From f27995bf066c4a19722c5d5789ee4355ad825278 Mon Sep 17 00:00:00 2001 From: oscarramadhan Date: Sun, 13 Apr 2025 00:55:49 +0700 Subject: [PATCH 01/17] init new module for spring-security with basic auth to secure specific URLs and HTTP-Metod --- security-modules/spring-security/pom.xml | 62 ++++++++++++++++ .../SpringSecurityApplication.java | 13 ++++ .../config/SecurityConfig.java | 43 ++++++++++++ .../controller/AuthController.java | 31 ++++++++ .../controller/PostController.java | 62 ++++++++++++++++ .../spring_security/dto/UserProfileDto.java | 42 +++++++++++ .../dto/request/PostRequestDto.java | 30 ++++++++ .../dto/request/RegisterRequestDto.java | 52 ++++++++++++++ .../dto/response/PostResponseDto.java | 50 +++++++++++++ .../baeldung/spring_security/entity/Post.java | 59 ++++++++++++++++ .../baeldung/spring_security/entity/User.java | 70 +++++++++++++++++++ .../repository/PostRepository.java | 13 ++++ .../repository/UserRepository.java | 12 ++++ .../spring_security/service/AuthService.java | 50 +++++++++++++ .../service/CustomUserDetailService.java | 29 ++++++++ .../spring_security/service/IAuthService.java | 12 ++++ .../spring_security/service/IPostService.java | 14 ++++ .../spring_security/service/PostService.java | 65 +++++++++++++++++ .../baeldung/spring_security/utils/Role.java | 5 ++ .../src/main/resources/application.properties | 12 ++++ .../SpringSecurityApplicationTests.java | 13 ++++ 21 files changed, 739 insertions(+) create mode 100644 security-modules/spring-security/pom.xml create mode 100644 security-modules/spring-security/src/main/java/com/baeldung/spring_security/SpringSecurityApplication.java create mode 100644 security-modules/spring-security/src/main/java/com/baeldung/spring_security/config/SecurityConfig.java create mode 100644 security-modules/spring-security/src/main/java/com/baeldung/spring_security/controller/AuthController.java create mode 100644 security-modules/spring-security/src/main/java/com/baeldung/spring_security/controller/PostController.java create mode 100644 security-modules/spring-security/src/main/java/com/baeldung/spring_security/dto/UserProfileDto.java create mode 100644 security-modules/spring-security/src/main/java/com/baeldung/spring_security/dto/request/PostRequestDto.java create mode 100644 security-modules/spring-security/src/main/java/com/baeldung/spring_security/dto/request/RegisterRequestDto.java create mode 100644 security-modules/spring-security/src/main/java/com/baeldung/spring_security/dto/response/PostResponseDto.java create mode 100644 security-modules/spring-security/src/main/java/com/baeldung/spring_security/entity/Post.java create mode 100644 security-modules/spring-security/src/main/java/com/baeldung/spring_security/entity/User.java create mode 100644 security-modules/spring-security/src/main/java/com/baeldung/spring_security/repository/PostRepository.java create mode 100644 security-modules/spring-security/src/main/java/com/baeldung/spring_security/repository/UserRepository.java create mode 100644 security-modules/spring-security/src/main/java/com/baeldung/spring_security/service/AuthService.java create mode 100644 security-modules/spring-security/src/main/java/com/baeldung/spring_security/service/CustomUserDetailService.java create mode 100644 security-modules/spring-security/src/main/java/com/baeldung/spring_security/service/IAuthService.java create mode 100644 security-modules/spring-security/src/main/java/com/baeldung/spring_security/service/IPostService.java create mode 100644 security-modules/spring-security/src/main/java/com/baeldung/spring_security/service/PostService.java create mode 100644 security-modules/spring-security/src/main/java/com/baeldung/spring_security/utils/Role.java create mode 100644 security-modules/spring-security/src/main/resources/application.properties create mode 100644 security-modules/spring-security/src/test/java/com/baeldung/spring_security/SpringSecurityApplicationTests.java diff --git a/security-modules/spring-security/pom.xml b/security-modules/spring-security/pom.xml new file mode 100644 index 000000000000..55740604b54d --- /dev/null +++ b/security-modules/spring-security/pom.xml @@ -0,0 +1,62 @@ + + + 4.0.0 + + com.baeldung + parent-boot-3 + 0.0.1-SNAPSHOT + ../../parent-boot-3 + + + spring-security + 0.0.1-SNAPSHOT + spring-security + Demo project for Spring Security to secure URLs and HTTP-Method + + + 17 + + + + org.springframework.boot + spring-boot-starter + 3.4.4 + + + org.springframework.boot + spring-boot-starter-security + 3.4.4 + + + org.springframework.boot + spring-boot-starter-data-jpa + 3.4.4 + + + org.springframework.boot + spring-boot-starter-web + 3.4.4 + + + com.h2database + h2 + 2.3.232 + + + org.springframework.boot + spring-boot-starter-test + test + + + + + + + org.springframework.boot + spring-boot-maven-plugin + + + + + diff --git a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/SpringSecurityApplication.java b/security-modules/spring-security/src/main/java/com/baeldung/spring_security/SpringSecurityApplication.java new file mode 100644 index 000000000000..01d9c2b8e958 --- /dev/null +++ b/security-modules/spring-security/src/main/java/com/baeldung/spring_security/SpringSecurityApplication.java @@ -0,0 +1,13 @@ +package com.baeldung.spring_security; + +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; + +@SpringBootApplication +public class SpringSecurityApplication { + + public static void main(String[] args) { + SpringApplication.run(SpringSecurityApplication.class, args); + } + +} diff --git a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/config/SecurityConfig.java b/security-modules/spring-security/src/main/java/com/baeldung/spring_security/config/SecurityConfig.java new file mode 100644 index 000000000000..bc9d33b5205d --- /dev/null +++ b/security-modules/spring-security/src/main/java/com/baeldung/spring_security/config/SecurityConfig.java @@ -0,0 +1,43 @@ +package com.baeldung.spring_security.config; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.http.HttpMethod; +import org.springframework.security.config.Customizer; +import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.web.SecurityFilterChain; +import org.springframework.security.web.util.matcher.AntPathRequestMatcher; + +@Configuration +@EnableWebSecurity +@EnableMethodSecurity +public class SecurityConfig { + @Bean + public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { + http + .csrf(csrf -> csrf.disable()) // Disable CSRF protection completely + .headers(headers -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable)) + .authorizeHttpRequests(auth -> auth + .requestMatchers(new AntPathRequestMatcher("/auth/**")).permitAll() + .requestMatchers(new AntPathRequestMatcher("/h2-console/**")).permitAll() + .requestMatchers(HttpMethod.GET, "/posts/mine").hasRole("USER") + .requestMatchers(HttpMethod.POST, "/posts/create").hasRole("USER") + .requestMatchers(HttpMethod.PUT, "/posts/**").hasRole("USER") + .requestMatchers(HttpMethod.DELETE, "/posts/**").hasAnyRole("USER", "ADMIN") + .anyRequest().authenticated() + ) + .httpBasic(Customizer.withDefaults()); + + return http.build(); + } + + @Bean + public PasswordEncoder passwordEncoder() { + return new BCryptPasswordEncoder(); + } +} diff --git a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/controller/AuthController.java b/security-modules/spring-security/src/main/java/com/baeldung/spring_security/controller/AuthController.java new file mode 100644 index 000000000000..998b32dc8814 --- /dev/null +++ b/security-modules/spring-security/src/main/java/com/baeldung/spring_security/controller/AuthController.java @@ -0,0 +1,31 @@ +package com.baeldung.spring_security.controller; + +import com.baeldung.spring_security.dto.request.RegisterRequestDto; +import com.baeldung.spring_security.dto.UserProfileDto; +import com.baeldung.spring_security.service.IAuthService; +import org.springframework.http.*; +import org.springframework.security.core.Authentication; +import org.springframework.web.bind.annotation.*; + +@RestController +@RequestMapping("auth") +public class AuthController { + private final IAuthService authService; + + public AuthController(IAuthService authService) { + this.authService = authService; + } + + @PostMapping("register") + public ResponseEntity register(@RequestBody RegisterRequestDto request) { + String result = authService.register(request); + + return new ResponseEntity<>(result, HttpStatus.OK); + } + + @GetMapping("profile") + public ResponseEntity profile(Authentication authentication) { + UserProfileDto userProfileDto = authService.profile(authentication); + return new ResponseEntity<>(userProfileDto, HttpStatus.OK); + } +} diff --git a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/controller/PostController.java b/security-modules/spring-security/src/main/java/com/baeldung/spring_security/controller/PostController.java new file mode 100644 index 000000000000..f73eb3f1cfe3 --- /dev/null +++ b/security-modules/spring-security/src/main/java/com/baeldung/spring_security/controller/PostController.java @@ -0,0 +1,62 @@ +package com.baeldung.spring_security.controller; + +import com.baeldung.spring_security.dto.request.PostRequestDto; +import com.baeldung.spring_security.dto.response.PostResponseDto; +import com.baeldung.spring_security.service.IPostService; +import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; +import org.springframework.security.access.AccessDeniedException; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.security.core.Authentication; +import org.springframework.web.bind.annotation.*; + +import java.util.List; +import java.util.NoSuchElementException; + +@RestController +@RequestMapping("posts") +public class PostController { + private final IPostService postService; + + public PostController(IPostService postService) { + this.postService = postService; + } + + @PostMapping("create") + @PreAuthorize("hasRole('USER')") + public ResponseEntity create(@RequestBody PostRequestDto dto, Authentication auth) { + PostResponseDto result = postService.create(dto, auth); + return new ResponseEntity<>(result, HttpStatus.CREATED); + } + + @GetMapping("mine") + @PreAuthorize("hasRole('USER')") + public ResponseEntity> myPosts(Authentication auth) { + List result = postService.myPosts(auth); + return new ResponseEntity<>(result, HttpStatus.OK); + } + + @PutMapping("{id}") + @PreAuthorize("hasRole('USER')") + public ResponseEntity update(@PathVariable Long id, @RequestBody PostRequestDto req, Authentication auth) { + try { + postService.update(id, req, auth); + return new ResponseEntity<>("updated", HttpStatus.OK); + } catch (AccessDeniedException ade) { + return new ResponseEntity<>(ade.getMessage(), HttpStatus.FORBIDDEN); + } + } + + @DeleteMapping("{id}") + @PreAuthorize("hasAnyRole('USER', 'ADMIN')") + public ResponseEntity delete(@PathVariable Long id, Authentication auth) { + try { + postService.delete(id, auth); + return new ResponseEntity<>(HttpStatus.NO_CONTENT); + } catch (AccessDeniedException ade) { + return new ResponseEntity<>(ade.getMessage(), HttpStatus.FORBIDDEN); + } catch (NoSuchElementException nse) { + return new ResponseEntity<>(nse.getMessage(), HttpStatus.NOT_FOUND); + } + } +} diff --git a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/dto/UserProfileDto.java b/security-modules/spring-security/src/main/java/com/baeldung/spring_security/dto/UserProfileDto.java new file mode 100644 index 000000000000..af61db05031c --- /dev/null +++ b/security-modules/spring-security/src/main/java/com/baeldung/spring_security/dto/UserProfileDto.java @@ -0,0 +1,42 @@ +package com.baeldung.spring_security.dto; + +import com.baeldung.spring_security.utils.Role; + +public class UserProfileDto { + private String username; + private String email; + private Role role; + + public UserProfileDto() { + } + + public UserProfileDto(String username, String email, Role role) { + this.username = username; + this.email = email; + this.role = role; + } + + public String getUsername() { + return username; + } + + public void setUsername(String username) { + this.username = username; + } + + public String getEmail() { + return email; + } + + public void setEmail(String email) { + this.email = email; + } + + public Role getRole() { + return role; + } + + public void setRole(Role role) { + this.role = role; + } +} diff --git a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/dto/request/PostRequestDto.java b/security-modules/spring-security/src/main/java/com/baeldung/spring_security/dto/request/PostRequestDto.java new file mode 100644 index 000000000000..8c5690a204e6 --- /dev/null +++ b/security-modules/spring-security/src/main/java/com/baeldung/spring_security/dto/request/PostRequestDto.java @@ -0,0 +1,30 @@ +package com.baeldung.spring_security.dto.request; + +public class PostRequestDto { + private String title; + private String content; + + public PostRequestDto() { + } + + public PostRequestDto(String title, String content) { + this.title = title; + this.content = content; + } + + public String getTitle() { + return title; + } + + public void setTitle(String title) { + this.title = title; + } + + public String getContent() { + return content; + } + + public void setContent(String content) { + this.content = content; + } +} diff --git a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/dto/request/RegisterRequestDto.java b/security-modules/spring-security/src/main/java/com/baeldung/spring_security/dto/request/RegisterRequestDto.java new file mode 100644 index 000000000000..fc22c0322ee5 --- /dev/null +++ b/security-modules/spring-security/src/main/java/com/baeldung/spring_security/dto/request/RegisterRequestDto.java @@ -0,0 +1,52 @@ +package com.baeldung.spring_security.dto.request; + +import com.baeldung.spring_security.utils.Role; + +public class RegisterRequestDto { + private String username; + private String email; + private String password; + private Role role; + + public RegisterRequestDto() { + } + + public RegisterRequestDto(String username, String email, String password, Role role) { + this.username = username; + this.email = email; + this.password = password; + this.role = role; + } + + public String getUsername() { + return username; + } + + public void setUsername(String username) { + this.username = username; + } + + public String getEmail() { + return email; + } + + public void setEmail(String email) { + this.email = email; + } + + public String getPassword() { + return password; + } + + public void setPassword(String password) { + this.password = password; + } + + public Role getRole() { + return role; + } + + public void setRole(Role role) { + this.role = role; + } +} diff --git a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/dto/response/PostResponseDto.java b/security-modules/spring-security/src/main/java/com/baeldung/spring_security/dto/response/PostResponseDto.java new file mode 100644 index 000000000000..75d1c58835ce --- /dev/null +++ b/security-modules/spring-security/src/main/java/com/baeldung/spring_security/dto/response/PostResponseDto.java @@ -0,0 +1,50 @@ +package com.baeldung.spring_security.dto.response; + +public class PostResponseDto { + private Long id; + private String title; + private String content; + private String username; + + public PostResponseDto() { + } + + public PostResponseDto(Long id, String title, String content, String username) { + this.id = id; + this.title = title; + this.content = content; + this.username = username; + } + + public Long getId() { + return id; + } + + public void setId(Long id) { + this.id = id; + } + + public String getTitle() { + return title; + } + + public void setTitle(String title) { + this.title = title; + } + + public String getContent() { + return content; + } + + public void setContent(String content) { + this.content = content; + } + + public String getUsername() { + return username; + } + + public void setUsername(String username) { + this.username = username; + } +} diff --git a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/entity/Post.java b/security-modules/spring-security/src/main/java/com/baeldung/spring_security/entity/Post.java new file mode 100644 index 000000000000..e381f211fd7d --- /dev/null +++ b/security-modules/spring-security/src/main/java/com/baeldung/spring_security/entity/Post.java @@ -0,0 +1,59 @@ +package com.baeldung.spring_security.entity; + +import jakarta.persistence.*; + +@Entity +public class Post { + + @Id + @GeneratedValue(strategy = GenerationType.IDENTITY) + private Long id; + + private String title; + private String content; + + @ManyToOne(fetch = FetchType.LAZY) + private User user; // The owner of the post + + public Post() { + } + + public Post(Long id, String title, String content, User user) { + this.id = id; + this.title = title; + this.content = content; + this.user = user; + } + + public Long getId() { + return id; + } + + public void setId(Long id) { + this.id = id; + } + + public String getTitle() { + return title; + } + + public void setTitle(String title) { + this.title = title; + } + + public String getContent() { + return content; + } + + public void setContent(String content) { + this.content = content; + } + + public User getUser() { + return user; + } + + public void setUser(User user) { + this.user = user; + } +} diff --git a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/entity/User.java b/security-modules/spring-security/src/main/java/com/baeldung/spring_security/entity/User.java new file mode 100644 index 000000000000..98c43d0ca652 --- /dev/null +++ b/security-modules/spring-security/src/main/java/com/baeldung/spring_security/entity/User.java @@ -0,0 +1,70 @@ +package com.baeldung.spring_security.entity; + +import com.baeldung.spring_security.utils.Role; +import jakarta.persistence.*; + +@Entity +@Table(name = "tb_user") +public class User { + @Id + @GeneratedValue(strategy = GenerationType.IDENTITY) + private Long id; + + private String username; + private String email; + private String password; + + @Enumerated(EnumType.STRING) + private Role role; + + public User() { + } + + public User(Long id, String username, String email, String password, Role role) { + this.id = id; + this.username = username; + this.email = email; + this.password = password; + this.role = role; + } + + public Long getId() { + return id; + } + + public void setId(Long id) { + this.id = id; + } + + public String getUsername() { + return username; + } + + public void setUsername(String username) { + this.username = username; + } + + public String getEmail() { + return email; + } + + public void setEmail(String email) { + this.email = email; + } + + public String getPassword() { + return password; + } + + public void setPassword(String password) { + this.password = password; + } + + public Role getRole() { + return role; + } + + public void setRole(Role role) { + this.role = role; + } +} diff --git a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/repository/PostRepository.java b/security-modules/spring-security/src/main/java/com/baeldung/spring_security/repository/PostRepository.java new file mode 100644 index 000000000000..6ad130cdc5b6 --- /dev/null +++ b/security-modules/spring-security/src/main/java/com/baeldung/spring_security/repository/PostRepository.java @@ -0,0 +1,13 @@ +package com.baeldung.spring_security.repository; + +import com.baeldung.spring_security.entity.Post; +import com.baeldung.spring_security.entity.User; +import org.springframework.data.jpa.repository.JpaRepository; +import org.springframework.stereotype.Repository; + +import java.util.List; + +@Repository +public interface PostRepository extends JpaRepository { + List findByUser(User user); +} diff --git a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/repository/UserRepository.java b/security-modules/spring-security/src/main/java/com/baeldung/spring_security/repository/UserRepository.java new file mode 100644 index 000000000000..59eea8f215ce --- /dev/null +++ b/security-modules/spring-security/src/main/java/com/baeldung/spring_security/repository/UserRepository.java @@ -0,0 +1,12 @@ +package com.baeldung.spring_security.repository; + +import com.baeldung.spring_security.entity.User; +import org.springframework.data.jpa.repository.JpaRepository; +import org.springframework.stereotype.Repository; + +import java.util.Optional; + +@Repository +public interface UserRepository extends JpaRepository { + Optional findByUsername(String username); +} diff --git a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/service/AuthService.java b/security-modules/spring-security/src/main/java/com/baeldung/spring_security/service/AuthService.java new file mode 100644 index 000000000000..93f503ad617d --- /dev/null +++ b/security-modules/spring-security/src/main/java/com/baeldung/spring_security/service/AuthService.java @@ -0,0 +1,50 @@ +package com.baeldung.spring_security.service; + +import com.baeldung.spring_security.dto.request.RegisterRequestDto; +import com.baeldung.spring_security.dto.UserProfileDto; +import com.baeldung.spring_security.entity.User; +import com.baeldung.spring_security.repository.UserRepository; +import org.springframework.security.core.Authentication; +import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.stereotype.Service; + +import java.util.Optional; + +@Service +public class AuthService implements IAuthService { + private final UserRepository userRepository; + private final PasswordEncoder passwordEncoder; + + public AuthService(UserRepository userRepository, PasswordEncoder passwordEncoder) { + this.userRepository = userRepository; + this.passwordEncoder = passwordEncoder; + } + + @Override + public String register(RegisterRequestDto request) { + if (userRepository.findByUsername(request.getUsername()).isPresent()) { + return "Username already exists"; + } + + User user = new User(); + user.setUsername(request.getUsername()); + user.setEmail(request.getEmail()); + user.setPassword(passwordEncoder.encode(request.getPassword())); + user.setRole(request.getRole()); + + userRepository.save(user); + return "User registered successfully"; + } + + @Override + public UserProfileDto profile(Authentication authentication) { + Optional user = userRepository.findByUsername(authentication.getName()); + return user.map(value -> new UserProfileDto(value.getUsername(), value.getEmail(), value.getRole())).orElseThrow(); + } + + @Override + public User getUser(Authentication authentication) { + Optional user = userRepository.findByUsername(authentication.getName()); + return user.orElse(null); + } +} diff --git a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/service/CustomUserDetailService.java b/security-modules/spring-security/src/main/java/com/baeldung/spring_security/service/CustomUserDetailService.java new file mode 100644 index 000000000000..0b4ba2abfcc5 --- /dev/null +++ b/security-modules/spring-security/src/main/java/com/baeldung/spring_security/service/CustomUserDetailService.java @@ -0,0 +1,29 @@ +package com.baeldung.spring_security.service; + +import com.baeldung.spring_security.entity.User; +import com.baeldung.spring_security.repository.UserRepository; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.core.userdetails.UsernameNotFoundException; +import org.springframework.stereotype.Service; + +@Service +public class CustomUserDetailService implements UserDetailsService { + private final UserRepository userRepository; + + public CustomUserDetailService(UserRepository userRepository) { + this.userRepository = userRepository; + } + + @Override + public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { + User user = userRepository.findByUsername(username) + .orElseThrow(() -> new UsernameNotFoundException("User not found")); + + return org.springframework.security.core.userdetails.User + .withUsername(user.getUsername()) + .password(user.getPassword()) + .roles(user.getRole().name()) + .build(); + } +} diff --git a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/service/IAuthService.java b/security-modules/spring-security/src/main/java/com/baeldung/spring_security/service/IAuthService.java new file mode 100644 index 000000000000..85e522c9fd6e --- /dev/null +++ b/security-modules/spring-security/src/main/java/com/baeldung/spring_security/service/IAuthService.java @@ -0,0 +1,12 @@ +package com.baeldung.spring_security.service; + +import com.baeldung.spring_security.dto.request.RegisterRequestDto; +import com.baeldung.spring_security.dto.UserProfileDto; +import com.baeldung.spring_security.entity.User; +import org.springframework.security.core.Authentication; + +public interface IAuthService { + String register(RegisterRequestDto request); + UserProfileDto profile(Authentication authentication); + User getUser(Authentication authentication); +} diff --git a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/service/IPostService.java b/security-modules/spring-security/src/main/java/com/baeldung/spring_security/service/IPostService.java new file mode 100644 index 000000000000..50cf35e6ba30 --- /dev/null +++ b/security-modules/spring-security/src/main/java/com/baeldung/spring_security/service/IPostService.java @@ -0,0 +1,14 @@ +package com.baeldung.spring_security.service; + +import com.baeldung.spring_security.dto.request.PostRequestDto; +import com.baeldung.spring_security.dto.response.PostResponseDto; +import org.springframework.security.core.Authentication; + +import java.util.List; + +public interface IPostService { + PostResponseDto create(PostRequestDto req, Authentication auth); + void update(Long id, PostRequestDto dto, Authentication auth); + void delete(Long id, Authentication auth); + List myPosts(Authentication auth); +} diff --git a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/service/PostService.java b/security-modules/spring-security/src/main/java/com/baeldung/spring_security/service/PostService.java new file mode 100644 index 000000000000..f936af76f069 --- /dev/null +++ b/security-modules/spring-security/src/main/java/com/baeldung/spring_security/service/PostService.java @@ -0,0 +1,65 @@ +package com.baeldung.spring_security.service; + +import com.baeldung.spring_security.dto.request.PostRequestDto; +import com.baeldung.spring_security.dto.response.PostResponseDto; +import com.baeldung.spring_security.entity.Post; +import com.baeldung.spring_security.entity.User; +import com.baeldung.spring_security.repository.PostRepository; +import org.springframework.security.access.AccessDeniedException; +import org.springframework.security.core.Authentication; +import org.springframework.stereotype.Service; + +import java.util.List; + +@Service +public class PostService implements IPostService { + private final PostRepository postRepository; + private final IAuthService authService; + + public PostService(PostRepository postRepository, IAuthService authService) { + this.postRepository = postRepository; + this.authService = authService; + } + + @Override + public PostResponseDto create(PostRequestDto req, Authentication auth) { + User user = authService.getUser(auth); + Post post = new Post(); + post.setTitle(req.getTitle()); + post.setContent(req.getContent()); + post.setUser(user); + return toDto(postRepository.save(post)); + } + + @Override + public void update(Long id, PostRequestDto dto, Authentication auth) { + Post post = postRepository.findById(id).orElseThrow(); + if (!post.getUser().getUsername().equals(auth.getName())) { + throw new AccessDeniedException("You can only edit your own posts"); + } + post.setTitle(dto.getTitle()); + post.setContent(dto.getContent()); + postRepository.save(post); + } + + @Override + public void delete(Long id, Authentication auth) { + boolean isAdmin = auth.getAuthorities().stream().anyMatch(a -> a.getAuthority().equals("ROLE_ADMIN")); + + Post post = postRepository.findById(id).orElseThrow(); + if (!isAdmin && !post.getUser().getUsername().equals(auth.getName())) { + throw new AccessDeniedException("You can only delete your own posts"); + } + postRepository.delete(post); + } + + @Override + public List myPosts(Authentication auth) { + User user = authService.getUser(auth); + return postRepository.findByUser(user).stream().map(this::toDto).toList(); + } + + private PostResponseDto toDto(Post post) { + return new PostResponseDto(post.getId(), post.getTitle(), post.getContent(), post.getUser().getUsername()); + } +} diff --git a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/utils/Role.java b/security-modules/spring-security/src/main/java/com/baeldung/spring_security/utils/Role.java new file mode 100644 index 000000000000..c480c948c107 --- /dev/null +++ b/security-modules/spring-security/src/main/java/com/baeldung/spring_security/utils/Role.java @@ -0,0 +1,5 @@ +package com.baeldung.spring_security.utils; + +public enum Role { + USER, ADMIN +} diff --git a/security-modules/spring-security/src/main/resources/application.properties b/security-modules/spring-security/src/main/resources/application.properties new file mode 100644 index 000000000000..0f01a533bd6b --- /dev/null +++ b/security-modules/spring-security/src/main/resources/application.properties @@ -0,0 +1,12 @@ +spring.application.name=spring-security + +spring.datasource.url= jdbc:h2:file:C:/Users/oscar/test;DB_CLOSE_DELAY=-1;IFEXISTS=FALSE +spring.datasource.driverClassName=org.h2.Driver +spring.datasource.username=sa +spring.datasource.password=qwerty + +spring.h2.console.enabled=true +spring.h2.console.path=/h2-console + +spring.jpa.hibernate.ddl-auto=update +spring.jpa.show-sql=true diff --git a/security-modules/spring-security/src/test/java/com/baeldung/spring_security/SpringSecurityApplicationTests.java b/security-modules/spring-security/src/test/java/com/baeldung/spring_security/SpringSecurityApplicationTests.java new file mode 100644 index 000000000000..ecf9cfaf43a5 --- /dev/null +++ b/security-modules/spring-security/src/test/java/com/baeldung/spring_security/SpringSecurityApplicationTests.java @@ -0,0 +1,13 @@ +package com.baeldung.spring_security; + +import org.junit.jupiter.api.Test; +import org.springframework.boot.test.context.SpringBootTest; + +@SpringBootTest +class SpringSecurityApplicationTests { + + @Test + void contextLoads() { + } + +} From 2a588771f05e3c45cd40526eb58d6fa55aaa7b00 Mon Sep 17 00:00:00 2001 From: oscarramadhan Date: Sun, 13 Apr 2025 00:57:45 +0700 Subject: [PATCH 02/17] fix formatting --- .../com/baeldung/spring_security/SpringSecurityApplication.java | 2 -- 1 file changed, 2 deletions(-) diff --git a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/SpringSecurityApplication.java b/security-modules/spring-security/src/main/java/com/baeldung/spring_security/SpringSecurityApplication.java index 01d9c2b8e958..757844f50490 100644 --- a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/SpringSecurityApplication.java +++ b/security-modules/spring-security/src/main/java/com/baeldung/spring_security/SpringSecurityApplication.java @@ -5,9 +5,7 @@ @SpringBootApplication public class SpringSecurityApplication { - public static void main(String[] args) { SpringApplication.run(SpringSecurityApplication.class, args); } - } From 26d56085cbdab423d3c669b51347c929928525fc Mon Sep 17 00:00:00 2001 From: oscarramadhan Date: Mon, 14 Apr 2025 06:37:06 +0700 Subject: [PATCH 03/17] adjust indent for line continuation in the endpoints while configuring the securityFilterChain() --- .../config/SecurityConfig.java | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/config/SecurityConfig.java b/security-modules/spring-security/src/main/java/com/baeldung/spring_security/config/SecurityConfig.java index bc9d33b5205d..43cbb62cde1e 100644 --- a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/config/SecurityConfig.java +++ b/security-modules/spring-security/src/main/java/com/baeldung/spring_security/config/SecurityConfig.java @@ -20,18 +20,18 @@ public class SecurityConfig { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http - .csrf(csrf -> csrf.disable()) // Disable CSRF protection completely - .headers(headers -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable)) - .authorizeHttpRequests(auth -> auth - .requestMatchers(new AntPathRequestMatcher("/auth/**")).permitAll() - .requestMatchers(new AntPathRequestMatcher("/h2-console/**")).permitAll() - .requestMatchers(HttpMethod.GET, "/posts/mine").hasRole("USER") - .requestMatchers(HttpMethod.POST, "/posts/create").hasRole("USER") - .requestMatchers(HttpMethod.PUT, "/posts/**").hasRole("USER") - .requestMatchers(HttpMethod.DELETE, "/posts/**").hasAnyRole("USER", "ADMIN") - .anyRequest().authenticated() - ) - .httpBasic(Customizer.withDefaults()); + .csrf(csrf -> csrf.disable()) // Disable CSRF protection completely + .headers(headers -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable)) + .authorizeHttpRequests(auth -> auth + .requestMatchers(new AntPathRequestMatcher("/auth/**")).permitAll() + .requestMatchers(new AntPathRequestMatcher("/h2-console/**")).permitAll() + .requestMatchers(HttpMethod.GET, "/posts/mine").hasRole("USER") + .requestMatchers(HttpMethod.POST, "/posts/create").hasRole("USER") + .requestMatchers(HttpMethod.PUT, "/posts/**").hasRole("USER") + .requestMatchers(HttpMethod.DELETE, "/posts/**").hasAnyRole("USER", "ADMIN") + .anyRequest().authenticated() + ) + .httpBasic(Customizer.withDefaults()); return http.build(); } From 4b1c97e75c2d174e8c5687adc0d6664a0a2834dd Mon Sep 17 00:00:00 2001 From: oscarramadhan Date: Fri, 18 Apr 2025 20:09:52 +0700 Subject: [PATCH 04/17] update application properties --- .../spring-security/src/main/resources/application.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security-modules/spring-security/src/main/resources/application.properties b/security-modules/spring-security/src/main/resources/application.properties index 0f01a533bd6b..f517391c7b63 100644 --- a/security-modules/spring-security/src/main/resources/application.properties +++ b/security-modules/spring-security/src/main/resources/application.properties @@ -1,6 +1,6 @@ spring.application.name=spring-security -spring.datasource.url= jdbc:h2:file:C:/Users/oscar/test;DB_CLOSE_DELAY=-1;IFEXISTS=FALSE +spring.datasource.url= jdbc:h2:file:C:/your_folder_here/test;DB_CLOSE_DELAY=-1;IFEXISTS=FALSE spring.datasource.driverClassName=org.h2.Driver spring.datasource.username=sa spring.datasource.password=qwerty From 267f7e6fc4b39bc726938395c3d9599e21486649 Mon Sep 17 00:00:00 2001 From: oscarramadhan Date: Fri, 2 May 2025 01:18:24 +0700 Subject: [PATCH 05/17] adjust based on review --- security-modules/spring-security/pom.xml | 17 +++++++--------- .../spring_security/service/IAuthService.java | 12 ----------- .../spring_security/service/IPostService.java | 14 ------------- .../SpringSecurityApplication.java | 0 .../config/SecurityConfig.java | 0 .../controller/AuthController.java | 10 +++++----- .../controller/PostController.java | 10 +++++----- .../dto/UserProfileDto.java | 0 .../dto/request/PostRequestDto.java | 0 .../dto/request/RegisterRequestDto.java | 0 .../dto/response/PostResponseDto.java | 0 .../entity/Post.java | 0 .../entity/User.java | 0 .../repository/PostRepository.java | 6 +++--- .../repository/UserRepository.java | 4 ++-- .../service/AuthService.java | 13 +++++------- .../service/CustomUserDetailService.java | 4 ++-- .../service/PostService.java | 20 ++++++++----------- .../utils/Role.java | 0 .../SpringSecurityApplicationTests.java | 13 ------------ 20 files changed, 37 insertions(+), 86 deletions(-) delete mode 100644 security-modules/spring-security/src/main/java/com/baeldung/spring_security/service/IAuthService.java delete mode 100644 security-modules/spring-security/src/main/java/com/baeldung/spring_security/service/IPostService.java rename security-modules/spring-security/src/main/java/com/baeldung/{spring_security => springsecurity}/SpringSecurityApplication.java (100%) rename security-modules/spring-security/src/main/java/com/baeldung/{spring_security => springsecurity}/config/SecurityConfig.java (100%) rename security-modules/spring-security/src/main/java/com/baeldung/{spring_security => springsecurity}/controller/AuthController.java (74%) rename security-modules/spring-security/src/main/java/com/baeldung/{spring_security => springsecurity}/controller/PostController.java (88%) rename security-modules/spring-security/src/main/java/com/baeldung/{spring_security => springsecurity}/dto/UserProfileDto.java (100%) rename security-modules/spring-security/src/main/java/com/baeldung/{spring_security => springsecurity}/dto/request/PostRequestDto.java (100%) rename security-modules/spring-security/src/main/java/com/baeldung/{spring_security => springsecurity}/dto/request/RegisterRequestDto.java (100%) rename security-modules/spring-security/src/main/java/com/baeldung/{spring_security => springsecurity}/dto/response/PostResponseDto.java (100%) rename security-modules/spring-security/src/main/java/com/baeldung/{spring_security => springsecurity}/entity/Post.java (100%) rename security-modules/spring-security/src/main/java/com/baeldung/{spring_security => springsecurity}/entity/User.java (100%) rename security-modules/spring-security/src/main/java/com/baeldung/{spring_security => springsecurity}/repository/PostRepository.java (63%) rename security-modules/spring-security/src/main/java/com/baeldung/{spring_security => springsecurity}/repository/UserRepository.java (73%) rename security-modules/spring-security/src/main/java/com/baeldung/{spring_security => springsecurity}/service/AuthService.java (82%) rename security-modules/spring-security/src/main/java/com/baeldung/{spring_security => springsecurity}/service/CustomUserDetailService.java (90%) rename security-modules/spring-security/src/main/java/com/baeldung/{spring_security => springsecurity}/service/PostService.java (78%) rename security-modules/spring-security/src/main/java/com/baeldung/{spring_security => springsecurity}/utils/Role.java (100%) delete mode 100644 security-modules/spring-security/src/test/java/com/baeldung/spring_security/SpringSecurityApplicationTests.java diff --git a/security-modules/spring-security/pom.xml b/security-modules/spring-security/pom.xml index 55740604b54d..73c93c2ba9de 100644 --- a/security-modules/spring-security/pom.xml +++ b/security-modules/spring-security/pom.xml @@ -16,37 +16,34 @@ 17 + 3.4.4 + 2.3.232 org.springframework.boot spring-boot-starter - 3.4.4 + ${spring-boot.starter.version} org.springframework.boot spring-boot-starter-security - 3.4.4 + ${spring-boot.starter.version} org.springframework.boot spring-boot-starter-data-jpa - 3.4.4 + ${spring-boot.starter.version} org.springframework.boot spring-boot-starter-web - 3.4.4 + ${spring-boot.starter.version} com.h2database h2 - 2.3.232 - - - org.springframework.boot - spring-boot-starter-test - test + ${h2-db.version} diff --git a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/service/IAuthService.java b/security-modules/spring-security/src/main/java/com/baeldung/spring_security/service/IAuthService.java deleted file mode 100644 index 85e522c9fd6e..000000000000 --- a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/service/IAuthService.java +++ /dev/null @@ -1,12 +0,0 @@ -package com.baeldung.spring_security.service; - -import com.baeldung.spring_security.dto.request.RegisterRequestDto; -import com.baeldung.spring_security.dto.UserProfileDto; -import com.baeldung.spring_security.entity.User; -import org.springframework.security.core.Authentication; - -public interface IAuthService { - String register(RegisterRequestDto request); - UserProfileDto profile(Authentication authentication); - User getUser(Authentication authentication); -} diff --git a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/service/IPostService.java b/security-modules/spring-security/src/main/java/com/baeldung/spring_security/service/IPostService.java deleted file mode 100644 index 50cf35e6ba30..000000000000 --- a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/service/IPostService.java +++ /dev/null @@ -1,14 +0,0 @@ -package com.baeldung.spring_security.service; - -import com.baeldung.spring_security.dto.request.PostRequestDto; -import com.baeldung.spring_security.dto.response.PostResponseDto; -import org.springframework.security.core.Authentication; - -import java.util.List; - -public interface IPostService { - PostResponseDto create(PostRequestDto req, Authentication auth); - void update(Long id, PostRequestDto dto, Authentication auth); - void delete(Long id, Authentication auth); - List myPosts(Authentication auth); -} diff --git a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/SpringSecurityApplication.java b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/SpringSecurityApplication.java similarity index 100% rename from security-modules/spring-security/src/main/java/com/baeldung/spring_security/SpringSecurityApplication.java rename to security-modules/spring-security/src/main/java/com/baeldung/springsecurity/SpringSecurityApplication.java diff --git a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/config/SecurityConfig.java b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/config/SecurityConfig.java similarity index 100% rename from security-modules/spring-security/src/main/java/com/baeldung/spring_security/config/SecurityConfig.java rename to security-modules/spring-security/src/main/java/com/baeldung/springsecurity/config/SecurityConfig.java diff --git a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/controller/AuthController.java b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/controller/AuthController.java similarity index 74% rename from security-modules/spring-security/src/main/java/com/baeldung/spring_security/controller/AuthController.java rename to security-modules/spring-security/src/main/java/com/baeldung/springsecurity/controller/AuthController.java index 998b32dc8814..7b0c47e4f814 100644 --- a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/controller/AuthController.java +++ b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/controller/AuthController.java @@ -1,8 +1,8 @@ package com.baeldung.spring_security.controller; -import com.baeldung.spring_security.dto.request.RegisterRequestDto; -import com.baeldung.spring_security.dto.UserProfileDto; -import com.baeldung.spring_security.service.IAuthService; +import com.baeldung.springsecurity.dto.request.RegisterRequestDto; +import com.baeldung.springsecurity.dto.UserProfileDto; +import com.baeldung.springsecurity.service.AuthService; import org.springframework.http.*; import org.springframework.security.core.Authentication; import org.springframework.web.bind.annotation.*; @@ -10,9 +10,9 @@ @RestController @RequestMapping("auth") public class AuthController { - private final IAuthService authService; + private final AuthService authService; - public AuthController(IAuthService authService) { + public AuthController(AuthService authService) { this.authService = authService; } diff --git a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/controller/PostController.java b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/controller/PostController.java similarity index 88% rename from security-modules/spring-security/src/main/java/com/baeldung/spring_security/controller/PostController.java rename to security-modules/spring-security/src/main/java/com/baeldung/springsecurity/controller/PostController.java index f73eb3f1cfe3..865505ec2428 100644 --- a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/controller/PostController.java +++ b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/controller/PostController.java @@ -1,8 +1,8 @@ package com.baeldung.spring_security.controller; -import com.baeldung.spring_security.dto.request.PostRequestDto; -import com.baeldung.spring_security.dto.response.PostResponseDto; -import com.baeldung.spring_security.service.IPostService; +import com.baeldung.springsecurity.dto.request.PostRequestDto; +import com.baeldung.springsecurity.dto.response.PostResponseDto; +import com.baeldung.springsecurity.service.PostService; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.security.access.AccessDeniedException; @@ -16,9 +16,9 @@ @RestController @RequestMapping("posts") public class PostController { - private final IPostService postService; + private final PostService postService; - public PostController(IPostService postService) { + public PostController(PostService postService) { this.postService = postService; } diff --git a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/dto/UserProfileDto.java b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/dto/UserProfileDto.java similarity index 100% rename from security-modules/spring-security/src/main/java/com/baeldung/spring_security/dto/UserProfileDto.java rename to security-modules/spring-security/src/main/java/com/baeldung/springsecurity/dto/UserProfileDto.java diff --git a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/dto/request/PostRequestDto.java b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/dto/request/PostRequestDto.java similarity index 100% rename from security-modules/spring-security/src/main/java/com/baeldung/spring_security/dto/request/PostRequestDto.java rename to security-modules/spring-security/src/main/java/com/baeldung/springsecurity/dto/request/PostRequestDto.java diff --git a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/dto/request/RegisterRequestDto.java b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/dto/request/RegisterRequestDto.java similarity index 100% rename from security-modules/spring-security/src/main/java/com/baeldung/spring_security/dto/request/RegisterRequestDto.java rename to security-modules/spring-security/src/main/java/com/baeldung/springsecurity/dto/request/RegisterRequestDto.java diff --git a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/dto/response/PostResponseDto.java b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/dto/response/PostResponseDto.java similarity index 100% rename from security-modules/spring-security/src/main/java/com/baeldung/spring_security/dto/response/PostResponseDto.java rename to security-modules/spring-security/src/main/java/com/baeldung/springsecurity/dto/response/PostResponseDto.java diff --git a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/entity/Post.java b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/entity/Post.java similarity index 100% rename from security-modules/spring-security/src/main/java/com/baeldung/spring_security/entity/Post.java rename to security-modules/spring-security/src/main/java/com/baeldung/springsecurity/entity/Post.java diff --git a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/entity/User.java b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/entity/User.java similarity index 100% rename from security-modules/spring-security/src/main/java/com/baeldung/spring_security/entity/User.java rename to security-modules/spring-security/src/main/java/com/baeldung/springsecurity/entity/User.java diff --git a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/repository/PostRepository.java b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/repository/PostRepository.java similarity index 63% rename from security-modules/spring-security/src/main/java/com/baeldung/spring_security/repository/PostRepository.java rename to security-modules/spring-security/src/main/java/com/baeldung/springsecurity/repository/PostRepository.java index 6ad130cdc5b6..0b0ad991bf4f 100644 --- a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/repository/PostRepository.java +++ b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/repository/PostRepository.java @@ -1,7 +1,7 @@ -package com.baeldung.spring_security.repository; +package com.baeldung.springsecurity.repository; -import com.baeldung.spring_security.entity.Post; -import com.baeldung.spring_security.entity.User; +import com.baeldung.springsecurity.entity.Post; +import com.baeldung.springsecurity.entity.User; import org.springframework.data.jpa.repository.JpaRepository; import org.springframework.stereotype.Repository; diff --git a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/repository/UserRepository.java b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/repository/UserRepository.java similarity index 73% rename from security-modules/spring-security/src/main/java/com/baeldung/spring_security/repository/UserRepository.java rename to security-modules/spring-security/src/main/java/com/baeldung/springsecurity/repository/UserRepository.java index 59eea8f215ce..8b9e3f8e8c59 100644 --- a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/repository/UserRepository.java +++ b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/repository/UserRepository.java @@ -1,6 +1,6 @@ -package com.baeldung.spring_security.repository; +package com.baeldung.springsecurity.repository; -import com.baeldung.spring_security.entity.User; +import com.baeldung.springsecurity.entity.User; import org.springframework.data.jpa.repository.JpaRepository; import org.springframework.stereotype.Repository; diff --git a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/service/AuthService.java b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/AuthService.java similarity index 82% rename from security-modules/spring-security/src/main/java/com/baeldung/spring_security/service/AuthService.java rename to security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/AuthService.java index 93f503ad617d..1416e4001b69 100644 --- a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/service/AuthService.java +++ b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/AuthService.java @@ -1,9 +1,9 @@ package com.baeldung.spring_security.service; -import com.baeldung.spring_security.dto.request.RegisterRequestDto; -import com.baeldung.spring_security.dto.UserProfileDto; -import com.baeldung.spring_security.entity.User; -import com.baeldung.spring_security.repository.UserRepository; +import com.baeldung.springsecurity.dto.request.RegisterRequestDto; +import com.baeldung.springsecurity.dto.UserProfileDto; +import com.baeldung.springsecurity.entity.User; +import com.baeldung.springsecurity.repository.UserRepository; import org.springframework.security.core.Authentication; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.stereotype.Service; @@ -11,7 +11,7 @@ import java.util.Optional; @Service -public class AuthService implements IAuthService { +public class AuthService { private final UserRepository userRepository; private final PasswordEncoder passwordEncoder; @@ -20,7 +20,6 @@ public AuthService(UserRepository userRepository, PasswordEncoder passwordEncode this.passwordEncoder = passwordEncoder; } - @Override public String register(RegisterRequestDto request) { if (userRepository.findByUsername(request.getUsername()).isPresent()) { return "Username already exists"; @@ -36,13 +35,11 @@ public String register(RegisterRequestDto request) { return "User registered successfully"; } - @Override public UserProfileDto profile(Authentication authentication) { Optional user = userRepository.findByUsername(authentication.getName()); return user.map(value -> new UserProfileDto(value.getUsername(), value.getEmail(), value.getRole())).orElseThrow(); } - @Override public User getUser(Authentication authentication) { Optional user = userRepository.findByUsername(authentication.getName()); return user.orElse(null); diff --git a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/service/CustomUserDetailService.java b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/CustomUserDetailService.java similarity index 90% rename from security-modules/spring-security/src/main/java/com/baeldung/spring_security/service/CustomUserDetailService.java rename to security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/CustomUserDetailService.java index 0b4ba2abfcc5..a8f448cb1974 100644 --- a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/service/CustomUserDetailService.java +++ b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/CustomUserDetailService.java @@ -1,7 +1,7 @@ package com.baeldung.spring_security.service; -import com.baeldung.spring_security.entity.User; -import com.baeldung.spring_security.repository.UserRepository; +import com.baeldung.springsecurity.entity.User; +import com.baeldung.springsecurity.repository.UserRepository; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; diff --git a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/service/PostService.java b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/PostService.java similarity index 78% rename from security-modules/spring-security/src/main/java/com/baeldung/spring_security/service/PostService.java rename to security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/PostService.java index f936af76f069..38873c904fc5 100644 --- a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/service/PostService.java +++ b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/PostService.java @@ -1,10 +1,10 @@ package com.baeldung.spring_security.service; -import com.baeldung.spring_security.dto.request.PostRequestDto; -import com.baeldung.spring_security.dto.response.PostResponseDto; -import com.baeldung.spring_security.entity.Post; -import com.baeldung.spring_security.entity.User; -import com.baeldung.spring_security.repository.PostRepository; +import com.baeldung.springsecurity.dto.request.PostRequestDto; +import com.baeldung.springsecurity.dto.response.PostResponseDto; +import com.baeldung.springsecurity.entity.Post; +import com.baeldung.springsecurity.entity.User; +import com.baeldung.springsecurity.repository.PostRepository; import org.springframework.security.access.AccessDeniedException; import org.springframework.security.core.Authentication; import org.springframework.stereotype.Service; @@ -12,16 +12,15 @@ import java.util.List; @Service -public class PostService implements IPostService { +public class PostService { private final PostRepository postRepository; - private final IAuthService authService; + private final AuthService authService; - public PostService(PostRepository postRepository, IAuthService authService) { + public PostService(PostRepository postRepository, AuthService authService) { this.postRepository = postRepository; this.authService = authService; } - @Override public PostResponseDto create(PostRequestDto req, Authentication auth) { User user = authService.getUser(auth); Post post = new Post(); @@ -31,7 +30,6 @@ public PostResponseDto create(PostRequestDto req, Authentication auth) { return toDto(postRepository.save(post)); } - @Override public void update(Long id, PostRequestDto dto, Authentication auth) { Post post = postRepository.findById(id).orElseThrow(); if (!post.getUser().getUsername().equals(auth.getName())) { @@ -42,7 +40,6 @@ public void update(Long id, PostRequestDto dto, Authentication auth) { postRepository.save(post); } - @Override public void delete(Long id, Authentication auth) { boolean isAdmin = auth.getAuthorities().stream().anyMatch(a -> a.getAuthority().equals("ROLE_ADMIN")); @@ -53,7 +50,6 @@ public void delete(Long id, Authentication auth) { postRepository.delete(post); } - @Override public List myPosts(Authentication auth) { User user = authService.getUser(auth); return postRepository.findByUser(user).stream().map(this::toDto).toList(); diff --git a/security-modules/spring-security/src/main/java/com/baeldung/spring_security/utils/Role.java b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/utils/Role.java similarity index 100% rename from security-modules/spring-security/src/main/java/com/baeldung/spring_security/utils/Role.java rename to security-modules/spring-security/src/main/java/com/baeldung/springsecurity/utils/Role.java diff --git a/security-modules/spring-security/src/test/java/com/baeldung/spring_security/SpringSecurityApplicationTests.java b/security-modules/spring-security/src/test/java/com/baeldung/spring_security/SpringSecurityApplicationTests.java deleted file mode 100644 index ecf9cfaf43a5..000000000000 --- a/security-modules/spring-security/src/test/java/com/baeldung/spring_security/SpringSecurityApplicationTests.java +++ /dev/null @@ -1,13 +0,0 @@ -package com.baeldung.spring_security; - -import org.junit.jupiter.api.Test; -import org.springframework.boot.test.context.SpringBootTest; - -@SpringBootTest -class SpringSecurityApplicationTests { - - @Test - void contextLoads() { - } - -} From caa2edfef9b20016cb6c5d11af086101d52fcd19 Mon Sep 17 00:00:00 2001 From: oscarramadhan Date: Fri, 2 May 2025 01:24:44 +0700 Subject: [PATCH 06/17] fix package naming --- .../baeldung/springsecurity/SpringSecurityApplication.java | 2 +- .../com/baeldung/springsecurity/config/SecurityConfig.java | 2 +- .../baeldung/springsecurity/controller/AuthController.java | 2 +- .../baeldung/springsecurity/controller/PostController.java | 2 +- .../java/com/baeldung/springsecurity/dto/UserProfileDto.java | 4 ++-- .../baeldung/springsecurity/dto/request/PostRequestDto.java | 2 +- .../springsecurity/dto/request/RegisterRequestDto.java | 4 ++-- .../baeldung/springsecurity/dto/response/PostResponseDto.java | 2 +- .../main/java/com/baeldung/springsecurity/entity/Post.java | 2 +- .../main/java/com/baeldung/springsecurity/entity/User.java | 4 ++-- .../java/com/baeldung/springsecurity/service/AuthService.java | 2 +- .../springsecurity/service/CustomUserDetailService.java | 2 +- .../java/com/baeldung/springsecurity/service/PostService.java | 2 +- .../src/main/java/com/baeldung/springsecurity/utils/Role.java | 2 +- 14 files changed, 17 insertions(+), 17 deletions(-) diff --git a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/SpringSecurityApplication.java b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/SpringSecurityApplication.java index 757844f50490..0590bc0ca6af 100644 --- a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/SpringSecurityApplication.java +++ b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/SpringSecurityApplication.java @@ -1,4 +1,4 @@ -package com.baeldung.spring_security; +package com.baeldung.springsecurity; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; diff --git a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/config/SecurityConfig.java b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/config/SecurityConfig.java index 43cbb62cde1e..887d1b2fa053 100644 --- a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/config/SecurityConfig.java +++ b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/config/SecurityConfig.java @@ -1,4 +1,4 @@ -package com.baeldung.spring_security.config; +package com.baeldung.springsecurity.config; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; diff --git a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/controller/AuthController.java b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/controller/AuthController.java index 7b0c47e4f814..b47292e6dfc4 100644 --- a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/controller/AuthController.java +++ b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/controller/AuthController.java @@ -1,4 +1,4 @@ -package com.baeldung.spring_security.controller; +package com.baeldung.springsecurity.controller; import com.baeldung.springsecurity.dto.request.RegisterRequestDto; import com.baeldung.springsecurity.dto.UserProfileDto; diff --git a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/controller/PostController.java b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/controller/PostController.java index 865505ec2428..55e424594ec9 100644 --- a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/controller/PostController.java +++ b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/controller/PostController.java @@ -1,4 +1,4 @@ -package com.baeldung.spring_security.controller; +package com.baeldung.springsecurity.controller; import com.baeldung.springsecurity.dto.request.PostRequestDto; import com.baeldung.springsecurity.dto.response.PostResponseDto; diff --git a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/dto/UserProfileDto.java b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/dto/UserProfileDto.java index af61db05031c..361f70a99302 100644 --- a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/dto/UserProfileDto.java +++ b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/dto/UserProfileDto.java @@ -1,6 +1,6 @@ -package com.baeldung.spring_security.dto; +package com.baeldung.springsecurity.dto; -import com.baeldung.spring_security.utils.Role; +import com.baeldung.springsecurity.utils.Role; public class UserProfileDto { private String username; diff --git a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/dto/request/PostRequestDto.java b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/dto/request/PostRequestDto.java index 8c5690a204e6..bda2cee8fc05 100644 --- a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/dto/request/PostRequestDto.java +++ b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/dto/request/PostRequestDto.java @@ -1,4 +1,4 @@ -package com.baeldung.spring_security.dto.request; +package com.baeldung.springsecurity.dto.request; public class PostRequestDto { private String title; diff --git a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/dto/request/RegisterRequestDto.java b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/dto/request/RegisterRequestDto.java index fc22c0322ee5..2f41fe3a515d 100644 --- a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/dto/request/RegisterRequestDto.java +++ b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/dto/request/RegisterRequestDto.java @@ -1,6 +1,6 @@ -package com.baeldung.spring_security.dto.request; +package com.baeldung.springsecurity.dto.request; -import com.baeldung.spring_security.utils.Role; +import com.baeldung.springsecurity.utils.Role; public class RegisterRequestDto { private String username; diff --git a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/dto/response/PostResponseDto.java b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/dto/response/PostResponseDto.java index 75d1c58835ce..3649ef59009f 100644 --- a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/dto/response/PostResponseDto.java +++ b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/dto/response/PostResponseDto.java @@ -1,4 +1,4 @@ -package com.baeldung.spring_security.dto.response; +package com.baeldung.springsecurity.dto.response; public class PostResponseDto { private Long id; diff --git a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/entity/Post.java b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/entity/Post.java index e381f211fd7d..84a52d106143 100644 --- a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/entity/Post.java +++ b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/entity/Post.java @@ -1,4 +1,4 @@ -package com.baeldung.spring_security.entity; +package com.baeldung.springsecurity.entity; import jakarta.persistence.*; diff --git a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/entity/User.java b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/entity/User.java index 98c43d0ca652..3daa82aa8ba8 100644 --- a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/entity/User.java +++ b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/entity/User.java @@ -1,6 +1,6 @@ -package com.baeldung.spring_security.entity; +package com.baeldung.springsecurity.entity; -import com.baeldung.spring_security.utils.Role; +import com.baeldung.springsecurity.utils.Role; import jakarta.persistence.*; @Entity diff --git a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/AuthService.java b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/AuthService.java index 1416e4001b69..25d16da8c9db 100644 --- a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/AuthService.java +++ b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/AuthService.java @@ -1,4 +1,4 @@ -package com.baeldung.spring_security.service; +package com.baeldung.springsecurity.service; import com.baeldung.springsecurity.dto.request.RegisterRequestDto; import com.baeldung.springsecurity.dto.UserProfileDto; diff --git a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/CustomUserDetailService.java b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/CustomUserDetailService.java index a8f448cb1974..4aafa7d87d92 100644 --- a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/CustomUserDetailService.java +++ b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/CustomUserDetailService.java @@ -1,4 +1,4 @@ -package com.baeldung.spring_security.service; +package com.baeldung.springsecurity.service; import com.baeldung.springsecurity.entity.User; import com.baeldung.springsecurity.repository.UserRepository; diff --git a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/PostService.java b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/PostService.java index 38873c904fc5..cee277351b07 100644 --- a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/PostService.java +++ b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/PostService.java @@ -1,4 +1,4 @@ -package com.baeldung.spring_security.service; +package com.baeldung.springsecurity.service; import com.baeldung.springsecurity.dto.request.PostRequestDto; import com.baeldung.springsecurity.dto.response.PostResponseDto; diff --git a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/utils/Role.java b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/utils/Role.java index c480c948c107..ef7c2c775187 100644 --- a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/utils/Role.java +++ b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/utils/Role.java @@ -1,4 +1,4 @@ -package com.baeldung.spring_security.utils; +package com.baeldung.springsecurity.utils; public enum Role { USER, ADMIN From 98a98ccf11f3657a8b65775b6fb31d8d32f09ea3 Mon Sep 17 00:00:00 2001 From: oscarramadhan Date: Fri, 2 May 2025 01:30:52 +0700 Subject: [PATCH 07/17] fix to 4 spaces instead of tab --- .../baeldung/springsecurity/SpringSecurityApplication.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/SpringSecurityApplication.java b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/SpringSecurityApplication.java index 0590bc0ca6af..a70df1956899 100644 --- a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/SpringSecurityApplication.java +++ b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/SpringSecurityApplication.java @@ -5,7 +5,7 @@ @SpringBootApplication public class SpringSecurityApplication { - public static void main(String[] args) { - SpringApplication.run(SpringSecurityApplication.class, args); - } + public static void main(String[] args) { + SpringApplication.run(SpringSecurityApplication.class, args); + } } From e5161200c0b08a5f7e3513cf4a4a049480078955 Mon Sep 17 00:00:00 2001 From: oscarramadhan Date: Mon, 12 May 2025 23:16:06 +0700 Subject: [PATCH 08/17] remove the Authentication from AuthService and PostService, also fix indents for line continuations --- .../springsecurity/controller/AuthController.java | 3 +-- .../springsecurity/controller/PostController.java | 9 +++++---- .../springsecurity/service/AuthService.java | 9 ++++----- .../service/CustomUserDetailService.java | 10 +++++----- .../springsecurity/service/PostService.java | 15 ++++++--------- 5 files changed, 21 insertions(+), 25 deletions(-) diff --git a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/controller/AuthController.java b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/controller/AuthController.java index b47292e6dfc4..45396ee9a2ef 100644 --- a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/controller/AuthController.java +++ b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/controller/AuthController.java @@ -19,13 +19,12 @@ public AuthController(AuthService authService) { @PostMapping("register") public ResponseEntity register(@RequestBody RegisterRequestDto request) { String result = authService.register(request); - return new ResponseEntity<>(result, HttpStatus.OK); } @GetMapping("profile") public ResponseEntity profile(Authentication authentication) { - UserProfileDto userProfileDto = authService.profile(authentication); + UserProfileDto userProfileDto = authService.profile(authentication.getName()); return new ResponseEntity<>(userProfileDto, HttpStatus.OK); } } diff --git a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/controller/PostController.java b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/controller/PostController.java index 55e424594ec9..3788890ce02c 100644 --- a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/controller/PostController.java +++ b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/controller/PostController.java @@ -25,14 +25,14 @@ public PostController(PostService postService) { @PostMapping("create") @PreAuthorize("hasRole('USER')") public ResponseEntity create(@RequestBody PostRequestDto dto, Authentication auth) { - PostResponseDto result = postService.create(dto, auth); + PostResponseDto result = postService.create(dto, auth.getName()); return new ResponseEntity<>(result, HttpStatus.CREATED); } @GetMapping("mine") @PreAuthorize("hasRole('USER')") public ResponseEntity> myPosts(Authentication auth) { - List result = postService.myPosts(auth); + List result = postService.myPosts(auth.getName()); return new ResponseEntity<>(result, HttpStatus.OK); } @@ -40,7 +40,7 @@ public ResponseEntity> myPosts(Authentication auth) { @PreAuthorize("hasRole('USER')") public ResponseEntity update(@PathVariable Long id, @RequestBody PostRequestDto req, Authentication auth) { try { - postService.update(id, req, auth); + postService.update(id, req, auth.getName()); return new ResponseEntity<>("updated", HttpStatus.OK); } catch (AccessDeniedException ade) { return new ResponseEntity<>(ade.getMessage(), HttpStatus.FORBIDDEN); @@ -51,7 +51,8 @@ public ResponseEntity update(@PathVariable Long id, @RequestBody PostReq @PreAuthorize("hasAnyRole('USER', 'ADMIN')") public ResponseEntity delete(@PathVariable Long id, Authentication auth) { try { - postService.delete(id, auth); + boolean isAdmin = auth.getAuthorities().stream().anyMatch(a -> a.getAuthority().equals("ROLE_ADMIN")); + postService.delete(id, isAdmin, auth.getName()); return new ResponseEntity<>(HttpStatus.NO_CONTENT); } catch (AccessDeniedException ade) { return new ResponseEntity<>(ade.getMessage(), HttpStatus.FORBIDDEN); diff --git a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/AuthService.java b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/AuthService.java index 25d16da8c9db..caeaee96cd17 100644 --- a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/AuthService.java +++ b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/AuthService.java @@ -4,7 +4,6 @@ import com.baeldung.springsecurity.dto.UserProfileDto; import com.baeldung.springsecurity.entity.User; import com.baeldung.springsecurity.repository.UserRepository; -import org.springframework.security.core.Authentication; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.stereotype.Service; @@ -35,13 +34,13 @@ public String register(RegisterRequestDto request) { return "User registered successfully"; } - public UserProfileDto profile(Authentication authentication) { - Optional user = userRepository.findByUsername(authentication.getName()); + public UserProfileDto profile(String username) { + Optional user = userRepository.findByUsername(username); return user.map(value -> new UserProfileDto(value.getUsername(), value.getEmail(), value.getRole())).orElseThrow(); } - public User getUser(Authentication authentication) { - Optional user = userRepository.findByUsername(authentication.getName()); + public User getUser(String username) { + Optional user = userRepository.findByUsername(username); return user.orElse(null); } } diff --git a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/CustomUserDetailService.java b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/CustomUserDetailService.java index 4aafa7d87d92..cb8d9fac3d81 100644 --- a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/CustomUserDetailService.java +++ b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/CustomUserDetailService.java @@ -18,12 +18,12 @@ public CustomUserDetailService(UserRepository userRepository) { @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { User user = userRepository.findByUsername(username) - .orElseThrow(() -> new UsernameNotFoundException("User not found")); + .orElseThrow(() -> new UsernameNotFoundException("User not found")); return org.springframework.security.core.userdetails.User - .withUsername(user.getUsername()) - .password(user.getPassword()) - .roles(user.getRole().name()) - .build(); + .withUsername(user.getUsername()) + .password(user.getPassword()) + .roles(user.getRole().name()) + .build(); } } diff --git a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/PostService.java b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/PostService.java index cee277351b07..b1d908dad319 100644 --- a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/PostService.java +++ b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/PostService.java @@ -6,7 +6,6 @@ import com.baeldung.springsecurity.entity.User; import com.baeldung.springsecurity.repository.PostRepository; import org.springframework.security.access.AccessDeniedException; -import org.springframework.security.core.Authentication; import org.springframework.stereotype.Service; import java.util.List; @@ -21,8 +20,8 @@ public PostService(PostRepository postRepository, AuthService authService) { this.authService = authService; } - public PostResponseDto create(PostRequestDto req, Authentication auth) { - User user = authService.getUser(auth); + public PostResponseDto create(PostRequestDto req, String username) { + User user = authService.getUser(username); Post post = new Post(); post.setTitle(req.getTitle()); post.setContent(req.getContent()); @@ -30,9 +29,9 @@ public PostResponseDto create(PostRequestDto req, Authentication auth) { return toDto(postRepository.save(post)); } - public void update(Long id, PostRequestDto dto, Authentication auth) { + public void update(Long id, PostRequestDto dto, String username) { Post post = postRepository.findById(id).orElseThrow(); - if (!post.getUser().getUsername().equals(auth.getName())) { + if (!post.getUser().getUsername().equals(username)) { throw new AccessDeniedException("You can only edit your own posts"); } post.setTitle(dto.getTitle()); @@ -40,11 +39,9 @@ public void update(Long id, PostRequestDto dto, Authentication auth) { postRepository.save(post); } - public void delete(Long id, Authentication auth) { - boolean isAdmin = auth.getAuthorities().stream().anyMatch(a -> a.getAuthority().equals("ROLE_ADMIN")); - + public void delete(Long id, boolean isAdmin, String username) { Post post = postRepository.findById(id).orElseThrow(); - if (!isAdmin && !post.getUser().getUsername().equals(auth.getName())) { + if (!isAdmin && !post.getUser().getUsername().equals(username)) { throw new AccessDeniedException("You can only delete your own posts"); } postRepository.delete(post); From a79bc226e5965d95de6524bc599081694dd2c074 Mon Sep 17 00:00:00 2001 From: oscarramadhan Date: Mon, 12 May 2025 23:22:30 +0700 Subject: [PATCH 09/17] remove Authentication in PostService --- .../java/com/baeldung/springsecurity/service/PostService.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/PostService.java b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/PostService.java index b1d908dad319..629a20b20de3 100644 --- a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/PostService.java +++ b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/PostService.java @@ -47,8 +47,8 @@ public void delete(Long id, boolean isAdmin, String username) { postRepository.delete(post); } - public List myPosts(Authentication auth) { - User user = authService.getUser(auth); + public List myPosts(String username) { + User user = authService.getUser(username); return postRepository.findByUser(user).stream().map(this::toDto).toList(); } From 8c4169b4f952eb50f05566833aa6954f6d68a1ba Mon Sep 17 00:00:00 2001 From: oscarramadhan Date: Sun, 18 May 2025 20:22:33 +0700 Subject: [PATCH 10/17] rename controller name and service name --- .../{AuthController.java => UserController.java} | 16 ++++++++-------- .../springsecurity/service/PostService.java | 10 +++++----- .../{AuthService.java => UserService.java} | 4 ++-- 3 files changed, 15 insertions(+), 15 deletions(-) rename security-modules/spring-security/src/main/java/com/baeldung/springsecurity/controller/{AuthController.java => UserController.java} (66%) rename security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/{AuthService.java => UserService.java} (94%) diff --git a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/controller/AuthController.java b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/controller/UserController.java similarity index 66% rename from security-modules/spring-security/src/main/java/com/baeldung/springsecurity/controller/AuthController.java rename to security-modules/spring-security/src/main/java/com/baeldung/springsecurity/controller/UserController.java index 45396ee9a2ef..dd37edbf6e00 100644 --- a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/controller/AuthController.java +++ b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/controller/UserController.java @@ -2,29 +2,29 @@ import com.baeldung.springsecurity.dto.request.RegisterRequestDto; import com.baeldung.springsecurity.dto.UserProfileDto; -import com.baeldung.springsecurity.service.AuthService; +import com.baeldung.springsecurity.service.UserService; import org.springframework.http.*; import org.springframework.security.core.Authentication; import org.springframework.web.bind.annotation.*; @RestController -@RequestMapping("auth") -public class AuthController { - private final AuthService authService; +@RequestMapping("users") +public class UserController { + private final UserService userService; - public AuthController(AuthService authService) { - this.authService = authService; + public UserController(UserService userService) { + this.userService = userService; } @PostMapping("register") public ResponseEntity register(@RequestBody RegisterRequestDto request) { - String result = authService.register(request); + String result = userService.register(request); return new ResponseEntity<>(result, HttpStatus.OK); } @GetMapping("profile") public ResponseEntity profile(Authentication authentication) { - UserProfileDto userProfileDto = authService.profile(authentication.getName()); + UserProfileDto userProfileDto = userService.profile(authentication.getName()); return new ResponseEntity<>(userProfileDto, HttpStatus.OK); } } diff --git a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/PostService.java b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/PostService.java index 629a20b20de3..b8ce736715fa 100644 --- a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/PostService.java +++ b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/PostService.java @@ -13,15 +13,15 @@ @Service public class PostService { private final PostRepository postRepository; - private final AuthService authService; + private final UserService userService; - public PostService(PostRepository postRepository, AuthService authService) { + public PostService(PostRepository postRepository, UserService userService) { this.postRepository = postRepository; - this.authService = authService; + this.userService = userService; } public PostResponseDto create(PostRequestDto req, String username) { - User user = authService.getUser(username); + User user = userService.getUser(username); Post post = new Post(); post.setTitle(req.getTitle()); post.setContent(req.getContent()); @@ -48,7 +48,7 @@ public void delete(Long id, boolean isAdmin, String username) { } public List myPosts(String username) { - User user = authService.getUser(username); + User user = userService.getUser(username); return postRepository.findByUser(user).stream().map(this::toDto).toList(); } diff --git a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/AuthService.java b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/UserService.java similarity index 94% rename from security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/AuthService.java rename to security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/UserService.java index caeaee96cd17..d08f0cb85130 100644 --- a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/AuthService.java +++ b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/UserService.java @@ -10,11 +10,11 @@ import java.util.Optional; @Service -public class AuthService { +public class UserService { private final UserRepository userRepository; private final PasswordEncoder passwordEncoder; - public AuthService(UserRepository userRepository, PasswordEncoder passwordEncoder) { + public UserService(UserRepository userRepository, PasswordEncoder passwordEncoder) { this.userRepository = userRepository; this.passwordEncoder = passwordEncoder; } From 63b9319d4b9de1a21c17ec2b686dfe6d089757b0 Mon Sep 17 00:00:00 2001 From: oscarramadhan Date: Sun, 18 May 2025 20:31:19 +0700 Subject: [PATCH 11/17] update /auth url to /users url --- .../java/com/baeldung/springsecurity/config/SecurityConfig.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/config/SecurityConfig.java b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/config/SecurityConfig.java index 887d1b2fa053..90873a4467e4 100644 --- a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/config/SecurityConfig.java +++ b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/config/SecurityConfig.java @@ -23,7 +23,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti .csrf(csrf -> csrf.disable()) // Disable CSRF protection completely .headers(headers -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable)) .authorizeHttpRequests(auth -> auth - .requestMatchers(new AntPathRequestMatcher("/auth/**")).permitAll() + .requestMatchers(new AntPathRequestMatcher("/users/**")).permitAll() .requestMatchers(new AntPathRequestMatcher("/h2-console/**")).permitAll() .requestMatchers(HttpMethod.GET, "/posts/mine").hasRole("USER") .requestMatchers(HttpMethod.POST, "/posts/create").hasRole("USER") From 18187b66f005771b9dc280f3e99e1db384cfc172 Mon Sep 17 00:00:00 2001 From: oscarramadhan Date: Tue, 27 May 2025 19:02:27 +0700 Subject: [PATCH 12/17] update SecurityConfig /users/register to be permitAll access, and /users/profile have to be authenticated --- .../com/baeldung/springsecurity/config/SecurityConfig.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/config/SecurityConfig.java b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/config/SecurityConfig.java index 90873a4467e4..a0eeb188ac46 100644 --- a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/config/SecurityConfig.java +++ b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/config/SecurityConfig.java @@ -23,8 +23,9 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti .csrf(csrf -> csrf.disable()) // Disable CSRF protection completely .headers(headers -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable)) .authorizeHttpRequests(auth -> auth - .requestMatchers(new AntPathRequestMatcher("/users/**")).permitAll() + .requestMatchers(new AntPathRequestMatcher("/users/register")).permitAll() .requestMatchers(new AntPathRequestMatcher("/h2-console/**")).permitAll() + .requestMatchers(HttpMethod.GET, "/users/profile").hasAnyRole("USER", "ADMIN") .requestMatchers(HttpMethod.GET, "/posts/mine").hasRole("USER") .requestMatchers(HttpMethod.POST, "/posts/create").hasRole("USER") .requestMatchers(HttpMethod.PUT, "/posts/**").hasRole("USER") From b0b3041ef30244d6957db76805e21bf9308f3169 Mon Sep 17 00:00:00 2001 From: oscarramadhan Date: Tue, 27 May 2025 20:20:57 +0700 Subject: [PATCH 13/17] add @PreAuthorize in /users/profile --- .../com/baeldung/springsecurity/controller/UserController.java | 1 + 1 file changed, 1 insertion(+) diff --git a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/controller/UserController.java b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/controller/UserController.java index dd37edbf6e00..af53776f3d24 100644 --- a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/controller/UserController.java +++ b/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/controller/UserController.java @@ -23,6 +23,7 @@ public ResponseEntity register(@RequestBody RegisterRequestDto request) } @GetMapping("profile") + @PreAuthorize("hasAnyRole('USER', 'ADMIN')") public ResponseEntity profile(Authentication authentication) { UserProfileDto userProfileDto = userService.profile(authentication.getName()); return new ResponseEntity<>(userProfileDto, HttpStatus.OK); From 7108086fcb41da972958daebd49af5de5c7d91b3 Mon Sep 17 00:00:00 2001 From: oscarramadhan Date: Sat, 31 May 2025 04:45:29 +0700 Subject: [PATCH 14/17] move directory --- .../spring-security-authorization/README.md | 2 -- .../spring-security-url-http-method-auth}/pom.xml | 5 ++--- .../baeldung/springsecurity/SpringSecurityApplication.java | 0 .../com/baeldung/springsecurity/config/SecurityConfig.java | 0 .../baeldung/springsecurity/controller/PostController.java | 0 .../baeldung/springsecurity/controller/UserController.java | 1 + .../java/com/baeldung/springsecurity/dto/UserProfileDto.java | 0 .../baeldung/springsecurity/dto/request/PostRequestDto.java | 0 .../springsecurity/dto/request/RegisterRequestDto.java | 0 .../springsecurity/dto/response/PostResponseDto.java | 0 .../main/java/com/baeldung/springsecurity/entity/Post.java | 0 .../main/java/com/baeldung/springsecurity/entity/User.java | 0 .../baeldung/springsecurity/repository/PostRepository.java | 0 .../baeldung/springsecurity/repository/UserRepository.java | 0 .../springsecurity/service/CustomUserDetailService.java | 0 .../com/baeldung/springsecurity/service/PostService.java | 0 .../com/baeldung/springsecurity/service/UserService.java | 0 .../main/java/com/baeldung/springsecurity/utils/Role.java | 0 .../src/main/resources/application.properties | 0 19 files changed, 3 insertions(+), 5 deletions(-) delete mode 100644 spring-security-modules/spring-security-authorization/README.md rename {security-modules/spring-security => spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth}/pom.xml (93%) rename {security-modules/spring-security => spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth}/src/main/java/com/baeldung/springsecurity/SpringSecurityApplication.java (100%) rename {security-modules/spring-security => spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth}/src/main/java/com/baeldung/springsecurity/config/SecurityConfig.java (100%) rename {security-modules/spring-security => spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth}/src/main/java/com/baeldung/springsecurity/controller/PostController.java (100%) rename {security-modules/spring-security => spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth}/src/main/java/com/baeldung/springsecurity/controller/UserController.java (94%) rename {security-modules/spring-security => spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth}/src/main/java/com/baeldung/springsecurity/dto/UserProfileDto.java (100%) rename {security-modules/spring-security => spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth}/src/main/java/com/baeldung/springsecurity/dto/request/PostRequestDto.java (100%) rename {security-modules/spring-security => spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth}/src/main/java/com/baeldung/springsecurity/dto/request/RegisterRequestDto.java (100%) rename {security-modules/spring-security => spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth}/src/main/java/com/baeldung/springsecurity/dto/response/PostResponseDto.java (100%) rename {security-modules/spring-security => spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth}/src/main/java/com/baeldung/springsecurity/entity/Post.java (100%) rename {security-modules/spring-security => spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth}/src/main/java/com/baeldung/springsecurity/entity/User.java (100%) rename {security-modules/spring-security => spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth}/src/main/java/com/baeldung/springsecurity/repository/PostRepository.java (100%) rename {security-modules/spring-security => spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth}/src/main/java/com/baeldung/springsecurity/repository/UserRepository.java (100%) rename {security-modules/spring-security => spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth}/src/main/java/com/baeldung/springsecurity/service/CustomUserDetailService.java (100%) rename {security-modules/spring-security => spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth}/src/main/java/com/baeldung/springsecurity/service/PostService.java (100%) rename {security-modules/spring-security => spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth}/src/main/java/com/baeldung/springsecurity/service/UserService.java (100%) rename {security-modules/spring-security => spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth}/src/main/java/com/baeldung/springsecurity/utils/Role.java (100%) rename {security-modules/spring-security => spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth}/src/main/resources/application.properties (100%) diff --git a/spring-security-modules/spring-security-authorization/README.md b/spring-security-modules/spring-security-authorization/README.md deleted file mode 100644 index faf5c24ff488..000000000000 --- a/spring-security-modules/spring-security-authorization/README.md +++ /dev/null @@ -1,2 +0,0 @@ -### Relevant Articles -- [Spring Security 6.3 – What’s New](https://www.baeldung.com/spring-security-6-3) diff --git a/security-modules/spring-security/pom.xml b/spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth/pom.xml similarity index 93% rename from security-modules/spring-security/pom.xml rename to spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth/pom.xml index 73c93c2ba9de..f19c47d1a3a5 100644 --- a/security-modules/spring-security/pom.xml +++ b/spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth/pom.xml @@ -4,12 +4,11 @@ 4.0.0 com.baeldung - parent-boot-3 + spring-security-authorization 0.0.1-SNAPSHOT - ../../parent-boot-3 - spring-security + spring-security-url-http-method-auth 0.0.1-SNAPSHOT spring-security Demo project for Spring Security to secure URLs and HTTP-Method diff --git a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/SpringSecurityApplication.java b/spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth/src/main/java/com/baeldung/springsecurity/SpringSecurityApplication.java similarity index 100% rename from security-modules/spring-security/src/main/java/com/baeldung/springsecurity/SpringSecurityApplication.java rename to spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth/src/main/java/com/baeldung/springsecurity/SpringSecurityApplication.java diff --git a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/config/SecurityConfig.java b/spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth/src/main/java/com/baeldung/springsecurity/config/SecurityConfig.java similarity index 100% rename from security-modules/spring-security/src/main/java/com/baeldung/springsecurity/config/SecurityConfig.java rename to spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth/src/main/java/com/baeldung/springsecurity/config/SecurityConfig.java diff --git a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/controller/PostController.java b/spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth/src/main/java/com/baeldung/springsecurity/controller/PostController.java similarity index 100% rename from security-modules/spring-security/src/main/java/com/baeldung/springsecurity/controller/PostController.java rename to spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth/src/main/java/com/baeldung/springsecurity/controller/PostController.java diff --git a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/controller/UserController.java b/spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth/src/main/java/com/baeldung/springsecurity/controller/UserController.java similarity index 94% rename from security-modules/spring-security/src/main/java/com/baeldung/springsecurity/controller/UserController.java rename to spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth/src/main/java/com/baeldung/springsecurity/controller/UserController.java index af53776f3d24..35fa98dbd071 100644 --- a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/controller/UserController.java +++ b/spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth/src/main/java/com/baeldung/springsecurity/controller/UserController.java @@ -5,6 +5,7 @@ import com.baeldung.springsecurity.service.UserService; import org.springframework.http.*; import org.springframework.security.core.Authentication; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.*; @RestController diff --git a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/dto/UserProfileDto.java b/spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth/src/main/java/com/baeldung/springsecurity/dto/UserProfileDto.java similarity index 100% rename from security-modules/spring-security/src/main/java/com/baeldung/springsecurity/dto/UserProfileDto.java rename to spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth/src/main/java/com/baeldung/springsecurity/dto/UserProfileDto.java diff --git a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/dto/request/PostRequestDto.java b/spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth/src/main/java/com/baeldung/springsecurity/dto/request/PostRequestDto.java similarity index 100% rename from security-modules/spring-security/src/main/java/com/baeldung/springsecurity/dto/request/PostRequestDto.java rename to spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth/src/main/java/com/baeldung/springsecurity/dto/request/PostRequestDto.java diff --git a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/dto/request/RegisterRequestDto.java b/spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth/src/main/java/com/baeldung/springsecurity/dto/request/RegisterRequestDto.java similarity index 100% rename from security-modules/spring-security/src/main/java/com/baeldung/springsecurity/dto/request/RegisterRequestDto.java rename to spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth/src/main/java/com/baeldung/springsecurity/dto/request/RegisterRequestDto.java diff --git a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/dto/response/PostResponseDto.java b/spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth/src/main/java/com/baeldung/springsecurity/dto/response/PostResponseDto.java similarity index 100% rename from security-modules/spring-security/src/main/java/com/baeldung/springsecurity/dto/response/PostResponseDto.java rename to spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth/src/main/java/com/baeldung/springsecurity/dto/response/PostResponseDto.java diff --git a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/entity/Post.java b/spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth/src/main/java/com/baeldung/springsecurity/entity/Post.java similarity index 100% rename from security-modules/spring-security/src/main/java/com/baeldung/springsecurity/entity/Post.java rename to spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth/src/main/java/com/baeldung/springsecurity/entity/Post.java diff --git a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/entity/User.java b/spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth/src/main/java/com/baeldung/springsecurity/entity/User.java similarity index 100% rename from security-modules/spring-security/src/main/java/com/baeldung/springsecurity/entity/User.java rename to spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth/src/main/java/com/baeldung/springsecurity/entity/User.java diff --git a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/repository/PostRepository.java b/spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth/src/main/java/com/baeldung/springsecurity/repository/PostRepository.java similarity index 100% rename from security-modules/spring-security/src/main/java/com/baeldung/springsecurity/repository/PostRepository.java rename to spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth/src/main/java/com/baeldung/springsecurity/repository/PostRepository.java diff --git a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/repository/UserRepository.java b/spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth/src/main/java/com/baeldung/springsecurity/repository/UserRepository.java similarity index 100% rename from security-modules/spring-security/src/main/java/com/baeldung/springsecurity/repository/UserRepository.java rename to spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth/src/main/java/com/baeldung/springsecurity/repository/UserRepository.java diff --git a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/CustomUserDetailService.java b/spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth/src/main/java/com/baeldung/springsecurity/service/CustomUserDetailService.java similarity index 100% rename from security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/CustomUserDetailService.java rename to spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth/src/main/java/com/baeldung/springsecurity/service/CustomUserDetailService.java diff --git a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/PostService.java b/spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth/src/main/java/com/baeldung/springsecurity/service/PostService.java similarity index 100% rename from security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/PostService.java rename to spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth/src/main/java/com/baeldung/springsecurity/service/PostService.java diff --git a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/UserService.java b/spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth/src/main/java/com/baeldung/springsecurity/service/UserService.java similarity index 100% rename from security-modules/spring-security/src/main/java/com/baeldung/springsecurity/service/UserService.java rename to spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth/src/main/java/com/baeldung/springsecurity/service/UserService.java diff --git a/security-modules/spring-security/src/main/java/com/baeldung/springsecurity/utils/Role.java b/spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth/src/main/java/com/baeldung/springsecurity/utils/Role.java similarity index 100% rename from security-modules/spring-security/src/main/java/com/baeldung/springsecurity/utils/Role.java rename to spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth/src/main/java/com/baeldung/springsecurity/utils/Role.java diff --git a/security-modules/spring-security/src/main/resources/application.properties b/spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth/src/main/resources/application.properties similarity index 100% rename from security-modules/spring-security/src/main/resources/application.properties rename to spring-security-modules/spring-security-authorization/spring-security-url-http-method-auth/src/main/resources/application.properties From 8b72e4629ac69fa44948007f446050c1babd042d Mon Sep 17 00:00:00 2001 From: oscarramadhan Date: Sat, 31 May 2025 04:47:12 +0700 Subject: [PATCH 15/17] put back readme accidentally got deleted --- spring-security-modules/spring-security-authorization/README.md | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 spring-security-modules/spring-security-authorization/README.md diff --git a/spring-security-modules/spring-security-authorization/README.md b/spring-security-modules/spring-security-authorization/README.md new file mode 100644 index 000000000000..801190925f40 --- /dev/null +++ b/spring-security-modules/spring-security-authorization/README.md @@ -0,0 +1,2 @@ +### Relevant Articles +- [Spring Security 6.3 – What’s New](https://www.baeldung.com/spring-security-6-3) \ No newline at end of file From 5e2d37ed4c521b94647328d32e859f7b7e250ddc Mon Sep 17 00:00:00 2001 From: oscarramadhan Date: Sat, 31 May 2025 12:01:48 +0700 Subject: [PATCH 16/17] revert back changes in readme file --- spring-security-modules/spring-security-authorization/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spring-security-modules/spring-security-authorization/README.md b/spring-security-modules/spring-security-authorization/README.md index 801190925f40..faf5c24ff488 100644 --- a/spring-security-modules/spring-security-authorization/README.md +++ b/spring-security-modules/spring-security-authorization/README.md @@ -1,2 +1,2 @@ ### Relevant Articles -- [Spring Security 6.3 – What’s New](https://www.baeldung.com/spring-security-6-3) \ No newline at end of file +- [Spring Security 6.3 – What’s New](https://www.baeldung.com/spring-security-6-3) From 91e11f41e254a2a45349fd2c1cd086dbf397b722 Mon Sep 17 00:00:00 2001 From: oscarramadhan Date: Wed, 4 Jun 2025 16:25:16 +0700 Subject: [PATCH 17/17] add module to the parent pom --- spring-security-modules/spring-security-authorization/pom.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/spring-security-modules/spring-security-authorization/pom.xml b/spring-security-modules/spring-security-authorization/pom.xml index dbbd689f1c3a..7112cbdec2e8 100644 --- a/spring-security-modules/spring-security-authorization/pom.xml +++ b/spring-security-modules/spring-security-authorization/pom.xml @@ -15,6 +15,7 @@ spring-security-annotation-template-parameter spring-security-secure-domain-object + spring-security-url-http-method-auth