From 6f29cf4dbf38d55c373ff888f480dd1676638a97 Mon Sep 17 00:00:00 2001 From: anuragkumawat Date: Wed, 23 Nov 2022 23:56:10 +0530 Subject: [PATCH] JAVA-14898 Update spring-security-web-mvc module under spring-security-modules to remove usage of deprecated WebSecurityConfigurerAdapter (#13048) --- .../clearsitedata/SpringSecurityConfig.java | 31 +++--- .../security/config/SecSecurityConfig.java | 94 ++++++++++--------- 2 files changed, 67 insertions(+), 58 deletions(-) diff --git a/spring-security-modules/spring-security-web-mvc/src/main/java/com/baeldung/clearsitedata/SpringSecurityConfig.java b/spring-security-modules/spring-security-web-mvc/src/main/java/com/baeldung/clearsitedata/SpringSecurityConfig.java index 13011da9e4..9138c6fd7b 100644 --- a/spring-security-modules/spring-security-web-mvc/src/main/java/com/baeldung/clearsitedata/SpringSecurityConfig.java +++ b/spring-security-modules/spring-security-web-mvc/src/main/java/com/baeldung/clearsitedata/SpringSecurityConfig.java @@ -1,26 +1,26 @@ package com.baeldung.clearsitedata; -import org.springframework.context.annotation.Configuration; -import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; -import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.web.authentication.logout.HeaderWriterLogoutHandler; -import org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter; - import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.CACHE; import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.COOKIES; import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.STORAGE; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.web.SecurityFilterChain; +import org.springframework.security.web.authentication.logout.HeaderWriterLogoutHandler; +import org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter; + @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) -public class SpringSecurityConfig extends WebSecurityConfigurerAdapter { - - @Override - protected void configure(HttpSecurity http) throws Exception { +public class SpringSecurityConfig { + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { http.csrf() .disable() .formLogin() @@ -28,8 +28,9 @@ public class SpringSecurityConfig extends WebSecurityConfigurerAdapter { .loginProcessingUrl("/perform_login") .defaultSuccessUrl("/homepage.html", true) .and() - .logout().logoutUrl("/baeldung/logout") - .addLogoutHandler(new HeaderWriterLogoutHandler( - new ClearSiteDataHeaderWriter(CACHE, COOKIES, STORAGE))); + .logout() + .logoutUrl("/baeldung/logout") + .addLogoutHandler(new HeaderWriterLogoutHandler(new ClearSiteDataHeaderWriter(CACHE, COOKIES, STORAGE))); + return http.build(); } } diff --git a/spring-security-modules/spring-security-web-mvc/src/main/java/com/baeldung/session/security/config/SecSecurityConfig.java b/spring-security-modules/spring-security-web-mvc/src/main/java/com/baeldung/session/security/config/SecSecurityConfig.java index 9a4978c27e..1dfb72eca9 100644 --- a/spring-security-modules/spring-security-web-mvc/src/main/java/com/baeldung/session/security/config/SecSecurityConfig.java +++ b/spring-security-modules/spring-security-web-mvc/src/main/java/com/baeldung/session/security/config/SecSecurityConfig.java @@ -2,12 +2,14 @@ package com.baeldung.session.security.config; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.http.SessionCreationPolicy; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.provisioning.InMemoryUserDetailsManager; +import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.AuthenticationSuccessHandler; import org.springframework.security.web.session.HttpSessionEventPublisher; @@ -15,50 +17,56 @@ import com.baeldung.security.MySimpleUrlAuthenticationSuccessHandler; @Configuration // @ImportResource({ "classpath:webSecurityConfig.xml" }) -public class SecSecurityConfig extends WebSecurityConfigurerAdapter { +public class SecSecurityConfig { - public SecSecurityConfig() { - super(); + @Bean + public InMemoryUserDetailsManager userDetailsService() { + UserDetails user1 = User.withUsername("user1") + .password(passwordEncoder().encode("user1Pass")) + .roles("USER") + .build(); + + UserDetails admin1 = User.withUsername("admin1") + .password(passwordEncoder().encode("admin1Pass")) + .roles("ADMIN") + .build(); + + return new InMemoryUserDetailsManager(user1, admin1); } - @Override - protected void configure(final AuthenticationManagerBuilder auth) throws Exception { - // @formatter:off - auth.inMemoryAuthentication() - .withUser("user1").password(passwordEncoder().encode("user1Pass")).roles("USER") - .and() - .withUser("admin1").password(passwordEncoder().encode("admin1Pass")).roles("ADMIN"); - // @formatter:on - } - - @Override - protected void configure(final HttpSecurity http) throws Exception { - // @formatter:off - http - .csrf().disable() - .authorizeRequests() - .antMatchers("/anonymous*").anonymous() - .antMatchers("/login*","/invalidSession*", "/sessionExpired*", "/foo/**").permitAll() - .anyRequest().authenticated() - .and() - .formLogin() - .loginPage("/login.html") - .loginProcessingUrl("/login") - .successHandler(successHandler()) - .failureUrl("/login.html?error=true") - .and() - .logout().deleteCookies("JSESSIONID") - .and() - .rememberMe().key("uniqueAndSecret").tokenValiditySeconds(86400) - .and() - .sessionManagement() - .sessionFixation().migrateSession() - .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED) - .invalidSessionUrl("/invalidSession.html") - .maximumSessions(2) - .expiredUrl("/sessionExpired.html"); - - // @formatter:on + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + http.csrf() + .disable() + .authorizeRequests() + .antMatchers("/anonymous*") + .anonymous() + .antMatchers("/login*", "/invalidSession*", "/sessionExpired*", "/foo/**") + .permitAll() + .anyRequest() + .authenticated() + .and() + .formLogin() + .loginPage("/login.html") + .loginProcessingUrl("/login") + .successHandler(successHandler()) + .failureUrl("/login.html?error=true") + .and() + .logout() + .deleteCookies("JSESSIONID") + .and() + .rememberMe() + .key("uniqueAndSecret") + .tokenValiditySeconds(86400) + .and() + .sessionManagement() + .sessionFixation() + .migrateSession() + .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED) + .invalidSessionUrl("/invalidSession.html") + .maximumSessions(2) + .expiredUrl("/sessionExpired.html"); + return http.build(); } private AuthenticationSuccessHandler successHandler() {