refactorings for error handling and security fixes

reljicd · reljicd · commit e07eea11d139 · 2018-03-26T12:46:43.000+02:00
diff --git a/src/main/java/com/reljicd/DemoApplication.java b/src/main/java/com/reljicd/DemoApplication.java
@@ -6,7 +6,7 @@
 @SpringBootApplication
 public class DemoApplication {
 
-	public static void main(String[] args) {
-		SpringApplication.run(DemoApplication.class, args);
-	}
+    public static void main(String[] args) {
+        SpringApplication.run(DemoApplication.class, args);
+    }
 }
diff --git a/src/main/java/com/reljicd/config/GlobalExceptionHandler.java b/src/main/java/com/reljicd/config/GlobalExceptionHandler.java
@@ -1,4 +1,4 @@
-package com.reljicd.controller.exception;
+package com.reljicd.config;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -15,16 +15,16 @@
  * @author Dusan
  */
 @ControllerAdvice
-public class ErrorController {
+public class GlobalExceptionHandler {
 
-    private static Logger logger = LoggerFactory.getLogger(ErrorController.class);
+    private static Logger logger = LoggerFactory.getLogger(GlobalExceptionHandler.class);
 
     @ExceptionHandler(Throwable.class)
     @ResponseStatus(HttpStatus.INTERNAL_SERVER_ERROR)
     public ModelAndView exception(final Throwable throwable, final Model model) {
         logger.error("Exception during execution of SpringSecurity application", throwable);
 
-        ModelAndView modelAndView = new ModelAndView("error");
+        ModelAndView modelAndView = new ModelAndView("/error");
         String errorMessage = (throwable != null ? throwable.toString() : "Unknown error");
         modelAndView.addObject("errorMessage", errorMessage);
         return modelAndView;
diff --git a/src/main/java/com/reljicd/config/MyAccessDeniedHandler.java b/src/main/java/com/reljicd/config/MyAccessDeniedHandler.java
@@ -1,4 +1,4 @@
-package com.reljicd.error;
+package com.reljicd.config;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -30,9 +30,7 @@ public void handle(HttpServletRequest httpServletRequest,
                 = SecurityContextHolder.getContext().getAuthentication();
 
         if (auth != null) {
-            logger.info("User '" + auth.getName()
-                    + "' attempted to access the protected URL: "
-                    + httpServletRequest.getRequestURI());
+            logger.info(String.format("User '%s' attempted to access the protected URL: %s", auth.getName(), httpServletRequest.getRequestURI()));
         }
 
         httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + "/403");
diff --git a/src/main/java/com/reljicd/config/SpringSecurityConfig.java b/src/main/java/com/reljicd/config/SpringSecurityConfig.java
@@ -20,7 +20,6 @@
  *
  * @author Dusan
  */
-//@EnableWebSecurity
 @Configuration
 public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
 
@@ -44,9 +43,8 @@ public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
 
     /**
      * HTTPSecurity configurer
-     * - roles ADMIN allow to access /admin/**
-     * - roles USER allow to access /user/** and /newPost/**
-     * - anybody can visit /, /home, /about, /registration, /error, /blog/**, /post/**, /h2-console/**
+     * - roles USER allow to access to /link/** and /newLink/**
+     * - anybody can visit /home, /registration, /error, /links/**, /post/**, /h2-console/**
      * - every other page needs authentication
      * - custom 403 access denied handler
      *
@@ -58,11 +56,8 @@ protected void configure(HttpSecurity http) throws Exception {
 
         http.csrf().disable()
                 .authorizeRequests()
-                .antMatchers("/", "/home", "/about", "/registration", "/error", "/blog/**", "/post/**", "/h2-console/**").permitAll()
-                .antMatchers("/admin/**").hasAnyRole("ADMIN")
-                .antMatchers("/user/**", "/newPost/**").hasAnyRole("USER")
-                // permit all to see HAL Browser
-//                .antMatchers("/browser/**").permitAll()
+                .antMatchers("/home", "/registration", "/error", "/links/**", "/post/**", "/h2-console/**").permitAll()
+                .antMatchers("link/**", "/newLink/**").hasAnyRole("USER")
                 .anyRequest().authenticated()
                 .and()
                 .formLogin()
@@ -81,9 +76,6 @@ protected void configure(HttpSecurity http) throws Exception {
 
     /**
      * Authentication details
-     *
-     * @param auth
-     * @throws Exception
      */
     @Autowired
     public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
@@ -98,15 +90,11 @@ public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception
 
         // In memory authentication
         auth.inMemoryAuthentication()
-//                .withUser("user").password("password").roles("USER")
-//                .and()
                 .withUser(adminUsername).password(adminPassword).roles("ADMIN");
     }
 
     /**
      * Configure and return BCrypt password encoder
-     *
-     * @return
      */
     @Bean
     public PasswordEncoder passwordEncoder() {
diff --git a/src/main/java/com/reljicd/controller/CustomErrorController.java b/src/main/java/com/reljicd/controller/CustomErrorController.java
@@ -0,0 +1,28 @@
+package com.reljicd.controller;
+
+import org.springframework.boot.autoconfigure.web.ErrorController;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.servlet.ModelAndView;
+
+@RestController
+public class CustomErrorController implements ErrorController {
+
+    private static final String PATH = "/error";
+
+    @RequestMapping(PATH)
+    public ModelAndView error() {
+        return new ModelAndView("/error");
+    }
+
+    @GetMapping("/403")
+    public ModelAndView error403() {
+        return new ModelAndView("/403");
+    }
+
+    @Override
+    public String getErrorPath() {
+        return PATH;
+    }
+}
diff --git a/src/main/java/com/reljicd/controller/DefaultController.java b/src/main/java/com/reljicd/controller/DefaultController.java
