Basic Auth support in client code.
diff --git a/juneau-petstore-client/src/main/java/org/apache/juneau/petstore/Main.java b/juneau-petstore-client/src/main/java/org/apache/juneau/petstore/Main.java
index e97eb52..47b1fce 100644
--- a/juneau-petstore-client/src/main/java/org/apache/juneau/petstore/Main.java
+++ b/juneau-petstore-client/src/main/java/org/apache/juneau/petstore/Main.java
@@ -17,6 +17,11 @@
import java.io.*;
import java.util.*;
+import org.apache.http.auth.AuthScope;
+import org.apache.http.auth.Credentials;
+import org.apache.http.auth.UsernamePasswordCredentials;
+import org.apache.http.client.CredentialsProvider;
+import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.juneau.json.*;
import org.apache.juneau.marshall.*;
import org.apache.juneau.parser.*;
@@ -34,10 +39,20 @@
private static final JsonParser JSON_PARSER = JsonParser.create().ignoreUnknownBeanProperties().build();
+ @SuppressWarnings("deprecation")
public static void main(String[] args) {
+ // TODO - This is broken until we can update to Juneau 8.1.3 which has a fix for handling how Spring Security
+ // processes Basic Auth requests.
+
+ // Set up BASIC auth.
+ // User/passwords are hardcoded in SpringSecurityConfig.
+ Credentials up = new UsernamePasswordCredentials("admin", "password");
+ CredentialsProvider p = new BasicCredentialsProvider();
+ p.setCredentials(AuthScope.ANY, up);
+
// Create a RestClient with JSON serialization support.
- try (RestClient rc = RestClient.create(SimpleJsonSerializer.class, JsonParser.class).build()) {
+ try (RestClient rc = RestClient.create(SimpleJsonSerializer.class, JsonParser.class).defaultCredentialsProvider(p).build()) {
// Instantiate our proxy.
PetStore petStore = rc.getRemote(PetStore.class, "http://localhost:5000");
diff --git a/juneau-petstore-server/src/main/java/org/apache/juneau/petstore/config/SpringSecurityConfig.java b/juneau-petstore-server/src/main/java/org/apache/juneau/petstore/config/SpringSecurityConfig.java
index a07b6f9..13f427b 100644
--- a/juneau-petstore-server/src/main/java/org/apache/juneau/petstore/config/SpringSecurityConfig.java
+++ b/juneau-petstore-server/src/main/java/org/apache/juneau/petstore/config/SpringSecurityConfig.java
@@ -1,40 +1,37 @@
package org.apache.juneau.petstore.config;
+import static org.springframework.http.HttpMethod.*;
+
import org.springframework.context.annotation.Configuration;
-import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
/**
- * TODO - Needs documentation
+ * Sets up BASIC authentication for our app.
*/
@Configuration
-public class SpringSecurityConfig extends WebSecurityConfigurerAdapter{
+public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
- @Override
- protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+ @Override
+ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+ auth.inMemoryAuthentication()
+ .withUser("user").password("{noop}password").roles("USER")
+ .and()
+ .withUser("admin").password("{noop}password").roles("USER", "ADMIN");
+ }
- auth.inMemoryAuthentication()
- .withUser("user").password("{noop}password").roles("USER")
- .and()
- .withUser("admin").password("{noop}password").roles("USER", "ADMIN");
-
- }
-
- @Override
- protected void configure(HttpSecurity http) throws Exception {
-
- http
- .httpBasic()
- .and()
- .authorizeRequests()
- // .antMatchers(HttpMethod.POST, "/petstore/pet").hasRole("ADMIN")
- .antMatchers(HttpMethod.PUT, "/petstore/pet/**").hasRole("ADMIN")
- .antMatchers(HttpMethod.DELETE, "/petstore/pet/**").hasRole("ADMIN")
- .and()
- .csrf().disable()
- .formLogin().disable();
- }
-
-}
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http
+ .httpBasic()
+ .and()
+ .authorizeRequests()
+ .anyRequest().authenticated()
+ .antMatchers(GET).anonymous() // Allow anonymous read-only access.
+ .antMatchers(POST).anonymous() // TEMPORARY.
+ .and()
+ .csrf().disable()
+ .formLogin().disable();
+ }
+}
\ No newline at end of file
diff --git a/juneau-petstore-server/src/main/java/org/apache/juneau/petstore/rest/RootResources.java b/juneau-petstore-server/src/main/java/org/apache/juneau/petstore/rest/RootResources.java
index 620efd8..9fd94b9 100644
--- a/juneau-petstore-server/src/main/java/org/apache/juneau/petstore/rest/RootResources.java
+++ b/juneau-petstore-server/src/main/java/org/apache/juneau/petstore/rest/RootResources.java
@@ -31,7 +31,8 @@
description="Example of a router resource page.",
children={
PetStoreResource.class
- }
+ },
+ debug="true"
)
@HtmlDocConfig(
widgets={