Skip to content
/ demo-security-spring2 Public

java 1.8, Spring Security with Spring Boot 2.0 Rest API application

License

MIT license
13 stars 10 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

rubytomato/demo-security-spring2

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
.mvn/wrapper
.mvn/wrapper
 
 
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
mvnw
mvnw
 
 
mvnw.cmd
mvnw.cmd
 
 
pom.xml
pom.xml
 
 

Repository files navigation

Spring Security with Spring Boot 2.0 Rest API application

Development environment

  • Java 1.8.0
  • Spring Boot 2.0.6
  • H2
  • Maven 3.5.4

Build & Run

using an embedded database H2.

mvn clean package

java -jar .\target\demo.jar

test user

email password admin
[email protected] iWKw06pvj true
[email protected] sk10ZIaiq false
[email protected] me02yFufL false
[email protected] FjqU39aia false
[email protected] ruFOep18r false

API

pre login API

ログイン時に必要なCSRFトークンを取得する

curl -i -c cookie.txt "http://localhost:9000/app/prelogin"

example

type cookie.txt

# Netscape HTTP Cookie File
# http://curl.haxx.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.

#HttpOnly_localhost	FALSE	/app	FALSE	0	XSRF-TOKEN	b6554c4e-810e-431b-8244-5e43270a5c30
#HttpOnly_localhost	FALSE	/app	FALSE	0	JSESSIONID	E56CF9C4BDD6638071D83A7E5B093991

login API

プレログインAPIで取得したCSRFトークンを_csrfパラメータに指定する

curl -i -b cookie.txt -c cookie.txt -X POST "http://localhost:9000/app/login" -d "[email protected]" -d "pass=iWKw06pvj" -d "_csrf={CSRF_TOKEN}"

logout API

curl -i -b cookie.txt -H "x-xsrf-token:{CSRF_TOKEN}" -X POST "http://localhost:9000/app/logout"

No authentication required API

curl -i -b cookie.txt "http://localhost:9000/app/hello"

curl -i -b cookie.txt "http://localhost:9000/app/hello/{message}"

認証が不要でもPOST時はCSRFトークンが必要

curl -i -b cookie.txt -X POST "http://localhost:9000/app/hello" -d "message=world" -d "_csrf={CSRF_TOKEN}"

These APIs do not need roles

curl -i -b cookie.txt "http://localhost:9000/app/memo/1"

curl -i -b cookie.txt "http://localhost:9000/app/memo/list"

These APIs requiring authentication and USER role

curl -i -b cookie.txt "http://localhost:9000/app/user"

curl -i -b cookie.txt "http://localhost:9000/app/user/echo/{message}"

curl -i -b cookie.txt -H "Content-Type:application/json" -H "x-xsrf-token:{CSRF_TOKEN}" -X POST "http://localhost:9000/app/user/echo" -d "{\"message\": \"hello world\"}"

These APIs requiring authentication and ADMIN role

curl -i -b cookie.txt "http://localhost:9000/app/admin"

curl -i -b cookie.txt "http://localhost:9000/app/admin/echo/{message}"

curl -i -b cookie.txt -H "Content-Type:application/json" -H "x-xsrf-token:{CSRF_TOKEN}" -X POST "http://localhost:9000/app/admin/echo" -d "{\"message\": \"hello world\"}"

About

java 1.8, Spring Security with Spring Boot 2.0 Rest API application

Topics

java spring-boot maven spring-security

Resources

Readme

License

MIT license
Activity

Stars

13 stars

Watchers

3 watching

Forks

10 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages