Remove references to WebSecurityConfigurerAdapter in EnableWebSecurity

Closes gh-11277
This commit is contained in:
Steve Riesenberg 2022-07-29 14:29:45 -05:00 committed by Steve Riesenberg
parent 24033be046
commit 09173c95d6
1 changed files with 25 additions and 17 deletions

View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2020 the original author or authors. * Copyright 2002-2022 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -26,48 +26,56 @@ import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import; import org.springframework.context.annotation.Import;
import org.springframework.security.config.annotation.authentication.configuration.EnableGlobalAuthentication; import org.springframework.security.config.annotation.authentication.configuration.EnableGlobalAuthentication;
import org.springframework.security.config.annotation.web.WebSecurityConfigurer; import org.springframework.security.config.annotation.web.WebSecurityConfigurer;
import org.springframework.security.web.SecurityFilterChain;
/** /**
* Add this annotation to an {@code @Configuration} class to have the Spring Security * Add this annotation to an {@code @Configuration} class to have the Spring Security
* configuration defined in any {@link WebSecurityConfigurer} or more likely by extending * configuration defined in any {@link WebSecurityConfigurer} or more likely by exposing a
* the {@link WebSecurityConfigurerAdapter} base class and overriding individual methods: * {@link SecurityFilterChain} bean:
* *
* <pre class="code"> * <pre class="code">
* &#064;Configuration * &#064;Configuration
* &#064;EnableWebSecurity * &#064;EnableWebSecurity
* public class MyWebSecurityConfiguration extends WebSecurityConfigurerAdapter { * public class MyWebSecurityConfiguration {
* *
* &#064;Override * &#064;Bean
* public void configure(WebSecurity web) throws Exception { * public WebSecurityCustomizer webSecurityCustomizer() {
* web.ignoring() * return (web) -> web.ignoring()
* // Spring Security should completely ignore URLs starting with /resources/ * // Spring Security should completely ignore URLs starting with /resources/
* .antMatchers(&quot;/resources/**&quot;); * .antMatchers(&quot;/resources/**&quot;);
* } * }
* *
* &#064;Override * &#064;Bean
* protected void configure(HttpSecurity http) throws Exception { * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
* http.authorizeRequests().antMatchers(&quot;/public/**&quot;).permitAll().anyRequest() * http.authorizeRequests().antMatchers(&quot;/public/**&quot;).permitAll().anyRequest()
* .hasRole(&quot;USER&quot;).and() * .hasRole(&quot;USER&quot;).and()
* // Possibly more configuration ... * // Possibly more configuration ...
* .formLogin() // enable form based log in * .formLogin() // enable form based log in
* // set permitAll for all URLs associated with Form Login * // set permitAll for all URLs associated with Form Login
* .permitAll(); * .permitAll();
* return http.build();
* } * }
* *
* &#064;Override * &#064;Bean
* protected void configure(AuthenticationManagerBuilder auth) throws Exception { * public UserDetailsService userDetailsService() {
* auth * UserDetails user = User.withDefaultPasswordEncoder()
* // enable in memory based authentication with a user named &quot;user&quot; and &quot;admin&quot; * .username(&quot;user&quot;)
* .inMemoryAuthentication().withUser(&quot;user&quot;).password(&quot;password&quot;).roles(&quot;USER&quot;) * .password(&quot;password&quot;)
* .and().withUser(&quot;admin&quot;).password(&quot;password&quot;).roles(&quot;USER&quot;, &quot;ADMIN&quot;); * .roles(&quot;USER&quot;)
* .build();
* UserDetails admin = User.withDefaultPasswordEncoder()
* .username(&quot;admin&quot;)
* .password(&quot;password&quot;)
* .roles(&quot;ADMIN&quot;, &quot;USER&quot;)
* .build();
* return new InMemoryUserDetailsManager(user, admin);
* } * }
* *
* // Possibly more overridden methods ... * // Possibly more bean methods ...
* } * }
* </pre> * </pre>
* *
* @see WebSecurityConfigurer * @see WebSecurityConfigurer
* @see WebSecurityConfigurerAdapter
* *
* @author Rob Winch * @author Rob Winch
* @since 3.2 * @since 3.2