java ee 8 security api

java-ee-8-security-api/app-auth-basic-store-db/pom.xml

@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>app-auth-basic-store-db</artifactId>
+    <packaging>war</packaging>
+
+    <parent>
+        <groupId>com.baeldung</groupId>
+        <artifactId>java-ee-8-security-api</artifactId>
+        <version>1.0-SNAPSHOT</version>
+    </parent>
+
+    <properties>
+        <h2-version>1.4.197</h2-version>
+    </properties>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>net.wasdev.wlp.maven.plugins</groupId>
+                <artifactId>liberty-maven-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>install-server</id>
+                        <phase>prepare-package</phase>
+                        <goals>
+                            <goal>install-server</goal>
+                            <goal>create-server</goal>
+                            <goal>install-feature</goal>
+                        </goals>
+                    </execution>
+                    <execution>
+                        <id>install-apps</id>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>install-apps</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-dependency-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>copy</id>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>copy</goal>
+                        </goals>
+                    </execution>
+                </executions>
+                <configuration>
+                    <artifactItems>
+                        <artifactItem>
+                            <groupId>com.h2database</groupId>
+                            <artifactId>h2</artifactId>
+                            <version>${h2-version}</version>
+                            <type>jar</type>
+                            <outputDirectory>
+                                ${project.build.directory}/liberty/wlp/usr/servers/defaultServer/lib/global
+                            </outputDirectory>
+                        </artifactItem>
+                    </artifactItems>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+</project>

java-ee-8-security-api/app-auth-basic-store-db/src/main/java/com/baeldung/javaee/security/AdminServlet.java

@@ -0,0 +1,22 @@
+package com.baeldung.javaee.security;
+
+import javax.servlet.ServletException;
+import javax.servlet.annotation.HttpConstraint;
+import javax.servlet.annotation.ServletSecurity;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+@WebServlet("/admin")
+@ServletSecurity(value = @HttpConstraint(rolesAllowed = {"admin_role"}))
+public class AdminServlet extends HttpServlet {
+
+    @Override
+    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+        response.getWriter().append("User :" + request.getUserPrincipal().getName() + "\n");
+        response.getWriter().append("User in Role user_role :" + request.isUserInRole("user_role") + "\n");
+        response.getWriter().append("User in Role admin_role :" + request.isUserInRole("admin_role"));
+    }
+}

java-ee-8-security-api/app-auth-basic-store-db/src/main/java/com/baeldung/javaee/security/AppConfig.java

@@ -0,0 +1,16 @@
+package com.baeldung.javaee.security;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.security.enterprise.authentication.mechanism.http.BasicAuthenticationMechanismDefinition;
+import javax.security.enterprise.authentication.mechanism.http.CustomFormAuthenticationMechanismDefinition;
+import javax.security.enterprise.identitystore.DatabaseIdentityStoreDefinition;
+
+@BasicAuthenticationMechanismDefinition(realmName = "defaultRealm")
+@DatabaseIdentityStoreDefinition(
+        dataSourceLookup = "java:comp/env/jdbc/securityDS",
+        callerQuery = "select password from users where username = ?",
+        groupsQuery = "select GROUPNAME from groups where username = ?"
+)
+@ApplicationScoped
+public class AppConfig {
+}

java-ee-8-security-api/app-auth-basic-store-db/src/main/java/com/baeldung/javaee/security/DatabaseSetupServlet.java

@@ -0,0 +1,59 @@
+package com.baeldung.javaee.security;
+
+import javax.annotation.Resource;
+import javax.annotation.sql.DataSourceDefinition;
+import javax.inject.Inject;
+import javax.security.enterprise.identitystore.Pbkdf2PasswordHash;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.sql.DataSource;
+import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.SQLException;
+
+@DataSourceDefinition(
+        name = "java:comp/env/jdbc/securityDS",
+        className = "org.h2.jdbcx.JdbcDataSource",
+        url = "jdbc:h2:~/securityTest;MODE=Oracle"
+)
+@WebServlet(value = "/init", loadOnStartup = 0)
+public class DatabaseSetupServlet extends HttpServlet {
+
+    @Resource(lookup = "java:comp/env/jdbc/securityDS")
+    private DataSource dataSource;
+
+    @Inject
+    private Pbkdf2PasswordHash passwordHash;
+
+    @Override
+    public void init() throws ServletException {
+        super.init();
+        initdb();
+    }
+
+    private void initdb() {
+        executeUpdate(dataSource, "DROP TABLE IF EXISTS USERS");
+        executeUpdate(dataSource, "DROP TABLE IF EXISTS GROUPS");
+
+        executeUpdate(dataSource, "CREATE TABLE IF NOT EXISTS USERS(username VARCHAR(64) PRIMARY KEY, password VARCHAR(255))");
+        executeUpdate(dataSource, "CREATE TABLE IF NOT EXISTS GROUPS(username VARCHAR(64), GROUPNAME VARCHAR(64))");
+
+        executeUpdate(dataSource, "INSERT INTO USERS VALUES('admin', '" + passwordHash.generate("passadmin".toCharArray()) + "')");
+        executeUpdate(dataSource, "INSERT INTO USERS VALUES('user', '" + passwordHash.generate("passuser".toCharArray()) + "')");
+
+        executeUpdate(dataSource, "INSERT INTO GROUPS VALUES('admin', 'admin_role')");
+        executeUpdate(dataSource, "INSERT INTO GROUPS VALUES('admin', 'user_role')");
+        executeUpdate(dataSource, "INSERT INTO GROUPS VALUES('user', 'user_role')");
+    }
+
+    private void executeUpdate(DataSource dataSource, String query) {
+        try (Connection connection = dataSource.getConnection()) {
+            try (PreparedStatement statement = connection.prepareStatement(query)) {
+                statement.executeUpdate();
+            }
+        } catch (SQLException e) {
+            throw new IllegalStateException(e);
+        }
+    }
+}

java-ee-8-security-api/app-auth-basic-store-db/src/main/java/com/baeldung/javaee/security/UserServlet.java

@@ -0,0 +1,25 @@
+package com.baeldung.javaee.security;
+
+import javax.annotation.security.DeclareRoles;
+import javax.inject.Inject;
+import javax.security.enterprise.SecurityContext;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.HttpConstraint;
+import javax.servlet.annotation.ServletSecurity;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+
+@WebServlet("/user")
+@ServletSecurity(value = @HttpConstraint(rolesAllowed = {"user_role"}))
+public class UserServlet extends HttpServlet {
+    @Override
+    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+        response.getWriter().append("User :" + request.getUserPrincipal().getName() + "\n");
+        response.getWriter().append("User in Role user_role :" + request.isUserInRole("user_role") + "\n");
+        response.getWriter().append("User in Role admin_role :" + request.isUserInRole("admin_role"));
+    }
+}

java-ee-8-security-api/app-auth-basic-store-db/src/main/liberty/config/server.xml

@@ -0,0 +1,9 @@
+<server description="OpenLiberty MicroProfile server">
+
+    <featureManager>
+        <feature>webProfile-8.0</feature>
+    </featureManager>
+
+    <httpEndpoint httpPort="${default.http.port}" httpsPort="${default.https.port}"
+                  id="defaultHttpEndpoint" host="*"/>
+</server>

java-ee-8-security-api/app-auth-custom-form-store-custom/pom.xml

@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>app-auth-custom-form-store-custom</artifactId>
+    <packaging>war</packaging>
+
+    <parent>
+        <groupId>com.baeldung</groupId>
+        <artifactId>java-ee-8-security-api</artifactId>
+        <version>1.0-SNAPSHOT</version>
+    </parent>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>net.wasdev.wlp.maven.plugins</groupId>
+                <artifactId>liberty-maven-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>install-server</id>
+                        <phase>prepare-package</phase>
+                        <goals>
+                            <goal>install-server</goal>
+                            <goal>create-server</goal>
+                            <goal>install-feature</goal>
+                        </goals>
+                    </execution>
+                    <execution>
+                        <id>install-apps</id>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>install-apps</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
+</project>

java-ee-8-security-api/app-auth-custom-form-store-custom/src/main/java/com/baeldung/javaee/security/AppConfig.java

@@ -0,0 +1,17 @@
+package com.baeldung.javaee.security;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.faces.annotation.FacesConfig;
+import javax.security.enterprise.authentication.mechanism.http.CustomFormAuthenticationMechanismDefinition;
+import javax.security.enterprise.authentication.mechanism.http.LoginToContinue;
+
+
+@CustomFormAuthenticationMechanismDefinition(
+        loginToContinue = @LoginToContinue(
+                loginPage = "/login.xhtml",
+                errorPage = "/login-error.html"
+        )
+)
+@ApplicationScoped
+public class AppConfig {
+}

java-ee-8-security-api/app-auth-custom-form-store-custom/src/main/java/com/baeldung/javaee/security/InMemoryIdentityStore4Authentication.java

@@ -0,0 +1,46 @@
+package com.baeldung.javaee.security;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.security.enterprise.credential.UsernamePasswordCredential;
+import javax.security.enterprise.identitystore.CredentialValidationResult;
+import javax.security.enterprise.identitystore.IdentityStore;
+import java.util.*;
+
+import static javax.security.enterprise.identitystore.CredentialValidationResult.INVALID_RESULT;
+
+@ApplicationScoped
+public class InMemoryIdentityStore4Authentication implements IdentityStore {
+
+    private Map<String, String> users = new HashMap<>();
+
+    public InMemoryIdentityStore4Authentication() {
+        //Init users
+        // from a file or hardcoded
+        init();
+    }
+
+    private void init() {
+        //user1
+        users.put("user", "pass0");
+        //user2
+        users.put("admin", "pass1");
+    }
+
+    @Override
+    public int priority() {
+        return 70;
+    }
+
+    @Override
+    public Set<ValidationType> validationTypes() {
+        return EnumSet.of(ValidationType.VALIDATE);
+    }
+
+    public CredentialValidationResult validate(UsernamePasswordCredential credential) {
+        String password = users.get(credential.getCaller());
+        if (password != null && password.equals(credential.getPasswordAsString())) {
+            return new CredentialValidationResult(credential.getCaller());
+        }
+        return INVALID_RESULT;
+    }
+}

java-ee-8-security-api/app-auth-custom-form-store-custom/src/main/java/com/baeldung/javaee/security/InMemoryIdentityStore4Authorization.java

@@ -0,0 +1,46 @@
+package com.baeldung.javaee.security;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.security.enterprise.identitystore.CredentialValidationResult;
+import javax.security.enterprise.identitystore.IdentityStore;
+import java.util.*;
+
+@ApplicationScoped
+class InMemoryIdentityStore4Authorization implements IdentityStore {
+
+    private Map<String, List<String>> userRoles = new HashMap<>();
+
+    public InMemoryIdentityStore4Authorization() {
+        //Init users
+        // from a file or hardcoded
+        init();
+    }
+
+    private void init() {
+        //user1
+        List<String> roles = new ArrayList<>();
+        roles.add("USER_ROLE");
+        userRoles.put("user", roles);
+        //user2
+        roles = new ArrayList<>();
+        roles.add("USER_ROLE");
+        roles.add("ADMIN_ROLE");
+        userRoles.put("admin", roles);
+    }
+
+    @Override
+    public int priority() {
+        return 80;
+    }
+
+    @Override
+    public Set<ValidationType> validationTypes() {
+        return EnumSet.of(ValidationType.PROVIDE_GROUPS);
+    }
+
+    @Override
+    public Set<String> getCallerGroups(CredentialValidationResult validationResult) {
+        List<String> roles = userRoles.get(validationResult.getCallerPrincipal().getName());
+        return new HashSet<>(roles);
+    }
+}