Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/leosimoes/java-spring-in-memory-authenticator

Java project with Spring and Gradle for basic in-memory authentication with authorization for routes.
https://github.com/leosimoes/java-spring-in-memory-authenticator

authentication autorization java spring

Last synced: 8 days ago
JSON representation

Java project with Spring and Gradle for basic in-memory authentication with authorization for routes.

Host: GitHub
URL: https://github.com/leosimoes/java-spring-in-memory-authenticator
Owner: leosimoes
Created: 2024-03-30T19:13:40.000Z (10 months ago)
Default Branch: master
Last Pushed: 2024-04-04T17:45:58.000Z (10 months ago)
Last Synced: 2024-12-02T12:16:54.655Z (2 months ago)
Topics: authentication, autorization, java, spring
Language: Java
Homepage:
Size: 437 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        # Spring Security - In-memory Authenticator

Java project with Spring and Gradle for basic in-memory authentication with authorization for routes.

UML Class Diagram:

![Image-04-InMemoryAuthenticator](images/Img-04-UML-Class-InMemoryAuthenticator.png)

Routes:

- `/`

- `/users`

- `/admins`

- `/accessDenied`

## Steps

The steps of project implementation:

1. Create project (in IntelliJ) with:

- Java language (17);

- Spring Framework (6.2.3);

- Dependencies: Web and Security.

![Image-01-IntelliJ](images/Img-01-IntelliJ.png)

2. Create the `RoutesController` class:

- in the `controllers` package;

- with the annotation `@RestController`;

- with the routes `/`, `/users`, `/admins`, `/accessDenied` of type GET.

![Image-02-RoutesController](images/Img-02-UML-Class-RoutesController.png)

3. Create the `SecurityConfig` class:

- in the `security` package;

- with the annotations `@Configuration` and `@EnableWebSecurity`;

- with all methods annotated with `@Bean`;

- with the following public methods:

    - `SecurityFilterChain securityFilterChain(HttpSecurity http)` to configure authorization for each route;

    - `UserDetailsService userDetailsService()` to create users;

    - `PasswordEncoder passwordEncoder()` to return an instance of `BCryptPasswordEncoder`;

    - `AuthenticationManager authenticationManager(UserDetailsService UserDetailsService,

      PasswordEncoder passwordEncoder)` to customize the authenticator with passwordEncoder;

![Image-03-SecurityConfig](images/Img-03-UML-Class-SecurityConfig.png)

## Code

```java

@RestController

public class RoutesController {

    @GetMapping("/")

    public String home(){

        return "Home Page - Allowed for everyone";

    }

    @GetMapping("/users")

    public String users(){

        return "Users Page - Allowed for logged-in users and administrators";

    }

    @GetMapping("/admins")

    public String admins(){

        return "Admins Page - Allowed for logged-in admins";

    }

    @GetMapping("/accessDenied")

    public String accessDenied(){

        return "Access denied Page";

    }

}

```

```java

@Configuration

@EnableWebSecurity

public class SecurityConfig {

    @Bean

    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {

        http

                .authorizeHttpRequests((authorize) -> authorize

                        .requestMatchers("/").permitAll()

                        .requestMatchers("/users").hasAnyRole("USER", "ADMIN")

                        .requestMatchers("/admins").hasRole("ADMIN")

                        .anyRequest().authenticated())

                .exceptionHandling(ex -> ex.accessDeniedPage("/accessDenied"))

                .httpBasic(Customizer.withDefaults())

                .formLogin(AbstractHttpConfigurer::disable)

                .logout(AbstractHttpConfigurer::disable)

                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)

                );

        return http.build();

    }

    @Bean

    public UserDetailsService userDetailsService() {

        UserDetails user = User

                .withDefaultPasswordEncoder()

                .username("usuario")

                .password("senha")

                .roles("USER")

                .build();

        UserDetails admin = User

                .withDefaultPasswordEncoder()

                .username("administrador")

                .password("codigo")

                .roles("ADMIN")

                .build();

        return new InMemoryUserDetailsManager(user, admin);

    }

    @Bean

    public PasswordEncoder passwordEncoder() {

        return PasswordEncoderFactories.createDelegatingPasswordEncoder();

    }

    @Bean

    public AuthenticationManager authenticationManager(UserDetailsService UserDetailsService,

                                                       PasswordEncoder passwordEncoder) {

        DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();

        daoAuthenticationProvider.setUserDetailsService(UserDetailsService);

        daoAuthenticationProvider.setPasswordEncoder(passwordEncoder);

        return new ProviderManager(daoAuthenticationProvider);

    }

}

```

## References

https://docs.spring.io/spring-security/reference/servlet/authentication/passwords/index.html