JAVA-29313 Upgrade spring-security-web-mvc-custom to spring-6 (#16152)
This commit is contained in:
anuragkumawat
GitHub
parent
8cd148b5b0
commit
688005d0c5
@ -10,9 +10,9 @@
|
||||
|
||||
<parent>
|
||||
<groupId>com.baeldung</groupId>
|
||||
<artifactId>parent-spring-5</artifactId>
|
||||
<artifactId>parent-spring-6</artifactId>
|
||||
<version>0.0.1-SNAPSHOT</version>
|
||||
<relativePath>../../parent-spring-5</relativePath>
|
||||
<relativePath>../../parent-spring-6</relativePath>
|
||||
</parent>
|
||||
|
||||
<dependencies>
|
||||
@ -86,15 +86,15 @@
|
||||
</dependency>
|
||||
<!-- web -->
|
||||
<dependency>
|
||||
<groupId>javax.servlet</groupId>
|
||||
<artifactId>javax.servlet-api</artifactId>
|
||||
<version>${javax.servlet-api.version}</version>
|
||||
<groupId>jakarta.servlet</groupId>
|
||||
<artifactId>jakarta.servlet-api</artifactId>
|
||||
<version>${jakarta.servlet-api.version}</version>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>javax.servlet</groupId>
|
||||
<artifactId>jstl</artifactId>
|
||||
<version>${jstl.version}</version>
|
||||
<groupId>jakarta.servlet.jsp.jstl</groupId>
|
||||
<artifactId>jakarta.servlet.jsp.jstl-api</artifactId>
|
||||
<version>${jakarta.jstl-api.version}</version>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<!-- util -->
|
||||
@ -127,9 +127,9 @@
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>javax.annotation</groupId>
|
||||
<artifactId>javax.annotation-api</artifactId>
|
||||
<version>${javax.annotation-api.version}</version>
|
||||
<groupId>jakarta.annotation</groupId>
|
||||
<artifactId>jakarta.annotation-api</artifactId>
|
||||
<version>${jakarta.annotation-api.version}</version>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
@ -173,7 +173,10 @@
|
||||
<properties>
|
||||
<!-- Maven plugins -->
|
||||
<cargo-maven2-plugin.version>1.6.1</cargo-maven2-plugin.version>
|
||||
<javax.annotation-api.version>1.3.2</javax.annotation-api.version>
|
||||
<jakarta.annotation-api.version>3.0.0-M1</jakarta.annotation-api.version>
|
||||
<jakarta.servlet-api.version>6.1.0-M1</jakarta.servlet-api.version>
|
||||
<jakarta.jstl-api.version>3.0.0</jakarta.jstl-api.version>
|
||||
<spring-security.version>6.2.1</spring-security.version>
|
||||
</properties>
|
||||
|
||||
</project>
|
||||
@ -5,9 +5,9 @@ import java.util.Collection;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import javax.servlet.http.HttpSession;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
import jakarta.servlet.http.HttpSession;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
@ -7,7 +7,7 @@ import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import javax.annotation.PostConstruct;
|
||||
import jakarta.annotation.PostConstruct;
|
||||
import java.util.*;
|
||||
|
||||
@Service
|
||||
|
||||
@ -6,6 +6,7 @@ import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||
@ -40,29 +41,20 @@ public class SecSecurityConfig {
|
||||
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests()
|
||||
.antMatchers("/anonymous*")
|
||||
http.authorizeHttpRequests(auth -> auth.requestMatchers("/anonymous*")
|
||||
.anonymous()
|
||||
.antMatchers("/login*")
|
||||
.requestMatchers("/login*")
|
||||
.permitAll()
|
||||
.anyRequest()
|
||||
.authenticated()
|
||||
.and()
|
||||
.formLogin()
|
||||
.loginPage("/login.html")
|
||||
.loginProcessingUrl("/login")
|
||||
.successHandler(myAuthenticationSuccessHandler())
|
||||
.failureUrl("/login.html?error=true")
|
||||
.and()
|
||||
.logout()
|
||||
.deleteCookies("JSESSIONID")
|
||||
.and()
|
||||
.rememberMe()
|
||||
.key("uniqueAndSecret")
|
||||
.tokenValiditySeconds(86400)
|
||||
.and()
|
||||
.csrf()
|
||||
.disable();
|
||||
.authenticated())
|
||||
.formLogin(formLogin -> formLogin.loginPage("/login.html")
|
||||
.loginProcessingUrl("/login")
|
||||
.successHandler(myAuthenticationSuccessHandler())
|
||||
.failureUrl("/login.html?error=true"))
|
||||
.rememberMe(rememberMe -> rememberMe.key("uniqueAndSecret")
|
||||
.tokenValiditySeconds(86400))
|
||||
.logout(logout -> logout.deleteCookies("JSESSIONID"))
|
||||
.csrf(AbstractHttpConfigurer::disable);
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
||||
@ -5,7 +5,7 @@ import static org.apache.commons.lang3.RandomStringUtils.randomAlphabetic;
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
|
||||
import com.baeldung.web.dto.Foo;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
|
||||
@ -1,10 +1,5 @@
|
||||
package com.baeldung.web.controller;
|
||||
|
||||
import javax.annotation.Resource;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpSession;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
@ -15,6 +10,10 @@ import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
import org.springframework.web.bind.annotation.RequestParam;
|
||||
|
||||
import jakarta.annotation.Resource;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpSession;
|
||||
|
||||
@Controller
|
||||
@RequestMapping(value = "/custom")
|
||||
public class LoginController {
|
||||
|
||||
@ -2,8 +2,8 @@ package com.baeldung.web.interceptor;
|
||||
|
||||
import java.util.Enumeration;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
@ -1,8 +1,8 @@
|
||||
package com.baeldung.web.interceptor;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import javax.servlet.http.HttpSession;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
import jakarta.servlet.http.HttpSession;
|
||||
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
@ -1,8 +1,8 @@
|
||||
package com.baeldung.web.interceptor;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import javax.servlet.http.HttpSession;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
import jakarta.servlet.http.HttpSession;
|
||||
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
@ -3,7 +3,7 @@ package com.baeldung.security.csrf;
|
||||
import static org.apache.commons.lang3.RandomStringUtils.randomAlphabetic;
|
||||
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user;
|
||||
|
||||
import javax.servlet.Filter;
|
||||
import jakarta.servlet.Filter;
|
||||
|
||||
import com.baeldung.web.dto.Foo;
|
||||
import org.junit.Before;
|
||||
|
||||
@ -3,11 +3,13 @@ package com.baeldung.security.spring;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
|
||||
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||
@ -15,7 +17,7 @@ import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
||||
@EnableMethodSecurity
|
||||
public class ManualSecurityConfig {
|
||||
|
||||
@Bean
|
||||
@ -34,7 +36,7 @@ public class ManualSecurityConfig {
|
||||
@Bean
|
||||
public WebSecurityCustomizer webSecurityCustomizer() {
|
||||
return (web) -> web.ignoring()
|
||||
.antMatchers("/resources/**");
|
||||
.requestMatchers("/resources/**");
|
||||
}
|
||||
|
||||
@Bean
|
||||
@ -45,20 +47,13 @@ public class ManualSecurityConfig {
|
||||
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests()
|
||||
.mvcMatchers("/custom/login")
|
||||
.permitAll()
|
||||
.anyRequest()
|
||||
.authenticated()
|
||||
.and()
|
||||
.httpBasic()
|
||||
.and()
|
||||
.headers()
|
||||
.cacheControl()
|
||||
.disable()
|
||||
.and()
|
||||
.csrf()
|
||||
.disable();
|
||||
http.csrf(AbstractHttpConfigurer::disable)
|
||||
.httpBasic(Customizer.withDefaults())
|
||||
.headers(headers -> headers.cacheControl((cacheControl) -> cacheControl.disable()))
|
||||
.authorizeHttpRequests(auth -> auth.requestMatchers("/custom/login")
|
||||
.permitAll()
|
||||
.anyRequest()
|
||||
.authenticated());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
||||
@ -3,7 +3,7 @@ package com.baeldung.security.spring;
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||
|
||||
import javax.servlet.http.HttpSession;
|
||||
import jakarta.servlet.http.HttpSession;
|
||||
|
||||
import com.baeldung.spring.MvcConfig;
|
||||
import org.junit.Before;
|
||||
|
||||
@ -3,11 +3,14 @@ package com.baeldung.security.spring;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
|
||||
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||
@ -15,7 +18,7 @@ import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
||||
@EnableMethodSecurity
|
||||
public class SecurityWithCsrfConfig {
|
||||
|
||||
@Bean
|
||||
@ -40,22 +43,17 @@ public class SecurityWithCsrfConfig {
|
||||
@Bean
|
||||
public WebSecurityCustomizer webSecurityCustomizer() {
|
||||
return (web) -> web.ignoring()
|
||||
.antMatchers("/resources/**");
|
||||
.requestMatchers("/resources/**");
|
||||
}
|
||||
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests()
|
||||
.antMatchers("/auth/admin/*")
|
||||
.hasAnyRole("ROLE_ADMIN")
|
||||
.anyRequest()
|
||||
.authenticated()
|
||||
.and()
|
||||
.httpBasic()
|
||||
.and()
|
||||
.headers()
|
||||
.cacheControl()
|
||||
.disable();
|
||||
http.httpBasic(Customizer.withDefaults())
|
||||
.headers(headers -> headers.cacheControl((cacheControl) -> cacheControl.disable()))
|
||||
.authorizeHttpRequests(auth -> auth.requestMatchers("/auth/admin/*")
|
||||
.hasAnyRole("ADMIN")
|
||||
.anyRequest()
|
||||
.authenticated());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
||||
@ -3,8 +3,9 @@ package com.baeldung.security.spring;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
|
||||
@ -16,7 +17,7 @@ import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
||||
@EnableMethodSecurity
|
||||
public class SecurityWithCsrfCookieConfig {
|
||||
|
||||
@Bean
|
||||
@ -41,26 +42,19 @@ public class SecurityWithCsrfCookieConfig {
|
||||
@Bean
|
||||
public WebSecurityCustomizer webSecurityCustomizer() {
|
||||
return (web) -> web.ignoring()
|
||||
.antMatchers("/resources/**");
|
||||
.requestMatchers("/resources/**");
|
||||
}
|
||||
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests()
|
||||
.antMatchers("/auth/admin/*")
|
||||
.hasAnyRole("ROLE_ADMIN")
|
||||
.anyRequest()
|
||||
.authenticated()
|
||||
.and()
|
||||
.httpBasic()
|
||||
.and()
|
||||
.headers()
|
||||
.cacheControl()
|
||||
.disable()
|
||||
// Stateless API CSRF configuration
|
||||
.and()
|
||||
.csrf()
|
||||
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
|
||||
// Stateless API CSRF configuration
|
||||
http.csrf(csrf -> csrf.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()))
|
||||
.httpBasic(Customizer.withDefaults())
|
||||
.headers(headers -> headers.cacheControl((cacheControl) -> cacheControl.disable()))
|
||||
.authorizeHttpRequests(auth -> auth.requestMatchers("/auth/admin/*")
|
||||
.hasAnyRole("ADMIN")
|
||||
.anyRequest()
|
||||
.authenticated());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
||||
@ -3,11 +3,13 @@ package com.baeldung.security.spring;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
|
||||
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||
@ -15,7 +17,7 @@ import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
||||
@EnableMethodSecurity
|
||||
public class SecurityWithoutCsrfConfig {
|
||||
|
||||
@Bean
|
||||
@ -28,11 +30,11 @@ public class SecurityWithoutCsrfConfig {
|
||||
public InMemoryUserDetailsManager userDetailsService() {
|
||||
UserDetails user = User.withUsername("user1")
|
||||
.password("user1Pass")
|
||||
.authorities("ROLE_USER")
|
||||
.authorities("USER")
|
||||
.build();
|
||||
UserDetails admin = User.withUsername("admin")
|
||||
.password("adminPass")
|
||||
.authorities("ROLE_ADMIN")
|
||||
.authorities("ADMIN")
|
||||
.build();
|
||||
return new InMemoryUserDetailsManager(user, admin);
|
||||
}
|
||||
@ -40,25 +42,18 @@ public class SecurityWithoutCsrfConfig {
|
||||
@Bean
|
||||
public WebSecurityCustomizer webSecurityCustomizer() {
|
||||
return (web) -> web.ignoring()
|
||||
.antMatchers("/resources/**");
|
||||
.requestMatchers("/resources/**");
|
||||
}
|
||||
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests()
|
||||
.antMatchers("/auth/admin/*")
|
||||
.hasAnyRole("ROLE_ADMIN")
|
||||
.anyRequest()
|
||||
.authenticated()
|
||||
.and()
|
||||
.httpBasic()
|
||||
.and()
|
||||
.headers()
|
||||
.cacheControl()
|
||||
.disable()
|
||||
.and()
|
||||
.csrf()
|
||||
.disable();
|
||||
http.csrf(AbstractHttpConfigurer::disable)
|
||||
.httpBasic(Customizer.withDefaults())
|
||||
.headers(headers -> headers.cacheControl((cacheControl) -> cacheControl.disable()))
|
||||
.authorizeHttpRequests(auth -> auth.requestMatchers("/auth/admin/*")
|
||||
.hasAnyRole("ADMIN")
|
||||
.anyRequest()
|
||||
.authenticated());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
||||
@ -3,7 +3,7 @@ package com.baeldung.web.interceptor;
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||
|
||||
import javax.servlet.http.HttpSession;
|
||||
import jakarta.servlet.http.HttpSession;
|
||||
|
||||
import com.baeldung.security.spring.SecurityWithoutCsrfConfig;
|
||||
import com.baeldung.spring.MvcConfig;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user