JAVA-14879 Update spring-security-web-boot-1 under spring-security-modules to remove usage of deprecated WebSecurityConfigurerAdapter (#12758)

* JAVA-14879 Update spring-security-web-boot-1 under spring-security-modules to remove usage of deprecated WebSecurityConfigurerAdapter * JAVA-14879 Add missing CustomIpAuthenticationProvider to code
2022-10-02 12:01:02 +05:30 · 2022-10-02 12:01:02 +05:30 · 937e4f8262
parent 8c8bb9a0e1
commit 937e4f8262
5 changed files with 115 additions and 82 deletions
--- a/spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/relationships/SpringSecurityConfig.java
+++ b/spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/relationships/SpringSecurityConfig.java
@ -7,15 +7,18 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.data.repository.query.SecurityEvaluationContextExtension;
 import org.springframework.security.provisioning.JdbcUserDetailsManager;
 import org.springframework.security.provisioning.UserDetailsManager;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.web.context.WebApplicationContext;
 import com.baeldung.relationships.security.AuthenticationSuccessHandlerImpl;
@ -24,7 +27,7 @@ import com.baeldung.relationships.security.CustomUserDetailsService;
@Configuration
@EnableWebSecurity
@ComponentScan("com.baeldung.security")
-public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
+public class SpringSecurityConfig {
    @Autowired
    private WebApplicationContext applicationContext;
@ -42,24 +45,28 @@ public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
        userDetailsService = applicationContext.getBean(CustomUserDetailsService.class);
    }
-    @Override
+    @Bean
-    protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
+    public UserDetailsManager users(HttpSecurity http) throws Exception {
-        auth.userDetailsService(userDetailsService)
+        AuthenticationManager authenticationManager = http.getSharedObject(AuthenticationManagerBuilder.class)
            .userDetailsService(userDetailsService)
            .passwordEncoder(encoder())
            .and()
            .authenticationProvider(authenticationProvider())
-            .jdbcAuthentication()
+            .build();
-            .dataSource(dataSource);
+
        JdbcUserDetailsManager jdbcUserDetailsManager = new JdbcUserDetailsManager(dataSource);
        jdbcUserDetailsManager.setAuthenticationManager(authenticationManager);
        return jdbcUserDetailsManager;
    }
-    @Override
+    @Bean
-    public void configure(WebSecurity web) {
+    public WebSecurityCustomizer webSecurityCustomizer() {
-        web.ignoring()
+        return (web) -> web.ignoring()
            .antMatchers("/resources/**");
    }
-    @Override
+    @Bean
-    protected void configure(final HttpSecurity http) throws Exception {
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.authorizeRequests()
            .antMatchers("/login")
            .permitAll()
@ -70,6 +77,7 @@ public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
            .and()
            .csrf()
            .disable();
        return http.build();
    }
    @Bean
--- a/spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/roles/custom/config/SecurityConfig.java
+++ b/spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/roles/custom/config/SecurityConfig.java
@ -4,16 +4,16 @@ import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
@Configuration
@EnableWebSecurity
-public class SecurityConfig extends WebSecurityConfigurerAdapter {
+public class SecurityConfig {
-    @Override
+    @Bean
-    protected void configure(final HttpSecurity http) throws Exception {
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.csrf()
            .disable()
            .authorizeRequests()
@ -22,6 +22,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
            .and()
            .formLogin()
            .permitAll();
        return http.build();
    }
    @Bean
--- a/spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/roles/ip/config/SecurityConfig.java
+++ b/spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/roles/ip/config/SecurityConfig.java
@ -1,33 +1,50 @@
 package com.baeldung.roles.ip.config;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.security.web.SecurityFilterChain;
@Configuration
@EnableWebSecurity
-public class SecurityConfig extends WebSecurityConfigurerAdapter {
+public class SecurityConfig {
    @Autowired
    private CustomIpAuthenticationProvider authenticationProvider;
-    @Override
+    @Bean
-    protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
+    public InMemoryUserDetailsManager userDetailsService(HttpSecurity http) throws Exception {
-       auth.inMemoryAuthentication().withUser("john").password("{noop}123").authorities("ROLE_USER");
+        UserDetails user = User.withUsername("john")
-     //   auth.authenticationProvider(authenticationProvider);
+            .password("{noop}123")
            .authorities("ROLE_USER")
            .build();
        http.getSharedObject(AuthenticationManagerBuilder.class)
            .authenticationProvider(authenticationProvider)
            .build();
        return new InMemoryUserDetailsManager(user);
    }
-    @Override
+    @Bean
-    protected void configure(final HttpSecurity http) throws Exception {
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.authorizeRequests()
-            .antMatchers("/login").permitAll()
+            .antMatchers("/login")
-//            .antMatchers("/foos/**").hasIpAddress("11.11.11.11")
+            .permitAll()
-            .antMatchers("/foos/**").access("isAuthenticated() and hasIpAddress('11.11.11.11')")
+            .antMatchers("/foos/**")
-            .anyRequest().authenticated()
+            .access("isAuthenticated() and hasIpAddress('11.11.11.11')")
-            .and().formLogin().permitAll()
+            .anyRequest()
-            .and().csrf().disable();
+            .authenticated()
            .and()
            .formLogin()
            .permitAll()
            .and()
            .csrf()
            .disable();
        return http.build();
    }
 }
--- a/spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/roles/rolesauthorities/config/SecurityConfig.java
+++ b/spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/roles/rolesauthorities/config/SecurityConfig.java
@ -1,26 +1,28 @@
 package com.baeldung.roles.rolesauthorities.config;
 import com.baeldung.roles.rolesauthorities.CustomAuthenticationProvider;
 import com.baeldung.roles.rolesauthorities.persistence.UserRepository;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
 import com.baeldung.roles.rolesauthorities.CustomAuthenticationProvider;
 import com.baeldung.roles.rolesauthorities.persistence.UserRepository;
@Configuration
@ComponentScan(basePackages = {"com.baeldung.rolesauthorities"})
@EnableWebSecurity
-public class SecurityConfig extends WebSecurityConfigurerAdapter {
+public class SecurityConfig {
 	@Autowired
 	private UserRepository userRepository;
@ -31,27 +33,30 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private LogoutSuccessHandler myLogoutSuccessHandler;
-    @Override
+    @Bean
-    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+    public AuthenticationManager authManager(HttpSecurity http) throws Exception {
-        auth.authenticationProvider(authProvider());
+        return http.getSharedObject(AuthenticationManagerBuilder.class)
            .authenticationProvider(authProvider())
            .build();
    }
-    @Override
+    @Bean
-    public void configure(WebSecurity web) throws Exception {
+    public WebSecurityCustomizer webSecurityCustomizer() {
-        web.ignoring()
+        return (web) -> web.ignoring()
            .antMatchers("/resources/**");
    }
-    
+    @Bean
-    @Override
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-    protected void configure(HttpSecurity http) throws Exception {
+        http.csrf()
-    	
+            .disable()
        http
            .csrf().disable()
            .authorizeRequests()
-                .antMatchers("/login*", "/logout*", "/protectedbynothing*", "/home*").permitAll()
+            .antMatchers("/login*", "/logout*", "/protectedbynothing*", "/home*")
-                .antMatchers("/protectedbyrole").hasRole("USER")
+            .permitAll()
-                .antMatchers("/protectedbyauthority").hasAuthority("READ_PRIVILEGE")
+            .antMatchers("/protectedbyrole")
            .hasRole("USER")
            .antMatchers("/protectedbyauthority")
            .hasAuthority("READ_PRIVILEGE")
            .and()
            .formLogin()
            .loginPage("/login")
@ -64,6 +69,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
            .logoutSuccessUrl("/logout.html?logSucc=true")
            .deleteCookies("JSESSIONID")
            .permitAll();
        return http.build();
    }
    @Bean
--- a/spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/roles/voter/WebSecurityConfig.java
+++ b/spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/roles/voter/WebSecurityConfig.java
@ -1,5 +1,8 @@
 package com.baeldung.roles.voter;
 import java.util.Arrays;
 import java.util.List;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@ -11,17 +14,14 @@ import org.springframework.security.access.vote.UnanimousBased;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.access.expression.WebExpressionVoter;
 import java.util.Arrays;
 import java.util.List;
@Configuration
@EnableWebSecurity
-public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+public class WebSecurityConfig {
    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
@ -36,10 +36,9 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
        .roles("ADMIN");
    }
-    @Override
+    @Bean
-    protected void configure(HttpSecurity http) throws Exception {
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        http
+        http.csrf()
        .csrf()
            .disable()
            .authorizeRequests()
            .anyRequest()
@ -51,7 +50,9 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
            .and()
            .logout()
            .permitAll()
-        .deleteCookies("JSESSIONID").logoutSuccessUrl("/login");
+            .deleteCookies("JSESSIONID")
            .logoutSuccessUrl("/login");
        return http.build();
    }
    @Bean