JAVA-29304 Upgrade spring-security-web-boot-1 (#15488)

* JAVA-29304 Upgrade spring-security-web-boot-1

* JAVA-29304 Removing explicit version for rest-assured

---------

Co-authored-by: timis1 <noreplay@yahoo.com>
This commit is contained in:
timis1 2023-12-30 14:46:56 +02:00 committed by GitHub
parent 4c517ab0de
commit 13b0d9d0f8
26 changed files with 159 additions and 200 deletions

View File

@ -11,8 +11,9 @@
<parent> <parent>
<groupId>com.baeldung</groupId> <groupId>com.baeldung</groupId>
<artifactId>spring-security-modules</artifactId> <artifactId>parent-boot-3</artifactId>
<version>0.0.1-SNAPSHOT</version> <version>0.0.1-SNAPSHOT</version>
<relativePath>../../parent-boot-3</relativePath>
</parent> </parent>
<dependencies> <dependencies>
@ -34,7 +35,7 @@
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.thymeleaf.extras</groupId> <groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity5</artifactId> <artifactId>thymeleaf-extras-springsecurity6</artifactId>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.springframework.boot</groupId> <groupId>org.springframework.boot</groupId>
@ -81,11 +82,6 @@
<groupId>org.springframework.security</groupId> <groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId> <artifactId>spring-security-core</artifactId>
</dependency> </dependency>
<dependency>
<groupId>javax.servlet.jsp.jstl</groupId>
<artifactId>jstl-api</artifactId>
<version>${jstl.version}</version>
</dependency>
<dependency> <dependency>
<groupId>org.springframework.security</groupId> <groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId> <artifactId>spring-security-config</artifactId>
@ -100,6 +96,11 @@
<version>${ehcache-core.version}</version> <version>${ehcache-core.version}</version>
<type>jar</type> <type>jar</type>
</dependency> </dependency>
<dependency>
<groupId>io.rest-assured</groupId>
<artifactId>rest-assured</artifactId>
<scope>test</scope>
</dependency>
</dependencies> </dependencies>
<build> <build>

View File

@ -15,14 +15,14 @@ import org.springframework.jdbc.datasource.DriverManagerDataSource;
import org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean; import org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean;
import org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter; import org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter;
import org.springframework.web.servlet.config.annotation.EnableWebMvc; import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@SpringBootApplication @SpringBootApplication
@PropertySource({"classpath:persistence-h2.properties", "classpath:application-defaults.properties"}) @PropertySource({"classpath:persistence-h2.properties", "classpath:application-defaults.properties"})
@EnableJpaRepositories(basePackages = {"com.baeldung.relationships.repositories"}) @EnableJpaRepositories(basePackages = {"com.baeldung.relationships.repositories"})
@EnableWebMvc @EnableWebMvc
@Import(SpringSecurityConfig.class) @Import(SpringSecurityConfig.class)
public class AppConfig extends WebMvcConfigurerAdapter { public class AppConfig implements WebMvcConfigurer {
@Autowired @Autowired
private Environment env; private Environment env;
@ -41,7 +41,7 @@ public class AppConfig extends WebMvcConfigurerAdapter {
public LocalContainerEntityManagerFactoryBean entityManagerFactory() { public LocalContainerEntityManagerFactoryBean entityManagerFactory() {
final LocalContainerEntityManagerFactoryBean em = new LocalContainerEntityManagerFactoryBean(); final LocalContainerEntityManagerFactoryBean em = new LocalContainerEntityManagerFactoryBean();
em.setDataSource(dataSource()); em.setDataSource(dataSource());
em.setPackagesToScan(new String[] { "com.baeldung.relationships.models" }); em.setPackagesToScan("com.baeldung.relationships.models");
em.setJpaVendorAdapter(new HibernateJpaVendorAdapter()); em.setJpaVendorAdapter(new HibernateJpaVendorAdapter());
em.setJpaProperties(additionalProperties()); em.setJpaProperties(additionalProperties());
return em; return em;

View File

@ -1,6 +1,6 @@
package com.baeldung.relationships; package com.baeldung.relationships;
import javax.annotation.PostConstruct; import jakarta.annotation.PostConstruct;
import javax.sql.DataSource; import javax.sql.DataSource;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
@ -13,6 +13,7 @@ import org.springframework.security.config.annotation.authentication.builders.Au
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer; import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.data.repository.query.SecurityEvaluationContextExtension; import org.springframework.security.data.repository.query.SecurityEvaluationContextExtension;
@ -47,12 +48,10 @@ public class SpringSecurityConfig {
@Bean @Bean
public UserDetailsManager users(HttpSecurity http) throws Exception { public UserDetailsManager users(HttpSecurity http) throws Exception {
AuthenticationManager authenticationManager = http.getSharedObject(AuthenticationManagerBuilder.class) AuthenticationManagerBuilder authenticationManagerBuilder = http.getSharedObject(AuthenticationManagerBuilder.class);
.userDetailsService(userDetailsService) authenticationManagerBuilder.userDetailsService(userDetailsService).passwordEncoder(encoder());
.passwordEncoder(encoder()) authenticationManagerBuilder.authenticationProvider(authenticationProvider());
.and() AuthenticationManager authenticationManager = authenticationManagerBuilder.build();
.authenticationProvider(authenticationProvider())
.build();
JdbcUserDetailsManager jdbcUserDetailsManager = new JdbcUserDetailsManager(dataSource); JdbcUserDetailsManager jdbcUserDetailsManager = new JdbcUserDetailsManager(dataSource);
jdbcUserDetailsManager.setAuthenticationManager(authenticationManager); jdbcUserDetailsManager.setAuthenticationManager(authenticationManager);
@ -61,22 +60,16 @@ public class SpringSecurityConfig {
@Bean @Bean
public WebSecurityCustomizer webSecurityCustomizer() { public WebSecurityCustomizer webSecurityCustomizer() {
return (web) -> web.ignoring() return web -> web.ignoring().requestMatchers("/resources/**");
.antMatchers("/resources/**");
} }
@Bean @Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeRequests() http.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry ->
.antMatchers("/login") authorizationManagerRequestMatcherRegistry.requestMatchers("/login").permitAll())
.permitAll() .formLogin(httpSecurityFormLoginConfigurer ->
.and() httpSecurityFormLoginConfigurer.permitAll().successHandler(successHandler))
.formLogin() .csrf(AbstractHttpConfigurer::disable);
.permitAll()
.successHandler(successHandler)
.and()
.csrf()
.disable();
return http.build(); return http.build();
} }

View File

@ -2,12 +2,12 @@ package com.baeldung.relationships.models;
import java.util.Date; import java.util.Date;
import javax.persistence.Column; import jakarta.persistence.Column;
import javax.persistence.Entity; import jakarta.persistence.Entity;
import javax.persistence.GeneratedValue; import jakarta.persistence.GeneratedValue;
import javax.persistence.GenerationType; import jakarta.persistence.GenerationType;
import javax.persistence.Id; import jakarta.persistence.Id;
import javax.persistence.Table; import jakarta.persistence.Table;
@Entity @Entity
@Table(name = "users") @Table(name = "users")

View File

@ -3,14 +3,14 @@ package com.baeldung.relationships.models;
import java.util.HashSet; import java.util.HashSet;
import java.util.Set; import java.util.Set;
import javax.persistence.CollectionTable; import jakarta.persistence.CollectionTable;
import javax.persistence.ElementCollection; import jakarta.persistence.ElementCollection;
import javax.persistence.Entity; import jakarta.persistence.Entity;
import javax.persistence.FetchType; import jakarta.persistence.FetchType;
import javax.persistence.GeneratedValue; import jakarta.persistence.GeneratedValue;
import javax.persistence.GenerationType; import jakarta.persistence.GenerationType;
import javax.persistence.Id; import jakarta.persistence.Id;
import javax.persistence.Table; import jakarta.persistence.Table;
@Entity @Entity
@Table(name = "Tweet") @Table(name = "Tweet")

View File

@ -3,11 +3,12 @@ package com.baeldung.relationships.repositories;
import org.springframework.data.domain.Page; import org.springframework.data.domain.Page;
import org.springframework.data.domain.Pageable; import org.springframework.data.domain.Pageable;
import org.springframework.data.jpa.repository.Query; import org.springframework.data.jpa.repository.Query;
import org.springframework.data.repository.CrudRepository;
import org.springframework.data.repository.PagingAndSortingRepository; import org.springframework.data.repository.PagingAndSortingRepository;
import com.baeldung.relationships.models.Tweet; import com.baeldung.relationships.models.Tweet;
public interface TweetRepository extends PagingAndSortingRepository<Tweet, Long> { public interface TweetRepository extends PagingAndSortingRepository<Tweet, Long>, CrudRepository<Tweet, Long> {
@Query("SELECT twt FROM Tweet twt JOIN twt.likes AS lk WHERE lk = ?#{ principal?.username } OR twt.owner = ?#{ principal?.username }") @Query("SELECT twt FROM Tweet twt JOIN twt.likes AS lk WHERE lk = ?#{ principal?.username } OR twt.owner = ?#{ principal?.username }")
Page<Tweet> getMyTweetsAndTheOnesILiked(Pageable pageable); Page<Tweet> getMyTweetsAndTheOnesILiked(Pageable pageable);

View File

@ -2,8 +2,8 @@ package com.baeldung.relationships.security;
import java.util.Date; import java.util.Date;
import javax.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import jakarta.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;

View File

@ -1,6 +1,6 @@
package com.baeldung.relationships.security; package com.baeldung.relationships.security;
import javax.annotation.PostConstruct; import jakarta.annotation.PostConstruct;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetails;

View File

@ -2,8 +2,11 @@ package com.baeldung.roles.custom.config;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.SecurityFilterChain;
@ -14,14 +17,9 @@ public class SecurityConfig {
@Bean @Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.csrf() http.csrf(AbstractHttpConfigurer::disable)
.disable() .authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> authorizationManagerRequestMatcherRegistry.anyRequest().authenticated())
.authorizeRequests() .formLogin(AbstractAuthenticationFilterConfigurer::permitAll);
.anyRequest()
.authenticated()
.and()
.formLogin()
.permitAll();
return http.build(); return http.build();
} }

View File

@ -3,7 +3,7 @@ package com.baeldung.roles.custom.persistence;
import java.util.Arrays; import java.util.Arrays;
import java.util.HashSet; import java.util.HashSet;
import javax.annotation.PostConstruct; import jakarta.annotation.PostConstruct;
import com.baeldung.roles.custom.persistence.dao.OrganizationRepository; import com.baeldung.roles.custom.persistence.dao.OrganizationRepository;
import com.baeldung.roles.custom.persistence.dao.PrivilegeRepository; import com.baeldung.roles.custom.persistence.dao.PrivilegeRepository;

View File

@ -1,10 +1,10 @@
package com.baeldung.roles.custom.persistence.model; package com.baeldung.roles.custom.persistence.model;
import javax.persistence.Column; import jakarta.persistence.Column;
import javax.persistence.Entity; import jakarta.persistence.Entity;
import javax.persistence.GeneratedValue; import jakarta.persistence.GeneratedValue;
import javax.persistence.GenerationType; import jakarta.persistence.GenerationType;
import javax.persistence.Id; import jakarta.persistence.Id;
@Entity @Entity
public class Foo { public class Foo {

View File

@ -1,10 +1,10 @@
package com.baeldung.roles.custom.persistence.model; package com.baeldung.roles.custom.persistence.model;
import javax.persistence.Column; import jakarta.persistence.Column;
import javax.persistence.Entity; import jakarta.persistence.Entity;
import javax.persistence.GeneratedValue; import jakarta.persistence.GeneratedValue;
import javax.persistence.GenerationType; import jakarta.persistence.GenerationType;
import javax.persistence.Id; import jakarta.persistence.Id;
@Entity @Entity
public class Organization { public class Organization {

View File

@ -1,10 +1,10 @@
package com.baeldung.roles.custom.persistence.model; package com.baeldung.roles.custom.persistence.model;
import javax.persistence.Column; import jakarta.persistence.Column;
import javax.persistence.Entity; import jakarta.persistence.Entity;
import javax.persistence.GeneratedValue; import jakarta.persistence.GeneratedValue;
import javax.persistence.GenerationType; import jakarta.persistence.GenerationType;
import javax.persistence.Id; import jakarta.persistence.Id;
@Entity @Entity
public class Privilege { public class Privilege {

View File

@ -2,17 +2,17 @@ package com.baeldung.roles.custom.persistence.model;
import java.util.Set; import java.util.Set;
import javax.persistence.Column; import jakarta.persistence.Column;
import javax.persistence.Entity; import jakarta.persistence.Entity;
import javax.persistence.FetchType; import jakarta.persistence.FetchType;
import javax.persistence.GeneratedValue; import jakarta.persistence.GeneratedValue;
import javax.persistence.GenerationType; import jakarta.persistence.GenerationType;
import javax.persistence.Id; import jakarta.persistence.Id;
import javax.persistence.JoinColumn; import jakarta.persistence.JoinColumn;
import javax.persistence.JoinTable; import jakarta.persistence.JoinTable;
import javax.persistence.ManyToMany; import jakarta.persistence.ManyToMany;
import javax.persistence.ManyToOne; import jakarta.persistence.ManyToOne;
import javax.persistence.Table; import jakarta.persistence.Table;
@Entity @Entity
@Table(name = "user_table") @Table(name = "user_table")
@ -28,7 +28,9 @@ public class User {
private String password; private String password;
@ManyToMany(fetch = FetchType.EAGER) @ManyToMany(fetch = FetchType.EAGER)
@JoinTable(name = "users_privileges", joinColumns = @JoinColumn(name = "user_id", referencedColumnName = "id"), inverseJoinColumns = @JoinColumn(name = "privilege_id", referencedColumnName = "id")) @JoinTable(name = "users_privileges", joinColumns =
@JoinColumn(name = "user_id", referencedColumnName = "id"),
inverseJoinColumns = @JoinColumn(name = "privilege_id", referencedColumnName = "id"))
private Set<Privilege> privileges; private Set<Privilege> privileges;
@ManyToOne(fetch = FetchType.EAGER) @ManyToOne(fetch = FetchType.EAGER)

View File

@ -6,10 +6,13 @@ import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.expression.WebExpressionAuthorizationManager;
@Configuration @Configuration
@EnableWebSecurity @EnableWebSecurity
@ -32,19 +35,12 @@ public class SecurityConfig {
@Bean @Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeRequests() http.authorizeHttpRequests(
.antMatchers("/login") authorizationManagerRequestMatcherRegistry -> authorizationManagerRequestMatcherRegistry.requestMatchers("/login").permitAll()
.permitAll() .requestMatchers("/foos/**")
.antMatchers("/foos/**") .access(new WebExpressionAuthorizationManager("isAuthenticated() and hasIpAddress('11.11.11.11')")).anyRequest().authenticated())
.access("isAuthenticated() and hasIpAddress('11.11.11.11')") .formLogin(AbstractAuthenticationFilterConfigurer::permitAll)
.anyRequest() .csrf(AbstractHttpConfigurer::disable);
.authenticated()
.and()
.formLogin()
.permitAll()
.and()
.csrf()
.disable();
return http.build(); return http.build();
} }
} }

View File

@ -2,8 +2,8 @@ package com.baeldung.roles.ip.web;
import java.util.List; import java.util.List;
import javax.servlet.Filter; import jakarta.servlet.Filter;
import javax.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletRequest;
import com.baeldung.roles.custom.persistence.model.Foo; import com.baeldung.roles.custom.persistence.model.Foo;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;

View File

@ -2,9 +2,9 @@ package com.baeldung.roles.rolesauthorities;
import java.io.IOException; import java.io.IOException;
import javax.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import jakarta.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; import jakarta.servlet.http.HttpSession;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler; import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;

View File

@ -10,6 +10,7 @@ import org.springframework.security.config.annotation.authentication.builders.Au
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer; import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder;
@ -42,33 +43,22 @@ public class SecurityConfig {
@Bean @Bean
public WebSecurityCustomizer webSecurityCustomizer() { public WebSecurityCustomizer webSecurityCustomizer() {
return (web) -> web.ignoring() return (web) -> web.ignoring().requestMatchers("/resources/**");
.antMatchers("/resources/**");
} }
@Bean @Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.csrf() http.csrf(AbstractHttpConfigurer::disable)
.disable() .authorizeHttpRequests(
.authorizeRequests() authorizationManagerRequestMatcherRegistry ->
.antMatchers("/login*", "/logout*", "/protectedbynothing*", "/home*") authorizationManagerRequestMatcherRegistry.requestMatchers("/login*", "/logout*", "/protectedbynothing*", "/home*").permitAll()
.permitAll() .requestMatchers("/protectedbyrole").hasRole("USER")
.antMatchers("/protectedbyrole") .requestMatchers("/protectedbyauthority").hasAuthority("READ_PRIVILEGE"))
.hasRole("USER") .formLogin(httpSecurityFormLoginConfigurer ->
.antMatchers("/protectedbyauthority") httpSecurityFormLoginConfigurer.loginPage("/login").failureUrl("/login?error=true").permitAll())
.hasAuthority("READ_PRIVILEGE") .logout(httpSecurityLogoutConfigurer ->
.and() httpSecurityLogoutConfigurer.logoutSuccessHandler(myLogoutSuccessHandler).invalidateHttpSession(false)
.formLogin() .logoutSuccessUrl("/logout.html?logSucc=true").deleteCookies("JSESSIONID").permitAll());
.loginPage("/login")
.failureUrl("/login?error=true")
.permitAll()
.and()
.logout()
.logoutSuccessHandler(myLogoutSuccessHandler)
.invalidateHttpSession(false)
.logoutSuccessUrl("/logout.html?logSucc=true")
.deleteCookies("JSESSIONID")
.permitAll();
return http.build(); return http.build();
} }

View File

@ -2,11 +2,11 @@ package com.baeldung.roles.rolesauthorities.model;
import java.util.Collection; import java.util.Collection;
import javax.persistence.Entity; import jakarta.persistence.Entity;
import javax.persistence.GeneratedValue; import jakarta.persistence.GeneratedValue;
import javax.persistence.GenerationType; import jakarta.persistence.GenerationType;
import javax.persistence.Id; import jakarta.persistence.Id;
import javax.persistence.ManyToMany; import jakarta.persistence.ManyToMany;
@Entity @Entity
public class Privilege { public class Privilege {

View File

@ -2,13 +2,13 @@ package com.baeldung.roles.rolesauthorities.model;
import java.util.Collection; import java.util.Collection;
import javax.persistence.Entity; import jakarta.persistence.Entity;
import javax.persistence.GeneratedValue; import jakarta.persistence.GeneratedValue;
import javax.persistence.GenerationType; import jakarta.persistence.GenerationType;
import javax.persistence.Id; import jakarta.persistence.Id;
import javax.persistence.JoinColumn; import jakarta.persistence.JoinColumn;
import javax.persistence.JoinTable; import jakarta.persistence.JoinTable;
import javax.persistence.ManyToMany; import jakarta.persistence.ManyToMany;
@Entity @Entity
public class Role { public class Role {

View File

@ -2,17 +2,16 @@ package com.baeldung.roles.rolesauthorities.model;
import java.util.Collection; import java.util.Collection;
import javax.persistence.Column; import jakarta.persistence.Column;
import javax.persistence.Entity; import jakarta.persistence.Entity;
import javax.persistence.FetchType; import jakarta.persistence.FetchType;
import javax.persistence.GeneratedValue; import jakarta.persistence.GeneratedValue;
import javax.persistence.GenerationType; import jakarta.persistence.GenerationType;
import javax.persistence.Id; import jakarta.persistence.Id;
import javax.persistence.JoinColumn; import jakarta.persistence.JoinColumn;
import javax.persistence.JoinTable; import jakarta.persistence.JoinTable;
import javax.persistence.ManyToMany; import jakarta.persistence.ManyToMany;
import javax.persistence.Table; import jakarta.persistence.Table;
@Entity @Entity
@Table(name = "user_account") @Table(name = "user_account")

View File

@ -1,6 +1,6 @@
package com.baeldung.roles.rolesauthorities.persistence; package com.baeldung.roles.rolesauthorities.persistence;
import javax.transaction.Transactional; import jakarta.transaction.Transactional;
import com.baeldung.roles.rolesauthorities.model.User; import com.baeldung.roles.rolesauthorities.model.User;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;

View File

@ -1,33 +1,28 @@
package com.baeldung.roles.voter; package com.baeldung.roles.voter;
import java.time.LocalDateTime; import java.time.LocalDateTime;
import java.util.Collection; import java.util.function.Supplier;
import org.springframework.security.access.AccessDecisionVoter; import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.access.ConfigAttribute; import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.web.access.intercept.RequestAuthorizationContext;
public class MinuteBasedVoter implements AccessDecisionVoter { public class MinuteBasedVoter implements AuthorizationManager<RequestAuthorizationContext> {
@Override @Override
public boolean supports(ConfigAttribute attribute) { public void verify(Supplier<Authentication> authentication, RequestAuthorizationContext object) {
return true; AuthorizationManager.super.verify(authentication, object);
} }
@Override @Override
public boolean supports(Class clazz) { public AuthorizationDecision check(Supplier<Authentication> authentication, RequestAuthorizationContext object) {
return true; return authentication.get().getAuthorities()
}
@Override
public int vote(Authentication authentication, Object object, Collection collection) {
return authentication.getAuthorities()
.stream() .stream()
.map(GrantedAuthority::getAuthority) .map(GrantedAuthority::getAuthority)
.filter(r -> "ROLE_USER".equals(r) && LocalDateTime.now().getMinute() % 2 != 0) .filter(r -> "ROLE_USER".equals(r) && LocalDateTime.now().getMinute() % 2 != 0)
.findAny() .findAny().map(s -> new AuthorizationDecision(false))
.map(s -> ACCESS_DENIED) .orElse(new AuthorizationDecision(true));
.orElse(ACCESS_ABSTAIN);
} }
} }

View File

@ -1,23 +1,19 @@
package com.baeldung.roles.voter; package com.baeldung.roles.voter;
import java.util.Arrays;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.AccessDecisionManager; import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.access.AccessDecisionVoter; import org.springframework.security.authorization.AuthorizationManagers;
import org.springframework.security.access.vote.AuthenticatedVoter;
import org.springframework.security.access.vote.RoleVoter;
import org.springframework.security.access.vote.UnanimousBased;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.expression.WebExpressionVoter; import org.springframework.security.web.access.intercept.RequestAuthorizationContext;
@Configuration @Configuration
@EnableWebSecurity @EnableWebSecurity
@ -38,32 +34,20 @@ public class WebSecurityConfig {
@Bean @Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.csrf() http.csrf(AbstractHttpConfigurer::disable)
.disable() .authorizeHttpRequests(authorizationManagerRequestMatcherRegistry ->
.authorizeRequests() authorizationManagerRequestMatcherRegistry.anyRequest().authenticated()
.anyRequest() .anyRequest().access(accessDecisionManager()))
.authenticated() .formLogin(AbstractAuthenticationFilterConfigurer::permitAll)
.accessDecisionManager(accessDecisionManager()) .logout(httpSecurityLogoutConfigurer ->
.and() httpSecurityLogoutConfigurer.permitAll().deleteCookies("JSESSIONID")
.formLogin() .logoutSuccessUrl("/login"));
.permitAll()
.and()
.logout()
.permitAll()
.deleteCookies("JSESSIONID")
.logoutSuccessUrl("/login");
return http.build(); return http.build();
} }
@Bean @Bean
public AccessDecisionManager accessDecisionManager() { public AuthorizationManager<RequestAuthorizationContext> accessDecisionManager() {
List<AccessDecisionVoter<?>> decisionVoters = Arrays.asList( return AuthorizationManagers.allOf(new MinuteBasedVoter());
new WebExpressionVoter(),
new RoleVoter(),
new AuthenticatedVoter(),
new MinuteBasedVoter());
return new UnanimousBased(decisionVoters);
} }
@Bean @Bean

View File

@ -11,9 +11,9 @@ import org.junit.Before;
import org.junit.Test; import org.junit.Test;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.dao.InvalidDataAccessApiUsageException;
import org.springframework.data.domain.Page; import org.springframework.data.domain.Page;
import org.springframework.data.domain.PageRequest; import org.springframework.data.domain.PageRequest;
import org.springframework.expression.spel.SpelEvaluationException;
import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
@ -25,7 +25,7 @@ import org.springframework.test.context.web.WebAppConfiguration;
import org.springframework.test.jdbc.JdbcTestUtils; import org.springframework.test.jdbc.JdbcTestUtils;
import org.springframework.web.context.support.AnnotationConfigWebApplicationContext; import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
import javax.servlet.ServletContext; import jakarta.servlet.ServletContext;
import java.util.Date; import java.util.Date;
import java.util.List; import java.util.List;
@ -83,7 +83,7 @@ public class SpringDataWithSecurityIntegrationTest {
userRepository.updateLastLogin(new Date()); userRepository.updateLastLogin(new Date());
} }
@Test(expected = InvalidDataAccessApiUsageException.class) @Test(expected = SpelEvaluationException.class)
public void givenNoAppUserInSecurityContext_whenUpdateLastLoginAttempted_shouldFail() { public void givenNoAppUserInSecurityContext_whenUpdateLastLoginAttempted_shouldFail() {
userRepository.updateLastLogin(new Date()); userRepository.updateLastLogin(new Date());
} }
@ -104,7 +104,7 @@ public class SpringDataWithSecurityIntegrationTest {
} while (page.hasNext()); } while (page.hasNext());
} }
@Test(expected = InvalidDataAccessApiUsageException.class) @Test(expected = SpelEvaluationException.class)
public void givenNoAppUser_whenPaginatedResultsRetrievalAttempted_shouldFail() { public void givenNoAppUser_whenPaginatedResultsRetrievalAttempted_shouldFail() {
Page<Tweet> page = null; Page<Tweet> page = null;
do { do {

View File

@ -6,13 +6,13 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
import org.apache.http.HttpHeaders;
import com.baeldung.roles.custom.Application; import com.baeldung.roles.custom.Application;
import com.baeldung.roles.custom.persistence.model.Foo; import com.baeldung.roles.custom.persistence.model.Foo;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc; import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
import org.springframework.boot.test.context.SpringBootTest; import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.http.HttpHeaders;
import org.springframework.http.MediaType; import org.springframework.http.MediaType;
import org.springframework.security.test.context.support.WithAnonymousUser; import org.springframework.security.test.context.support.WithAnonymousUser;
import org.springframework.security.test.context.support.WithUserDetails; import org.springframework.security.test.context.support.WithUserDetails;