diff --git a/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/cachecontrol/config/SpringSecurityConfig.java b/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/cachecontrol/config/SpringSecurityConfig.java index b4127e9b71..ff01157c7b 100644 --- a/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/cachecontrol/config/SpringSecurityConfig.java +++ b/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/cachecontrol/config/SpringSecurityConfig.java @@ -1,17 +1,20 @@ package com.baeldung.cachecontrol.config; +import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.web.SecurityFilterChain; @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) -public class SpringSecurityConfig extends WebSecurityConfigurerAdapter { +public class SpringSecurityConfig { - @Override - protected void configure(HttpSecurity http) throws Exception {} + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + return http.build(); + } } diff --git a/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/contentsecuritypolicy/ContentSecurityPolicySecurityConfiguration.java b/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/contentsecuritypolicy/ContentSecurityPolicySecurityConfiguration.java index 1593af9c66..7274b97320 100644 --- a/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/contentsecuritypolicy/ContentSecurityPolicySecurityConfiguration.java +++ b/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/contentsecuritypolicy/ContentSecurityPolicySecurityConfiguration.java @@ -1,26 +1,28 @@ package com.baeldung.contentsecuritypolicy; +import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.header.writers.StaticHeadersWriter; @Configuration -public class ContentSecurityPolicySecurityConfiguration extends WebSecurityConfigurerAdapter { +public class ContentSecurityPolicySecurityConfiguration { private static final String REPORT_TO = "{\"group\":\"csp-violation-report\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://localhost:8080/report\"}]}"; - @Override - protected void configure(HttpSecurity http) throws Exception { + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { http.csrf() - .disable() - .authorizeRequests() - .antMatchers("/**") - .permitAll() - .and() - .headers() - .addHeaderWriter(new StaticHeadersWriter("Report-To", REPORT_TO)) - .xssProtection() - .and() - .contentSecurityPolicy("form-action 'self'; report-uri /report; report-to csp-violation-report"); + .disable() + .authorizeRequests() + .antMatchers("/**") + .permitAll() + .and() + .headers() + .addHeaderWriter(new StaticHeadersWriter("Report-To", REPORT_TO)) + .xssProtection() + .and() + .contentSecurityPolicy("form-action 'self'; report-uri /report; report-to csp-violation-report"); + return http.build(); } } diff --git a/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/cors/basicauth/config/WebSecurityConfig.java b/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/cors/basicauth/config/WebSecurityConfig.java index 806fb9fca5..cd5fe09b85 100644 --- a/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/cors/basicauth/config/WebSecurityConfig.java +++ b/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/cors/basicauth/config/WebSecurityConfig.java @@ -1,19 +1,21 @@ package com.baeldung.cors.basicauth.config; +import org.springframework.context.annotation.Bean; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.web.SecurityFilterChain; @EnableWebSecurity -public class WebSecurityConfig extends WebSecurityConfigurerAdapter { +public class WebSecurityConfig { - @Override - protected void configure(HttpSecurity http) throws Exception { - http - .authorizeRequests() - .anyRequest().authenticated() - .and() + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + http.authorizeRequests() + .anyRequest() + .authenticated() + .and() .httpBasic(); - http.cors(); //disable this line to reproduce the CORS 401 + http.cors(); // disable this line to reproduce the CORS 401 + return http.build(); } } diff --git a/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/httpfirewall/HttpFirewallConfiguration.java b/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/httpfirewall/HttpFirewallConfiguration.java index 3147b962a3..acb9dcca88 100644 --- a/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/httpfirewall/HttpFirewallConfiguration.java +++ b/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/httpfirewall/HttpFirewallConfiguration.java @@ -1,33 +1,31 @@ package com.baeldung.httpfirewall; +import java.util.Arrays; + import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.firewall.HttpFirewall; import org.springframework.security.web.firewall.HttpStatusRequestRejectedHandler; import org.springframework.security.web.firewall.RequestRejectedHandler; import org.springframework.security.web.firewall.StrictHttpFirewall; -import java.util.Arrays; - @Configuration -public class HttpFirewallConfiguration extends WebSecurityConfigurerAdapter { +public class HttpFirewallConfiguration { - @Override - protected void configure(HttpSecurity http) throws Exception { - //@formatter:off - http - .csrf() - .disable() - .authorizeRequests() - .antMatchers("/error") - .permitAll() - .anyRequest() - .authenticated() - .and() - .httpBasic(); - //@formatter:on + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + http.csrf() + .disable() + .authorizeRequests() + .antMatchers("/error") + .permitAll() + .anyRequest() + .authenticated() + .and() + .httpBasic(); + return http.build(); } @Bean diff --git a/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/logging/SecurityConfig.java b/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/logging/SecurityConfig.java index f48f817dd2..41c2d2dfd8 100644 --- a/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/logging/SecurityConfig.java +++ b/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/logging/SecurityConfig.java @@ -1,26 +1,28 @@ package com.baeldung.logging; import org.springframework.beans.factory.annotation.Value; +import org.springframework.context.annotation.Bean; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer; +import org.springframework.security.web.SecurityFilterChain; @EnableWebSecurity -public class SecurityConfig extends WebSecurityConfigurerAdapter { +public class SecurityConfig { @Value("${spring.websecurity.debug:false}") boolean webSecurityDebug; - @Override - public void configure(WebSecurity web) { - web.debug(webSecurityDebug); + @Bean + public WebSecurityCustomizer webSecurityCustomizer() { + return (web) -> web.debug(webSecurityDebug); } - @Override - protected void configure(HttpSecurity http) throws Exception { + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/**") .permitAll(); + return http.build(); } } diff --git a/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/mongoauth/config/SecurityConfig.java b/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/mongoauth/config/SecurityConfig.java index 050d917492..888ada8eba 100644 --- a/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/mongoauth/config/SecurityConfig.java +++ b/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/mongoauth/config/SecurityConfig.java @@ -1,6 +1,5 @@ package com.baeldung.mongoauth.config; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.authentication.AuthenticationManager; @@ -8,15 +7,15 @@ import org.springframework.security.config.annotation.authentication.builders.Au import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.web.SecurityFilterChain; @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(securedEnabled = true, jsr250Enabled = true) -public class SecurityConfig extends WebSecurityConfigurerAdapter { +public class SecurityConfig { private final UserDetailsService userDetailsService; @@ -25,8 +24,11 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { } @Bean - public AuthenticationManager customAuthenticationManager() throws Exception { - return authenticationManager(); + public AuthenticationManager customAuthenticationManager(HttpSecurity http) throws Exception { + AuthenticationManagerBuilder authenticationManagerBuilder = http.getSharedObject(AuthenticationManagerBuilder.class); + authenticationManagerBuilder.userDetailsService(userDetailsService) + .passwordEncoder(bCryptPasswordEncoder()); + return authenticationManagerBuilder.build(); } @Bean @@ -34,26 +36,21 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { return new BCryptPasswordEncoder(); } - @Override - protected void configure(@Autowired AuthenticationManagerBuilder auth) throws Exception { - auth.userDetailsService(userDetailsService) - .passwordEncoder(bCryptPasswordEncoder()); - } - - @Override - protected void configure(HttpSecurity http) throws Exception { + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { http.csrf() - .disable() - .authorizeRequests() - .and() - .httpBasic() - .and() - .authorizeRequests() - .anyRequest() - .permitAll() - .and() - .sessionManagement() - .sessionCreationPolicy(SessionCreationPolicy.STATELESS); + .disable() + .authorizeRequests() + .and() + .httpBasic() + .and() + .authorizeRequests() + .anyRequest() + .permitAll() + .and() + .sessionManagement() + .sessionCreationPolicy(SessionCreationPolicy.STATELESS); + return http.build(); } } diff --git a/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/tls/SecurityConfig.java b/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/tls/SecurityConfig.java index 63b59b8cc8..e00e27664a 100644 --- a/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/tls/SecurityConfig.java +++ b/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/tls/SecurityConfig.java @@ -1,16 +1,18 @@ package com.baeldung.tls; +import org.springframework.context.annotation.Bean; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.web.SecurityFilterChain; @EnableWebSecurity -public class SecurityConfig extends WebSecurityConfigurerAdapter { +public class SecurityConfig { - @Override - protected void configure(HttpSecurity http) throws Exception { + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { http.authorizeRequests() - .antMatchers("/**") - .permitAll(); + .antMatchers("/**") + .permitAll(); + return http.build(); } } diff --git a/spring-security-modules/spring-security-web-boot-3/src/test/java/com/baeldung/contentsecuritypolicy/ContentSecurityPolicyUnitTest.java b/spring-security-modules/spring-security-web-boot-3/src/test/java/com/baeldung/contentsecuritypolicy/ContentSecurityPolicyUnitTest.java index 0e06a7ef35..d397b20fe3 100644 --- a/spring-security-modules/spring-security-web-boot-3/src/test/java/com/baeldung/contentsecuritypolicy/ContentSecurityPolicyUnitTest.java +++ b/spring-security-modules/spring-security-web-boot-3/src/test/java/com/baeldung/contentsecuritypolicy/ContentSecurityPolicyUnitTest.java @@ -5,7 +5,7 @@ import org.junit.jupiter.api.Test; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc; import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest; - +import org.springframework.context.annotation.Import; import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; @@ -25,6 +25,7 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder @WebMvcTest @AutoConfigureMockMvc @DisplayName("Content Security Policy Unit Tests") +@Import(ContentSecurityPolicySecurityConfiguration.class) class ContentSecurityPolicyUnitTest { @Autowired diff --git a/spring-security-modules/spring-security-web-boot-3/src/test/java/com/baeldung/httpfirewall/api/UserApiUnitTest.java b/spring-security-modules/spring-security-web-boot-3/src/test/java/com/baeldung/httpfirewall/api/UserApiUnitTest.java index 4f6217ade2..b328a6c98d 100644 --- a/spring-security-modules/spring-security-web-boot-3/src/test/java/com/baeldung/httpfirewall/api/UserApiUnitTest.java +++ b/spring-security-modules/spring-security-web-boot-3/src/test/java/com/baeldung/httpfirewall/api/UserApiUnitTest.java @@ -1,5 +1,6 @@ package com.baeldung.httpfirewall.api; +import com.baeldung.httpfirewall.HttpFirewallConfiguration; import com.baeldung.httpfirewall.model.User; import com.baeldung.httpfirewall.service.UserServiceImpl; import com.baeldung.httpfirewall.utility.UserTestUtility; @@ -10,6 +11,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc; import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest; import org.springframework.boot.test.mock.mockito.MockBean; +import org.springframework.context.annotation.Import; import org.springframework.http.HttpStatus; import org.springframework.security.test.context.support.WithMockUser; import org.springframework.test.web.servlet.MockMvc; @@ -29,6 +31,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. @WebMvcTest @AutoConfigureMockMvc @DisplayName("User API Unit Tests") +@Import(HttpFirewallConfiguration.class) class UserApiUnitTest { @Autowired