JAVA-14874 Update spring-security-web-boot-3 module under spring-security-modules to remove usage of deprecated WebSecurityConfigurerAdapter (#12863)

This commit is contained in:
anuragkumawat 2022-10-19 00:18:01 +05:30 committed by GitHub
parent 4c93ddfb23
commit 0c7e1e7a49
9 changed files with 94 additions and 84 deletions

View File

@ -1,17 +1,20 @@
package com.baeldung.cachecontrol.config; package com.baeldung.cachecontrol.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.web.SecurityFilterChain;
@Configuration @Configuration
@EnableWebSecurity @EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true) @EnableGlobalMethodSecurity(prePostEnabled = true)
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter { public class SpringSecurityConfig {
@Override @Bean
protected void configure(HttpSecurity http) throws Exception {} public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
return http.build();
}
} }

View File

@ -1,16 +1,17 @@
package com.baeldung.contentsecuritypolicy; package com.baeldung.contentsecuritypolicy;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.header.writers.StaticHeadersWriter; import org.springframework.security.web.header.writers.StaticHeadersWriter;
@Configuration @Configuration
public class ContentSecurityPolicySecurityConfiguration extends WebSecurityConfigurerAdapter { public class ContentSecurityPolicySecurityConfiguration {
private static final String REPORT_TO = "{\"group\":\"csp-violation-report\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://localhost:8080/report\"}]}"; private static final String REPORT_TO = "{\"group\":\"csp-violation-report\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://localhost:8080/report\"}]}";
@Override @Bean
protected void configure(HttpSecurity http) throws Exception { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.csrf() http.csrf()
.disable() .disable()
.authorizeRequests() .authorizeRequests()
@ -22,5 +23,6 @@ public class ContentSecurityPolicySecurityConfiguration extends WebSecurityConfi
.xssProtection() .xssProtection()
.and() .and()
.contentSecurityPolicy("form-action 'self'; report-uri /report; report-to csp-violation-report"); .contentSecurityPolicy("form-action 'self'; report-uri /report; report-to csp-violation-report");
return http.build();
} }
} }

View File

@ -1,19 +1,21 @@
package com.baeldung.cors.basicauth.config; package com.baeldung.cors.basicauth.config;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.web.SecurityFilterChain;
@EnableWebSecurity @EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter { public class WebSecurityConfig {
@Override @Bean
protected void configure(HttpSecurity http) throws Exception { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http http.authorizeRequests()
.authorizeRequests() .anyRequest()
.anyRequest().authenticated() .authenticated()
.and() .and()
.httpBasic(); .httpBasic();
http.cors(); // disable this line to reproduce the CORS 401 http.cors(); // disable this line to reproduce the CORS 401
return http.build();
} }
} }

View File

@ -1,24 +1,22 @@
package com.baeldung.httpfirewall; package com.baeldung.httpfirewall;
import java.util.Arrays;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.firewall.HttpFirewall; import org.springframework.security.web.firewall.HttpFirewall;
import org.springframework.security.web.firewall.HttpStatusRequestRejectedHandler; import org.springframework.security.web.firewall.HttpStatusRequestRejectedHandler;
import org.springframework.security.web.firewall.RequestRejectedHandler; import org.springframework.security.web.firewall.RequestRejectedHandler;
import org.springframework.security.web.firewall.StrictHttpFirewall; import org.springframework.security.web.firewall.StrictHttpFirewall;
import java.util.Arrays;
@Configuration @Configuration
public class HttpFirewallConfiguration extends WebSecurityConfigurerAdapter { public class HttpFirewallConfiguration {
@Override @Bean
protected void configure(HttpSecurity http) throws Exception { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
//@formatter:off http.csrf()
http
.csrf()
.disable() .disable()
.authorizeRequests() .authorizeRequests()
.antMatchers("/error") .antMatchers("/error")
@ -27,7 +25,7 @@ public class HttpFirewallConfiguration extends WebSecurityConfigurerAdapter {
.authenticated() .authenticated()
.and() .and()
.httpBasic(); .httpBasic();
//@formatter:on return http.build();
} }
@Bean @Bean

View File

@ -1,26 +1,28 @@
package com.baeldung.logging; package com.baeldung.logging;
import org.springframework.beans.factory.annotation.Value; import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.web.SecurityFilterChain;
@EnableWebSecurity @EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter { public class SecurityConfig {
@Value("${spring.websecurity.debug:false}") @Value("${spring.websecurity.debug:false}")
boolean webSecurityDebug; boolean webSecurityDebug;
@Override @Bean
public void configure(WebSecurity web) { public WebSecurityCustomizer webSecurityCustomizer() {
web.debug(webSecurityDebug); return (web) -> web.debug(webSecurityDebug);
} }
@Override @Bean
protected void configure(HttpSecurity http) throws Exception { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeRequests() http.authorizeRequests()
.antMatchers("/**") .antMatchers("/**")
.permitAll(); .permitAll();
return http.build();
} }
} }

View File

@ -1,6 +1,5 @@
package com.baeldung.mongoauth.config; package com.baeldung.mongoauth.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationManager;
@ -8,15 +7,15 @@ import org.springframework.security.config.annotation.authentication.builders.Au
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
@Configuration @Configuration
@EnableWebSecurity @EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true, jsr250Enabled = true) @EnableGlobalMethodSecurity(securedEnabled = true, jsr250Enabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter { public class SecurityConfig {
private final UserDetailsService userDetailsService; private final UserDetailsService userDetailsService;
@ -25,8 +24,11 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
} }
@Bean @Bean
public AuthenticationManager customAuthenticationManager() throws Exception { public AuthenticationManager customAuthenticationManager(HttpSecurity http) throws Exception {
return authenticationManager(); AuthenticationManagerBuilder authenticationManagerBuilder = http.getSharedObject(AuthenticationManagerBuilder.class);
authenticationManagerBuilder.userDetailsService(userDetailsService)
.passwordEncoder(bCryptPasswordEncoder());
return authenticationManagerBuilder.build();
} }
@Bean @Bean
@ -34,14 +36,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
return new BCryptPasswordEncoder(); return new BCryptPasswordEncoder();
} }
@Override @Bean
protected void configure(@Autowired AuthenticationManagerBuilder auth) throws Exception { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
auth.userDetailsService(userDetailsService)
.passwordEncoder(bCryptPasswordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf() http.csrf()
.disable() .disable()
.authorizeRequests() .authorizeRequests()
@ -54,6 +50,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
.and() .and()
.sessionManagement() .sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS); .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
return http.build();
} }
} }

View File

@ -1,16 +1,18 @@
package com.baeldung.tls; package com.baeldung.tls;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.web.SecurityFilterChain;
@EnableWebSecurity @EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter { public class SecurityConfig {
@Override @Bean
protected void configure(HttpSecurity http) throws Exception { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeRequests() http.authorizeRequests()
.antMatchers("/**") .antMatchers("/**")
.permitAll(); .permitAll();
return http.build();
} }
} }

View File

@ -5,7 +5,7 @@ import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc; import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest; import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
import org.springframework.context.annotation.Import;
import org.springframework.http.HttpStatus; import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType; import org.springframework.http.MediaType;
@ -25,6 +25,7 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
@WebMvcTest @WebMvcTest
@AutoConfigureMockMvc @AutoConfigureMockMvc
@DisplayName("Content Security Policy Unit Tests") @DisplayName("Content Security Policy Unit Tests")
@Import(ContentSecurityPolicySecurityConfiguration.class)
class ContentSecurityPolicyUnitTest { class ContentSecurityPolicyUnitTest {
@Autowired @Autowired

View File

@ -1,5 +1,6 @@
package com.baeldung.httpfirewall.api; package com.baeldung.httpfirewall.api;
import com.baeldung.httpfirewall.HttpFirewallConfiguration;
import com.baeldung.httpfirewall.model.User; import com.baeldung.httpfirewall.model.User;
import com.baeldung.httpfirewall.service.UserServiceImpl; import com.baeldung.httpfirewall.service.UserServiceImpl;
import com.baeldung.httpfirewall.utility.UserTestUtility; import com.baeldung.httpfirewall.utility.UserTestUtility;
@ -10,6 +11,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc; import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest; import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
import org.springframework.boot.test.mock.mockito.MockBean; import org.springframework.boot.test.mock.mockito.MockBean;
import org.springframework.context.annotation.Import;
import org.springframework.http.HttpStatus; import org.springframework.http.HttpStatus;
import org.springframework.security.test.context.support.WithMockUser; import org.springframework.security.test.context.support.WithMockUser;
import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.MockMvc;
@ -29,6 +31,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
@WebMvcTest @WebMvcTest
@AutoConfigureMockMvc @AutoConfigureMockMvc
@DisplayName("User API Unit Tests") @DisplayName("User API Unit Tests")
@Import(HttpFirewallConfiguration.class)
class UserApiUnitTest { class UserApiUnitTest {
@Autowired @Autowired