From 2901f17a2e58369b2e1d2f6c4edbbd56c3f667a0 Mon Sep 17 00:00:00 2001 From: anuragkumawat Date: Sat, 17 Sep 2022 20:38:19 +0530 Subject: [PATCH] JAVA-14676 Update spring-boot-security module under spring-boot-modules to remove usage of deprecated WebSecurityConfigurerAdapter --- ...AnnotationSecuredStaticResourceConfig.java | 5 +- .../websecurity/CustomWebSecurityConfig.java | 32 +++++------ .../WebSecurityConfigurer.java | 32 ++++++----- .../autoconfig/config/BasicConfiguration.java | 56 +++++++++++-------- .../SpringBootSecurityTagLibsConfig.java | 44 ++++++++------- 5 files changed, 92 insertions(+), 77 deletions(-) diff --git a/spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/annotations/globalmethod/AnnotationSecuredStaticResourceConfig.java b/spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/annotations/globalmethod/AnnotationSecuredStaticResourceConfig.java index 467285adfa..45b8651dc1 100644 --- a/spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/annotations/globalmethod/AnnotationSecuredStaticResourceConfig.java +++ b/spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/annotations/globalmethod/AnnotationSecuredStaticResourceConfig.java @@ -2,16 +2,13 @@ package com.baeldung.annotations.globalmethod; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import org.springframework.security.config.annotation.SecurityConfigurerAdapter; -import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer; @Configuration @EnableWebSecurity -public class AnnotationSecuredStaticResourceConfig extends WebSecurityConfigurerAdapter { +public class AnnotationSecuredStaticResourceConfig { @Bean public WebSecurityCustomizer ignoreResources() { diff --git a/spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/annotations/websecurity/CustomWebSecurityConfig.java b/spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/annotations/websecurity/CustomWebSecurityConfig.java index ce874e313e..21ad1586a2 100644 --- a/spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/annotations/websecurity/CustomWebSecurityConfig.java +++ b/spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/annotations/websecurity/CustomWebSecurityConfig.java @@ -1,29 +1,29 @@ package com.baeldung.annotations.websecurity; +import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer; +import org.springframework.security.web.SecurityFilterChain; @Configuration @EnableWebSecurity -public class CustomWebSecurityConfig extends WebSecurityConfigurerAdapter { +public class CustomWebSecurityConfig { - @Override - protected void configure(HttpSecurity http) throws Exception { - http - .authorizeRequests() - .antMatchers("/admin/**") - .hasRole("ADMIN") - .antMatchers("/protected/**") - .hasRole("USER"); + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + http.authorizeRequests() + .antMatchers("/admin/**") + .hasRole("ADMIN") + .antMatchers("/protected/**") + .hasRole("USER"); + return http.build(); } - @Override - public void configure(WebSecurity web) throws Exception { - web - .ignoring() - .antMatchers("/public/*"); + @Bean + public WebSecurityCustomizer webSecurityCustomizer() { + return (web) -> web.ignoring() + .antMatchers("/public/*"); } } diff --git a/spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/integrationtesting/WebSecurityConfigurer.java b/spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/integrationtesting/WebSecurityConfigurer.java index 1437440668..63d8083e7d 100644 --- a/spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/integrationtesting/WebSecurityConfigurer.java +++ b/spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/integrationtesting/WebSecurityConfigurer.java @@ -2,28 +2,29 @@ package com.baeldung.integrationtesting; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.provisioning.InMemoryUserDetailsManager; +import org.springframework.security.web.SecurityFilterChain; @Configuration -public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter { +public class WebSecurityConfigurer { - @Override - protected void configure(AuthenticationManagerBuilder auth) throws Exception { - - BCryptPasswordEncoder encoder = passwordEncoder(); - - auth.inMemoryAuthentication() - .passwordEncoder(encoder) - .withUser("spring") - .password(encoder.encode("secret")) - .roles("USER"); + @Bean + public InMemoryUserDetailsManager userDetailsService(PasswordEncoder passwordEncoder) { + UserDetails user = User.withUsername("spring") + .password(passwordEncoder.encode("secret")) + .roles("USER") + .build(); + + return new InMemoryUserDetailsManager(user); } - @Override - protected void configure(HttpSecurity http) throws Exception { + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/private/**") .hasRole("USER") @@ -31,6 +32,7 @@ public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter { .permitAll() .and() .httpBasic(); + return http.build(); } @Bean diff --git a/spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/springbootsecurity/autoconfig/config/BasicConfiguration.java b/spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/springbootsecurity/autoconfig/config/BasicConfiguration.java index 7060792df5..0abe8338f5 100644 --- a/spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/springbootsecurity/autoconfig/config/BasicConfiguration.java +++ b/spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/springbootsecurity/autoconfig/config/BasicConfiguration.java @@ -1,38 +1,48 @@ package com.baeldung.springbootsecurity.autoconfig.config; +import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.crypto.factory.PasswordEncoderFactories; import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.provisioning.InMemoryUserDetailsManager; +import org.springframework.security.web.SecurityFilterChain; @Configuration @EnableWebSecurity -public class BasicConfiguration extends WebSecurityConfigurerAdapter { +public class BasicConfiguration { - @Override - protected void configure(AuthenticationManagerBuilder auth) throws Exception { - PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder(); - auth - .inMemoryAuthentication() - .withUser("user") - .password(encoder.encode("password")) - .roles("USER") - .and() - .withUser("admin") - .password(encoder.encode("admin")) - .roles("USER", "ADMIN"); + @Bean + public InMemoryUserDetailsManager userDetailsService(PasswordEncoder passwordEncoder) { + UserDetails user = User.withUsername("user") + .password(passwordEncoder.encode("password")) + .roles("USER") + .build(); + + UserDetails admin = User.withUsername("admin") + .password(passwordEncoder.encode("admin")) + .roles("USER", "ADMIN") + .build(); + + return new InMemoryUserDetailsManager(user, admin); } - @Override - protected void configure(HttpSecurity http) throws Exception { - http - .authorizeRequests() - .anyRequest() - .authenticated() - .and() - .httpBasic(); + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + http.authorizeRequests() + .anyRequest() + .authenticated() + .and() + .httpBasic(); + return http.build(); + } + + @Bean + public PasswordEncoder passwordEncoder() { + PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder(); + return encoder; } } diff --git a/spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/springsecuritytaglibs/config/SpringBootSecurityTagLibsConfig.java b/spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/springsecuritytaglibs/config/SpringBootSecurityTagLibsConfig.java index 75bc613bd1..b2929ebbbd 100644 --- a/spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/springsecuritytaglibs/config/SpringBootSecurityTagLibsConfig.java +++ b/spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/springsecuritytaglibs/config/SpringBootSecurityTagLibsConfig.java @@ -2,37 +2,43 @@ package com.baeldung.springsecuritytaglibs.config; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.provisioning.InMemoryUserDetailsManager; +import org.springframework.security.web.SecurityFilterChain; @Configuration @EnableWebSecurity -public class SpringBootSecurityTagLibsConfig extends WebSecurityConfigurerAdapter { +public class SpringBootSecurityTagLibsConfig { - @Override - protected void configure(AuthenticationManagerBuilder auth) throws Exception { - BCryptPasswordEncoder encoder = passwordEncoder(); - auth.inMemoryAuthentication() - .passwordEncoder(encoder) - .withUser("testUser") - .password(encoder.encode("password")) - .roles("ADMIN"); + @Bean + public InMemoryUserDetailsManager userDetailsService(PasswordEncoder passwordEncoder) { + UserDetails user = User.withUsername("testUser") + .password(passwordEncoder.encode("password")) + .roles("ADMIN") + .build(); + + return new InMemoryUserDetailsManager(user); } - @Override - protected void configure(HttpSecurity http) throws Exception { - // @formatter:off + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { http.csrf() - .and() + .and() .authorizeRequests() - .antMatchers("/userManagement").hasRole("ADMIN") - .anyRequest().permitAll().and().httpBasic(); - // @formatter:on + .antMatchers("/userManagement") + .hasRole("ADMIN") + .anyRequest() + .permitAll() + .and() + .httpBasic(); + return http.build(); } - + @Bean public BCryptPasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder();