JAVA-14879 Update spring-security-web-boot-1 under spring-security-modules to remove usage of deprecated WebSecurityConfigurerAdapter (#12758)

* JAVA-14879 Update spring-security-web-boot-1 under spring-security-modules to remove usage of deprecated WebSecurityConfigurerAdapter

* JAVA-14879 Add missing CustomIpAuthenticationProvider to code
This commit is contained in:
anuragkumawat 2022-10-02 12:01:02 +05:30 committed by GitHub
parent 8c8bb9a0e1
commit 937e4f8262
5 changed files with 115 additions and 82 deletions

View File

@ -7,15 +7,18 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.data.repository.query.SecurityEvaluationContextExtension;
import org.springframework.security.provisioning.JdbcUserDetailsManager;
import org.springframework.security.provisioning.UserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.web.context.WebApplicationContext;
import com.baeldung.relationships.security.AuthenticationSuccessHandlerImpl;
@ -24,7 +27,7 @@ import com.baeldung.relationships.security.CustomUserDetailsService;
@Configuration
@EnableWebSecurity
@ComponentScan("com.baeldung.security")
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
public class SpringSecurityConfig {
@Autowired
private WebApplicationContext applicationContext;
@ -42,24 +45,28 @@ public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
userDetailsService = applicationContext.getBean(CustomUserDetailsService.class);
}
@Override
protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService)
@Bean
public UserDetailsManager users(HttpSecurity http) throws Exception {
AuthenticationManager authenticationManager = http.getSharedObject(AuthenticationManagerBuilder.class)
.userDetailsService(userDetailsService)
.passwordEncoder(encoder())
.and()
.authenticationProvider(authenticationProvider())
.jdbcAuthentication()
.dataSource(dataSource);
.build();
JdbcUserDetailsManager jdbcUserDetailsManager = new JdbcUserDetailsManager(dataSource);
jdbcUserDetailsManager.setAuthenticationManager(authenticationManager);
return jdbcUserDetailsManager;
}
@Override
public void configure(WebSecurity web) {
web.ignoring()
@Bean
public WebSecurityCustomizer webSecurityCustomizer() {
return (web) -> web.ignoring()
.antMatchers("/resources/**");
}
@Override
protected void configure(final HttpSecurity http) throws Exception {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/login")
.permitAll()
@ -70,6 +77,7 @@ public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
.and()
.csrf()
.disable();
return http.build();
}
@Bean

View File

@ -4,16 +4,16 @@ import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
public class SecurityConfig {
@Override
protected void configure(final HttpSecurity http) throws Exception {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.csrf()
.disable()
.authorizeRequests()
@ -22,6 +22,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
.and()
.formLogin()
.permitAll();
return http.build();
}
@Bean

View File

@ -1,33 +1,50 @@
package com.baeldung.roles.ip.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
public class SecurityConfig {
@Autowired
private CustomIpAuthenticationProvider authenticationProvider;
@Override
protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("john").password("{noop}123").authorities("ROLE_USER");
// auth.authenticationProvider(authenticationProvider);
@Bean
public InMemoryUserDetailsManager userDetailsService(HttpSecurity http) throws Exception {
UserDetails user = User.withUsername("john")
.password("{noop}123")
.authorities("ROLE_USER")
.build();
http.getSharedObject(AuthenticationManagerBuilder.class)
.authenticationProvider(authenticationProvider)
.build();
return new InMemoryUserDetailsManager(user);
}
@Override
protected void configure(final HttpSecurity http) throws Exception {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/login").permitAll()
// .antMatchers("/foos/**").hasIpAddress("11.11.11.11")
.antMatchers("/foos/**").access("isAuthenticated() and hasIpAddress('11.11.11.11')")
.anyRequest().authenticated()
.and().formLogin().permitAll()
.and().csrf().disable();
.antMatchers("/login")
.permitAll()
.antMatchers("/foos/**")
.access("isAuthenticated() and hasIpAddress('11.11.11.11')")
.anyRequest()
.authenticated()
.and()
.formLogin()
.permitAll()
.and()
.csrf()
.disable();
return http.build();
}
}

View File

@ -1,26 +1,28 @@
package com.baeldung.roles.rolesauthorities.config;
import com.baeldung.roles.rolesauthorities.CustomAuthenticationProvider;
import com.baeldung.roles.rolesauthorities.persistence.UserRepository;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import com.baeldung.roles.rolesauthorities.CustomAuthenticationProvider;
import com.baeldung.roles.rolesauthorities.persistence.UserRepository;
@Configuration
@ComponentScan(basePackages = {"com.baeldung.rolesauthorities"})
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
public class SecurityConfig {
@Autowired
private UserRepository userRepository;
@ -31,39 +33,43 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private LogoutSuccessHandler myLogoutSuccessHandler;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(authProvider());
@Bean
public AuthenticationManager authManager(HttpSecurity http) throws Exception {
return http.getSharedObject(AuthenticationManagerBuilder.class)
.authenticationProvider(authProvider())
.build();
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
@Bean
public WebSecurityCustomizer webSecurityCustomizer() {
return (web) -> web.ignoring()
.antMatchers("/resources/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.csrf()
.disable()
.authorizeRequests()
.antMatchers("/login*", "/logout*", "/protectedbynothing*", "/home*").permitAll()
.antMatchers("/protectedbyrole").hasRole("USER")
.antMatchers("/protectedbyauthority").hasAuthority("READ_PRIVILEGE")
.and()
.antMatchers("/login*", "/logout*", "/protectedbynothing*", "/home*")
.permitAll()
.antMatchers("/protectedbyrole")
.hasRole("USER")
.antMatchers("/protectedbyauthority")
.hasAuthority("READ_PRIVILEGE")
.and()
.formLogin()
.loginPage("/login")
.failureUrl("/login?error=true")
.permitAll()
.and()
.loginPage("/login")
.failureUrl("/login?error=true")
.permitAll()
.and()
.logout()
.logoutSuccessHandler(myLogoutSuccessHandler)
.invalidateHttpSession(false)
.logoutSuccessUrl("/logout.html?logSucc=true")
.deleteCookies("JSESSIONID")
.permitAll();
.logoutSuccessHandler(myLogoutSuccessHandler)
.invalidateHttpSession(false)
.logoutSuccessUrl("/logout.html?logSucc=true")
.deleteCookies("JSESSIONID")
.permitAll();
return http.build();
}
@Bean

View File

@ -1,5 +1,8 @@
package com.baeldung.roles.voter;
import java.util.Arrays;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@ -11,17 +14,14 @@ import org.springframework.security.access.vote.UnanimousBased;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.expression.WebExpressionVoter;
import java.util.Arrays;
import java.util.List;
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
public class WebSecurityConfig {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
@ -36,22 +36,23 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
.roles("ADMIN");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf()
.disable()
.authorizeRequests()
.anyRequest()
.authenticated()
.accessDecisionManager(accessDecisionManager())
.and()
.formLogin()
.permitAll()
.and()
.logout()
.permitAll()
.deleteCookies("JSESSIONID").logoutSuccessUrl("/login");
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.csrf()
.disable()
.authorizeRequests()
.anyRequest()
.authenticated()
.accessDecisionManager(accessDecisionManager())
.and()
.formLogin()
.permitAll()
.and()
.logout()
.permitAll()
.deleteCookies("JSESSIONID")
.logoutSuccessUrl("/login");
return http.build();
}
@Bean