JAVA-14867 Update spring-security-web-login module under spring-security-modules to remove usage of deprecated WebSecurityConfigurerAdapter (#12852)

This commit is contained in:
anuragkumawat 2022-10-11 21:12:39 +05:30 committed by GitHub
parent c4052100a0
commit 7cffc487ea
5 changed files with 175 additions and 123 deletions

View File

@ -3,19 +3,20 @@ package com.baeldung.loginextrafieldscustom;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.PropertySource; import org.springframework.context.annotation.PropertySource;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler; import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@EnableWebSecurity @EnableWebSecurity
@PropertySource("classpath:/application-extrafields.properties") @PropertySource("classpath:/application-extrafields.properties")
public class SecurityConfig extends WebSecurityConfigurerAdapter { public class SecurityConfig extends AbstractHttpConfigurer<SecurityConfig, HttpSecurity> {
@Autowired @Autowired
private CustomUserDetailsService userDetailsService; private CustomUserDetailsService userDetailsService;
@ -24,23 +25,36 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
private PasswordEncoder passwordEncoder; private PasswordEncoder passwordEncoder;
@Override @Override
protected void configure(HttpSecurity http) throws Exception { public void configure(HttpSecurity http) throws Exception {
AuthenticationManager authenticationManager = http.getSharedObject(AuthenticationManager.class);
http http.addFilterBefore(authenticationFilter(authenticationManager), UsernamePasswordAuthenticationFilter.class);
.addFilterBefore(authenticationFilter(), UsernamePasswordAuthenticationFilter.class)
.authorizeRequests()
.antMatchers("/css/**", "/index").permitAll()
.antMatchers("/user/**").authenticated()
.and()
.formLogin().loginPage("/login")
.and()
.logout()
.logoutUrl("/logout");
} }
public CustomAuthenticationFilter authenticationFilter() throws Exception { public static SecurityConfig securityConfig() {
return new SecurityConfig();
}
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/css/**", "/index")
.permitAll()
.antMatchers("/user/**")
.authenticated()
.and()
.formLogin()
.loginPage("/login")
.and()
.logout()
.logoutUrl("/logout")
.and()
.apply(securityConfig());
return http.build();
}
public CustomAuthenticationFilter authenticationFilter(AuthenticationManager authenticationManager) throws Exception {
CustomAuthenticationFilter filter = new CustomAuthenticationFilter(); CustomAuthenticationFilter filter = new CustomAuthenticationFilter();
filter.setAuthenticationManager(authenticationManagerBean()); filter.setAuthenticationManager(authenticationManager);
filter.setAuthenticationFailureHandler(failureHandler()); filter.setAuthenticationFailureHandler(failureHandler());
return filter; return filter;
} }

View File

@ -3,21 +3,22 @@ package com.baeldung.loginextrafieldssimple;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.PropertySource; import org.springframework.context.annotation.PropertySource;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider; import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler; import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@EnableWebSecurity @EnableWebSecurity
@PropertySource("classpath:/application-extrafields.properties") @PropertySource("classpath:/application-extrafields.properties")
public class SecurityConfig extends WebSecurityConfigurerAdapter { public class SecurityConfig extends AbstractHttpConfigurer<SecurityConfig, HttpSecurity> {
@Autowired @Autowired
private UserDetailsService userDetailsService; private UserDetailsService userDetailsService;
@ -26,23 +27,36 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
private PasswordEncoder passwordEncoder; private PasswordEncoder passwordEncoder;
@Override @Override
protected void configure(HttpSecurity http) throws Exception { public void configure(HttpSecurity http) throws Exception {
AuthenticationManager authenticationManager = http.getSharedObject(AuthenticationManager.class);
http http.addFilterBefore(authenticationFilter(authenticationManager), UsernamePasswordAuthenticationFilter.class);
.addFilterBefore(authenticationFilter(), UsernamePasswordAuthenticationFilter.class)
.authorizeRequests()
.antMatchers("/css/**", "/index").permitAll()
.antMatchers("/user/**").authenticated()
.and()
.formLogin().loginPage("/login")
.and()
.logout()
.logoutUrl("/logout");
} }
public SimpleAuthenticationFilter authenticationFilter() throws Exception { public static SecurityConfig securityConfig() {
return new SecurityConfig();
}
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/css/**", "/index")
.permitAll()
.antMatchers("/user/**")
.authenticated()
.and()
.formLogin()
.loginPage("/login")
.and()
.logout()
.logoutUrl("/logout")
.and()
.apply(securityConfig());
return http.getOrBuild();
}
public SimpleAuthenticationFilter authenticationFilter(AuthenticationManager authenticationManager) throws Exception {
SimpleAuthenticationFilter filter = new SimpleAuthenticationFilter(); SimpleAuthenticationFilter filter = new SimpleAuthenticationFilter();
filter.setAuthenticationManager(authenticationManagerBean()); filter.setAuthenticationManager(authenticationManager);
filter.setAuthenticationFailureHandler(failureHandler()); filter.setAuthenticationFailureHandler(failureHandler());
return filter; return filter;
} }

View File

@ -3,12 +3,14 @@ package com.baeldung.security.config;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile; import org.springframework.context.annotation.Profile;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.AccessDeniedHandler; import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.AuthenticationFailureHandler; import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler; import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
@ -21,30 +23,38 @@ import com.baeldung.security.CustomLogoutSuccessHandler;
// @ImportResource({ "classpath:webSecurityConfig.xml" }) // @ImportResource({ "classpath:webSecurityConfig.xml" })
@EnableWebSecurity @EnableWebSecurity
@Profile("!https") @Profile("!https")
public class SecSecurityConfig extends WebSecurityConfigurerAdapter { public class SecSecurityConfig {
@Override @Bean
protected void configure(final AuthenticationManagerBuilder auth) throws Exception { public InMemoryUserDetailsManager userDetailsService() {
// @formatter:off UserDetails user1 = User.withUsername("user1")
auth.inMemoryAuthentication() .password(passwordEncoder().encode("user1Pass"))
.withUser("user1").password(passwordEncoder().encode("user1Pass")).roles("USER") .roles("USER")
.and() .build();
.withUser("user2").password(passwordEncoder().encode("user2Pass")).roles("USER") UserDetails user2 = User.withUsername("user2")
.and() .password(passwordEncoder().encode("user2Pass"))
.withUser("admin").password(passwordEncoder().encode("adminPass")).roles("ADMIN"); .roles("USER")
// @formatter:on .build();
UserDetails admin = User.withUsername("admin")
.password(passwordEncoder().encode("adminPass"))
.roles("ADMIN")
.build();
return new InMemoryUserDetailsManager(user1, user2, admin);
} }
@Override @Bean
protected void configure(final HttpSecurity http) throws Exception { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
// @formatter:off http.csrf()
http .disable()
.csrf().disable()
.authorizeRequests() .authorizeRequests()
.antMatchers("/admin/**").hasRole("ADMIN") .antMatchers("/admin/**")
.antMatchers("/anonymous*").anonymous() .hasRole("ADMIN")
.antMatchers("/login*").permitAll() .antMatchers("/anonymous*")
.anyRequest().authenticated() .anonymous()
.antMatchers("/login*")
.permitAll()
.anyRequest()
.authenticated()
.and() .and()
.formLogin() .formLogin()
.loginPage("/login.html") .loginPage("/login.html")
@ -60,7 +70,7 @@ public class SecSecurityConfig extends WebSecurityConfigurerAdapter {
// .and() // .and()
// .exceptionHandling().accessDeniedPage("/accessDenied"); // .exceptionHandling().accessDeniedPage("/accessDenied");
// .exceptionHandling().accessDeniedHandler(accessDeniedHandler()); // .exceptionHandling().accessDeniedHandler(accessDeniedHandler());
// @formatter:on return http.build();
} }
@Bean @Bean

View File

@ -3,10 +3,12 @@ package com.baeldung.spring;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile; import org.springframework.context.annotation.Profile;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler; import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import com.baeldung.security.CustomLogoutSuccessHandler; import com.baeldung.security.CustomLogoutSuccessHandler;
@ -15,31 +17,38 @@ import com.baeldung.security.CustomLogoutSuccessHandler;
// @ImportResource({ "classpath:channelWebSecurityConfig.xml" }) // @ImportResource({ "classpath:channelWebSecurityConfig.xml" })
@EnableWebSecurity @EnableWebSecurity
@Profile("https") @Profile("https")
public class ChannelSecSecurityConfig extends WebSecurityConfigurerAdapter { public class ChannelSecSecurityConfig {
@Override @Bean
protected void configure(final AuthenticationManagerBuilder auth) throws Exception { public InMemoryUserDetailsManager userDetailsService() {
// @formatter:off UserDetails user1 = User.withUsername("user1")
auth.inMemoryAuthentication() .password("user1Pass")
.withUser("user1").password("user1Pass").roles("USER") .roles("USER")
.and() .build();
.withUser("user2").password("user2Pass").roles("USER"); UserDetails user2 = User.withUsername("user2")
// @formatter:on .password("user2Pass")
.roles("USER")
.build();
return new InMemoryUserDetailsManager(user1, user2);
} }
@Override @Bean
protected void configure(final HttpSecurity http) throws Exception { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
// @formatter:off http.csrf()
http .disable()
.csrf().disable()
.authorizeRequests() .authorizeRequests()
.antMatchers("/anonymous*").anonymous() .antMatchers("/anonymous*")
.antMatchers("/login*").permitAll() .anonymous()
.anyRequest().authenticated() .antMatchers("/login*")
.permitAll()
.anyRequest()
.authenticated()
.and() .and()
.requiresChannel() .requiresChannel()
.antMatchers("/login*", "/perform_login").requiresSecure() .antMatchers("/login*", "/perform_login")
.anyRequest().requiresInsecure() .requiresSecure()
.anyRequest()
.requiresInsecure()
.and() .and()
.sessionManagement() .sessionManagement()
.sessionFixation() .sessionFixation()
@ -55,7 +64,7 @@ public class ChannelSecSecurityConfig extends WebSecurityConfigurerAdapter {
.logoutUrl("/perform_logout") .logoutUrl("/perform_logout")
.deleteCookies("JSESSIONID") .deleteCookies("JSESSIONID")
.logoutSuccessHandler(logoutSuccessHandler()); .logoutSuccessHandler(logoutSuccessHandler());
// @formatter:on return http.build();
} }
@Bean @Bean

View File

@ -1,26 +1,30 @@
package com.baeldung.spring; package com.baeldung.spring;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler; import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
//@Configuration //@Configuration
//@ImportResource({ "classpath:RedirectionWebSecurityConfig.xml" }) //@ImportResource({ "classpath:RedirectionWebSecurityConfig.xml" })
//@EnableWebSecurity //@EnableWebSecurity
//@Profile("!https") //@Profile("!https")
public class RedirectionSecurityConfig extends WebSecurityConfigurerAdapter { public class RedirectionSecurityConfig {
@Override @Bean
protected void configure(final AuthenticationManagerBuilder auth) throws Exception { public InMemoryUserDetailsManager userDetailsService() {
auth.inMemoryAuthentication() UserDetails user1 = User.withUsername("user1")
.withUser("user1")
.password("user1Pass") .password("user1Pass")
.roles("USER"); .roles("USER")
.build();
return new InMemoryUserDetailsManager(user1);
} }
@Override @Bean
protected void configure(final HttpSecurity http) throws Exception { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeRequests() http.authorizeRequests()
.antMatchers("/login*") .antMatchers("/login*")
.permitAll() .permitAll()
@ -30,6 +34,7 @@ public class RedirectionSecurityConfig extends WebSecurityConfigurerAdapter {
.formLogin() .formLogin()
.successHandler(new SavedRequestAwareAuthenticationSuccessHandler()); .successHandler(new SavedRequestAwareAuthenticationSuccessHandler());
// .successHandler(new RefererAuthenticationSuccessHandler()) // .successHandler(new RefererAuthenticationSuccessHandler())
return http.build();
} }
} }