m

2025-10-30 05:06:05 +02:00 · 2023-07-06 19:01:35 +03:00 · 2023-07-06 19:01:35 +03:00 · 52685a9b25
--- a/pl/cross/tools/ide/vscode/inst/flatpak.txt
+++ b/pl/cross/tools/ide/vscode/inst/flatpak.txt
@ -1,3 +1,6 @@
+# alias abc='flatpak run com.github.abc'
+# sudo ln -s /var/lib/flatpak/exports/bin/com.github.abc /usr/bin/abc
+
 /app/share/vscode/flatpak-warning.txt
 ...
 to access SDKs on your host system!
--- a/pl/java/libfws/spring/security/docs/courses/linkedin.txt
+++ b/pl/java/libfws/spring/security/docs/courses/linkedin.txt
@ -1,8 +1,4 @@
-https://www.linkedin.com/learning/search?entityType=COURSE&keywords=spring%20security
-    ! 216
-
 2022
-https://www.linkedin.com/learning/instructors/frank-p-moley-iii
 https://www.linkedin.com/learning/spring-spring-security-15832928/
    ! 1h31m, 2022
    https://www.linkedin.com/learning/spring-spring-security-15832928/in-memory-authentication
@ -46,4 +42,96 @@ https://www.linkedin.com/learning/spring-spring-security-15832928/
                    return new InMemoryUserDatailsManager(user);
                }
            }
-    https://www.linkedin.com/learning/spring-spring-security-15832928/jdbc-authentication
+
+    @Configuration
+    public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+        @Override
+        protected void configure(HttpSecurity http) {
+            http
+                .authorizeRequests()
+                .antMatchers("/", "/home").permitAll()
+                .antMatchers("/customers/**").hasRole("USER") // "ROLE_USER"
+                .antMatchers("/orders").hasRole("ADMIN")
+                .anyRequest().authenticated()
+                .and()
+                .httpBasic() // does not have /logout
+                // for the form-based auth
+                // .httpBasic
+                .formLogin()
+                .loginPage("/login").permitAll()
+                .permitAll();
+                .and()
+                .logout()
+                .clearAuthentication(true)
+                .invalidateHttpSession(true)
+                .logoutSuccessUrl("/login?logout")
+                .permitAll()
+        }
+
+        @Bean
+        public UserDetailsService users(DataSource dataSource) {
+            return JdbcUserDetailManager();
+        }
+
+        // spring cli
+        spring encodepassword password
+        bcrypt pwd-encoder is default one
+
+        @Bean
+        public GrantedAuthoritiesMapper authorityMapper() {
+            SimpleAuthoritiyMapper authorityMapper = new SimpleAuthoritiyMapper();
+            authorityMapper.setConvertToUpperCase(true);
+            return authorityMapper;
+        }
+    }
+    
+    OAuth2 token types
+    access_token (short-lived), id-s a user
+    refresh_token - longer-lived
+    scopes - provides for rights, associated with the access token
+
+    Grants
+    authorization code
+    implicit
+    client credentials
+
+    CommonOAuth2Provider
+        provides native support for Okta, Google, ...
+
+    Auth Server
+        @EnableAuthorizationServer
+        AuthorizationServerConfigurerAdapter
+
+    ResourceServer
+        @EnableResourceServer
+
+    OAuth2Client
+    @EnableOAuth2Client
+    Oauth2RestTemplate - provieds much scaffolding
+
+    LDAP
+    need to configure AuthenticationManagerBuilder
+
+    @EnableWebFluxSecurity
+    SecurityWebFilterChain provides more fine-grained control
+    MapReactiveUserDetailsService provides handle to UserDetailsService
+
+    @EnableWebFluxSecurity
+    ... {
+        @Bean
+        public MapReactiveUserDetailsService userDetailsService() {
+            List<UserDetails> = new ArrayList<>();
+            userDetails.add(User.withDefaultPasswordEncoder().username(...).password(...).roles("USER").build());
+            // ... .roles("USER", "ADMIN")
+            return new MapReactiveUserDetailsService(userDetails);
+        }
+        @Bean
+        // ServerHttpSecurity is for WebFlux
+        public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) { 
+            http.authorizeExchange()
+                .pathMatchers("/hello").permitAll()
+                .anyExchange().hasRole("ADMIN")
+                .and().httpBasic();
+            return http.build()
+        }
+    }
--- a/pl/java/libfws/spring/security/docs/guides.txt
+++ b/pl/java/libfws/spring/security/docs/guides.txt
@ -0,0 +1,5 @@
+https://spring.io/guides/topicals/spring-security-architecture/
+
+2022
+https://www.toptal.com/spring/spring-security-tutorial
+    ! how to remove "ROLE_" prefix
--- a/pl/java/libfws/spring/security/oauth/oauth2/server/keycloak.txt
+++ b/pl/java/libfws/spring/security/oauth/oauth2/server/keycloak.txt
@ -1,5 +1,3 @@
-eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI0NjkxNTE4Zi04OTA2LTRmNmMtOGExNi04YjMyNzMxOGIyMTgifQ.eyJleHAiOjE3MjAwODQ0OTEsImlhdCI6MTY4ODU0ODQ5MSwianRpIjoiNDA5YTZhZGItZTM2MC00MzI3LTkxMWEtMGRhY2U4NGM5OTU0IiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgxL3JlYWxtcy9yZWFsbTEiLCJhdWQiOiJodHRwOi8vbG9jYWxob3N0OjgwODEvcmVhbG1zL3JlYWxtMSIsInR5cCI6IkluaXRpYWxBY2Nlc3NUb2tlbiJ9.Dz85JZXKwNHkCELObgFH85xDn4xUnM2SkDwY36LQeEA
-
 https://www.keycloak.org/
 https://www.baeldung.com/tag/keycloak/