iSharkFly-Docs/java-tutorials
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Java-27655 | removed deprecated WebSecurityConfigAdapter from security-modules/jjwt module

Browse Source
This commit is contained in:
gaepi 2023-11-26 13:33:08 +01:00
parent 033fff1e5e
commit 0973a63e5c
1 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
security-modules/jjwt/src/main/java/io/jsonwebtoken/jjwtfun/config/WebSecurityConfig.java
View File

@ -4,9 +4,11 @@ import io.jsonwebtoken.JwtException;
import io.jsonwebtoken.Jwts; import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.jjwtfun.service.SecretService; import io.jsonwebtoken.jjwtfun.service.SecretService;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.csrf.CsrfFilter; import org.springframework.security.web.csrf.CsrfFilter;
import org.springframework.security.web.csrf.CsrfToken; import org.springframework.security.web.csrf.CsrfToken;
import org.springframework.security.web.csrf.CsrfTokenRepository; import org.springframework.security.web.csrf.CsrfTokenRepository;
@ -21,19 +23,19 @@ import java.io.IOException;
import java.util.Arrays; import java.util.Arrays;
@Configuration @Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter { public class WebSecurityConfig {
@Autowired @Autowired
CsrfTokenRepository jwtCsrfTokenRepository; private CsrfTokenRepository jwtCsrfTokenRepository;
@Autowired @Autowired
SecretService secretService; private SecretService secretService;
// ordered so we can use binary search below // ordered so we can use binary search below
private String[] ignoreCsrfAntMatchers = { "/dynamic-builder-compress", "/dynamic-builder-general", "/dynamic-builder-specific", "/set-secrets" }; private final String[] ignoreCsrfAntMatchers = { "/dynamic-builder-compress", "/dynamic-builder-general", "/dynamic-builder-specific", "/set-secrets" };
@Override @Bean
protected void configure(HttpSecurity http) throws Exception { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.addFilterAfter(new JwtCsrfValidatorFilter(), CsrfFilter.class) http.addFilterAfter(new JwtCsrfValidatorFilter(), CsrfFilter.class)
.csrf() .csrf()
.csrfTokenRepository(jwtCsrfTokenRepository) .csrfTokenRepository(jwtCsrfTokenRepository)
@ -42,6 +44,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
.authorizeRequests() .authorizeRequests()
.antMatchers("/**") .antMatchers("/**")
.permitAll(); .permitAll();
return http.build();
} }
private class JwtCsrfValidatorFilter extends OncePerRequestFilter { private class JwtCsrfValidatorFilter extends OncePerRequestFilter {