From e688f2af5b8da9a24a22c096f24f06174064f72f Mon Sep 17 00:00:00 2001
From: Mohammad Zuber Khan <khan.zuber@gmail.com>
Date: Sun, 19 Apr 2015 12:09:47 -0500
Subject: [PATCH] Add security and connection pooling

---
 pom.xml                                       | 10 +++++++
 src/com/markz/testApp/config/DataConfig.java  |  9 +++---
 .../markz/testApp/config/SecurityConfig.java  | 30 +++++++++++++++++++
 .../SecurityWebApplicationInitializer.java    | 12 ++++++++
 .../testApp/controller/MyTestController.java  |  4 ++-
 src/log4j.properties                          |  2 +-
 6 files changed, 60 insertions(+), 7 deletions(-)
 create mode 100644 src/com/markz/testApp/config/SecurityConfig.java
 create mode 100644 src/com/markz/testApp/config/SecurityWebApplicationInitializer.java

diff --git a/pom.xml b/pom.xml
index f7aeb8e..78f070b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -87,5 +87,15 @@
 			<artifactId>log4j</artifactId>
 			<version>1.2.17</version>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-web</artifactId>
+			<version>3.2.7.RELEASE</version>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-config</artifactId>
+			<version>3.2.7.RELEASE</version>
+		</dependency>
 	</dependencies>
 </project>
\ No newline at end of file
diff --git a/src/com/markz/testApp/config/DataConfig.java b/src/com/markz/testApp/config/DataConfig.java
index 5e19486..e103a1c 100644
--- a/src/com/markz/testApp/config/DataConfig.java
+++ b/src/com/markz/testApp/config/DataConfig.java
@@ -2,6 +2,7 @@
 
 import javax.sql.DataSource;
 
+import org.apache.ibatis.datasource.pooled.PooledDataSource;
 import org.apache.ibatis.session.SqlSessionFactory;
 import org.mybatis.spring.SqlSessionFactoryBean;
 import org.mybatis.spring.annotation.MapperScan;
@@ -16,14 +17,12 @@ public class DataConfig {
 
 	@Bean
 	public DataSource dataSource() {
-		SimpleDriverDataSource dataSource = new SimpleDriverDataSource();
-		dataSource.setDriverClass(com.mysql.jdbc.Driver.class);
+		String driverClass = "com.mysql.jdbc.Driver";
 		String url = "jdbc:mysql://enliteinstance.c9a1yjg7i5cn.us-east-1.rds.amazonaws.com:3306/test";
 		String username = "master";
 		String password = "enliteUs";
-		dataSource.setUrl(url);
-		dataSource.setUsername(username);
-		dataSource.setPassword(password);
+		PooledDataSource dataSource = new PooledDataSource(driverClass, url, username, password);
+//		dataSource.setPoolMaximumActiveConnections(20);		
 		return dataSource;
 	}
 
diff --git a/src/com/markz/testApp/config/SecurityConfig.java b/src/com/markz/testApp/config/SecurityConfig.java
new file mode 100644
index 0000000..6a8c258
--- /dev/null
+++ b/src/com/markz/testApp/config/SecurityConfig.java
@@ -0,0 +1,30 @@
+package com.markz.testApp.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
+
+
+@Configuration
+@EnableWebSecurity
+
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+	@Autowired
+	public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+		auth.inMemoryAuthentication().withUser("zuber").password("test").roles("USER");
+
+	}
+	
+//	@Autowired
+//	public void configure(HttpSecurity http) throws Exception {
+//		http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
+//		.and()
+//			.authorizeRequests()
+//			.regexMatchers("/users").access("read");
+//	}
+}
diff --git a/src/com/markz/testApp/config/SecurityWebApplicationInitializer.java b/src/com/markz/testApp/config/SecurityWebApplicationInitializer.java
new file mode 100644
index 0000000..e774b2d
--- /dev/null
+++ b/src/com/markz/testApp/config/SecurityWebApplicationInitializer.java
@@ -0,0 +1,12 @@
+package com.markz.testApp.config;
+
+import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
+
+public class SecurityWebApplicationInitializer extends
+		AbstractSecurityWebApplicationInitializer {
+
+	public SecurityWebApplicationInitializer() {
+		super(SecurityConfig.class);
+	}
+
+}
diff --git a/src/com/markz/testApp/controller/MyTestController.java b/src/com/markz/testApp/controller/MyTestController.java
index 752885f..b996233 100644
--- a/src/com/markz/testApp/controller/MyTestController.java
+++ b/src/com/markz/testApp/controller/MyTestController.java
@@ -7,6 +7,7 @@
 import org.apache.log4j.Logger;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
+import org.springframework.security.core.AuthenticationException;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -54,7 +55,8 @@ public void createUser(@RequestBody UserDetail userDetail,
 
 	@RequestMapping(value = "/user/update/{id}", method = RequestMethod.PUT)
 	public UserDetail updateUser(@RequestBody UserDetail userDetail,
-			@PathVariable int id, HttpServletResponse httpServletResponse) {
+			@PathVariable int id, HttpServletResponse httpServletResponse, 
+			AuthenticationException authException) {
 		LOGGER.info("Updating the user with id: " + id);
 
 		try {
diff --git a/src/log4j.properties b/src/log4j.properties
index 1be72fe..3cc5856 100644
--- a/src/log4j.properties
+++ b/src/log4j.properties
@@ -1,5 +1,5 @@
 # Root logger option
-log4j.rootLogger=INFO, stdout
+log4j.rootLogger=DEBUG, stdout
 
 # Redirect log messages to console
 log4j.appender.stdout=org.apache.log4j.ConsoleAppender