Added 03 Spring Security Refined for Spring tutorial.

Author: dogeared

tutorials/spring-boot/03-spring-security-refined/src/main/java/com/stormpath/tutorial/config/Groups.java

@@ -28,6 +28,6 @@ public class Groups {
 
     @Autowired
     public Groups(Environment env) {
-        USER = env.getProperty("stormpath.authorized.group.user");
+        USER = env.getProperty("stormpath.authorized.user.group.href");
     }
 }

tutorials/spring-boot/04-a-finer-grain-of-control/src/main/java/com/stormpath/tutorial/config/Groups.java

@@ -28,6 +28,6 @@ public class Groups {
 
     @Autowired
     public Groups(Environment env) {
-        USER = env.getProperty("stormpath.authorized.group.user");
+        USER = env.getProperty("stormpath.authorized.user.group.href");
     }
 }

tutorials/spring/02-spring-security-ftw/src/main/java/com/stormpath/tutorial/SpringSecurityWebAppConfig.java

@@ -36,11 +36,12 @@ public class SpringSecurityWebAppConfig extends WebSecurityConfigurerAdapter {
     protected void configure(HttpSecurity http) throws Exception {
 
         http
-            .apply(stormpath()).and() // Starting with Spring Security 4.2 we do not need to explicitly apply the Stormpath configuration in Spring Boot but it is still required in Spring
-            .authorizeRequests()
-            .antMatchers("/restricted").fullyAuthenticated()
-            .antMatchers("/**").permitAll()
+            .apply(stormpath())
+            .and() // Starting with Spring Security 4.2 we do not need to explicitly apply the Stormpath configuration in Spring Boot but it is still required in Spring
+                .authorizeRequests()
+                .antMatchers("/restricted").fullyAuthenticated()
+                .antMatchers("/**").permitAll()
             .and()
-            .exceptionHandling().accessDeniedPage("/403");
+                .exceptionHandling().accessDeniedPage("/403");
     }
 }

tutorials/spring/03-spring-security-refined/pom.xml

@@ -0,0 +1,116 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2016 Stormpath, Inc.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>com.stormpath.sdk</groupId>
+        <artifactId>stormpath-sdk-tutorials-spring</artifactId>
+        <version>1.3.0-SNAPSHOT</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+
+    <groupId>com.stormpath.spring</groupId>
+    <artifactId>stormpath-sdk-tutorials-spring-security-webmvc-spring-security-refined</artifactId>
+    <version>1.3.0-SNAPSHOT</version>
+
+    <name>Stormpath Java SDK :: Tutorials :: Spring Security WebMVC :: Spring Security Refined</name>
+    <description>A simple Spring Security Web MVC application with out-of-the-box login and self-service screens!</description>
+    <packaging>war</packaging>
+
+    <dependencies>
+        <!-- Compile-time dependencies: -->
+        <dependency>
+            <groupId>com.stormpath.spring</groupId>
+            <artifactId>stormpath-spring-security-webmvc</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>javax.servlet-api</artifactId>
+            <version>${servlet.version}</version>
+            <scope>provided</scope>
+        </dependency>
+
+        <!-- Runtime-only dependencies: -->
+        <dependency>
+            <groupId>com.stormpath.sdk</groupId>
+            <artifactId>stormpath-sdk-httpclient</artifactId>
+            <version>${project.version}</version>
+            <scope>runtime</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>jcl-over-slf4j</artifactId>
+            <version>${slf4j.version}</version>
+            <scope>runtime</scope>
+        </dependency>
+        <dependency>
+            <groupId>ch.qos.logback</groupId>
+            <artifactId>logback-classic</artifactId>
+            <version>${logback.version}</version>
+            <scope>runtime</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-taglibs</artifactId>
+            <version>${spring.security.version}</version>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>3.2</version>
+                <configuration>
+                    <source>${jdk.version}</source>
+                    <target>${jdk.version}</target>
+                    <encoding>${project.build.sourceEncoding}</encoding>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-war-plugin</artifactId>
+                <version>2.6</version>
+                <configuration>
+                    <failOnMissingWebXml>false</failOnMissingWebXml>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.tomcat.maven</groupId>
+                <artifactId>tomcat7-maven-plugin</artifactId>
+                <version>2.2</version>
+                <configuration>
+                    <path>/</path>
+                    <server>
+                        <autoDeploy>true</autoDeploy>
+                        <backgroundProcessorDelay>10</backgroundProcessorDelay>
+                    </server>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-deploy-plugin</artifactId>
+                <version>2.8.2</version>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>

tutorials/spring/03-spring-security-refined/src/main/java/com/stormpath/tutorial/ErrorController.java

@@ -0,0 +1,41 @@
+/*
+ * Copyright 2016 Stormpath, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.stormpath.tutorial;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * @since 1.3.0
+ */
+@Controller
+public class ErrorController {
+
+    @RequestMapping("/403")
+    public String forbidden(Model model) {
+        Map<String, String> errors = new HashMap<>();
+        errors.put("status", "403");
+        errors.put("message", "Access is Denied");
+
+        model.addAttribute("errors", errors);
+
+        return "error";
+    }
+}

tutorials/spring/03-spring-security-refined/src/main/java/com/stormpath/tutorial/Groups.java

@@ -0,0 +1,33 @@
+/*
+ * Copyright 2016 Stormpath, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.stormpath.tutorial;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.env.Environment;
+import org.springframework.stereotype.Component;
+
+/**
+ * @since 1.3.0
+ */
+@Component
+public class Groups {
+    public final String USER;
+
+    @Autowired
+    public Groups(Environment env) {
+        USER = env.getProperty("stormpath.authorized.user.group.href");
+    }
+}

tutorials/spring/03-spring-security-refined/src/main/java/com/stormpath/tutorial/HelloController.java

@@ -0,0 +1,56 @@
+/*
+ * Copyright 2016 Stormpath, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.stormpath.tutorial;
+
+import com.stormpath.sdk.servlet.account.AccountResolver;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.util.Assert;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * @since 1.3.0
+ */
+@Controller
+public class HelloController {
+
+    private HelloService helloService;
+
+    @Autowired
+    public HelloController(HelloService helloService) {
+        Assert.notNull(helloService);
+        this.helloService = helloService;
+    }
+
+    @RequestMapping("/")
+    String home(HttpServletRequest req, Model model) {
+        model.addAttribute("status", req.getParameter("status"));
+        return "home";
+    }
+
+    @RequestMapping("/restricted")
+    String restricted(HttpServletRequest req, Model model) {
+        String msg = helloService.sayHello(
+            AccountResolver.INSTANCE.getAccount(req)
+        );
+        model.addAttribute("msg", msg);
+        return "restricted";
+    }
+
+}

tutorials/spring/03-spring-security-refined/src/main/java/com/stormpath/tutorial/HelloService.java

@@ -0,0 +1,32 @@
+/*
+ * Copyright 2016 Stormpath, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.stormpath.tutorial;
+
+import com.stormpath.sdk.account.Account;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.stereotype.Service;
+
+/**
+ * @since 1.3.0
+ */
+@Service
+public class HelloService {
+    @PreAuthorize("hasAuthority(@groups.USER)")
+    public String sayHello(Account account) {
+        return "Hello, " + account.getGivenName() +
+            ". You have the required permissions to access this restricted resource.";
+    }
+}

tutorials/spring/03-spring-security-refined/src/main/java/com/stormpath/tutorial/SpringSecurityWebAppConfig.java

@@ -0,0 +1,47 @@
+/*
+ * Copyright 2016 Stormpath, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.stormpath.tutorial;
+
+import com.stormpath.spring.config.EnableStormpathWebSecurity;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.PropertySource;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+import static com.stormpath.spring.config.StormpathWebSecurityConfigurer.stormpath;
+
+/**
+ * @since 1.3.0
+ */
+@Configuration
+@ComponentScan
+@PropertySource("classpath:application.properties")
+@EnableStormpathWebSecurity
+public class SpringSecurityWebAppConfig extends WebSecurityConfigurerAdapter {
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+
+        http
+            .apply(stormpath())
+            .and() // Starting with Spring Security 4.2 we do not need to explicitly apply the Stormpath configuration in Spring Boot but it is still required in Spring
+                .authorizeRequests()
+                .antMatchers("/restricted").fullyAuthenticated()
+                .antMatchers("/**").permitAll()
+            .and()
+                .exceptionHandling().accessDeniedPage("/403");
+    }
+}