JAVA-14872 Update jee-7-security module under security-modules to remove usage of deprecated WebSecurityConfigurerAdapter (#13008)

2022-11-18 00:07:19 +05:30 · 2022-11-18 00:07:19 +05:30 · 447b0d2f03
parent de51a5155a
commit 447b0d2f03
2 changed files with 39 additions and 35 deletions
--- a/security-modules/jee-7-security/pom.xml
+++ b/security-modules/jee-7-security/pom.xml
@ -55,7 +55,7 @@

    <properties>
        <javaee_api.version>7.0</javaee_api.version>
-        <org.springframework.security.version>4.2.3.RELEASE</org.springframework.security.version>
+        <org.springframework.security.version>5.7.5</org.springframework.security.version>
        <javax.mvc-api.version>1.0-pr</javax.mvc-api.version>
    </properties>

--- a/security-modules/jee-7-security/src/main/java/com/baeldung/springsecurity/SpringSecurityConfig.java
+++ b/security-modules/jee-7-security/src/main/java/com/baeldung/springsecurity/SpringSecurityConfig.java
@ -1,46 +1,50 @@
 package com.baeldung.springsecurity;

+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;

@Configuration
@EnableWebSecurity
-public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
-    @Override
-    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-        auth
-          .inMemoryAuthentication()
-          .withUser("user1")
-          .password("user1Pass")
-          .roles("USER")
-          .and()
-          .withUser("admin")
-          .password("adminPass")
-          .roles("ADMIN");
+public class SpringSecurityConfig {
+
+    @Bean
+    public InMemoryUserDetailsManager userDetailsService() {
+        UserDetails user = User.withUsername("user1")
+            .password("{noop}user1Pass")
+            .roles("USER")
+            .build();
+        UserDetails admin = User.withUsername("admin")
+            .password("{noop}adminPass")
+            .roles("ADMIN")
+            .build();
+        return new InMemoryUserDetailsManager(user, admin);
    }

-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        http
-          .csrf()
-          .disable()
-          .authorizeRequests()
-          .antMatchers("/auth/login*")
-          .anonymous()
-          .antMatchers("/home/admin*")
-          .hasRole("ADMIN")
-          .anyRequest()
-          .authenticated()
-          .and()
-          .formLogin()
-          .loginPage("/auth/login")
-          .defaultSuccessUrl("/home", true)
-          .failureUrl("/auth/login?error=true")
-          .and()
-          .logout()
-          .logoutSuccessUrl("/auth/login");
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http.csrf()
+            .disable()
+            .authorizeRequests()
+            .antMatchers("/auth/login*")
+            .anonymous()
+            .antMatchers("/home/admin*")
+            .hasRole("ADMIN")
+            .anyRequest()
+            .authenticated()
+            .and()
+            .formLogin()
+            .loginPage("/auth/login")
+            .defaultSuccessUrl("/home", true)
+            .failureUrl("/auth/login?error=true")
+            .and()
+            .logout()
+            .logoutSuccessUrl("/auth/login");
+        return http.build();
    }
 }