iSharkFly-Docs
/
java-tutorials
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

JAVA-14869 Update spring-security-web-rest module under spring-security-modules to remove usage of deprecated WebSecurityConfigurerAdapter (#12801)

This commit is contained in:
anuragkumawat 2022-10-01 22:36:08 +05:30 committed by GitHub
parent b5491abda3
commit 5cc6399e44
1 changed files with 35 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
spring-security-modules/spring-security-web-rest/src/main/java/com/baeldung/security/SecurityJavaConfig.java
View File

@ -1,28 +1,31 @@
package com.baeldung.security; package com.baeldung.security;
import com.baeldung.security.web.MySavedRequestAwareAuthenticationSuccessHandler;
import com.baeldung.security.web.RestAuthenticationEntryPoint;
import com.baeldung.web.error.CustomAccessDeniedHandler;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor; import org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.task.DelegatingSecurityContextAsyncTaskExecutor; import org.springframework.security.task.DelegatingSecurityContextAsyncTaskExecutor;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler; import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import com.baeldung.security.web.MySavedRequestAwareAuthenticationSuccessHandler;
import com.baeldung.security.web.RestAuthenticationEntryPoint;
import com.baeldung.web.error.CustomAccessDeniedHandler;
@Configuration @Configuration
@EnableWebSecurity @EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true) @EnableGlobalMethodSecurity(prePostEnabled = true)
@ComponentScan("com.baeldung.security") @ComponentScan("com.baeldung.security")
public class SecurityJavaConfig extends WebSecurityConfigurerAdapter { public class SecurityJavaConfig {
@Autowired @Autowired
private CustomAccessDeniedHandler accessDeniedHandler; private CustomAccessDeniedHandler accessDeniedHandler;
@ -35,17 +38,23 @@ public class SecurityJavaConfig extends WebSecurityConfigurerAdapter {
private SimpleUrlAuthenticationFailureHandler myFailureHandler = new SimpleUrlAuthenticationFailureHandler(); private SimpleUrlAuthenticationFailureHandler myFailureHandler = new SimpleUrlAuthenticationFailureHandler();
@Override @Bean
protected void configure(final AuthenticationManagerBuilder auth) throws Exception { public InMemoryUserDetailsManager userDetailsService() {
auth.inMemoryAuthentication() UserDetails admin = User.withUsername("admin")
.withUser("admin").password(encoder().encode("adminPass")).roles("ADMIN") .password(encoder().encode("adminPass"))
.and() .roles("ADMIN")
.withUser("user").password(encoder().encode("userPass")).roles("USER"); .build();
UserDetails user = User.withUsername("user")
.password(encoder().encode("userPass"))
.roles("USER")
.build();
return new InMemoryUserDetailsManager(admin, user);
} }
@Override @Bean
protected void configure(final HttpSecurity http) throws Exception { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.csrf().disable() http.csrf()
.disable()
.authorizeRequests() .authorizeRequests()
.and() .and()
.exceptionHandling() .exceptionHandling()
@ -53,11 +62,16 @@ public class SecurityJavaConfig extends WebSecurityConfigurerAdapter {
.authenticationEntryPoint(restAuthenticationEntryPoint) .authenticationEntryPoint(restAuthenticationEntryPoint)
.and() .and()
.authorizeRequests() .authorizeRequests()
.antMatchers("/api/csrfAttacker*").permitAll() .antMatchers("/api/csrfAttacker*")
.antMatchers("/api/customer/**").permitAll() .permitAll()
.antMatchers("/api/foos/**").authenticated() .antMatchers("/api/customer/**")
.antMatchers("/api/async/**").permitAll() .permitAll()
.antMatchers("/api/admin/**").hasRole("ADMIN") .antMatchers("/api/foos/**")
.authenticated()
.antMatchers("/api/async/**")
.permitAll()
.antMatchers("/api/admin/**")
.hasRole("ADMIN")
.and() .and()
.formLogin() .formLogin()
.successHandler(mySuccessHandler) .successHandler(mySuccessHandler)
@ -66,6 +80,7 @@ public class SecurityJavaConfig extends WebSecurityConfigurerAdapter {
.httpBasic() .httpBasic()
.and() .and()
.logout(); .logout();
return http.build();
} }
@Bean @Bean