From f2835b0df00aa308146dfc097fe4ff9366bbdb38 Mon Sep 17 00:00:00 2001 From: Marcus Da Coregio Date: Fri, 31 Mar 2023 11:20:48 -0300 Subject: [PATCH] Update X509 sample to Spring 6 --- .../authentication/x509/build.gradle | 15 +++--- .../authentication/x509/gradle/gretty.gradle | 3 ++ .../src/integTest/java/example/X509Tests.java | 52 +++++++++++++------ .../example/MvcWebApplicationInitializer.java | 2 +- 4 files changed, 49 insertions(+), 23 deletions(-) diff --git a/servlet/java-configuration/authentication/x509/build.gradle b/servlet/java-configuration/authentication/x509/build.gradle index 2268004..f661d3b 100644 --- a/servlet/java-configuration/authentication/x509/build.gradle +++ b/servlet/java-configuration/authentication/x509/build.gradle @@ -1,11 +1,11 @@ plugins { id "java" -// id "nebula.integtest" version "8.2.0" - id "org.gretty" version "3.0.6" + id "nebula.integtest" version "8.2.0" + id "org.gretty" version "4.0.1" id "war" } -//apply from: "gradle/gretty.gradle" +apply from: "gradle/gretty.gradle" repositories { mavenCentral() @@ -14,14 +14,17 @@ repositories { } dependencies { - implementation platform("org.springframework:spring-framework-bom:5.3.0") - implementation platform("org.springframework.security:spring-security-bom:5.5.0-SNAPSHOT") + implementation platform("org.springframework:spring-framework-bom:6.0.7") + implementation platform("org.springframework.security:spring-security-bom:6.0.2") implementation platform("org.junit:junit-bom:5.7.0") implementation "org.springframework.security:spring-security-config" implementation "org.springframework.security:spring-security-web" implementation "org.springframework:spring-webmvc" - implementation "org.apache.httpcomponents:httpclient:4.5.13" + implementation "org.apache.httpcomponents.client5:httpclient5:5.2.1" + + providedCompile "jakarta.servlet:jakarta.servlet-api:6.0.0" + providedCompile "org.glassfish.web:jakarta.servlet.jsp.jstl:2.0.0" testImplementation "org.assertj:assertj-core:3.18.0" testImplementation "org.springframework:spring-test" diff --git a/servlet/java-configuration/authentication/x509/gradle/gretty.gradle b/servlet/java-configuration/authentication/x509/gradle/gretty.gradle index 3428615..b7812f3 100644 --- a/servlet/java-configuration/authentication/x509/gradle/gretty.gradle +++ b/servlet/java-configuration/authentication/x509/gradle/gretty.gradle @@ -3,6 +3,9 @@ gretty { contextPath = "/" fileLogEnabled = false integrationTestTask = 'integrationTest' + httpsEnabled = true + sslKeyStorePath = 'certs/server.p12' + sslKeyStorePassword = 'password' } Task prepareAppServerForIntegrationTests = project.tasks.create('prepareAppServerForIntegrationTests') { diff --git a/servlet/java-configuration/authentication/x509/src/integTest/java/example/X509Tests.java b/servlet/java-configuration/authentication/x509/src/integTest/java/example/X509Tests.java index 37e04d5..b77f7e8 100644 --- a/servlet/java-configuration/authentication/x509/src/integTest/java/example/X509Tests.java +++ b/servlet/java-configuration/authentication/x509/src/integTest/java/example/X509Tests.java @@ -20,10 +20,17 @@ import java.security.KeyStore; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLHandshakeException; -import org.apache.http.conn.ssl.SSLConnectionSocketFactory; -import org.apache.http.impl.client.CloseableHttpClient; -import org.apache.http.impl.client.HttpClients; -import org.apache.http.ssl.SSLContexts; +import org.apache.hc.client5.http.impl.classic.CloseableHttpClient; +import org.apache.hc.client5.http.impl.classic.HttpClients; +import org.apache.hc.client5.http.impl.io.BasicHttpClientConnectionManager; +import org.apache.hc.client5.http.socket.ConnectionSocketFactory; +import org.apache.hc.client5.http.socket.PlainConnectionSocketFactory; +import org.apache.hc.client5.http.ssl.HttpsSupport; +import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory; +import org.apache.hc.client5.http.ssl.TrustAllStrategy; +import org.apache.hc.core5.http.config.Registry; +import org.apache.hc.core5.http.config.RegistryBuilder; +import org.apache.hc.core5.ssl.SSLContexts; import org.junit.jupiter.api.Disabled; import org.junit.jupiter.api.Test; @@ -41,38 +48,51 @@ import static org.assertj.core.api.Assertions.assertThatCode; * * @author Michael Simons */ -@Disabled +// @Disabled public class X509Tests { @Test void notCertificateThenSslHandshakeException() { RestTemplate rest = new RestTemplate(); - assertThatCode(() -> rest.getForEntity("https://localhost:8443/", String.class)) + assertThatCode(() -> rest.getForEntity(getServerUrl(), String.class)) .hasCauseInstanceOf(SSLHandshakeException.class); } @Test + @Disabled("Figure out how to make certs work") void certificateThenStatusOk() throws Exception { - ClassPathResource serverKeystore = new ClassPathResource("/certs/server.p12"); + ClassPathResource serverKeystore = new ClassPathResource("certs/server.p12"); KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(serverKeystore.getInputStream(), "password".toCharArray()); // @formatter:off SSLContext sslContext = SSLContexts.custom() .loadKeyMaterial(keyStore, "password".toCharArray(), (aliases, socket) -> "client") - .loadTrustMaterial(keyStore, null) + .loadTrustMaterial(keyStore, new TrustAllStrategy()) .build(); SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(sslContext, - new String[]{"TLSv1.2", "TLSv1.1"}, - null, - SSLConnectionSocketFactory.getDefaultHostnameVerifier()); + HttpsSupport.getDefaultHostnameVerifier()); + + final Registry socketFactoryRegistry = + RegistryBuilder. create() + .register("https", socketFactory) + .register("http", new PlainConnectionSocketFactory()) + .build(); + + final BasicHttpClientConnectionManager connectionManager = new BasicHttpClientConnectionManager(socketFactoryRegistry); // @formatter:on - CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory).build(); - ClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(httpClient); - RestTemplate rest = new RestTemplate(requestFactory); - ResponseEntity responseEntity = rest.getForEntity("https://localhost:8443/me", String.class); - assertThat(responseEntity).extracting((result) -> result.getStatusCode().is2xxSuccessful()).isEqualTo(true); + try (CloseableHttpClient httpClient = HttpClients.custom().setConnectionManager(connectionManager).build()) { + ClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(httpClient); + RestTemplate rest = new RestTemplate(requestFactory); + ResponseEntity responseEntity = rest.getForEntity(getServerUrl() + "/me", String.class); + assertThat(responseEntity).extracting((result) -> result.getStatusCode().is2xxSuccessful()).isEqualTo(true); + } + + } + + private String getServerUrl() { + return "https://localhost:" + System.getProperty("app.httpsPort"); } } diff --git a/servlet/java-configuration/authentication/x509/src/main/java/example/MvcWebApplicationInitializer.java b/servlet/java-configuration/authentication/x509/src/main/java/example/MvcWebApplicationInitializer.java index a45eec0..5679405 100644 --- a/servlet/java-configuration/authentication/x509/src/main/java/example/MvcWebApplicationInitializer.java +++ b/servlet/java-configuration/authentication/x509/src/main/java/example/MvcWebApplicationInitializer.java @@ -16,7 +16,7 @@ package example; -import javax.servlet.Filter; +import jakarta.servlet.Filter; import org.springframework.web.filter.HiddenHttpMethodFilter; import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;