iSharkFly-Docs
/
java-tutorials
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

JAVA-29331 Upgrade spring-security-web-sockets (#15468) 

Co-authored-by: timis1 <noreplay@yahoo.com>
This commit is contained in:
timis1 2023-12-24 15:06:05 +02:00 committed by GitHub
parent 3838bab244
commit 37bddcdfce
14 changed files with 70 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
spring-security-modules/spring-security-web-sockets/pom.xml
View File

@ -11,9 +11,9 @@
<parent>
<groupId>com.baeldung</groupId>
<artifactId>parent-spring-5</artifactId>
<artifactId>parent-spring-6</artifactId>
<version>0.0.1-SNAPSHOT</version>
<relativePath>../../parent-spring-5</relativePath>
<relativePath>../../parent-spring-6</relativePath>
</parent>
<dependencies>
@ -73,6 +73,16 @@
<artifactId>hibernate-core</artifactId>
<version>${hibernate-core.version}</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-validator</artifactId>
<version>${hibernate-validator.version}</version>
</dependency>
<dependency>
<groupId>org.glassfish.expressly</groupId>
<artifactId>expressly</artifactId>
<version>${expressly.version}</version>
</dependency>
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
@ -92,7 +102,7 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-messaging</artifactId>
<version>${spring-security.version}</version>
<version>${spring-security-messaging.version}</version>
</dependency>
<!-- Logging -->
<dependency>
@ -107,24 +117,9 @@
</dependency>
<!-- Servlet -->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>${javax.servlet-api.version}</version>
</dependency>
<dependency>
<groupId>javax.servlet.jsp.jstl</groupId>
<artifactId>jstl-api</artifactId>
<version>${jstl-api.version}</version>
</dependency>
<dependency>
<groupId>javax.servlet.jsp</groupId>
<artifactId>javax.servlet.jsp-api</artifactId>
<version>${javax.servlet.jsp-api.version}</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
<version>${jstl.version}</version>
<groupId>jakarta.platform</groupId>
<artifactId>jakarta.jakartaee-api</artifactId>
<version>${jakartaee-api.version}</version>
</dependency>
<!-- Jackson Dependencies -->
<dependency>
@ -144,17 +139,11 @@
</dependency>
<!-- Test -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<version>${spring-boot-starter-test.version}</version>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
<version>${spring.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
<version>${jaxb-api.version}</version>
</dependency>
</dependencies>
<build>
@ -194,11 +183,15 @@
</build>
<properties>
<hibernate-core.version>5.2.10.Final</hibernate-core.version>
<spring-data-jpa.version>1.11.3.RELEASE</spring-data-jpa.version>
<spring-boot-starter-test.version>1.5.10.RELEASE</spring-boot-starter-test.version>
<spring-security.version>6.1.5</spring-security.version>
<spring-security-messaging.version>6.0.2</spring-security-messaging.version>
<hibernate-core.version>6.1.7.Final</hibernate-core.version>
<hibernate-validator.version>8.0.1.Final</hibernate-validator.version>
<expressly.version>5.0.0</expressly.version>
<spring-data-jpa.version>3.1.0</spring-data-jpa.version>
<spring-boot-starter-test.version>3.1.0</spring-boot-starter-test.version>
<jakartaee-api.version>10.0.0</jakartaee-api.version>
<cargo-maven2-plugin.version>1.7.6</cargo-maven2-plugin.version>
<jaxb-api.version>2.3.1</jaxb-api.version>
</properties>
</project>

5
spring-security-modules/spring-security-web-sockets/src/main/java/com/baeldung/springsecuredsockets/config/AppConfig.java
View File

@ -9,7 +9,7 @@ import org.springframework.data.jpa.repository.config.EnableJpaRepositories;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import org.springframework.web.servlet.resource.PathResourceResolver;
import org.springframework.web.servlet.view.JstlView;
import org.springframework.web.servlet.view.UrlBasedViewResolver;
@ -20,8 +20,9 @@ import java.sql.SQLException;
@EnableJpaRepositories
@ComponentScan("com.baeldung.springsecuredsockets")
@Import({ SecurityConfig.class, DataStoreConfig.class, SocketBrokerConfig.class, SocketSecurityConfig.class })
public class AppConfig extends WebMvcConfigurerAdapter {
public class AppConfig implements WebMvcConfigurer {
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/").setViewName("index");
registry.addViewController("/login").setViewName("login");

2
spring-security-modules/spring-security-web-sockets/src/main/java/com/baeldung/springsecuredsockets/config/DataStoreConfig.java
View File

@ -13,7 +13,7 @@ import org.springframework.orm.jpa.vendor.Database;
import org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter;
import org.springframework.transaction.annotation.EnableTransactionManagement;
import javax.persistence.EntityManagerFactory;
import jakarta.persistence.EntityManagerFactory;
import javax.sql.DataSource;
import java.util.Properties;

51
spring-security-modules/spring-security-web-sockets/src/main/java/com/baeldung/springsecuredsockets/config/SecurityConfig.java
View File

@ -6,11 +6,14 @@ import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
@ -86,43 +89,30 @@ public class SecurityConfig {
*/
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/", "/index", "/authenticate")
.permitAll()
.antMatchers("/secured/**/**", "/secured/**/**/**", "/secured/socket", "/secured/success")
.authenticated()
.anyRequest()
.authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.usernameParameter("username")
.passwordParameter("password")
.loginProcessingUrl("/authenticate")
.successHandler(loginSuccessHandler())
.failureUrl("/denied")
.permitAll()
.and()
.logout()
.logoutSuccessHandler(logoutSuccessHandler())
.and()
http.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry ->
authorizationManagerRequestMatcherRegistry
.requestMatchers("/", "/index", "/authenticate").permitAll()
.requestMatchers("/secured/**/**", "/secured/**/**/**", "/secured/socket", "/secured/success").authenticated()
.anyRequest().authenticated())
.formLogin(httpSecurityFormLoginConfigurer -> httpSecurityFormLoginConfigurer.loginPage("/login").permitAll()
.usernameParameter("username")
.passwordParameter("password")
.loginProcessingUrl("/authenticate")
.successHandler(loginSuccessHandler())
.failureUrl("/denied").permitAll())
.logout(httpSecurityLogoutConfigurer -> httpSecurityLogoutConfigurer.logoutSuccessHandler(logoutSuccessHandler()))
/**
* Applies to User Roles - not to login failures or unauthenticated access attempts.
*/
.exceptionHandling()
.accessDeniedHandler(accessDeniedHandler())
.and()
.exceptionHandling(httpSecurityExceptionHandlingConfigurer -> httpSecurityExceptionHandlingConfigurer.accessDeniedHandler(accessDeniedHandler()))
.authenticationProvider(authenticationProvider());
/** Disabled for local testing */
http.csrf()
.disable();
http.csrf(AbstractHttpConfigurer::disable);
/** This is solely required to support H2 console viewing in Spring MVC with Spring Security */
http.headers()
.frameOptions()
.disable();
http.headers(httpSecurityHeadersConfigurer -> httpSecurityHeadersConfigurer.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable))
.authorizeHttpRequests(Customizer.withDefaults());
return http.build();
}
@ -135,8 +125,7 @@ public class SecurityConfig {
@Bean
public WebSecurityCustomizer webSecurityCustomizer() {
return (web) -> web.ignoring()
.antMatchers("/resources/**");
return (web) -> web.ignoring().requestMatchers("/resources/**");
}
}

4
spring-security-modules/spring-security-web-sockets/src/main/java/com/baeldung/springsecuredsockets/config/SocketBrokerConfig.java
View File

@ -8,14 +8,14 @@ import static com.baeldung.springsecuredsockets.Constants.SECURED_CHAT_SPECIFIC_
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.messaging.simp.config.MessageBrokerRegistry;
import org.springframework.web.socket.config.annotation.AbstractWebSocketMessageBrokerConfigurer;
import org.springframework.web.socket.config.annotation.EnableWebSocketMessageBroker;
import org.springframework.web.socket.config.annotation.StompEndpointRegistry;
import org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer;
@Configuration
@EnableWebSocketMessageBroker
@ComponentScan("com.baeldung.springsecuredsockets.controllers")
public class SocketBrokerConfig extends AbstractWebSocketMessageBrokerConfigurer {
public class SocketBrokerConfig implements WebSocketMessageBrokerConfigurer {
@Override
public void configureMessageBroker(MessageBrokerRegistry config) {

6
spring-security-modules/spring-security-web-sockets/src/main/java/com/baeldung/springsecuredsockets/config/WebAppInitializer.java
View File

@ -4,9 +4,9 @@ import org.springframework.web.WebApplicationInitializer;
import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
import org.springframework.web.servlet.DispatcherServlet;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRegistration;
import jakarta.servlet.ServletContext;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRegistration;
public class WebAppInitializer implements WebApplicationInitializer {

2
spring-security-modules/spring-security-web-sockets/src/main/java/com/baeldung/springsecuredsockets/controllers/CsrfTokenController.java
View File

@ -5,7 +5,7 @@ import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import javax.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletRequest;
@Controller
public class CsrfTokenController {

3
spring-security-modules/spring-security-web-sockets/src/main/java/com/baeldung/springsecuredsockets/controllers/SocketController.java
View File

@ -30,8 +30,7 @@ public class SocketController {
@MessageMapping(SECURED_CHAT)
@SendTo(SECURED_CHAT_HISTORY)
public OutputMessage sendAll(Message msg) throws Exception {
OutputMessage out = new OutputMessage(msg.getFrom(), msg.getText(), new SimpleDateFormat("HH:mm").format(new Date()));
return out;
return new OutputMessage(msg.getFrom(), msg.getText(), new SimpleDateFormat("HH:mm").format(new Date()));
}
/**

2
spring-security-modules/spring-security-web-sockets/src/main/java/com/baeldung/springsecuredsockets/domain/Role.java
View File

@ -1,6 +1,6 @@
package com.baeldung.springsecuredsockets.domain;
import javax.persistence.*;
import jakarta.persistence.*;
import java.util.Set;
@Entity

4
spring-security-modules/spring-security-web-sockets/src/main/java/com/baeldung/springsecuredsockets/domain/User.java
View File

@ -1,12 +1,12 @@
package com.baeldung.springsecuredsockets.domain;
import javax.persistence.*;
import jakarta.persistence.*;
import java.util.Set;
//Custom User Model
@Entity
@Table(name = "user")
@Table(name = "users")
public class User {
@Id

6
spring-security-modules/spring-security-web-sockets/src/main/java/com/baeldung/springsecuredsockets/security/CustomAccessDeniedHandler.java
View File

@ -4,9 +4,9 @@ import org.springframework.http.HttpStatus;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
/**

4
spring-security-modules/spring-security-web-sockets/src/main/java/com/baeldung/springsecuredsockets/security/CustomLoginSuccessHandler.java
View File

@ -7,8 +7,8 @@ import org.springframework.http.HttpStatus;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
public class CustomLoginSuccessHandler implements AuthenticationSuccessHandler {

7
spring-security-modules/spring-security-web-sockets/src/main/java/com/baeldung/springsecuredsockets/security/CustomLogoutSuccessHandler.java
View File

@ -5,15 +5,14 @@ import org.springframework.http.HttpStatus;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
public class CustomLogoutSuccessHandler implements LogoutSuccessHandler {
@Override
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
throws IOException, ServletException {
throws IOException {
response.setStatus(HttpStatus.OK.value());
response.sendRedirect(request.getContextPath() + "/index");

2
spring-security-modules/spring-security-web-sockets/src/main/java/com/baeldung/springsecuredsockets/security/CustomUserDetailsService.java
View File

@ -17,7 +17,7 @@ import org.springframework.stereotype.Service;
import java.util.Collection;
import java.util.HashSet;
@Service()
@Service
public class CustomUserDetailsService implements UserDetailsService {
Logger log = LoggerFactory.getLogger(CustomUserDetailsService.class);