JAVA-14868 Update spring-security-web-sockets module under spring-security-modules to remove usage of deprecated WebSecurityConfigurerAdapter

2022-09-21 20:25:28 +05:30 · 2022-09-21 20:25:28 +05:30 · 0b9cb50f23
parent 29d9ddb3b1
commit 0b9cb50f23
1 changed files with 64 additions and 57 deletions
--- a/spring-security-modules/spring-security-web-sockets/src/main/java/com/baeldung/springsecuredsockets/config/SecurityConfig.java
+++ b/spring-security-modules/spring-security-web-sockets/src/main/java/com/baeldung/springsecuredsockets/config/SecurityConfig.java
@ -1,26 +1,28 @@
 package com.baeldung.springsecuredsockets.config;

+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.access.AccessDeniedHandler;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
+
 import com.baeldung.springsecuredsockets.security.CustomAccessDeniedHandler;
 import com.baeldung.springsecuredsockets.security.CustomDaoAuthenticationProvider;
 import com.baeldung.springsecuredsockets.security.CustomLoginSuccessHandler;
 import com.baeldung.springsecuredsockets.security.CustomLogoutSuccessHandler;
 import com.baeldung.springsecuredsockets.security.CustomUserDetailsService;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.ComponentScan;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.builders.WebSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
-import org.springframework.security.crypto.password.PasswordEncoder;
-import org.springframework.security.web.access.AccessDeniedHandler;
-import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
-import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;

 /**
 * @EnableGlobalAuthentication annotates:
@ -36,7 +38,7 @@ import org.springframework.security.web.authentication.logout.LogoutSuccessHandl
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
@EnableWebSecurity
@ComponentScan("com.baeldung.springsecuredsockets")
-public class SecurityConfig extends WebSecurityConfigurerAdapter {
+public class SecurityConfig {

    @Autowired
    private CustomUserDetailsService customUserDetailsService;
@ -82,54 +84,59 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
     * <p>
     * Matching occurs from top to bottom - so, the topmost match succeeds first.
     */
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        http
-                .authorizeRequests()
-                .antMatchers("/", "/index", "/authenticate")
-                .permitAll()
-                .antMatchers("/secured/**/**", "/secured/**/**/**", "/secured/socket", "/secured/success")
-                .authenticated()
-                .anyRequest().authenticated()
-                .and()
-                .formLogin()
-                .loginPage("/login").permitAll()
-                .usernameParameter("username")
-                .passwordParameter("password")
-                .loginProcessingUrl("/authenticate")
-                .successHandler(loginSuccessHandler())
-                .failureUrl("/denied").permitAll()
-                .and()
-                .logout()
-                .logoutSuccessHandler(logoutSuccessHandler())
-                .and()
-                /**
-                 * Applies to User Roles - not to login failures or unauthenticated access attempts.
-                 */
-                .exceptionHandling()
-                .accessDeniedHandler(accessDeniedHandler())
-                .and()
-                .authenticationProvider(authenticationProvider());
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http.authorizeRequests()
+            .antMatchers("/", "/index", "/authenticate")
+            .permitAll()
+            .antMatchers("/secured/**/**", "/secured/**/**/**", "/secured/socket", "/secured/success")
+            .authenticated()
+            .anyRequest()
+            .authenticated()
+            .and()
+            .formLogin()
+            .loginPage("/login")
+            .permitAll()
+            .usernameParameter("username")
+            .passwordParameter("password")
+            .loginProcessingUrl("/authenticate")
+            .successHandler(loginSuccessHandler())
+            .failureUrl("/denied")
+            .permitAll()
+            .and()
+            .logout()
+            .logoutSuccessHandler(logoutSuccessHandler())
+            .and()
+            /**
+             * Applies to User Roles - not to login failures or unauthenticated access attempts.
+             */
+            .exceptionHandling()
+            .accessDeniedHandler(accessDeniedHandler())
+            .and()
+            .authenticationProvider(authenticationProvider());

        /** Disabled for local testing */
-        http
-                .csrf().disable();
+        http.csrf()
+            .disable();

        /** This is solely required to support H2 console viewing in Spring MVC with Spring Security */
-        http
-                .headers()
-                .frameOptions()
-                .disable();
+        http.headers()
+            .frameOptions()
+            .disable();
+        return http.build();
    }

-    @Override
-    protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
-        auth.authenticationProvider(authenticationProvider());
+    @Bean
+    public AuthenticationManager authManager(HttpSecurity http) throws Exception {
+        return http.getSharedObject(AuthenticationManagerBuilder.class)
+            .authenticationProvider(authenticationProvider())
+            .build();
    }

-    @Override
-    public void configure(WebSecurity web) throws Exception {
-        web.ignoring().antMatchers("/resources/**");
+    @Bean
+    public WebSecurityCustomizer webSecurityCustomizer() {
+        return (web) -> web.ignoring()
+            .antMatchers("/resources/**");
    }

 }