iSharkFly-Docs
/
java-tutorials
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

JAVA-29304 Upgrade spring-security-web-boot-1 (#15488) 

* JAVA-29304 Upgrade spring-security-web-boot-1

* JAVA-29304 Removing explicit version for rest-assured

---------

Co-authored-by: timis1 <noreplay@yahoo.com>
This commit is contained in:
timis1 2023-12-30 14:46:56 +02:00 committed by GitHub
parent 4c517ab0de
commit 13b0d9d0f8
26 changed files with 159 additions and 200 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
spring-security-modules/spring-security-web-boot-1/pom.xml
View File

@ -11,8 +11,9 @@
<parent> <parent>
<groupId>com.baeldung</groupId> <groupId>com.baeldung</groupId>
<artifactId>spring-security-modules</artifactId> <artifactId>parent-boot-3</artifactId>
<version>0.0.1-SNAPSHOT</version> <version>0.0.1-SNAPSHOT</version>
<relativePath>../../parent-boot-3</relativePath>
</parent> </parent>
<dependencies> <dependencies>
@ -34,7 +35,7 @@
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.thymeleaf.extras</groupId> <groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity5</artifactId> <artifactId>thymeleaf-extras-springsecurity6</artifactId>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.springframework.boot</groupId> <groupId>org.springframework.boot</groupId>
@ -81,11 +82,6 @@
<groupId>org.springframework.security</groupId> <groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId> <artifactId>spring-security-core</artifactId>
</dependency> </dependency>
<dependency>
<groupId>javax.servlet.jsp.jstl</groupId>
<artifactId>jstl-api</artifactId>
<version>${jstl.version}</version>
</dependency>
<dependency> <dependency>
<groupId>org.springframework.security</groupId> <groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId> <artifactId>spring-security-config</artifactId>
@ -100,6 +96,11 @@
<version>${ehcache-core.version}</version> <version>${ehcache-core.version}</version>
<type>jar</type> <type>jar</type>
</dependency> </dependency>
<dependency>
<groupId>io.rest-assured</groupId>
<artifactId>rest-assured</artifactId>
<scope>test</scope>
</dependency>
</dependencies> </dependencies>
<build> <build>

6
spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/relationships/AppConfig.java
View File

@ -15,14 +15,14 @@ import org.springframework.jdbc.datasource.DriverManagerDataSource;
import org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean; import org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean;
import org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter; import org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter;
import org.springframework.web.servlet.config.annotation.EnableWebMvc; import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@SpringBootApplication @SpringBootApplication
@PropertySource({"classpath:persistence-h2.properties", "classpath:application-defaults.properties"}) @PropertySource({"classpath:persistence-h2.properties", "classpath:application-defaults.properties"})
@EnableJpaRepositories(basePackages = {"com.baeldung.relationships.repositories"}) @EnableJpaRepositories(basePackages = {"com.baeldung.relationships.repositories"})
@EnableWebMvc @EnableWebMvc
@Import(SpringSecurityConfig.class) @Import(SpringSecurityConfig.class)
public class AppConfig extends WebMvcConfigurerAdapter { public class AppConfig implements WebMvcConfigurer {
@Autowired @Autowired
private Environment env; private Environment env;
@ -41,7 +41,7 @@ public class AppConfig extends WebMvcConfigurerAdapter {
public LocalContainerEntityManagerFactoryBean entityManagerFactory() { public LocalContainerEntityManagerFactoryBean entityManagerFactory() {
final LocalContainerEntityManagerFactoryBean em = new LocalContainerEntityManagerFactoryBean(); final LocalContainerEntityManagerFactoryBean em = new LocalContainerEntityManagerFactoryBean();
em.setDataSource(dataSource()); em.setDataSource(dataSource());
em.setPackagesToScan(new String[] { "com.baeldung.relationships.models" }); em.setPackagesToScan("com.baeldung.relationships.models");
em.setJpaVendorAdapter(new HibernateJpaVendorAdapter()); em.setJpaVendorAdapter(new HibernateJpaVendorAdapter());
em.setJpaProperties(additionalProperties()); em.setJpaProperties(additionalProperties());
return em; return em;

31
spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/relationships/SpringSecurityConfig.java
View File

@ -1,6 +1,6 @@
package com.baeldung.relationships; package com.baeldung.relationships;
import javax.annotation.PostConstruct; import jakarta.annotation.PostConstruct;
import javax.sql.DataSource; import javax.sql.DataSource;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
@ -13,6 +13,7 @@ import org.springframework.security.config.annotation.authentication.builders.Au
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer; import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.data.repository.query.SecurityEvaluationContextExtension; import org.springframework.security.data.repository.query.SecurityEvaluationContextExtension;
@ -47,12 +48,10 @@ public class SpringSecurityConfig {
@Bean @Bean
public UserDetailsManager users(HttpSecurity http) throws Exception { public UserDetailsManager users(HttpSecurity http) throws Exception {
AuthenticationManager authenticationManager = http.getSharedObject(AuthenticationManagerBuilder.class) AuthenticationManagerBuilder authenticationManagerBuilder = http.getSharedObject(AuthenticationManagerBuilder.class);
.userDetailsService(userDetailsService) authenticationManagerBuilder.userDetailsService(userDetailsService).passwordEncoder(encoder());
.passwordEncoder(encoder()) authenticationManagerBuilder.authenticationProvider(authenticationProvider());
.and() AuthenticationManager authenticationManager = authenticationManagerBuilder.build();
.authenticationProvider(authenticationProvider())
.build();
JdbcUserDetailsManager jdbcUserDetailsManager = new JdbcUserDetailsManager(dataSource); JdbcUserDetailsManager jdbcUserDetailsManager = new JdbcUserDetailsManager(dataSource);
jdbcUserDetailsManager.setAuthenticationManager(authenticationManager); jdbcUserDetailsManager.setAuthenticationManager(authenticationManager);
@ -61,22 +60,16 @@ public class SpringSecurityConfig {
@Bean @Bean
public WebSecurityCustomizer webSecurityCustomizer() { public WebSecurityCustomizer webSecurityCustomizer() {
return (web) -> web.ignoring() return web -> web.ignoring().requestMatchers("/resources/**");
.antMatchers("/resources/**");
} }
@Bean @Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeRequests() http.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry ->
.antMatchers("/login") authorizationManagerRequestMatcherRegistry.requestMatchers("/login").permitAll())
.permitAll() .formLogin(httpSecurityFormLoginConfigurer ->
.and() httpSecurityFormLoginConfigurer.permitAll().successHandler(successHandler))
.formLogin() .csrf(AbstractHttpConfigurer::disable);
.permitAll()
.successHandler(successHandler)
.and()
.csrf()
.disable();
return http.build(); return http.build();
} }

12
spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/relationships/models/AppUser.java
View File

@ -2,12 +2,12 @@ package com.baeldung.relationships.models;
import java.util.Date; import java.util.Date;
import javax.persistence.Column; import jakarta.persistence.Column;
import javax.persistence.Entity; import jakarta.persistence.Entity;
import javax.persistence.GeneratedValue; import jakarta.persistence.GeneratedValue;
import javax.persistence.GenerationType; import jakarta.persistence.GenerationType;
import javax.persistence.Id; import jakarta.persistence.Id;
import javax.persistence.Table; import jakarta.persistence.Table;
@Entity @Entity
@Table(name = "users") @Table(name = "users")

16
spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/relationships/models/Tweet.java
View File

@ -3,14 +3,14 @@ package com.baeldung.relationships.models;
import java.util.HashSet; import java.util.HashSet;
import java.util.Set; import java.util.Set;
import javax.persistence.CollectionTable; import jakarta.persistence.CollectionTable;
import javax.persistence.ElementCollection; import jakarta.persistence.ElementCollection;
import javax.persistence.Entity; import jakarta.persistence.Entity;
import javax.persistence.FetchType; import jakarta.persistence.FetchType;
import javax.persistence.GeneratedValue; import jakarta.persistence.GeneratedValue;
import javax.persistence.GenerationType; import jakarta.persistence.GenerationType;
import javax.persistence.Id; import jakarta.persistence.Id;
import javax.persistence.Table; import jakarta.persistence.Table;
@Entity @Entity
@Table(name = "Tweet") @Table(name = "Tweet")

3
spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/relationships/repositories/TweetRepository.java
View File

@ -3,11 +3,12 @@ package com.baeldung.relationships.repositories;
import org.springframework.data.domain.Page; import org.springframework.data.domain.Page;
import org.springframework.data.domain.Pageable; import org.springframework.data.domain.Pageable;
import org.springframework.data.jpa.repository.Query; import org.springframework.data.jpa.repository.Query;
import org.springframework.data.repository.CrudRepository;
import org.springframework.data.repository.PagingAndSortingRepository; import org.springframework.data.repository.PagingAndSortingRepository;
import com.baeldung.relationships.models.Tweet; import com.baeldung.relationships.models.Tweet;
public interface TweetRepository extends PagingAndSortingRepository<Tweet, Long> { public interface TweetRepository extends PagingAndSortingRepository<Tweet, Long>, CrudRepository<Tweet, Long> {
@Query("SELECT twt FROM Tweet twt JOIN twt.likes AS lk WHERE lk = ?#{ principal?.username } OR twt.owner = ?#{ principal?.username }") @Query("SELECT twt FROM Tweet twt JOIN twt.likes AS lk WHERE lk = ?#{ principal?.username } OR twt.owner = ?#{ principal?.username }")
Page<Tweet> getMyTweetsAndTheOnesILiked(Pageable pageable); Page<Tweet> getMyTweetsAndTheOnesILiked(Pageable pageable);

4
spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/relationships/security/AuthenticationSuccessHandlerImpl.java
View File

@ -2,8 +2,8 @@ package com.baeldung.relationships.security;
import java.util.Date; import java.util.Date;
import javax.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import jakarta.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;

2
spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/relationships/security/CustomUserDetailsService.java
View File

@ -1,6 +1,6 @@
package com.baeldung.relationships.security; package com.baeldung.relationships.security;
import javax.annotation.PostConstruct; import jakarta.annotation.PostConstruct;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetails;

14
spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/roles/custom/config/SecurityConfig.java
View File

@ -2,8 +2,11 @@ package com.baeldung.roles.custom.config;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.SecurityFilterChain;
@ -14,14 +17,9 @@ public class SecurityConfig {
@Bean @Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.csrf() http.csrf(AbstractHttpConfigurer::disable)
.disable() .authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> authorizationManagerRequestMatcherRegistry.anyRequest().authenticated())
.authorizeRequests() .formLogin(AbstractAuthenticationFilterConfigurer::permitAll);
.anyRequest()
.authenticated()
.and()
.formLogin()
.permitAll();
return http.build(); return http.build();
} }

2
spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/roles/custom/persistence/SetupData.java
View File

@ -3,7 +3,7 @@ package com.baeldung.roles.custom.persistence;
import java.util.Arrays; import java.util.Arrays;
import java.util.HashSet; import java.util.HashSet;
import javax.annotation.PostConstruct; import jakarta.annotation.PostConstruct;
import com.baeldung.roles.custom.persistence.dao.OrganizationRepository; import com.baeldung.roles.custom.persistence.dao.OrganizationRepository;
import com.baeldung.roles.custom.persistence.dao.PrivilegeRepository; import com.baeldung.roles.custom.persistence.dao.PrivilegeRepository;

10
spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/roles/custom/persistence/model/Foo.java
View File

@ -1,10 +1,10 @@
package com.baeldung.roles.custom.persistence.model; package com.baeldung.roles.custom.persistence.model;
import javax.persistence.Column; import jakarta.persistence.Column;
import javax.persistence.Entity; import jakarta.persistence.Entity;
import javax.persistence.GeneratedValue; import jakarta.persistence.GeneratedValue;
import javax.persistence.GenerationType; import jakarta.persistence.GenerationType;
import javax.persistence.Id; import jakarta.persistence.Id;
@Entity @Entity
public class Foo { public class Foo {

10
spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/roles/custom/persistence/model/Organization.java
View File

@ -1,10 +1,10 @@
package com.baeldung.roles.custom.persistence.model; package com.baeldung.roles.custom.persistence.model;
import javax.persistence.Column; import jakarta.persistence.Column;
import javax.persistence.Entity; import jakarta.persistence.Entity;
import javax.persistence.GeneratedValue; import jakarta.persistence.GeneratedValue;
import javax.persistence.GenerationType; import jakarta.persistence.GenerationType;
import javax.persistence.Id; import jakarta.persistence.Id;
@Entity @Entity
public class Organization { public class Organization {

10
spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/roles/custom/persistence/model/Privilege.java
View File

@ -1,10 +1,10 @@
package com.baeldung.roles.custom.persistence.model; package com.baeldung.roles.custom.persistence.model;
import javax.persistence.Column; import jakarta.persistence.Column;
import javax.persistence.Entity; import jakarta.persistence.Entity;
import javax.persistence.GeneratedValue; import jakarta.persistence.GeneratedValue;
import javax.persistence.GenerationType; import jakarta.persistence.GenerationType;
import javax.persistence.Id; import jakarta.persistence.Id;
@Entity @Entity
public class Privilege { public class Privilege {

26
spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/roles/custom/persistence/model/User.java
View File

@ -2,17 +2,17 @@ package com.baeldung.roles.custom.persistence.model;
import java.util.Set; import java.util.Set;
import javax.persistence.Column; import jakarta.persistence.Column;
import javax.persistence.Entity; import jakarta.persistence.Entity;
import javax.persistence.FetchType; import jakarta.persistence.FetchType;
import javax.persistence.GeneratedValue; import jakarta.persistence.GeneratedValue;
import javax.persistence.GenerationType; import jakarta.persistence.GenerationType;
import javax.persistence.Id; import jakarta.persistence.Id;
import javax.persistence.JoinColumn; import jakarta.persistence.JoinColumn;
import javax.persistence.JoinTable; import jakarta.persistence.JoinTable;
import javax.persistence.ManyToMany; import jakarta.persistence.ManyToMany;
import javax.persistence.ManyToOne; import jakarta.persistence.ManyToOne;
import javax.persistence.Table; import jakarta.persistence.Table;
@Entity @Entity
@Table(name = "user_table") @Table(name = "user_table")
@ -28,7 +28,9 @@ public class User {
private String password; private String password;
@ManyToMany(fetch = FetchType.EAGER) @ManyToMany(fetch = FetchType.EAGER)
@JoinTable(name = "users_privileges", joinColumns = @JoinColumn(name = "user_id", referencedColumnName = "id"), inverseJoinColumns = @JoinColumn(name = "privilege_id", referencedColumnName = "id")) @JoinTable(name = "users_privileges", joinColumns =
@JoinColumn(name = "user_id", referencedColumnName = "id"),
inverseJoinColumns = @JoinColumn(name = "privilege_id", referencedColumnName = "id"))
private Set<Privilege> privileges; private Set<Privilege> privileges;
@ManyToOne(fetch = FetchType.EAGER) @ManyToOne(fetch = FetchType.EAGER)

22
spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/roles/ip/config/SecurityConfig.java
View File

@ -6,10 +6,13 @@ import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.expression.WebExpressionAuthorizationManager;
@Configuration @Configuration
@EnableWebSecurity @EnableWebSecurity
@ -32,19 +35,12 @@ public class SecurityConfig {
@Bean @Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeRequests() http.authorizeHttpRequests(
.antMatchers("/login") authorizationManagerRequestMatcherRegistry -> authorizationManagerRequestMatcherRegistry.requestMatchers("/login").permitAll()
.permitAll() .requestMatchers("/foos/**")
.antMatchers("/foos/**") .access(new WebExpressionAuthorizationManager("isAuthenticated() and hasIpAddress('11.11.11.11')")).anyRequest().authenticated())
.access("isAuthenticated() and hasIpAddress('11.11.11.11')") .formLogin(AbstractAuthenticationFilterConfigurer::permitAll)
.anyRequest() .csrf(AbstractHttpConfigurer::disable);
.authenticated()
.and()
.formLogin()
.permitAll()
.and()
.csrf()
.disable();
return http.build(); return http.build();
} }
} }

4
spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/roles/ip/web/MainController.java
View File

@ -2,8 +2,8 @@ package com.baeldung.roles.ip.web;
import java.util.List; import java.util.List;
import javax.servlet.Filter; import jakarta.servlet.Filter;
import javax.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletRequest;
import com.baeldung.roles.custom.persistence.model.Foo; import com.baeldung.roles.custom.persistence.model.Foo;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;

6
spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/roles/rolesauthorities/MyLogoutSuccessHandler.java
View File

@ -2,9 +2,9 @@ package com.baeldung.roles.rolesauthorities;
import java.io.IOException; import java.io.IOException;
import javax.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import jakarta.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; import jakarta.servlet.http.HttpSession;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler; import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;

36
spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/roles/rolesauthorities/config/SecurityConfig.java
View File

@ -10,6 +10,7 @@ import org.springframework.security.config.annotation.authentication.builders.Au
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer; import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder;
@ -42,33 +43,22 @@ public class SecurityConfig {
@Bean @Bean
public WebSecurityCustomizer webSecurityCustomizer() { public WebSecurityCustomizer webSecurityCustomizer() {
return (web) -> web.ignoring() return (web) -> web.ignoring().requestMatchers("/resources/**");
.antMatchers("/resources/**");
} }
@Bean @Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.csrf() http.csrf(AbstractHttpConfigurer::disable)
.disable() .authorizeHttpRequests(
.authorizeRequests() authorizationManagerRequestMatcherRegistry ->
.antMatchers("/login*", "/logout*", "/protectedbynothing*", "/home*") authorizationManagerRequestMatcherRegistry.requestMatchers("/login*", "/logout*", "/protectedbynothing*", "/home*").permitAll()
.permitAll() .requestMatchers("/protectedbyrole").hasRole("USER")
.antMatchers("/protectedbyrole") .requestMatchers("/protectedbyauthority").hasAuthority("READ_PRIVILEGE"))
.hasRole("USER") .formLogin(httpSecurityFormLoginConfigurer ->
.antMatchers("/protectedbyauthority") httpSecurityFormLoginConfigurer.loginPage("/login").failureUrl("/login?error=true").permitAll())
.hasAuthority("READ_PRIVILEGE") .logout(httpSecurityLogoutConfigurer ->
.and() httpSecurityLogoutConfigurer.logoutSuccessHandler(myLogoutSuccessHandler).invalidateHttpSession(false)
.formLogin() .logoutSuccessUrl("/logout.html?logSucc=true").deleteCookies("JSESSIONID").permitAll());
.loginPage("/login")
.failureUrl("/login?error=true")
.permitAll()
.and()
.logout()
.logoutSuccessHandler(myLogoutSuccessHandler)
.invalidateHttpSession(false)
.logoutSuccessUrl("/logout.html?logSucc=true")
.deleteCookies("JSESSIONID")
.permitAll();
return http.build(); return http.build();
} }

10
spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/roles/rolesauthorities/model/Privilege.java
View File

@ -2,11 +2,11 @@ package com.baeldung.roles.rolesauthorities.model;
import java.util.Collection; import java.util.Collection;
import javax.persistence.Entity; import jakarta.persistence.Entity;
import javax.persistence.GeneratedValue; import jakarta.persistence.GeneratedValue;
import javax.persistence.GenerationType; import jakarta.persistence.GenerationType;
import javax.persistence.Id; import jakarta.persistence.Id;
import javax.persistence.ManyToMany; import jakarta.persistence.ManyToMany;
@Entity @Entity
public class Privilege { public class Privilege {

14
spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/roles/rolesauthorities/model/Role.java
View File

@ -2,13 +2,13 @@ package com.baeldung.roles.rolesauthorities.model;
import java.util.Collection; import java.util.Collection;
import javax.persistence.Entity; import jakarta.persistence.Entity;
import javax.persistence.GeneratedValue; import jakarta.persistence.GeneratedValue;
import javax.persistence.GenerationType; import jakarta.persistence.GenerationType;
import javax.persistence.Id; import jakarta.persistence.Id;
import javax.persistence.JoinColumn; import jakarta.persistence.JoinColumn;
import javax.persistence.JoinTable; import jakarta.persistence.JoinTable;
import javax.persistence.ManyToMany; import jakarta.persistence.ManyToMany;
@Entity @Entity
public class Role { public class Role {

21
spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/roles/rolesauthorities/model/User.java
View File

@ -2,17 +2,16 @@ package com.baeldung.roles.rolesauthorities.model;
import java.util.Collection; import java.util.Collection;
import javax.persistence.Column; import jakarta.persistence.Column;
import javax.persistence.Entity; import jakarta.persistence.Entity;
import javax.persistence.FetchType; import jakarta.persistence.FetchType;
import javax.persistence.GeneratedValue; import jakarta.persistence.GeneratedValue;
import javax.persistence.GenerationType; import jakarta.persistence.GenerationType;
import javax.persistence.Id; import jakarta.persistence.Id;
import javax.persistence.JoinColumn; import jakarta.persistence.JoinColumn;
import javax.persistence.JoinTable; import jakarta.persistence.JoinTable;
import javax.persistence.ManyToMany; import jakarta.persistence.ManyToMany;
import javax.persistence.Table; import jakarta.persistence.Table;
@Entity @Entity
@Table(name = "user_account") @Table(name = "user_account")

2
spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/roles/rolesauthorities/persistence/UserService.java
View File

@ -1,6 +1,6 @@
package com.baeldung.roles.rolesauthorities.persistence; package com.baeldung.roles.rolesauthorities.persistence;
import javax.transaction.Transactional; import jakarta.transaction.Transactional;
import com.baeldung.roles.rolesauthorities.model.User; import com.baeldung.roles.rolesauthorities.model.User;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;

27
spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/roles/voter/MinuteBasedVoter.java
View File

@ -1,33 +1,28 @@
package com.baeldung.roles.voter; package com.baeldung.roles.voter;
import java.time.LocalDateTime; import java.time.LocalDateTime;
import java.util.Collection; import java.util.function.Supplier;
import org.springframework.security.access.AccessDecisionVoter; import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.access.ConfigAttribute; import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.web.access.intercept.RequestAuthorizationContext;
public class MinuteBasedVoter implements AccessDecisionVoter { public class MinuteBasedVoter implements AuthorizationManager<RequestAuthorizationContext> {
@Override @Override
public boolean supports(ConfigAttribute attribute) { public void verify(Supplier<Authentication> authentication, RequestAuthorizationContext object) {
return true; AuthorizationManager.super.verify(authentication, object);
} }
@Override @Override
public boolean supports(Class clazz) { public AuthorizationDecision check(Supplier<Authentication> authentication, RequestAuthorizationContext object) {
return true; return authentication.get().getAuthorities()
}
@Override
public int vote(Authentication authentication, Object object, Collection collection) {
return authentication.getAuthorities()
.stream() .stream()
.map(GrantedAuthority::getAuthority) .map(GrantedAuthority::getAuthority)
.filter(r -> "ROLE_USER".equals(r) && LocalDateTime.now().getMinute() % 2 != 0) .filter(r -> "ROLE_USER".equals(r) && LocalDateTime.now().getMinute() % 2 != 0)
.findAny() .findAny().map(s -> new AuthorizationDecision(false))
.map(s -> ACCESS_DENIED) .orElse(new AuthorizationDecision(true));
.orElse(ACCESS_ABSTAIN);
} }
} }

46
spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/roles/voter/WebSecurityConfig.java
View File

@ -1,23 +1,19 @@
package com.baeldung.roles.voter; package com.baeldung.roles.voter;
import java.util.Arrays;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.AccessDecisionManager; import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.access.AccessDecisionVoter; import org.springframework.security.authorization.AuthorizationManagers;
import org.springframework.security.access.vote.AuthenticatedVoter;
import org.springframework.security.access.vote.RoleVoter;
import org.springframework.security.access.vote.UnanimousBased;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.expression.WebExpressionVoter; import org.springframework.security.web.access.intercept.RequestAuthorizationContext;
@Configuration @Configuration
@EnableWebSecurity @EnableWebSecurity
@ -38,32 +34,20 @@ public class WebSecurityConfig {
@Bean @Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.csrf() http.csrf(AbstractHttpConfigurer::disable)
.disable() .authorizeHttpRequests(authorizationManagerRequestMatcherRegistry ->
.authorizeRequests() authorizationManagerRequestMatcherRegistry.anyRequest().authenticated()
.anyRequest() .anyRequest().access(accessDecisionManager()))
.authenticated() .formLogin(AbstractAuthenticationFilterConfigurer::permitAll)
.accessDecisionManager(accessDecisionManager()) .logout(httpSecurityLogoutConfigurer ->
.and() httpSecurityLogoutConfigurer.permitAll().deleteCookies("JSESSIONID")
.formLogin() .logoutSuccessUrl("/login"));
.permitAll()
.and()
.logout()
.permitAll()
.deleteCookies("JSESSIONID")
.logoutSuccessUrl("/login");
return http.build(); return http.build();
} }
@Bean @Bean
public AccessDecisionManager accessDecisionManager() { public AuthorizationManager<RequestAuthorizationContext> accessDecisionManager() {
List<AccessDecisionVoter<?>> decisionVoters = Arrays.asList( return AuthorizationManagers.allOf(new MinuteBasedVoter());
new WebExpressionVoter(),
new RoleVoter(),
new AuthenticatedVoter(),
new MinuteBasedVoter());
return new UnanimousBased(decisionVoters);
} }
@Bean @Bean

8
spring-security-modules/spring-security-web-boot-1/src/test/java/com/baeldung/relationships/SpringDataWithSecurityIntegrationTest.java
View File

@ -11,9 +11,9 @@ import org.junit.Before;
import org.junit.Test; import org.junit.Test;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.dao.InvalidDataAccessApiUsageException;
import org.springframework.data.domain.Page; import org.springframework.data.domain.Page;
import org.springframework.data.domain.PageRequest; import org.springframework.data.domain.PageRequest;
import org.springframework.expression.spel.SpelEvaluationException;
import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
@ -25,7 +25,7 @@ import org.springframework.test.context.web.WebAppConfiguration;
import org.springframework.test.jdbc.JdbcTestUtils; import org.springframework.test.jdbc.JdbcTestUtils;
import org.springframework.web.context.support.AnnotationConfigWebApplicationContext; import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
import javax.servlet.ServletContext; import jakarta.servlet.ServletContext;
import java.util.Date; import java.util.Date;
import java.util.List; import java.util.List;
@ -83,7 +83,7 @@ public class SpringDataWithSecurityIntegrationTest {
userRepository.updateLastLogin(new Date()); userRepository.updateLastLogin(new Date());
} }
@Test(expected = InvalidDataAccessApiUsageException.class) @Test(expected = SpelEvaluationException.class)
public void givenNoAppUserInSecurityContext_whenUpdateLastLoginAttempted_shouldFail() { public void givenNoAppUserInSecurityContext_whenUpdateLastLoginAttempted_shouldFail() {
userRepository.updateLastLogin(new Date()); userRepository.updateLastLogin(new Date());
} }
@ -104,7 +104,7 @@ public class SpringDataWithSecurityIntegrationTest {
} while (page.hasNext()); } while (page.hasNext());
} }
@Test(expected = InvalidDataAccessApiUsageException.class) @Test(expected = SpelEvaluationException.class)
public void givenNoAppUser_whenPaginatedResultsRetrievalAttempted_shouldFail() { public void givenNoAppUser_whenPaginatedResultsRetrievalAttempted_shouldFail() {
Page<Tweet> page = null; Page<Tweet> page = null;
do { do {

2
spring-security-modules/spring-security-web-boot-1/src/test/java/com/baeldung/roles/web/CustomUserDetailsServiceIntegrationTest.java
View File

@ -6,13 +6,13 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
import org.apache.http.HttpHeaders;
import com.baeldung.roles.custom.Application; import com.baeldung.roles.custom.Application;
import com.baeldung.roles.custom.persistence.model.Foo; import com.baeldung.roles.custom.persistence.model.Foo;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc; import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
import org.springframework.boot.test.context.SpringBootTest; import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.http.HttpHeaders;
import org.springframework.http.MediaType; import org.springframework.http.MediaType;
import org.springframework.security.test.context.support.WithAnonymousUser; import org.springframework.security.test.context.support.WithAnonymousUser;
import org.springframework.security.test.context.support.WithUserDetails; import org.springframework.security.test.context.support.WithUserDetails;