From 45d3ad42d17186e8c9ff966434ee0e13f4383a7d Mon Sep 17 00:00:00 2001 From: anuragkumawat Date: Sat, 1 Oct 2022 22:43:50 +0530 Subject: [PATCH] JAVA-14871 Update spring-security-web-rest-basic-auth module under spring-security-modules to remove usage of deprecated WebSecurityConfigurerAdapter (#12798) --- .../CustomWebSecurityConfigurerAdapter.java | 30 +++++++++---------- .../InMemoryAuthWebSecurityConfigurer.java | 30 +++++++++++-------- ...InMemoryNoOpAuthWebSecurityConfigurer.java | 26 +++++++++------- .../PasswordStorageWebSecurityConfigurer.java | 25 +++++++++------- .../postman/basic/PostmanBasicAuthConfig.java | 10 ++++--- 5 files changed, 67 insertions(+), 54 deletions(-) diff --git a/spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/filter/CustomWebSecurityConfigurerAdapter.java b/spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/filter/CustomWebSecurityConfigurerAdapter.java index fb597e46c8..5714b2fb3e 100644 --- a/spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/filter/CustomWebSecurityConfigurerAdapter.java +++ b/spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/filter/CustomWebSecurityConfigurerAdapter.java @@ -1,20 +1,21 @@ package com.baeldung.filter; -import com.baeldung.security.RestAuthenticationEntryPoint; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; +import com.baeldung.security.RestAuthenticationEntryPoint; + @Configuration @EnableWebSecurity -public class CustomWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter { +public class CustomWebSecurityConfigurerAdapter { @Autowired private RestAuthenticationEntryPoint authenticationEntryPoint; @@ -27,19 +28,18 @@ public class CustomWebSecurityConfigurerAdapter extends WebSecurityConfigurerAda .authorities("ROLE_USER"); } - @Override - protected void configure(HttpSecurity http) throws Exception { - http - .authorizeRequests() - .antMatchers("/securityNone") - .permitAll() - .anyRequest() - .authenticated() - .and() - .httpBasic() - .authenticationEntryPoint(authenticationEntryPoint); - + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + http.authorizeRequests() + .antMatchers("/securityNone") + .permitAll() + .anyRequest() + .authenticated() + .and() + .httpBasic() + .authenticationEntryPoint(authenticationEntryPoint); http.addFilterAfter(new CustomFilter(), BasicAuthenticationFilter.class); + return http.build(); } @Bean diff --git a/spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/inmemory/InMemoryAuthWebSecurityConfigurer.java b/spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/inmemory/InMemoryAuthWebSecurityConfigurer.java index 4b32a1126e..839fa15734 100644 --- a/spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/inmemory/InMemoryAuthWebSecurityConfigurer.java +++ b/spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/inmemory/InMemoryAuthWebSecurityConfigurer.java @@ -1,27 +1,30 @@ package com.baeldung.inmemory; +import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.crypto.factory.PasswordEncoderFactories; import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.provisioning.InMemoryUserDetailsManager; +import org.springframework.security.web.SecurityFilterChain; @Configuration -public class InMemoryAuthWebSecurityConfigurer extends WebSecurityConfigurerAdapter { +public class InMemoryAuthWebSecurityConfigurer { - @Override - protected void configure(AuthenticationManagerBuilder auth) throws Exception { - PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder(); - auth.inMemoryAuthentication() - .passwordEncoder(encoder) - .withUser("spring") - .password(encoder.encode("secret")) - .roles("USER"); + @Bean + public InMemoryUserDetailsManager userDetailsService() { + PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder(); + UserDetails user = User.withUsername("spring") + .password(encoder.encode("secret")) + .roles("USER") + .build(); + return new InMemoryUserDetailsManager(user); } - @Override - protected void configure(HttpSecurity http) throws Exception { + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/private/**") .authenticated() @@ -29,6 +32,7 @@ public class InMemoryAuthWebSecurityConfigurer extends WebSecurityConfigurerAdap .permitAll() .and() .httpBasic(); + return http.build(); } } diff --git a/spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/inmemory/InMemoryNoOpAuthWebSecurityConfigurer.java b/spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/inmemory/InMemoryNoOpAuthWebSecurityConfigurer.java index 4b6494f666..72d3ef79d7 100644 --- a/spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/inmemory/InMemoryNoOpAuthWebSecurityConfigurer.java +++ b/spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/inmemory/InMemoryNoOpAuthWebSecurityConfigurer.java @@ -1,23 +1,26 @@ package com.baeldung.inmemory; -import org.springframework.context.annotation.Configuration; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.context.annotation.Bean; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.provisioning.InMemoryUserDetailsManager; +import org.springframework.security.web.SecurityFilterChain; //@Configuration -public class InMemoryNoOpAuthWebSecurityConfigurer extends WebSecurityConfigurerAdapter { +public class InMemoryNoOpAuthWebSecurityConfigurer { - @Override - protected void configure(AuthenticationManagerBuilder auth) throws Exception { - auth.inMemoryAuthentication() - .withUser("spring") + @Bean + public InMemoryUserDetailsManager userDetailsService() { + UserDetails user = User.withUsername("spring") .password("{noop}secret") - .roles("USER"); + .roles("USER") + .build(); + return new InMemoryUserDetailsManager(user); } - @Override - protected void configure(HttpSecurity http) throws Exception { + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/private/**") .authenticated() @@ -25,5 +28,6 @@ public class InMemoryNoOpAuthWebSecurityConfigurer extends WebSecurityConfigurer .permitAll() .and() .httpBasic(); + return http.build(); } } diff --git a/spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/passwordstorage/PasswordStorageWebSecurityConfigurer.java b/spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/passwordstorage/PasswordStorageWebSecurityConfigurer.java index 59a2ae1dc2..a1c6e1ee76 100644 --- a/spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/passwordstorage/PasswordStorageWebSecurityConfigurer.java +++ b/spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/passwordstorage/PasswordStorageWebSecurityConfigurer.java @@ -1,9 +1,14 @@ package com.baeldung.passwordstorage; +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; + import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; @@ -14,18 +19,16 @@ import org.springframework.security.crypto.password.StandardPasswordEncoder; import org.springframework.security.crypto.scrypt.SCryptPasswordEncoder; import org.springframework.security.provisioning.InMemoryUserDetailsManager; -import java.util.Collections; -import java.util.HashMap; -import java.util.Map; - @Configuration -public class PasswordStorageWebSecurityConfigurer extends WebSecurityConfigurerAdapter { +public class PasswordStorageWebSecurityConfigurer { - @Override - protected void configure(AuthenticationManagerBuilder auth) throws Exception { - auth.eraseCredentials(false) // 4 - .userDetailsService(getUserDefaultDetailsService()) - .passwordEncoder(passwordEncoder()); + @Bean + public AuthenticationManager authManager(HttpSecurity http) throws Exception { + AuthenticationManagerBuilder authenticationManagerBuilder = http.getSharedObject(AuthenticationManagerBuilder.class); + authenticationManagerBuilder.eraseCredentials(false) + .userDetailsService(getUserDefaultDetailsService()) + .passwordEncoder(passwordEncoder()); + return authenticationManagerBuilder.build(); } @Bean diff --git a/spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/postman/basic/PostmanBasicAuthConfig.java b/spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/postman/basic/PostmanBasicAuthConfig.java index a6311972c2..7a8848dcae 100644 --- a/spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/postman/basic/PostmanBasicAuthConfig.java +++ b/spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/postman/basic/PostmanBasicAuthConfig.java @@ -1,16 +1,17 @@ package com.baeldung.postman.basic; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.web.SecurityFilterChain; @Configuration -public class PostmanBasicAuthConfig extends WebSecurityConfigurerAdapter { +public class PostmanBasicAuthConfig { - @Override - protected void configure(HttpSecurity http) throws Exception { + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { http.csrf() .disable() .authorizeRequests() @@ -18,6 +19,7 @@ public class PostmanBasicAuthConfig extends WebSecurityConfigurerAdapter { .authenticated() .and() .httpBasic(); + return http.build(); } @Autowired