diff --git a/pom.xml b/pom.xml
index 96eb0f1ed2930f4a9297538c36733ddff5bb938f..d2c2d380f8e24d99c3aee47a9b440365cb0d2282 100644
--- a/pom.xml
+++ b/pom.xml
@@ -60,6 +60,7 @@
<module>xplan-core</module>
<module>xplan-documentation</module>
<module>xplan-resources</module>
+ <module>xplan-security</module>
<module>xplan-tests</module>
<module>xplan-webapps</module>
<module>xplan-webservices</module>
@@ -1366,6 +1367,16 @@
</exclusion>
</exclusions>
</dependency>
+ <dependency>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-security</artifactId>
+ <version>${spring-boot.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-test</artifactId>
+ <version>${spring-boot.version}</version>
+ </dependency>
<!-- Spring Security -->
<dependency>
<groupId>org.springframework.security</groupId>
diff --git a/xplan-api/xplan-api-manager/pom.xml b/xplan-api/xplan-api-manager/pom.xml
index c6d801e5ac4861ea4b7fe217a00a4f697c1cbd13..5c5f1c025eabed7edb8af7d58e165176142c66c4 100644
--- a/xplan-api/xplan-api-manager/pom.xml
+++ b/xplan-api/xplan-api-manager/pom.xml
@@ -78,6 +78,11 @@
<groupId>de.latlon.product.xplanbox</groupId>
<artifactId>xplan-api-commons</artifactId>
</dependency>
+ <dependency>
+ <groupId>de.latlon.product.xplanbox</groupId>
+ <artifactId>xplan-security</artifactId>
+ <version>${project.version}</version>
+ </dependency>
<!-- deegree -->
<dependency>
<groupId>de.latlon</groupId>
diff --git a/xplan-api/xplan-api-manager/src/main/java/de/latlon/xplanbox/api/manager/SpringBootApp.java b/xplan-api/xplan-api-manager/src/main/java/de/latlon/xplanbox/api/manager/SpringBootApp.java
index 922a9b5ae79159d9d4db64adf30c283e2032824c..ec44d236a2b7c6d85f59f0fef13733f6594ab511 100644
--- a/xplan-api/xplan-api-manager/src/main/java/de/latlon/xplanbox/api/manager/SpringBootApp.java
+++ b/xplan-api/xplan-api-manager/src/main/java/de/latlon/xplanbox/api/manager/SpringBootApp.java
@@ -5,11 +5,13 @@ import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.autoconfigure.liquibase.LiquibaseAutoConfiguration;
import org.springframework.boot.autoconfigure.quartz.QuartzAutoConfiguration;
+import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
import org.springframework.context.annotation.ComponentScan;
@SpringBootApplication
@ComponentScan(basePackages = { "de.latlon.xplanbox.api.manager.config" })
-@EnableAutoConfiguration(exclude = { QuartzAutoConfiguration.class, LiquibaseAutoConfiguration.class })
+@EnableAutoConfiguration(
+ exclude = { QuartzAutoConfiguration.class, LiquibaseAutoConfiguration.class, SecurityAutoConfiguration.class })
public class SpringBootApp {
public static void main(String[] args) {
diff --git a/xplan-api/xplan-api-manager/src/main/java/de/latlon/xplanbox/api/manager/config/ApplicationContext.java b/xplan-api/xplan-api-manager/src/main/java/de/latlon/xplanbox/api/manager/config/ApplicationContext.java
index ff89e7d0a42b2bfa48b983c8a7b69666ca261d15..8f6cf17a75892d73e84782d601b24117e6d998a5 100644
--- a/xplan-api/xplan-api-manager/src/main/java/de/latlon/xplanbox/api/manager/config/ApplicationContext.java
+++ b/xplan-api/xplan-api-manager/src/main/java/de/latlon/xplanbox/api/manager/config/ApplicationContext.java
@@ -81,6 +81,7 @@ import de.latlon.xplan.validator.semantic.xquery.XQuerySemanticValidator;
import de.latlon.xplan.validator.syntactic.SyntacticValidator;
import de.latlon.xplan.validator.syntactic.SyntacticValidatorImpl;
import de.latlon.xplanbox.api.commons.handler.SystemConfigHandler;
+import de.latlon.xplanbox.security.config.SecurityContext;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.ApplicationEventPublisher;
@@ -108,7 +109,7 @@ import static de.latlon.xplan.manager.workspace.WorkspaceUtils.DEFAULT_XPLANSYN_
*/
@Configuration
@ComponentScan(basePackages = { "de.latlon.xplanbox.api.manager.handler" })
-@Import({ JpaContext.class, RasterStorageContext.class, AmazonS3RasterStorageContext.class,
+@Import({ SecurityContext.class, JpaContext.class, RasterStorageContext.class, AmazonS3RasterStorageContext.class,
DocumentStorageContext.class, StorageCleanUpContext.class })
public class ApplicationContext {
diff --git a/xplan-api/xplan-api-validator/pom.xml b/xplan-api/xplan-api-validator/pom.xml
index 74b3e5c315537d5c1e6106c85770778923cf0dee..3a2dc2c74673d15d1baf118c4aaa8357cb7c1fee 100755
--- a/xplan-api/xplan-api-validator/pom.xml
+++ b/xplan-api/xplan-api-validator/pom.xml
@@ -133,6 +133,11 @@
<groupId>de.latlon.product.xplanbox</groupId>
<artifactId>xplan-api-commons</artifactId>
</dependency>
+ <dependency>
+ <groupId>de.latlon.product.xplanbox</groupId>
+ <artifactId>xplan-security</artifactId>
+ <version>${project.version}</version>
+ </dependency>
<!-- XPlanung -->
<dependency>
<groupId>de.xleitstelle.xplanung</groupId>
diff --git a/xplan-api/xplan-api-validator/src/main/java/de/latlon/xplanbox/api/validator/SpringBootApp.java b/xplan-api/xplan-api-validator/src/main/java/de/latlon/xplanbox/api/validator/SpringBootApp.java
index 7bb58b188a46c20adc877451e0666e444036fabb..1d7d89b60e5edda95aee44793fafce902a838807 100644
--- a/xplan-api/xplan-api-validator/src/main/java/de/latlon/xplanbox/api/validator/SpringBootApp.java
+++ b/xplan-api/xplan-api-validator/src/main/java/de/latlon/xplanbox/api/validator/SpringBootApp.java
@@ -1,11 +1,14 @@
package de.latlon.xplanbox.api.validator;
import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
import org.springframework.context.annotation.ComponentScan;
@SpringBootApplication
@ComponentScan(basePackages = { "de.latlon.xplanbox.api.validator.config" })
+@EnableAutoConfiguration(exclude = { SecurityAutoConfiguration.class })
public class SpringBootApp {
public static void main(String[] args) {
diff --git a/xplan-api/xplan-api-validator/src/main/java/de/latlon/xplanbox/api/validator/config/ApplicationContext.java b/xplan-api/xplan-api-validator/src/main/java/de/latlon/xplanbox/api/validator/config/ApplicationContext.java
index fc4c339c3ca6054578d24b54441598896322275d..cfb8b7a10b2a3f01ecc83ecaf834a3101e9a3d64 100644
--- a/xplan-api/xplan-api-validator/src/main/java/de/latlon/xplanbox/api/validator/config/ApplicationContext.java
+++ b/xplan-api/xplan-api-validator/src/main/java/de/latlon/xplanbox/api/validator/config/ApplicationContext.java
@@ -20,22 +20,6 @@
*/
package de.latlon.xplanbox.api.validator.config;
-import static java.nio.file.Files.createTempDirectory;
-
-import java.io.IOException;
-import java.nio.file.Path;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.List;
-
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.ComponentScan;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Import;
-import org.springframework.core.io.ResourceLoader;
-
import de.latlon.xplan.commons.configuration.PropertiesLoader;
import de.latlon.xplan.commons.configuration.SystemPropertyPropertiesLoader;
import de.latlon.xplan.manager.web.shared.ConfigurationException;
@@ -57,13 +41,29 @@ import de.latlon.xplan.validator.syntactic.SyntacticValidator;
import de.latlon.xplan.validator.syntactic.SyntacticValidatorImpl;
import de.latlon.xplan.validator.wms.config.ValidatorWmsContext;
import de.latlon.xplanbox.api.commons.handler.SystemConfigHandler;
+import de.latlon.xplanbox.security.config.SecurityContext;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Import;
+import org.springframework.core.io.ResourceLoader;
+
+import java.io.IOException;
+import java.nio.file.Path;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+
+import static java.nio.file.Files.createTempDirectory;
/**
* @author <a href="mailto:goltz@lat-lon.de">Lyn Goltz </a>
*/
@Configuration
@ComponentScan(basePackages = { "de.latlon.xplanbox.api.validator.handler", "de.latlon.xplanbox.api.validator.v1" })
-@Import(ValidatorWmsContext.class)
+@Import({ SecurityContext.class, ValidatorWmsContext.class })
public class ApplicationContext {
@Autowired
diff --git a/xplan-security/pom.xml b/xplan-security/pom.xml
new file mode 100644
index 0000000000000000000000000000000000000000..7b928556b436f59b4851d0c59c71d7a91f60fd37
--- /dev/null
+++ b/xplan-security/pom.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>xplan-security</artifactId>
+
+ <parent>
+ <groupId>de.latlon.product.xplanbox</groupId>
+ <artifactId>xplanbox</artifactId>
+ <version>7.1-SNAPSHOT</version>
+ </parent>
+
+ <dependencies>
+ <dependency>
+ <groupId>javax.servlet</groupId>
+ <artifactId>javax.servlet-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-security</artifactId>
+ </dependency>
+ <!-- logging -->
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-api</artifactId>
+ </dependency>
+ <!-- test -->
+ <dependency>
+ <groupId>org.junit.jupiter</groupId>
+ <artifactId>junit-jupiter</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-test</artifactId>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+
+</project>
diff --git a/xplan-security/src/main/java/de/latlon/xplanbox/security/authentication/PropertiesFileUserDetailsManager.java b/xplan-security/src/main/java/de/latlon/xplanbox/security/authentication/PropertiesFileUserDetailsManager.java
new file mode 100644
index 0000000000000000000000000000000000000000..7721fac23399fc423cb17bcbaf44b3557512bf66
--- /dev/null
+++ b/xplan-security/src/main/java/de/latlon/xplanbox/security/authentication/PropertiesFileUserDetailsManager.java
@@ -0,0 +1,79 @@
+package de.latlon.xplanbox.security.authentication;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.provisioning.UserDetailsManager;
+
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.util.Map;
+import java.util.Properties;
+import java.util.stream.Collectors;
+
+/**
+ * {@link UserDetailsManager} managing user details from properties file
+ *
+ * @author <a href="mailto:goltz@lat-lon.de">Lyn Goltz </a>
+ * @since 7.1
+ */
+public class PropertiesFileUserDetailsManager implements UserDetailsManager {
+
+ private static final Logger LOG = LoggerFactory.getLogger(PropertiesFileUserDetailsManager.class);
+
+ private final Map<String, String> usersAndEncryptedPasswords;
+
+ public PropertiesFileUserDetailsManager(String userPropertiesFile, PasswordEncoder passwordEncoder)
+ throws SecurityConfigurationException {
+ try (FileInputStream inputStream = new FileInputStream(userPropertiesFile)) {
+ Properties users = new Properties();
+ users.load(inputStream);
+ this.usersAndEncryptedPasswords = users.entrySet()
+ .stream()
+ .collect(Collectors.toMap(entry -> (String) entry.getKey(),
+ entry -> passwordEncoder.encode((String) entry.getValue())));
+ }
+ catch (IOException e) {
+ LOG.error("Properties file with users could not be read. ", e);
+ throw new SecurityConfigurationException(e);
+ }
+ }
+
+ @Override
+ public void createUser(UserDetails user) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public void updateUser(UserDetails user) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public void deleteUser(String username) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public void changePassword(String oldPassword, String newPassword) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public boolean userExists(String username) {
+ return usersAndEncryptedPasswords.containsKey(username);
+ }
+
+ @Override
+ public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+ if (!userExists(username)) {
+ throw new UsernameNotFoundException(username);
+ }
+ String password = this.usersAndEncryptedPasswords.get(username);
+ return User.withUsername(username).password(password).roles("USER_ROLE").build();
+ }
+
+}
diff --git a/xplan-security/src/main/java/de/latlon/xplanbox/security/authentication/SecurityConfigurationException.java b/xplan-security/src/main/java/de/latlon/xplanbox/security/authentication/SecurityConfigurationException.java
new file mode 100644
index 0000000000000000000000000000000000000000..b7b9da4d2bdae0711729905f024a1dfae7c134ec
--- /dev/null
+++ b/xplan-security/src/main/java/de/latlon/xplanbox/security/authentication/SecurityConfigurationException.java
@@ -0,0 +1,15 @@
+package de.latlon.xplanbox.security.authentication;
+
+/**
+ * Indicates a misconfiguration in the security module.
+ *
+ * @author <a href="mailto:goltz@lat-lon.de">Lyn Goltz </a>
+ * @since 7.1
+ */
+public class SecurityConfigurationException extends Exception {
+
+ public SecurityConfigurationException(Throwable e) {
+ super(e);
+ }
+
+}
diff --git a/xplan-security/src/main/java/de/latlon/xplanbox/security/config/SecurityContext.java b/xplan-security/src/main/java/de/latlon/xplanbox/security/config/SecurityContext.java
new file mode 100644
index 0000000000000000000000000000000000000000..1bebe7c5513d2729cfa1b98b4297a3734627af09
--- /dev/null
+++ b/xplan-security/src/main/java/de/latlon/xplanbox/security/config/SecurityContext.java
@@ -0,0 +1,49 @@
+package de.latlon.xplanbox.security.config;
+
+import de.latlon.xplanbox.security.authentication.PropertiesFileUserDetailsManager;
+import de.latlon.xplanbox.security.authentication.SecurityConfigurationException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.SecurityFilterChain;
+
+/**
+ * @author <a href="mailto:goltz@lat-lon.de">Lyn Goltz </a>
+ * @since 7.1
+ */
+@EnableWebSecurity
+@Configuration
+@Profile("enableSecurity")
+@ComponentScan(basePackages = { "de.latlon.xplanbox.security" })
+public class SecurityContext {
+
+ private static final Logger LOG = LoggerFactory.getLogger(SecurityContext.class);
+
+ @Bean
+ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+ LOG.info("Configure security.");
+ http.csrf((csrf) -> csrf.disable()).authorizeRequests().anyRequest().authenticated().and().httpBasic();
+ return http.build();
+ }
+
+ @Bean
+ public PropertiesFileUserDetailsManager userDetailsService(
+ @Value("#{environment.XPLAN_SECURITY_USER_PROPERTIES_FILE}") String userPropertiesFile,
+ PasswordEncoder passwordEncoder) throws SecurityConfigurationException {
+ return new PropertiesFileUserDetailsManager(userPropertiesFile, passwordEncoder);
+ }
+
+ @Bean
+ public PasswordEncoder passwordEncoder() {
+ return new BCryptPasswordEncoder();
+ }
+
+}
\ No newline at end of file
diff --git a/xplan-security/src/test/java/de/latlon/xplanbox/security/config/SecurityContextTest.java b/xplan-security/src/test/java/de/latlon/xplanbox/security/config/SecurityContextTest.java
new file mode 100644
index 0000000000000000000000000000000000000000..4705d2f1e2940594d14c3a62163ed1a251e46d46
--- /dev/null
+++ b/xplan-security/src/test/java/de/latlon/xplanbox/security/config/SecurityContextTest.java
@@ -0,0 +1,19 @@
+package de.latlon.xplanbox.security.config;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.ContextConfiguration;
+
+/**
+ * @author <a href="mailto:goltz@lat-lon.de">Lyn Goltz </a>
+ */
+@SpringBootTest
+@ContextConfiguration(classes = SecurityContext.class)
+public class SecurityContextTest {
+
+ @Test
+ public void contextLoad() {
+
+ }
+
+}