Detailed Notes
We are continuing a series of tutorials focused on Spring Boot. The crux of the project is to convert/migrate an old JSP/Tomcat application to a modern Spring Boot application and Java 7/8 to a current version. Spring provides an excellent security framework that can lock down your site. In this episode, we look at how to leave pages and resources externally accessible without a login.
You can learn more through our online classes at https://school.develpreneur.com and register for free. Registration will add you to our email list, and you will periodically receive coupons for courses and notifications of the latest releases.
Transcript Text
[Music] well hello and welcome back We are continuing our spring boot tutorial as we're converting an older application into a newer spring boot trying to get get to use some of these modern tools and last time around we customized our login screen one of the things we did though is we had stuff not showing up so we had uh let's see if I get rid of this we had a homepage that did not look good because because we weren't getting things like CSS and those kinds of good things so oops let's go here so if I go to my homepage two things that we had that were an issue one is that it takes me here to my login page as opposed to an actual homepage and as you can see here there's like a whole lot of missing CSS JavaScript all that kind of good stuff so this episode we're going to focus on unsecured things now the security comes right here with the authorized HTTP requests and any request needs to be authenticated and so what we need to do with that is we're going to actually build a bunch of matchers and for those things that match those we're going to do a permit all we're going to say anything that matches that we're going to let it go through and not force a login and this is something that if you're if you're doing some searches out there there are a couple different ways to do this stuff there's there's an older way and a modern way and depending on how you've got your application set up it's going to look for ant an matches or request matchers um and sort of like the it's a different setup that's not what we need that's usually what you're going to see the nice thing is it's pretty easy to just replace ant with request and usually what you're going to see is a series of strings instead you're going to want an MVC request matcher just to make sure that because this is an MVC application we're building we're doing a web app and so we're going to want to make sure we build those out now I've I've built all of these out but I want to sort of walk through these first so the first thing I wanted to do is let me do this I'll pull a couple of these out what the first thing I wanted to look at is say hey this thing's always going to the login it does not take me to my homepage so what I'm going to do is I'm going to allow slash and slome and do I have a slome I think I have a slome oh I don't it's uh that was a leftover used to be slome but there you go so I have a slome even though I'm not it's not there I'm going to allow both of those so actually for this let's just go ahead and pull that uh yeah I'm going to leave it there let me see how I want to do this let me do it this way sorry I'm going to pull that and whoops I want yeah I want everything except MBC so I'm just going to add this this time around all I'm doing is saying hey slash is unsecured and so if I do that now notice this is my login page and we're going to see something a little different hopefully it's EAS yeah so now you can see this a little different and this is now slash now I can still log in because I have a login form here so if I log in now it takes me to my dashboard just like it normally did and now I could also go to if I want to go back to slash I can do that and now here's the magic notice because I'm logged in this thing actually looks decent because it's pulling all of that key stuff in and what is that key stuff it's things like JavaScript and cascading Styles sheet CSS and images and bootstrap and all kinds of goodness so we want this to look this way even if like here I log out now log out notice it took me back to login so if I go to my home I can do that but again that's not the homeage looks horrible because it's not letting those things in so let's start working on that piece let me do this I don't need the home at all now the first thing uh one of the first thing I want to do is I'm going to allow let's do this if we look at what we had here um we do have a couple of basic pieces so we are getting the header if we look cuz that was where our menu items were so header's coming in so I didn't really need that but what we do need is we want to bring in anything that is an IMG we want to bring in our bootstrap stuff we want to bring in our CSS and our JS the way we do this is we're going to do a permit all and so what we want to do here uh with each of these is we're going to create a request matcher and all we do is we're just going to say hey give it a string um it's also looking for a u another control that we don't really have to worry about because we can just leave it null so the easy way is let's just leave it null and note the um the pattern here what we want to do is a star star so that's just going to be like anything whether it's um an actual just a file name or a file name with an extension or whatever it is so you just want to catch in this case like give me everything including subdirectories whatever I want everything that matches this name so anything that's going to have this is going to get picked up and if I add those what I end up with here is now when I come to my homepage now I'm seeing most of what I've got but now look if you look we're still missing something because um if I log in if I go ahead and log into this and then come back to that page I'm going to see something a little bit different and it's because right there so this thing that this Banner that is picking stuff up from core. CSS probably is where we're going to see it so what we want to do and if you know well uh shoot let me go back to that where was that Banner it's hard to see here probably but it's uh cot CSS although it is loading it we're not getting like an error or anything like that we're not reading it when it's not here so here that's one of the pieces we missed is right here on our Banner it's coming from core so most likely that's where we're going to oh let me see where did the [Music] banner and you should be able to see here where did it go uh I can't can't find my color but normally what you're going to see is you're going to see where the color oh cuz it's not picking up because it's not in core. CSS it's not being shown so we can see here that's like oh okay well let's go ahead and pick uh let's make this three and let's just call it let's see if we get core. CSS and we're going to add three here and this is how we can do it we can just stack wh we can just stack darn it there we can just stack these things up all day and permit stuff and so we could also come in and we could also start securing specific things which may be the easier rout it depends on what you how you look at stuff let's see I've got an error here somewhere it said um I'm not sure why I think it just doesn't like it in general okay oh yeah because it's just that's some of the formatting issues so we'll allow that to go and we're come over here and we're going to run it and now let's see if we can get our core. CSS and now we've got it so we are here we're not logged in actually let's go here because I was on the login page here we go so now here's my homepage if we take a look at it and let's do this let's take this page so we do a little side by side compare is if we take that and then we do um let's just do this let's just create one real quick and if we look at this one uh let's just go here so if we look at it like this and then we look at it after we've logged in and then we come back to that page what we should see is basically identical so if we move this to there move this to there granted it's a little bit different in our width let me match the width for us and if I do a match width then we'll see that look things are starting to fall out they look exactly the same we do still have our footer which is always like one of those key things we want to have so now we have managed to uh unsecure some of our key uh key pieces of our application note that again if I try to go to dashboard well I can go here notice here I'm at home but if I try to go to my dashboard and I'm not logged in then it kicks me back to the login page not the home page page to login page so these are slightly different as we've noted um here you can see this is login page and it looks a little bit the same but I changed it just enough so now we can say hey this is my homepage and notice I still have my Carousel working but we'll work on that later so if I go to dashboard wh or anything that's wrong basically it's going to say whatever I sent so I can go to blah blah blah it's going to say I don't know what that is so first thing you need to do is you need to log in so if I log in then it's going to say all right I've taken you there so now I'm logged into my dashboard now I can look at dashboard or I could go to that Ops that was actually set up and I can see that hey I've got things set up and then I can log back out and it kicks me back to my login and I have my nice little message now I do want to swing back around the login page itself um there's not not a whole lot to it uh let's see where we go here so there's not a whole lot we need to do with our login form but we do need to make sure that we've got some things there that actually are properly you know named so we do need our username and password need to be entered that way and other than that we're going to form to uh we've got a form it's going to use this we're going to use that time leavea the action is at/ log in uh if you wanted to do a log out you will see uh wherever I put the menu is that here I think that's on the other it's in the header think I switched that to at logout uh yeah is it's going to be a log out and um now it's it CU I just switched it over to a submit button there so it's going to go in and SL so this is how you connect these pieces out uh fairly easy easily is you can just go straight in and it's just going to say hey I'm going to post to and it's like very like I said it's sort of U you know 101 type stuff but just want to let know that these are again we're using our time Leaf we're using our a couple our key things which is basically our action for our password for our login it's going to log in it does go to web security config and this is where we're going to try to make sure that we get our username comes in so we want you know username is going to be username password is going to be password and it's going to send those things in uh accordingly and once we've got those it's going to validate us and give us a you some sort of a a security role now there is or security access now there are things that are out there that we we aren't haven't talked about yet we'll probably get to at some point where you have like different roles so you can have an admin role and they're only going to see things and this again goes back to our security so you can do it where instead of permit all it's only going to permit certain users like maybe only admin gets to see it so we would maybe say that hey everybody gets to see which we need for these but for uh some of the other stuff there may be like certain pages that we only want admin to see and otherwise in those kind of cases we're probably going to have some sort of like you know login or some sort of an error page you're going to redirect to I think that's good enough for now to get us like our our Basics so what we have now is we can build a page that's a login we can have a homepage which is our slash and we can free up key stuff that we need to free up basically so that we can get all of our here uh like our resources and such get those things included in and let's see I think I've got everything there I have a home Banner well I'm going to take a look at those I'll go flip back through those I think I've got everything now that is needs to be unsecure unsecure so that we can plow on with some of our other uh pages and start building out the application and just start cranking through this thing if you have any questions shoot an email to info@ developand door.com uh we're going to keep chugging along here add some new things a little bit conversions here and there uh some's going to be very straightforward and simple because it's the nice stuff about building a good Java application and doing an MVC model and how you can very quickly make some changes like this where're in a sense re-platforming the whole thing but it's not taking us a whole lot of work that being said go out there and have yourself a great day a great week and we will talk to you next time hello this is Rob with develop or also known as building better developers wanted to announce that we have school. developer.com feel free to check it out if you like any of this information any of the cont content that we've sent and you would like to see more you can come out you can enroll for free we have free courses we've got places for you to get better at just learning a technology or how toos you can work on your business skills we can help you with becoming a better developer as in coding and things like that a lot of the stuff you've seen on YouTube we also have out at school. develop andur we have it a little more of a uh educational format and a way for you to track your progress as you move forward becoming a better [Music] developer
Transcript Segments
[Music]
well hello and welcome back We are
continuing our spring boot tutorial as
we're converting an older application
into a newer spring boot trying to get
get to use some of these modern tools
and last time around we customized our
login screen one of the things we did
though is we had stuff not showing
up so we
had uh let's see if I get rid of
this we had a
homepage that did not look good because
because we weren't getting things like
CSS and those kinds of good things so
oops let's go here so if I go to my
homepage two things that we had that
were an issue one is that it takes me
here to my login page as opposed to an
actual homepage and as you can see here
there's like a whole lot of missing CSS
JavaScript all that kind of good stuff
so this episode we're going to focus on
unsecured things now the security comes
right here with the authorized HTTP
requests and any request needs to be
authenticated and so what we need to do
with that is we're going to actually
build a bunch of matchers and for those
things that match those we're going to
do a permit all we're going to say
anything that matches that we're going
to let it go through and not force a
login and this is something that if
you're if you're doing some searches out
there there are a couple different ways
to do this stuff there's there's an
older way and a modern way and depending
on how you've got your application set
up it's going to look for ant an matches
or request matchers um and sort of like
the it's a different setup that's not
what we need that's usually what you're
going to see the nice thing is it's
pretty easy to just replace ant with
request and usually what you're going to
see is a series of strings instead
you're going to want an MVC request
matcher just to make sure that because
this is an MVC application we're
building we're doing a web app and so
we're going to want to make sure we
build those out now I've I've built all
of these out but I want to sort of walk
through these first so the first thing I
wanted to do is let me do this I'll pull
a couple of these out what the first
thing I wanted to look at is say hey
this thing's always going to the login
it does not take me to my homepage
so what I'm going to do is I'm going to
allow slash and slome and do I have a
slome I think I have a slome oh I don't
it's uh that was a leftover used to be
slome but there you go so I have a slome
even though I'm not it's not there I'm
going to allow both of those so actually
for this let's just go ahead and pull
that uh yeah I'm going to leave it there
let me see how I want to do this let me
do it this way sorry I'm going to pull
that
and whoops I want yeah I want everything
except MBC so I'm just going to add this
this time around all I'm doing is saying
hey slash is unsecured and so if I do
that now notice this is my login page
and we're going to see something a
little different hopefully it's EAS yeah
so now you can see this a little
different and this is now slash now I
can still log in because I have a login
form here so if I log
in now it takes me to my dashboard just
like it normally did and now I could
also go to if I want to go back to slash
I can do that and now here's the magic
notice because I'm logged in this thing
actually looks decent because it's
pulling all of that key stuff
in and what is that key stuff it's
things like JavaScript and cascading
Styles sheet CSS and images and
bootstrap and all kinds of goodness so
we want this to look this way even if
like here I log out now log out notice
it took me back to
login so if I go to my home I can do
that but again that's not the homeage
looks horrible because it's not letting
those things in so let's start working
on that piece let me do this I don't
need the home at
all now the first thing uh one of the
first thing I want to do is I'm going to
allow let's do this if we look at what
we had here um we do have a couple of
basic pieces so we are getting the
header if we look cuz that was where our
menu items were so header's coming in so
I didn't really need
that but what we do need is we want to
bring
in anything that is an IMG we want to
bring in our bootstrap stuff we want to
bring in our CSS and our JS the way we
do this is we're going to do a permit
all and so what we want to do
here uh with each of these is we're
going to create a request matcher and
all we do is we're just going to say hey
give it a
string um it's also looking for a u
another control that we don't really
have to worry about because we can just
leave it null so the easy way is let's
just leave it
null and note the um the pattern here
what we want to do is a star star so
that's just going to be like anything
whether it's um an actual just a file
name or a file name with an extension or
whatever it is so you just want to catch
in this case like give me everything
including subdirectories whatever I want
everything that matches this name so
anything that's going to have this is
going to get picked
up and if I add
those what I end up with
here
is now when I come to my homepage now
I'm seeing most of what I've got but now
look if you look we're still missing
something
because um if I log
in if I go ahead and log into this and
then come back to that page I'm going to
see something a little bit different and
it's because right there so this thing
that this Banner that is picking stuff
up from core.
CSS probably is where we're going to see
it so what we want to
do and if you know well uh shoot let me
go back to that where was that Banner
it's hard to see here probably but it's
uh cot CSS although it is loading it
we're not getting like an error or
anything like that we're not reading it
when it's not here so here that's one of
the pieces we
missed is right here on our Banner it's
coming from core so most likely that's
where we're going to oh let me see where
did the
[Music]
banner and you should be able to see
here where did it
go uh I can't can't find my color but
normally what you're going to see is
you're going to see where the color oh
cuz it's not picking up because it's not
in core. CSS it's not being shown so we
can see here that's like oh okay well
let's go ahead and
pick uh let's make
this
three and let's just call it let's see
if we get core.
CSS and we're going to add three here
and this is how we can do it we can just
stack wh we can just stack darn it there
we can just stack these things up all
day and permit
stuff and so we could also come in and
we could also start securing specific
things which may be the easier rout it
depends on what you how you look at
stuff let's see I've got an error here
somewhere it
said
um I'm not sure why I think it just
doesn't like it in general
okay oh yeah because it's just that's
some of the formatting issues so we'll
allow that to go and we're come over
here and we're going to run it and now
let's see if we can get our core.
CSS and now we've got it so we are here
we're not logged
in actually let's go here because I was
on the login page here we go so
now here's my homepage if we take a look
at
it and let's do this let's take this
page so we do a little side by side
compare is if we take
that and then we do um let's just do
this let's just create one real
quick and if we look at this one uh
let's just go
here so if we look at it like this and
then we look at it after we've logged
in
and then we come back to that
page what we should see is basically
identical so if we move this to there
move this to
there granted it's a little bit
different in our width let me match the
width for
us and if I do a match
width then we'll see that look things
are starting to fall out they look
exactly the same we do still have our
footer which is always like one of those
key things we want to have so now we
have managed to uh unsecure some of our
key uh key pieces of our application
note that
again if I try to go to
dashboard well I can go here notice here
I'm at home but if I try to go to my
dashboard and I'm not logged in then it
kicks me back to the login page not the
home page page to login page so these
are slightly different as we've noted um
here you can see this is login page and
it looks a little bit the same but I
changed it just enough so now we can say
hey this is my
homepage and notice I still have my
Carousel working but we'll work on that
later so if I go to dashboard wh or
anything that's wrong basically it's
going to say whatever I sent so I can go
to blah blah blah it's going to say I
don't know what that is so first thing
you need to do is you need to log in so
if I log
in then it's going to say all right I've
taken you
there so now I'm logged into my
dashboard now I can look at dashboard or
I could go to that Ops that was actually
set up and I can see that hey I've got
things set up and then I can log back
out and it kicks me back to my login and
I have my nice little message now I do
want to swing back around the login page
itself um there's not not a whole lot to
it uh let's see where we go here so
there's not a whole lot we need to do
with our login form but we do need to
make sure that we've got some things
there that actually are properly you
know named so we do need our username
and password need to be entered that way
and other than that we're going to form
to uh we've got a form it's going to use
this we're going to use that time leavea
the action is at/ log in uh if you
wanted to do a log out you will see uh
wherever I put the menu is that here I
think that's on the other it's in the
header think I switched that to at
logout uh yeah is it's going to be a log
out and um now it's it CU I just
switched it over to a submit button
there so it's going to go in and SL so
this
is how you connect these pieces out uh
fairly easy easily is you can just go
straight in and it's just going to say
hey I'm going to post to and it's like
very like I said it's sort
of U you know 101 type stuff but just
want to let know that these are again
we're using our time Leaf we're using
our a couple our key things which is
basically our action for our password
for our
login it's going to log in it does go to
web security config and this is where
we're going to try to make sure that we
get our username comes in so we want you
know username is going to be username
password is going to be password and
it's going to send those things in uh
accordingly and once we've got those
it's going to validate us and give us a
you some sort of a a security role now
there is or security access now there
are things that are out there that we we
aren't haven't talked about yet we'll
probably get to at some point where you
have like different roles so you can
have an admin role and they're only
going to see things and this again goes
back to our security so you can do it
where instead of permit all it's only
going to permit certain users like maybe
only admin gets to see it so we would
maybe say that hey everybody gets to see
which we need for these
but for uh some of the other stuff there
may be like certain pages that we only
want admin to see and otherwise in those
kind of cases we're probably going to
have some sort of like you know login or
some sort of an error page you're going
to redirect
to I think that's good enough for now to
get us like our our Basics so what we
have now is we can build a page that's a
login we can have a homepage which is
our slash and we can free
up key stuff that we need to free up
basically so that we can get all of our
here uh like our resources and such get
those things included in and let's see I
think I've got everything
there I have a home Banner well I'm
going to take a look at those I'll go
flip back through those I think I've got
everything now that is needs to be
unsecure unsecure so that we can plow on
with some of our other uh pages and
start building out the application and
just start cranking through this thing
if you have any questions shoot an email
to info@ developand door.com uh we're
going to keep chugging along here add
some new things a little bit conversions
here and there uh some's going to be
very straightforward and simple because
it's the nice stuff about building a
good Java application and doing an MVC
model and how you can very quickly make
some changes like this where're in a
sense re-platforming the whole thing but
it's not taking us a whole lot of work
that being said go out there and have
yourself a great day a great week and we
will talk to you next time hello this is
Rob with develop or also known as
building better developers wanted to
announce that we have school.
developer.com feel free to check it out
if you like any of this information any
of the cont content that we've sent and
you would like to see more you can come
out you can enroll for free we have free
courses we've got places for you to get
better at just learning a technology or
how toos you can work on your business
skills we can help you with becoming a
better developer as in coding and things
like that a lot of the stuff you've seen
on YouTube we also have out at school.
develop andur we have it a little more
of a uh educational format and a way for
you to track your progress as you move
forward becoming a better
[Music]
developer