The project is a simple web application built with Spring Boot and Spring Security. It demonstrates how to secure web applications using Spring Security, featuring a custom login page and an in-memory user details service. The application ensures that only authenticated users can access certain pages, while allowing unrestricted access to the login and index pages. Additionally, it provides functionality for a shared drawing board, enabling users to collaborate in real-time within a secure environment.
- Secure Login: User authentication with a custom login page.
- In-memory Users: Two users (
userandadmin) are predefined in the application. - Access Control: Restricts access to authenticated users for all pages except the index and login pages.
- Java: Ensure Java Development Kit (JDK) version 17 is installed.
- Maven: Automate and standardize the lifecycle of software construction.
- Git: Decentralized Configuration Manager.
-
Maven
-
Git
You can clone the project repository using the following command:
git clone https://github.com/yourusername/your-repo.git-
Open a terminal and navigate to the folder where you cloned the repository.
-
Use the following command to remove files generated in previous builds, compile the code, and package the project into a JAR file:
mvn clean package
-
Now, run the project using the following command:
mvn spring-boot:run
-
Open a browser and go to the following link to access the login page:
- Description: Main application class for the Spring Boot application.
- Purpose: Defines the primary entry point of the Spring Boot application using the
@SpringBootApplicationannotation.
- Description: Configuration class for WebSocket server endpoint and scheduling.
- Purpose: Configures WebSocket server endpoint export using
@Configurationand enables scheduling using@EnableScheduling.
- Description: WebSocket endpoint for handling drawing actions via WebSocket protocol.
- Purpose: Manages WebSocket sessions, message processing, and error handling, enabling real-time communication between clients and the server.
- Description: REST controller for handling status requests.
- Purpose: Provides a REST endpoint
/statusreturning server status in JSON format, including the current date and time.
- Description: MVC configuration class for registering view controllers.
- Purpose: Configures view controllers to handle specific URLs (
/,/index,/login,/error) and assigns corresponding view names.
- Description: REST controller class for handling ticket generation requests.
- Purpose: Provides a REST endpoint
/ticket/generategenerating a new ticket for WebSocket authorization based on the user ID.
- Description: Service managing generation, validation, and removal of tickets.
- Purpose: Manages tickets stored in memory, verifying their validity and removing them upon expiration.
- Description: Configuration class for web security using Spring Security.
- Purpose: Configures HTTP security policies, user authentication, and secure access to pages using custom login forms and an in-memory user details service.
-
Initialization:
- The
WebSecurityConfigclass initializes the security configuration. - Defines in-memory users with roles.
- The
-
Login:
- Users access the login page at
/login. - Users authenticate with predefined usernames and passwords.
- Users access the login page at
-
Access Control:
- Authenticated users can access secured pages.
- Unauthenticated users are redirected to the login page.
- Spring Security - Framework for securing Spring-based applications.
- Spring Boot - Backend framework
- Maven - Dependency management
- Johann Amaya Lopez - @JohannBulls
This project is licensed under the GNU License - see the LICENSE.txt file for details.