Spring web app sample (#102)

SomkaPe · web-flow · commit 3794ea75e2d4 · 2019-10-11T11:15:26.000-07:00
diff --git a/src/samples/spring-security-web-app/pom.xml b/src/samples/spring-security-web-app/pom.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+	<parent>
+		<groupId>org.springframework.boot</groupId>
+		<artifactId>spring-boot-starter-parent</artifactId>
+		<version>2.1.8.RELEASE</version>
+		<relativePath/>
+	</parent>
+	<groupId>com.microsoft.azure</groupId>
+	<artifactId>spring-security-web-app</artifactId>
+	<version>0.0.1-SNAPSHOT</version>
+	<name>spring-security-web-app</name>
+	<description>Web app with Spring Security</description>
+
+	<properties>
+		<java.version>1.8</java.version>
+	</properties>
+
+	<dependencies>
+
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-web</artifactId>
+		</dependency>
+
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-thymeleaf</artifactId>
+		</dependency>
+
+		<dependency>
+			<groupId>org.thymeleaf.extras</groupId>
+			<artifactId>thymeleaf-extras-springsecurity5</artifactId>
+		</dependency>
+
+		<dependency>
+			<groupId>org.thymeleaf</groupId>
+			<artifactId>thymeleaf-spring5</artifactId>
+		</dependency>
+
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-security</artifactId>
+		</dependency>
+
+		<dependency>
+			<groupId>org.springframework.security.oauth.boot</groupId>
+			<artifactId>spring-security-oauth2-autoconfigure</artifactId>
+			<version>2.1.8.RELEASE</version>
+		</dependency>
+
+	</dependencies>
+
+	<build>
+		<plugins>
+			<plugin>
+				<groupId>org.springframework.boot</groupId>
+				<artifactId>spring-boot-maven-plugin</artifactId>
+			</plugin>
+		</plugins>
+	</build>
+
+</project>
diff --git a/src/samples/spring-security-web-app/src/main/java/com/microsoft/azure/springsecuritywebapp/AppConfiguration.java b/src/samples/spring-security-web-app/src/main/java/com/microsoft/azure/springsecuritywebapp/AppConfiguration.java
@@ -0,0 +1,33 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.microsoft.azure.springsecuritywebapp;
+
+import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+
+@Configuration
+@EnableOAuth2Sso
+@Order(value = 0)
+public class AppConfiguration extends WebSecurityConfigurerAdapter {
+
+    @Override
+    public void configure(HttpSecurity http) throws Exception {
+
+        http.antMatcher("/**")
+                .authorizeRequests()
+                .antMatchers("/", "/login**", "/error**")
+                    .permitAll()
+                .anyRequest()
+                    .authenticated()
+                .and()
+                    .logout()
+                        .deleteCookies()
+                        .invalidateHttpSession(true)
+                        .logoutSuccessUrl("/");
+    }
+}
diff --git a/src/samples/spring-security-web-app/src/main/java/com/microsoft/azure/springsecuritywebapp/SecurePageController.java b/src/samples/spring-security-web-app/src/main/java/com/microsoft/azure/springsecuritywebapp/SecurePageController.java
@@ -0,0 +1,26 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.microsoft.azure.springsecuritywebapp;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.servlet.ModelAndView;
+
+@Controller
+public class SecurePageController {
+
+    @RequestMapping("/secure_page")
+    public ModelAndView securePage(){
+        ModelAndView mav = new ModelAndView("secure_page");
+
+        return mav;
+    }
+
+    @RequestMapping("/")
+    public ModelAndView indexPage() {
+        ModelAndView mav = new ModelAndView("index");
+
+        return mav;
+    }
+}
diff --git a/src/samples/spring-security-web-app/src/main/java/com/microsoft/azure/springsecuritywebapp/SpringSecurityWebAppApplication.java b/src/samples/spring-security-web-app/src/main/java/com/microsoft/azure/springsecuritywebapp/SpringSecurityWebAppApplication.java
@@ -0,0 +1,15 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.microsoft.azure.springsecuritywebapp;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class SpringSecurityWebAppApplication {
+
+    public static void main(String[] args) {
+        SpringApplication.run(SpringSecurityWebAppApplication.class, args);
+    }
+}
diff --git a/src/samples/spring-security-web-app/src/main/resources/application.properties b/src/samples/spring-security-web-app/src/main/resources/application.properties
@@ -0,0 +1,16 @@
+logging.level.org.springframework.*=DEBUG
+
+ssoServiceUrl=https://login.microsoftonline.com/common
+
+security.oauth2.client.client-id=
+security.oauth2.client.client-secret=
+security.oauth2.client.scope=openid profile
+security.oauth2.client.authentication-scheme=header
+security.oauth2.client.client-authentication-scheme=form
+
+security.oauth2.issuer=https://login.microsoftonline.com/<TenantId>/v2.0
+
+security.oauth2.client.access-token-uri=${ssoServiceUrl}/oauth2/v2.0/token
+security.oauth2.client.user-authorization-uri=${ssoServiceUrl}/oauth2/v2.0/authorize
+
+security.oauth2.resource.user-info-uri=https://graph.microsoft.com/oidc/userinfo
diff --git a/src/samples/spring-security-web-app/src/main/resources/templates/index.html b/src/samples/spring-security-web-app/src/main/resources/templates/index.html
@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<head>
+    <meta charset="UTF-8">
+    <title>HomePage</title>
+</head>
+<body>
+<h3>Home Page</h3>
+
+<form action="/secure_page">
+    <input type="submit" value="Login">
+</form>
+
+</body>
+</html>
diff --git a/src/samples/spring-security-web-app/src/main/resources/templates/secure_page.html b/src/samples/spring-security-web-app/src/main/resources/templates/secure_page.html
@@ -0,0 +1,26 @@
+
+<!DOCTYPE html>
+
+<html xmlns:th="https://www.thymeleaf.org"
+      xmlns:sec="https://www.thymeleaf.org/thymeleaf-extras-springsecurity5">
+
+<head>
+    <meta charset="UTF-8">
+    <title>Main</title>
+</head>
+<body>
+
+<div sec:authorize="isAuthenticated()">Authenticated as <span sec:authentication="name"></span></div>
+
+
+<form method="post" action="/logout">
+    <input
+            type="hidden"
+            th:name="${_csrf.parameterName}"
+            th:value="${_csrf.token}" />
+
+    <input type="submit"  value="Logout">
+</form>
+
+</body>
+</html>
