Remove remaining usage of WebSecurityConfigurerAdapter

This commit is contained in:
Marcus Da Coregio 2021-12-15 09:22:31 -03:00
parent f1c448becc
commit c5a2162b07
11 changed files with 108 additions and 91 deletions

View File

@ -20,10 +20,10 @@ import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
import static org.springframework.security.config.Customizer.withDefaults; import static org.springframework.security.config.Customizer.withDefaults;
@ -34,19 +34,20 @@ import static org.springframework.security.config.Customizer.withDefaults;
*/ */
@Configuration @Configuration
@EnableWebSecurity @EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter { public class SecurityConfiguration {
@Override @Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
// @formatter:off // @formatter:off
protected void configure(HttpSecurity http) throws Exception {
http http
.authorizeHttpRequests((authorize) -> authorize .authorizeHttpRequests((authorize) -> authorize
.anyRequest().authenticated() .anyRequest().authenticated()
) )
.httpBasic(withDefaults()) .httpBasic(withDefaults())
.formLogin(withDefaults()); .formLogin(withDefaults());
}
// @formatter:on // @formatter:on
return http.build();
}
// @formatter:off // @formatter:off
@Bean @Bean

View File

@ -31,7 +31,6 @@ import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.Customizer; import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer; import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.User;
@ -43,6 +42,7 @@ import org.springframework.security.oauth2.jwt.NimbusJwtEncoder;
import org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationEntryPoint; import org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationEntryPoint;
import org.springframework.security.oauth2.server.resource.web.access.BearerTokenAccessDeniedHandler; import org.springframework.security.oauth2.server.resource.web.access.BearerTokenAccessDeniedHandler;
import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
/** /**
* Security configuration for the main application. * Security configuration for the main application.
@ -50,7 +50,7 @@ import org.springframework.security.provisioning.InMemoryUserDetailsManager;
* @author Josh Cummings * @author Josh Cummings
*/ */
@Configuration @Configuration
public class RestConfig extends WebSecurityConfigurerAdapter { public class RestConfig {
@Value("${jwt.public.key}") @Value("${jwt.public.key}")
RSAPublicKey key; RSAPublicKey key;
@ -58,8 +58,8 @@ public class RestConfig extends WebSecurityConfigurerAdapter {
@Value("${jwt.private.key}") @Value("${jwt.private.key}")
RSAPrivateKey priv; RSAPrivateKey priv;
@Override @Bean
protected void configure(HttpSecurity http) throws Exception { public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
// @formatter:off // @formatter:off
http http
.authorizeHttpRequests((authorize) -> authorize .authorizeHttpRequests((authorize) -> authorize
@ -74,6 +74,7 @@ public class RestConfig extends WebSecurityConfigurerAdapter {
.accessDeniedHandler(new BearerTokenAccessDeniedHandler()) .accessDeniedHandler(new BearerTokenAccessDeniedHandler())
); );
// @formatter:on // @formatter:on
return http.build();
} }
@Bean @Bean

View File

@ -16,10 +16,12 @@
package example.web; package example.web;
import example.RestConfig;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest; import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
import org.springframework.context.annotation.Import;
import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.MvcResult; import org.springframework.test.web.servlet.MvcResult;
@ -35,6 +37,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
* @author Josh Cummings * @author Josh Cummings
*/ */
@WebMvcTest({ HelloController.class, TokenController.class }) @WebMvcTest({ HelloController.class, TokenController.class })
@Import(RestConfig.class)
public class HelloControllerTests { public class HelloControllerTests {
@Autowired @Autowired

View File

@ -44,7 +44,6 @@ import org.springframework.context.annotation.Bean;
import org.springframework.http.HttpStatus; import org.springframework.http.HttpStatus;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient; import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest; import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
@ -63,6 +62,7 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
import org.springframework.security.oauth2.core.user.DefaultOAuth2User; import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
import org.springframework.security.oauth2.core.user.OAuth2User; import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.security.oauth2.core.user.OAuth2UserAuthority; import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.MockMvc;
import org.springframework.web.util.UriComponents; import org.springframework.web.util.UriComponents;
import org.springframework.web.util.UriComponentsBuilder; import org.springframework.web.util.UriComponentsBuilder;
@ -328,11 +328,11 @@ public class OAuth2LoginApplicationTests {
} }
@EnableWebSecurity @EnableWebSecurity
public static class SecurityTestConfig extends WebSecurityConfigurerAdapter { public static class SecurityTestConfig {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
// @formatter:off // @formatter:off
@Override
protected void configure(HttpSecurity http) throws Exception {
http http
.authorizeHttpRequests((authorize) -> authorize .authorizeHttpRequests((authorize) -> authorize
.anyRequest().authenticated() .anyRequest().authenticated()
@ -341,8 +341,9 @@ public class OAuth2LoginApplicationTests {
.tokenEndpoint((token) -> token.accessTokenResponseClient(mockAccessTokenResponseClient())) .tokenEndpoint((token) -> token.accessTokenResponseClient(mockAccessTokenResponseClient()))
.userInfoEndpoint((userInfo) -> userInfo.userService(mockUserService())) .userInfoEndpoint((userInfo) -> userInfo.userService(mockUserService()))
); );
}
// @formatter:on // @formatter:on
return http.build();
}
private OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> mockAccessTokenResponseClient() { private OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> mockAccessTokenResponseClient() {
OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234") OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234")

View File

@ -20,10 +20,10 @@ import org.springframework.context.annotation.Bean;
import org.springframework.http.HttpMethod; import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer; import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
import org.springframework.security.oauth2.jwt.JwtDecoder; import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.jwt.NimbusJwtDecoder; import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
import org.springframework.security.web.SecurityFilterChain;
/** /**
* OAuth resource configuration. * OAuth resource configuration.
@ -31,13 +31,13 @@ import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
* @author Josh Cummings * @author Josh Cummings
*/ */
@EnableWebSecurity @EnableWebSecurity
public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfigurerAdapter { public class OAuth2ResourceServerSecurityConfiguration {
@Value("${spring.security.oauth2.resourceserver.jwt.jwk-set-uri}") @Value("${spring.security.oauth2.resourceserver.jwt.jwk-set-uri}")
String jwkSetUri; String jwkSetUri;
@Override @Bean
protected void configure(HttpSecurity http) throws Exception { public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
// @formatter:off // @formatter:off
http http
.authorizeHttpRequests((authorize) -> authorize .authorizeHttpRequests((authorize) -> authorize
@ -47,6 +47,7 @@ public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfig
) )
.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt); .oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
// @formatter:on // @formatter:on
return http.build();
} }
@Bean @Bean

View File

@ -19,6 +19,7 @@ import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest; import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
import org.springframework.context.annotation.Import;
import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.MockMvc;
@ -36,6 +37,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
* *
*/ */
@WebMvcTest(OAuth2ResourceServerController.class) @WebMvcTest(OAuth2ResourceServerController.class)
@Import(OAuth2ResourceServerSecurityConfiguration.class)
public class OAuth2ResourceServerControllerTests { public class OAuth2ResourceServerControllerTests {
@Autowired @Autowired

View File

@ -42,9 +42,9 @@ import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.oauth2.jwt.JwtDecoder; import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.jwt.NimbusJwtDecoder; import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
import org.springframework.security.web.SecurityFilterChain;
import static org.springframework.security.config.Customizer.withDefaults; import static org.springframework.security.config.Customizer.withDefaults;
@ -54,7 +54,7 @@ import static org.springframework.security.config.Customizer.withDefaults;
* @author Josh Cummings * @author Josh Cummings
*/ */
@EnableWebSecurity @EnableWebSecurity
public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfigurerAdapter { public class OAuth2ResourceServerSecurityConfiguration {
private final JWSAlgorithm jwsAlgorithm = JWSAlgorithm.RS256; private final JWSAlgorithm jwsAlgorithm = JWSAlgorithm.RS256;
@ -68,8 +68,8 @@ public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfig
@Value("${sample.jwe-key-value}") @Value("${sample.jwe-key-value}")
RSAPrivateKey key; RSAPrivateKey key;
@Override @Bean
protected void configure(HttpSecurity http) throws Exception { public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
// @formatter:off // @formatter:off
http http
.authorizeHttpRequests((authorize) -> authorize .authorizeHttpRequests((authorize) -> authorize
@ -78,6 +78,7 @@ public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfig
) )
.oauth2ResourceServer((oauth2) -> oauth2.jwt(withDefaults())); .oauth2ResourceServer((oauth2) -> oauth2.jwt(withDefaults()));
// @formatter:on // @formatter:on
return http.build();
} }
@Bean @Bean

View File

@ -16,10 +16,11 @@
package example; package example;
import org.springframework.beans.factory.annotation.Value; import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.http.HttpMethod; import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.web.SecurityFilterChain;
/** /**
* OAuth2 Security Configuration. * OAuth2 Security Configuration.
@ -27,7 +28,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
* @author Josh Cummings * @author Josh Cummings
*/ */
@EnableWebSecurity @EnableWebSecurity
public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfigurerAdapter { public class OAuth2ResourceServerSecurityConfiguration {
@Value("${spring.security.oauth2.resourceserver.opaque.introspection-uri}") @Value("${spring.security.oauth2.resourceserver.opaque.introspection-uri}")
String introspectionUri; String introspectionUri;
@ -38,8 +39,8 @@ public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfig
@Value("${spring.security.oauth2.resourceserver.opaque.introspection-client-secret}") @Value("${spring.security.oauth2.resourceserver.opaque.introspection-client-secret}")
String clientSecret; String clientSecret;
@Override @Bean
protected void configure(HttpSecurity http) throws Exception { public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
// @formatter:off // @formatter:off
http http
.authorizeHttpRequests((authorize) -> authorize .authorizeHttpRequests((authorize) -> authorize
@ -54,6 +55,7 @@ public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfig
) )
); );
// @formatter:on // @formatter:on
return http.build();
} }
} }

View File

@ -19,6 +19,7 @@ import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest; import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
import org.springframework.context.annotation.Import;
import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors; import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors;
import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.MockMvc;
@ -36,6 +37,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
* @since 5.3 * @since 5.3
*/ */
@WebMvcTest(OAuth2ResourceServerController.class) @WebMvcTest(OAuth2ResourceServerController.class)
@Import(OAuth2ResourceServerSecurityConfiguration.class)
public class OAuth2ResourceServerControllerTests { public class OAuth2ResourceServerControllerTests {
@Autowired @Autowired

View File

@ -18,11 +18,11 @@ package example;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
import static org.springframework.security.config.Customizer.withDefaults; import static org.springframework.security.config.Customizer.withDefaults;
@ -32,10 +32,10 @@ import static org.springframework.security.config.Customizer.withDefaults;
* @author Joe Grandja * @author Joe Grandja
*/ */
@EnableWebSecurity @EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter { public class SecurityConfiguration {
@Override @Bean
protected void configure(HttpSecurity http) throws Exception { public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
// @formatter:off // @formatter:off
http http
.authorizeHttpRequests((authorize) -> authorize .authorizeHttpRequests((authorize) -> authorize
@ -46,6 +46,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
.oauth2Login(withDefaults()) .oauth2Login(withDefaults())
.oauth2Client(withDefaults()); .oauth2Client(withDefaults());
// @formatter:on // @formatter:on
return http.build();
} }
@Bean @Bean

View File

@ -19,19 +19,20 @@ package org.springframework.security.samples.config
import org.springframework.context.annotation.Bean import org.springframework.context.annotation.Bean
import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.web.servlet.invoke import org.springframework.security.config.web.servlet.invoke
import org.springframework.security.core.userdetails.User import org.springframework.security.core.userdetails.User
import org.springframework.security.core.userdetails.UserDetailsService import org.springframework.security.core.userdetails.UserDetailsService
import org.springframework.security.provisioning.InMemoryUserDetailsManager import org.springframework.security.provisioning.InMemoryUserDetailsManager
import org.springframework.security.web.SecurityFilterChain
/** /**
* @author Eleftheria Stein * @author Eleftheria Stein
*/ */
@EnableWebSecurity @EnableWebSecurity
class SecurityConfig : WebSecurityConfigurerAdapter() { class SecurityConfig {
override fun configure(http: HttpSecurity) { @Bean
fun filterChain(http: HttpSecurity): SecurityFilterChain {
http { http {
authorizeRequests { authorizeRequests {
authorize("/css/**", permitAll) authorize("/css/**", permitAll)
@ -41,10 +42,11 @@ class SecurityConfig : WebSecurityConfigurerAdapter() {
loginPage = "/log-in" loginPage = "/log-in"
} }
} }
return http.build()
} }
@Bean @Bean
public override fun userDetailsService(): UserDetailsService { fun userDetailsService(): UserDetailsService {
val userDetails = User.withDefaultPasswordEncoder() val userDetails = User.withDefaultPasswordEncoder()
.username("user") .username("user")
.password("password") .password("password")