Data

.gitignore

@@ -18,6 +18,7 @@
 # Log files #
 /*.log
 /*.log.*
+/logs/**
 
 # Output folders #
 /test-output/

LICENSE

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2022-2023 Bernardo Martínez Garrido
+Copyright (c) 2022-2025 Bernardo Martínez Garrido
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

pom.xml

@@ -123,6 +123,7 @@
       <!-- ============================================== -->
       <!-- =========== DEPENDENCIES VERSIONS ============ -->
       <!-- ============================================== -->
+      <assertj.version>3.26.3</assertj.version>
       <bernardomg.framework.ws.version>0.1.5</bernardomg.framework.ws.version>
       <spring.boot.version>3.4.0</spring.boot.version>
       <spring.version>6.2.0</spring.version>
@@ -135,6 +136,8 @@
       <!-- ============================================== -->
       <!-- Checkstyle customized rules file -->
       <checkstyle.config.location>${project.basedir}/src/config/checkstyle/checkstyle-rules.xml</checkstyle.config.location>
+      <!-- Lowered site plugin due to Velocity problems -->
+      <plugin.site.version>3.12.1</plugin.site.version>
       <!-- ============================================== -->
       <!-- ================= MAVEN SITE ================= -->
       <!-- ============================================== -->
@@ -457,6 +460,19 @@
          <artifactId>mockito-core</artifactId>
          <scope>test</scope>
       </dependency>
+      <dependency>
+         <!-- Mockito JUnit Jupiter -->
+         <groupId>org.mockito</groupId>
+         <artifactId>mockito-junit-jupiter</artifactId>
+         <scope>test</scope>
+      </dependency>
+      <dependency>
+         <!-- AssertJ -->
+         <groupId>org.assertj</groupId>
+         <artifactId>assertj-core</artifactId>
+         <version>${assertj.version}</version>
+         <scope>test</scope>
+      </dependency>
       <dependency>
          <!-- Spring Test -->
          <groupId>org.springframework</groupId>

src/main/java/com/bernardomg/example/spring/security/ws/basic/Application.java

@@ -1,7 +1,7 @@
 /**
  * The MIT License (MIT)
  * <p>
- * Copyright (c) 2022-2023 the original author or authors.
+ * Copyright (c) 2022-2025 the original author or authors.
  * <p>
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal

src/main/java/com/bernardomg/example/spring/security/ws/basic/config/AuditConfig.java

@@ -1,7 +1,7 @@
 /**
  * The MIT License (MIT)
  * <p>
- * Copyright (c) 2022-2023 the original author or authors.
+ * Copyright (c) 2022-2025 the original author or authors.
  * <p>
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal

src/main/java/com/bernardomg/example/spring/security/ws/basic/config/SecurityConfig.java

@@ -1,7 +1,7 @@
 /**
  * The MIT License (MIT)
  * <p>
- * Copyright (c) 2022-2023 the original author or authors.
+ * Copyright (c) 2022-2025 the original author or authors.
  * <p>
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -31,9 +31,8 @@
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 
-import com.bernardomg.example.spring.security.ws.basic.security.user.persistence.repository.PrivilegeRepository;
-import com.bernardomg.example.spring.security.ws.basic.security.user.persistence.repository.UserRepository;
-import com.bernardomg.example.spring.security.ws.basic.security.userdetails.PersistentUserDetailsService;
+import com.bernardomg.example.spring.security.ws.basic.springframework.userdetails.UserDomainDetailsService;
+import com.bernardomg.example.spring.security.ws.basic.user.domain.repository.UserRepository;
 
 /**
  * Security configuration.
@@ -67,14 +66,11 @@ public PasswordEncoder getPasswordEncoder() {
      *
      * @param userRepository
      *            repository for finding users
-     * @param privilegeRepository
-     *            repository for finding user privileges
      * @return the user details service
      */
     @Bean("userDetailsService")
-    public UserDetailsService getUserDetailsService(final UserRepository userRepository,
-            final PrivilegeRepository privilegeRepository) {
-        return new PersistentUserDetailsService(userRepository, privilegeRepository);
+    public UserDetailsService getUserDetailsService(final UserRepository userRepository) {
+        return new UserDomainDetailsService(userRepository);
     }
 
 }

src/main/java/com/bernardomg/example/spring/security/ws/basic/config/WebConfiguration.java

@@ -1,7 +1,7 @@
 /**
  * The MIT License (MIT)
  * <p>
- * Copyright (c) 2022-2023 the original author or authors.
+ * Copyright (c) 2022-2025 the original author or authors.
  * <p>
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal

src/main/java/com/bernardomg/example/spring/security/ws/basic/config/WebSecurityConfig.java

@@ -1,7 +1,7 @@
 /**
  * The MIT License (MIT)
  * <p>
- * Copyright (c) 2022-2023 the original author or authors.
+ * Copyright (c) 2022-2025 the original author or authors.
  * <p>
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -24,8 +24,6 @@
 
 package com.bernardomg.example.spring.security.ws.basic.config;
 
-import java.util.Arrays;
-
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.Customizer;
@@ -34,10 +32,13 @@
 import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer;
 import org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer;
 import org.springframework.security.config.annotation.web.configurers.LogoutConfigurer;
+import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
+import org.springframework.web.servlet.handler.HandlerMappingIntrospector;
 
-import com.bernardomg.example.spring.security.ws.basic.security.configuration.WhitelistRequestCustomizer;
+import com.bernardomg.example.spring.security.ws.basic.springframework.web.ErrorResponseAuthenticationEntryPoint;
 
 /**
  * Web security configuration.
@@ -61,6 +62,8 @@ public WebSecurityConfig() {
      *
      * @param http
      *            HTTP security component
+     * @param introspector
+     *            utility class to find routes
      * @param userDetailsService
      *            user details service
      * @return web security filter chain with all authentication requirements
@@ -69,16 +72,31 @@ public WebSecurityConfig() {
      */
     @Bean("webSecurityFilterChain")
     public SecurityFilterChain getWebSecurityFilterChain(final HttpSecurity http,
-            final UserDetailsService userDetailsService) throws Exception {
+            final HandlerMappingIntrospector introspector, final UserDetailsService userDetailsService)
+            throws Exception {
+        final MvcRequestMatcher.Builder mvc;
+
+        mvc = new MvcRequestMatcher.Builder(introspector);
         http
             // Whitelist access
-            .authorizeHttpRequests(new WhitelistRequestCustomizer(Arrays.asList("/actuator/**", "/login/**")))
+            .authorizeHttpRequests(c -> c
+                .requestMatchers(mvc.pattern("/actuator/**"), mvc.pattern("/login/**"), mvc.pattern("/favicon.ico"),
+                    mvc.pattern("/error/**"))
+                .permitAll())
+            // Authenticate all others
+            .authorizeHttpRequests(c -> c.anyRequest()
+                .authenticated())
+            .httpBasic(Customizer.withDefaults())
+            // CSRF and CORS
             .csrf(CsrfConfigurer::disable)
-            .cors(cors -> {})
+            .cors(Customizer.withDefaults())
+            // Authentication error handling
+            .exceptionHandling(handler -> handler.authenticationEntryPoint(new ErrorResponseAuthenticationEntryPoint()))
+            // Stateless
+            .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+            // Disable login and logout forms
             .formLogin(FormLoginConfigurer::disable)
-            .logout(LogoutConfigurer::disable)
-            // Activates HTTP Basic authentication
-            .httpBasic(Customizer.withDefaults());
+            .logout(LogoutConfigurer::disable);
 
         http.userDetailsService(userDetailsService);
 

src/main/java/com/bernardomg/example/spring/security/ws/basic/config/package-info.java

@@ -1,7 +1,7 @@
 /**
  * The MIT License (MIT)
  * <p>
- * Copyright (c) 2022-2023 the original author or authors.
+ * Copyright (c) 2022-2025 the original author or authors.
  * <p>
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal