JAVA-14874 Update spring-security-web-boot-3 module under spring-security-modules to remove usage of deprecated WebSecurityConfigurerAdapter (#12863)

2022-10-19 00:18:01 +05:30 · 2022-10-19 00:18:01 +05:30 · 0c7e1e7a49
parent 4c93ddfb23
commit 0c7e1e7a49
9 changed files with 94 additions and 84 deletions
--- a/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/cachecontrol/config/SpringSecurityConfig.java
+++ b/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/cachecontrol/config/SpringSecurityConfig.java
@ -1,17 +1,20 @@
 package com.baeldung.cachecontrol.config;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.SecurityFilterChain;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
-public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
+public class SpringSecurityConfig {
-    @Override
+    @Bean
-    protected void configure(HttpSecurity http) throws Exception {}
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        return http.build();
    }
 }
--- a/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/contentsecuritypolicy/ContentSecurityPolicySecurityConfiguration.java
+++ b/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/contentsecuritypolicy/ContentSecurityPolicySecurityConfiguration.java
@ -1,26 +1,28 @@
 package com.baeldung.contentsecuritypolicy;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.header.writers.StaticHeadersWriter;
@Configuration
-public class ContentSecurityPolicySecurityConfiguration extends WebSecurityConfigurerAdapter {
+public class ContentSecurityPolicySecurityConfiguration {
    private static final String REPORT_TO = "{\"group\":\"csp-violation-report\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://localhost:8080/report\"}]}";
-    @Override
+    @Bean
-    protected void configure(HttpSecurity http) throws Exception {
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.csrf()
-          .disable()
+            .disable()
-          .authorizeRequests()
+            .authorizeRequests()
-          .antMatchers("/**")
+            .antMatchers("/**")
-          .permitAll()
+            .permitAll()
-          .and()
+            .and()
-          .headers()
+            .headers()
-          .addHeaderWriter(new StaticHeadersWriter("Report-To", REPORT_TO))
+            .addHeaderWriter(new StaticHeadersWriter("Report-To", REPORT_TO))
-          .xssProtection()
+            .xssProtection()
-          .and()
+            .and()
-          .contentSecurityPolicy("form-action 'self'; report-uri /report; report-to csp-violation-report");
+            .contentSecurityPolicy("form-action 'self'; report-uri /report; report-to csp-violation-report");
        return http.build();
    }
 }
--- a/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/cors/basicauth/config/WebSecurityConfig.java
+++ b/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/cors/basicauth/config/WebSecurityConfig.java
@ -1,19 +1,21 @@
 package com.baeldung.cors.basicauth.config;
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.SecurityFilterChain;
@EnableWebSecurity
-public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+public class WebSecurityConfig {
-    @Override
+    @Bean
-    protected void configure(HttpSecurity http) throws Exception {
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        http
+        http.authorizeRequests()
-            .authorizeRequests()
+            .anyRequest()
-                .anyRequest().authenticated()
+            .authenticated()
-                .and()
+            .and()
            .httpBasic();
-       http.cors(); //disable this line to reproduce the CORS 401
+        http.cors(); // disable this line to reproduce the CORS 401
        return http.build();
    }
 }
--- a/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/httpfirewall/HttpFirewallConfiguration.java
+++ b/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/httpfirewall/HttpFirewallConfiguration.java
@ -1,33 +1,31 @@
 package com.baeldung.httpfirewall;
 import java.util.Arrays;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.firewall.HttpFirewall;
 import org.springframework.security.web.firewall.HttpStatusRequestRejectedHandler;
 import org.springframework.security.web.firewall.RequestRejectedHandler;
 import org.springframework.security.web.firewall.StrictHttpFirewall;
 import java.util.Arrays;
@Configuration
-public class HttpFirewallConfiguration extends WebSecurityConfigurerAdapter {
+public class HttpFirewallConfiguration {
-    @Override
+    @Bean
-    protected void configure(HttpSecurity http) throws Exception {
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        //@formatter:off
+        http.csrf()
-        http
+            .disable()
-          .csrf()
+            .authorizeRequests()
-          .disable()
+            .antMatchers("/error")
-          .authorizeRequests()
+            .permitAll()
-          .antMatchers("/error")
+            .anyRequest()
-          .permitAll()
+            .authenticated()
-          .anyRequest()
+            .and()
-          .authenticated()
+            .httpBasic();
-          .and()
+        return http.build();
          .httpBasic();
        //@formatter:on
    }
    @Bean
--- a/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/logging/SecurityConfig.java
+++ b/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/logging/SecurityConfig.java
@ -1,26 +1,28 @@
 package com.baeldung.logging;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
 import org.springframework.security.web.SecurityFilterChain;
@EnableWebSecurity
-public class SecurityConfig extends WebSecurityConfigurerAdapter {
+public class SecurityConfig {
    @Value("${spring.websecurity.debug:false}")
    boolean webSecurityDebug;
-    @Override
+    @Bean
-    public void configure(WebSecurity web) {
+    public WebSecurityCustomizer webSecurityCustomizer() {
-        web.debug(webSecurityDebug);
+        return (web) -> web.debug(webSecurityDebug);
    }
-    @Override
+    @Bean
-    protected void configure(HttpSecurity http) throws Exception {
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.authorizeRequests()
            .antMatchers("/**")
            .permitAll();
        return http.build();
    }
 }
--- a/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/mongoauth/config/SecurityConfig.java
+++ b/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/mongoauth/config/SecurityConfig.java
@ -1,6 +1,5 @@
 package com.baeldung.mongoauth.config;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationManager;
@ -8,15 +7,15 @@ import org.springframework.security.config.annotation.authentication.builders.Au
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true, jsr250Enabled = true)
-public class SecurityConfig extends WebSecurityConfigurerAdapter {
+public class SecurityConfig {
    private final UserDetailsService userDetailsService;
@ -25,8 +24,11 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
    }
    @Bean
-    public AuthenticationManager customAuthenticationManager() throws Exception {
+    public AuthenticationManager customAuthenticationManager(HttpSecurity http) throws Exception {
-        return authenticationManager();
+        AuthenticationManagerBuilder authenticationManagerBuilder = http.getSharedObject(AuthenticationManagerBuilder.class);
        authenticationManagerBuilder.userDetailsService(userDetailsService)
            .passwordEncoder(bCryptPasswordEncoder());
        return authenticationManagerBuilder.build();
    }
    @Bean
@ -34,26 +36,21 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
        return new BCryptPasswordEncoder();
    }
-    @Override
+    @Bean
-    protected void configure(@Autowired AuthenticationManagerBuilder auth) throws Exception {
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        auth.userDetailsService(userDetailsService)
          .passwordEncoder(bCryptPasswordEncoder());
    }
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf()
-          .disable()
+            .disable()
-          .authorizeRequests()
+            .authorizeRequests()
-          .and()
+            .and()
-          .httpBasic()
+            .httpBasic()
-          .and()
+            .and()
-          .authorizeRequests()
+            .authorizeRequests()
-          .anyRequest()
+            .anyRequest()
-          .permitAll()
+            .permitAll()
-          .and()
+            .and()
-          .sessionManagement()
+            .sessionManagement()
-          .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
+            .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        return http.build();
    }
 }
--- a/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/tls/SecurityConfig.java
+++ b/spring-security-modules/spring-security-web-boot-3/src/main/java/com/baeldung/tls/SecurityConfig.java
@ -1,16 +1,18 @@
 package com.baeldung.tls;
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.SecurityFilterChain;
@EnableWebSecurity
-public class SecurityConfig extends WebSecurityConfigurerAdapter {
+public class SecurityConfig {
-    @Override
+    @Bean
-    protected void configure(HttpSecurity http) throws Exception {
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.authorizeRequests()
-          .antMatchers("/**")
+            .antMatchers("/**")
-          .permitAll();
+            .permitAll();
        return http.build();
    }
 }
--- a/spring-security-modules/spring-security-web-boot-3/src/test/java/com/baeldung/contentsecuritypolicy/ContentSecurityPolicyUnitTest.java
+++ b/spring-security-modules/spring-security-web-boot-3/src/test/java/com/baeldung/contentsecuritypolicy/ContentSecurityPolicyUnitTest.java
@ -5,7 +5,7 @@ import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
 import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
-
+import org.springframework.context.annotation.Import;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
@ -25,6 +25,7 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
@WebMvcTest
@AutoConfigureMockMvc
@DisplayName("Content Security Policy Unit Tests")
@Import(ContentSecurityPolicySecurityConfiguration.class)
 class ContentSecurityPolicyUnitTest {
    @Autowired
--- a/spring-security-modules/spring-security-web-boot-3/src/test/java/com/baeldung/httpfirewall/api/UserApiUnitTest.java
+++ b/spring-security-modules/spring-security-web-boot-3/src/test/java/com/baeldung/httpfirewall/api/UserApiUnitTest.java
@ -1,5 +1,6 @@
 package com.baeldung.httpfirewall.api;
 import com.baeldung.httpfirewall.HttpFirewallConfiguration;
 import com.baeldung.httpfirewall.model.User;
 import com.baeldung.httpfirewall.service.UserServiceImpl;
 import com.baeldung.httpfirewall.utility.UserTestUtility;
@ -10,6 +11,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
 import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
 import org.springframework.boot.test.mock.mockito.MockBean;
 import org.springframework.context.annotation.Import;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.test.context.support.WithMockUser;
 import org.springframework.test.web.servlet.MockMvc;
@ -29,6 +31,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
@WebMvcTest
@AutoConfigureMockMvc
@DisplayName("User API Unit Tests")
@Import(HttpFirewallConfiguration.class)
 class UserApiUnitTest {
    @Autowired