JAVA-14881 Update spring-security-oauth2 under spring-security-modules to remove usage of deprecated WebSecurityConfigurerAdapter (#12898)

2022-10-22 23:53:56 +05:30 · 2022-10-22 23:53:56 +05:30 · 5894510eb8
parent 125d9893ab
commit 5894510eb8
7 changed files with 74 additions and 55 deletions
--- a/spring-security-modules/spring-security-oauth2/src/main/java/com/baeldung/jersey/SecurityConfig.java
+++ b/spring-security-modules/spring-security-oauth2/src/main/java/com/baeldung/jersey/SecurityConfig.java
@ -1,21 +1,23 @@
 package com.baeldung.jersey;

+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.SecurityFilterChain;

@Configuration
-public class SecurityConfig extends WebSecurityConfigurerAdapter {
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        http
-          .authorizeRequests()
-          .antMatchers("/login")
-          .permitAll()
-          .anyRequest()
-          .authenticated()
-          .and()
-          .oauth2Login()
-          .loginPage("/login");
+public class SecurityConfig {
+
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http.authorizeRequests()
+            .antMatchers("/login")
+            .permitAll()
+            .anyRequest()
+            .authenticated()
+            .and()
+            .oauth2Login()
+            .loginPage("/login");
+        return http.build();
    }
 }
--- a/spring-security-modules/spring-security-oauth2/src/main/java/com/baeldung/oauth2/CustomRequestSecurityConfig.java
+++ b/spring-security-modules/spring-security-oauth2/src/main/java/com/baeldung/oauth2/CustomRequestSecurityConfig.java
@ -10,7 +10,6 @@ import org.springframework.context.annotation.PropertySource;
 import org.springframework.core.env.Environment;
 import org.springframework.http.converter.FormHttpMessageConverter;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.oauth2.client.CommonOAuth2Provider;
 import org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient;
 import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
@ -23,6 +22,7 @@ import org.springframework.security.oauth2.client.web.AuthorizationRequestReposi
 import org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
 import org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.web.client.RestTemplate;

 import com.baeldung.oauth2request.CustomAuthorizationRequestResolver;
@ -31,10 +31,10 @@ import com.baeldung.oauth2request.CustomTokenResponseConverter;

 //@Configuration
@PropertySource("application-oauth2.properties")
-public class CustomRequestSecurityConfig extends WebSecurityConfigurerAdapter {
+public class CustomRequestSecurityConfig {

-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.authorizeRequests()
            .antMatchers("/oauth_login", "/loginFailure", "/")
            .permitAll()
@ -44,8 +44,7 @@ public class CustomRequestSecurityConfig extends WebSecurityConfigurerAdapter {
            .oauth2Login()
            .loginPage("/oauth_login")
            .authorizationEndpoint()
-                        .authorizationRequestResolver( new CustomAuthorizationRequestResolver(clientRegistrationRepository(),"/oauth2/authorize-client"))
-
+            .authorizationRequestResolver(new CustomAuthorizationRequestResolver(clientRegistrationRepository(), "/oauth2/authorize-client"))
            .baseUri("/oauth2/authorize-client")
            .authorizationRequestRepository(authorizationRequestRepository())
            .and()
@ -54,6 +53,7 @@ public class CustomRequestSecurityConfig extends WebSecurityConfigurerAdapter {
            .and()
            .defaultSuccessUrl("/loginSuccess")
            .failureUrl("/loginFailure");
+        return http.build();
    }

    @Bean
--- a/spring-security-modules/spring-security-oauth2/src/main/java/com/baeldung/oauth2/SecurityConfig.java
+++ b/spring-security-modules/spring-security-oauth2/src/main/java/com/baeldung/oauth2/SecurityConfig.java
@ -10,7 +10,6 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.PropertySource;
 import org.springframework.core.env.Environment;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.oauth2.client.CommonOAuth2Provider;
 import org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
@ -23,13 +22,14 @@ import org.springframework.security.oauth2.client.registration.InMemoryClientReg
 import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository;
 import org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
+import org.springframework.security.web.SecurityFilterChain;

@Configuration
@PropertySource("application-oauth2.properties")
-public class SecurityConfig extends WebSecurityConfigurerAdapter {
+public class SecurityConfig {

-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.authorizeRequests()
            .antMatchers("/oauth_login", "/loginFailure", "/")
            .permitAll()
@ -47,8 +47,9 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
            .and()
            .defaultSuccessUrl("/loginSuccess")
            .failureUrl("/loginFailure");
+        return http.build();
    }
-    
+
    @Bean
    public AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository() {
        return new HttpSessionOAuth2AuthorizationRequestRepository();
--- a/spring-security-modules/spring-security-oauth2/src/main/java/com/baeldung/oauth2extractors/configuration/SecurityConfig.java
+++ b/spring-security-modules/spring-security-oauth2/src/main/java/com/baeldung/oauth2extractors/configuration/SecurityConfig.java
@ -4,29 +4,30 @@ import com.baeldung.oauth2extractors.extractor.custom.BaeldungAuthoritiesExtract
 import com.baeldung.oauth2extractors.extractor.custom.BaeldungPrincipalExtractor;
 import com.baeldung.oauth2extractors.extractor.github.GithubAuthoritiesExtractor;
 import com.baeldung.oauth2extractors.extractor.github.GithubPrincipalExtractor;
-import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
 import org.springframework.boot.autoconfigure.security.oauth2.resource.AuthoritiesExtractor;
 import org.springframework.boot.autoconfigure.security.oauth2.resource.PrincipalExtractor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Profile;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.SecurityFilterChain;

@Configuration
-@EnableOAuth2Sso
-public class SecurityConfig extends WebSecurityConfigurerAdapter {
+public class SecurityConfig {

-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.antMatcher("/**")
-                .authorizeRequests()
-                .antMatchers("/login**")
-                .permitAll()
-                .anyRequest()
-                .authenticated()
-                .and()
-                .formLogin().disable();
+            .authorizeRequests()
+            .antMatchers("/login**")
+            .permitAll()
+            .anyRequest()
+            .authenticated()
+            .and()
+            .formLogin()
+            .disable()
+            .oauth2Login();
+        return http.build();
    }

    @Bean
--- a/spring-security-modules/spring-security-oauth2/src/main/java/com/baeldung/oauth2resttemplate/SecurityConfig.java
+++ b/spring-security-modules/spring-security-oauth2/src/main/java/com/baeldung/oauth2resttemplate/SecurityConfig.java
@ -15,25 +15,34 @@ import org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticat
 import org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter;
 import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;

 import javax.servlet.Filter;

@Configuration
@EnableOAuth2Client
-public class SecurityConfig extends WebSecurityConfigurerAdapter {
+public class SecurityConfig {
    OAuth2ClientContext oauth2ClientContext;

    public SecurityConfig(OAuth2ClientContext oauth2ClientContext) {
        this.oauth2ClientContext = oauth2ClientContext;
    }

-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        http.authorizeRequests().antMatchers("/", "/login**", "/error**")
-          .permitAll().anyRequest().authenticated()
-          .and().logout().logoutUrl("/logout").logoutSuccessUrl("/")
-          .and().addFilterBefore(oauth2ClientFilter(), BasicAuthenticationFilter.class);
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http.authorizeRequests()
+            .antMatchers("/", "/login**", "/error**")
+            .permitAll()
+            .anyRequest()
+            .authenticated()
+            .and()
+            .logout()
+            .logoutUrl("/logout")
+            .logoutSuccessUrl("/")
+            .and()
+            .addFilterBefore(oauth2ClientFilter(), BasicAuthenticationFilter.class);
+        return http.build();
    }

    @Bean
--- a/spring-security-modules/spring-security-oauth2/src/main/resources/application-oauth2-extractors-baeldung.properties
+++ b/spring-security-modules/spring-security-oauth2/src/main/resources/application-oauth2-extractors-baeldung.properties
@ -1,6 +1,10 @@
 server.port=8082
-security.oauth2.client.client-id=SampleClientId
-security.oauth2.client.client-secret=secret
-security.oauth2.client.access-token-uri=http://localhost:8081/auth/oauth/token
-security.oauth2.client.user-authorization-uri=http://localhost:8081/auth/oauth/authorize
-security.oauth2.resource.user-info-uri=http://localhost:8081/auth/user/me
+
+spring.security.oauth2.client.registration.baeldung.client-id=SampleClientId
+spring.security.oauth2.client.registration.baeldung.client-secret=secret
+spring.security.oauth2.client.registration.baeldung.authorization-grant-type=authorization_code
+spring.security.oauth2.client.registration.baeldung.redirect-uri={baseUrl}/login/oauth2/code/{registrationId}
+
+spring.security.oauth2.client.provider.baeldung.token-uri=http://localhost:8081/auth/oauth/token
+spring.security.oauth2.client.provider.baeldung.authorization-uri=http://localhost:8081/auth/oauth/authorize
+spring.security.oauth2.client.provider.baeldung.user-info-uri=http://localhost:8081/auth/user/me
--- a/spring-security-modules/spring-security-oauth2/src/main/resources/application-oauth2-extractors-github.properties
+++ b/spring-security-modules/spring-security-oauth2/src/main/resources/application-oauth2-extractors-github.properties
@ -1,7 +1,9 @@
 server.port=8082
-security.oauth2.client.client-id=89a7c4facbb3434d599d
-security.oauth2.client.client-secret=9b3b08e4a340bd20e866787e4645b54f73d74b6a
-security.oauth2.client.access-token-uri=https://github.com/login/oauth/access_token
-security.oauth2.client.user-authorization-uri=https://github.com/login/oauth/authorize
-security.oauth2.client.scope=read:user,user:email
-security.oauth2.resource.user-info-uri=https://api.github.com/user
+
+spring.security.oauth2.client.registration.github.client-id=368238083842-3d4gc7p54rs6bponn0qhn4nmf6apf24a.apps.googleusercontent.com
+spring.security.oauth2.client.registration.github.client-secret=2RM2QkEaf3A8-iCNqSfdG8wP
+spring.security.oauth2.client.registration.github.scope=read:user,user:email
+
+spring.security.oauth2.client.provider.github.token-uri=https://github.com/login/oauth/access_token
+spring.security.oauth2.client.provider.github.authorization-uri=https://github.com/login/oauth/authorize
+spring.security.oauth2.client.provider.github.user-info-uri=https://api.github.com/user