as of: 20220727_pm070452, Still editing...
Stacks
From Spring Boot + Keycloak
To: Spring Boot + Keycloak + Spring Security
Version
from: 1.5.20.RELEASE
to: 2.7.2
Changes
- pom.xml
- CSRF - default implementation of Spring Security
- JSP
- Controllers
- Services
- Repo
- Batch Save
- Batch Delete
- Delete
- FindOne
- Pageable
- application.properties
pom.xml
Added
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-spring-boot-starter</artifactId>
<version>18.0.2</version>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-spring-security-adapter</artifactId>
<version>18.0.2</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-validation</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak.bom</groupId>
<artifactId>keycloak-adapter-bom</artifactId>
<version>${version.keycloak-adapter-bom}</version>
<type>pom</type>
</dependency>
Modified
from:
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.5.20.RELEASE</version>
</parent>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.7.2</version>
</parent>
from:
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
<spring-cloud.version>Edgware.SR5</spring-cloud.version>
</properties>
to:
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
<start-class>com.tiongnam.sfa.cdr.MainClass</start-class>
<spring-cloud.version>2021.0.3</spring-cloud.version>
<version.keycloak-adapter-bom>18.0.2</version.keycloak-adapter-bom>
</properties>
from:
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-spring-boot-adapter</artifactId>
<version>4.5.0.Final</version>
</dependency>
to:
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-spring-boot-adapter</artifactId>
<version>18.0.2</version>
</dependency>
CSRF - default implementation of Spring Security
Added header into ajax post request
, headers: {"${_csrf.headerName}": '${_csrf.token}'}
Added spring security tag within POST form:
<sec:csrfInput />
or
turn off csrf checking
protected void configure(HttpSecurity http) throws Exception {
org.springframework.security.config.annotation.web.builders.HttpSecurity http.csrf().disable();
...
...
Controllers:
Changed
From:
org.keycloak.KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal
To:
java.security.Principal principal
Services
Batch Save
Changed
From:
repo.save(batchList)
To:
repo.saveAll(batchList);
findOne
From:
repo.findOne(new Long("1"));
To:
repo.getReferenceById(new Long("1"));
Delete
From:
delete(entity.getId());
To:
deleteById(entity.getId());
Pageable
From:
Pageable page_req = new PageRequest(index,reqData.getLength(), orderBy(reqData), reqData.getOrder().getData());
To:
Pageable page_req = PageRequest.of(index, reqData.getLength(), orderBy(reqData), reqData.getOrder().getData());
application.properties
Added
server.tomcat.max-http-form-post-size
server.tomcat.max-swallow-size
Changed
server.contextPath
to
server.servlet.context-path
spring.http.multipart.max-file-size
to
spring.servlet.multipart.max-file-size
spring.http.multipart.max-request-size
to
spring.servlet.multipart.max-request-size
keycloak.securityConstraints[0].authRoles[0]=read-only-common
keycloak.securityConstraints[0].securityCollections[0].patterns[0]=/welcome
keycloak.securityConstraints[0].securityCollections[0].patterns[1]=/logout
keycloak.securityConstraints[0].securityCollections[0].patterns[2]=/dashboard
keycloak.securityConstraints[0].securityCollections[0].patterns[3]=/web/getDashboard
to
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http.authorizeRequests()
.antMatchers("/vendor/**", "/css/**", "/js/**", "/img/**").permitAll()
.antMatchers("/upload").authenticated()
.antMatchers("/formd/**", "/module1/**", "/maintenance/**").authenticated()
.anyRequest().authenticated()
;
}