diff --git a/spring-security-modules/spring-security-web-boot-4/pom.xml b/spring-security-modules/spring-security-web-boot-4/pom.xml
index b5bfc55a9f..86061b9b2b 100644
--- a/spring-security-modules/spring-security-web-boot-4/pom.xml
+++ b/spring-security-modules/spring-security-web-boot-4/pom.xml
@@ -11,7 +11,8 @@
com.baeldung
- spring-security-modules
+ parent-boot-3
+ ../../parent-boot-3
0.0.1-SNAPSHOT
@@ -36,4 +37,8 @@
+
+ com.baeldung.enablemethodsecurity.EnableMethodSecurityApplication
+
+
\ No newline at end of file
diff --git a/spring-security-modules/spring-security-web-boot-4/src/main/java/com/baeldung/apikeyauthentication/configuration/AuthenticationFilter.java b/spring-security-modules/spring-security-web-boot-4/src/main/java/com/baeldung/apikeyauthentication/configuration/AuthenticationFilter.java
index aa4badcfb0..c9ac4e9186 100644
--- a/spring-security-modules/spring-security-web-boot-4/src/main/java/com/baeldung/apikeyauthentication/configuration/AuthenticationFilter.java
+++ b/spring-security-modules/spring-security-web-boot-4/src/main/java/com/baeldung/apikeyauthentication/configuration/AuthenticationFilter.java
@@ -4,12 +4,12 @@ import org.springframework.http.MediaType;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.filter.GenericFilterBean;
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
diff --git a/spring-security-modules/spring-security-web-boot-4/src/main/java/com/baeldung/apikeyauthentication/configuration/AuthenticationService.java b/spring-security-modules/spring-security-web-boot-4/src/main/java/com/baeldung/apikeyauthentication/configuration/AuthenticationService.java
index c788f7cdd8..6816fc6ec8 100644
--- a/spring-security-modules/spring-security-web-boot-4/src/main/java/com/baeldung/apikeyauthentication/configuration/AuthenticationService.java
+++ b/spring-security-modules/spring-security-web-boot-4/src/main/java/com/baeldung/apikeyauthentication/configuration/AuthenticationService.java
@@ -3,7 +3,8 @@ package com.baeldung.apikeyauthentication.configuration;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
-import javax.servlet.http.HttpServletRequest;
+
+import jakarta.servlet.http.HttpServletRequest;
public class AuthenticationService {
diff --git a/spring-security-modules/spring-security-web-boot-4/src/main/java/com/baeldung/apikeyauthentication/configuration/SecurityConfig.java b/spring-security-modules/spring-security-web-boot-4/src/main/java/com/baeldung/apikeyauthentication/configuration/SecurityConfig.java
index 0ce58d1bf8..d7a0cd5b28 100644
--- a/spring-security-modules/spring-security-web-boot-4/src/main/java/com/baeldung/apikeyauthentication/configuration/SecurityConfig.java
+++ b/spring-security-modules/spring-security-web-boot-4/src/main/java/com/baeldung/apikeyauthentication/configuration/SecurityConfig.java
@@ -2,8 +2,10 @@ package com.baeldung.apikeyauthentication.configuration;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@@ -14,19 +16,11 @@ public class SecurityConfig {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
- http.csrf()
- .disable()
- .authorizeRequests()
- .antMatchers("/**")
- .authenticated()
- .and()
- .httpBasic()
- .and()
- .sessionManagement()
- .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
- .and()
- .addFilterBefore(new AuthenticationFilter(),
- UsernamePasswordAuthenticationFilter.class);
+ http.csrf(AbstractHttpConfigurer::disable)
+ .authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> authorizationManagerRequestMatcherRegistry.requestMatchers("/**").authenticated())
+ .httpBasic(Customizer.withDefaults())
+ .sessionManagement(httpSecuritySessionManagementConfigurer -> httpSecuritySessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+ .addFilterBefore(new AuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
return http.build();
}
diff --git a/spring-security-modules/spring-security-web-boot-4/src/main/java/com/baeldung/enablemethodsecurity/configuration/SecurityConfig.java b/spring-security-modules/spring-security-web-boot-4/src/main/java/com/baeldung/enablemethodsecurity/configuration/SecurityConfig.java
index a2549c9122..4764e3d565 100644
--- a/spring-security-modules/spring-security-web-boot-4/src/main/java/com/baeldung/enablemethodsecurity/configuration/SecurityConfig.java
+++ b/spring-security-modules/spring-security-web-boot-4/src/main/java/com/baeldung/enablemethodsecurity/configuration/SecurityConfig.java
@@ -15,6 +15,7 @@ import org.springframework.security.config.annotation.authentication.builders.Au
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@@ -55,14 +56,9 @@ public class SecurityConfig {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
- http.csrf()
- .disable()
- .authorizeRequests()
- .anyRequest()
- .authenticated()
- .and()
- .sessionManagement()
- .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
+ http.csrf(AbstractHttpConfigurer::disable)
+ .authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> authorizationManagerRequestMatcherRegistry.anyRequest().authenticated())
+ .sessionManagement(httpSecuritySessionManagementConfigurer -> httpSecuritySessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
return http.build();
}
diff --git a/spring-security-modules/spring-security-web-boot-4/src/main/java/com/baeldung/securityfilterchain/configuration/SecurityConfig.java b/spring-security-modules/spring-security-web-boot-4/src/main/java/com/baeldung/securityfilterchain/configuration/SecurityConfig.java
index 5a8f4c1c02..9e8fb49247 100644
--- a/spring-security-modules/spring-security-web-boot-4/src/main/java/com/baeldung/securityfilterchain/configuration/SecurityConfig.java
+++ b/spring-security-modules/spring-security-web-boot-4/src/main/java/com/baeldung/securityfilterchain/configuration/SecurityConfig.java
@@ -2,16 +2,20 @@ package com.baeldung.securityfilterchain.configuration;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
-import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
+@Configuration
@EnableWebSecurity
-@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
+@EnableMethodSecurity(securedEnabled = true, jsr250Enabled = true)
public class SecurityConfig {
@Value("${spring.security.debug:false}")
@@ -19,32 +23,23 @@ public class SecurityConfig {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
- http.csrf()
- .disable()
- .authorizeRequests()
- .antMatchers(HttpMethod.DELETE)
- .hasRole("ADMIN")
- .antMatchers("/admin/**")
- .hasAnyRole("ADMIN")
- .antMatchers("/user/**")
- .hasAnyRole("USER", "ADMIN")
- .antMatchers("/login/**")
- .permitAll()
- .anyRequest()
- .authenticated()
- .and()
- .httpBasic()
- .and()
- .sessionManagement()
- .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
+ http.csrf(AbstractHttpConfigurer::disable)
+ .authorizeHttpRequests(authorizationManagerRequestMatcherRegistry ->
+ authorizationManagerRequestMatcherRegistry.requestMatchers(HttpMethod.DELETE).hasRole("ADMIN")
+ .requestMatchers("/admin/**").hasAnyRole("ADMIN")
+ .requestMatchers("/user/**").hasAnyRole("USER", "ADMIN")
+ .requestMatchers("/login/**").permitAll()
+ .anyRequest().authenticated())
+ .httpBasic(Customizer.withDefaults())
+ .sessionManagement(httpSecuritySessionManagementConfigurer -> httpSecuritySessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
return http.build();
}
@Bean
public WebSecurityCustomizer webSecurityCustomizer() {
- return (web) -> web.debug(securityDebug)
- .ignoring()
- .antMatchers("/css/**", "/js/**", "/img/**", "/lib/**", "/favicon.ico");
+ return web -> web.debug(securityDebug)
+ .ignoring()
+ .requestMatchers("/css/**", "/js/**", "/img/**", "/lib/**", "/favicon.ico");
}
}