JAVA-14867 Update spring-security-web-login module under spring-security-modules to remove usage of deprecated WebSecurityConfigurerAdapter (#12852)
This commit is contained in:
anuragkumawat
GitHub
parent
c4052100a0
commit
7cffc487ea
|
|
@ -3,19 +3,20 @@ package com.baeldung.loginextrafieldscustom;
|
|||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.PropertySource;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.AuthenticationProvider;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
|
||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
||||
|
||||
@EnableWebSecurity
|
||||
@PropertySource("classpath:/application-extrafields.properties")
|
||||
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
public class SecurityConfig extends AbstractHttpConfigurer<SecurityConfig, HttpSecurity> {
|
||||
|
||||
@Autowired
|
||||
private CustomUserDetailsService userDetailsService;
|
||||
|
|
@ -24,23 +25,36 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
private PasswordEncoder passwordEncoder;
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
|
||||
http
|
||||
.addFilterBefore(authenticationFilter(), UsernamePasswordAuthenticationFilter.class)
|
||||
.authorizeRequests()
|
||||
.antMatchers("/css/**", "/index").permitAll()
|
||||
.antMatchers("/user/**").authenticated()
|
||||
.and()
|
||||
.formLogin().loginPage("/login")
|
||||
.and()
|
||||
.logout()
|
||||
.logoutUrl("/logout");
|
||||
public void configure(HttpSecurity http) throws Exception {
|
||||
AuthenticationManager authenticationManager = http.getSharedObject(AuthenticationManager.class);
|
||||
http.addFilterBefore(authenticationFilter(authenticationManager), UsernamePasswordAuthenticationFilter.class);
|
||||
}
|
||||
|
||||
public CustomAuthenticationFilter authenticationFilter() throws Exception {
|
||||
public static SecurityConfig securityConfig() {
|
||||
return new SecurityConfig();
|
||||
}
|
||||
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests()
|
||||
.antMatchers("/css/**", "/index")
|
||||
.permitAll()
|
||||
.antMatchers("/user/**")
|
||||
.authenticated()
|
||||
.and()
|
||||
.formLogin()
|
||||
.loginPage("/login")
|
||||
.and()
|
||||
.logout()
|
||||
.logoutUrl("/logout")
|
||||
.and()
|
||||
.apply(securityConfig());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
public CustomAuthenticationFilter authenticationFilter(AuthenticationManager authenticationManager) throws Exception {
|
||||
CustomAuthenticationFilter filter = new CustomAuthenticationFilter();
|
||||
filter.setAuthenticationManager(authenticationManagerBean());
|
||||
filter.setAuthenticationManager(authenticationManager);
|
||||
filter.setAuthenticationFailureHandler(failureHandler());
|
||||
return filter;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,21 +3,22 @@ package com.baeldung.loginextrafieldssimple;
|
|||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.PropertySource;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.AuthenticationProvider;
|
||||
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
|
||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
||||
|
||||
@EnableWebSecurity
|
||||
@PropertySource("classpath:/application-extrafields.properties")
|
||||
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
public class SecurityConfig extends AbstractHttpConfigurer<SecurityConfig, HttpSecurity> {
|
||||
|
||||
@Autowired
|
||||
private UserDetailsService userDetailsService;
|
||||
|
|
@ -26,23 +27,36 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
private PasswordEncoder passwordEncoder;
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
|
||||
http
|
||||
.addFilterBefore(authenticationFilter(), UsernamePasswordAuthenticationFilter.class)
|
||||
.authorizeRequests()
|
||||
.antMatchers("/css/**", "/index").permitAll()
|
||||
.antMatchers("/user/**").authenticated()
|
||||
.and()
|
||||
.formLogin().loginPage("/login")
|
||||
.and()
|
||||
.logout()
|
||||
.logoutUrl("/logout");
|
||||
public void configure(HttpSecurity http) throws Exception {
|
||||
AuthenticationManager authenticationManager = http.getSharedObject(AuthenticationManager.class);
|
||||
http.addFilterBefore(authenticationFilter(authenticationManager), UsernamePasswordAuthenticationFilter.class);
|
||||
}
|
||||
|
||||
public SimpleAuthenticationFilter authenticationFilter() throws Exception {
|
||||
public static SecurityConfig securityConfig() {
|
||||
return new SecurityConfig();
|
||||
}
|
||||
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests()
|
||||
.antMatchers("/css/**", "/index")
|
||||
.permitAll()
|
||||
.antMatchers("/user/**")
|
||||
.authenticated()
|
||||
.and()
|
||||
.formLogin()
|
||||
.loginPage("/login")
|
||||
.and()
|
||||
.logout()
|
||||
.logoutUrl("/logout")
|
||||
.and()
|
||||
.apply(securityConfig());
|
||||
return http.getOrBuild();
|
||||
}
|
||||
|
||||
public SimpleAuthenticationFilter authenticationFilter(AuthenticationManager authenticationManager) throws Exception {
|
||||
SimpleAuthenticationFilter filter = new SimpleAuthenticationFilter();
|
||||
filter.setAuthenticationManager(authenticationManagerBean());
|
||||
filter.setAuthenticationManager(authenticationManager);
|
||||
filter.setAuthenticationFailureHandler(failureHandler());
|
||||
return filter;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,12 +3,14 @@ package com.baeldung.security.config;
|
|||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.context.annotation.Profile;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.access.AccessDeniedHandler;
|
||||
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
|
||||
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
|
||||
|
|
@ -21,30 +23,38 @@ import com.baeldung.security.CustomLogoutSuccessHandler;
|
|||
// @ImportResource({ "classpath:webSecurityConfig.xml" })
|
||||
@EnableWebSecurity
|
||||
@Profile("!https")
|
||||
public class SecSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
public class SecSecurityConfig {
|
||||
|
||||
@Override
|
||||
protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
|
||||
// @formatter:off
|
||||
auth.inMemoryAuthentication()
|
||||
.withUser("user1").password(passwordEncoder().encode("user1Pass")).roles("USER")
|
||||
.and()
|
||||
.withUser("user2").password(passwordEncoder().encode("user2Pass")).roles("USER")
|
||||
.and()
|
||||
.withUser("admin").password(passwordEncoder().encode("adminPass")).roles("ADMIN");
|
||||
// @formatter:on
|
||||
@Bean
|
||||
public InMemoryUserDetailsManager userDetailsService() {
|
||||
UserDetails user1 = User.withUsername("user1")
|
||||
.password(passwordEncoder().encode("user1Pass"))
|
||||
.roles("USER")
|
||||
.build();
|
||||
UserDetails user2 = User.withUsername("user2")
|
||||
.password(passwordEncoder().encode("user2Pass"))
|
||||
.roles("USER")
|
||||
.build();
|
||||
UserDetails admin = User.withUsername("admin")
|
||||
.password(passwordEncoder().encode("adminPass"))
|
||||
.roles("ADMIN")
|
||||
.build();
|
||||
return new InMemoryUserDetailsManager(user1, user2, admin);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(final HttpSecurity http) throws Exception {
|
||||
// @formatter:off
|
||||
http
|
||||
.csrf().disable()
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http.csrf()
|
||||
.disable()
|
||||
.authorizeRequests()
|
||||
.antMatchers("/admin/**").hasRole("ADMIN")
|
||||
.antMatchers("/anonymous*").anonymous()
|
||||
.antMatchers("/login*").permitAll()
|
||||
.anyRequest().authenticated()
|
||||
.antMatchers("/admin/**")
|
||||
.hasRole("ADMIN")
|
||||
.antMatchers("/anonymous*")
|
||||
.anonymous()
|
||||
.antMatchers("/login*")
|
||||
.permitAll()
|
||||
.anyRequest()
|
||||
.authenticated()
|
||||
.and()
|
||||
.formLogin()
|
||||
.loginPage("/login.html")
|
||||
|
|
@ -60,7 +70,7 @@ public class SecSecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
// .and()
|
||||
// .exceptionHandling().accessDeniedPage("/accessDenied");
|
||||
// .exceptionHandling().accessDeniedHandler(accessDeniedHandler());
|
||||
// @formatter:on
|
||||
return http.build();
|
||||
}
|
||||
|
||||
@Bean
|
||||
|
|
|
|||
|
|
@ -3,10 +3,12 @@ package com.baeldung.spring;
|
|||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.context.annotation.Profile;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
|
||||
|
||||
import com.baeldung.security.CustomLogoutSuccessHandler;
|
||||
|
|
@ -15,31 +17,38 @@ import com.baeldung.security.CustomLogoutSuccessHandler;
|
|||
// @ImportResource({ "classpath:channelWebSecurityConfig.xml" })
|
||||
@EnableWebSecurity
|
||||
@Profile("https")
|
||||
public class ChannelSecSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
public class ChannelSecSecurityConfig {
|
||||
|
||||
@Override
|
||||
protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
|
||||
// @formatter:off
|
||||
auth.inMemoryAuthentication()
|
||||
.withUser("user1").password("user1Pass").roles("USER")
|
||||
.and()
|
||||
.withUser("user2").password("user2Pass").roles("USER");
|
||||
// @formatter:on
|
||||
@Bean
|
||||
public InMemoryUserDetailsManager userDetailsService() {
|
||||
UserDetails user1 = User.withUsername("user1")
|
||||
.password("user1Pass")
|
||||
.roles("USER")
|
||||
.build();
|
||||
UserDetails user2 = User.withUsername("user2")
|
||||
.password("user2Pass")
|
||||
.roles("USER")
|
||||
.build();
|
||||
return new InMemoryUserDetailsManager(user1, user2);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(final HttpSecurity http) throws Exception {
|
||||
// @formatter:off
|
||||
http
|
||||
.csrf().disable()
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http.csrf()
|
||||
.disable()
|
||||
.authorizeRequests()
|
||||
.antMatchers("/anonymous*").anonymous()
|
||||
.antMatchers("/login*").permitAll()
|
||||
.anyRequest().authenticated()
|
||||
.antMatchers("/anonymous*")
|
||||
.anonymous()
|
||||
.antMatchers("/login*")
|
||||
.permitAll()
|
||||
.anyRequest()
|
||||
.authenticated()
|
||||
.and()
|
||||
.requiresChannel()
|
||||
.antMatchers("/login*", "/perform_login").requiresSecure()
|
||||
.anyRequest().requiresInsecure()
|
||||
.antMatchers("/login*", "/perform_login")
|
||||
.requiresSecure()
|
||||
.anyRequest()
|
||||
.requiresInsecure()
|
||||
.and()
|
||||
.sessionManagement()
|
||||
.sessionFixation()
|
||||
|
|
@ -55,7 +64,7 @@ public class ChannelSecSecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
.logoutUrl("/perform_logout")
|
||||
.deleteCookies("JSESSIONID")
|
||||
.logoutSuccessHandler(logoutSuccessHandler());
|
||||
// @formatter:on
|
||||
return http.build();
|
||||
}
|
||||
|
||||
@Bean
|
||||
|
|
|
|||
|
|
@ -1,26 +1,30 @@
|
|||
package com.baeldung.spring;
|
||||
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
|
||||
|
||||
//@Configuration
|
||||
//@ImportResource({ "classpath:RedirectionWebSecurityConfig.xml" })
|
||||
//@EnableWebSecurity
|
||||
//@Profile("!https")
|
||||
public class RedirectionSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
public class RedirectionSecurityConfig {
|
||||
|
||||
@Override
|
||||
protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
|
||||
auth.inMemoryAuthentication()
|
||||
.withUser("user1")
|
||||
@Bean
|
||||
public InMemoryUserDetailsManager userDetailsService() {
|
||||
UserDetails user1 = User.withUsername("user1")
|
||||
.password("user1Pass")
|
||||
.roles("USER");
|
||||
.roles("USER")
|
||||
.build();
|
||||
return new InMemoryUserDetailsManager(user1);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(final HttpSecurity http) throws Exception {
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests()
|
||||
.antMatchers("/login*")
|
||||
.permitAll()
|
||||
|
|
@ -30,6 +34,7 @@ public class RedirectionSecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
.formLogin()
|
||||
.successHandler(new SavedRequestAwareAuthenticationSuccessHandler());
|
||||
// .successHandler(new RefererAuthenticationSuccessHandler())
|
||||
return http.build();
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue