Remove thymeleaf from security sample

Thymeleaf is tested in security-thymeleaf sample

Author: mhalbritter

samples/security/pom.xml

@@ -14,28 +14,9 @@
 	<version>0.0.1-SNAPSHOT</version>
 
 	<dependencies>
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter-thymeleaf</artifactId>
-		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-web</artifactId>
-			<exclusions>
-				<exclusion>
-					<groupId>org.apache.tomcat.embed</groupId>
-					<artifactId>tomcat-embed-core</artifactId>
-				</exclusion>
-				<exclusion>
-					<groupId>org.apache.tomcat.embed</groupId>
-					<artifactId>tomcat-embed-websocket</artifactId>
-				</exclusion>
-			</exclusions>
-		</dependency>
-		<dependency>
-			<groupId>org.apache.tomcat.experimental</groupId>
-			<artifactId>tomcat-embed-programmatic</artifactId>
-			<version>${tomcat.version}</version>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
@@ -62,4 +43,4 @@
 		</plugins>
 	</build>
 
-</project>
+</project>

samples/security/src/main/java/com/example/securingweb/MainController.java

@@ -6,8 +6,8 @@
 @SpringBootApplication
 public class SecuringWebApplication {
 
-	public static void main(String[] args) throws Throwable {
-		SpringApplication.run(SecuringWebApplication.class, args);
-	}
+	public static void main(String[] args) {
+        SpringApplication.run(SecuringWebApplication.class, args);
+    }
 
 }

samples/security/src/main/java/com/example/securingweb/SecuringWebApplication.java

@@ -0,0 +1,30 @@
+package com.example.securingweb;
+
+import java.security.Principal;
+
+import org.springframework.http.MediaType;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+/**
+ * @author Moritz Halbritter
+ */
+@RestController
+@RequestMapping(path = "/rest", produces = MediaType.TEXT_PLAIN_VALUE)
+public class TestRestController {
+    @GetMapping("/anonymous")
+    public String anonymous() {
+        return "anonymous";
+    }
+
+    @GetMapping("/authorized")
+    public String authorized(Principal principal) {
+        return "authorized: " + principal.getName();
+    }
+
+    @GetMapping("/admin")
+    public String admin(Principal principal) {
+        return "admin: " + principal.getName();
+    }
+}

samples/security/src/main/java/com/example/securingweb/TestRestController.java

@@ -4,7 +4,6 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configurers.LogoutConfigurer;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
@@ -17,16 +16,13 @@ public class WebSecurityConfig {
 	@Bean
 	public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
 		return http
-				.authorizeRequests(authorize -> authorize
-						.antMatchers("/", "/home").permitAll()
-						.antMatchers("/admin").hasRole("ADMIN")
-						.anyRequest().authenticated()
-				)
-				.formLogin(formLogin -> formLogin
-						.loginPage("/login")
-						.permitAll()
-				)
-				.logout(LogoutConfigurer::permitAll)
+                .authorizeRequests(authorize -> authorize
+                        .mvcMatchers("/rest/anonymous").permitAll()
+                        .mvcMatchers("/rest/admin").hasRole("ADMIN")
+                        .anyRequest().authenticated()
+                )
+                .httpBasic()
+                .and()
 				.build();
 	}
 

samples/security/src/main/java/com/example/securingweb/WebSecurityConfig.java

@@ -3,7 +3,11 @@ source ${PWD%/*samples/*}/scripts/wait.sh
 RC=0
 
 wait_log target/native/test-output.txt "Started SecuringWebApplication" || RC=$?
-wait_http localhost:8080/home "Welcome" || RC=$?
-wait_command_output 'curl -I localhost:8080/hello' "HTTP/1.1 302" || RC=$?
+wait_http localhost:8080/rest/anonymous "anonymous" || RC=$?
+wait_command_output 'curl -s -u user:password localhost:8080/rest/authorized' "authorized: user" || RC=$?
+wait_command_output 'curl -s -u admin:password localhost:8080/rest/admin' "admin: admin" || RC=$?
+wait_command_output 'curl -s -I localhost:8080/rest/authorized' "HTTP/1.1 401" || RC=$?
+wait_command_output 'curl -s -I localhost:8080/rest/admin' "HTTP/1.1 401" || RC=$?
+wait_command_output 'curl -s -I -u user:password localhost:8080/rest/admin' "HTTP/1.1 403" || RC=$?
 
 exit $RC