Bael 2262 : Removed the basic authentication from HTTPS Enabled Application (eugenp#5516)

sandy03934 · maibin · commit c533462382af · 2018-10-22T08:38:39.000-07:00
* BAEL-1979 Added examples for SnakeYAML Library

* BAEL-1979 Moved the snakeyaml related code to libraries module

* BAEL-1979 Removed the System.out.println() statements and converted the assertTrue to assertEquals wherever possible.

* BAEL-1979 Removed println statements, small formatting fix in pom.xml

* BAEL-1466 Added a new module for apache-geode

* BAEL-1466 Updated the Integration Tests.

* BAEL-1466 Updated the Integration Tests.

* BAEL-1466 Updated the Integration Tests.

* BAEL-1466 Removed the Unnecessary code.

* BAEL-2262 Added code for demonstration of HTTPS enabled Spring Boot Application

* BAEL-2262 Removed the Basic Authentication from the HttpsEnabledApplication.
diff --git a/spring-security-mvc-boot/src/main/java/org/baeldung/ssl/SecurityConfig.java b/spring-security-mvc-boot/src/main/java/org/baeldung/ssl/SecurityConfig.java
@@ -1,36 +1,16 @@
 package org.baeldung.ssl;
 
-import org.springframework.context.annotation.Bean;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
-import org.springframework.security.crypto.password.PasswordEncoder;
 
 @EnableWebSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
-    @Override
-    public void configure(AuthenticationManagerBuilder auth) throws Exception {
-
-        auth.inMemoryAuthentication()
-            .withUser("memuser")
-            .password(passwordEncoder().encode("pass"))
-            .roles("USER");
-    }
-
     @Override
     protected void configure(HttpSecurity http) throws Exception {
-        http.httpBasic()
-            .and()
-            .authorizeRequests()
-            .antMatchers("/**")
-            .authenticated();
-    }
-
-    @Bean
-    public PasswordEncoder passwordEncoder() {
-        return new BCryptPasswordEncoder();
+        http.authorizeRequests()
+                .antMatchers("/**")
+                .permitAll();
     }
 }
diff --git a/spring-security-mvc-boot/src/test/java/org/baeldung/web/HttpsApplicationIntegrationTest.java b/spring-security-mvc-boot/src/test/java/org/baeldung/web/HttpsApplicationIntegrationTest.java
@@ -10,14 +10,15 @@
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.core.io.Resource;
-import org.springframework.http.*;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
 import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
 import org.springframework.test.context.ActiveProfiles;
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.web.client.RestTemplate;
 
 import javax.net.ssl.SSLContext;
-import java.util.Base64;
+import java.util.Collections;
 
 import static org.junit.Assert.assertEquals;
 
@@ -36,7 +37,7 @@ public class HttpsApplicationIntegrationTest {
 
     @Test
     public void whenGETanHTTPSResource_thenCorrectResponse() throws Exception {
-        ResponseEntity<String> response = restTemplate().exchange(WELCOME_URL, HttpMethod.GET, new HttpEntity<String>(withAuthorization("memuser", "pass")), String.class);
+        ResponseEntity<String> response = restTemplate().getForEntity(WELCOME_URL, String.class, Collections.emptyMap());
 
         assertEquals("<h1>Welcome to Secured Site</h1>", response.getBody());
         assertEquals(HttpStatus.OK, response.getStatusCode());
@@ -52,16 +53,4 @@ RestTemplate restTemplate() throws Exception {
         HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory(httpClient);
         return new RestTemplate(factory);
     }
-
-    HttpHeaders withAuthorization(String userName, String password) {
-        return new HttpHeaders() {
-            {
-                String auth = userName + ":" + password;
-                String authHeader = "Basic " + new String(Base64.getEncoder()
-                    .encode(auth.getBytes()));
-                set("Authorization", authHeader);
-            }
-        };
-    }
-
 }
