JAVA-29331 Upgrade spring-security-web-sockets (#15468)

Co-authored-by: timis1 <noreplay@yahoo.com>
This commit is contained in:
timis1 2023-12-24 15:06:05 +02:00 committed by GitHub
parent 3838bab244
commit 37bddcdfce
14 changed files with 70 additions and 89 deletions

View File

@ -11,9 +11,9 @@
<parent>
<groupId>com.baeldung</groupId>
<artifactId>parent-spring-5</artifactId>
<artifactId>parent-spring-6</artifactId>
<version>0.0.1-SNAPSHOT</version>
<relativePath>../../parent-spring-5</relativePath>
<relativePath>../../parent-spring-6</relativePath>
</parent>
<dependencies>
@ -73,6 +73,16 @@
<artifactId>hibernate-core</artifactId>
<version>${hibernate-core.version}</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-validator</artifactId>
<version>${hibernate-validator.version}</version>
</dependency>
<dependency>
<groupId>org.glassfish.expressly</groupId>
<artifactId>expressly</artifactId>
<version>${expressly.version}</version>
</dependency>
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
@ -92,7 +102,7 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-messaging</artifactId>
<version>${spring-security.version}</version>
<version>${spring-security-messaging.version}</version>
</dependency>
<!-- Logging -->
<dependency>
@ -107,24 +117,9 @@
</dependency>
<!-- Servlet -->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>${javax.servlet-api.version}</version>
</dependency>
<dependency>
<groupId>javax.servlet.jsp.jstl</groupId>
<artifactId>jstl-api</artifactId>
<version>${jstl-api.version}</version>
</dependency>
<dependency>
<groupId>javax.servlet.jsp</groupId>
<artifactId>javax.servlet.jsp-api</artifactId>
<version>${javax.servlet.jsp-api.version}</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
<version>${jstl.version}</version>
<groupId>jakarta.platform</groupId>
<artifactId>jakarta.jakartaee-api</artifactId>
<version>${jakartaee-api.version}</version>
</dependency>
<!-- Jackson Dependencies -->
<dependency>
@ -144,17 +139,11 @@
</dependency>
<!-- Test -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<version>${spring-boot-starter-test.version}</version>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
<version>${spring.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
<version>${jaxb-api.version}</version>
</dependency>
</dependencies>
<build>
@ -194,11 +183,15 @@
</build>
<properties>
<hibernate-core.version>5.2.10.Final</hibernate-core.version>
<spring-data-jpa.version>1.11.3.RELEASE</spring-data-jpa.version>
<spring-boot-starter-test.version>1.5.10.RELEASE</spring-boot-starter-test.version>
<spring-security.version>6.1.5</spring-security.version>
<spring-security-messaging.version>6.0.2</spring-security-messaging.version>
<hibernate-core.version>6.1.7.Final</hibernate-core.version>
<hibernate-validator.version>8.0.1.Final</hibernate-validator.version>
<expressly.version>5.0.0</expressly.version>
<spring-data-jpa.version>3.1.0</spring-data-jpa.version>
<spring-boot-starter-test.version>3.1.0</spring-boot-starter-test.version>
<jakartaee-api.version>10.0.0</jakartaee-api.version>
<cargo-maven2-plugin.version>1.7.6</cargo-maven2-plugin.version>
<jaxb-api.version>2.3.1</jaxb-api.version>
</properties>
</project>

View File

@ -9,7 +9,7 @@ import org.springframework.data.jpa.repository.config.EnableJpaRepositories;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import org.springframework.web.servlet.resource.PathResourceResolver;
import org.springframework.web.servlet.view.JstlView;
import org.springframework.web.servlet.view.UrlBasedViewResolver;
@ -20,8 +20,9 @@ import java.sql.SQLException;
@EnableJpaRepositories
@ComponentScan("com.baeldung.springsecuredsockets")
@Import({ SecurityConfig.class, DataStoreConfig.class, SocketBrokerConfig.class, SocketSecurityConfig.class })
public class AppConfig extends WebMvcConfigurerAdapter {
public class AppConfig implements WebMvcConfigurer {
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/").setViewName("index");
registry.addViewController("/login").setViewName("login");

View File

@ -13,7 +13,7 @@ import org.springframework.orm.jpa.vendor.Database;
import org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter;
import org.springframework.transaction.annotation.EnableTransactionManagement;
import javax.persistence.EntityManagerFactory;
import jakarta.persistence.EntityManagerFactory;
import javax.sql.DataSource;
import java.util.Properties;

View File

@ -6,11 +6,14 @@ import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
@ -86,43 +89,30 @@ public class SecurityConfig {
*/
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/", "/index", "/authenticate")
.permitAll()
.antMatchers("/secured/**/**", "/secured/**/**/**", "/secured/socket", "/secured/success")
.authenticated()
.anyRequest()
.authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
http.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry ->
authorizationManagerRequestMatcherRegistry
.requestMatchers("/", "/index", "/authenticate").permitAll()
.requestMatchers("/secured/**/**", "/secured/**/**/**", "/secured/socket", "/secured/success").authenticated()
.anyRequest().authenticated())
.formLogin(httpSecurityFormLoginConfigurer -> httpSecurityFormLoginConfigurer.loginPage("/login").permitAll()
.usernameParameter("username")
.passwordParameter("password")
.loginProcessingUrl("/authenticate")
.successHandler(loginSuccessHandler())
.failureUrl("/denied")
.permitAll()
.and()
.logout()
.logoutSuccessHandler(logoutSuccessHandler())
.and()
.failureUrl("/denied").permitAll())
.logout(httpSecurityLogoutConfigurer -> httpSecurityLogoutConfigurer.logoutSuccessHandler(logoutSuccessHandler()))
/**
* Applies to User Roles - not to login failures or unauthenticated access attempts.
*/
.exceptionHandling()
.accessDeniedHandler(accessDeniedHandler())
.and()
.exceptionHandling(httpSecurityExceptionHandlingConfigurer -> httpSecurityExceptionHandlingConfigurer.accessDeniedHandler(accessDeniedHandler()))
.authenticationProvider(authenticationProvider());
/** Disabled for local testing */
http.csrf()
.disable();
http.csrf(AbstractHttpConfigurer::disable);
/** This is solely required to support H2 console viewing in Spring MVC with Spring Security */
http.headers()
.frameOptions()
.disable();
http.headers(httpSecurityHeadersConfigurer -> httpSecurityHeadersConfigurer.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable))
.authorizeHttpRequests(Customizer.withDefaults());
return http.build();
}
@ -135,8 +125,7 @@ public class SecurityConfig {
@Bean
public WebSecurityCustomizer webSecurityCustomizer() {
return (web) -> web.ignoring()
.antMatchers("/resources/**");
return (web) -> web.ignoring().requestMatchers("/resources/**");
}
}

View File

@ -8,14 +8,14 @@ import static com.baeldung.springsecuredsockets.Constants.SECURED_CHAT_SPECIFIC_
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.messaging.simp.config.MessageBrokerRegistry;
import org.springframework.web.socket.config.annotation.AbstractWebSocketMessageBrokerConfigurer;
import org.springframework.web.socket.config.annotation.EnableWebSocketMessageBroker;
import org.springframework.web.socket.config.annotation.StompEndpointRegistry;
import org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer;
@Configuration
@EnableWebSocketMessageBroker
@ComponentScan("com.baeldung.springsecuredsockets.controllers")
public class SocketBrokerConfig extends AbstractWebSocketMessageBrokerConfigurer {
public class SocketBrokerConfig implements WebSocketMessageBrokerConfigurer {
@Override
public void configureMessageBroker(MessageBrokerRegistry config) {

View File

@ -4,9 +4,9 @@ import org.springframework.web.WebApplicationInitializer;
import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
import org.springframework.web.servlet.DispatcherServlet;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRegistration;
import jakarta.servlet.ServletContext;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRegistration;
public class WebAppInitializer implements WebApplicationInitializer {

View File

@ -5,7 +5,7 @@ import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import javax.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletRequest;
@Controller
public class CsrfTokenController {

View File

@ -30,8 +30,7 @@ public class SocketController {
@MessageMapping(SECURED_CHAT)
@SendTo(SECURED_CHAT_HISTORY)
public OutputMessage sendAll(Message msg) throws Exception {
OutputMessage out = new OutputMessage(msg.getFrom(), msg.getText(), new SimpleDateFormat("HH:mm").format(new Date()));
return out;
return new OutputMessage(msg.getFrom(), msg.getText(), new SimpleDateFormat("HH:mm").format(new Date()));
}
/**

View File

@ -1,6 +1,6 @@
package com.baeldung.springsecuredsockets.domain;
import javax.persistence.*;
import jakarta.persistence.*;
import java.util.Set;
@Entity

View File

@ -1,12 +1,12 @@
package com.baeldung.springsecuredsockets.domain;
import javax.persistence.*;
import jakarta.persistence.*;
import java.util.Set;
//Custom User Model
@Entity
@Table(name = "user")
@Table(name = "users")
public class User {
@Id

View File

@ -4,9 +4,9 @@ import org.springframework.http.HttpStatus;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
/**

View File

@ -7,8 +7,8 @@ import org.springframework.http.HttpStatus;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
public class CustomLoginSuccessHandler implements AuthenticationSuccessHandler {

View File

@ -5,15 +5,14 @@ import org.springframework.http.HttpStatus;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
public class CustomLogoutSuccessHandler implements LogoutSuccessHandler {
@Override
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
throws IOException, ServletException {
throws IOException {
response.setStatus(HttpStatus.OK.value());
response.sendRedirect(request.getContextPath() + "/index");

View File

@ -17,7 +17,7 @@ import org.springframework.stereotype.Service;
import java.util.Collection;
import java.util.HashSet;
@Service()
@Service
public class CustomUserDetailsService implements UserDetailsService {
Logger log = LoggerFactory.getLogger(CustomUserDetailsService.class);