Welcome to the cifojava2022-5 wiki!

• Base project:
  • Library5 base
  • POM
    • ThymeLeaf dependency
  • DataBase H2: Library2
    • First-time CREATE DDL : First-time CREATE DDL option (after that UPDATE) in application.properties
    • Application.properties

• Spring official documentation:

  • Project security: Securing a Web Application
  • Architecture (advanced): Spring Security Architecture

• POM dependency

     <dependency>
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-security</artifactId>
     </dependency>
     <dependency>
       <groupId>org.springframework.security</groupId>
       <artifactId>spring-security-test</artifactId>
       <scope>test</scope>
    </dependency>  
  

• Datasource H2 in memory: spring.datasource.url=jdbc:h2:mem:testdb

• Let's encrypt password: bcrypt

  • Passswords: 1234 but biaggio/hello_biaggio

  • Data.sql in resources

         INSERT INTO CUSTOMER (ID, FIRSTNAME, LASTNAME, USERNAME, PASSWORD) VALUES (1, 'Toni', 'Montana', 'toni', $2a$12$p7soZI3kAFcxv7QFRFzNP.gjmhHrpDACSJpoTmJQnFFWD6u7IeXNe');
         INSERT INTO CUSTOMER (ID, FIRSTNAME, LASTNAME, USERNAME, PASSWORD) VALUES (2, 'Jona', 'Sales', 'joan', '$2a$12$jYdymbsZnCLPKuC2NrZGEO1PZyRVmpmoaBndyn.b.TR2z40686E7.');
         INSERT INTO CUSTOMER (ID, FIRSTNAME, LASTNAME, USERNAME, PASSWORD) VALUES (3, 'Biaggio', 'Pitter', 'biaggio', '$2a$12$y3Hc5Mn11BCt9EwMeocF3eS2VTh.anw5C3ZP8D7zTWPZyC/BAOt8e');
    

• resources/templates:

  • hello.html
  • home.html
  • login.html

• Java Configuration classes:

  • CustomerUserDetailService.java
  • MvcConfig.java
  • WebSecurityConfig.java

• Customizing Authentication Managers:

           @Configuration
                   public class ApplicationSecurity extends WebSecurityConfigurerAdapter {
  
                   @Autowired
                   DataSource dataSource;
  
                   ... // web stuff here
  
                   @Override
                   public void configure(AuthenticationManagerBuilder builder) {
                       builder.jdbcAuthentication().dataSource(dataSource).withUser("dave")
                       .password("secret").roles("USER");
               }
  
            }  
  

• How Spring Security works? It is a single physical Filter but delegates processing to a chain of internal filters

  • Spring Security is a single filter, but, inside of it, there are additional filters, each playing a special role
  • The following picture shows the dispatch happening based on matching the request path (/foo/** matches before /**). This is very common but not the only way to match a request. The most important feature of this dispatch process is that only one chain ever handles a request.

• version 1.0 : very basic project
  • Project folder-tree:

• Project execution: