https://github.com/bearddan2000/scala-web-sbt-spring-jsp-reset-remeber-me-insecure-3des-encrypt-argon2-encoded
A springboot secure web app with jsp support.
https://github.com/bearddan2000/scala-web-sbt-spring-jsp-reset-remeber-me-insecure-3des-encrypt-argon2-encoded
3des argon2 bootstrap datatable encoded encrypt gradle insecure jquery jsp me remeber reset sbt scala spring springboot web
Last synced: 2 months ago
JSON representation
A springboot secure web app with jsp support.
- Host: GitHub
- URL: https://github.com/bearddan2000/scala-web-sbt-spring-jsp-reset-remeber-me-insecure-3des-encrypt-argon2-encoded
- Owner: bearddan2000
- Created: 2022-08-28T18:44:04.000Z (almost 3 years ago)
- Default Branch: main
- Last Pushed: 2022-08-28T18:44:06.000Z (almost 3 years ago)
- Last Synced: 2025-01-29T16:42:55.956Z (4 months ago)
- Topics: 3des, argon2, bootstrap, datatable, encoded, encrypt, gradle, insecure, jquery, jsp, me, remeber, reset, sbt, scala, spring, springboot, web
- Language: Scala
- Homepage: https://github.com/bearddan2000/scala-web-sbt-spring-jsp-reset-remeber-me-insecure-3des-encrypt-argon2-encoded
- Size: 15.6 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# scala-web-sbt-spring-jsp-reset-remeber-me-insecure-3des-encrypt-argon2-encoded
## Description
A springboot secure web app with jsp support.
Three roles are defined; USER, ADMIN, and SUPER. All roles
can access pages `/home`, `/login`, and `/about`. Only USER
can access `/user` and ADMIN only `/admin` whereas SUPER can
navigate to either and have its own `/super`. Each role
has an action USER=VIEW ONLY, ADMIN=READ/WRITE, SUPER=CREATE.
All password are 3DES encrypted and encoded with argon2.
Presents a register form to create an inMemoryUser.
Once the user is created it is given the `USER` role
by default and auto logged in.
Presents a reset form to reset passwords on any user,
by default the user is reassigned `USER` role and auto
logged in. Only restriction on passwords are they match;
all validation is done client side.
Uses the rememberMe cookie for a 2 min window
this as well as other setting can be found in
`config/Security.scala`. One way to test is the following:
- Set rememberMe checkbox
- login
- set a bookmark to the secured page
- open a new window
- use the bookmark
rememberMe cookie does not redirect it only authenticates.
## Tech stack
- scala
- gradle
- springboot
- jsp
- bootstrap
- jquery
- datatable
## Docker stack
- hseeberger/scala-sbt:11.0.2-oraclelinux7_1.3.5_2.12.10
## To run
`sudo ./install.sh -u`
Available at http://localhost
- Login with id: user and password: pass
- Login with id: admin and password: pass
- Login with id: super and password: pass
## To stop (optional)
`sudo ./install.sh -d`
## For help
`sudo ./install.sh -h`