JAVA-14676 Update spring-boot-security module under spring-boot-modules to remove usage of deprecated WebSecurityConfigurerAdapter

2022-09-17 20:38:19 +05:30 · 2022-09-17 20:38:19 +05:30 · 2901f17a2e
parent 171e4bd7c8
commit 2901f17a2e
5 changed files with 92 additions and 77 deletions
--- a/spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/annotations/globalmethod/AnnotationSecuredStaticResourceConfig.java
+++ b/spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/annotations/globalmethod/AnnotationSecuredStaticResourceConfig.java
@ -2,16 +2,13 @@ package com.baeldung.annotations.globalmethod;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
@Configuration
@EnableWebSecurity
-public class AnnotationSecuredStaticResourceConfig extends WebSecurityConfigurerAdapter {
+public class AnnotationSecuredStaticResourceConfig {
    @Bean
    public WebSecurityCustomizer ignoreResources() {
--- a/spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/annotations/websecurity/CustomWebSecurityConfig.java
+++ b/spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/annotations/websecurity/CustomWebSecurityConfig.java
@ -1,29 +1,29 @@
 package com.baeldung.annotations.websecurity;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
 import org.springframework.security.web.SecurityFilterChain;
@Configuration
@EnableWebSecurity
-public class CustomWebSecurityConfig extends WebSecurityConfigurerAdapter {
+public class CustomWebSecurityConfig {
-    @Override
+    @Bean
-    protected void configure(HttpSecurity http) throws Exception {
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        http
+        http.authorizeRequests()
-          .authorizeRequests()
+            .antMatchers("/admin/**")
-          .antMatchers("/admin/**")
+            .hasRole("ADMIN")
-          .hasRole("ADMIN")
+            .antMatchers("/protected/**")
-          .antMatchers("/protected/**")
+            .hasRole("USER");
-          .hasRole("USER");
+        return http.build();
    }
-    @Override
+    @Bean
-    public void configure(WebSecurity web) throws Exception {
+    public WebSecurityCustomizer webSecurityCustomizer() {
-        web
+        return (web) -> web.ignoring()
-          .ignoring()
+            .antMatchers("/public/*");
          .antMatchers("/public/*");
    }
 }
--- a/spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/integrationtesting/WebSecurityConfigurer.java
+++ b/spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/integrationtesting/WebSecurityConfigurer.java
@ -2,28 +2,29 @@ package com.baeldung.integrationtesting;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.security.web.SecurityFilterChain;
@Configuration
-public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
+public class WebSecurityConfigurer {
-    @Override
+    @Bean
-    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+    public InMemoryUserDetailsManager userDetailsService(PasswordEncoder passwordEncoder) {
-        
+        UserDetails user = User.withUsername("spring")
-        BCryptPasswordEncoder encoder = passwordEncoder();
+            .password(passwordEncoder.encode("secret"))
-        
+            .roles("USER")
-        auth.inMemoryAuthentication()
+            .build();
-            .passwordEncoder(encoder)
+
-            .withUser("spring")
+        return new InMemoryUserDetailsManager(user);
            .password(encoder.encode("secret"))
            .roles("USER");
    }
-    @Override
+    @Bean
-    protected void configure(HttpSecurity http) throws Exception {
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.authorizeRequests()
            .antMatchers("/private/**")
            .hasRole("USER")
@ -31,6 +32,7 @@ public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
            .permitAll()
            .and()
            .httpBasic();
        return http.build();
    }
    @Bean
--- a/spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/springbootsecurity/autoconfig/config/BasicConfiguration.java
+++ b/spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/springbootsecurity/autoconfig/config/BasicConfiguration.java
@ -1,38 +1,48 @@
 package com.baeldung.springbootsecurity.autoconfig.config;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.crypto.factory.PasswordEncoderFactories;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.security.web.SecurityFilterChain;
@Configuration
@EnableWebSecurity
-public class BasicConfiguration extends WebSecurityConfigurerAdapter {
+public class BasicConfiguration {
-    @Override
+    @Bean
-    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+    public InMemoryUserDetailsManager userDetailsService(PasswordEncoder passwordEncoder) {
-    	PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
+        UserDetails user = User.withUsername("user")
-    	auth
+            .password(passwordEncoder.encode("password"))
-          .inMemoryAuthentication()
+            .roles("USER")
-          .withUser("user")
+            .build();
-          .password(encoder.encode("password"))
+
-          .roles("USER")
+        UserDetails admin = User.withUsername("admin")
-          .and()
+            .password(passwordEncoder.encode("admin"))
-          .withUser("admin")
+            .roles("USER", "ADMIN")
-          .password(encoder.encode("admin"))
+            .build();
-          .roles("USER", "ADMIN");
+
        return new InMemoryUserDetailsManager(user, admin);
    }
-    @Override
+    @Bean
-    protected void configure(HttpSecurity http) throws Exception {
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        http
+        http.authorizeRequests()
-          .authorizeRequests()
+            .anyRequest()
-          .anyRequest()
+            .authenticated()
-          .authenticated()
+            .and()
-          .and()
+            .httpBasic();
-          .httpBasic();
+        return http.build();
    }
    @Bean
    public PasswordEncoder passwordEncoder() {
        PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
        return encoder;
    }
 }
--- a/spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/springsecuritytaglibs/config/SpringBootSecurityTagLibsConfig.java
+++ b/spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/springsecuritytaglibs/config/SpringBootSecurityTagLibsConfig.java
@ -2,37 +2,43 @@ package com.baeldung.springsecuritytaglibs.config;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.security.web.SecurityFilterChain;
@Configuration
@EnableWebSecurity
-public class SpringBootSecurityTagLibsConfig extends WebSecurityConfigurerAdapter {
+public class SpringBootSecurityTagLibsConfig {
-    @Override
+    @Bean
-    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+    public InMemoryUserDetailsManager userDetailsService(PasswordEncoder passwordEncoder) {
-        BCryptPasswordEncoder encoder = passwordEncoder();
+        UserDetails user = User.withUsername("testUser")
-        auth.inMemoryAuthentication()
+            .password(passwordEncoder.encode("password"))
-            .passwordEncoder(encoder)
+            .roles("ADMIN")
-            .withUser("testUser")
+            .build();
-            .password(encoder.encode("password"))
+
-            .roles("ADMIN");
+        return new InMemoryUserDetailsManager(user);
    }
-    @Override
+    @Bean
-    protected void configure(HttpSecurity http) throws Exception {
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        // @formatter:off
        http.csrf()
-                .and()
+            .and()
            .authorizeRequests()
-                .antMatchers("/userManagement").hasRole("ADMIN")
+            .antMatchers("/userManagement")
-                .anyRequest().permitAll().and().httpBasic();
+            .hasRole("ADMIN")
-        // @formatter:on
+            .anyRequest()
            .permitAll()
            .and()
            .httpBasic();
        return http.build();
    }
-    
+
    @Bean
    public BCryptPasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();