Created
March 11, 2018 11:47
-
-
Save darbyluv2code/4c1f3fd51bb0974493bf124854e1e801 to your computer and use it in GitHub Desktop.
CRM App Security: Any one can view list, but for add/update/delete they are prompted to login
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package com.luv2code.springdemo.config; | |
| import javax.sql.DataSource; | |
| import org.springframework.beans.factory.annotation.Autowired; | |
| import org.springframework.context.annotation.Bean; | |
| import org.springframework.context.annotation.Configuration; | |
| import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; | |
| import org.springframework.security.config.annotation.web.builders.HttpSecurity; | |
| import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; | |
| import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; | |
| import org.springframework.security.provisioning.JdbcUserDetailsManager; | |
| import org.springframework.security.provisioning.UserDetailsManager; | |
| @Configuration | |
| @EnableWebSecurity | |
| public class DemoSecurityConfig extends WebSecurityConfigurerAdapter { | |
| // add a reference to our security data source | |
| @Autowired | |
| private DataSource securityDataSource; | |
| @Override | |
| protected void configure(AuthenticationManagerBuilder auth) throws Exception { | |
| // use jdbc authentication ... oh yeah!!! | |
| auth.jdbcAuthentication().dataSource(securityDataSource); | |
| } | |
| @Override | |
| protected void configure(HttpSecurity http) throws Exception { | |
| http.authorizeRequests() | |
| .antMatchers("/customer/showForm*").hasAnyRole("MANAGER", "ADMIN") | |
| .antMatchers("/customer/save*").hasAnyRole("MANAGER", "ADMIN") | |
| .antMatchers("/customer/delete").hasRole("ADMIN") | |
| // .antMatchers("/customer/**").hasRole("EMPLOYEE") | |
| .antMatchers("/customer/list").permitAll() | |
| .antMatchers("/resources/**").permitAll() | |
| .and() | |
| .formLogin() | |
| .loginPage("/showMyLoginPage") | |
| .loginProcessingUrl("/authenticateTheUser") | |
| .permitAll() | |
| .and() | |
| .logout().permitAll() | |
| .and() | |
| .exceptionHandling().accessDeniedPage("/access-denied"); | |
| } | |
| @Bean | |
| public UserDetailsManager userDetailsManager() { | |
| JdbcUserDetailsManager jdbcUserDetailsManager = new JdbcUserDetailsManager(); | |
| jdbcUserDetailsManager.setDataSource(securityDataSource); | |
| return jdbcUserDetailsManager; | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> | |
| <%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %> | |
| <%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %> | |
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <title>List Customers</title> | |
| <!-- reference our style sheet --> | |
| <link type="text/css" | |
| rel="stylesheet" | |
| href="${pageContext.request.contextPath}/resources/css/style.css" /> | |
| </head> | |
| <body> | |
| <div id="wrapper"> | |
| <div id="header"> | |
| <h2>CRM - Customer Relationship Manager</h2> | |
| </div> | |
| </div> | |
| <div id="container"> | |
| <div id="content"> | |
| <security:authorize access="isAuthenticated()"> | |
| <!-- if user is authenticated--> | |
| <p> | |
| User: <security:authentication property="principal.username" />, Role(s): <security:authentication property="principal.authorities" /> | |
| </p> | |
| </security:authorize> | |
| <!-- put new button: Add Customer --> | |
| <input type="button" value="Add Customer" | |
| onclick="window.location.href='showFormForAdd'; return false;" | |
| class="add-button" | |
| /> | |
| <!-- add our html table here --> | |
| <table> | |
| <tr> | |
| <th>First Name</th> | |
| <th>Last Name</th> | |
| <th>Email</th> | |
| <th>Action</th> | |
| </tr> | |
| <!-- loop over and print our customers --> | |
| <c:forEach var="tempCustomer" items="${customers}"> | |
| <!-- construct an "update" link with customer id --> | |
| <c:url var="updateLink" value="/customer/showFormForUpdate"> | |
| <c:param name="customerId" value="${tempCustomer.id}" /> | |
| </c:url> | |
| <!-- construct an "delete" link with customer id --> | |
| <c:url var="deleteLink" value="/customer/delete"> | |
| <c:param name="customerId" value="${tempCustomer.id}" /> | |
| </c:url> | |
| <tr> | |
| <td> ${tempCustomer.firstName} </td> | |
| <td> ${tempCustomer.lastName} </td> | |
| <td> ${tempCustomer.email} </td> | |
| <td> | |
| <!-- display the update link --> | |
| <a href="${updateLink}">Update</a> | |
| <a href="${deleteLink}" | |
| onclick="if (!(confirm('Are you sure you want to delete this customer?'))) return false">Delete</a> | |
| </td> | |
| </tr> | |
| </c:forEach> | |
| </table> | |
| </div> | |
| </div> | |
| <p></p> | |
| <!-- Add a logout button --> | |
| <form:form action="${pageContext.request.contextPath}/logout" | |
| method="POST"> | |
| <input type="submit" value="Logout" class="add-button" /> | |
| </form:form> | |
| </body> | |
| </html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment