Merge pull request #12748 from anuragkumawat/JAVA-14868
JAVA-14868 Update spring-security-web-sockets module under spring-security-modules to remove usage of deprecated WebSecurityConfigurerAdapter
This commit is contained in:
Loredana Crusoveanu
GitHub
commit
3172233c58
|
|
@ -1,26 +1,28 @@
|
|||
package com.baeldung.springsecuredsockets.config;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.ComponentScan;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
|
||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.access.AccessDeniedHandler;
|
||||
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
|
||||
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
|
||||
|
||||
import com.baeldung.springsecuredsockets.security.CustomAccessDeniedHandler;
|
||||
import com.baeldung.springsecuredsockets.security.CustomDaoAuthenticationProvider;
|
||||
import com.baeldung.springsecuredsockets.security.CustomLoginSuccessHandler;
|
||||
import com.baeldung.springsecuredsockets.security.CustomLogoutSuccessHandler;
|
||||
import com.baeldung.springsecuredsockets.security.CustomUserDetailsService;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.ComponentScan;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.builders.WebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.security.web.access.AccessDeniedHandler;
|
||||
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
|
||||
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
|
||||
|
||||
/**
|
||||
* @EnableGlobalAuthentication annotates:
|
||||
|
|
@ -36,7 +38,7 @@ import org.springframework.security.web.authentication.logout.LogoutSuccessHandl
|
|||
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
|
||||
@EnableWebSecurity
|
||||
@ComponentScan("com.baeldung.springsecuredsockets")
|
||||
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
public class SecurityConfig {
|
||||
|
||||
@Autowired
|
||||
private CustomUserDetailsService customUserDetailsService;
|
||||
|
|
@ -82,54 +84,59 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
* <p>
|
||||
* Matching occurs from top to bottom - so, the topmost match succeeds first.
|
||||
*/
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeRequests()
|
||||
.antMatchers("/", "/index", "/authenticate")
|
||||
.permitAll()
|
||||
.antMatchers("/secured/**/**", "/secured/**/**/**", "/secured/socket", "/secured/success")
|
||||
.authenticated()
|
||||
.anyRequest().authenticated()
|
||||
.and()
|
||||
.formLogin()
|
||||
.loginPage("/login").permitAll()
|
||||
.usernameParameter("username")
|
||||
.passwordParameter("password")
|
||||
.loginProcessingUrl("/authenticate")
|
||||
.successHandler(loginSuccessHandler())
|
||||
.failureUrl("/denied").permitAll()
|
||||
.and()
|
||||
.logout()
|
||||
.logoutSuccessHandler(logoutSuccessHandler())
|
||||
.and()
|
||||
/**
|
||||
* Applies to User Roles - not to login failures or unauthenticated access attempts.
|
||||
*/
|
||||
.exceptionHandling()
|
||||
.accessDeniedHandler(accessDeniedHandler())
|
||||
.and()
|
||||
.authenticationProvider(authenticationProvider());
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests()
|
||||
.antMatchers("/", "/index", "/authenticate")
|
||||
.permitAll()
|
||||
.antMatchers("/secured/**/**", "/secured/**/**/**", "/secured/socket", "/secured/success")
|
||||
.authenticated()
|
||||
.anyRequest()
|
||||
.authenticated()
|
||||
.and()
|
||||
.formLogin()
|
||||
.loginPage("/login")
|
||||
.permitAll()
|
||||
.usernameParameter("username")
|
||||
.passwordParameter("password")
|
||||
.loginProcessingUrl("/authenticate")
|
||||
.successHandler(loginSuccessHandler())
|
||||
.failureUrl("/denied")
|
||||
.permitAll()
|
||||
.and()
|
||||
.logout()
|
||||
.logoutSuccessHandler(logoutSuccessHandler())
|
||||
.and()
|
||||
/**
|
||||
* Applies to User Roles - not to login failures or unauthenticated access attempts.
|
||||
*/
|
||||
.exceptionHandling()
|
||||
.accessDeniedHandler(accessDeniedHandler())
|
||||
.and()
|
||||
.authenticationProvider(authenticationProvider());
|
||||
|
||||
/** Disabled for local testing */
|
||||
http
|
||||
.csrf().disable();
|
||||
http.csrf()
|
||||
.disable();
|
||||
|
||||
/** This is solely required to support H2 console viewing in Spring MVC with Spring Security */
|
||||
http
|
||||
.headers()
|
||||
.frameOptions()
|
||||
.disable();
|
||||
http.headers()
|
||||
.frameOptions()
|
||||
.disable();
|
||||
return http.build();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
|
||||
auth.authenticationProvider(authenticationProvider());
|
||||
@Bean
|
||||
public AuthenticationManager authManager(HttpSecurity http) throws Exception {
|
||||
return http.getSharedObject(AuthenticationManagerBuilder.class)
|
||||
.authenticationProvider(authenticationProvider())
|
||||
.build();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void configure(WebSecurity web) throws Exception {
|
||||
web.ignoring().antMatchers("/resources/**");
|
||||
@Bean
|
||||
public WebSecurityCustomizer webSecurityCustomizer() {
|
||||
return (web) -> web.ignoring()
|
||||
.antMatchers("/resources/**");
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue