Turned application into a Spring Boot application

Author: dschadow

direct-object-references/pom.xml

@@ -9,29 +9,29 @@
     </parent>
     <modelVersion>4.0.0</modelVersion>
     <artifactId>direct-object-references</artifactId>
-    <packaging>war</packaging>
+    <packaging>jar</packaging>
     <name>Direct Object References</name>
 
-    <description>Direct Object References (Indirect Object References) sample project. Requires a server like Apache Tomcat or the Maven Tomcat7
-        plugin. After launching, open the web application in your browser at http://localhost:8080/direct-object-references
+    <description>Direct Object References (Indirect Object References) sample project. Start via the main method in the
+        Application class. After launching, open the web application in your browser at http://localhost:8080.
     </description>
 
+    <properties>
+        <start-class>de.dominikschadow.javasecurity.Application</start-class>
+    </properties>
+
     <dependencies>
         <dependency>
-            <groupId>javax.servlet</groupId>
-            <artifactId>javax.servlet-api</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.slf4j</groupId>
-            <artifactId>slf4j-api</artifactId>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-thymeleaf</artifactId>
         </dependency>
         <dependency>
-            <groupId>org.slf4j</groupId>
-            <artifactId>slf4j-log4j12</artifactId>
+            <groupId>org.webjars</groupId>
+            <artifactId>bootstrap</artifactId>
         </dependency>
         <dependency>
-            <groupId>commons-io</groupId>
-            <artifactId>commons-io</artifactId>
+            <groupId>org.webjars</groupId>
+            <artifactId>webjars-locator</artifactId>
         </dependency>
         <dependency>
             <groupId>org.owasp.esapi</groupId>
@@ -47,11 +47,38 @@
 
     <build>
         <finalName>${project.artifactId}</finalName>
-        <defaultGoal>tomcat7:run-war</defaultGoal>
+        <defaultGoal>spring-boot:run</defaultGoal>
         <plugins>
             <plugin>
-                <groupId>org.apache.tomcat.maven</groupId>
-                <artifactId>tomcat7-maven-plugin</artifactId>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>build-info</goal>
+                        </goals>
+                        <configuration>
+                            <additionalProperties>
+                                <versions.spring-boot>${project.parent.parent.version}</versions.spring-boot>
+                            </additionalProperties>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>com.spotify</groupId>
+                <artifactId>docker-maven-plugin</artifactId>
+                <configuration>
+                    <imageName>${docker.image.prefix}/${project.artifactId}</imageName>
+                    <dockerDirectory>src/main/docker</dockerDirectory>
+                    <resources>
+                        <resource>
+                            <targetPath>/</targetPath>
+                            <directory>${project.build.directory}</directory>
+                            <include>${project.build.finalName}.jar</include>
+                        </resource>
+                    </resources>
+                </configuration>
             </plugin>
         </plugins>
     </build>

direct-object-references/src/main/docker/Dockerfile

@@ -0,0 +1,10 @@
+FROM openjdk:8-jre-alpine
+MAINTAINER Dominik Schadow <dominikschadow@gmail.com>
+
+VOLUME /tmp
+
+ADD direct-object-references.jar app.jar
+
+RUN sh -c 'touch /app.jar'
+
+ENTRYPOINT ["java", "-Djava.security.egd=file:/dev/./urandom", "-jar", "app.jar"]

direct-object-references/src/main/java/de/dominikschadow/javasecurity/Application.java

@@ -0,0 +1,33 @@
+/*
+ * Copyright (C) 2017 Dominik Schadow, dominikschadow@gmail.com
+ *
+ * This file is part of the Java Security project.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package de.dominikschadow.javasecurity;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+/**
+ * Starter class for the Spring Boot application.
+ *
+ * @author Dominik Schadow
+ */
+@SpringBootApplication
+public class Application {
+    public static void main(String[] args) {
+        SpringApplication.run(Application.class, args);
+    }
+}

direct-object-references/src/main/java/de/dominikschadow/javasecurity/DownloadServlet.java

@@ -0,0 +1,66 @@
+package de.dominikschadow.javasecurity;
+
+import org.owasp.esapi.errors.AccessControlException;
+import org.owasp.esapi.reference.RandomAccessReferenceMap;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.UrlResource;
+import org.springframework.stereotype.Service;
+
+import javax.annotation.PostConstruct;
+import java.io.File;
+import java.net.MalformedURLException;
+import java.util.HashSet;
+import java.util.Set;
+
+@Service
+public class ResourceService {
+    private static final Logger log = LoggerFactory.getLogger(ResourceService.class);
+    private final Set<Object> resources = new HashSet<>();
+    private final RandomAccessReferenceMap referenceMap = new RandomAccessReferenceMap(resources);
+    private final String rootLocation;
+
+    public ResourceService() {
+        this.rootLocation = "http://localhost:8080/files/";
+    }
+
+    @PostConstruct
+    protected void init() {
+        File coverImage = new File("cover.pdf");
+        referenceMap.addDirectReference(coverImage);
+        resources.add(coverImage);
+
+        File coverPdf = new File("cover.jpg");
+        referenceMap.addDirectReference(coverPdf);
+        resources.add(coverPdf);
+    }
+
+    public Set<String> getAllIndirectReferences() {
+        Set<String> indirectReferences = new HashSet<>();
+
+        for (Object file : resources) {
+            String indirectReference = referenceMap.getIndirectReference(file);
+            indirectReferences.add(indirectReference);
+        }
+
+        return indirectReferences;
+    }
+
+    public File getFileByIndirectReference(String indirectReference) throws AccessControlException {
+        File file = referenceMap.getDirectReference(indirectReference);
+
+        log.info("File name {}", file.getName());
+
+        return file;
+    }
+
+    public Resource loadAsResource(String filename) throws MalformedURLException {
+        Resource resource = new UrlResource(rootLocation + filename);
+        if (resource.exists() || resource.isReadable()) {
+            return resource;
+        }
+
+        return null;
+    }
+}