iSharkFly-Docs/java-tutorials
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

JAVA-29313 Upgrade spring-security-web-mvc-custom to spring-6 (#16152)

Browse Source
This commit is contained in:
anuragkumawat 2024-03-21 02:50:40 +05:30 committed by GitHub
parent 8cd148b5b0
commit 688005d0c5
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
16 changed files with 96 additions and 120 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
spring-security-modules/spring-security-web-mvc-custom/pom.xml
View File

@ -10,9 +10,9 @@
<parent> <parent>
<groupId>com.baeldung</groupId> <groupId>com.baeldung</groupId>
<artifactId>parent-spring-5</artifactId> <artifactId>parent-spring-6</artifactId>
<version>0.0.1-SNAPSHOT</version> <version>0.0.1-SNAPSHOT</version>
<relativePath>../../parent-spring-5</relativePath> <relativePath>../../parent-spring-6</relativePath>
</parent> </parent>
<dependencies> <dependencies>
@ -86,15 +86,15 @@
</dependency> </dependency>
<!-- web --> <!-- web -->
<dependency> <dependency>
<groupId>javax.servlet</groupId> <groupId>jakarta.servlet</groupId>
<artifactId>javax.servlet-api</artifactId> <artifactId>jakarta.servlet-api</artifactId>
<version>${javax.servlet-api.version}</version> <version>${jakarta.servlet-api.version}</version>
<scope>provided</scope> <scope>provided</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>javax.servlet</groupId> <groupId>jakarta.servlet.jsp.jstl</groupId>
<artifactId>jstl</artifactId> <artifactId>jakarta.servlet.jsp.jstl-api</artifactId>
<version>${jstl.version}</version> <version>${jakarta.jstl-api.version}</version>
<scope>runtime</scope> <scope>runtime</scope>
</dependency> </dependency>
<!-- util --> <!-- util -->
@ -127,9 +127,9 @@
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>javax.annotation</groupId> <groupId>jakarta.annotation</groupId>
<artifactId>javax.annotation-api</artifactId> <artifactId>jakarta.annotation-api</artifactId>
<version>${javax.annotation-api.version}</version> <version>${jakarta.annotation-api.version}</version>
</dependency> </dependency>
</dependencies> </dependencies>
@ -173,7 +173,10 @@
<properties> <properties>
<!-- Maven plugins --> <!-- Maven plugins -->
<cargo-maven2-plugin.version>1.6.1</cargo-maven2-plugin.version> <cargo-maven2-plugin.version>1.6.1</cargo-maven2-plugin.version>
<javax.annotation-api.version>1.3.2</javax.annotation-api.version> <jakarta.annotation-api.version>3.0.0-M1</jakarta.annotation-api.version>
<jakarta.servlet-api.version>6.1.0-M1</jakarta.servlet-api.version>
<jakarta.jstl-api.version>3.0.0</jakarta.jstl-api.version>
<spring-security.version>6.2.1</spring-security.version>
</properties> </properties>
</project> </project>

6
spring-security-modules/spring-security-web-mvc-custom/src/main/java/com/baeldung/security/MySimpleUrlAuthenticationSuccessHandler.java
View File

@ -5,9 +5,9 @@ import java.util.Collection;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map; import java.util.Map;
import javax.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import jakarta.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; import jakarta.servlet.http.HttpSession;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;

2
spring-security-modules/spring-security-web-mvc-custom/src/main/java/com/baeldung/spring/MyUserDetailsService.java
View File

@ -7,7 +7,7 @@ import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.stereotype.Service; import org.springframework.stereotype.Service;
import javax.annotation.PostConstruct; import jakarta.annotation.PostConstruct;
import java.util.*; import java.util.*;
@Service @Service

32
spring-security-modules/spring-security-web-mvc-custom/src/main/java/com/baeldung/spring/SecSecurityConfig.java
View File

@ -6,6 +6,7 @@ import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.springframework.security.provisioning.InMemoryUserDetailsManager;
@ -40,29 +41,20 @@ public class SecSecurityConfig {
@Bean @Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeRequests() http.authorizeHttpRequests(auth -> auth.requestMatchers("/anonymous*")
.antMatchers("/anonymous*")
.anonymous() .anonymous()
.antMatchers("/login*") .requestMatchers("/login*")
.permitAll() .permitAll()
.anyRequest() .anyRequest()
.authenticated() .authenticated())
.and() .formLogin(formLogin -> formLogin.loginPage("/login.html")
.formLogin() .loginProcessingUrl("/login")
.loginPage("/login.html") .successHandler(myAuthenticationSuccessHandler())
.loginProcessingUrl("/login") .failureUrl("/login.html?error=true"))
.successHandler(myAuthenticationSuccessHandler()) .rememberMe(rememberMe -> rememberMe.key("uniqueAndSecret")
.failureUrl("/login.html?error=true") .tokenValiditySeconds(86400))
.and() .logout(logout -> logout.deleteCookies("JSESSIONID"))
.logout() .csrf(AbstractHttpConfigurer::disable);
.deleteCookies("JSESSIONID")
.and()
.rememberMe()
.key("uniqueAndSecret")
.tokenValiditySeconds(86400)
.and()
.csrf()
.disable();
return http.build(); return http.build();
} }

2
spring-security-modules/spring-security-web-mvc-custom/src/main/java/com/baeldung/web/controller/FooController.java
View File

@ -5,7 +5,7 @@ import static org.apache.commons.lang3.RandomStringUtils.randomAlphabetic;
import java.util.Arrays; import java.util.Arrays;
import java.util.List; import java.util.List;
import javax.servlet.http.HttpServletResponse; import jakarta.servlet.http.HttpServletResponse;
import com.baeldung.web.dto.Foo; import com.baeldung.web.dto.Foo;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;

9
spring-security-modules/spring-security-web-mvc-custom/src/main/java/com/baeldung/web/controller/LoginController.java
View File

@ -1,10 +1,5 @@
package com.baeldung.web.controller; package com.baeldung.web.controller;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
@ -15,6 +10,10 @@ import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RequestParam;
import jakarta.annotation.Resource;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpSession;
@Controller @Controller
@RequestMapping(value = "/custom") @RequestMapping(value = "/custom")
public class LoginController { public class LoginController {

4
spring-security-modules/spring-security-web-mvc-custom/src/main/java/com/baeldung/web/interceptor/LoggerInterceptor.java
View File

@ -2,8 +2,8 @@ package com.baeldung.web.interceptor;
import java.util.Enumeration; import java.util.Enumeration;
import javax.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import jakarta.servlet.http.HttpServletResponse;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;

6
spring-security-modules/spring-security-web-mvc-custom/src/main/java/com/baeldung/web/interceptor/SessionTimerInterceptor.java
View File

@ -1,8 +1,8 @@
package com.baeldung.web.interceptor; package com.baeldung.web.interceptor;
import javax.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import jakarta.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; import jakarta.servlet.http.HttpSession;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;

6
spring-security-modules/spring-security-web-mvc-custom/src/main/java/com/baeldung/web/interceptor/UserInterceptor.java
View File

@ -1,8 +1,8 @@
package com.baeldung.web.interceptor; package com.baeldung.web.interceptor;
import javax.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import jakarta.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; import jakarta.servlet.http.HttpSession;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;

2
spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/csrf/CsrfAbstractIntegrationTest.java
View File

@ -3,7 +3,7 @@ package com.baeldung.security.csrf;
import static org.apache.commons.lang3.RandomStringUtils.randomAlphabetic; import static org.apache.commons.lang3.RandomStringUtils.randomAlphabetic;
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user; import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user;
import javax.servlet.Filter; import jakarta.servlet.Filter;
import com.baeldung.web.dto.Foo; import com.baeldung.web.dto.Foo;
import org.junit.Before; import org.junit.Before;

29
spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/spring/ManualSecurityConfig.java
View File

@ -3,11 +3,13 @@ package com.baeldung.security.spring;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer; import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.springframework.security.provisioning.InMemoryUserDetailsManager;
@ -15,7 +17,7 @@ import org.springframework.security.web.SecurityFilterChain;
@Configuration @Configuration
@EnableWebSecurity @EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true) @EnableMethodSecurity
public class ManualSecurityConfig { public class ManualSecurityConfig {
@Bean @Bean
@ -34,7 +36,7 @@ public class ManualSecurityConfig {
@Bean @Bean
public WebSecurityCustomizer webSecurityCustomizer() { public WebSecurityCustomizer webSecurityCustomizer() {
return (web) -> web.ignoring() return (web) -> web.ignoring()
.antMatchers("/resources/**"); .requestMatchers("/resources/**");
} }
@Bean @Bean
@ -45,20 +47,13 @@ public class ManualSecurityConfig {
@Bean @Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeRequests() http.csrf(AbstractHttpConfigurer::disable)
.mvcMatchers("/custom/login") .httpBasic(Customizer.withDefaults())
.permitAll() .headers(headers -> headers.cacheControl((cacheControl) -> cacheControl.disable()))
.anyRequest() .authorizeHttpRequests(auth -> auth.requestMatchers("/custom/login")
.authenticated() .permitAll()
.and() .anyRequest()
.httpBasic() .authenticated());
.and()
.headers()
.cacheControl()
.disable()
.and()
.csrf()
.disable();
return http.build(); return http.build();
} }

2
spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/spring/ManualSecurityIntegrationTest.java
View File

@ -3,7 +3,7 @@ package com.baeldung.security.spring;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
import javax.servlet.http.HttpSession; import jakarta.servlet.http.HttpSession;
import com.baeldung.spring.MvcConfig; import com.baeldung.spring.MvcConfig;
import org.junit.Before; import org.junit.Before;

24
spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/spring/SecurityWithCsrfConfig.java
View File

@ -3,11 +3,14 @@ package com.baeldung.security.spring;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer; import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.springframework.security.provisioning.InMemoryUserDetailsManager;
@ -15,7 +18,7 @@ import org.springframework.security.web.SecurityFilterChain;
@Configuration @Configuration
@EnableWebSecurity @EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true) @EnableMethodSecurity
public class SecurityWithCsrfConfig { public class SecurityWithCsrfConfig {
@Bean @Bean
@ -40,22 +43,17 @@ public class SecurityWithCsrfConfig {
@Bean @Bean
public WebSecurityCustomizer webSecurityCustomizer() { public WebSecurityCustomizer webSecurityCustomizer() {
return (web) -> web.ignoring() return (web) -> web.ignoring()
.antMatchers("/resources/**"); .requestMatchers("/resources/**");
} }
@Bean @Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeRequests() http.httpBasic(Customizer.withDefaults())
.antMatchers("/auth/admin/*") .headers(headers -> headers.cacheControl((cacheControl) -> cacheControl.disable()))
.hasAnyRole("ROLE_ADMIN") .authorizeHttpRequests(auth -> auth.requestMatchers("/auth/admin/*")
.anyRequest() .hasAnyRole("ADMIN")
.authenticated() .anyRequest()
.and() .authenticated());
.httpBasic()
.and()
.headers()
.cacheControl()
.disable();
return http.build(); return http.build();
} }

30
spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/spring/SecurityWithCsrfCookieConfig.java
View File

@ -3,8 +3,9 @@ package com.baeldung.security.spring;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer; import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
@ -16,7 +17,7 @@ import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
@Configuration @Configuration
@EnableWebSecurity @EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true) @EnableMethodSecurity
public class SecurityWithCsrfCookieConfig { public class SecurityWithCsrfCookieConfig {
@Bean @Bean
@ -41,26 +42,19 @@ public class SecurityWithCsrfCookieConfig {
@Bean @Bean
public WebSecurityCustomizer webSecurityCustomizer() { public WebSecurityCustomizer webSecurityCustomizer() {
return (web) -> web.ignoring() return (web) -> web.ignoring()
.antMatchers("/resources/**"); .requestMatchers("/resources/**");
} }
@Bean @Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeRequests() // Stateless API CSRF configuration
.antMatchers("/auth/admin/*") http.csrf(csrf -> csrf.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()))
.hasAnyRole("ROLE_ADMIN") .httpBasic(Customizer.withDefaults())
.anyRequest() .headers(headers -> headers.cacheControl((cacheControl) -> cacheControl.disable()))
.authenticated() .authorizeHttpRequests(auth -> auth.requestMatchers("/auth/admin/*")
.and() .hasAnyRole("ADMIN")
.httpBasic() .anyRequest()
.and() .authenticated());
.headers()
.cacheControl()
.disable()
// Stateless API CSRF configuration
.and()
.csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
return http.build(); return http.build();
} }

33
spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/spring/SecurityWithoutCsrfConfig.java
View File

@ -3,11 +3,13 @@ package com.baeldung.security.spring;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer; import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.springframework.security.provisioning.InMemoryUserDetailsManager;
@ -15,7 +17,7 @@ import org.springframework.security.web.SecurityFilterChain;
@Configuration @Configuration
@EnableWebSecurity @EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true) @EnableMethodSecurity
public class SecurityWithoutCsrfConfig { public class SecurityWithoutCsrfConfig {
@Bean @Bean
@ -28,11 +30,11 @@ public class SecurityWithoutCsrfConfig {
public InMemoryUserDetailsManager userDetailsService() { public InMemoryUserDetailsManager userDetailsService() {
UserDetails user = User.withUsername("user1") UserDetails user = User.withUsername("user1")
.password("user1Pass") .password("user1Pass")
.authorities("ROLE_USER") .authorities("USER")
.build(); .build();
UserDetails admin = User.withUsername("admin") UserDetails admin = User.withUsername("admin")
.password("adminPass") .password("adminPass")
.authorities("ROLE_ADMIN") .authorities("ADMIN")
.build(); .build();
return new InMemoryUserDetailsManager(user, admin); return new InMemoryUserDetailsManager(user, admin);
} }
@ -40,25 +42,18 @@ public class SecurityWithoutCsrfConfig {
@Bean @Bean
public WebSecurityCustomizer webSecurityCustomizer() { public WebSecurityCustomizer webSecurityCustomizer() {
return (web) -> web.ignoring() return (web) -> web.ignoring()
.antMatchers("/resources/**"); .requestMatchers("/resources/**");
} }
@Bean @Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeRequests() http.csrf(AbstractHttpConfigurer::disable)
.antMatchers("/auth/admin/*") .httpBasic(Customizer.withDefaults())
.hasAnyRole("ROLE_ADMIN") .headers(headers -> headers.cacheControl((cacheControl) -> cacheControl.disable()))
.anyRequest() .authorizeHttpRequests(auth -> auth.requestMatchers("/auth/admin/*")
.authenticated() .hasAnyRole("ADMIN")
.and() .anyRequest()
.httpBasic() .authenticated());
.and()
.headers()
.cacheControl()
.disable()
.and()
.csrf()
.disable();
return http.build(); return http.build();
} }

2
spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/web/interceptor/SessionTimerInterceptorIntegrationTest.java
View File

@ -3,7 +3,7 @@ package com.baeldung.web.interceptor;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
import javax.servlet.http.HttpSession; import jakarta.servlet.http.HttpSession;
import com.baeldung.security.spring.SecurityWithoutCsrfConfig; import com.baeldung.security.spring.SecurityWithoutCsrfConfig;
import com.baeldung.spring.MvcConfig; import com.baeldung.spring.MvcConfig;