From ea5766d85bd0de224483c1e868ab72f907b33a2e Mon Sep 17 00:00:00 2001
From: nivinjohn <getnivin@gmail.com>
Date: Sun, 28 Jul 2024 21:57:32 +0530
Subject: [PATCH 1/4] Initial Commit

---
 .../eazybytes/springsecsection1/EazyBankBackendApplication.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/section1/springsecsection1/src/main/java/com/eazybytes/springsecsection1/EazyBankBackendApplication.java b/section1/springsecsection1/src/main/java/com/eazybytes/springsecsection1/EazyBankBackendApplication.java
index 8b7041c..aacb159 100644
--- a/section1/springsecsection1/src/main/java/com/eazybytes/springsecsection1/EazyBankBackendApplication.java
+++ b/section1/springsecsection1/src/main/java/com/eazybytes/springsecsection1/EazyBankBackendApplication.java
@@ -7,7 +7,7 @@
 @SpringBootApplication
 // @ComponentScan("com.eazybytes.springsecsection1.controller")
 public class EazyBankBackendApplication {
-
+	//Initial Commit
 	public static void main(String[] args) {
 		SpringApplication.run(EazyBankBackendApplication.class, args);
 	}

From d98760f518bd7afd05ea16965dc614b739c1d364 Mon Sep 17 00:00:00 2001
From: nivinjohn <getnivin@gmail.com>
Date: Sun, 28 Jul 2024 22:32:46 +0530
Subject: [PATCH 2/4] inital commit

---
 .../main/java/com/eazybytes/config/ProjectSecurityConfig.java | 2 +-
 .../src/main/resources/application.properties                 | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/section2/springsecsection2/src/main/java/com/eazybytes/config/ProjectSecurityConfig.java b/section2/springsecsection2/src/main/java/com/eazybytes/config/ProjectSecurityConfig.java
index 9f987a9..eb46556 100644
--- a/section2/springsecsection2/src/main/java/com/eazybytes/config/ProjectSecurityConfig.java
+++ b/section2/springsecsection2/src/main/java/com/eazybytes/config/ProjectSecurityConfig.java
@@ -15,7 +15,7 @@ SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Excepti
         /*http.authorizeHttpRequests((requests) -> requests.anyRequest().permitAll());*/
         /*http.authorizeHttpRequests((requests) -> requests.anyRequest().denyAll());*/
         http.authorizeHttpRequests((requests) -> requests
-                .requestMatchers("/myAccount", "/myBalance", "/myLoans", "/myCards").authenticated()
+                .requestMatchers("/login", "/myAccount", "/myBalance", "/myLoans", "/myCards").authenticated()
                 .requestMatchers("/notices", "/contact", "/error").permitAll());
         http.formLogin(withDefaults());
         http.httpBasic(withDefaults());
diff --git a/section2/springsecsection2/src/main/resources/application.properties b/section2/springsecsection2/src/main/resources/application.properties
index 5dddd35..bdafbdb 100644
--- a/section2/springsecsection2/src/main/resources/application.properties
+++ b/section2/springsecsection2/src/main/resources/application.properties
@@ -1,6 +1,6 @@
 spring.application.name=${SPRING_APP_NAME:eazybankbackend}
-spring.security.user.name=${SECURITY_USERNAME:eazybytes}
-spring.security.user.password=${SECURITY_PASSWORD:12345}
+spring.security.user.name=${SECURITY_USERNAME:admin}
+spring.security.user.password=${SECURITY_PASSWORD:admin}
 logging.level.org.springframework.security=${SPRING_SECURITY_LOG_LEVEL:TRACE}
 
 logging.pattern.console = ${LOGPATTERN_CONSOLE:%green(%d{HH:mm:ss.SSS}) %blue(%-5level) %red([%thread]) %yellow(%logger{15}) - %msg%n}

From a559db913db2943b96fa2b26f688e7ca3d65d2e6 Mon Sep 17 00:00:00 2001
From: Nivin Shaji John <getnivin@gmail.com>
Date: Mon, 23 Sep 2024 22:15:10 +0530
Subject: [PATCH 3/4] Password Handling

---
 section2/springsecsection2/pom.xml              |  2 +-
 .../eazybytes/config/ProjectSecurityConfig.java | 17 +++++++++++++++++
 .../src/main/resources/application.properties   |  4 ++--
 3 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/section2/springsecsection2/pom.xml b/section2/springsecsection2/pom.xml
index bc2be46..e5157e8 100644
--- a/section2/springsecsection2/pom.xml
+++ b/section2/springsecsection2/pom.xml
@@ -14,7 +14,7 @@
 	<name>springsecsection2</name>
 	<description>Demo project for Spring Boot and Spring Security</description>
 	<properties>
-		<java.version>21</java.version>
+		<java.version>17</java.version>
 	</properties>
 	<dependencies>
 		<dependency>
diff --git a/section2/springsecsection2/src/main/java/com/eazybytes/config/ProjectSecurityConfig.java b/section2/springsecsection2/src/main/java/com/eazybytes/config/ProjectSecurityConfig.java
index eb46556..2477bb0 100644
--- a/section2/springsecsection2/src/main/java/com/eazybytes/config/ProjectSecurityConfig.java
+++ b/section2/springsecsection2/src/main/java/com/eazybytes/config/ProjectSecurityConfig.java
@@ -3,8 +3,16 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.provisioning.UserDetailsManager;
 import org.springframework.security.web.SecurityFilterChain;
 
+import java.util.Properties;
+
 import static org.springframework.security.config.Customizer.withDefaults;
 
 @Configuration
@@ -19,7 +27,16 @@ SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Excepti
                 .requestMatchers("/notices", "/contact", "/error").permitAll());
         http.formLogin(withDefaults());
         http.httpBasic(withDefaults());
+        //http.formLogin(AbstractHttpConfigurer::disable);
+        //http.httpBasic(AbstractHttpConfigurer::disable);
         return http.build();
     }
 
+    @Bean
+    public UserDetailsService userDetailsService() {
+        UserDetails user = User.withUsername("user").password("{noop}12345").authorities("read").build();
+        UserDetails admin = User.withUsername("admin").password("{noop}admin").authorities("admin").build();
+        return new InMemoryUserDetailsManager(user, admin);
+    }
+
 }
diff --git a/section2/springsecsection2/src/main/resources/application.properties b/section2/springsecsection2/src/main/resources/application.properties
index bdafbdb..1785d24 100644
--- a/section2/springsecsection2/src/main/resources/application.properties
+++ b/section2/springsecsection2/src/main/resources/application.properties
@@ -1,6 +1,6 @@
 spring.application.name=${SPRING_APP_NAME:eazybankbackend}
-spring.security.user.name=${SECURITY_USERNAME:admin}
-spring.security.user.password=${SECURITY_PASSWORD:admin}
+#spring.security.user.name=${SECURITY_USERNAME:admin}
+#spring.security.user.password=${SECURITY_PASSWORD:admin}
 logging.level.org.springframework.security=${SPRING_SECURITY_LOG_LEVEL:TRACE}
 
 logging.pattern.console = ${LOGPATTERN_CONSOLE:%green(%d{HH:mm:ss.SSS}) %blue(%-5level) %red([%thread]) %yellow(%logger{15}) - %msg%n}

From 4de1db82a5d05481214eb5420db3afaeb93106c5 Mon Sep 17 00:00:00 2001
From: nivinsjohn <getnivin@gmail.com>
Date: Tue, 24 Sep 2024 22:25:33 +0530
Subject: [PATCH 4/4] password handling

---
 .../config/ProjectSecurityConfig.java          | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/section2/springsecsection2/src/main/java/com/eazybytes/config/ProjectSecurityConfig.java b/section2/springsecsection2/src/main/java/com/eazybytes/config/ProjectSecurityConfig.java
index 2477bb0..92fce4b 100644
--- a/section2/springsecsection2/src/main/java/com/eazybytes/config/ProjectSecurityConfig.java
+++ b/section2/springsecsection2/src/main/java/com/eazybytes/config/ProjectSecurityConfig.java
@@ -2,14 +2,18 @@
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.password.CompromisedPasswordChecker;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.factory.PasswordEncoderFactories;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.security.provisioning.UserDetailsManager;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.password.HaveIBeenPwnedRestApiPasswordChecker;
 
 import java.util.Properties;
 
@@ -34,9 +38,19 @@ SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Excepti
 
     @Bean
     public UserDetailsService userDetailsService() {
-        UserDetails user = User.withUsername("user").password("{noop}12345").authorities("read").build();
-        UserDetails admin = User.withUsername("admin").password("{noop}admin").authorities("admin").build();
+        UserDetails user = User.withUsername("user").password("{bcrypt}$2a$12$tvuWBmpxQtFpJmXbrpPsc.mBYqKGD8gA8H/0PY.6GqQMYqRFonU1a").authorities("read").build();
+        UserDetails admin = User.withUsername("admin").password("{bcrypt}$2a$12$h4zkrTtDoa5eDIXhWekMOuNeqcADiDze2EfAgnCQpEKajwZejI7PS").authorities("admin").build();
         return new InMemoryUserDetailsManager(user, admin);
     }
 
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return PasswordEncoderFactories.createDelegatingPasswordEncoder();
+    }
+
+    @Bean
+    public CompromisedPasswordChecker compromisedPasswordChecker() {
+        return new HaveIBeenPwnedRestApiPasswordChecker();
+    }
+
 }