BAEL-884 Spring Security in JEE App

jee7/.gitignore

@@ -0,0 +1,5 @@
+
+/classes/
+/.idea/
+/target/
+/jee7.iml

jee7/pom.xml

@@ -6,8 +6,10 @@
 	<groupId>com.baeldung</groupId>
 	<artifactId>jee7</artifactId>
 	<version>1.0-SNAPSHOT</version>
+	<packaging>war</packaging>
 	<description>JavaEE 7 Arquillian Archetype Sample</description>
 
+
 	<parent>
 		<groupId>com.baeldung</groupId>
 		<artifactId>parent-modules</artifactId>
@@ -174,6 +176,7 @@
 				<artifactId>maven-war-plugin</artifactId>
 				<version>${maven-war-plugin.version}</version>
 				<configuration>
+					<warSourceDirectory>webapp</warSourceDirectory>
 					<failOnMissingWebXml>false</failOnMissingWebXml>
 				</configuration>
 			</plugin>

jee7/src/main/webapp/WEB-INF/spring/security.xml

@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<b:beans xmlns="http://www.springframework.org/schema/security"
+         xmlns:b="http://www.springframework.org/schema/beans"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+		 http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
+
+    <authentication-manager>
+        <authentication-provider>
+            <user-service>
+                <user name="user" password="user123" authorities="ROLE_USER" />
+            </user-service>
+        </authentication-provider>
+    </authentication-manager>
+
+    <http auto-config='true' use-expressions="true">
+        <form-login default-target-url="/secure.jsp" />
+        <intercept-url pattern="/" access="isAnonymous()" />
+        <intercept-url pattern="/index.jsp" access="isAnonymous()" />
+        <intercept-url pattern="/secure.jsp" access="hasRole('ROLE_USER')" />
+    </http>
+
+</b:beans>

jee7/src/main/webapp/WEB-INF/web.xml

@@ -32,6 +32,33 @@
   <!-- If you go to http://host/project/ (with no file name), it will
        try index.jsf first, welcome.jsf next, and so forth.
    -->
+
+
+  <!-- UNCOMMENT THE FOLLOWING SECTION FOR SPRING SECURITY XML CONFIGURATION-->
+
+  <!--<context-param>-->
+    <!--<param-name>contextConfigLocation</param-name>-->
+    <!--<param-value>-->
+      <!--/WEB-INF/spring/*.xml-->
+    <!--</param-value>-->
+  <!--</context-param>-->
+
+  <!--<filter>-->
+    <!--<filter-name>springSecurityFilterChain</filter-name>-->
+    <!--<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>-->
+  <!--</filter>-->
+
+  <!--<filter-mapping>-->
+    <!--<filter-name>springSecurityFilterChain</filter-name>-->
+    <!--<url-pattern>/*</url-pattern>-->
+  <!--</filter-mapping>-->
+
+  <!--<listener>-->
+    <!--<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>-->
+  <!--</listener>-->
+
+  <!-- END SPRING SECURITY XML CONFIGURATION-->
+
   <welcome-file-list>
     <welcome-file>index.jsf</welcome-file>
     <welcome-file>welcome.jsf</welcome-file>

jee7/src/main/webapp/index.jsp

@@ -0,0 +1,18 @@
+<%--
+  Created by IntelliJ IDEA.
+  User: smatt
+  Date: 02/08/2017
+  Time: 07:03 AM
+  To change this template use File | Settings | File Templates.
+--%>
+<%@ page contentType="text/html;charset=UTF-8" language="java" %>
+<html>
+  <head>
+    <title>Index Page</title>
+  </head>
+  <body>
+  Non-secured Index Page
+  <br>
+  <a href="/login">Login</a>
+  </body>
+</html>

jee7/src/main/webapp/secure.jsp

@@ -0,0 +1,24 @@
+<%@ page language="java" contentType="text/html; charset=UTF-8"
+         pageEncoding="UTF-8"%>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+<%@ taglib uri="http://www.springframework.org/security/tags" prefix="sec" %>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+    <title>Home Page</title>
+</head>
+<body>
+<h3>Home Page</h3>
+
+<p>
+    Hello <b><c:out value="${pageContext.request.remoteUser}"/></b><br>
+    Roles: <b><sec:authentication property="principal.authorities" /></b>
+</p>
+
+<form action="logout" method="post">
+    <input type="submit" value="Logout" />
+    <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
+</form>
+</body>
+</html>