8_12_add_rest_security

JavaOPs · JavaOPs · commit d5ba71d46ce0 · 2026-04-02T00:21:24.000+03:00
diff --git a/config/curl.md b/config/curl.md
@@ -2,28 +2,28 @@
 > For windows use `Git Bash`
 
 #### get All Users
-`curl -s http://localhost:8080/topjava/rest/admin/users`
+`curl -s http://localhost:8080/topjava/rest/admin/users --user admin@gmail.com:admin`
 
 #### get Users 100001
-`curl -s http://localhost:8080/topjava/rest/admin/users/100001`
+`curl -s http://localhost:8080/topjava/rest/admin/users/100001 --user admin@gmail.com:admin`
 
 #### get All Meals
-`curl -s http://localhost:8080/topjava/rest/profile/meals`
+`curl -s http://localhost:8080/topjava/rest/profile/meals --user user@yandex.ru:password`
 
 #### get Meals 100003
-`curl -s http://localhost:8080/topjava/rest/profile/meals/100003`
+`curl -s http://localhost:8080/topjava/rest/profile/meals/100003  --user user@yandex.ru:password`
 
 #### filter Meals
-`curl -s "http://localhost:8080/topjava/rest/profile/meals/filter?startDate=2020-01-30&startTime=07:00:00&endDate=2020-01-31&endTime=11:00:00"`
+`curl -s "http://localhost:8080/topjava/rest/profile/meals/filter?startDate=2020-01-30&startTime=07:00:00&endDate=2020-01-31&endTime=11:00:00" --user user@yandex.ru:password`
 
 #### get Meals not found
-`curl -s -v http://localhost:8080/topjava/rest/profile/meals/100008`
+`curl -s -v http://localhost:8080/topjava/rest/profile/meals/100008 --user user@yandex.ru:password`
 
 #### delete Meals
-`curl -s -X DELETE http://localhost:8080/topjava/rest/profile/meals/100002`
+`curl -s -X DELETE http://localhost:8080/topjava/rest/profile/meals/100002 --user user@yandex.ru:password`
 
 #### create Meals
-`curl -s -X POST -d '{"dateTime":"2020-02-01T12:00","description":"Created lunch","calories":300}' -H 'Content-Type:application/json;charset=UTF-8' http://localhost:8080/topjava/rest/profile/meals`
+`curl -s -X POST -d '{"dateTime":"2020-02-01T12:00","description":"Created lunch","calories":300}' -H 'Content-Type:application/json;charset=UTF-8' http://localhost:8080/topjava/rest/profile/meals --user user@yandex.ru:password`
 
 #### update Meals
-`curl -s -X PUT -d '{"dateTime":"2020-01-30T07:00", "description":"Updated breakfast", "calories":200}' -H 'Content-Type: application/json' http://localhost:8080/topjava/rest/profile/meals/100003`
+`curl -s -X PUT -d '{"dateTime":"2020-01-30T07:00", "description":"Updated breakfast", "calories":200}' -H 'Content-Type: application/json' http://localhost:8080/topjava/rest/profile/meals/100003 --user user@yandex.ru:password`
diff --git a/pom.xml b/pom.xml
@@ -16,6 +16,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <spring.version>5.3.39</spring.version>
+        <spring.security.version>5.8.16</spring.security.version>
         <spring-data-jpa.version>2.7.18</spring-data-jpa.version>
         <jackson.version>2.21.2</jackson.version>
         <tomcat.version>9.0.113</tomcat.version>
@@ -159,6 +160,18 @@
             <version>${spring-data-jpa.version}</version>
         </dependency>
 
+        <!--security-->
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-web</artifactId>
+            <version>${spring.security.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-config</artifactId>
+            <version>${spring.security.version}</version>
+        </dependency>
+
         <!--- ORM -->
         <dependency>
             <groupId>org.hibernate</groupId>
diff --git a/src/main/resources/logback.xml b/src/main/resources/logback.xml
@@ -23,6 +23,7 @@
     <logger name="ru.javawebinar.topjava" level="debug"/>
     <!--<logger name="org.springframework.web.servlet" level="debug"/>-->
     <logger name="org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver" level="debug"/>
+    <logger name="org.springframework.security" level="debug"/>
 
     <root level="info">
         <appender-ref ref="file"/>
diff --git a/src/main/resources/spring/spring-app.xml b/src/main/resources/spring/spring-app.xml
@@ -10,6 +10,7 @@
     </bean>
 -->
     <import resource="spring-cache.xml"/>
+    <import resource="spring-security.xml"/>
 
     <context:component-scan base-package="ru.javawebinar.**.service"/>
 </beans>
diff --git a/src/main/resources/spring/spring-security.xml b/src/main/resources/spring/spring-security.xml
@@ -0,0 +1,28 @@
+<beans:beans xmlns="http://www.springframework.org/schema/security"
+             xmlns:beans="http://www.springframework.org/schema/beans"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+	http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
+
+    <http pattern="/resources/**" security="none"/>
+    <http pattern="/webjars/**" security="none"/>
+
+    <http pattern="/rest/**" use-expressions="true" name="restSecurityFilterChain" create-session="stateless">
+        <http-basic/>
+        <intercept-url pattern="/rest/admin/**" access="hasRole('ADMIN')"/>
+        <intercept-url pattern="/**" access="isAuthenticated()"/>
+        <csrf disabled="true"/>
+    </http>
+
+    <beans:bean name="noopEncoder" class="org.springframework.security.crypto.password.NoOpPasswordEncoder"/>
+
+    <authentication-manager>
+        <authentication-provider>
+            <password-encoder ref="noopEncoder"/>
+            <user-service>
+                <user name="user@yandex.ru" password="password" authorities="ROLE_USER"/>
+                <user name="admin@gmail.com" password="admin" authorities="ROLE_ADMIN"/>
+            </user-service>
+        </authentication-provider>
+    </authentication-manager>
+</beans:beans>
diff --git a/src/main/webapp/WEB-INF/web.xml b/src/main/webapp/WEB-INF/web.xml
@@ -37,6 +37,16 @@
         <url-pattern>/</url-pattern>
     </servlet-mapping>
 
+    <!-- Spring Security -->
+    <filter>
+        <filter-name>springSecurityFilterChain</filter-name>
+        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+    </filter>
+    <filter-mapping>
+        <filter-name>springSecurityFilterChain</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
+
     <filter>
         <filter-name>encodingFilter</filter-name>
         <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
