diff --git a/pl/cross/tools/ide/vscode/inst/flatpak.txt b/pl/cross/tools/ide/vscode/inst/flatpak.txt index 8182a65d4..399cad453 100644 --- a/pl/cross/tools/ide/vscode/inst/flatpak.txt +++ b/pl/cross/tools/ide/vscode/inst/flatpak.txt @@ -1,3 +1,6 @@ +# alias abc='flatpak run com.github.abc' +# sudo ln -s /var/lib/flatpak/exports/bin/com.github.abc /usr/bin/abc + /app/share/vscode/flatpak-warning.txt ... to access SDKs on your host system! diff --git a/pl/java/libfws/spring/security/docs/courses/linkedin.txt b/pl/java/libfws/spring/security/docs/courses/linkedin.txt index 2a6399938..58dd16336 100644 --- a/pl/java/libfws/spring/security/docs/courses/linkedin.txt +++ b/pl/java/libfws/spring/security/docs/courses/linkedin.txt @@ -1,8 +1,4 @@ -https://www.linkedin.com/learning/search?entityType=COURSE&keywords=spring%20security - ! 216 - 2022 -https://www.linkedin.com/learning/instructors/frank-p-moley-iii https://www.linkedin.com/learning/spring-spring-security-15832928/ ! 1h31m, 2022 https://www.linkedin.com/learning/spring-spring-security-15832928/in-memory-authentication @@ -46,4 +42,96 @@ https://www.linkedin.com/learning/spring-spring-security-15832928/ return new InMemoryUserDatailsManager(user); } } - https://www.linkedin.com/learning/spring-spring-security-15832928/jdbc-authentication + + @Configuration + public class WebSecurityConfig extends WebSecurityConfigurerAdapter { + @Override + protected void configure(HttpSecurity http) { + http + .authorizeRequests() + .antMatchers("/", "/home").permitAll() + .antMatchers("/customers/**").hasRole("USER") // "ROLE_USER" + .antMatchers("/orders").hasRole("ADMIN") + .anyRequest().authenticated() + .and() + .httpBasic() // does not have /logout + // for the form-based auth + // .httpBasic + .formLogin() + .loginPage("/login").permitAll() + .permitAll(); + .and() + .logout() + .clearAuthentication(true) + .invalidateHttpSession(true) + .logoutSuccessUrl("/login?logout") + .permitAll() + } + + @Bean + public UserDetailsService users(DataSource dataSource) { + return JdbcUserDetailManager(); + } + + // spring cli + spring encodepassword password + bcrypt pwd-encoder is default one + + @Bean + public GrantedAuthoritiesMapper authorityMapper() { + SimpleAuthoritiyMapper authorityMapper = new SimpleAuthoritiyMapper(); + authorityMapper.setConvertToUpperCase(true); + return authorityMapper; + } + } + + OAuth2 token types + access_token (short-lived), id-s a user + refresh_token - longer-lived + scopes - provides for rights, associated with the access token + + Grants + authorization code + implicit + client credentials + + CommonOAuth2Provider + provides native support for Okta, Google, ... + + Auth Server + @EnableAuthorizationServer + AuthorizationServerConfigurerAdapter + + ResourceServer + @EnableResourceServer + + OAuth2Client + @EnableOAuth2Client + Oauth2RestTemplate - provieds much scaffolding + + LDAP + need to configure AuthenticationManagerBuilder + + @EnableWebFluxSecurity + SecurityWebFilterChain provides more fine-grained control + MapReactiveUserDetailsService provides handle to UserDetailsService + + @EnableWebFluxSecurity + ... { + @Bean + public MapReactiveUserDetailsService userDetailsService() { + List = new ArrayList<>(); + userDetails.add(User.withDefaultPasswordEncoder().username(...).password(...).roles("USER").build()); + // ... .roles("USER", "ADMIN") + return new MapReactiveUserDetailsService(userDetails); + } + @Bean + // ServerHttpSecurity is for WebFlux + public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) { + http.authorizeExchange() + .pathMatchers("/hello").permitAll() + .anyExchange().hasRole("ADMIN") + .and().httpBasic(); + return http.build() + } + } diff --git a/pl/java/libfws/spring/security/docs/guides.txt b/pl/java/libfws/spring/security/docs/guides.txt new file mode 100644 index 000000000..2e4fa5e44 --- /dev/null +++ b/pl/java/libfws/spring/security/docs/guides.txt @@ -0,0 +1,5 @@ +https://spring.io/guides/topicals/spring-security-architecture/ + +2022 +https://www.toptal.com/spring/spring-security-tutorial + ! how to remove "ROLE_" prefix diff --git a/pl/java/libfws/spring/security/oauth/oauth2/server/keycloak.txt b/pl/java/libfws/spring/security/oauth/oauth2/server/keycloak.txt index e2232d67e..da4e57456 100644 --- a/pl/java/libfws/spring/security/oauth/oauth2/server/keycloak.txt +++ b/pl/java/libfws/spring/security/oauth/oauth2/server/keycloak.txt @@ -1,5 +1,3 @@ -eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI0NjkxNTE4Zi04OTA2LTRmNmMtOGExNi04YjMyNzMxOGIyMTgifQ.eyJleHAiOjE3MjAwODQ0OTEsImlhdCI6MTY4ODU0ODQ5MSwianRpIjoiNDA5YTZhZGItZTM2MC00MzI3LTkxMWEtMGRhY2U4NGM5OTU0IiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgxL3JlYWxtcy9yZWFsbTEiLCJhdWQiOiJodHRwOi8vbG9jYWxob3N0OjgwODEvcmVhbG1zL3JlYWxtMSIsInR5cCI6IkluaXRpYWxBY2Nlc3NUb2tlbiJ9.Dz85JZXKwNHkCELObgFH85xDn4xUnM2SkDwY36LQeEA - https://www.keycloak.org/ https://www.baeldung.com/tag/keycloak/