diff --git a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/httpsecurityvswebsecurity/WebSecurityConfig.java b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/httpsecurityvswebsecurity/WebSecurityConfig.java index 46a82918aa..f5b799065b 100644 --- a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/httpsecurityvswebsecurity/WebSecurityConfig.java +++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/httpsecurityvswebsecurity/WebSecurityConfig.java @@ -1,35 +1,78 @@ package com.baeldung.httpsecurityvswebsecurity; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; -import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; +import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.springframework.security.web.SecurityFilterChain; +import org.springframework.security.web.firewall.HttpFirewall; +import org.springframework.security.web.firewall.StrictHttpFirewall; + +import java.util.ArrayList; +import java.util.List; + +import static org.springframework.security.config.Customizer.withDefaults; @Configuration -public class WebSecurityConfig extends WebSecurityConfigurerAdapter { +@EnableWebSecurity +public class WebSecurityConfig { - @Autowired - private UserDetailsService userDetailsService; - - @Override - protected void configure(AuthenticationManagerBuilder auth) throws Exception { - auth - .userDetailsService(userDetailsService) - .passwordEncoder(new BCryptPasswordEncoder()); + @Bean + public HttpFirewall allowHttpMethod() { + List allowedMethods = new ArrayList(); + allowedMethods.add("GET"); + allowedMethods.add("POST"); + StrictHttpFirewall firewall = new StrictHttpFirewall(); + firewall.setAllowedHttpMethods(allowedMethods); + return firewall; } - @Override - protected void configure(HttpSecurity http) throws Exception { - http.authorizeRequests() - .antMatchers("/") - .permitAll() + @Bean + public WebSecurityCustomizer fireWall() { + return (web) -> web.httpFirewall(allowHttpMethod()); + } + + @Bean + public WebSecurityCustomizer ignoringCustomizer() { + return (web) -> web.ignoring().antMatchers("/resources/**", "/static/**"); + } + + @Bean + public WebSecurityCustomizer debugSecurity() { + return (web) -> web.debug(true); + } + + @Bean + public InMemoryUserDetailsManager userDetailsService() { + UserDetails user = User.withUsername("user") + .password(encoder().encode("userPass")) + .roles("ADMIN") + .build(); + return new InMemoryUserDetailsManager(user); + } + + @Bean + public PasswordEncoder encoder() { + return new BCryptPasswordEncoder(); + } + + @Bean + public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { + http.authorizeHttpRequests((authorize) -> authorize.antMatchers("/admin/**") + .hasRole("ADMIN") .anyRequest() - .authenticated() - .and() - .formLogin(); + .permitAll()) + .httpBasic(withDefaults()) + .formLogin(withDefaults()) + .csrf(AbstractHttpConfigurer::disable); + return http.build(); } + } diff --git a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/httpsecurityvswebsecurity/controller/AdminController.java b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/httpsecurityvswebsecurity/controller/AdminController.java new file mode 100644 index 0000000000..cd1daee17e --- /dev/null +++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/httpsecurityvswebsecurity/controller/AdminController.java @@ -0,0 +1,15 @@ +package com.baeldung.httpsecurityvswebsecurity.controller; + +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; + +@RestController +@RequestMapping("/admin") +public class AdminController { + + @RequestMapping("/greeting") + public String hello() { + return "Hello Admin"; + } + +}