Enable basic auth using spring security

vacuumlabs · Apr 30, 2024 · e5b9e1e · e5b9e1e
1 parent 4ceb547
commit e5b9e1e
Show file tree

Hide file tree

Showing 3 changed files with 69 additions and 6 deletions.
diff --git a/build.gradle.kts b/build.gradle.kts
@@ -28,6 +28,7 @@ dependencies {
     implementation("org.springframework.boot:spring-boot-starter-data-jpa")
     implementation("org.springframework.boot:spring-boot-starter-web")
     implementation("org.springframework.cloud:spring-cloud-starter-stream-kafka")
+    implementation("org.springframework.boot:spring-boot-starter-security")
     implementation("com.fasterxml.jackson.module:jackson-module-kotlin")
     implementation("org.jetbrains.kotlin:kotlin-reflect")
     implementation("org.jetbrains.kotlin:kotlin-stdlib-jdk8")
@@ -42,6 +43,7 @@ dependencies {
     testImplementation("org.testcontainers:junit-jupiter")
     testImplementation("org.testcontainers:postgresql")
     testImplementation("org.testcontainers:kafka")
+    testImplementation("org.springframework.security:spring-security-test")
 }
 
 dependencyManagement {

diff --git a/src/main/kotlin/com/vacuumlabs/example/config/SecurityConfig.kt b/src/main/kotlin/com/vacuumlabs/example/config/SecurityConfig.kt
@@ -0,0 +1,35 @@
+package com.vacuumlabs.example.config
+
+import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
+import org.springframework.security.config.annotation.web.builders.HttpSecurity
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
+import org.springframework.security.config.web.servlet.invoke
+import org.springframework.security.web.SecurityFilterChain
+
+@Configuration
+@EnableWebSecurity
+class SecurityConfig {
+
+    @Autowired
+    fun configureGlobal(auth: AuthenticationManagerBuilder) {
+        auth
+            .inMemoryAuthentication()
+            .withUser("user")
+            .password("{noop}p@55word")
+            .roles("USER")
+    }
+    @Bean
+    open fun filterChain(http: HttpSecurity): SecurityFilterChain {
+        http {
+            authorizeRequests {
+                authorize("/actuator/**", permitAll)
+                authorize(anyRequest, authenticated)
+            }
+            httpBasic { }
+        }
+        return http.build()
+    }
+}
diff --git a/src/test/kotlin/com/vacuumlabs/example/ExampleApplicationTests.kt b/src/test/kotlin/com/vacuumlabs/example/ExampleApplicationTests.kt
@@ -15,6 +15,8 @@ import org.springframework.boot.test.autoconfigure.web.servlet.MockMvcPrint
 import org.springframework.boot.test.context.SpringBootTest
 import org.springframework.http.MediaType
 import org.springframework.kafka.test.utils.KafkaTestUtils
+import org.springframework.security.test.context.support.WithMockUser
+import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf
 import org.springframework.test.annotation.DirtiesContext
 import org.springframework.test.web.servlet.MockMvc
 import org.springframework.test.web.servlet.ResultActionsDsl
@@ -40,6 +42,7 @@ class ExampleApplicationTests @Autowired constructor(
         @Container
         @JvmStatic
         val dc = DockerComposeContainer(File("docker-compose.yaml"))
+            .withOptions("--compatibility")
             .withLocalCompose(true)
             .withOptions("--compatibility")
             .withExposedService("kafka", 9092, Wait.forListeningPort())
@@ -52,15 +55,27 @@ class ExampleApplicationTests @Autowired constructor(
     }
 
     @Test
+    @WithMockUser
     fun `get messages`() {
-        mockMvc.get("/messages").andExpect {
-            status {
-                isOk()
+        mockMvc.get("/messages")
+            .andExpect {
+                status {
+                    isOk()
+                }
+                content {
+                    json("[]")
+                }
             }
-            content {
-                json("[]")
+    }
+
+    @Test
+    fun `get messages without authentication - invalid`() {
+        mockMvc.get("/messages")
+            .andExpect {
+                status {
+                    isUnauthorized()
+                }
             }
-        }
     }
 
     @Test
@@ -74,13 +89,15 @@ class ExampleApplicationTests @Autowired constructor(
     }
 
     @Test
+    @WithMockUser
     fun `new transaction - invalid`() {
         postNewTransaction(
             TransactionDto(11, null, null, null)
         ).andExpect { status { isBadRequest() } }
     }
 
     @Test
+    @WithMockUser
     @DirtiesContext
     fun `new transaction - valid`() {
         postNewTransaction(
@@ -94,6 +111,7 @@ class ExampleApplicationTests @Autowired constructor(
     }
 
     @Test
+    @WithMockUser
     @DirtiesContext
     fun `new transaction - valid, nonexistent account number`() {
         postNewTransaction(
@@ -106,13 +124,21 @@ class ExampleApplicationTests @Autowired constructor(
         assertThat(messageRepository.findAll()).isEmpty()
     }
 
+    @Test
+    fun `new transaction without authentication - invalid`() {
+        postNewTransaction(
+            TransactionDto(1, "ACC-123456", BigDecimal(1000), "Test transaction")
+        ).andExpect { status { isUnauthorized() } }
+    }
+
     private fun postNewTransaction(
         transactionDto: TransactionDto
     ): ResultActionsDsl {
         return mockMvc.post("/transactions") {
             contentType = MediaType.APPLICATION_JSON
             accept = MediaType.APPLICATION_JSON
             content = objectMapper.writeValueAsString(transactionDto)
+            with(csrf())
         }
     }