Add security config to all examples

spring-boot-admin-samples/spring-boot-admin-sample-consul/pom.xml

 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright 2014-2017 the original author or authors.
+  ~ Copyright 2014-2018 the original author or authors.
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -29,6 +29,14 @@
     </parent>
     <dependencies>
         <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+        <dependency>
             <groupId>de.codecentric</groupId>
             <artifactId>spring-boot-admin-starter-server</artifactId>
         </dependency>

spring-boot-admin-samples/spring-boot-admin-sample-consul/src/main/java/de/codecentric/boot/admin/SpringBootAdminApplication.java

@@ -16,12 +16,17 @@
 
 package de.codecentric.boot.admin;
 
+import de.codecentric.boot.admin.server.config.AdminServerProperties;
 import de.codecentric.boot.admin.server.config.EnableAdminServer;
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
 
 @Configuration
 @EnableAutoConfiguration
@@ -29,6 +34,44 @@ import org.springframework.context.annotation.Configuration;
 @EnableAdminServer
 public class SpringBootAdminApplication {
 
+    @Profile("insecure")
+    @Configuration
+    public static class SecurityPermitAllConfig extends WebSecurityConfigurerAdapter {
+        @Override
+        protected void configure(HttpSecurity http) throws Exception {
+            http.authorizeRequests().anyRequest().permitAll()//
+                .and().csrf().disable();
+        }
+    }
+
+    @Profile("secure")
+    @Configuration
+    public static class SecuritySecureConfig extends WebSecurityConfigurerAdapter {
+        private final String adminContextPath;
+
+        public SecuritySecureConfig(AdminServerProperties adminServerProperties) {
+            this.adminContextPath = adminServerProperties.getContextPath();
+        }
+
+        @Override
+        protected void configure(HttpSecurity http) throws Exception {
+            // @formatter:off
+            SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
+            successHandler.setTargetUrlParameter("redirectTo");
+
+            http.authorizeRequests()
+                .antMatchers(adminContextPath + "/assets/**").permitAll()
+                .antMatchers(adminContextPath + "/login").permitAll()
+                .anyRequest().authenticated()
+                .and()
+            .formLogin().loginPage(adminContextPath + "/login").successHandler(successHandler).and()
+            .logout().logoutUrl(adminContextPath + "/logout").and()
+            .httpBasic().and()
+            .csrf().disable();
+            // @formatter:on
+        }
+    }
+
     public static void main(String[] args) {
         SpringApplication.run(SpringBootAdminApplication.class, args);
     }

spring-boot-admin-samples/spring-boot-admin-sample-consul/src/main/resources/application.yml

@@ -8,10 +8,39 @@ spring:
       host: localhost
       port: 8500
       discovery:
-        tags: management.context-path=/foo, health.path=/ping
+        tags: management.context-path=/foo, health.path=/ping, user.name=user, user.password=password
+  profiles:
+    active:
+      - secure
+  boot:
+    admin:
+      discovery:
+        ignored-services: consul
+
+
+management:
+  server:
+    servlet:
+      context-path: /foo
+  endpoints:
+    web:
+      exposure:
+        include: "*"
+      path-mapping:
+        health: /ping
+  endpoint:
+    health:
+      show-details: ALWAYS
 
-management.context-path: /foo
-endpoints.health.path: /ping
+---
+spring:
+  profiles: insecure
+
+---
+spring:
+  profiles: secure
+  security:
+    user:
+      name: "user"
+      password: "password"
 
-spring.boot.admin.discovery:
-  ignored-services: consul

spring-boot-admin-samples/spring-boot-admin-sample-eureka/src/main/java/de/codecentric/boot/admin/SpringBootAdminApplication.java

@@ -16,14 +16,17 @@
 
 package de.codecentric.boot.admin;
 
+import de.codecentric.boot.admin.server.config.AdminServerProperties;
 import de.codecentric.boot.admin.server.config.EnableAdminServer;
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
 
 // tag::application-eureka[]
 @Configuration
@@ -35,14 +38,43 @@ public class SpringBootAdminApplication {
         SpringApplication.run(SpringBootAdminApplication.class, args);
     }
 
+    @Profile("insecure")
     @Configuration
     public static class SecurityPermitAllConfig extends WebSecurityConfigurerAdapter {
         @Override
         protected void configure(HttpSecurity http) throws Exception {
-            http.authorizeRequests().anyRequest().permitAll() //<1>
+            http.authorizeRequests().anyRequest().permitAll()//
                 .and().csrf().disable();
         }
     }
 
+    @Profile("secure")
+    @Configuration
+    public static class SecuritySecureConfig extends WebSecurityConfigurerAdapter {
+        private final String adminContextPath;
+
+        public SecuritySecureConfig(AdminServerProperties adminServerProperties) {
+            this.adminContextPath = adminServerProperties.getContextPath();
+        }
+
+        @Override
+        protected void configure(HttpSecurity http) throws Exception {
+            // @formatter:off
+            SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
+            successHandler.setTargetUrlParameter("redirectTo");
+
+            http.authorizeRequests()
+                .antMatchers(adminContextPath + "/assets/**").permitAll()
+                .antMatchers(adminContextPath + "/login").permitAll()
+                .anyRequest().authenticated()
+                .and()
+            .formLogin().loginPage(adminContextPath + "/login").successHandler(successHandler).and()
+            .logout().logoutUrl(adminContextPath + "/logout").and()
+            .httpBasic().and()
+            .csrf().disable();
+            // @formatter:on
+        }
+    }
+
 }
 // end::application-eureka[]

spring-boot-admin-samples/spring-boot-admin-sample-hazelcast/pom.xml

@@ -29,6 +29,14 @@
     </parent>
     <dependencies>
         <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+        <dependency>
             <groupId>de.codecentric</groupId>
             <artifactId>spring-boot-admin-starter-server</artifactId>
         </dependency>

spring-boot-admin-samples/spring-boot-admin-sample-hazelcast/src/main/java/de/codecentric/boot/admin/SpringBootAdminApplication.java

@@ -16,12 +16,17 @@
 
 package de.codecentric.boot.admin;
 
+import de.codecentric.boot.admin.server.config.AdminServerProperties;
 import de.codecentric.boot.admin.server.config.EnableAdminServer;
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
 import com.hazelcast.config.Config;
 import com.hazelcast.config.EvictionPolicy;
 import com.hazelcast.config.ListConfig;
@@ -42,8 +47,47 @@ public class SpringBootAdminApplication {
                                new ListConfig("spring-boot-admin-event-eventstore").setBackupCount(1).setMaxSize(1000));
     }
 
+    @Profile("insecure")
+    @Configuration
+    public static class SecurityPermitAllConfig extends WebSecurityConfigurerAdapter {
+        @Override
+        protected void configure(HttpSecurity http) throws Exception {
+            http.authorizeRequests().anyRequest().permitAll()//
+                .and().csrf().disable();
+        }
+    }
+
+    @Profile("secure")
+    @Configuration
+    public static class SecuritySecureConfig extends WebSecurityConfigurerAdapter {
+        private final String adminContextPath;
+
+        public SecuritySecureConfig(AdminServerProperties adminServerProperties) {
+            this.adminContextPath = adminServerProperties.getContextPath();
+        }
+
+        @Override
+        protected void configure(HttpSecurity http) throws Exception {
+            // @formatter:off
+            SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
+            successHandler.setTargetUrlParameter("redirectTo");
+
+            http.authorizeRequests()
+                .antMatchers(adminContextPath + "/assets/**").permitAll()
+                .antMatchers(adminContextPath + "/login").permitAll()
+                .anyRequest().authenticated()
+                .and()
+            .formLogin().loginPage(adminContextPath + "/login").successHandler(successHandler).and()
+            .logout().logoutUrl(adminContextPath + "/logout").and()
+            .httpBasic().and()
+            .csrf().disable();
+            // @formatter:on
+        }
+    }
+
     public static void main(String[] args) {
         SpringApplication.run(SpringBootAdminApplication.class, args);
     }
+
 }
 // end::application-hazelcast[]

spring-boot-admin-samples/spring-boot-admin-sample-war/src/main/java/de/codecentric/boot/admin/SpringBootAdminApplication.java

@@ -16,6 +16,7 @@
 
 package de.codecentric.boot.admin;
 
+import de.codecentric.boot.admin.server.config.AdminServerProperties;
 import de.codecentric.boot.admin.server.config.EnableAdminServer;
 
 import org.springframework.boot.SpringApplication;
@@ -23,8 +24,10 @@ import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.builder.SpringApplicationBuilder;
 import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
 
 @Configuration
 @EnableAutoConfiguration
@@ -45,6 +48,44 @@ public class SpringBootAdminApplication extends SpringBootServletInitializer {
         return application;
     }
 
+    @Profile("insecure")
+    @Configuration
+    public static class SecurityPermitAllConfig extends WebSecurityConfigurerAdapter {
+        @Override
+        protected void configure(HttpSecurity http) throws Exception {
+            http.authorizeRequests().anyRequest().permitAll()//
+                .and().csrf().disable();
+        }
+    }
+
+    @Profile("secure")
+    @Configuration
+    public static class SecuritySecureConfig extends WebSecurityConfigurerAdapter {
+        private final String adminContextPath;
+
+        public SecuritySecureConfig(AdminServerProperties adminServerProperties) {
+            this.adminContextPath = adminServerProperties.getContextPath();
+        }
+
+        @Override
+        protected void configure(HttpSecurity http) throws Exception {
+            // @formatter:off
+            SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
+            successHandler.setTargetUrlParameter("redirectTo");
+
+            http.authorizeRequests()
+                .antMatchers(adminContextPath + "/assets/**").permitAll()
+                .antMatchers(adminContextPath + "/login").permitAll()
+                .anyRequest().authenticated()
+                .and()
+            .formLogin().loginPage(adminContextPath + "/login").successHandler(successHandler).and()
+            .logout().logoutUrl(adminContextPath + "/logout").and()
+            .httpBasic().and()
+            .csrf().disable();
+            // @formatter:on
+        }
+    }
+
     public static void main(String[] args) {
         SpringApplication.run(SpringBootAdminApplication.class, args);
     }

spring-boot-admin-samples/spring-boot-admin-sample-war/src/main/resources/application.yml

@@ -5,6 +5,9 @@ spring:
     admin:
       client:
         url: http://localhost:8080
+  profiles:
+    active:
+      - secure
 
 management:
   endpoints:
@@ -13,4 +16,27 @@ management:
         include: "*"
   endpoint:
     health:
-      show-details: ALWAYS
\ No newline at end of file
+      show-details: ALWAYS
+
+---
+spring:
+  profiles: insecure
+
+---
+spring:
+  profiles: secure
+  security:
+    user:
+      name: "user"
+      password: "password"
+  boot:
+    admin:
+      client:
+        username: "user"       #These two are needed so that the client
+        password: "password"   #can register at the protected server api
+        instance:
+          metadata:
+            user.name: "user"         #These two are needed so that the server
+            user.password: "password" #can access the protected client endpoints
+
+

spring-boot-admin-samples/spring-boot-admin-sample-zookeeper/pom.xml

@@ -28,6 +28,14 @@
     </parent>
     <dependencies>
         <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+        <dependency>
             <groupId>de.codecentric</groupId>
             <artifactId>spring-boot-admin-starter-server</artifactId>
         </dependency>

spring-boot-admin-samples/spring-boot-admin-sample-zookeeper/src/main/java/de/codecentric/boot/admin/SpringBootAdminApplication.java

@@ -16,18 +16,60 @@
 
 package de.codecentric.boot.admin;
 
+import de.codecentric.boot.admin.server.config.AdminServerProperties;
 import de.codecentric.boot.admin.server.config.EnableAdminServer;
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
 
 @Configuration
 @EnableAutoConfiguration
 @EnableDiscoveryClient
 @EnableAdminServer
 public class SpringBootAdminApplication {
+    @Profile("insecure")
+    @Configuration
+    public static class SecurityPermitAllConfig extends WebSecurityConfigurerAdapter {
+        @Override
+        protected void configure(HttpSecurity http) throws Exception {
+            http.authorizeRequests().anyRequest().permitAll()//
+                .and().csrf().disable();
+        }
+    }
+
+    @Profile("secure")
+    @Configuration
+    public static class SecuritySecureConfig extends WebSecurityConfigurerAdapter {
+        private final String adminContextPath;
+
+        public SecuritySecureConfig(AdminServerProperties adminServerProperties) {
+            this.adminContextPath = adminServerProperties.getContextPath();
+        }
+
+        @Override
+        protected void configure(HttpSecurity http) throws Exception {
+            // @formatter:off
+            SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
+            successHandler.setTargetUrlParameter("redirectTo");
+
+            http.authorizeRequests()
+                .antMatchers(adminContextPath + "/assets/**").permitAll()
+                .antMatchers(adminContextPath + "/login").permitAll()
+                .anyRequest().authenticated()
+                .and()
+            .formLogin().loginPage(adminContextPath + "/login").successHandler(successHandler).and()
+            .logout().logoutUrl(adminContextPath + "/logout").and()
+            .httpBasic().and()
+            .csrf().disable();
+            // @formatter:on
+        }
+    }
 
     public static void main(String[] args) {
         SpringApplication.run(SpringBootAdminApplication.class, args);

spring-boot-admin-samples/spring-boot-admin-sample-zookeeper/src/main/resources/application.yml

@@ -10,7 +10,35 @@ spring:
         metadata:
           management.context-path: /foo
           health.path: /ping
+          user.name: user
+          user.password: password
+  profiles:
+    active:
+      - secure
 
-management.context-path: /foo
-endpoints.health.path: /ping
+management:
+  server:
+    servlet:
+      context-path: /foo
+  endpoints:
+    web:
+      exposure:
+        include: "*"
+      path-mapping:
+        health: /ping
+  endpoint:
+    health:
+      show-details: ALWAYS
+
+---
+spring:
+  profiles: insecure
+
+---
+spring:
+  profiles: secure
+  security:
+    user:
+      name: "user"
+      password: "password"