JAVA-29331 Upgrade spring-security-web-sockets (#15468)
Co-authored-by: timis1 <noreplay@yahoo.com>
This commit is contained in:
parent
3838bab244
commit
37bddcdfce
|
@ -11,9 +11,9 @@
|
|||
|
||||
<parent>
|
||||
<groupId>com.baeldung</groupId>
|
||||
<artifactId>parent-spring-5</artifactId>
|
||||
<artifactId>parent-spring-6</artifactId>
|
||||
<version>0.0.1-SNAPSHOT</version>
|
||||
<relativePath>../../parent-spring-5</relativePath>
|
||||
<relativePath>../../parent-spring-6</relativePath>
|
||||
</parent>
|
||||
|
||||
<dependencies>
|
||||
|
@ -73,6 +73,16 @@
|
|||
<artifactId>hibernate-core</artifactId>
|
||||
<version>${hibernate-core.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.hibernate</groupId>
|
||||
<artifactId>hibernate-validator</artifactId>
|
||||
<version>${hibernate-validator.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.glassfish.expressly</groupId>
|
||||
<artifactId>expressly</artifactId>
|
||||
<version>${expressly.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>com.h2database</groupId>
|
||||
<artifactId>h2</artifactId>
|
||||
|
@ -92,7 +102,7 @@
|
|||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-messaging</artifactId>
|
||||
<version>${spring-security.version}</version>
|
||||
<version>${spring-security-messaging.version}</version>
|
||||
</dependency>
|
||||
<!-- Logging -->
|
||||
<dependency>
|
||||
|
@ -107,24 +117,9 @@
|
|||
</dependency>
|
||||
<!-- Servlet -->
|
||||
<dependency>
|
||||
<groupId>javax.servlet</groupId>
|
||||
<artifactId>javax.servlet-api</artifactId>
|
||||
<version>${javax.servlet-api.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>javax.servlet.jsp.jstl</groupId>
|
||||
<artifactId>jstl-api</artifactId>
|
||||
<version>${jstl-api.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>javax.servlet.jsp</groupId>
|
||||
<artifactId>javax.servlet.jsp-api</artifactId>
|
||||
<version>${javax.servlet.jsp-api.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>javax.servlet</groupId>
|
||||
<artifactId>jstl</artifactId>
|
||||
<version>${jstl.version}</version>
|
||||
<groupId>jakarta.platform</groupId>
|
||||
<artifactId>jakarta.jakartaee-api</artifactId>
|
||||
<version>${jakartaee-api.version}</version>
|
||||
</dependency>
|
||||
<!-- Jackson Dependencies -->
|
||||
<dependency>
|
||||
|
@ -144,17 +139,11 @@
|
|||
</dependency>
|
||||
<!-- Test -->
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-test</artifactId>
|
||||
<version>${spring-boot-starter-test.version}</version>
|
||||
<groupId>org.springframework</groupId>
|
||||
<artifactId>spring-test</artifactId>
|
||||
<version>${spring.version}</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>javax.xml.bind</groupId>
|
||||
<artifactId>jaxb-api</artifactId>
|
||||
<version>${jaxb-api.version}</version>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
<build>
|
||||
|
@ -194,11 +183,15 @@
|
|||
</build>
|
||||
|
||||
<properties>
|
||||
<hibernate-core.version>5.2.10.Final</hibernate-core.version>
|
||||
<spring-data-jpa.version>1.11.3.RELEASE</spring-data-jpa.version>
|
||||
<spring-boot-starter-test.version>1.5.10.RELEASE</spring-boot-starter-test.version>
|
||||
<spring-security.version>6.1.5</spring-security.version>
|
||||
<spring-security-messaging.version>6.0.2</spring-security-messaging.version>
|
||||
<hibernate-core.version>6.1.7.Final</hibernate-core.version>
|
||||
<hibernate-validator.version>8.0.1.Final</hibernate-validator.version>
|
||||
<expressly.version>5.0.0</expressly.version>
|
||||
<spring-data-jpa.version>3.1.0</spring-data-jpa.version>
|
||||
<spring-boot-starter-test.version>3.1.0</spring-boot-starter-test.version>
|
||||
<jakartaee-api.version>10.0.0</jakartaee-api.version>
|
||||
<cargo-maven2-plugin.version>1.7.6</cargo-maven2-plugin.version>
|
||||
<jaxb-api.version>2.3.1</jaxb-api.version>
|
||||
</properties>
|
||||
|
||||
</project>
|
|
@ -9,7 +9,7 @@ import org.springframework.data.jpa.repository.config.EnableJpaRepositories;
|
|||
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
|
||||
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
|
||||
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
|
||||
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
|
||||
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
|
||||
import org.springframework.web.servlet.resource.PathResourceResolver;
|
||||
import org.springframework.web.servlet.view.JstlView;
|
||||
import org.springframework.web.servlet.view.UrlBasedViewResolver;
|
||||
|
@ -20,8 +20,9 @@ import java.sql.SQLException;
|
|||
@EnableJpaRepositories
|
||||
@ComponentScan("com.baeldung.springsecuredsockets")
|
||||
@Import({ SecurityConfig.class, DataStoreConfig.class, SocketBrokerConfig.class, SocketSecurityConfig.class })
|
||||
public class AppConfig extends WebMvcConfigurerAdapter {
|
||||
public class AppConfig implements WebMvcConfigurer {
|
||||
|
||||
@Override
|
||||
public void addViewControllers(ViewControllerRegistry registry) {
|
||||
registry.addViewController("/").setViewName("index");
|
||||
registry.addViewController("/login").setViewName("login");
|
||||
|
|
|
@ -13,7 +13,7 @@ import org.springframework.orm.jpa.vendor.Database;
|
|||
import org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter;
|
||||
import org.springframework.transaction.annotation.EnableTransactionManagement;
|
||||
|
||||
import javax.persistence.EntityManagerFactory;
|
||||
import jakarta.persistence.EntityManagerFactory;
|
||||
import javax.sql.DataSource;
|
||||
import java.util.Properties;
|
||||
|
||||
|
|
|
@ -6,11 +6,14 @@ import org.springframework.context.annotation.ComponentScan;
|
|||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
|
||||
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
||||
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
|
||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
|
@ -86,43 +89,30 @@ public class SecurityConfig {
|
|||
*/
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests()
|
||||
.antMatchers("/", "/index", "/authenticate")
|
||||
.permitAll()
|
||||
.antMatchers("/secured/**/**", "/secured/**/**/**", "/secured/socket", "/secured/success")
|
||||
.authenticated()
|
||||
.anyRequest()
|
||||
.authenticated()
|
||||
.and()
|
||||
.formLogin()
|
||||
.loginPage("/login")
|
||||
.permitAll()
|
||||
http.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry ->
|
||||
authorizationManagerRequestMatcherRegistry
|
||||
.requestMatchers("/", "/index", "/authenticate").permitAll()
|
||||
.requestMatchers("/secured/**/**", "/secured/**/**/**", "/secured/socket", "/secured/success").authenticated()
|
||||
.anyRequest().authenticated())
|
||||
.formLogin(httpSecurityFormLoginConfigurer -> httpSecurityFormLoginConfigurer.loginPage("/login").permitAll()
|
||||
.usernameParameter("username")
|
||||
.passwordParameter("password")
|
||||
.loginProcessingUrl("/authenticate")
|
||||
.successHandler(loginSuccessHandler())
|
||||
.failureUrl("/denied")
|
||||
.permitAll()
|
||||
.and()
|
||||
.logout()
|
||||
.logoutSuccessHandler(logoutSuccessHandler())
|
||||
.and()
|
||||
.failureUrl("/denied").permitAll())
|
||||
.logout(httpSecurityLogoutConfigurer -> httpSecurityLogoutConfigurer.logoutSuccessHandler(logoutSuccessHandler()))
|
||||
/**
|
||||
* Applies to User Roles - not to login failures or unauthenticated access attempts.
|
||||
*/
|
||||
.exceptionHandling()
|
||||
.accessDeniedHandler(accessDeniedHandler())
|
||||
.and()
|
||||
.exceptionHandling(httpSecurityExceptionHandlingConfigurer -> httpSecurityExceptionHandlingConfigurer.accessDeniedHandler(accessDeniedHandler()))
|
||||
.authenticationProvider(authenticationProvider());
|
||||
|
||||
/** Disabled for local testing */
|
||||
http.csrf()
|
||||
.disable();
|
||||
http.csrf(AbstractHttpConfigurer::disable);
|
||||
|
||||
/** This is solely required to support H2 console viewing in Spring MVC with Spring Security */
|
||||
http.headers()
|
||||
.frameOptions()
|
||||
.disable();
|
||||
http.headers(httpSecurityHeadersConfigurer -> httpSecurityHeadersConfigurer.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable))
|
||||
.authorizeHttpRequests(Customizer.withDefaults());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
@ -135,8 +125,7 @@ public class SecurityConfig {
|
|||
|
||||
@Bean
|
||||
public WebSecurityCustomizer webSecurityCustomizer() {
|
||||
return (web) -> web.ignoring()
|
||||
.antMatchers("/resources/**");
|
||||
return (web) -> web.ignoring().requestMatchers("/resources/**");
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -8,14 +8,14 @@ import static com.baeldung.springsecuredsockets.Constants.SECURED_CHAT_SPECIFIC_
|
|||
import org.springframework.context.annotation.ComponentScan;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.messaging.simp.config.MessageBrokerRegistry;
|
||||
import org.springframework.web.socket.config.annotation.AbstractWebSocketMessageBrokerConfigurer;
|
||||
import org.springframework.web.socket.config.annotation.EnableWebSocketMessageBroker;
|
||||
import org.springframework.web.socket.config.annotation.StompEndpointRegistry;
|
||||
import org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSocketMessageBroker
|
||||
@ComponentScan("com.baeldung.springsecuredsockets.controllers")
|
||||
public class SocketBrokerConfig extends AbstractWebSocketMessageBrokerConfigurer {
|
||||
public class SocketBrokerConfig implements WebSocketMessageBrokerConfigurer {
|
||||
|
||||
@Override
|
||||
public void configureMessageBroker(MessageBrokerRegistry config) {
|
||||
|
|
|
@ -4,9 +4,9 @@ import org.springframework.web.WebApplicationInitializer;
|
|||
import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
|
||||
import org.springframework.web.servlet.DispatcherServlet;
|
||||
|
||||
import javax.servlet.ServletContext;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.ServletRegistration;
|
||||
import jakarta.servlet.ServletContext;
|
||||
import jakarta.servlet.ServletException;
|
||||
import jakarta.servlet.ServletRegistration;
|
||||
|
||||
public class WebAppInitializer implements WebApplicationInitializer {
|
||||
|
||||
|
|
|
@ -5,7 +5,7 @@ import org.springframework.stereotype.Controller;
|
|||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.ResponseBody;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
|
||||
@Controller
|
||||
public class CsrfTokenController {
|
||||
|
|
|
@ -30,8 +30,7 @@ public class SocketController {
|
|||
@MessageMapping(SECURED_CHAT)
|
||||
@SendTo(SECURED_CHAT_HISTORY)
|
||||
public OutputMessage sendAll(Message msg) throws Exception {
|
||||
OutputMessage out = new OutputMessage(msg.getFrom(), msg.getText(), new SimpleDateFormat("HH:mm").format(new Date()));
|
||||
return out;
|
||||
return new OutputMessage(msg.getFrom(), msg.getText(), new SimpleDateFormat("HH:mm").format(new Date()));
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
package com.baeldung.springsecuredsockets.domain;
|
||||
|
||||
import javax.persistence.*;
|
||||
import jakarta.persistence.*;
|
||||
import java.util.Set;
|
||||
|
||||
@Entity
|
||||
|
|
|
@ -1,12 +1,12 @@
|
|||
package com.baeldung.springsecuredsockets.domain;
|
||||
|
||||
import javax.persistence.*;
|
||||
import jakarta.persistence.*;
|
||||
import java.util.Set;
|
||||
|
||||
//Custom User Model
|
||||
|
||||
@Entity
|
||||
@Table(name = "user")
|
||||
@Table(name = "users")
|
||||
public class User {
|
||||
|
||||
@Id
|
||||
|
|
|
@ -4,9 +4,9 @@ import org.springframework.http.HttpStatus;
|
|||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.web.access.AccessDeniedHandler;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import jakarta.servlet.ServletException;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
import java.io.IOException;
|
||||
|
||||
/**
|
||||
|
|
|
@ -7,8 +7,8 @@ import org.springframework.http.HttpStatus;
|
|||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
import java.io.IOException;
|
||||
|
||||
public class CustomLoginSuccessHandler implements AuthenticationSuccessHandler {
|
||||
|
|
|
@ -5,15 +5,14 @@ import org.springframework.http.HttpStatus;
|
|||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
import java.io.IOException;
|
||||
|
||||
public class CustomLogoutSuccessHandler implements LogoutSuccessHandler {
|
||||
@Override
|
||||
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
|
||||
throws IOException, ServletException {
|
||||
throws IOException {
|
||||
|
||||
response.setStatus(HttpStatus.OK.value());
|
||||
response.sendRedirect(request.getContextPath() + "/index");
|
||||
|
|
|
@ -17,7 +17,7 @@ import org.springframework.stereotype.Service;
|
|||
import java.util.Collection;
|
||||
import java.util.HashSet;
|
||||
|
||||
@Service()
|
||||
@Service
|
||||
public class CustomUserDetailsService implements UserDetailsService {
|
||||
|
||||
Logger log = LoggerFactory.getLogger(CustomUserDetailsService.class);
|
||||
|
|
Loading…
Reference in New Issue