iSharkFly-Docs/java-tutorials
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #12748 from anuragkumawat/JAVA-14868

Browse Source 
JAVA-14868 Update spring-security-web-sockets module under spring-security-modules to remove usage of deprecated WebSecurityConfigurerAdapter
This commit is contained in:
Loredana Crusoveanu 2022-09-22 12:42:44 +03:00 committed by GitHub
commit 3172233c58
1 changed files with 64 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
spring-security-modules/spring-security-web-sockets/src/main/java/com/baeldung/springsecuredsockets/config/SecurityConfig.java
View File

@ -1,26 +1,28 @@
package com.baeldung.springsecuredsockets.config; package com.baeldung.springsecuredsockets.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import com.baeldung.springsecuredsockets.security.CustomAccessDeniedHandler; import com.baeldung.springsecuredsockets.security.CustomAccessDeniedHandler;
import com.baeldung.springsecuredsockets.security.CustomDaoAuthenticationProvider; import com.baeldung.springsecuredsockets.security.CustomDaoAuthenticationProvider;
import com.baeldung.springsecuredsockets.security.CustomLoginSuccessHandler; import com.baeldung.springsecuredsockets.security.CustomLoginSuccessHandler;
import com.baeldung.springsecuredsockets.security.CustomLogoutSuccessHandler; import com.baeldung.springsecuredsockets.security.CustomLogoutSuccessHandler;
import com.baeldung.springsecuredsockets.security.CustomUserDetailsService; import com.baeldung.springsecuredsockets.security.CustomUserDetailsService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
/** /**
* @EnableGlobalAuthentication annotates: * @EnableGlobalAuthentication annotates:
@ -36,7 +38,7 @@ import org.springframework.security.web.authentication.logout.LogoutSuccessHandl
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true) @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
@EnableWebSecurity @EnableWebSecurity
@ComponentScan("com.baeldung.springsecuredsockets") @ComponentScan("com.baeldung.springsecuredsockets")
public class SecurityConfig extends WebSecurityConfigurerAdapter { public class SecurityConfig {
@Autowired @Autowired
private CustomUserDetailsService customUserDetailsService; private CustomUserDetailsService customUserDetailsService;
@ -82,23 +84,25 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
* <p> * <p>
* Matching occurs from top to bottom - so, the topmost match succeeds first. * Matching occurs from top to bottom - so, the topmost match succeeds first.
*/ */
@Override @Bean
protected void configure(HttpSecurity http) throws Exception { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http http.authorizeRequests()
.authorizeRequests()
.antMatchers("/", "/index", "/authenticate") .antMatchers("/", "/index", "/authenticate")
.permitAll() .permitAll()
.antMatchers("/secured/**/**", "/secured/**/**/**", "/secured/socket", "/secured/success") .antMatchers("/secured/**/**", "/secured/**/**/**", "/secured/socket", "/secured/success")
.authenticated() .authenticated()
.anyRequest().authenticated() .anyRequest()
.authenticated()
.and() .and()
.formLogin() .formLogin()
.loginPage("/login").permitAll() .loginPage("/login")
.permitAll()
.usernameParameter("username") .usernameParameter("username")
.passwordParameter("password") .passwordParameter("password")
.loginProcessingUrl("/authenticate") .loginProcessingUrl("/authenticate")
.successHandler(loginSuccessHandler()) .successHandler(loginSuccessHandler())
.failureUrl("/denied").permitAll() .failureUrl("/denied")
.permitAll()
.and() .and()
.logout() .logout()
.logoutSuccessHandler(logoutSuccessHandler()) .logoutSuccessHandler(logoutSuccessHandler())
@ -112,24 +116,27 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
.authenticationProvider(authenticationProvider()); .authenticationProvider(authenticationProvider());
/** Disabled for local testing */ /** Disabled for local testing */
http http.csrf()
.csrf().disable(); .disable();
/** This is solely required to support H2 console viewing in Spring MVC with Spring Security */ /** This is solely required to support H2 console viewing in Spring MVC with Spring Security */
http http.headers()
.headers()
.frameOptions() .frameOptions()
.disable(); .disable();
return http.build();
} }
@Override @Bean
protected void configure(final AuthenticationManagerBuilder auth) throws Exception { public AuthenticationManager authManager(HttpSecurity http) throws Exception {
auth.authenticationProvider(authenticationProvider()); return http.getSharedObject(AuthenticationManagerBuilder.class)
.authenticationProvider(authenticationProvider())
.build();
} }
@Override @Bean
public void configure(WebSecurity web) throws Exception { public WebSecurityCustomizer webSecurityCustomizer() {
web.ignoring().antMatchers("/resources/**"); return (web) -> web.ignoring()
.antMatchers("/resources/**");
} }
} }