JAVA-14888 Update apache-shiro module under security-modules to remove usage of deprecated WebSecurityConfigurerAdapter (#13059)

2022-11-23 23:38:45 +05:30 · 2022-11-23 23:38:45 +05:30 · 32e34e537b
parent e14ea6632f
commit 32e34e537b
1 changed files with 24 additions and 18 deletions
--- a/security-modules/apache-shiro/src/main/java/com/baeldung/comparison/springsecurity/config/SecurityConfig.java
+++ b/security-modules/apache-shiro/src/main/java/com/baeldung/comparison/springsecurity/config/SecurityConfig.java
@ -1,40 +1,46 @@
 package com.baeldung.comparison.springsecurity.config;

 import org.springframework.context.annotation.Bean;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;

@EnableWebSecurity
-public class SecurityConfig extends WebSecurityConfigurerAdapter {
+public class SecurityConfig {

-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        http.csrf().disable().authorizeRequests(authorize -> authorize.antMatchers("/index", "/login")
-            .permitAll()
-            .antMatchers("/home", "/logout")
-            .authenticated()
-            .antMatchers("/admin/**")
-            .hasRole("ADMIN"))
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http.csrf()
+            .disable()
+            .authorizeRequests(authorize -> authorize.antMatchers("/index", "/login")
+                .permitAll()
+                .antMatchers("/home", "/logout")
+                .authenticated()
+                .antMatchers("/admin/**")
+                .hasRole("ADMIN"))
            .formLogin(formLogin -> formLogin.loginPage("/login")
                .failureUrl("/login-error"));
+        return http.build();
    }

-    @Override
-    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-        auth.inMemoryAuthentication()
-            .withUser("Jerry")
+    @Bean
+    public InMemoryUserDetailsManager userDetailsService() throws Exception {
+        UserDetails jerry = User.withUsername("Jerry")
            .password(passwordEncoder().encode("password"))
            .authorities("READ", "WRITE")
            .roles("ADMIN")
-            .and()
-            .withUser("Tom")
+            .build();
+        UserDetails tom = User.withUsername("Tom")
            .password(passwordEncoder().encode("password"))
            .authorities("READ")
-            .roles("USER");
+            .roles("USER")
+            .build();
+        return new InMemoryUserDetailsManager(jerry, tom);
    }

    @Bean