JAVA-14879 Update spring-security-web-boot-1 under spring-security-modules to remove usage of deprecated WebSecurityConfigurerAdapter (#12758)

* JAVA-14879 Update spring-security-web-boot-1 under spring-security-modules to remove usage of deprecated WebSecurityConfigurerAdapter * JAVA-14879 Add missing CustomIpAuthenticationProvider to code
2022-10-02 12:01:02 +05:30 · 2022-10-02 12:01:02 +05:30 · 937e4f8262
parent 8c8bb9a0e1
commit 937e4f8262
5 changed files with 115 additions and 82 deletions
--- a/spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/relationships/SpringSecurityConfig.java
+++ b/spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/relationships/SpringSecurityConfig.java
@ -7,15 +7,18 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.data.repository.query.SecurityEvaluationContextExtension;
+import org.springframework.security.provisioning.JdbcUserDetailsManager;
+import org.springframework.security.provisioning.UserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.web.context.WebApplicationContext;

 import com.baeldung.relationships.security.AuthenticationSuccessHandlerImpl;
@ -24,7 +27,7 @@ import com.baeldung.relationships.security.CustomUserDetailsService;
@Configuration
@EnableWebSecurity
@ComponentScan("com.baeldung.security")
-public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
+public class SpringSecurityConfig {

    @Autowired
    private WebApplicationContext applicationContext;
@ -42,24 +45,28 @@ public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
        userDetailsService = applicationContext.getBean(CustomUserDetailsService.class);
    }

-    @Override
-    protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
-        auth.userDetailsService(userDetailsService)
+    @Bean
+    public UserDetailsManager users(HttpSecurity http) throws Exception {
+        AuthenticationManager authenticationManager = http.getSharedObject(AuthenticationManagerBuilder.class)
+            .userDetailsService(userDetailsService)
            .passwordEncoder(encoder())
            .and()
            .authenticationProvider(authenticationProvider())
-            .jdbcAuthentication()
-            .dataSource(dataSource);
+            .build();
+
+        JdbcUserDetailsManager jdbcUserDetailsManager = new JdbcUserDetailsManager(dataSource);
+        jdbcUserDetailsManager.setAuthenticationManager(authenticationManager);
+        return jdbcUserDetailsManager;
    }

-    @Override
-    public void configure(WebSecurity web) {
-        web.ignoring()
+    @Bean
+    public WebSecurityCustomizer webSecurityCustomizer() {
+        return (web) -> web.ignoring()
            .antMatchers("/resources/**");
    }

-    @Override
-    protected void configure(final HttpSecurity http) throws Exception {
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.authorizeRequests()
            .antMatchers("/login")
            .permitAll()
@ -70,6 +77,7 @@ public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
            .and()
            .csrf()
            .disable();
+        return http.build();
    }

    @Bean
--- a/spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/roles/custom/config/SecurityConfig.java
+++ b/spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/roles/custom/config/SecurityConfig.java
@ -4,16 +4,16 @@ import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.SecurityFilterChain;

@Configuration
@EnableWebSecurity
-public class SecurityConfig extends WebSecurityConfigurerAdapter {
+public class SecurityConfig {

-    @Override
-    protected void configure(final HttpSecurity http) throws Exception {
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.csrf()
            .disable()
            .authorizeRequests()
@ -22,6 +22,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
            .and()
            .formLogin()
            .permitAll();
+        return http.build();
    }

    @Bean
--- a/spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/roles/ip/config/SecurityConfig.java
+++ b/spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/roles/ip/config/SecurityConfig.java
@ -1,33 +1,50 @@
 package com.baeldung.roles.ip.config;

 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;

@Configuration
@EnableWebSecurity
-public class SecurityConfig extends WebSecurityConfigurerAdapter {
+public class SecurityConfig {

    @Autowired
    private CustomIpAuthenticationProvider authenticationProvider;

-    @Override
-    protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
-       auth.inMemoryAuthentication().withUser("john").password("{noop}123").authorities("ROLE_USER");
-     //   auth.authenticationProvider(authenticationProvider);
+    @Bean
+    public InMemoryUserDetailsManager userDetailsService(HttpSecurity http) throws Exception {
+        UserDetails user = User.withUsername("john")
+            .password("{noop}123")
+            .authorities("ROLE_USER")
+            .build();
+        http.getSharedObject(AuthenticationManagerBuilder.class)
+            .authenticationProvider(authenticationProvider)
+            .build();
+        return new InMemoryUserDetailsManager(user);
    }

-    @Override
-    protected void configure(final HttpSecurity http) throws Exception {
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.authorizeRequests()
-            .antMatchers("/login").permitAll()
-//            .antMatchers("/foos/**").hasIpAddress("11.11.11.11")
-            .antMatchers("/foos/**").access("isAuthenticated() and hasIpAddress('11.11.11.11')")
-            .anyRequest().authenticated()
-            .and().formLogin().permitAll()
-            .and().csrf().disable();
+            .antMatchers("/login")
+            .permitAll()
+            .antMatchers("/foos/**")
+            .access("isAuthenticated() and hasIpAddress('11.11.11.11')")
+            .anyRequest()
+            .authenticated()
+            .and()
+            .formLogin()
+            .permitAll()
+            .and()
+            .csrf()
+            .disable();
+        return http.build();
    }
 }
--- a/spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/roles/rolesauthorities/config/SecurityConfig.java
+++ b/spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/roles/rolesauthorities/config/SecurityConfig.java
@ -1,26 +1,28 @@
 package com.baeldung.roles.rolesauthorities.config;

-import com.baeldung.roles.rolesauthorities.CustomAuthenticationProvider;
-import com.baeldung.roles.rolesauthorities.persistence.UserRepository;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;

+import com.baeldung.roles.rolesauthorities.CustomAuthenticationProvider;
+import com.baeldung.roles.rolesauthorities.persistence.UserRepository;
+
@Configuration
@ComponentScan(basePackages = {"com.baeldung.rolesauthorities"})
@EnableWebSecurity
-public class SecurityConfig extends WebSecurityConfigurerAdapter {
+public class SecurityConfig {

 	@Autowired
 	private UserRepository userRepository;
@ -31,39 +33,43 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private LogoutSuccessHandler myLogoutSuccessHandler;

-    @Override
-    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-        auth.authenticationProvider(authProvider());
+    @Bean
+    public AuthenticationManager authManager(HttpSecurity http) throws Exception {
+        return http.getSharedObject(AuthenticationManagerBuilder.class)
+            .authenticationProvider(authProvider())
+            .build();
    }

-    @Override
-    public void configure(WebSecurity web) throws Exception {
-        web.ignoring()
+    @Bean
+    public WebSecurityCustomizer webSecurityCustomizer() {
+        return (web) -> web.ignoring()
            .antMatchers("/resources/**");
    }
-
    
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-    	
-        http
-            .csrf().disable()
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http.csrf()
+            .disable()
            .authorizeRequests()
-                .antMatchers("/login*", "/logout*", "/protectedbynothing*", "/home*").permitAll()
-                .antMatchers("/protectedbyrole").hasRole("USER")
-                .antMatchers("/protectedbyauthority").hasAuthority("READ_PRIVILEGE")
-                .and()
+            .antMatchers("/login*", "/logout*", "/protectedbynothing*", "/home*")
+            .permitAll()
+            .antMatchers("/protectedbyrole")
+            .hasRole("USER")
+            .antMatchers("/protectedbyauthority")
+            .hasAuthority("READ_PRIVILEGE")
+            .and()
            .formLogin()
-                .loginPage("/login")
-                .failureUrl("/login?error=true")
-                .permitAll()
-                .and()
+            .loginPage("/login")
+            .failureUrl("/login?error=true")
+            .permitAll()
+            .and()
            .logout()
-                .logoutSuccessHandler(myLogoutSuccessHandler)
-                .invalidateHttpSession(false)
-                .logoutSuccessUrl("/logout.html?logSucc=true")
-                .deleteCookies("JSESSIONID")
-                .permitAll();
+            .logoutSuccessHandler(myLogoutSuccessHandler)
+            .invalidateHttpSession(false)
+            .logoutSuccessUrl("/logout.html?logSucc=true")
+            .deleteCookies("JSESSIONID")
+            .permitAll();
+        return http.build();
    }

    @Bean
--- a/spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/roles/voter/WebSecurityConfig.java
+++ b/spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/roles/voter/WebSecurityConfig.java
@ -1,5 +1,8 @@
 package com.baeldung.roles.voter;

+import java.util.Arrays;
+import java.util.List;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@ -11,17 +14,14 @@ import org.springframework.security.access.vote.UnanimousBased;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.access.expression.WebExpressionVoter;

-import java.util.Arrays;
-import java.util.List;
-
@Configuration
@EnableWebSecurity
-public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+public class WebSecurityConfig {

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
@ -36,22 +36,23 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
        .roles("ADMIN");
    }

-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        http
-        .csrf()
-        .disable()
-        .authorizeRequests()
-        .anyRequest()
-        .authenticated()
-        .accessDecisionManager(accessDecisionManager())
-        .and()
-        .formLogin()
-        .permitAll()
-        .and()
-        .logout()
-        .permitAll()
-        .deleteCookies("JSESSIONID").logoutSuccessUrl("/login");
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http.csrf()
+            .disable()
+            .authorizeRequests()
+            .anyRequest()
+            .authenticated()
+            .accessDecisionManager(accessDecisionManager())
+            .and()
+            .formLogin()
+            .permitAll()
+            .and()
+            .logout()
+            .permitAll()
+            .deleteCookies("JSESSIONID")
+            .logoutSuccessUrl("/login");
+        return http.build();
    }

    @Bean