Merge pull request #15256 from Michaelin007/master

Update article HttpSecurity vs. WebSecurity

spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/httpsecurityvswebsecurity/SecurityConfiguration.java

@@ -0,0 +1,78 @@
+package com.baeldung.httpsecurityvswebsecurity;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.firewall.HttpFirewall;
+import org.springframework.security.web.firewall.StrictHttpFirewall;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import static org.springframework.security.config.Customizer.withDefaults;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfiguration {
+
+    @Bean
+    public HttpFirewall allowHttpMethod() {
+        List<String> allowedMethods = new ArrayList<String>();
+        allowedMethods.add("GET");
+        allowedMethods.add("POST");
+        StrictHttpFirewall firewall = new StrictHttpFirewall();
+        firewall.setAllowedHttpMethods(allowedMethods);
+        return firewall;
+    }
+
+    @Bean
+    public WebSecurityCustomizer fireWall() {
+        return (web) -> web.httpFirewall(allowHttpMethod());
+    }
+
+    @Bean
+    public WebSecurityCustomizer ignoringCustomizer() {
+        return (web) -> web.ignoring().antMatchers("/resources/**", "/static/**");
+    }
+
+    @Bean
+    public WebSecurityCustomizer debugSecurity() {
+        return (web) -> web.debug(true);
+    }
+
+    @Bean
+    public InMemoryUserDetailsManager userDetailsService() {
+        UserDetails user = User.withUsername("user")
+          .password(encoder().encode("userPass"))
+          .roles("ADMIN")
+          .build();
+        return new InMemoryUserDetailsManager(user);
+    }
+
+    @Bean
+    public PasswordEncoder encoder() {
+        return new BCryptPasswordEncoder();
+    }
+
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        http.authorizeHttpRequests((authorize) -> authorize.antMatchers("/admin/**")
+          .hasRole("ADMIN")
+          .anyRequest()
+          .permitAll())
+          .httpBasic(withDefaults())
+          .formLogin(withDefaults())
+          .csrf(AbstractHttpConfigurer::disable);
+        return http.build();
+    }
+
+}

spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/httpsecurityvswebsecurity/controller/AdminController.java

@@ -0,0 +1,15 @@
+package com.baeldung.httpsecurityvswebsecurity.controller;
+
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@RequestMapping("/admin")
+public class AdminController {
+
+    @RequestMapping("/greeting")
+    public String hello() {
+        return "Hello Admin";
+    }
+
+}