Vállalati Információs Rendszerek
Java authentication frameworks

Spring Security

Feladatok:

Nézzük át a spring-mvc-security példakódot
- Spring MVC webalkalmazás (Boot-tal)
- Azonosítás nélkül

>java
%%loadFromPOM
<parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>1.5.8.RELEASE</version>
</parent>
<dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-thymeleaf</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-test</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-test</artifactId>
    </dependency>
</dependencies>

>bash
cd spring-mvc-security/initial/src/main/java/hello
vimcat MvcConfig.java

package hello;

import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;

@Configuration
public class MvcConfig extends WebMvcConfigurerAdapter {
    
    @Override
    public void addViewControllers(ViewControllerRegistry registry) {
        registry.addViewController("/home").setViewName("home");
        registry.addViewController("/").setViewName("home");
        registry.addViewController("/hello").setViewName("hello");
        registry.addViewController("/login").setViewName("login");
    }

}

>bash
vimcat Application.java

package hello;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
public class Application {

    public static void main(String[] args) throws Throwable {
        SpringApplication.run(Application.class, args);
    }

}

>bash
cd spring-mvc-security/initial/target
java -Dserver.port=9001 -jar gs-securing-web-0.1.0.jar

  .   ____          _            __ _ _
 /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
 \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  |____| .__|_| |_|_| |_\__, | / / / /
 =========|_|==============|___/=/_/_/_/
 :: Spring Boot ::        (v1.5.8.RELEASE)

2019-07-01 09:44:09.603  INFO 22168 --- [           main] hello.Application                        : Starting Application v0.1.0 on vir with PID 22168 (/home/vir/VIR_notebooks/09/spring-mvc-security/initial/target/gs-securing-web-0.1.0.jar started by vir in /home/vir/VIR_notebooks/09/spring-mvc-security/initial/target)
2019-07-01 09:44:09.611  INFO 22168 --- [           main] hello.Application                        : No active profile set, falling back to default profiles: default
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.codehaus.groovy.reflection.CachedClass (jar:file:/home/vir/VIR_notebooks/09/spring-mvc-security/initial/target/gs-securing-web-0.1.0.jar!/BOOT-INF/lib/groovy-2.4.12.jar!/) to method java.lang.Object.finalize()
WARNING: Please consider reporting this to the maintainers of org.codehaus.groovy.reflection.CachedClass
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
2019-07-01 09:44:14.628  INFO 22168 --- [           main] ationConfigEmbeddedWebApplicationContext : Refreshing org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@4f6ee6e4: startup date [Mon Jul 01 09:44:14 CEST 2019]; root of context hierarchy
2019-07-01 09:44:29.747  INFO 22168 --- [           main] s.b.c.e.t.TomcatEmbeddedServletContainer : Tomcat initialized with port(s): 9001 (http)
2019-07-01 09:44:29.829  INFO 22168 --- [           main] o.apache.catalina.core.StandardService   : Starting service [Tomcat]
2019-07-01 09:44:29.834  INFO 22168 --- [           main] org.apache.catalina.core.StandardEngine  : Starting Servlet Engine: Apache Tomcat/8.5.23
2019-07-01 09:44:30.367  INFO 22168 --- [ost-startStop-1] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring embedded WebApplicationContext
2019-07-01 09:44:30.368  INFO 22168 --- [ost-startStop-1] o.s.web.context.ContextLoader            : Root WebApplicationContext: initialization completed in 16004 ms
2019-07-01 09:44:30.775  INFO 22168 --- [ost-startStop-1] o.s.b.w.servlet.ServletRegistrationBean  : Mapping servlet: 'dispatcherServlet' to [/]
2019-07-01 09:44:30.797  INFO 22168 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'characterEncodingFilter' to: [/*]
2019-07-01 09:44:30.797  INFO 22168 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'hiddenHttpMethodFilter' to: [/*]
2019-07-01 09:44:30.798  INFO 22168 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'httpPutFormContentFilter' to: [/*]
2019-07-01 09:44:30.798  INFO 22168 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'requestContextFilter' to: [/*]
2019-07-01 09:44:31.571  INFO 22168 --- [           main] s.w.s.m.m.a.RequestMappingHandlerAdapter : Looking for @ControllerAdvice: org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@4f6ee6e4: startup date [Mon Jul 01 09:44:14 CEST 2019]; root of context hierarchy
2019-07-01 09:44:31.725  INFO 22168 --- [           main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/error],produces=[text/html]}" onto public org.springframework.web.servlet.ModelAndView org.springframework.boot.autoconfigure.web.BasicErrorController.errorHtml(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)
2019-07-01 09:44:31.727  INFO 22168 --- [           main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/error]}" onto public org.springframework.http.ResponseEntity<java.util.Map<java.lang.String, java.lang.Object>> org.springframework.boot.autoconfigure.web.BasicErrorController.error(javax.servlet.http.HttpServletRequest)
2019-07-01 09:44:31.751  INFO 22168 --- [           main] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped URL path [/home] onto handler of type [class org.springframework.web.servlet.mvc.ParameterizableViewController]
2019-07-01 09:44:31.751  INFO 22168 --- [           main] o.s.w.s.handler.SimpleUrlHandlerMapping  : Root mapping to handler of type [class org.springframework.web.servlet.mvc.ParameterizableViewController]
2019-07-01 09:44:31.751  INFO 22168 --- [           main] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped URL path [/hello] onto handler of type [class org.springframework.web.servlet.mvc.ParameterizableViewController]
2019-07-01 09:44:31.751  INFO 22168 --- [           main] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped URL path [/login] onto handler of type [class org.springframework.web.servlet.mvc.ParameterizableViewController]
2019-07-01 09:44:31.893  INFO 22168 --- [           main] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped URL path [/webjars/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2019-07-01 09:44:31.894  INFO 22168 --- [           main] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped URL path [/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2019-07-01 09:44:31.978  INFO 22168 --- [           main] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped URL path [/**/favicon.ico] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2019-07-01 09:44:33.043  INFO 22168 --- [           main] o.s.j.e.a.AnnotationMBeanExporter        : Registering beans for JMX exposure on startup
2019-07-01 09:44:33.261  INFO 22168 --- [           main] s.b.c.e.t.TomcatEmbeddedServletContainer : Tomcat started on port(s): 9001 (http)
2019-07-01 09:44:33.283  INFO 22168 --- [           main] hello.Application                        : Started Application in 31.937 seconds (JVM running for 36.296)
2019-07-01 09:45:27.496  INFO 22168 --- [nio-9001-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring FrameworkServlet 'dispatcherServlet'
2019-07-01 09:45:27.496  INFO 22168 --- [nio-9001-exec-1] o.s.web.servlet.DispatcherServlet        : FrameworkServlet 'dispatcherServlet': initialization started
2019-07-01 09:45:27.549  INFO 22168 --- [nio-9001-exec-1] o.s.web.servlet.DispatcherServlet        : FrameworkServlet 'dispatcherServlet': initialization completed in 53 ms

Látogassuk meg az oldalt: http://vir.inf.u-szeged.hu:9001
- A hello oldal korlátozás nélkül elérhető: http://vir.inf.u-szeged.hu:9001/hello
Módosítsuk a megoldást, hogy azonosítást kérjen a hello oldal eléréséhez (egy „USER” szerepkörrel)

>bash
cd spring-mvc-security/user_only/src/main/java/hello
vimcat WebSecurityConfig.java

package hello;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .antMatchers("/", "/home").permitAll()                
                .anyRequest().authenticated()
                .and()
            .formLogin()
                .loginPage("/login")
                .permitAll()
                .and()
            .logout()
                .permitAll();
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth
            .inMemoryAuthentication()
                .withUser("user").password("password").roles("USER");
    }
}

>bash
cd spring-mvc-security/user_only/target
java -Dserver.port=9001 -jar gs-securing-web-0.1.0.jar

  .   ____          _            __ _ _
 /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
 \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  |____| .__|_| |_|_| |_\__, | / / / /
 =========|_|==============|___/=/_/_/_/
 :: Spring Boot ::        (v1.5.8.RELEASE)

2019-07-01 10:09:47.349  INFO 25517 --- [           main] hello.Application                        : Starting Application v0.1.0 on vir with PID 25517 (/home/vir/VIR_notebooks/09/spring-mvc-security/user_only/target/gs-securing-web-0.1.0.jar started by vir in /home/vir/VIR_notebooks/09/spring-mvc-security/user_only/target)
2019-07-01 10:09:47.405  INFO 25517 --- [           main] hello.Application                        : No active profile set, falling back to default profiles: default
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.codehaus.groovy.reflection.CachedClass (jar:file:/home/vir/VIR_notebooks/09/spring-mvc-security/user_only/target/gs-securing-web-0.1.0.jar!/BOOT-INF/lib/groovy-2.4.12.jar!/) to method java.lang.Object.finalize()
WARNING: Please consider reporting this to the maintainers of org.codehaus.groovy.reflection.CachedClass
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
2019-07-01 10:09:48.005  INFO 25517 --- [           main] ationConfigEmbeddedWebApplicationContext : Refreshing org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@4f6ee6e4: startup date [Mon Jul 01 10:09:47 CEST 2019]; root of context hierarchy
2019-07-01 10:09:51.057  INFO 25517 --- [           main] s.b.c.e.t.TomcatEmbeddedServletContainer : Tomcat initialized with port(s): 9001 (http)
2019-07-01 10:09:51.145  INFO 25517 --- [           main] o.apache.catalina.core.StandardService   : Starting service [Tomcat]
2019-07-01 10:09:51.148  INFO 25517 --- [           main] org.apache.catalina.core.StandardEngine  : Starting Servlet Engine: Apache Tomcat/8.5.23
2019-07-01 10:09:51.442  INFO 25517 --- [ost-startStop-1] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring embedded WebApplicationContext
2019-07-01 10:09:51.443  INFO 25517 --- [ost-startStop-1] o.s.web.context.ContextLoader            : Root WebApplicationContext: initialization completed in 3465 ms
2019-07-01 10:09:51.794  INFO 25517 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'characterEncodingFilter' to: [/*]
2019-07-01 10:09:51.795  INFO 25517 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'hiddenHttpMethodFilter' to: [/*]
2019-07-01 10:09:51.795  INFO 25517 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'httpPutFormContentFilter' to: [/*]
2019-07-01 10:09:51.795  INFO 25517 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'requestContextFilter' to: [/*]
2019-07-01 10:09:51.797  INFO 25517 --- [ost-startStop-1] .s.DelegatingFilterProxyRegistrationBean : Mapping filter: 'springSecurityFilterChain' to: [/*]
2019-07-01 10:09:51.797  INFO 25517 --- [ost-startStop-1] o.s.b.w.servlet.ServletRegistrationBean  : Mapping servlet: 'dispatcherServlet' to [/]
2019-07-01 10:09:53.142  INFO 25517 --- [           main] o.s.s.web.DefaultSecurityFilterChain     : Creating filter chain: org.springframework.security.web.util.matcher.AnyRequestMatcher@1, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@3aee3976, org.springframework.security.web.context.SecurityContextPersistenceFilter@7555b920, org.springframework.security.web.header.HeaderWriterFilter@551a20d6, org.springframework.security.web.csrf.CsrfFilter@11389053, org.springframework.security.web.authentication.logout.LogoutFilter@db44aa2, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@7689ddef, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@5398edd0, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@182f1e9a, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@5ef8df1e, org.springframework.security.web.session.SessionManagementFilter@64c2b546, org.springframework.security.web.access.ExceptionTranslationFilter@2755d705, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@4d63b624]
2019-07-01 10:09:53.609  INFO 25517 --- [           main] s.w.s.m.m.a.RequestMappingHandlerAdapter : Looking for @ControllerAdvice: org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@4f6ee6e4: startup date [Mon Jul 01 10:09:47 CEST 2019]; root of context hierarchy
2019-07-01 10:09:53.731  INFO 25517 --- [           main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/error],produces=[text/html]}" onto public org.springframework.web.servlet.ModelAndView org.springframework.boot.autoconfigure.web.BasicErrorController.errorHtml(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)
2019-07-01 10:09:53.733  INFO 25517 --- [           main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/error]}" onto public org.springframework.http.ResponseEntity<java.util.Map<java.lang.String, java.lang.Object>> org.springframework.boot.autoconfigure.web.BasicErrorController.error(javax.servlet.http.HttpServletRequest)
2019-07-01 10:09:53.754  INFO 25517 --- [           main] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped URL path [/home] onto handler of type [class org.springframework.web.servlet.mvc.ParameterizableViewController]
2019-07-01 10:09:53.755  INFO 25517 --- [           main] o.s.w.s.handler.SimpleUrlHandlerMapping  : Root mapping to handler of type [class org.springframework.web.servlet.mvc.ParameterizableViewController]
2019-07-01 10:09:53.755  INFO 25517 --- [           main] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped URL path [/hello] onto handler of type [class org.springframework.web.servlet.mvc.ParameterizableViewController]
2019-07-01 10:09:53.757  INFO 25517 --- [           main] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped URL path [/login] onto handler of type [class org.springframework.web.servlet.mvc.ParameterizableViewController]
2019-07-01 10:09:53.757  INFO 25517 --- [           main] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped URL path [/error] onto handler of type [class org.springframework.web.servlet.mvc.ParameterizableViewController]
2019-07-01 10:09:53.779  INFO 25517 --- [           main] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped URL path [/webjars/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2019-07-01 10:09:53.779  INFO 25517 --- [           main] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped URL path [/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2019-07-01 10:09:53.893  INFO 25517 --- [           main] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped URL path [/**/favicon.ico] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2019-07-01 10:09:54.662  INFO 25517 --- [           main] o.s.j.e.a.AnnotationMBeanExporter        : Registering beans for JMX exposure on startup
2019-07-01 10:09:54.821  INFO 25517 --- [           main] s.b.c.e.t.TomcatEmbeddedServletContainer : Tomcat started on port(s): 9001 (http)
2019-07-01 10:09:54.840  INFO 25517 --- [           main] hello.Application                        : Started Application in 10.266 seconds (JVM running for 11.885)
2019-07-01 10:10:04.653  INFO 25517 --- [nio-9001-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring FrameworkServlet 'dispatcherServlet'
2019-07-01 10:10:04.653  INFO 25517 --- [nio-9001-exec-1] o.s.web.servlet.DispatcherServlet        : FrameworkServlet 'dispatcherServlet': initialization started
2019-07-01 10:10:04.683  INFO 25517 --- [nio-9001-exec-1] o.s.web.servlet.DispatcherServlet        : FrameworkServlet 'dispatcherServlet': initialization completed in 30 ms

Látogassuk meg az oldalt: http://vir.inf.u-szeged.hu:9001
- A hello oldal csak belépés után érhető el a fenti beégetett adatokkal: http://vir.inf.u-szeged.hu:9001/hello
Készítsünk egy hello2 oldalt is, amelyet viszont csak "ADMIN" jogosultsággal lehessen elérni, minden máshoz tetszőleges azonosított felhasználó férjen hozzá

>bash
cd spring-mvc-security/user_admin/src/main/java/hello
vimcat MvcConfig.java

package hello;

import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;

@Configuration
public class MvcConfig extends WebMvcConfigurerAdapter {
    
    @Override
    public void addViewControllers(ViewControllerRegistry registry) {
        registry.addViewController("/home").setViewName("home");
        registry.addViewController("/").setViewName("home");
        registry.addViewController("/hello").setViewName("hello");
        registry.addViewController("/hello2").setViewName("hello2");
        registry.addViewController("/login").setViewName("login");
        registry.addViewController("/error").setViewName("error");
    }

}

>bash
vimcat WebSecurityConfig.java

package hello;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .antMatchers("/", "/home").permitAll()
                .antMatchers("/hello2").hasRole("ADMIN")
                .anyRequest().authenticated()
                .and()
            .formLogin()
                .loginPage("/login")
                .permitAll()
                .and()
            .logout()
                .permitAll();
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth
            .inMemoryAuthentication()
                .withUser("user").password("password").roles("USER");
        
        auth
        .inMemoryAuthentication()
            .withUser("admin").password("admin1234").roles("ADMIN");
    }
}

>bash
cd spring-mvc-security/user_admin/target
java -Dserver.port=9001 -jar gs-securing-web-0.1.0.jar

  .   ____          _            __ _ _
 /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
 \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  |____| .__|_| |_|_| |_\__, | / / / /
 =========|_|==============|___/=/_/_/_/
 :: Spring Boot ::        (v1.5.8.RELEASE)

2019-07-01 10:14:34.505  INFO 26198 --- [           main] hello.Application                        : Starting Application v0.1.0 on vir with PID 26198 (/home/vir/VIR_notebooks/09/spring-mvc-security/user_admin/target/gs-securing-web-0.1.0.jar started by vir in /home/vir/VIR_notebooks/09/spring-mvc-security/user_admin/target)
2019-07-01 10:14:34.509  INFO 26198 --- [           main] hello.Application                        : No active profile set, falling back to default profiles: default
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.codehaus.groovy.reflection.CachedClass (jar:file:/home/vir/VIR_notebooks/09/spring-mvc-security/user_admin/target/gs-securing-web-0.1.0.jar!/BOOT-INF/lib/groovy-2.4.12.jar!/) to method java.lang.Object.finalize()
WARNING: Please consider reporting this to the maintainers of org.codehaus.groovy.reflection.CachedClass
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
2019-07-01 10:14:35.081  INFO 26198 --- [           main] ationConfigEmbeddedWebApplicationContext : Refreshing org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@4f6ee6e4: startup date [Mon Jul 01 10:14:35 CEST 2019]; root of context hierarchy
2019-07-01 10:14:37.967  INFO 26198 --- [           main] s.b.c.e.t.TomcatEmbeddedServletContainer : Tomcat initialized with port(s): 9001 (http)
2019-07-01 10:14:37.986  INFO 26198 --- [           main] o.apache.catalina.core.StandardService   : Starting service [Tomcat]
2019-07-01 10:14:37.988  INFO 26198 --- [           main] org.apache.catalina.core.StandardEngine  : Starting Servlet Engine: Apache Tomcat/8.5.23
2019-07-01 10:14:38.240  INFO 26198 --- [ost-startStop-1] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring embedded WebApplicationContext
2019-07-01 10:14:38.241  INFO 26198 --- [ost-startStop-1] o.s.web.context.ContextLoader            : Root WebApplicationContext: initialization completed in 3199 ms
2019-07-01 10:14:38.541  INFO 26198 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'characterEncodingFilter' to: [/*]
2019-07-01 10:14:38.542  INFO 26198 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'hiddenHttpMethodFilter' to: [/*]
2019-07-01 10:14:38.543  INFO 26198 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'httpPutFormContentFilter' to: [/*]
2019-07-01 10:14:38.543  INFO 26198 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'requestContextFilter' to: [/*]
2019-07-01 10:14:38.544  INFO 26198 --- [ost-startStop-1] .s.DelegatingFilterProxyRegistrationBean : Mapping filter: 'springSecurityFilterChain' to: [/*]
2019-07-01 10:14:38.544  INFO 26198 --- [ost-startStop-1] o.s.b.w.servlet.ServletRegistrationBean  : Mapping servlet: 'dispatcherServlet' to [/]
2019-07-01 10:14:39.325  INFO 26198 --- [           main] o.s.s.web.DefaultSecurityFilterChain     : Creating filter chain: org.springframework.security.web.util.matcher.AnyRequestMatcher@1, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@5ef8df1e, org.springframework.security.web.context.SecurityContextPersistenceFilter@7a11c4c7, org.springframework.security.web.header.HeaderWriterFilter@560cbf1a, org.springframework.security.web.csrf.CsrfFilter@538613b3, org.springframework.security.web.authentication.logout.LogoutFilter@3574e198, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@687a762c, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@4152d38d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@61edc883, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@27cf3151, org.springframework.security.web.session.SessionManagementFilter@551a20d6, org.springframework.security.web.access.ExceptionTranslationFilter@7df587ef, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@466cf502]
2019-07-01 10:14:39.609  INFO 26198 --- [           main] s.w.s.m.m.a.RequestMappingHandlerAdapter : Looking for @ControllerAdvice: org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@4f6ee6e4: startup date [Mon Jul 01 10:14:35 CEST 2019]; root of context hierarchy
2019-07-01 10:14:39.763  INFO 26198 --- [           main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/error]}" onto public org.springframework.http.ResponseEntity<java.util.Map<java.lang.String, java.lang.Object>> org.springframework.boot.autoconfigure.web.BasicErrorController.error(javax.servlet.http.HttpServletRequest)
2019-07-01 10:14:39.766  INFO 26198 --- [           main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/error],produces=[text/html]}" onto public org.springframework.web.servlet.ModelAndView org.springframework.boot.autoconfigure.web.BasicErrorController.errorHtml(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)
2019-07-01 10:14:39.790  INFO 26198 --- [           main] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped URL path [/home] onto handler of type [class org.springframework.web.servlet.mvc.ParameterizableViewController]
2019-07-01 10:14:39.791  INFO 26198 --- [           main] o.s.w.s.handler.SimpleUrlHandlerMapping  : Root mapping to handler of type [class org.springframework.web.servlet.mvc.ParameterizableViewController]
2019-07-01 10:14:39.791  INFO 26198 --- [           main] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped URL path [/hello] onto handler of type [class org.springframework.web.servlet.mvc.ParameterizableViewController]
2019-07-01 10:14:39.791  INFO 26198 --- [           main] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped URL path [/hello2] onto handler of type [class org.springframework.web.servlet.mvc.ParameterizableViewController]
2019-07-01 10:14:39.791  INFO 26198 --- [           main] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped URL path [/login] onto handler of type [class org.springframework.web.servlet.mvc.ParameterizableViewController]
2019-07-01 10:14:39.791  INFO 26198 --- [           main] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped URL path [/error] onto handler of type [class org.springframework.web.servlet.mvc.ParameterizableViewController]
2019-07-01 10:14:39.821  INFO 26198 --- [           main] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped URL path [/webjars/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2019-07-01 10:14:39.821  INFO 26198 --- [           main] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped URL path [/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2019-07-01 10:14:39.884  INFO 26198 --- [           main] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped URL path [/**/favicon.ico] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2019-07-01 10:14:40.626  INFO 26198 --- [           main] o.s.j.e.a.AnnotationMBeanExporter        : Registering beans for JMX exposure on startup
2019-07-01 10:14:40.749  INFO 26198 --- [           main] s.b.c.e.t.TomcatEmbeddedServletContainer : Tomcat started on port(s): 9001 (http)
2019-07-01 10:14:40.761  INFO 26198 --- [           main] hello.Application                        : Started Application in 7.468 seconds (JVM running for 9.62)
2019-07-01 10:14:54.162  INFO 26198 --- [nio-9001-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring FrameworkServlet 'dispatcherServlet'
2019-07-01 10:14:54.162  INFO 26198 --- [nio-9001-exec-1] o.s.web.servlet.DispatcherServlet        : FrameworkServlet 'dispatcherServlet': initialization started
2019-07-01 10:14:54.184  INFO 26198 --- [nio-9001-exec-1] o.s.web.servlet.DispatcherServlet        : FrameworkServlet 'dispatcherServlet': initialization completed in 22 ms

Látogassuk meg az oldalt: http://vir.inf.u-szeged.hu:9001
- A hello oldal csak belépés után érhető el (akár user akár admin felhasználóval) a fenti beégetett adatokkal: http://vir.inf.u-szeged.hu:9001/hello
- A hello2 oldal csak admin felhasználóval érhető el a fenti beégetett adatokkal: http://vir.inf.u-szeged.hu:9001/hello2

Feladat:

Módosítsuk az alkalmazást, hogy az adatokat ne beégetve keresse, hanem adatbázisban tárolja, amit JDBC-vel érünk el. (7 pont)
A jelszavakat bcrypt kódolással tároljuk el! (3 pont)

Vállalati Információs Rendszerek

Java authentication frameworks

Spring Security