From 6818b14f15300865825254825b43399384e22e87 Mon Sep 17 00:00:00 2001 From: timis1 <12120641+timis1@users.noreply.github.com> Date: Mon, 15 Jan 2024 17:21:46 +0200 Subject: [PATCH] JAVA-29308 Upgrade spring-security-web-boot-5 (#15642) Co-authored-by: timis1 --- .../spring-security-web-boot-5/pom.xml | 7 +++++- .../configuration/SecurityConfig.java | 22 +++++++++---------- 2 files changed, 17 insertions(+), 12 deletions(-) diff --git a/spring-security-modules/spring-security-web-boot-5/pom.xml b/spring-security-modules/spring-security-web-boot-5/pom.xml index 14b8d87f25..6cd3d389f9 100644 --- a/spring-security-modules/spring-security-web-boot-5/pom.xml +++ b/spring-security-modules/spring-security-web-boot-5/pom.xml @@ -11,7 +11,8 @@ com.baeldung - spring-security-modules + parent-boot-3 + ../../parent-boot-3 0.0.1-SNAPSHOT @@ -29,6 +30,10 @@ spring-boot-starter-test test + + io.rest-assured + rest-assured + diff --git a/spring-security-modules/spring-security-web-boot-5/src/main/java/com/baeldung/customauth/configuration/SecurityConfig.java b/spring-security-modules/spring-security-web-boot-5/src/main/java/com/baeldung/customauth/configuration/SecurityConfig.java index 53ab890792..db70520952 100644 --- a/spring-security-modules/spring-security-web-boot-5/src/main/java/com/baeldung/customauth/configuration/SecurityConfig.java +++ b/spring-security-modules/spring-security-web-boot-5/src/main/java/com/baeldung/customauth/configuration/SecurityConfig.java @@ -8,15 +8,17 @@ import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpMethod; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.ProviderManager; +import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter; import org.springframework.security.web.header.HeaderWriterFilter; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; -import javax.servlet.http.HttpServletResponse; +import jakarta.servlet.http.HttpServletResponse; import java.util.Collections; @Configuration @@ -35,17 +37,15 @@ public class SecurityConfig { @Bean public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { - http.cors().and().csrf() - .disable() - .sessionManagement() - .sessionCreationPolicy(SessionCreationPolicy.STATELESS) - .and() + http.cors(Customizer.withDefaults()).csrf(AbstractHttpConfigurer::disable) + .sessionManagement(httpSecuritySessionManagementConfigurer -> httpSecuritySessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) .addFilterAfter(requestHeaderAuthenticationFilter(), HeaderWriterFilter.class) - .authorizeHttpRequests() - .antMatchers(HttpMethod.GET,"/health").permitAll() - .antMatchers("/api/**").authenticated().and() - .exceptionHandling().authenticationEntryPoint((request, response, authException) -> - response.sendError(HttpServletResponse.SC_UNAUTHORIZED)); + .authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> authorizationManagerRequestMatcherRegistry + .requestMatchers(HttpMethod.GET, "/health").permitAll() + .requestMatchers("/api/**").authenticated()) + .exceptionHandling(httpSecurityExceptionHandlingConfigurer -> httpSecurityExceptionHandlingConfigurer + .authenticationEntryPoint((request, response, authException) -> + response.sendError(HttpServletResponse.SC_UNAUTHORIZED))); return http.build(); }