Update article httpsecurity vs websecurity

2023-11-30 18:35:21 +00:00 · 2023-11-30 18:35:21 +00:00 · 339b269caa
parent c10a404f57
commit 339b269caa
2 changed files with 80 additions and 22 deletions
--- a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/httpsecurityvswebsecurity/WebSecurityConfig.java
+++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/httpsecurityvswebsecurity/WebSecurityConfig.java
@ -1,35 +1,78 @@
 package com.baeldung.httpsecurityvswebsecurity;

-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.firewall.HttpFirewall;
+import org.springframework.security.web.firewall.StrictHttpFirewall;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import static org.springframework.security.config.Customizer.withDefaults;

@Configuration
-public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+@EnableWebSecurity
+public class WebSecurityConfig {

-    @Autowired
-    private UserDetailsService userDetailsService;
-
-    @Override
-    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-        auth
-          .userDetailsService(userDetailsService)
-          .passwordEncoder(new BCryptPasswordEncoder());
+    @Bean
+    public HttpFirewall allowHttpMethod() {
+        List<String> allowedMethods = new ArrayList<String>();
+        allowedMethods.add("GET");
+        allowedMethods.add("POST");
+        StrictHttpFirewall firewall = new StrictHttpFirewall();
+        firewall.setAllowedHttpMethods(allowedMethods);
+        return firewall;
    }

-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        http.authorizeRequests()
-          .antMatchers("/")
-          .permitAll()
+    @Bean
+    public WebSecurityCustomizer fireWall() {
+        return (web) -> web.httpFirewall(allowHttpMethod());
+    }
+
+    @Bean
+    public WebSecurityCustomizer ignoringCustomizer() {
+        return (web) -> web.ignoring().antMatchers("/resources/**", "/static/**");
+    }
+
+    @Bean
+    public WebSecurityCustomizer debugSecurity() {
+        return (web) -> web.debug(true);
+    }
+
+    @Bean
+    public InMemoryUserDetailsManager userDetailsService() {
+        UserDetails user = User.withUsername("user")
+          .password(encoder().encode("userPass"))
+          .roles("ADMIN")
+          .build();
+        return new InMemoryUserDetailsManager(user);
+    }
+
+    @Bean
+    public PasswordEncoder encoder() {
+        return new BCryptPasswordEncoder();
+    }
+
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        http.authorizeHttpRequests((authorize) -> authorize.antMatchers("/admin/**")
+          .hasRole("ADMIN")
          .anyRequest()
-          .authenticated()
-          .and()
-          .formLogin();
+          .permitAll())
+          .httpBasic(withDefaults())
+          .formLogin(withDefaults())
+          .csrf(AbstractHttpConfigurer::disable);
+        return http.build();
    }
+
 }
--- a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/httpsecurityvswebsecurity/controller/AdminController.java
+++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/httpsecurityvswebsecurity/controller/AdminController.java
@ -0,0 +1,15 @@
+package com.baeldung.httpsecurityvswebsecurity.controller;
+
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@RequestMapping("/admin")
+public class AdminController {
+
+    @RequestMapping("/greeting")
+    public String hello() {
+        return "Hello Admin";
+    }
+
+}