JAVA-14898 Update spring-security-web-mvc module under spring-security-modules to remove usage of deprecated WebSecurityConfigurerAdapter (#13048)
This commit is contained in:
anuragkumawat
GitHub
parent
b0de3c6279
commit
6f29cf4dbf
|
|
@ -1,26 +1,26 @@
|
|||
package com.baeldung.clearsitedata;
|
||||
|
||||
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.web.authentication.logout.HeaderWriterLogoutHandler;
|
||||
import org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter;
|
||||
|
||||
import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.CACHE;
|
||||
import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.COOKIES;
|
||||
import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.STORAGE;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.authentication.logout.HeaderWriterLogoutHandler;
|
||||
import org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
||||
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
public class SpringSecurityConfig {
|
||||
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http.csrf()
|
||||
.disable()
|
||||
.formLogin()
|
||||
|
|
@ -28,8 +28,9 @@ public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
.loginProcessingUrl("/perform_login")
|
||||
.defaultSuccessUrl("/homepage.html", true)
|
||||
.and()
|
||||
.logout().logoutUrl("/baeldung/logout")
|
||||
.addLogoutHandler(new HeaderWriterLogoutHandler(
|
||||
new ClearSiteDataHeaderWriter(CACHE, COOKIES, STORAGE)));
|
||||
.logout()
|
||||
.logoutUrl("/baeldung/logout")
|
||||
.addLogoutHandler(new HeaderWriterLogoutHandler(new ClearSiteDataHeaderWriter(CACHE, COOKIES, STORAGE)));
|
||||
return http.build();
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,12 +2,14 @@ package com.baeldung.session.security.config;
|
|||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
|
||||
import org.springframework.security.web.session.HttpSessionEventPublisher;
|
||||
|
||||
|
|
@ -15,50 +17,56 @@ import com.baeldung.security.MySimpleUrlAuthenticationSuccessHandler;
|
|||
|
||||
@Configuration
|
||||
// @ImportResource({ "classpath:webSecurityConfig.xml" })
|
||||
public class SecSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
public class SecSecurityConfig {
|
||||
|
||||
public SecSecurityConfig() {
|
||||
super();
|
||||
@Bean
|
||||
public InMemoryUserDetailsManager userDetailsService() {
|
||||
UserDetails user1 = User.withUsername("user1")
|
||||
.password(passwordEncoder().encode("user1Pass"))
|
||||
.roles("USER")
|
||||
.build();
|
||||
|
||||
UserDetails admin1 = User.withUsername("admin1")
|
||||
.password(passwordEncoder().encode("admin1Pass"))
|
||||
.roles("ADMIN")
|
||||
.build();
|
||||
|
||||
return new InMemoryUserDetailsManager(user1, admin1);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
|
||||
// @formatter:off
|
||||
auth.inMemoryAuthentication()
|
||||
.withUser("user1").password(passwordEncoder().encode("user1Pass")).roles("USER")
|
||||
.and()
|
||||
.withUser("admin1").password(passwordEncoder().encode("admin1Pass")).roles("ADMIN");
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(final HttpSecurity http) throws Exception {
|
||||
// @formatter:off
|
||||
http
|
||||
.csrf().disable()
|
||||
.authorizeRequests()
|
||||
.antMatchers("/anonymous*").anonymous()
|
||||
.antMatchers("/login*","/invalidSession*", "/sessionExpired*", "/foo/**").permitAll()
|
||||
.anyRequest().authenticated()
|
||||
.and()
|
||||
.formLogin()
|
||||
.loginPage("/login.html")
|
||||
.loginProcessingUrl("/login")
|
||||
.successHandler(successHandler())
|
||||
.failureUrl("/login.html?error=true")
|
||||
.and()
|
||||
.logout().deleteCookies("JSESSIONID")
|
||||
.and()
|
||||
.rememberMe().key("uniqueAndSecret").tokenValiditySeconds(86400)
|
||||
.and()
|
||||
.sessionManagement()
|
||||
.sessionFixation().migrateSession()
|
||||
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
|
||||
.invalidSessionUrl("/invalidSession.html")
|
||||
.maximumSessions(2)
|
||||
.expiredUrl("/sessionExpired.html");
|
||||
|
||||
// @formatter:on
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http.csrf()
|
||||
.disable()
|
||||
.authorizeRequests()
|
||||
.antMatchers("/anonymous*")
|
||||
.anonymous()
|
||||
.antMatchers("/login*", "/invalidSession*", "/sessionExpired*", "/foo/**")
|
||||
.permitAll()
|
||||
.anyRequest()
|
||||
.authenticated()
|
||||
.and()
|
||||
.formLogin()
|
||||
.loginPage("/login.html")
|
||||
.loginProcessingUrl("/login")
|
||||
.successHandler(successHandler())
|
||||
.failureUrl("/login.html?error=true")
|
||||
.and()
|
||||
.logout()
|
||||
.deleteCookies("JSESSIONID")
|
||||
.and()
|
||||
.rememberMe()
|
||||
.key("uniqueAndSecret")
|
||||
.tokenValiditySeconds(86400)
|
||||
.and()
|
||||
.sessionManagement()
|
||||
.sessionFixation()
|
||||
.migrateSession()
|
||||
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
|
||||
.invalidSessionUrl("/invalidSession.html")
|
||||
.maximumSessions(2)
|
||||
.expiredUrl("/sessionExpired.html");
|
||||
return http.build();
|
||||
}
|
||||
|
||||
private AuthenticationSuccessHandler successHandler() {
|
||||
|
|
|
|||
Loading…
Reference in New Issue