Updates to usecases

ranjani2412 · ranjani2412 · commit f2e38be788ce · 2023-01-11T05:04:01.000+11:00
diff --git a/spring-security/getting-started/SecureApplication/src/main/java/com/reflectoring/security/config/SecurityConfiguration.java b/spring-security/getting-started/SecureApplication/src/main/java/com/reflectoring/security/config/SecurityConfiguration.java
@@ -2,17 +2,48 @@
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 
 @Configuration
 @EnableWebSecurity
 public class SecurityConfiguration {
+
+    public static final String[] ENDPOINTS_WHITELIST = {
+            "/css/**",
+            "/",
+            "/login",
+            "/home"
+    };
+    public static final String LOGIN_URL = "/login";
+    public static final String LOGIN_FAIL_URL = LOGIN_URL + "?error";
+    public static final String DEFAULT_SUCCESS_URL = "/home";
+    public static final String USERNAME = "username";
+    public static final String PASSWORD = "password";
+
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        http.formLogin()
-                .defaultSuccessUrl("/home", true);
+        http.authorizeRequests(request -> request.antMatchers(ENDPOINTS_WHITELIST).permitAll()
+                        .anyRequest().authenticated())
+                .csrf().disable()
+                //.formLogin(Customizer.withDefaults())
+                .formLogin(form -> form
+                        .loginPage(LOGIN_URL)
+                        .loginProcessingUrl(LOGIN_URL)
+                        .failureUrl(LOGIN_FAIL_URL)
+                        .usernameParameter(USERNAME)
+                        .passwordParameter(PASSWORD)
+                        .defaultSuccessUrl(DEFAULT_SUCCESS_URL))
+                //.logout(Customizer.withDefaults())
+                .logout(logout -> logout
+                        .logoutUrl("/logout")
+                        .invalidateHttpSession(true)
+                        .deleteCookies("JSESSIONID")
+                        .logoutSuccessUrl(LOGIN_URL + "?logout"));
         return http.build();
     }
 }
+
diff --git a/spring-security/getting-started/SecureApplication/src/main/java/com/reflectoring/security/web/LoginController.java b/spring-security/getting-started/SecureApplication/src/main/java/com/reflectoring/security/web/LoginController.java
@@ -0,0 +1,13 @@
+package com.reflectoring.security.web;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
+
+@Controller
+public class LoginController {
+
+    @GetMapping("/login")
+    String login() {
+        return "login";
+    }
+}
diff --git a/spring-security/getting-started/SecureApplication/src/main/resources/templates/login.html b/spring-security/getting-started/SecureApplication/src/main/resources/templates/login.html
@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="https://www.thymeleaf.org">
+<head>
+    <title>Please Log In</title>
+</head>
+<body>
+<h1>Please Log In</h1>
+<div th:if="${param.error}">
+    Invalid username and password.</div>
+<div th:if="${param.logout}">
+    You have been logged out.</div>
+<form th:action="@{/login}" method="post">
+    <div>
+        <input type="text" name="username" placeholder="Username"/>
+    </div>
+    <div>
+        <input type="password" name="password" placeholder="Password"/>
+    </div>
+    <input type="submit" value="Log in" />
+</form>
+</body>
+</html>
+
