diff --git a/servlet/java-configuration/authentication/preauth/src/main/java/example/SecurityConfiguration.java b/servlet/java-configuration/authentication/preauth/src/main/java/example/SecurityConfiguration.java index 72b2b24..c2c4592 100644 --- a/servlet/java-configuration/authentication/preauth/src/main/java/example/SecurityConfiguration.java +++ b/servlet/java-configuration/authentication/preauth/src/main/java/example/SecurityConfiguration.java @@ -18,26 +18,27 @@ package example; import org.springframework.context.annotation.Bean; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.provisioning.InMemoryUserDetailsManager; +import org.springframework.security.web.SecurityFilterChain; @EnableWebSecurity -public class SecurityConfiguration extends WebSecurityConfigurerAdapter { +public class SecurityConfiguration { - // @formatter:off - @Override - protected void configure(HttpSecurity http) throws Exception { + @Bean + public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { + // @formatter:off http - .authorizeHttpRequests((authorize) -> authorize - .antMatchers("/login", "/resources/**").permitAll() - .anyRequest().authenticated() - ) - .jee((jee) -> jee.mappableRoles("USER", "ADMIN")); + .authorizeHttpRequests((authorize) -> authorize + .antMatchers("/login", "/resources/**").permitAll() + .anyRequest().authenticated() + ) + .jee((jee) -> jee.mappableRoles("USER", "ADMIN")); + // @formatter:on + return http.build(); } - // @formatter:on // @formatter:off @Bean diff --git a/servlet/java-configuration/authentication/remember-me/src/main/java/example/SecurityConfiguration.java b/servlet/java-configuration/authentication/remember-me/src/main/java/example/SecurityConfiguration.java index 9fcee8f..f8c4fab 100644 --- a/servlet/java-configuration/authentication/remember-me/src/main/java/example/SecurityConfiguration.java +++ b/servlet/java-configuration/authentication/remember-me/src/main/java/example/SecurityConfiguration.java @@ -18,31 +18,30 @@ package example; import org.springframework.context.annotation.Bean; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.provisioning.InMemoryUserDetailsManager; - -import static org.springframework.security.config.Customizer.withDefaults; +import org.springframework.security.web.SecurityFilterChain; @EnableWebSecurity -public class SecurityConfiguration extends WebSecurityConfigurerAdapter { +public class SecurityConfiguration { - @Override - // @formatter:off - protected void configure(HttpSecurity http) throws Exception { + @Bean + public SecurityFilterChain securityFilterChain(HttpSecurity http, UserDetailsService users) throws Exception { + // @formatter:off http - .authorizeRequests((authorize) -> authorize - .anyRequest().authenticated() - ) - .formLogin((form) -> form - .loginPage("/login") - .permitAll() - ) - .rememberMe(withDefaults()); + .authorizeRequests((authorize) -> authorize + .anyRequest().authenticated() + ) + .formLogin((form) -> form + .loginPage("/login") + .permitAll() + ) + .rememberMe((rememberMe) -> rememberMe.userDetailsService(users)); + // @formatter:on + return http.build(); } - // @formatter:on // @formatter:off @Bean diff --git a/servlet/java-configuration/authentication/username-password/form/src/main/java/example/SecurityConfiguration.java b/servlet/java-configuration/authentication/username-password/form/src/main/java/example/SecurityConfiguration.java index 1a99d4d..1189f50 100644 --- a/servlet/java-configuration/authentication/username-password/form/src/main/java/example/SecurityConfiguration.java +++ b/servlet/java-configuration/authentication/username-password/form/src/main/java/example/SecurityConfiguration.java @@ -18,28 +18,29 @@ package example; import org.springframework.context.annotation.Bean; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.provisioning.InMemoryUserDetailsManager; +import org.springframework.security.web.SecurityFilterChain; @EnableWebSecurity -public class SecurityConfiguration extends WebSecurityConfigurerAdapter { +public class SecurityConfiguration { - @Override - // @formatter:off - protected void configure(HttpSecurity http) throws Exception { + @Bean + public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { + // @formatter:off http - .authorizeRequests((authorize) -> authorize - .anyRequest().authenticated() - ) - .formLogin((form) -> form - .loginPage("/login") - .permitAll() - ); + .authorizeRequests((authorize) -> authorize + .anyRequest().authenticated() + ) + .formLogin((form) -> form + .loginPage("/login") + .permitAll() + ); + // @formatter:on + return http.build(); } - // @formatter:on // @formatter:off @Bean diff --git a/servlet/java-configuration/authentication/username-password/in-memory/src/main/java/example/SecurityConfiguration.java b/servlet/java-configuration/authentication/username-password/in-memory/src/main/java/example/SecurityConfiguration.java index c7cd1d5..ba51243 100644 --- a/servlet/java-configuration/authentication/username-password/in-memory/src/main/java/example/SecurityConfiguration.java +++ b/servlet/java-configuration/authentication/username-password/in-memory/src/main/java/example/SecurityConfiguration.java @@ -17,14 +17,13 @@ package example; import org.springframework.context.annotation.Bean; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.provisioning.InMemoryUserDetailsManager; @EnableWebSecurity -public class SecurityConfiguration extends WebSecurityConfigurerAdapter { +public class SecurityConfiguration { // @formatter:off @Bean diff --git a/servlet/java-configuration/authentication/username-password/jdbc/src/main/java/example/DataSourceConfiguration.java b/servlet/java-configuration/authentication/username-password/jdbc/src/main/java/example/DataSourceConfiguration.java index 014a521..b9c464f 100644 --- a/servlet/java-configuration/authentication/username-password/jdbc/src/main/java/example/DataSourceConfiguration.java +++ b/servlet/java-configuration/authentication/username-password/jdbc/src/main/java/example/DataSourceConfiguration.java @@ -34,7 +34,8 @@ public class DataSourceConfiguration { @Bean public DataSource dataSource() { EmbeddedDatabaseBuilder builder = new EmbeddedDatabaseBuilder(); - return builder.setType(EmbeddedDatabaseType.HSQL).build(); + return builder.setType(EmbeddedDatabaseType.HSQL) + .addScript("classpath:org/springframework/security/core/userdetails/jdbc/users.ddl").build(); } } diff --git a/servlet/java-configuration/authentication/username-password/jdbc/src/main/java/example/SecurityConfiguration.java b/servlet/java-configuration/authentication/username-password/jdbc/src/main/java/example/SecurityConfiguration.java index 2ab407f..ef80bbb 100644 --- a/servlet/java-configuration/authentication/username-password/jdbc/src/main/java/example/SecurityConfiguration.java +++ b/servlet/java-configuration/authentication/username-password/jdbc/src/main/java/example/SecurityConfiguration.java @@ -17,28 +17,27 @@ package example; import javax.sql.DataSource; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.context.annotation.Bean; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.provisioning.JdbcUserDetailsManager; +import org.springframework.security.provisioning.UserDetailsManager; @EnableWebSecurity -public class SecurityConfiguration extends WebSecurityConfigurerAdapter { +public class SecurityConfiguration { - @Autowired - DataSource dataSource; - - // @formatter:off - @Autowired - public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { - auth - .jdbcAuthentication() - .dataSource(this.dataSource) - .withDefaultSchema() - .withUser(User.withDefaultPasswordEncoder().username("user").password("password").roles("USER")) - .withUser(User.withDefaultPasswordEncoder().username("admin").password("password").roles("ADMIN", "USER")); + @Bean + UserDetailsManager users(DataSource dataSource) { + UserDetails user = User.builder().username("user") + .password("{bcrypt}$2a$10$AiyMWI4UBLozgXq6itzyVuxrtofjcPzn/WS3fOrcqgzdax9jB7Io.").roles("USER").build(); + UserDetails admin = User.builder().username("admin") + .password("{bcrypt}$2a$10$AiyMWI4UBLozgXq6itzyVuxrtofjcPzn/WS3fOrcqgzdax9jB7Io.").roles("USER", "ADMIN") + .build(); + JdbcUserDetailsManager users = new JdbcUserDetailsManager(dataSource); + users.createUser(user); + users.createUser(admin); + return users; } - // @formatter:on } diff --git a/servlet/java-configuration/authentication/x509/src/main/java/example/SecurityConfiguration.java b/servlet/java-configuration/authentication/x509/src/main/java/example/SecurityConfiguration.java index 11554d6..e8223dd 100644 --- a/servlet/java-configuration/authentication/x509/src/main/java/example/SecurityConfiguration.java +++ b/servlet/java-configuration/authentication/x509/src/main/java/example/SecurityConfiguration.java @@ -18,27 +18,28 @@ package example; import org.springframework.context.annotation.Bean; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.provisioning.InMemoryUserDetailsManager; +import org.springframework.security.web.SecurityFilterChain; import static org.springframework.security.config.Customizer.withDefaults; @EnableWebSecurity -public class SecurityConfiguration extends WebSecurityConfigurerAdapter { +public class SecurityConfiguration { - @Override - // @formatter:off - protected void configure(HttpSecurity http) throws Exception { + @Bean + public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { + // @formatter:off http - .authorizeHttpRequests((authorize) -> authorize - .anyRequest().authenticated() - ) - .x509(withDefaults()); + .authorizeHttpRequests((authorize) -> authorize + .anyRequest().authenticated() + ) + .x509(withDefaults()); + // @formatter:on + return http.build(); } - // @formatter:on // @formatter:off @Bean diff --git a/servlet/java-configuration/hello-mvc-security/src/main/java/example/SecurityConfiguration.java b/servlet/java-configuration/hello-mvc-security/src/main/java/example/SecurityConfiguration.java index 039e3fb..64d6fbb 100644 --- a/servlet/java-configuration/hello-mvc-security/src/main/java/example/SecurityConfiguration.java +++ b/servlet/java-configuration/hello-mvc-security/src/main/java/example/SecurityConfiguration.java @@ -18,28 +18,29 @@ package example; import org.springframework.context.annotation.Bean; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.provisioning.InMemoryUserDetailsManager; +import org.springframework.security.web.SecurityFilterChain; import static org.springframework.security.config.Customizer.withDefaults; @EnableWebSecurity -public class SecurityConfiguration extends WebSecurityConfigurerAdapter { +public class SecurityConfiguration { - @Override - // @formatter:off - protected void configure(HttpSecurity http) throws Exception { + @Bean + public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { + // @formatter:off http - .authorizeHttpRequests((authorize) -> authorize - .anyRequest().authenticated() - ) - .httpBasic(withDefaults()) - .formLogin(withDefaults()); + .authorizeHttpRequests((authorize) -> authorize + .anyRequest().authenticated() + ) + .httpBasic(withDefaults()) + .formLogin(withDefaults()); + // @formatter:on + return http.build(); } - // @formatter:on // @formatter:off @Bean diff --git a/servlet/java-configuration/hello-security-explicit/src/main/java/example/SecurityConfiguration.java b/servlet/java-configuration/hello-security-explicit/src/main/java/example/SecurityConfiguration.java index 039e3fb..64d6fbb 100644 --- a/servlet/java-configuration/hello-security-explicit/src/main/java/example/SecurityConfiguration.java +++ b/servlet/java-configuration/hello-security-explicit/src/main/java/example/SecurityConfiguration.java @@ -18,28 +18,29 @@ package example; import org.springframework.context.annotation.Bean; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.provisioning.InMemoryUserDetailsManager; +import org.springframework.security.web.SecurityFilterChain; import static org.springframework.security.config.Customizer.withDefaults; @EnableWebSecurity -public class SecurityConfiguration extends WebSecurityConfigurerAdapter { +public class SecurityConfiguration { - @Override - // @formatter:off - protected void configure(HttpSecurity http) throws Exception { + @Bean + public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { + // @formatter:off http - .authorizeHttpRequests((authorize) -> authorize - .anyRequest().authenticated() - ) - .httpBasic(withDefaults()) - .formLogin(withDefaults()); + .authorizeHttpRequests((authorize) -> authorize + .anyRequest().authenticated() + ) + .httpBasic(withDefaults()) + .formLogin(withDefaults()); + // @formatter:on + return http.build(); } - // @formatter:on // @formatter:off @Bean diff --git a/servlet/java-configuration/max-sessions/src/main/java/example/SecurityConfiguration.java b/servlet/java-configuration/max-sessions/src/main/java/example/SecurityConfiguration.java index e8e41ad..02db070 100644 --- a/servlet/java-configuration/max-sessions/src/main/java/example/SecurityConfiguration.java +++ b/servlet/java-configuration/max-sessions/src/main/java/example/SecurityConfiguration.java @@ -20,17 +20,35 @@ import org.springframework.context.annotation.Bean; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.provisioning.InMemoryUserDetailsManager; +import org.springframework.security.web.SecurityFilterChain; import static org.springframework.security.config.Customizer.withDefaults; @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) -public class SecurityConfiguration extends WebSecurityConfigurerAdapter { +public class SecurityConfiguration { + + @Bean + public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { + // @formatter:off + http + .authorizeHttpRequests((authorize) -> authorize + .anyRequest().authenticated() + ) + .formLogin(withDefaults()) + .sessionManagement((sessions) -> sessions + .sessionConcurrency((concurrency) -> concurrency + .maximumSessions(1) + .expiredUrl("/login?expired") + ) + ); + // @formatter:on + return http.build(); + } // @formatter:off @Bean @@ -44,21 +62,4 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter { } // @formatter:on - // @formatter:off - @Override - protected void configure(HttpSecurity http) throws Exception { - http - .authorizeHttpRequests((authorize) -> authorize - .anyRequest().authenticated() - ) - .formLogin(withDefaults()) - .sessionManagement((sessions) -> sessions - .sessionConcurrency((concurrency) -> concurrency - .maximumSessions(1) - .expiredUrl("/login?expired") - ) - ); - } - // @formatter:on - } diff --git a/servlet/spring-boot/java/oauth2/resource-server/static/src/main/java/example/OAuth2ResourceServerSecurityConfiguration.java b/servlet/spring-boot/java/oauth2/resource-server/static/src/main/java/example/OAuth2ResourceServerSecurityConfiguration.java index bcaa99d..edb3e1b 100644 --- a/servlet/spring-boot/java/oauth2/resource-server/static/src/main/java/example/OAuth2ResourceServerSecurityConfiguration.java +++ b/servlet/spring-boot/java/oauth2/resource-server/static/src/main/java/example/OAuth2ResourceServerSecurityConfiguration.java @@ -19,35 +19,36 @@ import java.security.interfaces.RSAPublicKey; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.oauth2.jwt.JwtDecoder; import org.springframework.security.oauth2.jwt.NimbusJwtDecoder; +import org.springframework.security.web.SecurityFilterChain; /** * OAuth2 Resource Server Configuration. * * @author Josh Cummings */ -@EnableWebSecurity -public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfigurerAdapter { +@Configuration +public class OAuth2ResourceServerSecurityConfiguration { @Value("${spring.security.oauth2.resourceserver.jwt.key-value}") RSAPublicKey key; - @Override - protected void configure(HttpSecurity http) throws Exception { + @Bean + public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { // @formatter:off http - .authorizeHttpRequests((authorize) -> authorize - .mvcMatchers("/message/**").hasAuthority("SCOPE_message:read") - .anyRequest().authenticated() - ) - .oauth2ResourceServer((oauth2) -> oauth2 - .jwt((jwt) -> jwt.decoder(jwtDecoder())) - ); + .authorizeHttpRequests((authorize) -> authorize + .mvcMatchers("/message/**").hasAuthority("SCOPE_message:read") + .anyRequest().authenticated() + ) + .oauth2ResourceServer((oauth2) -> oauth2 + .jwt((jwt) -> jwt.decoder(jwtDecoder())) + ); // @formatter:on + return http.build(); } @Bean