Initial Commit

section1/springsecsection1/src/main/java/com/eazybytes/springsecsection1/EazyBankBackendApplication.java

@@ -7,7 +7,7 @@
 @SpringBootApplication
 // @ComponentScan("com.eazybytes.springsecsection1.controller")
 public class EazyBankBackendApplication {
-
+	//Initial Commit
 	public static void main(String[] args) {
 		SpringApplication.run(EazyBankBackendApplication.class, args);
 	}

section2/springsecsection2/pom.xml

@@ -14,7 +14,7 @@
 	<name>springsecsection2</name>
 	<description>Demo project for Spring Boot and Spring Security</description>
 	<properties>
-		<java.version>21</java.version>
+		<java.version>17</java.version>
 	</properties>
 	<dependencies>
 		<dependency>

section2/springsecsection2/src/main/java/com/eazybytes/config/ProjectSecurityConfig.java

@@ -2,8 +2,20 @@
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.password.CompromisedPasswordChecker;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.factory.PasswordEncoderFactories;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.provisioning.UserDetailsManager;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.password.HaveIBeenPwnedRestApiPasswordChecker;
+
+import java.util.Properties;
 
 import static org.springframework.security.config.Customizer.withDefaults;
 
@@ -15,11 +27,30 @@ SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Excepti
         /*http.authorizeHttpRequests((requests) -> requests.anyRequest().permitAll());*/
         /*http.authorizeHttpRequests((requests) -> requests.anyRequest().denyAll());*/
         http.authorizeHttpRequests((requests) -> requests
-                .requestMatchers("/myAccount", "/myBalance", "/myLoans", "/myCards").authenticated()
+                .requestMatchers("/login", "/myAccount", "/myBalance", "/myLoans", "/myCards").authenticated()
                 .requestMatchers("/notices", "/contact", "/error").permitAll());
         http.formLogin(withDefaults());
         http.httpBasic(withDefaults());
+        //http.formLogin(AbstractHttpConfigurer::disable);
+        //http.httpBasic(AbstractHttpConfigurer::disable);
         return http.build();
     }
 
+    @Bean
+    public UserDetailsService userDetailsService() {
+        UserDetails user = User.withUsername("user").password("{bcrypt}$2a$12$tvuWBmpxQtFpJmXbrpPsc.mBYqKGD8gA8H/0PY.6GqQMYqRFonU1a").authorities("read").build();
+        UserDetails admin = User.withUsername("admin").password("{bcrypt}$2a$12$h4zkrTtDoa5eDIXhWekMOuNeqcADiDze2EfAgnCQpEKajwZejI7PS").authorities("admin").build();
+        return new InMemoryUserDetailsManager(user, admin);
+    }
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return PasswordEncoderFactories.createDelegatingPasswordEncoder();
+    }
+
+    @Bean
+    public CompromisedPasswordChecker compromisedPasswordChecker() {
+        return new HaveIBeenPwnedRestApiPasswordChecker();
+    }
+
 }

section2/springsecsection2/src/main/resources/application.properties

@@ -1,6 +1,6 @@
 spring.application.name=${SPRING_APP_NAME:eazybankbackend}
-spring.security.user.name=${SECURITY_USERNAME:eazybytes}
-spring.security.user.password=${SECURITY_PASSWORD:12345}
+#spring.security.user.name=${SECURITY_USERNAME:admin}
+#spring.security.user.password=${SECURITY_PASSWORD:admin}
 logging.level.org.springframework.security=${SPRING_SECURITY_LOG_LEVEL:TRACE}
 
 logging.pattern.console = ${LOGPATTERN_CONSOLE:%green(%d{HH:mm:ss.SSS}) %blue(%-5level) %red([%thread]) %yellow(%logger{15}) - %msg%n}