Turned application into a Spring Boot application

Author: dschadow

session-handling-spring-security/pom.xml

@@ -9,73 +9,78 @@
     </parent>
     <modelVersion>4.0.0</modelVersion>
     <artifactId>session-handling-spring-security</artifactId>
-    <packaging>war</packaging>
+    <packaging>jar</packaging>
     <name>Session Handling - Spring Security</name>
 
-    <description>Session Handling with Spring Security sample project. Requires a server like Apache Tomcat 8 (with
-        Servlet 3.1 support) or the Maven Jetty plugin. Two users with two different roles exist: user/user and
-        admin/admin. After launching, open the web application in your browser at
-        http://localhost:8080/session-handling-spring-security
+    <description>Session Handling with Spring Security sample project. Start via the main method in the Application
+        class. After launching, open the web application in your browser at http://localhost:8080.
     </description>
 
+    <properties>
+        <start-class>de.dominikschadow.javasecurity.Application</start-class>
+    </properties>
+
     <dependencies>
         <dependency>
-            <groupId>javax.servlet</groupId>
-            <artifactId>javax.servlet-api</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>com.sun.faces</groupId>
-            <artifactId>jsf-api</artifactId>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-thymeleaf</artifactId>
         </dependency>
         <dependency>
-            <groupId>com.sun.faces</groupId>
-            <artifactId>jsf-impl</artifactId>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
         </dependency>
         <dependency>
-            <groupId>org.springframework.security</groupId>
-            <artifactId>spring-security-web</artifactId>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-data-jpa</artifactId>
         </dependency>
         <dependency>
-            <groupId>org.springframework.security</groupId>
-            <artifactId>spring-security-config</artifactId>
+            <groupId>org.webjars</groupId>
+            <artifactId>bootstrap</artifactId>
         </dependency>
         <dependency>
-            <groupId>org.springframework</groupId>
-            <artifactId>spring-jdbc</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>commons-dbcp</groupId>
-            <artifactId>commons-dbcp</artifactId>
+            <groupId>org.webjars</groupId>
+            <artifactId>webjars-locator</artifactId>
         </dependency>
         <dependency>
             <groupId>com.h2database</groupId>
             <artifactId>h2</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.slf4j</groupId>
-            <artifactId>slf4j-api</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.slf4j</groupId>
-            <artifactId>slf4j-log4j12</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>commons-logging</groupId>
-            <artifactId>commons-logging</artifactId>
+            <scope>runtime</scope>
         </dependency>
     </dependencies>
 
     <build>
         <finalName>${project.artifactId}</finalName>
-        <defaultGoal>jetty:run-war</defaultGoal>
+        <defaultGoal>spring-boot:run</defaultGoal>
         <plugins>
             <plugin>
-                <groupId>org.eclipse.jetty</groupId>
-                <artifactId>jetty-maven-plugin</artifactId>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>build-info</goal>
+                        </goals>
+                        <configuration>
+                            <additionalProperties>
+                                <versions.spring-boot>${project.parent.parent.version}</versions.spring-boot>
+                            </additionalProperties>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>com.spotify</groupId>
+                <artifactId>docker-maven-plugin</artifactId>
                 <configuration>
-                    <webApp>
-                        <contextPath>/session-handling-spring-security</contextPath>
-                    </webApp>
+                    <imageName>${docker.image.prefix}/${project.artifactId}</imageName>
+                    <dockerDirectory>src/main/docker</dockerDirectory>
+                    <resources>
+                        <resource>
+                            <targetPath>/</targetPath>
+                            <directory>${project.build.directory}</directory>
+                            <include>${project.build.finalName}.jar</include>
+                        </resource>
+                    </resources>
                 </configuration>
             </plugin>
         </plugins>

session-handling-spring-security/src/main/docker/Dockerfile

@@ -0,0 +1,10 @@
+FROM openjdk:8-jre-alpine
+MAINTAINER Dominik Schadow <dominikschadow@gmail.com>
+
+VOLUME /tmp
+
+ADD session-handling-spring-security.jar app.jar
+
+RUN sh -c 'touch /app.jar'
+
+ENTRYPOINT ["java", "-Djava.security.egd=file:/dev/./urandom", "-jar", "app.jar"]

…g/SecurityWebApplicationInitializer.java …nikschadow/javasecurity/Application.javasession-handling-spring-security/src/main/java/de/dominikschadow/javasecurity/sessionhandling/spring/SecurityWebApplicationInitializer.java renamed to session-handling-spring-security/src/main/java/de/dominikschadow/javasecurity/Application.java session-handling-spring-security/src/main/java/de/dominikschadow/javasecurity/sessionhandling/spring/SecurityWebApplicationInitializer.java renamed to session-handling-spring-security/src/main/java/de/dominikschadow/javasecurity/Application.java

@@ -15,17 +15,19 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package de.dominikschadow.javasecurity.sessionhandling.spring;
+package de.dominikschadow.javasecurity;
 
-import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
 
 /**
- * Activates the Spring Security configuration.
+ * Starter class for the Spring Boot application.
  *
  * @author Dominik Schadow
  */
-public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {
-    public SecurityWebApplicationInitializer() {
-        super(SecurityConfig.class);
+@SpringBootApplication
+public class Application {
+    public static void main(String[] args) {
+        SpringApplication.run(Application.class, args);
     }
 }

…ssionhandling/spring/SecurityConfig.java …onhandling/config/WebSecurityConfig.javasession-handling-spring-security/src/main/java/de/dominikschadow/javasecurity/sessionhandling/spring/SecurityConfig.java renamed to session-handling-spring-security/src/main/java/de/dominikschadow/javasecurity/sessionhandling/config/WebSecurityConfig.java session-handling-spring-security/src/main/java/de/dominikschadow/javasecurity/sessionhandling/spring/SecurityConfig.java renamed to session-handling-spring-security/src/main/java/de/dominikschadow/javasecurity/sessionhandling/config/WebSecurityConfig.java

@@ -15,13 +15,10 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package de.dominikschadow.javasecurity.sessionhandling.spring;
+package de.dominikschadow.javasecurity.sessionhandling.config;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.ComponentScan;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.jdbc.datasource.embedded.EmbeddedDatabaseBuilder;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -32,20 +29,19 @@
 
 import javax.sql.DataSource;
 
-import static org.springframework.jdbc.datasource.embedded.EmbeddedDatabaseType.H2;
-
 /**
  * Spring Security configuration for the session handling sample project.
  *
  * @author Dominik Schadow
  */
-@Configuration
 @EnableWebSecurity
 @EnableGlobalMethodSecurity(prePostEnabled = true)
-@ComponentScan("de.dominikschadow.javasecurity.sessionhandling.greetings")
-public class SecurityConfig extends WebSecurityConfigurerAdapter {
+public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+    @Autowired
+    private DataSource dataSource;
+
     @Autowired
-    public void configAuthentication(AuthenticationManagerBuilder auth, DataSource dataSource) throws Exception {
+    public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
         auth.jdbcAuthentication().dataSource(dataSource)
                 .passwordEncoder(passwordEncoder())
                 .usersByUsernameQuery("select username, password, active from users where username = ?")
@@ -57,15 +53,15 @@ protected void configure(HttpSecurity http) throws Exception {
         // @formatter:off
         http
             .authorizeRequests()
-                .antMatchers("/*", "/javax.faces.resource/**").permitAll()
+                .antMatchers("/*").permitAll()
                 .antMatchers("/user/**").hasAnyRole("USER", "ADMIN")
                 .antMatchers("/admin/**").hasRole("ADMIN")
             .and()
                 .formLogin()
             .and()
                 .logout()
-                .logoutUrl("/logout")
-                .logoutSuccessUrl("/logout.xhtml");
+                .logoutSuccessUrl("/")
+                .permitAll();
         // @formatter:on
     }
 
@@ -79,9 +75,4 @@ protected void configure(HttpSecurity http) throws Exception {
     public PasswordEncoder passwordEncoder() {
         return new BCryptPasswordEncoder(10);
     }
-
-    @Bean
-    public DataSource dataSource() {
-        return new EmbeddedDatabaseBuilder().setType(H2).addScript("schema.sql").addScripts("data.sql").build();
-    }
 }

…/sessionhandling/users/GreetingBean.java …dling/controller/GreetingController.javasession-handling-spring-security/src/main/java/de/dominikschadow/javasecurity/sessionhandling/users/GreetingBean.java renamed to session-handling-spring-security/src/main/java/de/dominikschadow/javasecurity/sessionhandling/controller/GreetingController.java session-handling-spring-security/src/main/java/de/dominikschadow/javasecurity/sessionhandling/users/GreetingBean.java renamed to session-handling-spring-security/src/main/java/de/dominikschadow/javasecurity/sessionhandling/controller/GreetingController.java

@@ -15,34 +15,37 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package de.dominikschadow.javasecurity.sessionhandling.users;
+package de.dominikschadow.javasecurity.sessionhandling.controller;
 
 import de.dominikschadow.javasecurity.sessionhandling.greetings.GreetingService;
-
-import javax.faces.bean.ManagedBean;
-import javax.faces.bean.ManagedProperty;
-import javax.faces.bean.RequestScoped;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.GetMapping;
 
 /**
- * Greeting ManagedBean which integrates a Spring Bean to return the user/ admin greeting to the calling JSF page.
+ * Greeting controller to return the user/ admin greeting to the caller.
  *
  * @author Dominik Schadow
  */
-@ManagedBean
-@RequestScoped
-public class GreetingBean {
-    @ManagedProperty(value = "#{greetingServiceImpl}")
+@Controller
+public class GreetingController {
     private GreetingService greetingService;
 
-    public String greetUser() {
-        return greetingService.greetUser();
+    public GreetingController(GreetingService greetingService) {
+        this.greetingService = greetingService;
     }
 
-    public String greetAdmin() {
-        return greetingService.greetAdmin();
+    @GetMapping("user/user")
+    public String greetUser(Model model) {
+        model.addAttribute("greeting", greetingService.greetUser());
+
+        return "user/user";
     }
 
-    public void setGreetingService(GreetingService greetingService) {
-        this.greetingService = greetingService;
+    @GetMapping("admin/admin")
+    public String greetAdmin(Model model) {
+        model.addAttribute("greeting", greetingService.greetAdmin());
+
+        return "admin/admin";
     }
 }

…rity/sessionhandling/users/UserBean.java …handling/controller/IndexController.javasession-handling-spring-security/src/main/java/de/dominikschadow/javasecurity/sessionhandling/users/UserBean.java renamed to session-handling-spring-security/src/main/java/de/dominikschadow/javasecurity/sessionhandling/controller/IndexController.java session-handling-spring-security/src/main/java/de/dominikschadow/javasecurity/sessionhandling/users/UserBean.java renamed to session-handling-spring-security/src/main/java/de/dominikschadow/javasecurity/sessionhandling/controller/IndexController.java

@@ -2,35 +2,35 @@
  * Copyright (C) 2017 Dominik Schadow, dominikschadow@gmail.com
  *
  * This file is part of the Java Security project.
- *
+ * 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
- *
+ * 
  *  http://www.apache.org/licenses/LICENSE-2.0
- *
+ * 
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package de.dominikschadow.javasecurity.sessionhandling.users;
-
-import org.springframework.web.context.request.RequestContextHolder;
+package de.dominikschadow.javasecurity.sessionhandling.controller;
 
-import javax.faces.bean.ManagedBean;
-import javax.faces.bean.RequestScoped;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
 
 /**
- * Simple ManagedBean to log out the current user and to return the current session id.
+ * Index controller for all home page related operations.
  *
  * @author Dominik Schadow
  */
-@ManagedBean(name = "userBean")
-@RequestScoped
-public class UserBean {
-    public String getSessionId() {
-        return RequestContextHolder.currentRequestAttributes().getSessionId();
+@Controller
+@RequestMapping("/")
+public class IndexController {
+    @GetMapping
+    public String index() {
+        return "index";
     }
 }

session-handling-spring-security/src/main/resources/log4j.xml

@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<html lang="en" xmlns:th="http://www.thymeleaf.org">
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
+    <base href="/"/>
+    <meta name="viewport" content="width=device-width, initial-scale=1"/>
+    <link rel="stylesheet" type="text/css" href="/webjars/bootstrap/css/bootstrap.min.css"/>
+    <title>Session Handling - Spring Security</title>
+</head>
+<body>
+<div class="container" id="main">
+    <div class="row" id="welcome">
+        <div class="col-12">
+            <h1>User Profile
+                <small th:text="${greeting}"></small>
+            </h1>
+
+            <p>Your current session is <strong th:text="${#httpServletRequest.session.id}"></strong>.</p>
+        </div>
+    </div>
+
+    <div class="row" id="links">
+        <div class="col-12">
+            <a th:href="@{user/user}">User</a> | Admin
+        </div>
+    </div>
+
+    <div class="row" id="logout" th:if="${#httpServletRequest.remoteUser}">
+        <div class="col-12">
+            <form th:action="@{/logout}" method="post">
+                <button type="submit" class="btn btn-default btn-sm">
+                    <span class="glyphicon glyphicon-off"></span> Log out
+                </button>
+            </form>
+        </div>
+    </div>
+</div>
+</body>
+</html>