokenRepository.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <beans xmlns="http://www.springframework.org/schema/beans"
 3 |     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4 |     xmlns:p="http://www.springframework.org/schema/p"
 5 |     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
 6 |         http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">
 7 | 
 8 |     <bean id="remembermeServices"
 9 |             class="org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices">
10 |         <!-- must match remember-me's key attribute -->
11 |         <constructor-arg value="jbcpCalendar"/>
12 |         <!-- used to login the user after we login -->
13 |         <constructor-arg ref="userDetailsService"/>
14 |         <!-- the PersistentTokenRepository to use -->
15 |         <constructor-arg ref="tokenRepository"/>
16 |         <property name="parameter" value="rememberme"/>
17 |         <property name="cookieName" value="rememberme"/>
18 |     </bean>
19 |     <bean id="tokenRepository" class="com.example.springsecurity.web.authentication.rememberme.IpAwarePersistentTokenRepository">
20 |         <constructor-arg>
21 |             <bean class="org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl">
22 |                 <property name="dataSource" ref="dataSource"/>
23 |             </bean>
24 |         </constructor-arg>
25 |     </bean>
26 | </beans>
27 | 


--------------------------------------------------------------------------------
/spring-security-db/src/test/resources/META-INF/spring/video2-custom-userdetailservice-config/mvc-config.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <beans xmlns="http://www.springframework.org/schema/beans"
 3 | 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4 | 	xmlns:context="http://www.springframework.org/schema/context"
 5 | 	xmlns:mvc="http://www.springframework.org/schema/mvc"
 6 | 	xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
 7 | 		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
 8 | 		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
 9 | 
10 |     <!-- Load com.example.springsecurity.web.config.WebMvcConfig -->
11 |     <context:component-scan base-package="com.example.springsecurity.web"/>
12 | 
13 | 	<mvc:resources mapping="/resources/**" location="/resources/" /> 
14 | 	<mvc:view-controller path="/login/form" view-name="/login"/>    
15 | </beans>


--------------------------------------------------------------------------------
/spring-security-db/src/test/resources/META-INF/spring/video2-custom-userdetailservice-config/security.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <bean:beans xmlns:bean="http://www.springframework.org/schema/beans"
 3 |     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4 |     xmlns="http://www.springframework.org/schema/security"
 5 |     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
 6 |         http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
 7 | 
 8 |     <http pattern="/resources/**" security="none"/>
 9 |     <http auto-config="true" use-expressions="true">
10 |         <intercept-url pattern="/"
11 |                 access="permitAll"/>
12 |         <intercept-url pattern="/login/*"
13 |                 access="permitAll"/>
14 |         <intercept-url pattern="/signup/*"
15 |                 access="permitAll"/>
16 |         <intercept-url pattern="/logout"
17 |                 access="permitAll"/>
18 |         <intercept-url pattern="/errors/**"
19 |                 access="permitAll"/>
20 |         <intercept-url pattern="/events/"
21 |                 access="hasRole('ROLE_ADMIN')"/>
22 |         <intercept-url pattern="/admin/**"
23 |                 access="hasRole('ROLE_ADMIN') and fullyAuthenticated"/>
24 |         <intercept-url pattern="/**"
25 |                 access="hasRole('ROLE_USER')"/>
26 |         <access-denied-handler error-page="/errors/403"/>
27 |         <form-login login-page="/login/form"
28 |                 login-processing-url="/login"
29 |                 username-parameter="username"
30 |                 password-parameter="password"
31 |                 authentication-failure-url="/login/form?error"
32 |                 default-target-url="/default"/>
33 |         <remember-me key="jbcpCalendar"
34 |                 services-ref="remembermeServices"/>
35 |         <logout logout-url="/logout"
36 |                 logout-success-url="/login/form?logout"/>
37 |     </http>
38 |     <authentication-manager>
39 |         <authentication-provider>
40 |             <user-service id="userDetailsService">
41 |                 <user name="user1@example.com"
42 |                         password="user1"
43 |                         authorities="ROLE_USER"/>
44 |                 <user name="admin1@example.com"
45 |                         password="admin1"
46 |                         authorities="ROLE_USER,ROLE_ADMIN"/>
47 |             </user-service>
48 |         </authentication-provider>
49 |     </authentication-manager>
50 | </bean:beans>
51 | 


--------------------------------------------------------------------------------
/spring-security-db/src/test/resources/META-INF/spring/video2-custom-userdetailservice-config/services.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <beans xmlns="http://www.springframework.org/schema/beans"
 3 |     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4 |     xmlns:jdbc="http://www.springframework.org/schema/jdbc"
 5 |     xmlns:tx="http://www.springframework.org/schema/tx"
 6 |     xmlns:p="http://www.springframework.org/schema/p"
 7 |     xmlns:context="http://www.springframework.org/schema/context"
 8 |     xsi:schemaLocation="http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd
 9 |         http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
10 |         http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
11 |         http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd">
12 | 
13 |     <context:component-scan base-package="com.example.springsecurity">
14 |         <context:exclude-filter type="regex" expression="com.example.springsecurity.web.*"/>
15 |     </context:component-scan>
16 | 
17 |     <tx:annotation-driven />
18 | 
19 |     <jdbc:embedded-database id="dataSource" type="H2">
20 |         <jdbc:script location="classpath:/database/h2/calendar-schema.sql"/>
21 |         <jdbc:script location="classpath:/database/h2/calendar-data.sql"/>
22 |         <jdbc:script location="classpath:/database/h2/security-rememberme-schema.sql"/>
23 |     </jdbc:embedded-database>
24 | 
25 |     <bean id="transactionManager"
26 |           class="org.springframework.jdbc.datasource.DataSourceTransactionManager"
27 |           p:dataSource-ref="dataSource"/>
28 | 
29 |     <bean id="jdbcTemplate"
30 |           class="org.springframework.jdbc.core.JdbcTemplate"
31 |           p:dataSource-ref="dataSource"/>
32 | </beans>


--------------------------------------------------------------------------------
/spring-security-db/src/test/resources/META-INF/spring/video3-jdbc-user-service-config/database/h2/calendar-authorities.sql:
--------------------------------------------------------------------------------
 1 | create table calendar_user_authorities (
 2 |     id bigint identity,
 3 |     calendar_user bigint not null,
 4 |     authority varchar(256) not null,
 5 | );
 6 | 
 7 | -- user1@example.com
 8 | insert into calendar_user_authorities(calendar_user, authority) select id,'ROLE_USER' from calendar_users where email='user1@example.com';
 9 | 
10 | -- admin1@example.com
11 | insert into calendar_user_authorities(calendar_user, authority) select id,'ROLE_ADMIN' from calendar_users where email='admin1@example.com';
12 | insert into calendar_user_authorities(calendar_user, authority) select id,'ROLE_USER' from calendar_users where email='admin1@example.com';
13 | 
14 | -- user2@example.com
15 | insert into calendar_user_authorities(calendar_user, authority) select id,'ROLE_USER' from calendar_users where email='user2@example.com';
16 | 


--------------------------------------------------------------------------------
/spring-security-db/src/test/resources/META-INF/spring/video3-jdbc-user-service-config/database/h2/calendar-data.sql:
--------------------------------------------------------------------------------
1 | insert into calendar_users(id,email,password,first_name,last_name) values (0,'user1@example.com','user1','User','1');
2 | insert into calendar_users(id,email,password,first_name,last_name) values (1,'admin1@example.com','admin1','Admin','1');
3 | insert into calendar_users(id,email,password,first_name,last_name) values (2,'user2@example.com','user2','User','2');
4 | 
5 | insert into events (id,when,summary,description,owner,attendee) values (100,'2013-10-04 20:30:00','Birthday Party','This is going to be a great birthday',0,1);
6 | insert into events (id,when,summary,description,owner,attendee) values (101,'2013-12-23 13:00:00','Conference Call','Call with the client',2,0);
7 | insert into events (id,when,summary,description,owner,attendee) values (102,'2014-01-23 11:30:00','Lunch','Eating lunch together',1,2);


--------------------------------------------------------------------------------
/spring-security-db/src/test/resources/META-INF/spring/video3-jdbc-user-service-config/database/h2/calendar-saltedsha256.sql:
--------------------------------------------------------------------------------
1 | update calendar_users set password = '38aab7ba97bd6bb2e51add1e5617eabfc8d13ec85c004e909eec4b70172437ae85e0c56e43fe51b0' where email = 'user1@example.com';
2 | update calendar_users set password = '98afcd6f54569da7fea7fe4b1bf79d59dd27e559d38ee75cabd796f43058ebe15f201dfd453942e0' where email = 'admin1@example.com';
3 | update calendar_users set password = '429d7af2097fb1a0a3a4050bff17d8189cb2244aef52476cad2fef3bcc7338078dbf73644494554a' where email = 'user2@example.com';


--------------------------------------------------------------------------------
/spring-security-db/src/test/resources/META-INF/spring/video3-jdbc-user-service-config/database/h2/calendar-schema.sql:
--------------------------------------------------------------------------------
 1 | create table calendar_users (
 2 |     id bigint identity,
 3 |     email varchar(256) not null unique,
 4 |     password varchar(256) not null,
 5 |     first_name varchar(256) not null,
 6 |     last_name varchar(256) not null
 7 | );
 8 | 
 9 | create table events (
10 |     id bigint identity,
11 |     when timestamp not null,
12 |     summary varchar(256) not null,
13 |     description varchar(500) not null,
14 |     owner bigint not null,
15 |     attendee bigint not null,
16 |     FOREIGN KEY(owner) REFERENCES calendar_users(id),
17 |     FOREIGN KEY(attendee) REFERENCES calendar_users(id)
18 | );


--------------------------------------------------------------------------------
/spring-security-db/src/test/resources/META-INF/spring/video3-jdbc-user-service-config/database/h2/calendar-sha256.sql:
--------------------------------------------------------------------------------
1 | update calendar_users set password = '0a041b9462caa4a31bac3567e0b6e6fd9100787db2ab433d96f6d178cabfce90' where email = 'user1@example.com';
2 | update calendar_users set password = '25f43b1486ad95a1398e3eeb3d83bc4010015fcc9bedb35b432e00298d5021f7' where email = 'admin1@example.com';
3 | update calendar_users set password = '6025d18fe48abd45168528f18a82e265dd98d421a7084aa09f61b341703901a3' where email = 'user2@example.com';


--------------------------------------------------------------------------------
/spring-security-db/src/test/resources/META-INF/spring/video3-jdbc-user-service-config/database/h2/security-groups-mappings.sql:
--------------------------------------------------------------------------------
 1 | -----
 2 | -- Create the Groups
 3 | insert into groups(group_name) values ('Users');
 4 | insert into groups(group_name) values ('Administrators');
 5 | 
 6 | -----
 7 | -- Map the Groups to Roles
 8 | insert into group_authorities(group_id, authority) select id,'ROLE_USER' from groups where group_name='Users';
 9 | -- Administrators are both a ROLE_USER and ROLE_ADMIN
10 | insert into group_authorities(group_id, authority) select id,'ROLE_USER' from groups where group_name='Administrators';
11 | insert into group_authorities(group_id, authority) select id,'ROLE_ADMIN' from groups where group_name='Administrators';
12 | 
13 | -----
14 | -- Map the users to Groups
15 | insert into group_members(group_id, username) select id,'user1@example.com' from groups where group_name='Users';
16 | insert into group_members(group_id, username) select id,'admin1@example.com' from groups where group_name='Administrators';
17 | insert into group_members(group_id, username) select id,'user2@example.com' from groups where group_name='Users';
18 | insert into group_members(group_id, username) select id,'disabled1@example.com' from groups where group_name='Users';


--------------------------------------------------------------------------------
/spring-security-db/src/test/resources/META-INF/spring/video3-jdbc-user-service-config/database/h2/security-groups-schema.sql:
--------------------------------------------------------------------------------
 1 | 
 2 | create table groups (
 3 |     id bigint generated by default as identity(start with 0) primary key,
 4 |     group_name varchar(256) not null
 5 | );
 6 | 
 7 | create table group_authorities (
 8 |     group_id bigint not null,
 9 |     authority varchar(50) not null,
10 |     constraint fk_group_authorities_group foreign key(group_id) references groups(id)
11 | );
12 | 
13 | create table group_members (
14 |     id bigint generated by default as identity(start with 0) primary key,
15 |     username varchar(50) not null,
16 |     group_id bigint not null,
17 |     constraint fk_group_members_group foreign key(group_id) references groups(id)
18 | );


--------------------------------------------------------------------------------
/spring-security-db/src/test/resources/META-INF/spring/video3-jdbc-user-service-config/database/h2/security-schema.sql:
--------------------------------------------------------------------------------
 1 | -- ref. Appendix A of Spring Sec 3.1 manual
 2 | 
 3 | create table users(
 4 |     username varchar(256) not null primary key,
 5 |     password varchar(256) not null,
 6 |     enabled boolean not null
 7 | );
 8 | 
 9 | create table authorities (
10 |     username varchar(256) not null,
11 |     authority varchar(256) not null,
12 |     constraint fk_authorities_users foreign key(username) references users(username)
13 | );
14 | create unique index ix_auth_username on authorities (username,authority);
15 | 


--------------------------------------------------------------------------------
/spring-security-db/src/test/resources/META-INF/spring/video3-jdbc-user-service-config/database/h2/security-user-authorities.sql:
--------------------------------------------------------------------------------
1 | insert into authorities(username,authority) values ('user1@example.com','ROLE_USER');
2 | insert into authorities(username,authority) values ('admin1@example.com','ROLE_ADMIN');
3 | insert into authorities(username,authority) values ('admin1@example.com','ROLE_USER');
4 | insert into authorities(username,authority) values ('user2@example.com','ROLE_USER');
5 | insert into authorities(username,authority) values ('disabled1@example.com','ROLE_USER');


--------------------------------------------------------------------------------
/spring-security-db/src/test/resources/META-INF/spring/video3-jdbc-user-service-config/database/h2/security-users.sql:
--------------------------------------------------------------------------------
1 | insert into users (username,password,enabled) values ('user1@example.com','user1',1);
2 | insert into users (username,password,enabled) values ('admin1@example.com','admin1',1);
3 | insert into users (username,password,enabled) values ('user2@example.com','admin1',1);
4 | insert into users (username,password,enabled) values ('disabled1@example.com','disabled1',0);


--------------------------------------------------------------------------------
/spring-security-db/src/test/resources/META-INF/spring/video3-jdbc-user-service-config/mvc-config.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <beans xmlns="http://www.springframework.org/schema/beans"
 3 | 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4 | 	xmlns:context="http://www.springframework.org/schema/context"
 5 | 	xmlns:mvc="http://www.springframework.org/schema/mvc"
 6 | 	xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
 7 | 		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
 8 | 		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
 9 | 
10 |     <!-- Load com.example.springsecurity.web.config.WebMvcConfig -->
11 |     <context:component-scan base-package="com.example.springsecurity.web"/>
12 | 
13 | 	<mvc:resources mapping="/resources/**" location="/resources/" /> 
14 | 	<mvc:view-controller path="/login/form" view-name="/login"/>    
15 | </beans>


--------------------------------------------------------------------------------
/spring-security-db/src/test/resources/META-INF/spring/video3-jdbc-user-service-config/services.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <beans xmlns="http://www.springframework.org/schema/beans"
 3 |     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4 |     xmlns:jdbc="http://www.springframework.org/schema/jdbc"
 5 |     xmlns:tx="http://www.springframework.org/schema/tx"
 6 |     xmlns:p="http://www.springframework.org/schema/p"
 7 |     xmlns:context="http://www.springframework.org/schema/context"
 8 |     xsi:schemaLocation="http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd
 9 |         http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
10 |         http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
11 |         http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd">
12 | 
13 |     <context:component-scan base-package="com.example.springsecurity">
14 |         <context:exclude-filter type="regex" expression="com.example.springsecurity.web.*"/>
15 |     </context:component-scan>
16 | 
17 |     <tx:annotation-driven />
18 | 
19 |     <jdbc:embedded-database id="dataSource" type="H2">
20 |         <jdbc:script location="classpath:/META-INF/spring/video3-jdbc-user-service-config/database/h2/calendar-schema.sql"/>
21 |         <jdbc:script location="classpath:/META-INF/spring/video3-jdbc-user-service-config/database/h2/calendar-data.sql"/>
22 |         <jdbc:script location="classpath:/META-INF/spring/video3-jdbc-user-service-config/database/h2/calendar-authorities.sql"/>
23 |         <jdbc:script location="classpath:/META-INF/spring/video3-jdbc-user-service-config/database/h2/calendar-saltedsha256.sql"/>
24 |     </jdbc:embedded-database>
25 | 
26 |     <bean id="transactionManager"
27 |           class="org.springframework.jdbc.datasource.DataSourceTransactionManager"
28 |           p:dataSource-ref="dataSource"/>
29 | 
30 |     <bean id="jdbcTemplate"
31 |           class="org.springframework.jdbc.core.JdbcTemplate"
32 |           p:dataSource-ref="dataSource"/>
33 | </beans>


--------------------------------------------------------------------------------
/spring-security-ldap/README.md:
--------------------------------------------------------------------------------
1 | Spring Security
2 | ===============
3 | 
4 | To get up quickly, download the code and run the below commands,
5 | 
6 |     mvn clean test -Dtest=com.example.springsecurity.web.controllers.Video4LdapProviderControlerTest
7 |     
8 | And debug the code.


--------------------------------------------------------------------------------
/spring-security-ldap/src/main/java/com/example/springsecurity/dataaccess/CalendarUserDao.java:
--------------------------------------------------------------------------------
 1 | package com.example.springsecurity.dataaccess;
 2 | 
 3 | import java.util.List;
 4 | 
 5 | import org.springframework.dao.EmptyResultDataAccessException;
 6 | 
 7 | import com.example.springsecurity.domain.CalendarUser;
 8 | 
 9 | /**
10 |  * An interface for managing {@link CalendarUser} instances.
11 |  *
12 |  * 
13 |  *
14 |  */
15 | public interface CalendarUserDao {
16 | 
17 |     /**
18 |      * Gets a {@link CalendarUser} for a specific {@link CalendarUser#getId()}.
19 |      *
20 |      * @param id
21 |      *            the {@link CalendarUser#getId()} of the {@link CalendarUser} to find.
22 |      * @return a {@link CalendarUser} for the given id. Cannot be null.
23 |      * @throws EmptyResultDataAccessException
24 |      *             if the {@link CalendarUser} cannot be found
25 |      */
26 |     CalendarUser getUser(int id);
27 | 
28 |     /**
29 |      * Finds a given {@link CalendarUser} by email address.
30 |      *
31 |      * @param email
32 |      *            the email address to use to find a {@link CalendarUser}. Cannot be null.
33 |      * @return a {@link CalendarUser} for the given email or null if one could not be found.
34 |      * @throws IllegalArgumentException
35 |      *             if email is null.
36 |      */
37 |     CalendarUser findUserByEmail(String email);
38 | 
39 | 
40 |     /**
41 |      * Finds any {@link CalendarUser} that has an email that starts with {@code partialEmail}.
42 |      *
43 |      * @param partialEmail
44 |      *            the email address to use to find {@link CalendarUser}s. Cannot be null or empty String.
45 |      * @return a List of {@link CalendarUser}s that have an email that starts with given partialEmail. The returned value
46 |      *         will never be null. If no results are found an empty List will be returned.
47 |      * @throws IllegalArgumentException
48 |      *             if email is null or empty String.
49 |      */
50 |     List<CalendarUser> findUsersByEmail(String partialEmail);
51 | 
52 |     /**
53 |      * Creates a new {@link CalendarUser}.
54 |      *
55 |      * @param user
56 |      *            the new {@link CalendarUser} to create. The {@link CalendarUser#getId()} must be null.
57 |      * @return the new {@link CalendarUser#getId()}.
58 |      * @throws IllegalArgumentException
59 |      *             if {@link CalendarUser#getId()} is non-null.
60 |      */
61 |     int createUser(CalendarUser user);
62 | }
63 | 


--------------------------------------------------------------------------------
/spring-security-ldap/src/main/java/com/example/springsecurity/dataaccess/EventDao.java:
--------------------------------------------------------------------------------
 1 | package com.example.springsecurity.dataaccess;
 2 | 
 3 | import java.util.List;
 4 | 
 5 | import com.example.springsecurity.domain.Event;
 6 | import com.example.springsecurity.domain.CalendarUser;
 7 | 
 8 | /**
 9 |  * An interface for managing {@link Event}'s.
10 |  *
11 |  * 
12 |  *
13 |  */
14 | public interface EventDao {
15 | 
16 |     /**
17 |      * Given an id gets an {@link Event}.
18 |      *
19 |      * @param eventId
20 |      *            the {@link Event#getId()}
21 |      * @return the {@link Event}. Cannot be null.
22 |      * @throws RuntimeException
23 |      *             if the {@link Event} cannot be found.
24 |      */
25 |     Event getEvent(int eventId);
26 | 
27 |     /**
28 |      * Creates a {@link Event} and returns the new id for that {@link Event}.
29 |      *
30 |      * @param message
31 |      *            the {@link Event} to create. Note that the {@link Event#getId()} should be null.
32 |      * @return the new id for the {@link Event}
33 |      * @throws RuntimeException
34 |      *             if {@link Event#getId()} is non-null.
35 |      */
36 |     int createEvent(Event event);
37 | 
38 |     /**
39 |      * Finds the {@link Event}'s that are intended for the {@link CalendarUser}.
40 |      *
41 |      * @param userId
42 |      *            the {@link CalendarUser#getId()} to obtain {@link Event}'s for.
43 |      * @return a non-null {@link List} of {@link Event}'s intended for the specified {@link CalendarUser}. If the
44 |      *         {@link CalendarUser} does not exist an empty List will be returned.
45 |      */
46 |     List<Event> findForUser(int userId);
47 | 
48 |     /**
49 |      * Gets all the available {@link Event}'s.
50 |      *
51 |      * @return a non-null {@link List} of {@link Event}'s
52 |      */
53 |     List<Event> getEvents();
54 | }
55 | 


--------------------------------------------------------------------------------
/spring-security-ldap/src/main/java/com/example/springsecurity/ldap/userdetails/ad/ActiveDirectoryLdapAuthoritiesPopulator.java:
--------------------------------------------------------------------------------
 1 | package com.example.springsecurity.ldap.userdetails.ad;
 2 | 
 3 | import java.util.ArrayList;
 4 | import java.util.Collection;
 5 | import java.util.List;
 6 | 
 7 | import org.springframework.ldap.core.DirContextOperations;
 8 | import org.springframework.ldap.core.DistinguishedName;
 9 | import org.springframework.ldap.core.LdapRdn;
10 | import org.springframework.security.core.GrantedAuthority;
11 | import org.springframework.security.core.authority.SimpleGrantedAuthority;
12 | import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider;
13 | import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
14 | 
15 | /**
16 |  * An {@link LdapAuthoritiesPopulator} that is based on the {@link ActiveDirectoryLdapAuthenticationProvider}. The
17 |  * implementation obtains the {@link GrantedAuthority}'s from the userData's memberOf attribute. It then uses the last
18 |  * {@link LdapRdn}'s value as the {@link GrantedAuthority}.
19 |  *
20 |  * 
21 |  * @see ActiveDirectoryLdapAuthenticationProvider
22 |  */
23 | public final class ActiveDirectoryLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator {
24 | 
25 |     @Override
26 |     public Collection<? extends GrantedAuthority> getGrantedAuthorities(DirContextOperations userData, String username) {
27 |         String[] groups = userData.getStringAttributes("memberOf");
28 |         List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
29 | 
30 |         for (String group : groups) {
31 |             LdapRdn authority = new DistinguishedName(group).removeLast();
32 |             authorities.add(new SimpleGrantedAuthority(authority.getValue()));
33 |         }
34 |         return authorities;
35 |     }
36 | }


--------------------------------------------------------------------------------
/spring-security-ldap/src/main/java/com/example/springsecurity/service/DefaultCalendarService.java:
--------------------------------------------------------------------------------
 1 | package com.example.springsecurity.service;
 2 | 
 3 | import java.util.List;
 4 | 
 5 | import org.springframework.beans.factory.annotation.Autowired;
 6 | import org.springframework.stereotype.Repository;
 7 | 
 8 | import com.example.springsecurity.dataaccess.EventDao;
 9 | import com.example.springsecurity.dataaccess.CalendarUserDao;
10 | import com.example.springsecurity.domain.Event;
11 | import com.example.springsecurity.domain.CalendarUser;
12 | 
13 | /**
14 |  * A default implementation of {@link CalendarService} that delegates to {@link EventDao} and {@link CalendarUserDao}.
15 |  *
16 |  * 
17 |  *
18 |  */
19 | @Repository
20 | public class DefaultCalendarService implements CalendarService {
21 |     private final EventDao eventDao;
22 |     private final CalendarUserDao userDao;
23 | 
24 |     @Autowired
25 |     public DefaultCalendarService(EventDao eventDao, CalendarUserDao userDao) {
26 |         if (eventDao == null) {
27 |             throw new IllegalArgumentException("eventDao cannot be null");
28 |         }
29 |         if (userDao == null) {
30 |             throw new IllegalArgumentException("userDao cannot be null");
31 |         }
32 |         this.eventDao = eventDao;
33 |         this.userDao = userDao;
34 |     }
35 | 
36 |     public Event getEvent(int eventId) {
37 |         return eventDao.getEvent(eventId);
38 |     }
39 | 
40 |     public int createEvent(Event event) {
41 |         return eventDao.createEvent(event);
42 |     }
43 | 
44 |     public List<Event> findForUser(int userId) {
45 |         return eventDao.findForUser(userId);
46 |     }
47 | 
48 |     public List<Event> getEvents() {
49 |         return eventDao.getEvents();
50 |     }
51 | 
52 |     public CalendarUser getUser(int id) {
53 |         return userDao.getUser(id);
54 |     }
55 | 
56 |     public CalendarUser findUserByEmail(String email) {
57 |         return userDao.findUserByEmail(email);
58 |     }
59 | 
60 |     public List<CalendarUser> findUsersByEmail(String partialEmail) {
61 |         return userDao.findUsersByEmail(partialEmail);
62 |     }
63 | 
64 |     public int createUser(CalendarUser user) {
65 |         return userDao.createUser(user);
66 |     }
67 | }


--------------------------------------------------------------------------------
/spring-security-ldap/src/main/java/com/example/springsecurity/service/UserContext.java:
--------------------------------------------------------------------------------
 1 | package com.example.springsecurity.service;
 2 | 
 3 | import com.example.springsecurity.domain.CalendarUser;
 4 | 
 5 | /**
 6 |  * Manages the current {@link CalendarUser}. This demonstrates how in larger applications it is good to abstract out
 7 |  * accessing the current user to return the application specific user rather than interacting with Spring Security
 8 |  * classes directly.
 9 |  *
10 |  * 
11 |  *
12 |  */
13 | public interface UserContext {
14 | 
15 |     /**
16 |      * Gets the currently logged in {@link CalendarUser} or null if there is no authenticated user.
17 |      *
18 |      * @return
19 |      */
20 |     CalendarUser getCurrentUser();
21 | 
22 |     /**
23 |      * Sets the currently logged in {@link CalendarUser}.
24 |      * @param user the logged in {@link CalendarUser}. Cannot be null.
25 |      * @throws IllegalArgumentException if the {@link CalendarUser} is null.
26 |      */
27 |     void setCurrentUser(CalendarUser user);
28 | }
29 | 


--------------------------------------------------------------------------------
/spring-security-ldap/src/main/java/com/example/springsecurity/service/UserContextStub.java:
--------------------------------------------------------------------------------
 1 | package com.example.springsecurity.service;
 2 | 
 3 | import org.springframework.beans.factory.annotation.Autowired;
 4 | import org.springframework.stereotype.Component;
 5 | 
 6 | import com.example.springsecurity.dataaccess.CalendarUserDao;
 7 | import com.example.springsecurity.domain.CalendarUser;
 8 | 
 9 | /**
10 |  * Returns the same user for every call to {@link #getCurrentUser()}. This is used prior to adding security, so that the
11 |  * rest of the application can be used.
12 |  *
13 |  * 
14 |  */
15 | @Component
16 | public class UserContextStub implements UserContext {
17 |     private final CalendarUserDao userService;
18 |     /**
19 |      * The {@link CalendarUser#getId()} for the user that is representing the currently logged in user. This can be
20 |      * modified using {@link #setCurrentUser(CalendarUser)}
21 |      */
22 |     private int currentUserId = 0;
23 | 
24 |     @Autowired
25 |     public UserContextStub(CalendarUserDao userService) {
26 |         if (userService == null) {
27 |             throw new IllegalArgumentException("userService cannot be null");
28 |         }
29 |         this.userService = userService;
30 |     }
31 | 
32 |     @Override
33 |     public CalendarUser getCurrentUser() {
34 |         return userService.getUser(currentUserId);
35 |     }
36 | 
37 |     @Override
38 |     public void setCurrentUser(CalendarUser user) {
39 |         if (user == null) {
40 |             throw new IllegalArgumentException("user cannot be null");
41 |         }
42 |         Integer currentId = user.getId();
43 |         if(currentId == null) {
44 |             throw new IllegalArgumentException("user.getId() cannot be null");
45 |         }
46 |         this.currentUserId = currentId;
47 |     }
48 | }


--------------------------------------------------------------------------------
/spring-security-ldap/src/main/java/com/example/springsecurity/web/controllers/AccountController.java:
--------------------------------------------------------------------------------
 1 | package com.example.springsecurity.web.controllers;
 2 | 
 3 | import org.springframework.security.core.Authentication;
 4 | import org.springframework.security.core.context.SecurityContextHolder;
 5 | import org.springframework.security.ldap.userdetails.InetOrgPerson;
 6 | import org.springframework.security.ldap.userdetails.LdapUserDetails;
 7 | import org.springframework.security.ldap.userdetails.Person;
 8 | import org.springframework.stereotype.Controller;
 9 | import org.springframework.ui.Model;
10 | import org.springframework.web.bind.annotation.RequestMapping;
11 | 
12 | /**
13 |  * A controller that allows for viewing of account information.
14 |  *
15 |  * 
16 |  *
17 |  */
18 | @Controller
19 | public class AccountController {
20 |     @RequestMapping("/accounts/my")
21 |     public String view(Model model) {
22 |         Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
23 |         if(authentication == null) {
24 |             throw new IllegalStateException("authentication cannot be null. Make sure you are logged in.");
25 |         }
26 |         Object principal = authentication.getPrincipal();
27 |         model.addAttribute("user", principal);
28 |         model.addAttribute("isLdapUserDetails", principal instanceof LdapUserDetails);
29 |         model.addAttribute("isLdapPerson", principal instanceof Person);
30 |         model.addAttribute("isLdapInetOrgPerson", principal instanceof InetOrgPerson);
31 |         return "accounts/show";
32 |     }
33 | }
34 | 


--------------------------------------------------------------------------------
/spring-security-ldap/src/main/java/com/example/springsecurity/web/controllers/WelcomeController.java:
--------------------------------------------------------------------------------
 1 | package com.example.springsecurity.web.controllers;
 2 | 
 3 | import org.springframework.stereotype.Controller;
 4 | import org.springframework.web.bind.annotation.RequestMapping;
 5 | 
 6 | /**
 7 |  * This displays the welcome screen that shows what will be happening in this chapter.
 8 |  *
 9 |  * 
10 |  *
11 |  */
12 | @Controller
13 | public class WelcomeController {
14 | 
15 |     @RequestMapping("/")
16 |     public String welcome() {
17 |         return "index";
18 |     }
19 | }


--------------------------------------------------------------------------------
/spring-security-ldap/src/main/java/com/example/springsecurity/web/model/CreateEventForm.java:
--------------------------------------------------------------------------------
 1 | package com.example.springsecurity.web.model;
 2 | 
 3 | import java.util.Calendar;
 4 | 
 5 | import javax.validation.constraints.NotNull;
 6 | 
 7 | import org.hibernate.validator.constraints.Email;
 8 | import org.hibernate.validator.constraints.NotEmpty;
 9 | import org.springframework.format.annotation.DateTimeFormat;
10 | 
11 | import com.example.springsecurity.domain.Event;
12 | 
13 | /**
14 |  * A form object that is used for creating a new {@link Event}. Using a different object is one way of preventing
15 |  * malicious users from filling out field that they should not (i.e. fill out a different owner field).
16 |  *
17 |  * 
18 |  *
19 |  */
20 | public class CreateEventForm {
21 |     @NotEmpty(message = "Attendee Email is required")
22 |     @Email(message = "Attendee Email must be a valid email")
23 |     private String attendeeEmail;
24 |     @NotEmpty(message = "Summary is required")
25 |     private String summary;
26 |     @NotEmpty(message = "Description is required")
27 |     private String description;
28 |     @DateTimeFormat(pattern = "yyyy-MM-dd HH:mm")
29 |     @NotNull(message = "Event Date/Time is required")
30 |     private Calendar when;
31 | 
32 |     public String getAttendeeEmail() {
33 |         return attendeeEmail;
34 |     }
35 | 
36 |     public void setAttendeeEmail(String attendeeEmail) {
37 |         this.attendeeEmail = attendeeEmail;
38 |     }
39 | 
40 |     public String getSummary() {
41 |         return summary;
42 |     }
43 | 
44 |     public void setSummary(String summary) {
45 |         this.summary = summary;
46 |     }
47 | 
48 |     public String getDescription() {
49 |         return description;
50 |     }
51 | 
52 |     public void setDescription(String description) {
53 |         this.description = description;
54 |     }
55 | 
56 |     public Calendar getWhen() {
57 |         return when;
58 |     }
59 | 
60 |     public void setWhen(Calendar when) {
61 |         this.when = when;
62 |     }
63 | }


--------------------------------------------------------------------------------
/spring-security-ldap/src/main/resources/database/h2/calendar-data.sql:
--------------------------------------------------------------------------------
1 | insert into calendar_users(id,email,password,first_name,last_name) values (0,'user1@example.com','user1','User','1');
2 | insert into calendar_users(id,email,password,first_name,last_name) values (1,'admin1@example.com','admin1','Admin','1');
3 | insert into calendar_users(id,email,password,first_name,last_name) values (2,'user2@example.com','user2','User','2');
4 | 
5 | insert into events (id,when,summary,description,owner,attendee) values (100,'2013-10-04 20:30:00','Birthday Party','This is going to be a great birthday',0,1);
6 | insert into events (id,when,summary,description,owner,attendee) values (101,'2013-12-23 13:00:00','Conference Call','Call with the client',2,0);
7 | insert into events (id,when,summary,description,owner,attendee) values (102,'2014-01-23 11:30:00','Lunch','Eating lunch together',1,2);


--------------------------------------------------------------------------------
/spring-security-ldap/src/main/resources/database/h2/calendar-schema.sql:
--------------------------------------------------------------------------------
 1 | create table calendar_users (
 2 |     id bigint identity,
 3 |     email varchar(256) not null unique,
 4 |     password varchar(256) not null,
 5 |     first_name varchar(256) not null,
 6 |     last_name varchar(256) not null
 7 | );
 8 | 
 9 | create table events (
10 |     id bigint identity,
11 |     when timestamp not null,
12 |     summary varchar(256) not null,
13 |     description varchar(500) not null,
14 |     owner bigint not null,
15 |     attendee bigint not null,
16 |     FOREIGN KEY(owner) REFERENCES calendar_users(id),
17 |     FOREIGN KEY(attendee) REFERENCES calendar_users(id)
18 | );


--------------------------------------------------------------------------------
/spring-security-ldap/src/main/resources/database/h2/security-rememberme-schema.sql:
--------------------------------------------------------------------------------
1 | create table persistent_logins (
2 |     username varchar_ignorecase(50) not null, 
3 |     series varchar(64) primary key,
4 |     token varchar(64) not null, 
5 |     last_used timestamp not null
6 | );
7 | 


--------------------------------------------------------------------------------
/spring-security-ldap/src/main/resources/log4j.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
 3 | 
 4 | <log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/" debug="false">
 5 |     <appender name="console" class="org.apache.log4j.ConsoleAppender">
 6 |         <param name="Target" value="System.out" />
 7 |         <layout class="org.apache.log4j.PatternLayout">
 8 |             <param name="ConversionPattern" value="%d [%t] %-5p %c - %m%n" />
 9 |         </layout>
10 |     </appender>
11 | 
12 |     <category name="org.springframework.security">
13 |         <priority value="INFO" />
14 |     </category>
15 |     <category name="com.example.springsecurity">
16 |         <priority value="DEBUG" />
17 |     </category>
18 |     
19 | 
20 |     <root>
21 |         <priority value="INFO" />
22 |         <appender-ref ref="console" />
23 |     </root>
24 | </log4j:configuration>
25 | 


--------------------------------------------------------------------------------
/spring-security-ldap/src/main/webapp/WEB-INF/i18n/binding.properties:
--------------------------------------------------------------------------------
1 | typeMismatch.java.util.Date=Please enter a valid date in yyyy-MM-dd HH:mm format.
2 | typeMismatch.createEventForm.when=Please enter a valid date for Event Date/Time in yyyy-MM-dd HH:mm format.


--------------------------------------------------------------------------------
/spring-security-ldap/src/main/webapp/WEB-INF/mvc-config.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <beans xmlns="http://www.springframework.org/schema/beans"
 3 | 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4 | 	xmlns:context="http://www.springframework.org/schema/context"
 5 | 	xmlns:mvc="http://www.springframework.org/schema/mvc"
 6 | 	xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
 7 | 		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
 8 | 		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
 9 | 
10 |     <!-- Load com.example.springsecurity.web.config.WebMvcConfig -->
11 |     <context:component-scan base-package="com.example.springsecurity.web"/>
12 | 
13 | 	<mvc:resources mapping="/resources/**" location="/resources/" /> 
14 | 	<mvc:view-controller path="/login/form" view-name="/login"/>    
15 | </beans>


--------------------------------------------------------------------------------
/spring-security-ldap/src/main/webapp/WEB-INF/spring/cleaner.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <beans xmlns="http://www.springframework.org/schema/beans"
 3 |     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4 |     xmlns:p="http://www.springframework.org/schema/p"
 5 |     xmlns:task="http://www.springframework.org/schema/task"
 6 |     xsi:schemaLocation="http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task-3.1.xsd
 7 |         http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd">
 8 | 
 9 |     <bean id="tokenRepositoryCleaner"
10 |                 class="com.example.springsecurity.web.authentication.rememberme.JdbcTokenRepositoryImplCleaner">
11 |             <constructor-arg ref="jdbcTemplate"/>
12 |             <constructor-arg value="600000"/>
13 |     </bean>
14 | 
15 |     <!-- This is only a very basic configuration, please read more about
16 |         Spring's tasks to learn how to control things like pooling.
17 |         http://static.springsource.org/spring/docs/3.1.x/spring-framework-reference/html/scheduling.html
18 |     -->
19 |     <task:scheduled-tasks>
20 |         <task:scheduled ref="tokenRepositoryCleaner"
21 |                 method="run"
22 |                 fixed-delay="600000"/>
23 |     </task:scheduled-tasks>
24 | </beans>


--------------------------------------------------------------------------------
/spring-security-ldap/src/main/webapp/WEB-INF/spring/i18n.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <beans xmlns="http://www.springframework.org/schema/beans"
 3 |     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4 |     xmlns:p="http://www.springframework.org/schema/p"
 5 |     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
 6 |         http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">
 7 | 
 8 |     <bean class="org.springframework.context.support.ReloadableResourceBundleMessageSource"
 9 |           id="messageSource"
10 |           p:basenames="WEB-INF/i18n/binding"
11 |           p:fallbackToSystemLocale="false"/>
12 | </beans>
13 | 


--------------------------------------------------------------------------------
/spring-security-ldap/src/main/webapp/WEB-INF/spring/ipTokenRepository.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <beans xmlns="http://www.springframework.org/schema/beans"
 3 |     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4 |     xmlns:p="http://www.springframework.org/schema/p"
 5 |     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
 6 |         http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">
 7 | 
 8 |     <bean id="remembermeServices"
 9 |             class="org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices">
10 |         <!-- must match remember-me's key attribute -->
11 |         <constructor-arg value="jbcpCalendar"/>
12 |         <!-- used to login the user after we login -->
13 |         <constructor-arg ref="userDetailsService"/>
14 |         <!-- the PersistentTokenRepository to use -->
15 |         <constructor-arg ref="tokenRepository"/>
16 |         <property name="parameter" value="rememberme"/>
17 |         <property name="cookieName" value="rememberme"/>
18 |     </bean>
19 |     <bean id="tokenRepository" class="com.example.springsecurity.web.authentication.rememberme.IpAwarePersistentTokenRepository">
20 |         <constructor-arg>
21 |             <bean class="org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl">
22 |                 <property name="dataSource" ref="dataSource"/>
23 |             </bean>
24 |         </constructor-arg>
25 |     </bean>
26 | </beans>
27 | 


--------------------------------------------------------------------------------
/spring-security-ldap/src/main/webapp/WEB-INF/spring/security.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <bean:beans xmlns:bean="http://www.springframework.org/schema/beans"
 3 |     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4 |     xmlns="http://www.springframework.org/schema/security"
 5 |     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
 6 |         http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
 7 | 
 8 |     <http pattern="/resources/**" security="none"/>
 9 |     <http auto-config="true" use-expressions="true">
10 |         <intercept-url pattern="/"
11 |                 access="permitAll"/>
12 |         <intercept-url pattern="/login/*"
13 |                 access="permitAll"/>
14 |         <intercept-url pattern="/signup/*"
15 |                 access="permitAll"/>
16 |         <intercept-url pattern="/logout"
17 |                 access="permitAll"/>
18 |         <intercept-url pattern="/errors/**"
19 |                 access="permitAll"/>
20 |         <intercept-url pattern="/events/"
21 |                 access="hasRole('ROLE_ADMIN')"/>
22 |         <intercept-url pattern="/admin/**"
23 |                 access="hasRole('ROLE_ADMIN') and fullyAuthenticated"/>
24 |         <intercept-url pattern="/**"
25 |                 access="hasRole('ROLE_USER')"/>
26 |         <access-denied-handler error-page="/errors/403"/>
27 |         <form-login login-page="/login/form"
28 |                 login-processing-url="/login"
29 |                 username-parameter="username"
30 |                 password-parameter="password"
31 |                 authentication-failure-url="/login/form?error"
32 |                 default-target-url="/default"/>
33 |         <remember-me key="jbcpCalendar"
34 |                 services-ref="remembermeServices"/>
35 |         <logout logout-url="/logout"
36 |                 logout-success-url="/login/form?logout"/>
37 |     </http>
38 |     <authentication-manager>
39 |         <authentication-provider>
40 |             <user-service id="userDetailsService">
41 |                 <user name="user1@example.com"
42 |                         password="user1"
43 |                         authorities="ROLE_USER"/>
44 |                 <user name="admin1@example.com"
45 |                         password="admin1"
46 |                         authorities="ROLE_USER,ROLE_ADMIN"/>
47 |             </user-service>
48 |         </authentication-provider>
49 |     </authentication-manager>
50 | </bean:beans>
51 | 


--------------------------------------------------------------------------------
/spring-security-ldap/src/main/webapp/WEB-INF/spring/services.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <beans xmlns="http://www.springframework.org/schema/beans"
 3 |     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4 |     xmlns:jdbc="http://www.springframework.org/schema/jdbc"
 5 |     xmlns:tx="http://www.springframework.org/schema/tx"
 6 |     xmlns:p="http://www.springframework.org/schema/p"
 7 |     xmlns:context="http://www.springframework.org/schema/context"
 8 |     xsi:schemaLocation="http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd
 9 |         http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
10 |         http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
11 |         http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd">
12 | 
13 |     <context:component-scan base-package="com.example.springsecurity">
14 |         <context:exclude-filter type="regex" expression="com.example.springsecurity.web.*"/>
15 |     </context:component-scan>
16 | 
17 |     <tx:annotation-driven />
18 | 
19 |     <jdbc:embedded-database id="dataSource" type="H2">
20 |         <jdbc:script location="classpath:/database/h2/calendar-schema.sql"/>
21 |         <jdbc:script location="classpath:/database/h2/calendar-data.sql"/>
22 |         <jdbc:script location="classpath:/database/h2/security-rememberme-schema.sql"/>
23 |     </jdbc:embedded-database>
24 | 
25 |     <bean id="transactionManager"
26 |           class="org.springframework.jdbc.datasource.DataSourceTransactionManager"
27 |           p:dataSource-ref="dataSource"/>
28 | 
29 |     <bean id="jdbcTemplate"
30 |           class="org.springframework.jdbc.core.JdbcTemplate"
31 |           p:dataSource-ref="dataSource"/>
32 | </beans>


--------------------------------------------------------------------------------
/spring-security-ldap/src/main/webapp/WEB-INF/views/errors/403.jsp:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="ISO-8859-1" ?>
2 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
3 |     pageEncoding="ISO-8859-1"%>
4 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
5 | 
6 | <c:set var="pageTitle" value="Access Denied" scope="request"/>
7 | <jsp:include page="../includes/header.jsp"/>
8 | <p>You are not allowed to access this page. Try logging in as admin1@example.com / admin1</p>
9 | <jsp:include page="../includes/footer.jsp"/>


--------------------------------------------------------------------------------
/spring-security-ldap/src/main/webapp/WEB-INF/views/events/create.jsp:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="ISO-8859-1" ?>
 2 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
 3 |     pageEncoding="ISO-8859-1"%>
 4 | <%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
 5 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 6 | 
 7 | <c:set var="pageTitle" value="Create Event" scope="request"/>
 8 | <jsp:include page="../includes/header.jsp"/>
 9 | <form:form action="./new" method="post" modelAttribute="createEventForm" cssClass="form-horizontal">
10 |     <form:errors path="*" element="div" cssClass="alert alert-error"/>
11 |     <fieldset>
12 |         <legend>Event Information</legend>
13 |         <div class="control-group">
14 |             <label class="control-label" for="attendeeEmail">Attendee Email</label>
15 |             <div class="controls">
16 |                 <form:input class="input-xlarge" path="attendeeEmail" id="attendeeEmail"/>
17 |             </div>
18 |         </div>
19 |         <div class="control-group">
20 |             <label class="control-label" for="when">Event Date/Time (yyyy-MM-dd HH:mm)</label>
21 |             <div class="controls">
22 |                 <form:input class="input-xlarge" path="when" id="when"/>
23 |             </div>
24 |         </div>
25 |         <div class="control-group">
26 |             <label class="control-label" for="summary">Summary</label>
27 |             <div class="controls">
28 |                 <form:input class="input-xlarge" path="summary" id="summary"/>
29 |             </div>
30 |         </div>
31 |         <div class="control-group">
32 |             <label class="control-label" for="description">Description</label>
33 |             <div class="controls">
34 |                 <form:textarea class="input-xlarge" path="description" id="description" rows="5" cols="25"/>
35 |             </div>
36 |         </div>
37 |         <div class="control-group">
38 |             <div class="controls">
39 |                 <input id="submit" type="submit" value="Create"/>
40 |                 <input id="auto" type="submit" name="auto" value="Auto Populate Form"/>
41 |             </div>
42 |         </div>
43 |     </fieldset>
44 | </form:form>
45 | <jsp:include page="../includes/footer.jsp"/>


--------------------------------------------------------------------------------
/spring-security-ldap/src/main/webapp/WEB-INF/views/events/list.jsp:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="ISO-8859-1" ?>
 2 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
 3 |     pageEncoding="ISO-8859-1"%>
 4 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 5 | <%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %>
 6 | 
 7 | <c:set var="pageTitle" value="All Events" scope="request"/>
 8 | <jsp:include page="../includes/header.jsp"/>
 9 | 
10 | <p>This shows all events for all users. Once security is applied it will only be viewable to administrators.</p>
11 | <c:url var="createUrl" value="/events/form"/>
12 | <div id="create" class="pull-right"><a href="${createUrl}">Create Event</a></div>
13 | <table class="table table-bordered table-striped table-condensed">
14 |     <thead>
15 |         <tr>
16 |             <th>Date/Time</th>
17 |             <th>Owner</th>
18 |             <th>Attendee</th>
19 |             <th>Summary</th>
20 |         </tr>
21 |     </thead>
22 |     <tbody>
23 |         <c:if test="${empty events}">
24 |             <tr>
25 |                 <td colspan="2" class="msg">No events.</td>
26 |             </tr>
27 |         </c:if>
28 |          <c:forEach items="${events}" var="event">
29 |             <tr>
30 |                 <fmt:formatDate value="${event.when.time}" type="both" pattern="yyyy-MM-dd HH:mm" var="when"/>
31 |                 <td><c:out value="${when}"/></td>
32 |                 <td><c:out value="${event.owner.name}" /></td>
33 |                 <td><c:out value="${event.attendee.name}" /></td>
34 |                 <c:url var="eventUrl" value="${event.id}"/>
35 |                 <td><a href="${eventUrl}"><c:out value="${event.summary}" /></a></td>
36 |             </tr>
37 |         </c:forEach>
38 |     </tbody>
39 | </table>
40 | <jsp:include page="../includes/footer.jsp"/>


--------------------------------------------------------------------------------
/spring-security-ldap/src/main/webapp/WEB-INF/views/events/my.jsp:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="ISO-8859-1" ?>
 2 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
 3 |     pageEncoding="ISO-8859-1"%>
 4 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 5 | <%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %>
 6 | 
 7 | <c:set var="pageTitle" value="My Events" scope="request"/>
 8 | <jsp:include page="../includes/header.jsp"/>
 9 | 
10 | <p id="description">
11 |     Below you can find the events for
12 |     <strong><c:out value="${currentUser.email}" /></strong>.
13 |     Once security is applied this will be the events for the currently logged in user.
14 | </p>
15 | <c:url var="createUrl" value="/events/form"/>
16 | <div id="create" class="pull-right"><a href="${createUrl}">Create Event</a></div>
17 | <table class="table table-bordered table-striped table-condensed">
18 |     <thead>
19 |         <tr>
20 |             <th>Date/Time</th>
21 |             <th>Owner</th>
22 |             <th>Attendee</th>
23 |             <th>Summary</th>
24 |         </tr>
25 |     </thead>
26 |     <tbody>
27 |         <c:if test="${empty events}">
28 |             <tr>
29 |                 <td colspan="2" class="msg">No events.</td>
30 |             </tr>
31 |         </c:if>
32 |          <c:forEach items="${events}" var="event">
33 |             <tr>
34 |                 <fmt:formatDate value="${event.when.time}" type="both" pattern="yyyy-MM-dd HH:mm" var="when"/>
35 |                 <td><c:out value="${when}"/></td>
36 |                 <td><c:out value="${event.owner.name}" /></td>
37 |                 <td><c:out value="${event.attendee.name}" /></td>
38 |                 <c:url var="eventUrl" value="${event.id}"/>
39 |                 <td><a href="${eventUrl}"><c:out value="${event.summary}" /></a></td>
40 |             </tr>
41 |         </c:forEach>
42 |     </tbody>
43 | </table>
44 | <jsp:include page="../includes/footer.jsp"/>


--------------------------------------------------------------------------------
/spring-security-ldap/src/main/webapp/WEB-INF/views/events/show.jsp:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="ISO-8859-1" ?>
 2 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
 3 |     pageEncoding="ISO-8859-1"%>
 4 | <%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
 5 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 6 | <%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %>
 7 | 
 8 | <c:set var="pageTitle" scope="request">
 9 |     <c:out value="Event - ${event.summary}"/>
10 | </c:set>
11 | 
12 | <jsp:include page="../includes/header.jsp"/>
13 | <dl>
14 |     <dt>Owner</dt>
15 |     <dd id="owner"><c:out value="${event.owner.lastName}, ${event.owner.firstName}"/></dd>
16 |     <dt>Attendee</dt>
17 |     <dd id="attendee"><c:out value="${event.attendee.lastName}, ${event.attendee.firstName}"/></dd>
18 |     <dt>When</dt>
19 |     <fmt:formatDate value="${event.when.time}" type="both" pattern="yyyy-MM-dd HH:mm" var="when"/>
20 |     <dd id="when"><c:out value="${when}"/></dd>
21 |     <dt>Message Details</dt>
22 |     <dd id="owner"><c:out value="${event.description}"/></dd>
23 | </dl>
24 | <jsp:include page="../includes/footer.jsp"/>


--------------------------------------------------------------------------------
/spring-security-ldap/src/main/webapp/WEB-INF/views/includes/footer.jsp:
--------------------------------------------------------------------------------
1 |         </div>
2 |     </body>
3 | </html>


--------------------------------------------------------------------------------
/spring-security-ldap/src/main/webapp/WEB-INF/views/index.jsp:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="ISO-8859-1" ?>
 2 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
 3 |     pageEncoding="ISO-8859-1"%>
 4 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 5 | 
 6 | <c:set var="pageTitle" value="Welcome to myCalendar!" scope="request"/>
 7 | <jsp:include page="./includes/header.jsp"/>
 8 | <p>Below you can find some highlights about myCalendar. Each sample will have a slightly different summary depending on what has been done.</p>
 9 | <h2>Chapter 6 - Remember Me</h2>
10 | <ul>
11 |  <li>This chapter discusses Spring Security's remember me feature. You may be interested in using a plugin like <a href="https://addons.mozilla.org/en-US/firefox/addon/firecookie/reviews/">Firecookie</a> for removing your JSESSIONID (to simulate closing the browser / session timing out).</li>
12 |     <li><a id="eventsLink" href="events/">All Events</a> - shows all events for all users, but only allows administrators to access the page.</li>
13 |     <li><a id="myEventsLink" href="events/my">My Events</a> - shows all events that the current user is owner or attendee.</li>
14 |     <li><a id="createEventLink" href="events/form">Create Event</a> - will allow creating a new Event with current user as the owner.</li>
15 |     <li><a id="logoutLink" href="logout">Logout</a> - allows the user to logout</li>
16 |     <li>
17 |         <a id="h2Link" href="admin/h2/">H2 Database Console</a> - Allows you to interact with the database using a web console. To use it:
18 |         <ul>
19 |             <li>Click the link above.</li>
20 |             <li>Ensure that Generic H2 (Embedded) is selected</li>
21 |             <li>Ensure that org.h2.Driver is the Driver Class</li>
22 |             <li>Enter <strong>jdbc:h2:mem:dataSource</strong> as the JDBC URL</li>
23 |             <li>Ensure that the username is sa</li>
24 |             <li>Ensure the password is left empty</li>
25 |             <li>Click Connect</li>
26 |         </ul>
27 |     </li>
28 | </ul>
29 | <jsp:include page="./includes/footer.jsp"/>
30 | 


--------------------------------------------------------------------------------
/spring-security-ldap/src/main/webapp/WEB-INF/views/login.jsp:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="ISO-8859-1" ?>
 2 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
 3 |     pageEncoding="ISO-8859-1"%>
 4 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 5 | 
 6 | <c:set var="pageTitle" value="Please Login" scope="request"/>
 7 | <jsp:include page="./includes/header.jsp"/>
 8 | 
 9 | <c:url value="/login" var="loginUrl"/>
10 | <form action="${loginUrl}" method="post">
11 |     <c:if test="${param.error != null}">
12 |         <div class="alert alert-error">
13 |             Failed to login.
14 |             <c:if test="${SPRING_SECURITY_LAST_EXCEPTION != null}">
15 |               Reason: <c:out value="${SPRING_SECURITY_LAST_EXCEPTION.message}" />
16 |             </c:if>
17 |         </div>
18 |     </c:if>
19 |     <c:if test="${param.logout != null}">
20 |         <div class="alert alert-success">
21 |             You have been logged out.
22 |         </div>
23 |     </c:if>
24 |     <p>
25 |         <label for="username">Username</label>
26 |         <input type="text" id="username" name="username"/>
27 |     </p>
28 |     <p>
29 |         <label for="password">Password</label>
30 |         <input type="password" id="password" name="password"/>
31 |     </p>
32 |     <p>
33 |         <label for="remember">Remember Me?</label>
34 |         <input type="checkbox" id="remember"
35 |                 name="rememberme"
36 |                 value="true"/>
37 |     </p>
38 |     <p>
39 |         <input id="submit" name="submit" type="submit" value="Login"/>
40 |     </p>
41 | </form>
42 | <jsp:include page="./includes/footer.jsp"/>


--------------------------------------------------------------------------------
/spring-security-ldap/src/main/webapp/WEB-INF/views/signup/form.jsp:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="ISO-8859-1" ?>
 2 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
 3 |     pageEncoding="ISO-8859-1"%>
 4 | <%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
 5 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 6 | 
 7 | <c:set var="pageTitle" value="Signup" scope="request"/>
 8 | <jsp:include page="../includes/header.jsp"/>
 9 | <form:form action="./new" method="post" modelAttribute="signupForm">
10 |     <form:errors path="*" element="div" cssClass="errors"/>
11 |     <fieldset>
12 |         <legend>User Information</legend>
13 |         <p>
14 |             <label for="firstName">First Name</label>
15 |             <form:input path="firstName" id="firstName"/>
16 |         </p>
17 |         <p>
18 |             <label for="lastName">Last Name</label>
19 |             <form:input path="lastName" id="lastName"/>
20 |         </p>
21 |         <p>
22 |             <label for="email">Email (Username)</label>
23 |             <form:input path="email" id="email"/>
24 |         </p>
25 |         <p>
26 |             <label for="password">Password</label>
27 |             <form:password path="password" id="password"/>
28 |         </p>
29 |         <p>
30 |             <input id="submit" type="submit" value="Create Account"/>
31 |         </p>
32 |     </fieldset>
33 | </form:form>
34 | <jsp:include page="../includes/footer.jsp"/>


--------------------------------------------------------------------------------
/spring-security-ldap/src/main/webapp/WEB-INF/web.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | 
 3 | <web-app id="calendar" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"
 4 |     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 5 |     xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
 6 |     <display-name>Calendar Web Application</display-name>
 7 |     <context-param>
 8 |         <param-name>contextConfigLocation</param-name>
 9 |         <param-value>
10 |             /WEB-INF/spring/services.xml
11 |             /WEB-INF/spring/i18n.xml
12 |             /WEB-INF/spring/security.xml
13 |             /WEB-INF/spring/cleaner.xml
14 |             /WEB-INF/spring/ipTokenRepository.xml
15 |         </param-value>
16 |     </context-param>
17 |     <listener>
18 |         <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
19 |     </listener>
20 |     <listener>
21 |         <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
22 |     </listener>
23 |     <filter>
24 |         <filter-name>springSecurityFilterChain</filter-name>
25 |         <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
26 |     </filter>
27 |     <filter-mapping>
28 |         <filter-name>springSecurityFilterChain</filter-name>
29 |         <url-pattern>/*</url-pattern>
30 |     </filter-mapping>
31 |     <servlet>
32 |         <servlet-name>h2</servlet-name>
33 |         <servlet-class>org.h2.server.web.WebServlet</servlet-class>
34 |     </servlet>
35 |     <servlet>
36 |         <servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
37 |         <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
38 |         <init-param>
39 |             <param-name>contextConfigLocation</param-name>
40 |             <param-value>
41 |                 /WEB-INF/mvc-config.xml
42 |             </param-value>
43 |         </init-param>
44 |         <load-on-startup>1</load-on-startup>
45 |     </servlet>
46 |     <servlet-mapping>
47 |         <servlet-name>h2</servlet-name>
48 |         <url-pattern>/admin/h2/*</url-pattern>
49 |     </servlet-mapping>
50 |     <servlet-mapping>
51 |         <servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
52 |         <url-pattern>/</url-pattern>
53 |     </servlet-mapping>
54 | </web-app>


--------------------------------------------------------------------------------
/spring-security-ldap/src/main/webapp/resources/css/main.css:
--------------------------------------------------------------------------------
  1 | * {
  2 |     margin: 0;
  3 |     padding: 0;
  4 | }
  5 | 
  6 | html, body {
  7 |     height: 100%;
  8 | }
  9 | body {
 10 |     background-color: #FFFFFF;
 11 | }
 12 | #header-container {
 13 |     color: #FFFFFF;
 14 |     background-color: #000000;
 15 | }
 16 | #header, .nav li {
 17 |     padding: .25em;
 18 |     padding-top: 2em;
 19 | }
 20 | .nav-account {
 21 |     float: right;
 22 | }
 23 | .nav {
 24 |     display: inline;
 25 | }
 26 | .inner {
 27 |     margin: 0 auto;
 28 |     width: 65%;
 29 |     padding: 1em;
 30 | }
 31 | .nav li:after {
 32 |     content: ' |';
 33 | }
 34 | .nav li:last-child:after {
 35 |     content: '';
 36 | }
 37 | 
 38 | .nav li {
 39 |     display: inline;
 40 |     list-style-type: none;
 41 | }
 42 | .nav a, th {
 43 |     color: #FFFFFF;
 44 | }
 45 | a:hover {
 46 |     text-decoration: none;
 47 | }
 48 | 
 49 | #title {
 50 |     margin: .25em 0;
 51 | }
 52 | 
 53 | #create {
 54 |     margin-top: 1em;
 55 |     float: right;
 56 | }
 57 | table {
 58 |     width: 100%;
 59 | }
 60 | 
 61 | tr:nth-child(even) {
 62 |     background-color: #EEEEEE;
 63 | }
 64 | 
 65 | th {
 66 |     background-color: #f79232;
 67 | }
 68 | td {
 69 |     padding: .25em;
 70 | }
 71 | #content li {
 72 |     margin: 1em;
 73 | }
 74 | legend {
 75 |     display: none;
 76 | }
 77 | fieldset {
 78 |     border-width: 0;
 79 | }
 80 | 
 81 | label {
 82 |     display: block;
 83 |     margin: .5em .5em .5em 0;
 84 |     font-weight: bold;
 85 | }
 86 | label[for=remember] {
 87 |     display: inline-block;
 88 | }
 89 | textarea {
 90 |     width: 95%;
 91 |     height: 10em;
 92 | }
 93 | input {
 94 |     padding: .15em;
 95 | }
 96 | input[type=text] {
 97 |     width: 25em;
 98 | }
 99 | #submit {
100 |     margin-top: 1em;
101 | }
102 | 
103 | .errors {
104 |     color: red;
105 | }
106 | .success {
107 |     color: green;
108 |     font-weight: bold;
109 |     font-size: 1.5em;
110 | }


--------------------------------------------------------------------------------
/spring-security-ldap/src/main/webapp/resources/img/springsource.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/skprasadu/spring-security-examples/dadd0da3a5c41dc600a72b800a0cf4fffc1fc18f/spring-security-ldap/src/main/webapp/resources/img/springsource.png


--------------------------------------------------------------------------------
/spring-security-ldap/src/main/webapp/resources/img/ssbooklogo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/skprasadu/spring-security-examples/dadd0da3a5c41dc600a72b800a0cf4fffc1fc18f/spring-security-ldap/src/main/webapp/resources/img/ssbooklogo.png


--------------------------------------------------------------------------------
/spring-security-ldap/src/test/java/com/example/springsecurity/web/controllers/Video4LdapProviderControllerTest.java:
--------------------------------------------------------------------------------
 1 | package com.example.springsecurity.web.controllers;
 2 | 
 3 | import org.junit.runner.RunWith;
 4 | import org.springframework.test.context.ContextConfiguration;
 5 | import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 6 | 
 7 | import com.example.springsecurity.web.controllers.util.LdapSecurityControllerTest;
 8 | import com.example.springsecurity.web.controllers.util.WebContextLoader;
 9 | 
10 | @RunWith(SpringJUnit4ClassRunner.class)
11 | @ContextConfiguration(loader = WebContextLoader.class, value = { "classpath:/META-INF/spring/video4-ldap-provider-config/services.xml",
12 | 		"classpath:/META-INF/spring/video4-ldap-provider-config/security.xml",
13 | 		"classpath:/META-INF/spring/video4-ldap-provider-config/mvc-config.xml",
14 | 		"classpath:/META-INF/spring/video4-ldap-provider-config/security-ldap-explicitly.xml" })
15 | public class Video4LdapProviderControllerTest extends LdapSecurityControllerTest {
16 | }
17 | 


--------------------------------------------------------------------------------
/spring-security-ldap/src/test/java/com/example/springsecurity/web/controllers/util/WebContextLoader.java:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Copyright 2011 the original author or authors.
 3 |  *
 4 |  * Licensed under the Apache License, Version 2.0 (the "License");
 5 |  * you may not use this file except in compliance with the License.
 6 |  * You may obtain a copy of the License at
 7 |  *
 8 |  *      http://www.apache.org/licenses/LICENSE-2.0
 9 |  *
10 |  * Unless required by applicable law or agreed to in writing, software
11 |  * distributed under the License is distributed on an "AS IS" BASIS,
12 |  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 |  * See the License for the specific language governing permissions and
14 |  * limitations under the License.
15 |  */
16 | package com.example.springsecurity.web.controllers.util;
17 | 
18 | 
19 | public class WebContextLoader extends GenericWebContextLoader {
20 | 
21 | 	public WebContextLoader() {
22 | 		super("src/main/webapp", false);
23 | 	}
24 | 
25 | }
26 | 


--------------------------------------------------------------------------------
/spring-security-ldap/src/test/resources/META-INF/spring/video4-ldap-provider-config/database/h2/calendar-data.sql:
--------------------------------------------------------------------------------
1 | insert into calendar_users(id,email,password,first_name,last_name) values (0,'user1@example.com','user1','User','1');
2 | insert into calendar_users(id,email,password,first_name,last_name) values (1,'admin1@example.com','admin1','Admin','1');
3 | insert into calendar_users(id,email,password,first_name,last_name) values (2,'user2@example.com','user2','User','2');
4 | 
5 | insert into events (id,when,summary,description,owner,attendee) values (100,'2013-10-04 20:30:00','Birthday Party','This is going to be a great birthday',0,1);
6 | insert into events (id,when,summary,description,owner,attendee) values (101,'2013-12-23 13:00:00','Conference Call','Call with the client',2,0);
7 | insert into events (id,when,summary,description,owner,attendee) values (102,'2014-01-23 11:30:00','Lunch','Eating lunch together',1,2);


--------------------------------------------------------------------------------
/spring-security-ldap/src/test/resources/META-INF/spring/video4-ldap-provider-config/database/h2/calendar-schema.sql:
--------------------------------------------------------------------------------
 1 | create table calendar_users (
 2 |     id bigint identity,
 3 |     email varchar(256) not null unique,
 4 |     password varchar(256) not null,
 5 |     first_name varchar(256) not null,
 6 |     last_name varchar(256) not null
 7 | );
 8 | 
 9 | create table events (
10 |     id bigint identity,
11 |     when timestamp not null,
12 |     summary varchar(256) not null,
13 |     description varchar(500) not null,
14 |     owner bigint not null,
15 |     attendee bigint not null,
16 |     FOREIGN KEY(owner) REFERENCES calendar_users(id),
17 |     FOREIGN KEY(attendee) REFERENCES calendar_users(id)
18 | );


--------------------------------------------------------------------------------
/spring-security-ldap/src/test/resources/META-INF/spring/video4-ldap-provider-config/mvc-config.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <beans xmlns="http://www.springframework.org/schema/beans"
 3 | 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4 | 	xmlns:context="http://www.springframework.org/schema/context"
 5 | 	xmlns:mvc="http://www.springframework.org/schema/mvc"
 6 | 	xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
 7 | 		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
 8 | 		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
 9 | 
10 |     <!-- Load com.example.springsecurity.web.config.WebMvcConfig -->
11 |     <context:component-scan base-package="com.example.springsecurity.web"/>
12 | 
13 | 	<mvc:resources mapping="/resources/**" location="/resources/" /> 
14 | 	<mvc:view-controller path="/login/form" view-name="/login"/>    
15 | </beans>


--------------------------------------------------------------------------------
/spring-security-ldap/src/test/resources/META-INF/spring/video4-ldap-provider-config/security-ldap-explicitly.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <beans xmlns="http://www.springframework.org/schema/beans"
 3 | 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4 | 	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
 5 | 
 6 |     <bean id="ldapAuthenticationProvider"
 7 |             class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
 8 |         <constructor-arg ref="ldapBindAuthenticator"/>
 9 |         <constructor-arg ref="ldapAuthoritiesPopulator"/>
10 |         <property name="userDetailsContextMapper" ref="userDetailsContextMapper" />
11 |     </bean>
12 | 
13 |     <bean id="ldapBindAuthenticator"
14 |             class="org.springframework.security.ldap.authentication.BindAuthenticator">
15 |         <constructor-arg ref="ldapServer"/>
16 |         <property name="userSearch" ref="ldapSearch"/>
17 |     </bean>
18 | 
19 |     <bean id="ldapSearch"
20 |             class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
21 |         <constructor-arg value="ou=users"/> <!-- use-search-base -->
22 |         <constructor-arg value="(uid={0})"/> <!-- user-search-filter -->
23 |         <constructor-arg ref="ldapServer"/>
24 |     </bean>
25 | 
26 |     <bean id="ldapAuthoritiesPopulator"
27 |             class="com.example.springsecurity.ldap.userdetails.ad.ActiveDirectoryLdapAuthoritiesPopulator"/>
28 |             
29 |     <bean id="userDetailsContextMapper"
30 |         class="org.springframework.security.ldap.userdetails.LdapUserDetailsMapper" />
31 | </beans>
32 | 


--------------------------------------------------------------------------------
/spring-security-ldap/src/test/resources/META-INF/spring/video4-ldap-provider-config/security.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <bean:beans xmlns:bean="http://www.springframework.org/schema/beans"
 3 | 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.springframework.org/schema/security"
 4 | 	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
 5 |         http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
 6 | 
 7 | 	<http pattern="/resources/**" security="none" />
 8 | 	<http auto-config="true" use-expressions="true">
 9 | 		<intercept-url pattern="/" access="permitAll" />
10 | 		<intercept-url pattern="/login/*" access="permitAll" />
11 | 		<intercept-url pattern="/logout" access="permitAll" />
12 | 		<intercept-url pattern="/errors/**" access="permitAll" />
13 | 		<intercept-url pattern="/events/" access="hasRole('Admin')" />
14 | 		<intercept-url pattern="/admin/**" access="hasRole('Admin')" />
15 | 		<intercept-url pattern="/**" access="hasRole('User')" />
16 | 		<access-denied-handler error-page="/errors/403" />
17 | 		<form-login login-page="/login/form" login-processing-url="/login"
18 | 			username-parameter="username" password-parameter="password"
19 | 			authentication-failure-url="/login/form?error" default-target-url="/default" />
20 | 		<logout logout-url="/logout" logout-success-url="/login/form?logout" />
21 | 	</http>
22 | 	
23 | 	<authentication-manager>
24 | 		<ldap-authentication-provider
25 | 			user-search-filter="(uid={0})" user-search-base="ou=users"
26 | 			group-search-filter="(uniqueMember={0})" group-search-base="ou=groups"
27 | 			group-role-attribute="cn" role-prefix="ROLE_">
28 | 		</ldap-authentication-provider>
29 | 	</authentication-manager>
30 | 
31 | 	<ldap-server id="ldapServer" ldif="classpath:ldif/calendar.ldif" root="dc=jbcpcalendar,dc=com" />
32 | </bean:beans>
33 | 


--------------------------------------------------------------------------------
/spring-security-ldap/src/test/resources/META-INF/spring/video4-ldap-provider-config/services.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <beans xmlns="http://www.springframework.org/schema/beans"
 3 |     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4 |     xmlns:jdbc="http://www.springframework.org/schema/jdbc"
 5 |     xmlns:tx="http://www.springframework.org/schema/tx"
 6 |     xmlns:p="http://www.springframework.org/schema/p"
 7 |     xmlns:context="http://www.springframework.org/schema/context"
 8 |     xsi:schemaLocation="http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd
 9 |         http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
10 |         http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
11 |         http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd">
12 | 
13 |     <context:component-scan base-package="com.example.springsecurity">
14 |         <context:exclude-filter type="regex" expression="com.example.springsecurity.web.*"/>
15 |     </context:component-scan>
16 | 
17 |     <tx:annotation-driven />
18 | 
19 |     <jdbc:embedded-database id="dataSource" type="H2">
20 |         <jdbc:script location="classpath:/META-INF/spring/video4-ldap-provider-config/database/h2/calendar-schema.sql"/>
21 |         <jdbc:script location="classpath:/META-INF/spring/video4-ldap-provider-config/database/h2/calendar-data.sql"/>
22 |     </jdbc:embedded-database>
23 | 
24 |     <bean id="transactionManager"
25 |           class="org.springframework.jdbc.datasource.DataSourceTransactionManager"
26 |           p:dataSource-ref="dataSource"/>
27 | 
28 |     <bean id="jdbcTemplate"
29 |           class="org.springframework.jdbc.core.JdbcTemplate"
30 |           p:dataSource-ref="dataSource"/>
31 | </beans>


--------------------------------------------------------------------------------
/spring-security-methodlevel-security/README.md:
--------------------------------------------------------------------------------
1 | Spring Security
2 | ===============
3 | 
4 | To get up quickly, download the code and run the below commands,
5 | 
6 |     mvn test -Dtest=com.example.springsecurity.web.controllers.SecurityControllerTest
7 | 
8 | And debug the code.


--------------------------------------------------------------------------------
/spring-security-methodlevel-security/src/main/java/com/example/springsecurity/core/authority/CalendarUserAuthorityUtils.java:
--------------------------------------------------------------------------------
 1 | package com.example.springsecurity.core.authority;
 2 | 
 3 | import java.util.Collection;
 4 | import java.util.List;
 5 | 
 6 | import org.springframework.security.core.GrantedAuthority;
 7 | import org.springframework.security.core.authority.AuthorityUtils;
 8 | 
 9 | import com.example.springsecurity.domain.CalendarUser;
10 | 
11 | /**
12 |  * A utility class used for creating the {@link GrantedAuthority}'s given a {@link CalendarUser}. In a real solution
13 |  * this would be looked up in the existing system, but for simplicity our original system had no notion of authorities.
14 |  *
15 |  * 
16 |  *
17 |  */
18 | public final class CalendarUserAuthorityUtils {
19 |     private static final List<GrantedAuthority> ADMIN_ROLES = AuthorityUtils.createAuthorityList("ROLE_ADMIN",
20 |             "ROLE_USER");
21 |     private static final List<GrantedAuthority> USER_ROLES = AuthorityUtils.createAuthorityList("ROLE_USER");
22 | 
23 |     public static Collection<? extends GrantedAuthority> createAuthorities(CalendarUser calendarUser) {
24 |         String username = calendarUser.getEmail();
25 |         if (username.startsWith("admin")) {
26 |             return ADMIN_ROLES;
27 |         }
28 |         return USER_ROLES;
29 |     }
30 | 
31 |     private CalendarUserAuthorityUtils() {
32 |     }
33 | }
34 | 


--------------------------------------------------------------------------------
/spring-security-methodlevel-security/src/main/java/com/example/springsecurity/dataaccess/CalendarUserDao.java:
--------------------------------------------------------------------------------
 1 | package com.example.springsecurity.dataaccess;
 2 | 
 3 | import java.util.List;
 4 | 
 5 | import org.springframework.dao.EmptyResultDataAccessException;
 6 | 
 7 | import com.example.springsecurity.domain.CalendarUser;
 8 | 
 9 | /**
10 |  * An interface for managing {@link CalendarUser} instances.
11 |  *
12 |  * 
13 |  *
14 |  */
15 | public interface CalendarUserDao {
16 | 
17 |     /**
18 |      * Gets a {@link CalendarUser} for a specific {@link CalendarUser#getId()}.
19 |      *
20 |      * @param id
21 |      *            the {@link CalendarUser#getId()} of the {@link CalendarUser} to find.
22 |      * @return a {@link CalendarUser} for the given id. Cannot be null.
23 |      * @throws EmptyResultDataAccessException
24 |      *             if the {@link CalendarUser} cannot be found
25 |      */
26 |     CalendarUser getUser(int id);
27 | 
28 |     /**
29 |      * Finds a given {@link CalendarUser} by email address.
30 |      *
31 |      * @param email
32 |      *            the email address to use to find a {@link CalendarUser}. Cannot be null.
33 |      * @return a {@link CalendarUser} for the given email or null if one could not be found.
34 |      * @throws IllegalArgumentException
35 |      *             if email is null.
36 |      */
37 |     CalendarUser findUserByEmail(String email);
38 | 
39 | 
40 |     /**
41 |      * Finds any {@link CalendarUser} that has an email that starts with {@code partialEmail}.
42 |      *
43 |      * @param partialEmail
44 |      *            the email address to use to find {@link CalendarUser}s. Cannot be null or empty String.
45 |      * @return a List of {@link CalendarUser}s that have an email that starts with given partialEmail. The returned value
46 |      *         will never be null. If no results are found an empty List will be returned.
47 |      * @throws IllegalArgumentException
48 |      *             if email is null or empty String.
49 |      */
50 |     List<CalendarUser> findUsersByEmail(String partialEmail);
51 | 
52 |     /**
53 |      * Creates a new {@link CalendarUser}.
54 |      *
55 |      * @param user
56 |      *            the new {@link CalendarUser} to create. The {@link CalendarUser#getId()} must be null.
57 |      * @return the new {@link CalendarUser#getId()}.
58 |      * @throws IllegalArgumentException
59 |      *             if {@link CalendarUser#getId()} is non-null.
60 |      */
61 |     int createUser(CalendarUser user);
62 | }
63 | 


--------------------------------------------------------------------------------
/spring-security-methodlevel-security/src/main/java/com/example/springsecurity/dataaccess/EventDao.java:
--------------------------------------------------------------------------------
 1 | package com.example.springsecurity.dataaccess;
 2 | 
 3 | import java.util.List;
 4 | 
 5 | import com.example.springsecurity.domain.Event;
 6 | import com.example.springsecurity.domain.CalendarUser;
 7 | 
 8 | /**
 9 |  * An interface for managing {@link Event}'s.
10 |  *
11 |  * 
12 |  *
13 |  */
14 | public interface EventDao {
15 | 
16 |     /**
17 |      * Given an id gets an {@link Event}.
18 |      *
19 |      * @param eventId
20 |      *            the {@link Event#getId()}
21 |      * @return the {@link Event}. Cannot be null.
22 |      * @throws RuntimeException
23 |      *             if the {@link Event} cannot be found.
24 |      */
25 |     Event getEvent(int eventId);
26 | 
27 |     /**
28 |      * Creates a {@link Event} and returns the new id for that {@link Event}.
29 |      *
30 |      * @param message
31 |      *            the {@link Event} to create. Note that the {@link Event#getId()} should be null.
32 |      * @return the new id for the {@link Event}
33 |      * @throws RuntimeException
34 |      *             if {@link Event#getId()} is non-null.
35 |      */
36 |     int createEvent(Event event);
37 | 
38 |     /**
39 |      * Finds the {@link Event}'s that are intended for the {@link CalendarUser}.
40 |      *
41 |      * @param userId
42 |      *            the {@link CalendarUser#getId()} to obtain {@link Event}'s for.
43 |      * @return a non-null {@link List} of {@link Event}'s intended for the specified {@link CalendarUser}. If the
44 |      *         {@link CalendarUser} does not exist an empty List will be returned.
45 |      */
46 |     List<Event> findForUser(int userId);
47 | 
48 |     /**
49 |      * Gets all the available {@link Event}'s.
50 |      *
51 |      * @return a non-null {@link List} of {@link Event}'s
52 |      */
53 |     List<Event> getEvents();
54 | }
55 | 


--------------------------------------------------------------------------------
/spring-security-methodlevel-security/src/main/java/com/example/springsecurity/service/DefaultCalendarService.java:
--------------------------------------------------------------------------------
 1 | package com.example.springsecurity.service;
 2 | 
 3 | import java.util.List;
 4 | 
 5 | import org.springframework.beans.factory.annotation.Autowired;
 6 | 
 7 | import com.example.springsecurity.dataaccess.CalendarUserDao;
 8 | import com.example.springsecurity.dataaccess.EventDao;
 9 | import com.example.springsecurity.domain.CalendarUser;
10 | import com.example.springsecurity.domain.Event;
11 | 
12 | /**
13 |  * A default implementation of {@link CalendarService} that delegates to {@link EventDao} and {@link CalendarUserDao}.
14 |  *
15 |  * 
16 |  *
17 |  */
18 | public class DefaultCalendarService implements CalendarService {
19 |     private final EventDao eventDao;
20 |     private final CalendarUserDao userDao;
21 | 
22 |     @Autowired
23 |     public DefaultCalendarService(EventDao eventDao, CalendarUserDao userDao) {
24 |         if (eventDao == null) {
25 |             throw new IllegalArgumentException("eventDao cannot be null");
26 |         }
27 |         if (userDao == null) {
28 |             throw new IllegalArgumentException("userDao cannot be null");
29 |         }
30 |         this.eventDao = eventDao;
31 |         this.userDao = userDao;
32 |     }
33 | 
34 |     public Event getEvent(int eventId) {
35 |         return eventDao.getEvent(eventId);
36 |     }
37 | 
38 |     public int createEvent(Event event) {
39 |         return eventDao.createEvent(event);
40 |     }
41 | 
42 |     public List<Event> findForUser(int userId) {
43 |         return eventDao.findForUser(userId);
44 |     }
45 | 
46 |     public List<Event> getEvents() {
47 |         return eventDao.getEvents();
48 |     }
49 | 
50 |     public CalendarUser getUser(int id) {
51 |         return userDao.getUser(id);
52 |     }
53 | 
54 |     public CalendarUser findUserByEmail(String email) {
55 |         return userDao.findUserByEmail(email);
56 |     }
57 | 
58 |     public List<CalendarUser> findUsersByEmail(String partialEmail) {
59 |         return userDao.findUsersByEmail(partialEmail);
60 |     }
61 | 
62 |     public int createUser(CalendarUser user) {
63 |         return userDao.createUser(user);
64 |     }
65 | }


--------------------------------------------------------------------------------
/spring-security-methodlevel-security/src/main/java/com/example/springsecurity/service/SpringSecurityUserContext.java:
--------------------------------------------------------------------------------
 1 | package com.example.springsecurity.service;
 2 | 
 3 | import java.util.Collection;
 4 | 
 5 | import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 6 | import org.springframework.security.core.Authentication;
 7 | import org.springframework.security.core.GrantedAuthority;
 8 | import org.springframework.security.core.context.SecurityContext;
 9 | import org.springframework.security.core.context.SecurityContextHolder;
10 | import org.springframework.stereotype.Component;
11 | 
12 | import com.example.springsecurity.core.authority.CalendarUserAuthorityUtils;
13 | import com.example.springsecurity.domain.CalendarUser;
14 | 
15 | /**
16 |  * An implementation of {@link UserContext} that looks up the {@link CalendarUser} using the Spring Security's
17 |  * {@link Authentication} by principal name.
18 |  *
19 |  * 
20 |  *
21 |  */
22 | @Component
23 | public class SpringSecurityUserContext implements UserContext {
24 |     /**
25 |      * Get the {@link CalendarUser} by casting the {@link Authentication}'s principal to a {@link CalendarUser}.
26 |      */
27 |     @Override
28 |     public CalendarUser getCurrentUser() {
29 |         SecurityContext context = SecurityContextHolder.getContext();
30 |         Authentication authentication = context.getAuthentication();
31 |         if (authentication == null) {
32 |             return null;
33 |         }
34 |         return (CalendarUser) authentication.getPrincipal();
35 |     }
36 | 
37 |     /**
38 |      * Sets the {@link CalendarUser} as the current {@link Authentication}'s principal. It uses
39 |      */
40 |     @Override
41 |     public void setCurrentUser(CalendarUser user) {
42 |         if (user == null) {
43 |             throw new IllegalArgumentException("user cannot be null");
44 |         }
45 |         Collection<? extends GrantedAuthority> authorities = CalendarUserAuthorityUtils.createAuthorities(user);
46 |         UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(user,
47 |                 user.getPassword(),authorities);
48 |         SecurityContextHolder.getContext().setAuthentication(authentication);
49 |     }
50 | }
51 | 


--------------------------------------------------------------------------------
/spring-security-methodlevel-security/src/main/java/com/example/springsecurity/service/UserContext.java:
--------------------------------------------------------------------------------
 1 | package com.example.springsecurity.service;
 2 | 
 3 | import com.example.springsecurity.domain.CalendarUser;
 4 | 
 5 | /**
 6 |  * Manages the current {@link CalendarUser}. This demonstrates how in larger applications it is good to abstract out
 7 |  * accessing the current user to return the application specific user rather than interacting with Spring Security
 8 |  * classes directly.
 9 |  *
10 |  * 
11 |  *
12 |  */
13 | public interface UserContext {
14 | 
15 |     /**
16 |      * Gets the currently logged in {@link CalendarUser} or null if there is no authenticated user.
17 |      *
18 |      * @return
19 |      */
20 |     CalendarUser getCurrentUser();
21 | 
22 |     /**
23 |      * Sets the currently logged in {@link CalendarUser}.
24 |      * @param user the logged in {@link CalendarUser}. Cannot be null.
25 |      * @throws IllegalArgumentException if the {@link CalendarUser} is null.
26 |      */
27 |     void setCurrentUser(CalendarUser user);
28 | }
29 | 


--------------------------------------------------------------------------------
/spring-security-methodlevel-security/src/main/java/com/example/springsecurity/service/UserContextStub.java:
--------------------------------------------------------------------------------
 1 | package com.example.springsecurity.service;
 2 | 
 3 | import org.springframework.beans.factory.annotation.Autowired;
 4 | import org.springframework.stereotype.Component;
 5 | 
 6 | import com.example.springsecurity.dataaccess.CalendarUserDao;
 7 | import com.example.springsecurity.domain.CalendarUser;
 8 | 
 9 | /**
10 |  * NOTE: This is no longer used. See {@link SpringSecurityUserContext}.
11 |  *
12 |  * Returns the same user for every call to {@link #getCurrentUser()}. This is used prior to adding security, so that the
13 |  * rest of the application can be used.
14 |  *
15 |  * 
16 |  * @see SpringSecurityUserContext
17 |  */
18 | //@Component
19 | public class UserContextStub implements UserContext {
20 |     private final CalendarUserDao userService;
21 |     /**
22 |      * The {@link CalendarUser#getId()} for the user that is representing the currently logged in user. This can be
23 |      * modified using {@link #setCurrentUser(CalendarUser)}
24 |      */
25 |     private int currentUserId = 0;
26 | 
27 |     @Autowired
28 |     public UserContextStub(CalendarUserDao userService) {
29 |         if (userService == null) {
30 |             throw new IllegalArgumentException("userService cannot be null");
31 |         }
32 |         this.userService = userService;
33 |     }
34 | 
35 |     @Override
36 |     public CalendarUser getCurrentUser() {
37 |         return userService.getUser(currentUserId);
38 |     }
39 | 
40 |     @Override
41 |     public void setCurrentUser(CalendarUser user) {
42 |         if (user == null) {
43 |             throw new IllegalArgumentException("user cannot be null");
44 |         }
45 |         Integer currentId = user.getId();
46 |         if(currentId == null) {
47 |             throw new IllegalArgumentException("user.getId() cannot be null");
48 |         }
49 |         this.currentUserId = currentId;
50 |     }
51 | }


--------------------------------------------------------------------------------
/spring-security-methodlevel-security/src/main/java/com/example/springsecurity/web/model/CreateEventForm.java:
--------------------------------------------------------------------------------
 1 | package com.example.springsecurity.web.model;
 2 | 
 3 | import java.util.Calendar;
 4 | 
 5 | import javax.validation.constraints.NotNull;
 6 | 
 7 | import org.hibernate.validator.constraints.Email;
 8 | import org.hibernate.validator.constraints.NotEmpty;
 9 | import org.springframework.format.annotation.DateTimeFormat;
10 | 
11 | import com.example.springsecurity.domain.Event;
12 | 
13 | /**
14 |  * A form object that is used for creating a new {@link Event}. Using a different object is one way of preventing
15 |  * malicious users from filling out field that they should not (i.e. fill out a different owner field).
16 |  *
17 |  * 
18 |  *
19 |  */
20 | public class CreateEventForm {
21 |     @NotEmpty(message = "Attendee Email is required")
22 |     @Email(message = "Attendee Email must be a valid email")
23 |     private String attendeeEmail;
24 |     @NotEmpty(message = "Summary is required")
25 |     private String summary;
26 |     @NotEmpty(message = "Description is required")
27 |     private String description;
28 |     @DateTimeFormat(pattern = "yyyy-MM-dd HH:mm")
29 |     @NotNull(message = "Event Date/Time is required")
30 |     private Calendar when;
31 | 
32 |     public String getAttendeeEmail() {
33 |         return attendeeEmail;
34 |     }
35 | 
36 |     public void setAttendeeEmail(String attendeeEmail) {
37 |         this.attendeeEmail = attendeeEmail;
38 |     }
39 | 
40 |     public String getSummary() {
41 |         return summary;
42 |     }
43 | 
44 |     public void setSummary(String summary) {
45 |         this.summary = summary;
46 |     }
47 | 
48 |     public String getDescription() {
49 |         return description;
50 |     }
51 | 
52 |     public void setDescription(String description) {
53 |         this.description = description;
54 |     }
55 | 
56 |     public Calendar getWhen() {
57 |         return when;
58 |     }
59 | 
60 |     public void setWhen(Calendar when) {
61 |         this.when = when;
62 |     }
63 | }


--------------------------------------------------------------------------------
/spring-security-methodlevel-security/src/main/java/com/example/springsecurity/web/model/SignupForm.java:
--------------------------------------------------------------------------------
 1 | package com.example.springsecurity.web.model;
 2 | 
 3 | import org.hibernate.validator.constraints.Email;
 4 | import org.hibernate.validator.constraints.NotEmpty;
 5 | 
 6 | 
 7 | public class SignupForm {
 8 |     @NotEmpty(message="First Name is required")
 9 |     private String firstName;
10 |     @NotEmpty(message="Last Name is required")
11 |     private String lastName;
12 |     @Email(message="Please provide a valid email address")
13 |     @NotEmpty(message="Email is required")
14 |     private String email;
15 |     @NotEmpty(message="Password is required")
16 |     private String password;
17 | 
18 |     /**
19 |      * Gets the email address for this user.
20 |      *
21 |      * @return
22 |      */
23 |     public String getEmail() {
24 |         return email;
25 |     }
26 | 
27 |     /**
28 |      * Gets the first name of the user.
29 |      *
30 |      * @return
31 |      */
32 |     public String getFirstName() {
33 |         return firstName;
34 |     }
35 | 
36 |     /**
37 |      * Gets the last name of the user.
38 |      *
39 |      * @return
40 |      */
41 |     public String getLastName() {
42 |         return lastName;
43 |     }
44 | 
45 |     /**
46 |      * Gets the password for this user.
47 |      *
48 |      * @return
49 |      */
50 |     public String getPassword() {
51 |         return password;
52 |     }
53 | 
54 |     public void setEmail(String email) {
55 |         this.email = email;
56 |     }
57 | 
58 |     public void setFirstName(String firstName) {
59 |         this.firstName = firstName;
60 |     }
61 |     public void setLastName(String lastName) {
62 |         this.lastName = lastName;
63 |     }
64 | 
65 |     public void setPassword(String password) {
66 |         this.password = password;
67 |     }
68 | }
69 | 


--------------------------------------------------------------------------------
/spring-security-methodlevel-security/src/main/resources/database/h2/calendar-data.sql:
--------------------------------------------------------------------------------
1 | insert into calendar_users(id,email,password,first_name,last_name) values (0,'user1@example.com','user1','User','1');
2 | insert into calendar_users(id,email,password,first_name,last_name) values (1,'admin1@example.com','admin1','Admin','1');
3 | insert into calendar_users(id,email,password,first_name,last_name) values (2,'user2@example.com','user2','User','2');
4 | 
5 | insert into events (id,when,summary,description,owner,attendee) values (100,'2013-10-04 20:30:00','Birthday Party','This is going to be a great birthday',0,1);
6 | insert into events (id,when,summary,description,owner,attendee) values (101,'2013-12-23 13:00:00','Conference Call','Call with the client',2,0);
7 | insert into events (id,when,summary,description,owner,attendee) values (102,'2014-01-23 11:30:00','Lunch','Eating lunch together',1,2);


--------------------------------------------------------------------------------
/spring-security-methodlevel-security/src/main/resources/database/h2/calendar-schema.sql:
--------------------------------------------------------------------------------
 1 | create table calendar_users (
 2 |     id bigint identity,
 3 |     email varchar(256) not null unique,
 4 |     password varchar(256) not null,
 5 |     first_name varchar(256) not null,
 6 |     last_name varchar(256) not null
 7 | );
 8 | 
 9 | create table events (
10 |     id bigint identity,
11 |     when timestamp not null,
12 |     summary varchar(256) not null,
13 |     description varchar(500) not null,
14 |     owner bigint not null,
15 |     attendee bigint not null,
16 |     FOREIGN KEY(owner) REFERENCES calendar_users(id),
17 |     FOREIGN KEY(attendee) REFERENCES calendar_users(id)
18 | );


--------------------------------------------------------------------------------
/spring-security-methodlevel-security/src/main/resources/log4j.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
 3 | 
 4 | <log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/" debug="false">
 5 |     <appender name="console" class="org.apache.log4j.ConsoleAppender">
 6 |         <param name="Target" value="System.out" />
 7 |         <layout class="org.apache.log4j.PatternLayout">
 8 |             <param name="ConversionPattern" value="%d [%t] %-5p %c - %m%n" />
 9 |         </layout>
10 |     </appender>
11 | 
12 |     <category name="org.springframework.security">
13 |         <priority value="DEBUG" />
14 |     </category>
15 | 
16 |     <root>
17 |         <priority value="WARN" />
18 |         <appender-ref ref="console" />
19 |     </root>
20 | </log4j:configuration>
21 | 


--------------------------------------------------------------------------------
/spring-security-methodlevel-security/src/main/webapp/WEB-INF/i18n/binding.properties:
--------------------------------------------------------------------------------
1 | typeMismatch.java.util.Date=Please enter a valid date in yyyy-MM-dd HH:mm format.
2 | typeMismatch.createEventForm.when=Please enter a valid date for Event Date/Time in yyyy-MM-dd HH:mm format.


--------------------------------------------------------------------------------
/spring-security-methodlevel-security/src/main/webapp/WEB-INF/mvc-config.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <beans xmlns="http://www.springframework.org/schema/beans"
 3 |     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4 |     xmlns:context="http://www.springframework.org/schema/context"
 5 |     xmlns:sec="http://www.springframework.org/schema/security"
 6 |     xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
 7 |     http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
 8 |     http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">
 9 | 
10 |     <!-- Load com.example.springsecurity.web.config.WebMvcConfig -->
11 |     <context:component-scan base-package="com.example.springsecurity.web"/>
12 | 
13 | </beans>


--------------------------------------------------------------------------------
/spring-security-methodlevel-security/src/main/webapp/WEB-INF/spring/i18n.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <beans xmlns="http://www.springframework.org/schema/beans"
 3 |     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4 |     xmlns:p="http://www.springframework.org/schema/p"
 5 |     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
 6 |         http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">
 7 | 
 8 |     <bean class="org.springframework.context.support.ReloadableResourceBundleMessageSource"
 9 |           id="messageSource"
10 |           p:basenames="WEB-INF/i18n/binding"
11 |           p:fallbackToSystemLocale="false"/>
12 | </beans>
13 | 


--------------------------------------------------------------------------------
/spring-security-methodlevel-security/src/main/webapp/WEB-INF/spring/security.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <bean:beans xmlns:bean="http://www.springframework.org/schema/beans"
 3 |     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4 |     xmlns="http://www.springframework.org/schema/security"
 5 |     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
 6 |         http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
 7 | 
 8 |     <global-method-security
 9 |         pre-post-annotations="enabled"/>
10 | 
11 |     <http pattern="/resources/**" security="none"/>
12 |     <http auto-config="true" use-expressions="true">
13 |         <intercept-url pattern="/"
14 |                 access="permitAll"/>
15 |         <intercept-url pattern="/login/*"
16 |                 access="permitAll"/>
17 |         <intercept-url pattern="/signup/*"
18 |                 access="permitAll"/>
19 |         <intercept-url pattern="/logout"
20 |                 access="permitAll"/>
21 |         <intercept-url pattern="/errors/**"
22 |                 access="permitAll"/>
23 |         <intercept-url pattern="/events/"
24 |                 access="hasRole('ROLE_ADMIN')"/>
25 |         <intercept-url pattern="/admin/**"
26 |                 access="hasRole('ROLE_ADMIN')"/>
27 |         <intercept-url pattern="/**"
28 |                 access="hasRole('ROLE_USER')"/>
29 |         <access-denied-handler error-page="/errors/403"/>
30 |         <form-login login-page="/login/form"
31 |                 login-processing-url="/login"
32 |                 username-parameter="username"
33 |                 password-parameter="password"
34 |                 authentication-failure-url="/login/form?error"
35 |                 default-target-url="/default"/>
36 |         <logout logout-url="/logout"
37 |                 logout-success-url="/login/form?logout"/>
38 |     </http>
39 |     <authentication-manager>
40 |         <authentication-provider ref="calendarUserAuthenticationProvider"/>
41 |     </authentication-manager>
42 | </bean:beans>
43 | 


--------------------------------------------------------------------------------
/spring-security-methodlevel-security/src/main/webapp/WEB-INF/views/errors/403.jsp:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="ISO-8859-1" ?>
2 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
3 |     pageEncoding="ISO-8859-1"%>
4 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
5 | 
6 | <c:set var="pageTitle" value="Access Denied" scope="request"/>
7 | <jsp:include page="../includes/header.jsp"/>
8 | <p>You are not allowed to access this page. Try logging in as admin1@example.com / admin1</p>
9 | <jsp:include page="../includes/footer.jsp"/>


--------------------------------------------------------------------------------
/spring-security-methodlevel-security/src/main/webapp/WEB-INF/views/events/create.jsp:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="ISO-8859-1" ?>
 2 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
 3 |     pageEncoding="ISO-8859-1"%>
 4 | <%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
 5 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 6 | 
 7 | <c:set var="pageTitle" value="Create Event" scope="request"/>
 8 | <jsp:include page="../includes/header.jsp"/>
 9 | <form:form action="./new" method="post" modelAttribute="createEventForm" cssClass="form-horizontal">
10 |     <form:errors path="*" element="div" cssClass="alert alert-error"/>
11 |     <fieldset>
12 |         <legend>Event Information</legend>
13 |         <div class="control-group">
14 |             <label class="control-label" for="attendeeEmail">Attendee Email</label>
15 |             <div class="controls">
16 |                 <form:input class="input-xlarge" path="attendeeEmail" id="attendeeEmail"/>
17 |             </div>
18 |         </div>
19 |         <div class="control-group">
20 |             <label class="control-label" for="when">Event Date/Time (yyyy-MM-dd HH:mm)</label>
21 |             <div class="controls">
22 |                 <form:input class="input-xlarge" path="when" id="when"/>
23 |             </div>
24 |         </div>
25 |         <div class="control-group">
26 |             <label class="control-label" for="summary">Summary</label>
27 |             <div class="controls">
28 |                 <form:input class="input-xlarge" path="summary" id="summary"/>
29 |             </div>
30 |         </div>
31 |         <div class="control-group">
32 |             <label class="control-label" for="description">Description</label>
33 |             <div class="controls">
34 |                 <form:textarea class="input-xlarge" path="description" id="description" rows="5" cols="25"/>
35 |             </div>
36 |         </div>
37 |         <div class="control-group">
38 |             <div class="controls">
39 |                 <input id="submit" type="submit" value="Create"/>
40 |                 <input id="auto" type="submit" name="auto" value="Auto Populate Form"/>
41 |             </div>
42 |         </div>
43 |     </fieldset>
44 | </form:form>
45 | <jsp:include page="../includes/footer.jsp"/>


--------------------------------------------------------------------------------
/spring-security-methodlevel-security/src/main/webapp/WEB-INF/views/events/list.jsp:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="ISO-8859-1" ?>
 2 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
 3 |     pageEncoding="ISO-8859-1"%>
 4 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 5 | <%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %>
 6 | 
 7 | <c:set var="pageTitle" value="All Events" scope="request"/>
 8 | <jsp:include page="../includes/header.jsp"/>
 9 | 
10 | <p>This shows all events for all users. Once security is applied it will only be viewable to administrators.</p>
11 | <c:url var="createUrl" value="/events/form"/>
12 | <div id="create" class="pull-right"><a href="${createUrl}">Create Event</a></div>
13 | <table class="table table-bordered table-striped table-condensed">
14 |     <thead>
15 |         <tr>
16 |             <th>Date/Time</th>
17 |             <th>Owner</th>
18 |             <th>Attendee</th>
19 |             <th>Summary</th>
20 |         </tr>
21 |     </thead>
22 |     <tbody>
23 |         <c:if test="${empty events}">
24 |             <tr>
25 |                 <td colspan="2" class="msg">No events.</td>
26 |             </tr>
27 |         </c:if>
28 |          <c:forEach items="${events}" var="event">
29 |             <tr>
30 |                 <fmt:formatDate value="${event.when.time}" type="both" pattern="yyyy-MM-dd HH:mm" var="when"/>
31 |                 <td><c:out value="${when}"/></td>
32 |                 <td><c:out value="${event.owner.name}" /></td>
33 |                 <td><c:out value="${event.attendee.name}" /></td>
34 |                 <c:url var="eventUrl" value="${event.id}"/>
35 |                 <td><a href="${eventUrl}"><c:out value="${event.summary}" /></a></td>
36 |             </tr>
37 |         </c:forEach>
38 |     </tbody>
39 | </table>
40 | <jsp:include page="../includes/footer.jsp"/>


--------------------------------------------------------------------------------
/spring-security-methodlevel-security/src/main/webapp/WEB-INF/views/events/my.jsp:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="ISO-8859-1" ?>
 2 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
 3 |     pageEncoding="ISO-8859-1"%>
 4 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 5 | <%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %>
 6 | 
 7 | <c:set var="pageTitle" value="My Events" scope="request"/>
 8 | <jsp:include page="../includes/header.jsp"/>
 9 | 
10 | <p id="description">
11 |     Below you can find the events for
12 |     <strong><c:out value="${currentUser.email}" /></strong>.
13 |     Notice it is updated depending on which user you are logged in as.
14 | </p>
15 | <c:url var="createUrl" value="/events/form"/>
16 | <div id="create" class="pull-right"><a href="${createUrl}">Create Event</a></div>
17 | <table class="table table-bordered table-striped table-condensed">
18 |     <thead>
19 |         <tr>
20 |             <th>Date/Time</th>
21 |             <th>Owner</th>
22 |             <th>Attendee</th>
23 |             <th>Summary</th>
24 |         </tr>
25 |     </thead>
26 |     <tbody>
27 |         <c:if test="${empty events}">
28 |             <tr>
29 |                 <td colspan="2" class="msg">No events.</td>
30 |             </tr>
31 |         </c:if>
32 |          <c:forEach items="${events}" var="event">
33 |             <tr>
34 |                 <fmt:formatDate value="${event.when.time}" type="both" pattern="yyyy-MM-dd HH:mm" var="when"/>
35 |                 <td><c:out value="${when}"/></td>
36 |                 <td><c:out value="${event.owner.name}" /></td>
37 |                 <td><c:out value="${event.attendee.name}" /></td>
38 |                 <c:url var="eventUrl" value="${event.id}"/>
39 |                 <td><a href="${eventUrl}"><c:out value="${event.summary}" /></a></td>
40 |             </tr>
41 |         </c:forEach>
42 |     </tbody>
43 | </table>
44 | <jsp:include page="../includes/footer.jsp"/>


--------------------------------------------------------------------------------
/spring-security-methodlevel-security/src/main/webapp/WEB-INF/views/events/show.jsp:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="ISO-8859-1" ?>
 2 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
 3 |     pageEncoding="ISO-8859-1"%>
 4 | <%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
 5 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 6 | <%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %>
 7 | 
 8 | <c:set var="pageTitle" scope="request">
 9 |     <c:out value="Event - ${event.summary}"/>
10 | </c:set>
11 | 
12 | <jsp:include page="../includes/header.jsp"/>
13 | <dl>
14 |     <dt>Owner</dt>
15 |     <dd id="owner"><c:out value="${event.owner.lastName}, ${event.owner.firstName}"/></dd>
16 |     <dt>Attendee</dt>
17 |     <dd id="attendee"><c:out value="${event.attendee.lastName}, ${event.attendee.firstName}"/></dd>
18 |     <dt>When</dt>
19 |     <fmt:formatDate value="${event.when.time}" type="both" pattern="yyyy-MM-dd HH:mm" var="when"/>
20 |     <dd id="when"><c:out value="${when}"/></dd>
21 |     <dt>Message Details</dt>
22 |     <dd id="owner"><c:out value="${event.description}"/></dd>
23 | </dl>
24 | <jsp:include page="../includes/footer.jsp"/>


--------------------------------------------------------------------------------
/spring-security-methodlevel-security/src/main/webapp/WEB-INF/views/includes/footer.jsp:
--------------------------------------------------------------------------------
1 |         </div>
2 |     </body>
3 | </html>


--------------------------------------------------------------------------------
/spring-security-methodlevel-security/src/main/webapp/WEB-INF/views/index.jsp:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="ISO-8859-1" ?>
 2 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
 3 |     pageEncoding="ISO-8859-1"%>
 4 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 5 | 
 6 | <c:set var="pageTitle" value="Welcome to myCalendar!" scope="request"/>
 7 | <jsp:include page="./includes/header.jsp"/>
 8 | <p>Below you can find some highlights about myCalendar. Each sample will have a slightly different summary depending on what has been done.</p>
 9 | <h2>Chapter 10</h2>
10 | <ul>
11 |     <li>This chapter demonstrates fine grained access control</li>
12 |     <li><a id="eventsLink" href="events/">All Events</a> - shows all events for all users, but only allows administrators to access the page.</li>
13 |     <li><a id="myEventsLink" href="events/my">My Events</a> - shows all events for the current user's events.</li>
14 |     <li><a id="myEventsUser0Link" href="events/my?userId=0">My Events (userId=0)</a> - shows all events that are associated to user1@example.com.</li>
15 |     <li><a id="myEventsUser1Link" href="events/my?userId=1">My Events (userId=1)</a> - shows all events that are associated to admin1@exmple.com.</li>
16 |     <li><a id="myEventsUser1Link" href="events/102">Lunch Event</a></li>
17 |     <c:if test="${showCreateLink}">
18 | 	    <li><a id="createEventLink" href="events/form">Create Event</a> - Allows creating an Event with the current user.</li>
19 |     </c:if>
20 |     <li><a id="logoutLink" href="j_spring_security_logout">Logout</a> - we haven't discussed it yet, but you can logout using j_spring_security_logout. Later in in this chapter we will discuss how to customize logout and provide a logout link.</li>
21 |     <c:if test="${showAdminLink}">
22 | 	    <li>
23 | 	        <a id="h2Link" href="admin/h2/">H2 Database Console</a> - Allows you to interact with the database using a web console. To use it:
24 | 	        <ul>
25 | 	            <li>Click the link above.</li>
26 | 	            <li>Ensure that Generic H2 (Embedded) is selected</li>
27 | 	            <li>Ensure that org.h2.Driver is the Driver Class</li>
28 | 	            <li>Enter <strong>jdbc:h2:mem:dataSource</strong> as the JDBC URL</li>
29 | 	            <li>Ensure that the username is sa</li>
30 | 	            <li>Ensure the password is left empty</li>
31 | 	            <li>Click Connect</li>
32 | 	        </ul>
33 | 	    </li>
34 |     </c:if>
35 | </ul>
36 | <jsp:include page="./includes/footer.jsp"/>


--------------------------------------------------------------------------------
/spring-security-methodlevel-security/src/main/webapp/WEB-INF/views/login.jsp:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="ISO-8859-1" ?>
 2 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
 3 |     pageEncoding="ISO-8859-1"%>
 4 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 5 | 
 6 | <c:set var="pageTitle" value="Please Login" scope="request"/>
 7 | <jsp:include page="./includes/header.jsp"/>
 8 | 
 9 | <c:url value="/login" var="loginUrl"/>
10 | <form action="${loginUrl}" method="post">
11 |     <c:if test="${param.error != null}">
12 |         <div class="alert alert-error">
13 |             Failed to login.
14 |             <c:if test="${SPRING_SECURITY_LAST_EXCEPTION != null}">
15 |               Reason: <c:out value="${SPRING_SECURITY_LAST_EXCEPTION.message}" />
16 |             </c:if>
17 |         </div>
18 |     </c:if>
19 |     <c:if test="${param.logout != null}">
20 |         <div class="alert alert-success">
21 |             You have been logged out.
22 |         </div>
23 |     </c:if>
24 |     <label for="username">Username</label>
25 |     <input type="text" id="username" name="username"/>
26 |     <label for="password">Password</label>
27 |     <input type="password" id="password" name="password"/>
28 |     <div class="form-actions">
29 |         <input id="submit" class="btn" name="submit" type="submit" value="Login"/>
30 |     </div>
31 | </form>
32 | <jsp:include page="./includes/footer.jsp"/>


--------------------------------------------------------------------------------
/spring-security-methodlevel-security/src/main/webapp/WEB-INF/views/signup/form.jsp:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="ISO-8859-1" ?>
 2 | <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
 3 |     pageEncoding="ISO-8859-1"%>
 4 | <%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
 5 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 6 | 
 7 | <c:set var="pageTitle" value="Signup" scope="request"/>
 8 | <jsp:include page="../includes/header.jsp"/>
 9 | <form:form action="./new" method="post" modelAttribute="signupForm">
10 |     <form:errors path="*" element="div" cssClass="alert alert-error"/>
11 |     <fieldset>
12 |         <legend>User Information</legend>
13 |         <label for="firstName">First Name</label>
14 |         <form:input path="firstName" id="firstName"/>
15 |         <label for="lastName">Last Name</label>
16 |         <form:input path="lastName" id="lastName"/>
17 |         <label for="email">Email (Username)</label>
18 |         <form:input path="email" id="email"/>
19 |         <label for="password">Password</label>
20 |         <form:password path="password" id="password"/>
21 |         <div>
22 |             <input id="submit" type="submit" value="Create Account"/>
23 |         </div>
24 |     </fieldset>
25 | </form:form>
26 | <jsp:include page="../includes/footer.jsp"/>


--------------------------------------------------------------------------------
/spring-security-methodlevel-security/src/main/webapp/WEB-INF/web.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | 
 3 | <web-app id="calendar" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"
 4 |     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 5 |     xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
 6 |     <display-name>Calendar Web Application</display-name>
 7 |     <context-param>
 8 |         <param-name>contextConfigLocation</param-name>
 9 |         <param-value>
10 |             /WEB-INF/spring/services.xml
11 |             /WEB-INF/spring/i18n.xml
12 |             /WEB-INF/spring/security.xml
13 |         </param-value>
14 |     </context-param>
15 |     <listener>
16 |         <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
17 |     </listener>
18 |     <filter>
19 |         <filter-name>springSecurityFilterChain</filter-name>
20 |         <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
21 |     </filter>
22 |     <filter-mapping>
23 |         <filter-name>springSecurityFilterChain</filter-name>
24 |         <url-pattern>/*</url-pattern>
25 |     </filter-mapping>
26 |     <servlet>
27 |         <servlet-name>h2</servlet-name>
28 |         <servlet-class>org.h2.server.web.WebServlet</servlet-class>
29 |     </servlet>
30 |     <servlet>
31 |         <servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
32 |         <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
33 |         <init-param>
34 |             <param-name>contextConfigLocation</param-name>
35 |             <param-value>
36 |                 /WEB-INF/mvc-config.xml
37 |             </param-value>
38 |         </init-param>
39 |         <load-on-startup>1</load-on-startup>
40 |     </servlet>
41 |     <servlet-mapping>
42 |         <servlet-name>h2</servlet-name>
43 |         <url-pattern>/admin/h2/*</url-pattern>
44 |     </servlet-mapping>
45 |     <servlet-mapping>
46 |         <servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
47 |         <url-pattern>/</url-pattern>
48 |     </servlet-mapping>
49 | </web-app>


--------------------------------------------------------------------------------
/spring-security-methodlevel-security/src/test/java/com/example/springsecurity/web/controllers/SecurityControllerTest.java:
--------------------------------------------------------------------------------
 1 | package com.example.springsecurity.web.controllers;
 2 | 
 3 | import org.junit.Test;
 4 | import org.junit.runner.RunWith;
 5 | import org.springframework.beans.factory.annotation.Autowired;
 6 | import org.springframework.security.access.AccessDeniedException;
 7 | import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
 8 | import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 9 | import org.springframework.security.core.Authentication;
10 | import org.springframework.security.core.context.SecurityContext;
11 | import org.springframework.security.core.context.SecurityContextHolder;
12 | import org.springframework.test.context.ContextConfiguration;
13 | import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
14 | 
15 | import com.example.springsecurity.service.CalendarService;
16 | 
17 | @RunWith(SpringJUnit4ClassRunner.class)
18 | @ContextConfiguration(loader = WebContextLoader.class, value = { "classpath:/META-INF/spring/services.xml",
19 | 		"classpath:/META-INF/spring/security.xml",
20 | 		"classpath:/META-INF/spring/mvc-config.xml" })
21 | public class SecurityControllerTest {
22 | 	
23 | 	@Autowired
24 | 	CalendarService calendarService;
25 | 
26 | 	@Test
27 | 	public void testMyEvents() throws Exception {
28 |         Authentication auth = new UsernamePasswordAuthenticationToken("user1@example.com", "user1");
29 |         SecurityContext securityContext = SecurityContextHolder.getContext();
30 |         securityContext.setAuthentication(auth);
31 | 
32 |         calendarService.findForUser(0);
33 |         SecurityContextHolder.clearContext();
34 | 	}
35 | 	
36 | 	@Test(expected = AuthenticationCredentialsNotFoundException.class)  
37 | 	public void testForbiddenEvents() throws Exception {
38 |         calendarService.findForUser(0);
39 | 	}
40 | 
41 | 	@Test(expected=AccessDeniedException.class)
42 | 	public void testWrongUserEvents() throws Exception {
43 |         Authentication auth = new UsernamePasswordAuthenticationToken("user2@example.com", "user2");
44 |         SecurityContext securityContext = SecurityContextHolder.getContext();
45 |         securityContext.setAuthentication(auth);
46 | 
47 |         calendarService.findForUser(0);
48 |         SecurityContextHolder.clearContext();
49 | 	}
50 | }
51 | 


--------------------------------------------------------------------------------
/spring-security-methodlevel-security/src/test/java/com/example/springsecurity/web/controllers/WebContextLoader.java:
--------------------------------------------------------------------------------
 1 | package com.example.springsecurity.web.controllers;
 2 | 
 3 | /*
 4 |  * Copyright 2011 the original author or authors.
 5 |  *
 6 |  * Licensed under the Apache License, Version 2.0 (the "License");
 7 |  * you may not use this file except in compliance with the License.
 8 |  * You may obtain a copy of the License at
 9 |  *
10 |  *      http://www.apache.org/licenses/LICENSE-2.0
11 |  *
12 |  * Unless required by applicable law or agreed to in writing, software
13 |  * distributed under the License is distributed on an "AS IS" BASIS,
14 |  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 |  * See the License for the specific language governing permissions and
16 |  * limitations under the License.
17 |  */
18 | 
19 | 
20 | 
21 | public class WebContextLoader extends GenericWebContextLoader {
22 | 
23 | 	public WebContextLoader() {
24 | 		super("src/main/webapp", false);
25 | 	}
26 | 
27 | }
28 | 


--------------------------------------------------------------------------------
/spring-security-methodlevel-security/src/test/resources/META-INF/spring/mvc-config.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <beans xmlns="http://www.springframework.org/schema/beans"
 3 |     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4 |     xmlns:context="http://www.springframework.org/schema/context"
 5 |     xmlns:sec="http://www.springframework.org/schema/security"
 6 |     xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
 7 |     http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
 8 |     http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">
 9 | 
10 |     <!-- Load com.example.springsecurity.web.config.WebMvcConfig -->
11 |     <context:component-scan base-package="com.example.springsecurity.web"/>
12 | 
13 | </beans>


--------------------------------------------------------------------------------
/spring-security-methodlevel-security/src/test/resources/META-INF/spring/security.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <bean:beans xmlns:bean="http://www.springframework.org/schema/beans"
 3 |     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4 |     xmlns="http://www.springframework.org/schema/security"
 5 |     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
 6 |         http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
 7 | 
 8 |     <global-method-security
 9 |         pre-post-annotations="enabled"/>
10 | 
11 |     <http pattern="/resources/**" security="none"/>
12 |     <http auto-config="true" use-expressions="true">
13 |         <intercept-url pattern="/"
14 |                 access="permitAll"/>
15 |         <intercept-url pattern="/login/*"
16 |                 access="permitAll"/>
17 |         <intercept-url pattern="/signup/*"
18 |                 access="permitAll"/>
19 |         <intercept-url pattern="/logout"
20 |                 access="permitAll"/>
21 |         <intercept-url pattern="/errors/**"
22 |                 access="permitAll"/>
23 |         <intercept-url pattern="/events/"
24 |                 access="hasRole('ROLE_ADMIN')"/>
25 |         <intercept-url pattern="/admin/**"
26 |                 access="hasRole('ROLE_ADMIN')"/>
27 |         <intercept-url pattern="/**"
28 |                 access="hasRole('ROLE_USER')"/>
29 |         <access-denied-handler error-page="/errors/403"/>
30 |         <form-login login-page="/login/form"
31 |                 login-processing-url="/login"
32 |                 username-parameter="username"
33 |                 password-parameter="password"
34 |                 authentication-failure-url="/login/form?error"
35 |                 default-target-url="/default"/>
36 |         <logout logout-url="/logout"
37 |                 logout-success-url="/login/form?logout"/>
38 |     </http>
39 |     <authentication-manager>
40 |         <authentication-provider ref="calendarUserAuthenticationProvider"/>
41 |     </authentication-manager>
42 | </bean:beans>
43 | 


--------------------------------------------------------------------------------
/spring-security-methodlevel-security/src/test/resources/log4j.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
 3 | 
 4 | <log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/" debug="false">
 5 |     <appender name="console" class="org.apache.log4j.ConsoleAppender">
 6 |         <param name="Target" value="System.out" />
 7 |         <layout class="org.apache.log4j.PatternLayout">
 8 |             <param name="ConversionPattern" value="%d [%t] %-5p %c - %m%n" />
 9 |         </layout>
10 |     </appender>
11 | 
12 |     <category name="org.springframework.security">
13 |         <priority value="DEBUG" />
14 |     </category>
15 | 
16 |     <root>
17 |         <priority value="WARN" />
18 |         <appender-ref ref="console" />
19 |     </root>
20 | </log4j:configuration>
21 | 


--------------------------------------------------------------------------------