JAVA-14869 Update spring-security-web-rest module under spring-security-modules to remove usage of deprecated WebSecurityConfigurerAdapter (#12801)

2022-10-01 22:36:08 +05:30 · 2022-10-01 22:36:08 +05:30 · 5cc6399e44
parent b5491abda3
commit 5cc6399e44
1 changed files with 35 additions and 20 deletions
--- a/spring-security-modules/spring-security-web-rest/src/main/java/com/baeldung/security/SecurityJavaConfig.java
+++ b/spring-security-modules/spring-security-web-rest/src/main/java/com/baeldung/security/SecurityJavaConfig.java
@ -1,28 +1,31 @@
 package com.baeldung.security;

-import com.baeldung.security.web.MySavedRequestAwareAuthenticationSuccessHandler;
-import com.baeldung.security.web.RestAuthenticationEntryPoint;
-import com.baeldung.web.error.CustomAccessDeniedHandler;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.security.task.DelegatingSecurityContextAsyncTaskExecutor;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;

+import com.baeldung.security.web.MySavedRequestAwareAuthenticationSuccessHandler;
+import com.baeldung.security.web.RestAuthenticationEntryPoint;
+import com.baeldung.web.error.CustomAccessDeniedHandler;
+
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@ComponentScan("com.baeldung.security")
-public class SecurityJavaConfig extends WebSecurityConfigurerAdapter {
+public class SecurityJavaConfig {

    @Autowired
    private CustomAccessDeniedHandler accessDeniedHandler;
@ -35,17 +38,23 @@ public class SecurityJavaConfig extends WebSecurityConfigurerAdapter {

    private SimpleUrlAuthenticationFailureHandler myFailureHandler = new SimpleUrlAuthenticationFailureHandler();

-    @Override
-    protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
-        auth.inMemoryAuthentication()
-            .withUser("admin").password(encoder().encode("adminPass")).roles("ADMIN")
-            .and()
-            .withUser("user").password(encoder().encode("userPass")).roles("USER");
+    @Bean
+    public InMemoryUserDetailsManager userDetailsService() {
+        UserDetails admin = User.withUsername("admin")
+            .password(encoder().encode("adminPass"))
+            .roles("ADMIN")
+            .build();
+        UserDetails user = User.withUsername("user")
+            .password(encoder().encode("userPass"))
+            .roles("USER")
+            .build();
+        return new InMemoryUserDetailsManager(admin, user);
    }

-    @Override
-    protected void configure(final HttpSecurity http) throws Exception {
-        http.csrf().disable()
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http.csrf()
+            .disable()
            .authorizeRequests()
            .and()
            .exceptionHandling()
@ -53,11 +62,16 @@ public class SecurityJavaConfig extends WebSecurityConfigurerAdapter {
            .authenticationEntryPoint(restAuthenticationEntryPoint)
            .and()
            .authorizeRequests()
-            .antMatchers("/api/csrfAttacker*").permitAll()
-            .antMatchers("/api/customer/**").permitAll()
-            .antMatchers("/api/foos/**").authenticated()
-            .antMatchers("/api/async/**").permitAll()
-            .antMatchers("/api/admin/**").hasRole("ADMIN")
+            .antMatchers("/api/csrfAttacker*")
+            .permitAll()
+            .antMatchers("/api/customer/**")
+            .permitAll()
+            .antMatchers("/api/foos/**")
+            .authenticated()
+            .antMatchers("/api/async/**")
+            .permitAll()
+            .antMatchers("/api/admin/**")
+            .hasRole("ADMIN")
            .and()
            .formLogin()
            .successHandler(mySuccessHandler)
@ -66,6 +80,7 @@ public class SecurityJavaConfig extends WebSecurityConfigurerAdapter {
            .httpBasic()
            .and()
            .logout();
+        return http.build();
    }
    
    @Bean