From 339b269caa64a5647d10f66b98815698968ba20f Mon Sep 17 00:00:00 2001
From: michaelin007 <michaelolayemi28@gmail.com>
Date: Thu, 30 Nov 2023 18:35:21 +0000
Subject: [PATCH] Update article httpsecurity vs websecurity

---
 .../WebSecurityConfig.java                    | 87 ++++++++++++++-----
 .../controller/AdminController.java           | 15 ++++
 2 files changed, 80 insertions(+), 22 deletions(-)
 create mode 100644 spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/httpsecurityvswebsecurity/controller/AdminController.java

diff --git a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/httpsecurityvswebsecurity/WebSecurityConfig.java b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/httpsecurityvswebsecurity/WebSecurityConfig.java
index 46a82918aa..f5b799065b 100644
--- a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/httpsecurityvswebsecurity/WebSecurityConfig.java
+++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/httpsecurityvswebsecurity/WebSecurityConfig.java
@@ -1,35 +1,78 @@
 package com.baeldung.httpsecurityvswebsecurity;
 
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.firewall.HttpFirewall;
+import org.springframework.security.web.firewall.StrictHttpFirewall;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import static org.springframework.security.config.Customizer.withDefaults;
 
 @Configuration
-public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+@EnableWebSecurity
+public class WebSecurityConfig {
 
-    @Autowired
-    private UserDetailsService userDetailsService;
-
-    @Override
-    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-        auth
-          .userDetailsService(userDetailsService)
-          .passwordEncoder(new BCryptPasswordEncoder());
+    @Bean
+    public HttpFirewall allowHttpMethod() {
+        List<String> allowedMethods = new ArrayList<String>();
+        allowedMethods.add("GET");
+        allowedMethods.add("POST");
+        StrictHttpFirewall firewall = new StrictHttpFirewall();
+        firewall.setAllowedHttpMethods(allowedMethods);
+        return firewall;
     }
 
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        http.authorizeRequests()
-          .antMatchers("/")
-          .permitAll()
+    @Bean
+    public WebSecurityCustomizer fireWall() {
+        return (web) -> web.httpFirewall(allowHttpMethod());
+    }
+
+    @Bean
+    public WebSecurityCustomizer ignoringCustomizer() {
+        return (web) -> web.ignoring().antMatchers("/resources/**", "/static/**");
+    }
+
+    @Bean
+    public WebSecurityCustomizer debugSecurity() {
+        return (web) -> web.debug(true);
+    }
+
+    @Bean
+    public InMemoryUserDetailsManager userDetailsService() {
+        UserDetails user = User.withUsername("user")
+          .password(encoder().encode("userPass"))
+          .roles("ADMIN")
+          .build();
+        return new InMemoryUserDetailsManager(user);
+    }
+
+    @Bean
+    public PasswordEncoder encoder() {
+        return new BCryptPasswordEncoder();
+    }
+
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        http.authorizeHttpRequests((authorize) -> authorize.antMatchers("/admin/**")
+          .hasRole("ADMIN")
           .anyRequest()
-          .authenticated()
-          .and()
-          .formLogin();
+          .permitAll())
+          .httpBasic(withDefaults())
+          .formLogin(withDefaults())
+          .csrf(AbstractHttpConfigurer::disable);
+        return http.build();
     }
+
 }
diff --git a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/httpsecurityvswebsecurity/controller/AdminController.java b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/httpsecurityvswebsecurity/controller/AdminController.java
new file mode 100644
index 0000000000..cd1daee17e
--- /dev/null
+++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/httpsecurityvswebsecurity/controller/AdminController.java
@@ -0,0 +1,15 @@
+package com.baeldung.httpsecurityvswebsecurity.controller;
+
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@RequestMapping("/admin")
+public class AdminController {
+
+    @RequestMapping("/greeting")
+    public String hello() {
+        return "Hello Admin";
+    }
+
+}