mirror of
https://github.com/spring-projects/spring-petclinic.git
synced 2025-07-22 07:15:49 +00:00
add security in WebSocketConfig
This commit is contained in:
PEDSF
parent
f40046fe06
commit
d6ddf2c216
8 changed files with 87 additions and 25 deletions
11
pom.xml
11
pom.xml
|
|
@ -73,10 +73,21 @@
|
|||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-thymeleaf</artifactId>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.springframework</groupId>
|
||||
<artifactId>spring-messaging</artifactId>
|
||||
</dependency>
|
||||
|
||||
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-websocket</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-messaging</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-test</artifactId>
|
||||
|
|
|
|||
|
|
@ -60,7 +60,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
http.authorizeRequests()
|
||||
.antMatchers("/").permitAll()
|
||||
.antMatchers("/login", "/logout", "/register","/confirm-account").permitAll()
|
||||
.antMatchers("/websocket/**", "/topic/**", "/app/**").permitAll()
|
||||
.antMatchers("/websocket/**", "/topic/**","/topic/public", "/app/**").permitAll()
|
||||
.antMatchers("/resources/**").permitAll()
|
||||
.antMatchers("/h2-console/**").permitAll()
|
||||
.antMatchers("/**").authenticated()
|
||||
|
|
|
|||
|
|
@ -3,9 +3,10 @@ package org.springframework.samples.petclinic.configuration;
|
|||
import org.springframework.context.annotation.Configuration;
|
||||
|
||||
import org.springframework.messaging.simp.config.MessageBrokerRegistry;
|
||||
import org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry;
|
||||
import org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer;
|
||||
import org.springframework.web.socket.config.annotation.EnableWebSocketMessageBroker;
|
||||
import org.springframework.web.socket.config.annotation.StompEndpointRegistry;
|
||||
import org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer;
|
||||
|
||||
/**
|
||||
* Configuration class to enable WebSocket and STOMP messaging.
|
||||
|
|
@ -14,8 +15,9 @@ import org.springframework.web.socket.config.annotation.WebSocketMessageBrokerCo
|
|||
*/
|
||||
@Configuration
|
||||
@EnableWebSocketMessageBroker
|
||||
public class WebSocketConfig implements WebSocketMessageBrokerConfigurer {
|
||||
public class WebSocketConfig extends AbstractSecurityWebSocketMessageBrokerConfigurer {
|
||||
|
||||
/*
|
||||
@Override
|
||||
public void registerStompEndpoints(StompEndpointRegistry stompEndpointRegistry) {
|
||||
stompEndpointRegistry.addEndpoint("/websocket").withSockJS();
|
||||
|
|
@ -27,4 +29,31 @@ public class WebSocketConfig implements WebSocketMessageBrokerConfigurer {
|
|||
registry.setApplicationDestinationPrefixes("/app");
|
||||
}
|
||||
|
||||
*/
|
||||
@Override
|
||||
public void configureMessageBroker(MessageBrokerRegistry config) {
|
||||
config.enableSimpleBroker("/topic");
|
||||
config.setApplicationDestinationPrefixes("/app");
|
||||
}
|
||||
|
||||
@Override
|
||||
public void registerStompEndpoints(StompEndpointRegistry registry) {
|
||||
registry.addEndpoint("/websocket")
|
||||
.setAllowedOrigins("*")
|
||||
.withSockJS();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configureInbound(MessageSecurityMetadataSourceRegistry message) {
|
||||
message
|
||||
.nullDestMatcher().permitAll()
|
||||
.simpDestMatchers("/app/**").permitAll()
|
||||
.simpSubscribeDestMatchers("/topic/**").permitAll()
|
||||
.anyMessage().denyAll();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected boolean sameOriginDisabled() {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -27,10 +27,15 @@ public interface UserRepository extends Repository<User, Integer> {
|
|||
|
||||
/**
|
||||
* Save an {@link User} to the data store, either inserting or updating it.
|
||||
* @param user the {@link User} to save
|
||||
* @param user the {@link User} to delete
|
||||
* @return the deleted {@link User}
|
||||
*/
|
||||
User save(User user);
|
||||
|
||||
void deleteById(Integer id);
|
||||
|
||||
/**
|
||||
* Delete an {@link User} to the data store.
|
||||
* @param user the {@link User} to delete
|
||||
* @return the deleted {@link User}
|
||||
*/
|
||||
User delete(User user);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -67,6 +67,7 @@ INSERT INTO users_roles (user_id, role_id) VALUES
|
|||
(1,1),(1,2),(1,3),
|
||||
(2,3),(3,3);
|
||||
|
||||
|
||||
INSERT INTO auth_providers (id, name) VALUES
|
||||
(1,'local'),
|
||||
(2,'google'),
|
||||
|
|
|
|||
|
|
@ -1,17 +1,7 @@
|
|||
DROP TABLE vet_specialties IF EXISTS;
|
||||
DROP TABLE vets IF EXISTS;
|
||||
DROP TABLE specialties IF EXISTS;
|
||||
DROP TABLE visits IF EXISTS;
|
||||
DROP TABLE pets IF EXISTS;
|
||||
DROP TABLE types IF EXISTS;
|
||||
DROP TABLE owners IF EXISTS;
|
||||
DROP TABLE roles IF EXISTS;
|
||||
DROP TABLE users IF EXISTS;
|
||||
DROP TABLE users_email IF EXISTS;
|
||||
DROP TABLE users_roles IF EXISTS;
|
||||
DROP TABLE auth_providers IF EXISTS;
|
||||
DROP TABLE credentials IF EXISTS;
|
||||
|
||||
|
||||
|
||||
DROP TABLE vets IF EXISTS;
|
||||
CREATE TABLE vets (
|
||||
id INTEGER IDENTITY PRIMARY KEY,
|
||||
first_name VARCHAR(30),
|
||||
|
|
@ -19,12 +9,14 @@ CREATE TABLE vets (
|
|||
);
|
||||
CREATE INDEX vets_last_name ON vets (last_name);
|
||||
|
||||
DROP TABLE specialties IF EXISTS;
|
||||
CREATE TABLE specialties (
|
||||
id INTEGER IDENTITY PRIMARY KEY,
|
||||
name VARCHAR(80)
|
||||
);
|
||||
CREATE INDEX specialties_name ON specialties (name);
|
||||
|
||||
DROP TABLE vet_specialties IF EXISTS;
|
||||
CREATE TABLE vet_specialties (
|
||||
vet_id INTEGER NOT NULL,
|
||||
specialty_id INTEGER NOT NULL
|
||||
|
|
@ -32,12 +24,14 @@ CREATE TABLE vet_specialties (
|
|||
ALTER TABLE vet_specialties ADD CONSTRAINT fk_vet_specialties_vets FOREIGN KEY (vet_id) REFERENCES vets (id);
|
||||
ALTER TABLE vet_specialties ADD CONSTRAINT fk_vet_specialties_specialties FOREIGN KEY (specialty_id) REFERENCES specialties (id);
|
||||
|
||||
DROP TABLE types IF EXISTS;
|
||||
CREATE TABLE types (
|
||||
id INTEGER IDENTITY PRIMARY KEY,
|
||||
name VARCHAR(80)
|
||||
);
|
||||
CREATE INDEX types_name ON types (name);
|
||||
|
||||
DROP TABLE owners IF EXISTS;
|
||||
CREATE TABLE owners (
|
||||
id INTEGER IDENTITY PRIMARY KEY,
|
||||
first_name VARCHAR(30),
|
||||
|
|
@ -48,6 +42,7 @@ CREATE TABLE owners (
|
|||
);
|
||||
CREATE INDEX owners_last_name ON owners (last_name);
|
||||
|
||||
DROP TABLE pets IF EXISTS;
|
||||
CREATE TABLE pets (
|
||||
id INTEGER IDENTITY PRIMARY KEY,
|
||||
name VARCHAR(30),
|
||||
|
|
@ -59,6 +54,7 @@ ALTER TABLE pets ADD CONSTRAINT fk_pets_owners FOREIGN KEY (owner_id) REFERENCES
|
|||
ALTER TABLE pets ADD CONSTRAINT fk_pets_types FOREIGN KEY (type_id) REFERENCES types (id);
|
||||
CREATE INDEX pets_name ON pets (name);
|
||||
|
||||
DROP TABLE visits IF EXISTS;
|
||||
CREATE TABLE visits (
|
||||
id INTEGER IDENTITY PRIMARY KEY,
|
||||
pet_id INTEGER NOT NULL,
|
||||
|
|
@ -68,12 +64,15 @@ CREATE TABLE visits (
|
|||
ALTER TABLE visits ADD CONSTRAINT fk_visits_pets FOREIGN KEY (pet_id) REFERENCES pets (id);
|
||||
CREATE INDEX visits_pet_id ON visits (pet_id);
|
||||
|
||||
DROP TABLE roles IF EXISTS;
|
||||
CREATE TABLE roles (
|
||||
id INTEGER IDENTITY PRIMARY KEY,
|
||||
name VARCHAR(20) NOT NULL
|
||||
);
|
||||
CREATE INDEX roles_name ON roles (name);
|
||||
|
||||
|
||||
DROP TABLE users IF EXISTS;
|
||||
CREATE TABLE users (
|
||||
id INTEGER IDENTITY PRIMARY KEY,
|
||||
first_name VARCHAR(30) NOT NULL,
|
||||
|
|
@ -94,7 +93,8 @@ CREATE TABLE users (
|
|||
);
|
||||
CREATE INDEX users_email ON users (email);
|
||||
|
||||
CREATE TABLE public.users_roles (
|
||||
DROP TABLE users_roles IF EXISTS;
|
||||
CREATE TABLE users_roles (
|
||||
user_id INTEGER NOT NULL,
|
||||
role_id INTEGER NOT NULL
|
||||
);
|
||||
|
|
@ -102,12 +102,14 @@ ALTER TABLE users_roles ADD CONSTRAINT fk_users_roles_user_id FOREIGN KEY (user_
|
|||
ALTER TABLE users_roles ADD CONSTRAINT fk_users_roles_role_id FOREIGN KEY (role_id) REFERENCES roles (id);
|
||||
CREATE INDEX users_roles_user_id ON users_roles (user_id);
|
||||
|
||||
DROP TABLE auth_providers IF EXISTS;
|
||||
CREATE TABLE auth_providers (
|
||||
id INTEGER IDENTITY PRIMARY KEY,
|
||||
name VARCHAR(20) NOT NULL
|
||||
);
|
||||
CREATE INDEX auth_providers_name ON auth_providers (name);
|
||||
|
||||
DROP TABLE credentials IF EXISTS;
|
||||
CREATE TABLE credentials (
|
||||
id INTEGER IDENTITY PRIMARY KEY,
|
||||
provider_id INTEGER NOT NULL,
|
||||
|
|
|
|||
|
|
@ -31,6 +31,11 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
|
|||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
|
||||
|
||||
/**
|
||||
* Test class for the {@link OwnerController}
|
||||
*
|
||||
* @author Paul-Emmanuel DOS SANTOS FACAO
|
||||
*/
|
||||
@Slf4j
|
||||
@SpringBootTest
|
||||
@AutoConfigureMockMvc
|
||||
|
|
@ -96,7 +101,7 @@ class OwnerControllerIntegrationTest {
|
|||
int ownerId = Integer.parseInt(Objects.requireNonNull(path).split("/")[2]);
|
||||
OwnerDTO found = ownerService.findById(ownerId);
|
||||
|
||||
assertThat(found).isEqualToIgnoringGivenFields(george, "id");
|
||||
assertThat(found).isEqualToIgnoringGivenFields(george, CommonAttribute.ID);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
|
|||
|
|
@ -16,10 +16,14 @@
|
|||
|
||||
package org.springframework.samples.petclinic.system;
|
||||
|
||||
import org.junit.jupiter.api.Disabled;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
|
||||
import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
|
||||
import org.springframework.boot.test.context.SpringBootTest;
|
||||
import org.springframework.boot.test.mock.mockito.MockBean;
|
||||
import org.springframework.samples.petclinic.controller.WebSecurityConfig;
|
||||
import org.springframework.samples.petclinic.service.common.UserDetailsServiceImpl;
|
||||
import org.springframework.security.test.context.support.WithMockUser;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
|
||||
|
|
@ -32,16 +36,21 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
|
|||
* Test class for {@link CrashController}
|
||||
*
|
||||
* @author Colin But
|
||||
* @author Paul-Emmanuel DOS SANTOS FACAO
|
||||
*/
|
||||
// Waiting https://github.com/spring-projects/spring-boot/issues/5574
|
||||
@Disabled
|
||||
@WebMvcTest(controllers = CrashController.class)
|
||||
@SpringBootTest
|
||||
@AutoConfigureMockMvc
|
||||
class CrashControllerTest {
|
||||
|
||||
@Autowired
|
||||
private MockMvc mockMvc;
|
||||
|
||||
@MockBean
|
||||
private UserDetailsServiceImpl userDetailsService;
|
||||
|
||||
@Test
|
||||
@WithMockUser(value = WebSecurityConfig.TEST_USER)
|
||||
void testTriggerException() throws Exception {
|
||||
mockMvc.perform(get("/oups")).andExpect(view().name("exception"))
|
||||
.andExpect(model().attributeExists("exception")).andExpect(forwardedUrl("exception"))
|
||||
|
|
|
|||
Loading…
Reference in a new issue