JAVA-14676 Update spring-boot-security module under spring-boot-modules to remove usage of deprecated WebSecurityConfigurerAdapter

2022-09-17 20:38:19 +05:30 · 2022-09-17 20:38:19 +05:30 · 2901f17a2e
parent 171e4bd7c8
commit 2901f17a2e
5 changed files with 92 additions and 77 deletions
--- a/spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/annotations/globalmethod/AnnotationSecuredStaticResourceConfig.java
+++ b/spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/annotations/globalmethod/AnnotationSecuredStaticResourceConfig.java
@ -2,16 +2,13 @@ package com.baeldung.annotations.globalmethod;

 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;


@Configuration
@EnableWebSecurity
-public class AnnotationSecuredStaticResourceConfig extends WebSecurityConfigurerAdapter {
+public class AnnotationSecuredStaticResourceConfig {

    @Bean
    public WebSecurityCustomizer ignoreResources() {
--- a/spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/annotations/websecurity/CustomWebSecurityConfig.java
+++ b/spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/annotations/websecurity/CustomWebSecurityConfig.java
@ -1,29 +1,29 @@
 package com.baeldung.annotations.websecurity;

+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
+import org.springframework.security.web.SecurityFilterChain;

@Configuration
@EnableWebSecurity
-public class CustomWebSecurityConfig extends WebSecurityConfigurerAdapter {
+public class CustomWebSecurityConfig {

-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        http
-          .authorizeRequests()
-          .antMatchers("/admin/**")
-          .hasRole("ADMIN")
-          .antMatchers("/protected/**")
-          .hasRole("USER");
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http.authorizeRequests()
+            .antMatchers("/admin/**")
+            .hasRole("ADMIN")
+            .antMatchers("/protected/**")
+            .hasRole("USER");
+        return http.build();
    }

-    @Override
-    public void configure(WebSecurity web) throws Exception {
-        web
-          .ignoring()
-          .antMatchers("/public/*");
+    @Bean
+    public WebSecurityCustomizer webSecurityCustomizer() {
+        return (web) -> web.ignoring()
+            .antMatchers("/public/*");
    }
 }
--- a/spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/integrationtesting/WebSecurityConfigurer.java
+++ b/spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/integrationtesting/WebSecurityConfigurer.java
@ -2,28 +2,29 @@ package com.baeldung.integrationtesting;

 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;

@Configuration
-public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
+public class WebSecurityConfigurer {

-    @Override
-    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-        
-        BCryptPasswordEncoder encoder = passwordEncoder();
-        
-        auth.inMemoryAuthentication()
-            .passwordEncoder(encoder)
-            .withUser("spring")
-            .password(encoder.encode("secret"))
-            .roles("USER");
+    @Bean
+    public InMemoryUserDetailsManager userDetailsService(PasswordEncoder passwordEncoder) {
+        UserDetails user = User.withUsername("spring")
+            .password(passwordEncoder.encode("secret"))
+            .roles("USER")
+            .build();
+
+        return new InMemoryUserDetailsManager(user);
    }

-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.authorizeRequests()
            .antMatchers("/private/**")
            .hasRole("USER")
@ -31,6 +32,7 @@ public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
            .permitAll()
            .and()
            .httpBasic();
+        return http.build();
    }

    @Bean
--- a/spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/springbootsecurity/autoconfig/config/BasicConfiguration.java
+++ b/spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/springbootsecurity/autoconfig/config/BasicConfiguration.java
@ -1,38 +1,48 @@
 package com.baeldung.springbootsecurity.autoconfig.config;

+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.crypto.factory.PasswordEncoderFactories;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;

@Configuration
@EnableWebSecurity
-public class BasicConfiguration extends WebSecurityConfigurerAdapter {
+public class BasicConfiguration {

-    @Override
-    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-    	PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
-    	auth
-          .inMemoryAuthentication()
-          .withUser("user")
-          .password(encoder.encode("password"))
-          .roles("USER")
-          .and()
-          .withUser("admin")
-          .password(encoder.encode("admin"))
-          .roles("USER", "ADMIN");
+    @Bean
+    public InMemoryUserDetailsManager userDetailsService(PasswordEncoder passwordEncoder) {
+        UserDetails user = User.withUsername("user")
+            .password(passwordEncoder.encode("password"))
+            .roles("USER")
+            .build();
+
+        UserDetails admin = User.withUsername("admin")
+            .password(passwordEncoder.encode("admin"))
+            .roles("USER", "ADMIN")
+            .build();
+
+        return new InMemoryUserDetailsManager(user, admin);
    }

-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        http
-          .authorizeRequests()
-          .anyRequest()
-          .authenticated()
-          .and()
-          .httpBasic();
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http.authorizeRequests()
+            .anyRequest()
+            .authenticated()
+            .and()
+            .httpBasic();
+        return http.build();
+    }
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
+        return encoder;
    }
 }
--- a/spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/springsecuritytaglibs/config/SpringBootSecurityTagLibsConfig.java
+++ b/spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/springsecuritytaglibs/config/SpringBootSecurityTagLibsConfig.java
@ -2,37 +2,43 @@ package com.baeldung.springsecuritytaglibs.config;

 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;

@Configuration
@EnableWebSecurity
-public class SpringBootSecurityTagLibsConfig extends WebSecurityConfigurerAdapter {
+public class SpringBootSecurityTagLibsConfig {

-    @Override
-    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-        BCryptPasswordEncoder encoder = passwordEncoder();
-        auth.inMemoryAuthentication()
-            .passwordEncoder(encoder)
-            .withUser("testUser")
-            .password(encoder.encode("password"))
-            .roles("ADMIN");
+    @Bean
+    public InMemoryUserDetailsManager userDetailsService(PasswordEncoder passwordEncoder) {
+        UserDetails user = User.withUsername("testUser")
+            .password(passwordEncoder.encode("password"))
+            .roles("ADMIN")
+            .build();
+
+        return new InMemoryUserDetailsManager(user);
    }

-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        // @formatter:off
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.csrf()
-                .and()
+            .and()
            .authorizeRequests()
-                .antMatchers("/userManagement").hasRole("ADMIN")
-                .anyRequest().permitAll().and().httpBasic();
-        // @formatter:on
+            .antMatchers("/userManagement")
+            .hasRole("ADMIN")
+            .anyRequest()
+            .permitAll()
+            .and()
+            .httpBasic();
+        return http.build();
    }
-    
+
    @Bean
    public BCryptPasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();