proyecto practica 2 de aplicaciones seguras en la nube

.gitignore

+HELP.md
+target/
+!.mvn/wrapper/maven-wrapper.jar
+!**/src/main/**/target/
+!**/src/test/**/target/
+
+### STS ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### IntelliJ IDEA ###
+.idea
+*.iws
+*.iml
+*.ipr
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+build/
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+### VS Code ###
+.vscode/

.mvn/wrapper/MavenWrapperDownloader.java

+/*
+ * Copyright 2007-present the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import java.net.*;
+import java.io.*;
+import java.nio.channels.*;
+import java.util.Properties;
+
+public class MavenWrapperDownloader {
+
+    private static final String WRAPPER_VERSION = "0.5.6";
+    /**
+     * Default URL to download the maven-wrapper.jar from, if no 'downloadUrl' is provided.
+     */
+    private static final String DEFAULT_DOWNLOAD_URL = "https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/"
+            + WRAPPER_VERSION + "/maven-wrapper-" + WRAPPER_VERSION + ".jar";
+
+    /**
+     * Path to the maven-wrapper.properties file, which might contain a downloadUrl property to
+     * use instead of the default one.
+     */
+    private static final String MAVEN_WRAPPER_PROPERTIES_PATH =
+            ".mvn/wrapper/maven-wrapper.properties";
+
+    /**
+     * Path where the maven-wrapper.jar will be saved to.
+     */
+    private static final String MAVEN_WRAPPER_JAR_PATH =
+            ".mvn/wrapper/maven-wrapper.jar";
+
+    /**
+     * Name of the property which should be used to override the default download url for the wrapper.
+     */
+    private static final String PROPERTY_NAME_WRAPPER_URL = "wrapperUrl";
+
+    public static void main(String args[]) {
+        System.out.println("- Downloader started");
+        File baseDirectory = new File(args[0]);
+        System.out.println("- Using base directory: " + baseDirectory.getAbsolutePath());
+
+        // If the maven-wrapper.properties exists, read it and check if it contains a custom
+        // wrapperUrl parameter.
+        File mavenWrapperPropertyFile = new File(baseDirectory, MAVEN_WRAPPER_PROPERTIES_PATH);
+        String url = DEFAULT_DOWNLOAD_URL;
+        if (mavenWrapperPropertyFile.exists()) {
+            FileInputStream mavenWrapperPropertyFileInputStream = null;
+            try {
+                mavenWrapperPropertyFileInputStream = new FileInputStream(mavenWrapperPropertyFile);
+                Properties mavenWrapperProperties = new Properties();
+                mavenWrapperProperties.load(mavenWrapperPropertyFileInputStream);
+                url = mavenWrapperProperties.getProperty(PROPERTY_NAME_WRAPPER_URL, url);
+            } catch (IOException e) {
+                System.out.println("- ERROR loading '" + MAVEN_WRAPPER_PROPERTIES_PATH + "'");
+            } finally {
+                try {
+                    if (mavenWrapperPropertyFileInputStream != null) {
+                        mavenWrapperPropertyFileInputStream.close();
+                    }
+                } catch (IOException e) {
+                    // Ignore ...
+                }
+            }
+        }
+        System.out.println("- Downloading from: " + url);
+
+        File outputFile = new File(baseDirectory.getAbsolutePath(), MAVEN_WRAPPER_JAR_PATH);
+        if (!outputFile.getParentFile().exists()) {
+            if (!outputFile.getParentFile().mkdirs()) {
+                System.out.println(
+                        "- ERROR creating output directory '" + outputFile.getParentFile().getAbsolutePath() + "'");
+            }
+        }
+        System.out.println("- Downloading to: " + outputFile.getAbsolutePath());
+        try {
+            downloadFileFromURL(url, outputFile);
+            System.out.println("Done");
+            System.exit(0);
+        } catch (Throwable e) {
+            System.out.println("- Error downloading");
+            e.printStackTrace();
+            System.exit(1);
+        }
+    }
+
+    private static void downloadFileFromURL(String urlString, File destination) throws Exception {
+        if (System.getenv("MVNW_USERNAME") != null && System.getenv("MVNW_PASSWORD") != null) {
+            String username = System.getenv("MVNW_USERNAME");
+            char[] password = System.getenv("MVNW_PASSWORD").toCharArray();
+            Authenticator.setDefault(new Authenticator() {
+                @Override
+                protected PasswordAuthentication getPasswordAuthentication() {
+                    return new PasswordAuthentication(username, password);
+                }
+            });
+        }
+        URL website = new URL(urlString);
+        ReadableByteChannel rbc;
+        rbc = Channels.newChannel(website.openStream());
+        FileOutputStream fos = new FileOutputStream(destination);
+        fos.getChannel().transferFrom(rbc, 0, Long.MAX_VALUE);
+        fos.close();
+        rbc.close();
+    }
+
+}

.mvn/wrapper/maven-wrapper.properties

+distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.6.3/apache-maven-3.6.3-bin.zip
+wrapperUrl=https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar

mvnw.cmd

+@REM ----------------------------------------------------------------------------
+@REM Licensed to the Apache Software Foundation (ASF) under one
+@REM or more contributor license agreements.  See the NOTICE file
+@REM distributed with this work for additional information
+@REM regarding copyright ownership.  The ASF licenses this file
+@REM to you under the Apache License, Version 2.0 (the
+@REM "License"); you may not use this file except in compliance
+@REM with the License.  You may obtain a copy of the License at
+@REM
+@REM    https://www.apache.org/licenses/LICENSE-2.0
+@REM
+@REM Unless required by applicable law or agreed to in writing,
+@REM software distributed under the License is distributed on an
+@REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+@REM KIND, either express or implied.  See the License for the
+@REM specific language governing permissions and limitations
+@REM under the License.
+@REM ----------------------------------------------------------------------------
+
+@REM ----------------------------------------------------------------------------
+@REM Maven Start Up Batch script
+@REM
+@REM Required ENV vars:
+@REM JAVA_HOME - location of a JDK home dir
+@REM
+@REM Optional ENV vars
+@REM M2_HOME - location of maven2's installed home dir
+@REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands
+@REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a keystroke before ending
+@REM MAVEN_OPTS - parameters passed to the Java VM when running Maven
+@REM     e.g. to debug Maven itself, use
+@REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
+@REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files
+@REM ----------------------------------------------------------------------------
+
+@REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on'
+@echo off
+@REM set title of command window
+title %0
+@REM enable echoing by setting MAVEN_BATCH_ECHO to 'on'
+@if "%MAVEN_BATCH_ECHO%" == "on"  echo %MAVEN_BATCH_ECHO%
+
+@REM set %HOME% to equivalent of $HOME
+if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%")
+
+@REM Execute a user defined script before this one
+if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre
+@REM check for pre script, once with legacy .bat ending and once with .cmd ending
+if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat"
+if exist "%HOME%\mavenrc_pre.cmd" call "%HOME%\mavenrc_pre.cmd"
+:skipRcPre
+
+@setlocal
+
+set ERROR_CODE=0
+
+@REM To isolate internal variables from possible post scripts, we use another setlocal
+@setlocal
+
+@REM ==== START VALIDATION ====
+if not "%JAVA_HOME%" == "" goto OkJHome
+
+echo.
+echo Error: JAVA_HOME not found in your environment. >&2
+echo Please set the JAVA_HOME variable in your environment to match the >&2
+echo location of your Java installation. >&2
+echo.
+goto error
+
+:OkJHome
+if exist "%JAVA_HOME%\bin\java.exe" goto init
+
+echo.
+echo Error: JAVA_HOME is set to an invalid directory. >&2
+echo JAVA_HOME = "%JAVA_HOME%" >&2
+echo Please set the JAVA_HOME variable in your environment to match the >&2
+echo location of your Java installation. >&2
+echo.
+goto error
+
+@REM ==== END VALIDATION ====
+
+:init
+
+@REM Find the project base dir, i.e. the directory that contains the folder ".mvn".
+@REM Fallback to current working directory if not found.
+
+set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%
+IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir
+
+set EXEC_DIR=%CD%
+set WDIR=%EXEC_DIR%
+:findBaseDir
+IF EXIST "%WDIR%"\.mvn goto baseDirFound
+cd ..
+IF "%WDIR%"=="%CD%" goto baseDirNotFound
+set WDIR=%CD%
+goto findBaseDir
+
+:baseDirFound
+set MAVEN_PROJECTBASEDIR=%WDIR%
+cd "%EXEC_DIR%"
+goto endDetectBaseDir
+
+:baseDirNotFound
+set MAVEN_PROJECTBASEDIR=%EXEC_DIR%
+cd "%EXEC_DIR%"
+
+:endDetectBaseDir
+
+IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig
+
+@setlocal EnableExtensions EnableDelayedExpansion
+for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a
+@endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%
+
+:endReadAdditionalConfig
+
+SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe"
+set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar"
+set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
+
+set DOWNLOAD_URL="https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar"
+
+FOR /F "tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO (
+    IF "%%A"=="wrapperUrl" SET DOWNLOAD_URL=%%B
+)
+
+@REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
+@REM This allows using the maven wrapper in projects that prohibit checking in binary data.
+if exist %WRAPPER_JAR% (
+    if "%MVNW_VERBOSE%" == "true" (
+        echo Found %WRAPPER_JAR%
+    )
+) else (
+    if not "%MVNW_REPOURL%" == "" (
+        SET DOWNLOAD_URL="%MVNW_REPOURL%/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar"
+    )
+    if "%MVNW_VERBOSE%" == "true" (
+        echo Couldn't find %WRAPPER_JAR%, downloading it ...
+        echo Downloading from: %DOWNLOAD_URL%
+    )
+
+    powershell -Command "&{"^
+		"$webclient = new-object System.Net.WebClient;"^
+		"if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {"^
+		"$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');"^
+		"}"^
+		"[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%DOWNLOAD_URL%', '%WRAPPER_JAR%')"^
+		"}"
+    if "%MVNW_VERBOSE%" == "true" (
+        echo Finished downloading %WRAPPER_JAR%
+    )
+)
+@REM End of extension
+
+@REM Provide a "standardized" way to retrieve the CLI args that will
+@REM work with both Windows and non-Windows executions.
+set MAVEN_CMD_LINE_ARGS=%*
+
+%MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %*
+if ERRORLEVEL 1 goto error
+goto end
+
+:error
+set ERROR_CODE=1
+
+:end
+@endlocal & set ERROR_CODE=%ERROR_CODE%
+
+if not "%MAVEN_SKIP_RC%" == "" goto skipRcPost
+@REM check for post script, once with legacy .bat ending and once with .cmd ending
+if exist "%HOME%\mavenrc_post.bat" call "%HOME%\mavenrc_post.bat"
+if exist "%HOME%\mavenrc_post.cmd" call "%HOME%\mavenrc_post.cmd"
+:skipRcPost
+
+@REM pause the script if MAVEN_BATCH_PAUSE is set to 'on'
+if "%MAVEN_BATCH_PAUSE%" == "on" pause
+
+if "%MAVEN_TERMINATE_CMD%" == "on" exit %ERROR_CODE%
+
+exit /B %ERROR_CODE%

pom.xml

+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-starter-parent</artifactId>
+        <version>2.3.5.RELEASE</version>
+        <relativePath/> <!-- lookup parent from repository -->
+    </parent>
+    <groupId>es.asn</groupId>
+    <artifactId>practica2</artifactId>
+    <version>0.0.1-SNAPSHOT</version>
+    <name>practica2</name>
+    <description>Evaluacion de la pila de dsarrollo de Spring Boot</description>
+
+    <properties>
+        <java.version>11</java.version>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-data-jpa</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-thymeleaf</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-devtools</artifactId>
+            <scope>runtime</scope>
+            <optional>true</optional>
+        </dependency>
+        <dependency>
+            <groupId>mysql</groupId>
+            <artifactId>mysql-connector-java</artifactId>
+            <scope>runtime</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.projectlombok</groupId>
+            <artifactId>lombok</artifactId>
+            <optional>true</optional>
+        </dependency>
+        <!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-validation -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-validation</artifactId>
+            <version>2.3.5.RELEASE</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-test</artifactId>
+            <scope>test</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.junit.vintage</groupId>
+                    <artifactId>junit-vintage-engine</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>javax.validation</groupId>
+            <artifactId>validation-api</artifactId>
+            <version>2.0.1.Final</version>
+        </dependency>
+        <!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-security -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+            </plugin>
+        </plugins>
+    </build>
+</project>

src/main/java/es/asn/practica2/Practica2Application.java

+package es.asn.practica2;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class Practica2Application {
+
+    public static void main(String[] args) {
+        SpringApplication.run(Practica2Application.class, args);
+    }
+
+}

src/main/java/es/asn/practica2/config/WebSecurityConfig.java

+package es.asn.practica2.config;
+
+import es.asn.practica2.domain.CustomUserDetailsService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+
+import javax.sql.DataSource;
+
+@Configuration
+@EnableWebSecurity
+public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+    @Autowired
+    private DataSource dataSource;
+
+    @Bean
+    public UserDetailsService userDetailsService() {
+        return new CustomUserDetailsService();
+    }
+
+    @Bean
+    public BCryptPasswordEncoder bCryptPasswordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+
+    @Bean
+    public DaoAuthenticationProvider authenticationProvider() {
+        DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
+        authenticationProvider.setUserDetailsService(userDetailsService());
+        authenticationProvider.setPasswordEncoder(bCryptPasswordEncoder());
+
+        return authenticationProvider;
+    }
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth.authenticationProvider(authenticationProvider());
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.authorizeRequests()
+                .antMatchers("/all-users/**").permitAll()
+                .and()
+                .formLogin()
+//                .loginPage("/login")
+                .usernameParameter("eamil")
+                .defaultSuccessUrl("/adminLoginPage")
+                .permitAll()
+                .and()
+                .logout().logoutSuccessUrl("/").permitAll();
+    }
+}

src/main/java/es/asn/practica2/controllers/EmployeeController.java

+package es.asn.practica2.controllers;
+
+import es.asn.practica2.domain.Employee;
+import org.springframework.stereotype.Controller;
+import org.springframework.validation.BindingResult;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.ModelAttribute;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.servlet.mvc.support.RedirectAttributes;
+
+
+import javax.validation.Valid;
+
+@Controller
+public class EmployeeController {
+
+    @GetMapping("/addEmp")
+    public String getEmpForm(@ModelAttribute("emp") Employee emp){
+        return "empForm";
+    }
+
+    @PostMapping("/addEmp")
+    public String saveEmp(@Valid @ModelAttribute("emp") Employee emp, BindingResult result, RedirectAttributes ra){
+        if(result.hasErrors()){
+            return "empForm";
+        }
+        ra.addFlashAttribute("savedEmployee", emp);
+        return "redirect:/detail";
+    }
+
+    @GetMapping("/detail")
+    public String detail(){
+        return "empDetail";
+    }
+
+}

src/main/java/es/asn/practica2/controllers/IndexController.java

+package es.asn.practica2.controllers;
+
+import org.springframework.web.bind.annotation.GetMapping;
+
+public class IndexController {
+    @GetMapping("/")
+    public String index(){
+        return "index";
+    }
+}

src/main/java/es/asn/practica2/controllers/LoginController.java

+package es.asn.practica2.controllers;
+
+import es.asn.practica2.domain.User;
+import es.asn.practica2.interfaces.UserRepository;
+import org.springframework.data.repository.query.Param;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+
+import java.util.List;
+
+
+@Controller
+public class LoginController {
+    final
+    UserRepository repository;
+
+    public LoginController(UserRepository repository) {
+        this.repository = repository;
+    }
+
+    @GetMapping("/login")
+    public String login() {
+        return "login";
+    }
+
+    @GetMapping("/adminLoginPage")
+    public String loginProcess() {
+        return "welcome";
+    }
+
+    @GetMapping("/search")
+    public String showUserSearchForm() {
+        return "userSearchForm";
+    }
+    @GetMapping("/searchUser")
+    public String searchUserByName(@Param("keyword") Model model, String keyword){
+
+        List<User> searchResult = repository.findByUserName(keyword);
+        model.addAttribute("keyword", keyword);
+        model.addAttribute("pageTitle", "Resultados de búsqueda para  '" + keyword + "'");
+        model.addAttribute("searchResult", searchResult);
+
+        return "search_result";
+    }
+}

src/main/java/es/asn/practica2/domain/Address.java

+package es.asn.practica2.domain;
+
+import lombok.*;
+
+import javax.validation.constraints.NotBlank;
+import javax.validation.constraints.Size;
+
+@Data
+@NoArgsConstructor
+@AllArgsConstructor
+public class Address {
+
+    @NotBlank
+    @Size(min = 5, max = 20, message = "La longitud debe estar comprendido entre 5 y 20 caracteres.")
+    private String street;
+
+    @Size(min=3, max=20, message = "La longitud debe estar comprendida entre 3 y 20")
+    private String state;
+    @Size(min=5, max=5, message = "Debe ser de longitud 5 y contener solo numeros. Ej: 23000")
+    private String zipCode;
+
+}

src/main/java/es/asn/practica2/domain/CustomUserDetails.java

+package es.asn.practica2.domain;
+
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+
+import java.util.Collection;
+
+public class CustomUserDetails implements UserDetails {
+
+    private User user;
+
+    public CustomUserDetails(User user) {
+        this.user = user;
+    }
+
+    @Override
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+        return null;
+    }
+
+    @Override
+    public String getPassword() {
+        return user.getPassword();
+    }
+
+    @Override
+    public String getUsername() {
+        return user.getEmail();
+    }
+
+    @Override
+    public boolean isAccountNonExpired() {
+        return true;
+    }
+
+    @Override
+    public boolean isAccountNonLocked() {
+        return true;
+    }
+
+    @Override
+    public boolean isCredentialsNonExpired() {
+        return true;
+    }
+
+    @Override
+    public boolean isEnabled() {
+        return true;
+    }
+
+    public String getFullName() {
+        return user.getUserName();
+    }
+}

src/main/java/es/asn/practica2/domain/CustomUserDetailsService.java

+package es.asn.practica2.domain;
+
+import es.asn.practica2.interfaces.UserRepository;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+
+public class CustomUserDetailsService implements UserDetailsService {
+    @Autowired
+    private UserRepository userRepository;
+
+    @Override
+    public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException {
+        User user = userRepository.findByEmail(email);
+        if (user == null) {
+            throw new UsernameNotFoundException("User not found");
+        }
+        return new CustomUserDetails(user);
+    }
+}

src/main/java/es/asn/practica2/domain/Employee.java

+package es.asn.practica2.domain;
+
+import lombok.*;
+
+import javax.validation.Valid;
+import javax.validation.constraints.NotBlank;
+import javax.validation.constraints.Size;
+
+
+@Setter
+@Getter
+@ToString
+@EqualsAndHashCode
+@NoArgsConstructor
+@AllArgsConstructor
+public class Employee {
+
+    private Integer id;
+    @NotBlank
+    @Size(min = 2, max = 18, message = "La longitud del nombre debe estar comprendido entre 2 a 18 caracteres.")
+    private String firstName;
+    private String lastName;
+
+    @Valid
+    private Address address;
+
+
+}
+

src/main/java/es/asn/practica2/domain/User.java

+package es.asn.practica2.domain;
+
+import lombok.AllArgsConstructor;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+import javax.persistence.*;
+
+@Data
+@NoArgsConstructor
+@AllArgsConstructor
+@Entity(name = "users")
+public class User {
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id;
+    @Column(nullable = false, unique = true, length = 30)
+    private String userName;
+    @Column(nullable = false, unique = true, length = 60)
+    private String email;
+    @Column(nullable = false,length = 64)
+    private String password;
+}

src/main/java/es/asn/practica2/interfaces/UserRepository.java

+package es.asn.practica2.interfaces;
+
+import es.asn.practica2.domain.User;
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.jpa.repository.Query;
+import org.springframework.data.repository.query.Param;
+import org.springframework.stereotype.Repository;
+
+import java.util.List;
+
+@Repository
+public interface UserRepository extends JpaRepository<User, Long> {
+    @Query("SELECT u FROM users u WHERE u.email = ?1")
+    User findByEmail(String email);
+
+    @Query("select u from users u where u.userName like :userName%")
+    List<User> findByUserName(@Param("userName") String userName);
+}

src/main/resources/application.properties

+spring.datasource.url=jdbc:mysql://52.87.212.106:3306/asndb
+spring.datasource.username=jmetene
+spring.datasource.password=password
+
+spring.jpa.hibernate.ddl-auto=update
+spring.jpa.properties.hibenate.format_sql=true
\ No newline at end of file

src/main/resources/templates/empDetail.html

+<!DOCTYPE html>
+<html lang="es" xmlns:th="http://www.thymeleaf.org">
+<head>
+    <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css" integrity="sha384-MCw98/SFnGE8fJT3GXwEOngsV7Zt27NXFoaoApmYm81iuXoPkFOJwJ8ERdknLPMO" crossorigin="anonymous">
+    <meta charset="UTF-8">
+    <title>Detalles del empleado</title>
+</head>
+    <body>
+    <div class="container">
+        <div class="row justify-content-center">
+            <div class="col col-lg-8">
+                <br>
+                <h3>¡Empleado añadido correctamente!</h3>
+                <br>
+                <h4>Tus datos</h4>
+                    <p><strong>Nombre: </strong><span th:text="${savedEmployee.firstName}"></span></p>
+                    <p><strong>Apellidos: </strong><span th:text="${savedEmployee.lastName}"></span></p>
+                    <p><strong>Calle: </strong><span th:text="${savedEmployee.address.street}"></span></p>
+                    <p><strong>Ciudad: </strong><span th:text="${savedEmployee.address.state}"></span></p>
+                    <p><strong>Código Postal: </strong><span th:text="${savedEmployee.address.zipCode}"></span></p>
+                <br>
+                <h5><a th:href="@{/}">← volver</a></h5>
+            </div>
+        </div>
+    </div>
+    </body>
+</html>
\ No newline at end of file

src/main/resources/templates/empForm.html

+<!DOCTYPE html>
+<html lang="es" xmlns:th="http://www.thymeleaf.org">
+<head>
+    <meta charset="UTF-8">
+    <title>Formulario de registro</title>
+    <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css" integrity="sha384-MCw98/SFnGE8fJT3GXwEOngsV7Zt27NXFoaoApmYm81iuXoPkFOJwJ8ERdknLPMO" crossorigin="anonymous">
+</head>
+<body>
+<div class="container">
+    <h1 class="text-center">Validación de datos de formulario</h1>
+    <div class="row justify-content-center">
+        <div class="col col-lg-8">
+            <form method="post" th:action="@{/addEmp}" th:object="${emp}">
+                <br>
+                <div class="form-group row">
+                    <label th:field="*{firstName}">Nombre</label>
+                    <input type="text" class="form-control" aria-describedby="emailHelp" placeholder="Introduce tu nombre"th:field="*{firstName}">
+                    <small class="form-text is-invalid" th:if="${#fields.hasErrors('firstName')}" th:errors="*{firstName}" th:errorclass="error"></small>
+                </div>
+                <div class="form-group row">
+                    <label th:field="*{lastName}">Apellidos</label>
+                    <input type="text" class="form-control" aria-describedby="emailHelp" placeholder="Introduce tus apellidos"th:field="*{lastName}">
+                    <p class="text-danger" th:if="${#fields.hasErrors('lastName')}" th:errors="*{lastName}"></p>
+                </div>
+                <p>Dirección: </p>
+                <div class="form-group row">
+                    <label>Calle</label>
+                    <input type="text" class="form-control" aria-describedby="emailHelp" placeholder="Introduce tu calle"th:field="*{address.street}">
+                    <small class="form-text is-invalid" th:if="${#fields.hasErrors('address.street')}" th:errors="*{address.street}" th:errorclass="error"></small>
+                </div>
+                <div class="form-group row">
+                    <label>Ciudad</label>
+                    <input type="text" class="form-control" aria-describedby="emailHelp" placeholder="Introduce tu ciudad"th:field="*{address.state}">
+                    <small class="form-text is-invalid" th:if="${#fields.hasErrors('address.state')}" th:errors="*{address.state}" th:errorclass="error"></small>
+                </div>
+                <div class="form-group row">
+                    <label>Código Postal</label>
+                    <input type="text" class="form-control" aria-describedby="emailHelp" placeholder="Introduce tu código postal"th:field="*{address.zipCode}">
+                    <small class="form-text is-invalid" th:if="${#fields.hasErrors('address.zipCode')}" th:errors="*{address.zipCode}" th:errorclass="error"></small>
+                </div>
+                <button type="submit" class="btn btn-primary">Registro</button>
+            </form>
+        </div>
+    </div>
+</div>
+</body>
+</html>
\ No newline at end of file

src/main/resources/templates/index.html

+<!DOCTYPE html>
+<html lang="es" xmlns:th="http://www.thymeleaf.org">
+<head>
+    <meta charset="UTF-8">
+    <title>Inicio</title>
+    <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css"
+          integrity="sha384-MCw98/SFnGE8fJT3GXwEOngsV7Zt27NXFoaoApmYm81iuXoPkFOJwJ8ERdknLPMO" crossorigin="anonymous">
+</head>
+<body>
+<div class="container">
+    <h1>Evaluación de pila de desarrollo Spring Boot</h1>
+    <br>
+    <h4>Autores: </h4>
+    <ul>
+        <li>Juan Cristóbal Metene Nguema Bindang</li>
+        <li>Daniel Beltrán Cárdenas</li>
+    </ul>
+    <h4>Detalles de la pila</h4>
+    <p><span>Spring Boot 3.2, OpenJDK, Thymeleaf, MySQL, Bootstrap, Lombok...</span></p>
+    <h4>Ejemplos</h4>
+    <ul>
+        <li><a th:href="@{/addEmp}">Validación de datos en un formulario</a></li>
+        <li><a th:href="@{/search}">Prevención de Inyección SQL</a></li>
+        <li><a th:href="@{/login}">Ejemplo de uso de token CSRF</a></li>
+    </ul>
+</div>
+</body>
+</html>
\ No newline at end of file

src/main/resources/templates/login.html

+<!DOCTYPE html>
+<html lang="es " xmlns:th="http://www.thymeleaf.org">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+    <meta name="description" content="">
+    <meta name="author" content="">
+    <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css" integrity="sha384-MCw98/SFnGE8fJT3GXwEOngsV7Zt27NXFoaoApmYm81iuXoPkFOJwJ8ERdknLPMO" crossorigin="anonymous">
+    <title>login</title>
+</head>
+<body class="container">
+<h1 class="text-center">Ejemplo de uso token CSRF</h1>
+<div class="row justify-content-center">
+    <div class="col col-lg-4">
+        <br>
+        <form method="post" th:action="@{/adminLoginPage}">
+            <div class="form-group">
+                <label >Email</label>
+                <input type="email" class="form-control" placeholder="Email" required autofocus>
+            </div>
+            <div class="form-group">
+                <label for="exampleInputPassword1">Contraseña</label>
+                <input type="password" class="form-control" id="exampleInputPassword1" placeholder="Contraseña">
+            </div>
+            <button type="submit" class="btn btn-primary btn-lg btn-block">Login</button>
+            <div class="text-center">
+                <p class="mt-5 mb-3 text-muted ">&copy; Aplicaciones seguras en la nube 2020-2021</p>
+            </div>
+        </form>
+    </div>
+</div>
+</body>
+</html>

src/main/resources/templates/search_result.html

+<!DOCTYPE html>
+<html lang="es" xmlns:th="http://www.thymeleaf.org">
+<head>
+    <meta charset="UTF-8">
+    <title>Seacrh user</title>
+    <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css"
+          integrity="sha384-MCw98/SFnGE8fJT3GXwEOngsV7Zt27NXFoaoApmYm81iuXoPkFOJwJ8ERdknLPMO" crossorigin="anonymous">
+</head>
+<body class="container">
+<div>
+    <h4>Resultados de busqueda para: '[[${keyword}]]'</h4>
+    <br>
+</div>
+<div class="row justify-content-center">
+    <table class="table">
+        <thead class="thead-blue col col-lg-6">
+        <tr>
+            <th scope="col">Id</th>
+            <th scope="col">Name</th>
+            <th scope="col">Email</th>
+        </tr>
+        </thead>
+        <tbody>
+        <tr th:each="user : ${searchResult}">
+            <th scope="row" th:text="${user.id}">1</th>
+            <td th:text="${user.userName}">Mark</td>
+            <td th:text="${user.email}">Otto</td>
+        </tr>
+        </tbody>
+    </table>
+</div>
+</body>
+</html>
\ No newline at end of file

src/main/resources/templates/userSearchForm.html

+<!DOCTYPE html>
+<html lang="es" xmlns:th="http://www.thymeleaf.org">
+<head>
+    <meta charset="UTF-8">
+    <title>Seacrh user</title>
+    <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css"
+          integrity="sha384-MCw98/SFnGE8fJT3GXwEOngsV7Zt27NXFoaoApmYm81iuXoPkFOJwJ8ERdknLPMO" crossorigin="anonymous">
+</head>
+<body class="container">
+<br>
+<br>
+<h4>Prevención de Inyección SQL</h4>
+<br>
+<br>
+<p>Busca un usuario por nombre &nbsp;</p>
+<form method="get" class="form-inline" th:action="@{/searchUser}">
+    <div class="form-group mb-2">
+        <input type="search" class="form-control" name="keyword" placeholder="Buscar">
+    </div>
+    <button type="submit" class="btn btn-primary mb-2">Buscar</button>
+</form>
+</body>
+</html>
\ No newline at end of file

src/main/resources/templates/welcome.html

+<!DOCTYPE html>
+<html lang="es" xmlns:th="http://www.thymeleaf.org">
+<head>
+    <meta charset="UTF-8">
+    <title>Login successful</title>
+    <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css"
+          integrity="sha384-MCw98/SFnGE8fJT3GXwEOngsV7Zt27NXFoaoApmYm81iuXoPkFOJwJ8ERdknLPMO" crossorigin="anonymous">
+</head>
+<body class="container">
+    <br>
+    <br>
+    <div class="row justify-content-center">
+        <p>Bienvenido <b>[[${#request.userPrincipal.principal.fullName}]]</b>
+            <a class="btn btn-info" th:href="@{/logout}">
+                <span class="glyphicon glyphicon-log-out"></span> Log out
+            </a>
+        </p>
+    </div>
+</body>
+</html>
\ No newline at end of file

src/test/java/es/asn/practica2/Practica2ApplicationTests.java

+package es.asn.practica2;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.boot.test.context.SpringBootTest;
+
+@SpringBootTest
+class Practica2ApplicationTests {
+
+    @Test
+    void contextLoads() {
+    }
+
+}

src/test/java/es/asn/practica2/UserRepositoryTest.java

+package es.asn.practica2;
+
+import es.asn.practica2.domain.User;
+import es.asn.practica2.interfaces.UserRepository;
+import org.junit.jupiter.api.MethodOrderer;
+import org.junit.jupiter.api.Order;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.TestMethodOrder;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.jdbc.AutoConfigureTestDatabase;
+import org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest;
+import org.springframework.boot.test.autoconfigure.orm.jpa.TestEntityManager;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.test.annotation.Rollback;
+
+import java.util.List;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+@DataJpaTest
+@AutoConfigureTestDatabase(replace = AutoConfigureTestDatabase.Replace.NONE)
+@Rollback(value = false)
+@TestMethodOrder(MethodOrderer.OrderAnnotation.class)
+public class UserRepositoryTest {
+    @Autowired
+    private UserRepository urepository;
+    @Autowired
+    private TestEntityManager entityManager;
+
+    @Test
+    @Order(1)
+    public void testCreateUser() {
+        BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
+        String encodedPassword = encoder.encode("hackMeIfYouCan_");
+        String encodedPassword1 = encoder.encode("myFirstHelloWord");
+        String encodedPassword2 = encoder.encode("googleCloudIsTheBest|");
+        User user = new User();
+        user.setEmail("jmetene@asn.es");
+        user.setUserName("jmetene");
+        user.setPassword(encodedPassword);
+
+        User user1 = new User();
+        user1.setEmail("danielb2@asn.es");
+        user1.setUserName("daniel");
+        user1.setPassword(encodedPassword1);
+
+        User user2 = new User();
+        user2.setEmail("jjmetene@asn.es");
+        user2.setUserName("jmetene24");
+        user2.setPassword(encodedPassword1);
+
+        User user3 = new User();
+        user3.setEmail("jjmetene24@asn.es");
+        user3.setUserName("jmetene25");
+        user3.setPassword(encodedPassword2);
+
+        User savedUser = urepository.save(user);
+        urepository.save(user1);
+        urepository.save(user2);
+        urepository.save(user3);
+        User exitUser = entityManager.find(User.class, savedUser.getId());
+
+        assertThat(exitUser.getEmail()).isEqualTo(user.getEmail());
+    }
+
+    @Test
+    @Order(3)
+    public void testFindUserByEmail() {
+        String email = "jmetene@asn.es";
+
+        User user = urepository.findByEmail(email);
+        assertThat(user).isNotNull();
+    }
+
+    @Test
+    @Order(2)
+    public void testFindUserByName() {
+        String userName = "jmetene";
+
+        List<User> users = urepository.findByUserName(userName);
+        for (User user : users
+        ) {
+            System.out.println(user);
+        }
+        assertThat(users).isNotEmpty();
+    }
+}