Add Basic Authentication

Author: KarstenSchnitter

sample-spring-boot/pom.xml

@@ -59,7 +59,16 @@
 			<artifactId>spring-boot-configuration-processor</artifactId>
 			<optional>true</optional>
 		</dependency>
-
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-security</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-test</artifactId>
+			<scope>test</scope>
+		</dependency>
+		
 		<!-- We're using the Servlet Filter instrumentation -->
 		<dependency>
 			<groupId>com.sap.hcp.cf.logging</groupId>

sample-spring-boot/src/main/java/com/sap/hcp/cf/logging/sample/springboot/SampleAppSpringBootApplication.java

@@ -9,6 +9,7 @@
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
 import com.sap.hcp.cf.logging.sample.springboot.keystore.KeyStoreDynLogConfiguration;
@@ -30,15 +31,15 @@ public static void main(String[] args) {
 	}
 
 	/**
-	 * Registers a customized {@link RequestLoggingFilter} with the servlet.
-	 * We inject our own dynamic logging configuration, that contains the public RSA key from our keystore.
+	 * Registers a customized {@link RequestLoggingFilter} with the servlet. We
+	 * inject our own dynamic logging configuration, that contains the public RSA
+	 * key from our keystore.
 	 * 
 	 * @param dynLogConfig autowired with {@link KeyStoreDynLogConfiguration}
 	 * @return a registration of the {@link RequestLoggingFilter}
 	 */
 	@Bean
-	public FilterRegistrationBean<MyLoggingFilter> loggingFilter(
-			@Autowired DynamicLogLevelConfiguration dynLogConfig) {
+	public FilterRegistrationBean<MyLoggingFilter> loggingFilter(@Autowired DynamicLogLevelConfiguration dynLogConfig) {
 		FilterRegistrationBean<MyLoggingFilter> registrationBean = new FilterRegistrationBean<>();
 		registrationBean.setFilter(new MyLoggingFilter(dynLogConfig));
 		registrationBean.setName("request-logging");
@@ -49,6 +50,7 @@ public FilterRegistrationBean<MyLoggingFilter> loggingFilter(
 
 	/**
 	 * Provides a global {@link Clock} instance. Useful for testing.
+	 * 
 	 * @return the global clock
 	 */
 	@Bean
@@ -57,11 +59,21 @@ public Clock clock() {
 	}
 
 	private class MyLoggingFilter extends CompositeFilter {
-		
+
 		private MyLoggingFilter(DynamicLogLevelConfiguration dynLogConfig) {
 			super(new AddVcapEnvironmentToLogContextFilter(), new AddHttpHeadersToLogContextFilter(),
 					new CorrelationIdFilter(), new DynamicLogLevelFilter(() -> dynLogConfig),
 					new GenerateRequestLogFilter());
 		}
 	}
+
+	/**
+	 * Provides a {@link BCryptPasswordEncoder} for Basic-Auth.
+	 * 
+	 * @return the encoder
+	 */
+	@Bean
+	public BCryptPasswordEncoder encoder() {
+		return new BCryptPasswordEncoder();
+	}
 }

sample-spring-boot/src/main/java/com/sap/hcp/cf/logging/sample/springboot/config/BasicAuthenticationConfiguration.java

@@ -0,0 +1,29 @@
+package com.sap.hcp.cf.logging.sample.springboot.config;
+
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+@ConfigurationProperties(prefix = "auth.basic")
+public class BasicAuthenticationConfiguration {
+
+	private String username;
+	private String password;
+
+	public String getUsername() {
+		return username;
+	}
+
+	public void setUsername(String username) {
+		this.username = username;
+	}
+
+	public String getPassword() {
+		return password;
+	}
+
+	public void setPassword(String password) {
+		this.password = password;
+	}
+
+}

sample-spring-boot/src/main/java/com/sap/hcp/cf/logging/sample/springboot/security/Roles.java

@@ -0,0 +1,10 @@
+package com.sap.hcp.cf.logging.sample.springboot.security;
+
+public final class Roles {
+
+	public static final String USER = "USER";
+
+	private Roles() {
+	}
+
+}

sample-spring-boot/src/main/java/com/sap/hcp/cf/logging/sample/springboot/security/SampleAppAuthenticationEntryPoint.java

@@ -0,0 +1,33 @@
+package com.sap.hcp.cf.logging.sample.springboot.security;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
+import org.springframework.stereotype.Component;
+
+/**
+ * Customization for failing authentication.
+ */
+@Component
+public class SampleAppAuthenticationEntryPoint extends BasicAuthenticationEntryPoint {
+
+	private static final String REALM_NAME = "Logging-Sample";
+
+	@Override
+	public void commence(HttpServletRequest request, HttpServletResponse response,
+			AuthenticationException authException) throws IOException {
+		response.addHeader("WWW-Authenticate", "Basic realm=" + getRealmName());
+		response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+		response.getWriter().println("HTTP Status 401 - " + authException.getMessage());
+	}
+
+	@Override
+	public void afterPropertiesSet() {
+		setRealmName(REALM_NAME);
+		super.afterPropertiesSet();
+	}
+}

sample-spring-boot/src/main/java/com/sap/hcp/cf/logging/sample/springboot/security/SampleAppWebSecurityConfigurerAdapter.java

@@ -0,0 +1,43 @@
+package com.sap.hcp.cf.logging.sample.springboot.security;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
+
+import com.sap.hcp.cf.logging.sample.springboot.config.BasicAuthenticationConfiguration;
+
+@Configuration
+@EnableWebSecurity
+public class SampleAppWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
+
+	private final BasicAuthenticationConfiguration config;
+	private final BasicAuthenticationEntryPoint entryPoint;
+	private final BCryptPasswordEncoder passwordEncoder;
+
+	public SampleAppWebSecurityConfigurerAdapter(@Autowired BasicAuthenticationConfiguration config,
+			@Autowired BasicAuthenticationEntryPoint entryPoint, @Autowired BCryptPasswordEncoder passwordEncoder) {
+		this.config = config;
+		this.entryPoint = entryPoint;
+		this.passwordEncoder = passwordEncoder;
+	}
+
+	/**
+	 * Require basic authentication for all endpoints.
+	 */
+	@Override
+	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+		String password = passwordEncoder.encode(config.getPassword());
+		auth.inMemoryAuthentication().withUser(config.getUsername()).password(password).roles(Roles.USER);
+	}
+
+	@Override
+	protected void configure(HttpSecurity http) throws Exception {
+		http.csrf().disable().authorizeRequests().anyRequest().authenticated().and().httpBasic()
+				.authenticationEntryPoint(entryPoint);
+	}
+}

sample-spring-boot/src/main/resources/application.yml

@@ -9,4 +9,8 @@ keystore:
 defaults:
   token:
     expiration: P2D
-    issuer: sample-app-spring-boot
+    issuer: sample-app-spring-boot
+auth:
+  basic:
+    username: user
+    password: secret