Merge pull request #7092 from Doha2012/master

upgrade spring security cloud
2019-06-06 22:58:46 +02:00 · 2019-06-06 22:58:46 +02:00 · 9d1396b99c
commit 9d1396b99c
parent f6a9d02b37 cf68c5c771
12 changed files with 46 additions and 36 deletions
--- a/spring-cloud/spring-cloud-security/auth-client/pom.xml
+++ b/spring-cloud/spring-cloud-security/auth-client/pom.xml
@ -24,7 +24,7 @@
        </dependency>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
-            <artifactId>spring-cloud-starter-zuul</artifactId>
+            <artifactId>spring-cloud-starter-netflix-zuul</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
@ -34,14 +34,16 @@
        <dependency>
            <groupId>org.webjars</groupId>
            <artifactId>jquery</artifactId>
+            <version>${jquery.version}</version>
        </dependency>
        <dependency>
            <groupId>org.webjars</groupId>
            <artifactId>bootstrap</artifactId>
+            <version>${bootstrap.version}</version>
        </dependency>
        <dependency>
            <groupId>org.webjars</groupId>
-            <artifactId>webjars-locator</artifactId>
+            <artifactId>webjars-locator-core</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
@ -62,8 +64,8 @@
            <artifactId>spring-boot-starter-thymeleaf</artifactId>
        </dependency>
        <dependency>
-            <groupId>org.springframework.security.oauth</groupId>
-            <artifactId>spring-security-oauth2</artifactId>
+            <groupId>org.springframework.security.oauth.boot</groupId>
+            <artifactId>spring-security-oauth2-autoconfigure</artifactId>
        </dependency>
    </dependencies>

@ -89,8 +91,10 @@
    </dependencyManagement>

    <properties>
-        <js-cookie.version>2.1.0</js-cookie.version>
-        <spring-cloud.version>Dalston.SR4</spring-cloud.version>
+        <js-cookie.version>2.2.0</js-cookie.version>
+        <spring-cloud.version>Greenwich.SR1</spring-cloud.version>
+        <jquery.version>3.4.1</jquery.version>
+        <bootstrap.version>4.3.1</bootstrap.version>
    </properties>

 </project>
--- a/spring-cloud/spring-cloud-security/auth-client/src/main/resources/application.properties
+++ b/spring-cloud/spring-cloud-security/auth-client/src/main/resources/application.properties
--- a/spring-cloud/spring-cloud-security/auth-client/src/main/resources/application.yml
+++ b/spring-cloud/spring-cloud-security/auth-client/src/main/resources/application.yml
@ -2,7 +2,8 @@
 # These are default settings, but we add them for clarity.
 server:
  port: 8080
-  contextPath: /
+  servlet:
+    context-path: /

 # Configure the Authorization Server and User Info Resource Server details
 security:
@ -21,6 +22,7 @@ person:
 # Proxies the calls to http://localhost:8080/api/* to our REST service at http://localhost:8081/*
 # and automatically includes our OAuth2 token in the request headers
 zuul:
+  sensitiveHeaders: Cookie,Set-Cookie  
  routes:
    resource:
      path: /api/**
--- a/spring-cloud/spring-cloud-security/auth-resource/pom.xml
+++ b/spring-cloud/spring-cloud-security/auth-resource/pom.xml
@ -19,8 +19,8 @@
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
-            <groupId>org.springframework.security.oauth</groupId>
-            <artifactId>spring-security-oauth2</artifactId>
+            <groupId>org.springframework.security.oauth.boot</groupId>
+            <artifactId>spring-security-oauth2-autoconfigure</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
@ -30,6 +30,7 @@
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-jwt</artifactId>
+            <version>${spring-jwt.version}</version>
        </dependency>
    </dependencies>

@ -55,7 +56,8 @@
    </build>

    <properties>
-        <spring-cloud.version>Edgware.RELEASE</spring-cloud.version>
+        <spring-cloud.version>Greenwich.SR1</spring-cloud.version>
+        <spring-jwt.version>1.0.10.RELEASE</spring-jwt.version>
    </properties>

 </project>
--- a/spring-cloud/spring-cloud-security/auth-resource/src/main/java/com/baeldung/config/ResourceConfigurer.java
+++ b/spring-cloud/spring-cloud-security/auth-resource/src/main/java/com/baeldung/config/ResourceConfigurer.java
@ -3,7 +3,7 @@ package com.baeldung.config;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
 import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;

@ -11,15 +11,18 @@ import org.springframework.security.oauth2.config.annotation.web.configuration.R
 *  REST API Resource Server.
 */
@Configuration
-@EnableWebSecurity
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true) // Allow method annotations like @PreAuthorize
 public class ResourceConfigurer extends ResourceServerConfigurerAdapter {

    @Override
    public void configure(HttpSecurity http) throws Exception {
-        http.httpBasic().disable();
-        http.authorizeRequests().anyRequest().authenticated();
+        http.sessionManagement()
+            .sessionCreationPolicy(SessionCreationPolicy.NEVER)
+            .and()
+            .authorizeRequests()
+            .anyRequest().authenticated();
+
    }

 }
--- a/spring-cloud/spring-cloud-security/auth-resource/src/main/resources/application.yml
+++ b/spring-cloud/spring-cloud-security/auth-resource/src/main/resources/application.yml
@ -5,7 +5,6 @@ server:

 # Configure the public key to use for verifying the incoming JWT tokens
 security:
-  sessions: NEVER
  oauth2:
    resource:
      jwt:
--- a/spring-cloud/spring-cloud-security/auth-server/pom.xml
+++ b/spring-cloud/spring-cloud-security/auth-server/pom.xml
@ -38,7 +38,7 @@
    </dependencies>
    
    <properties>
-        <spring-cloud-starter-oauth2.version>1.1.2.RELEASE</spring-cloud-starter-oauth2.version>
+        <spring-cloud-starter-oauth2.version>2.1.2.RELEASE</spring-cloud-starter-oauth2.version>
    </properties>

 </project>
--- a/spring-cloud/spring-cloud-security/auth-server/src/main/java/com/baeldung/config/AuthServerConfigurer.java
+++ b/spring-cloud/spring-cloud-security/auth-server/src/main/java/com/baeldung/config/AuthServerConfigurer.java
@ -9,6 +9,7 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.core.annotation.Order;
 import org.springframework.core.io.Resource;
 import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
 import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
@ -19,9 +20,7 @@ import org.springframework.security.oauth2.provider.token.store.KeyStoreKeyFacto
@Configuration
@EnableAuthorizationServer
@Order(6)
-public class AuthServerConfigurer
-    extends
-        AuthorizationServerConfigurerAdapter {
+public class AuthServerConfigurer extends AuthorizationServerConfigurerAdapter {

    @Value("${jwt.certificate.store.file}")
    private Resource keystore;
@ -37,6 +36,9 @@ public class AuthServerConfigurer

    @Autowired
    private UserDetailsService userDetailsService;
+    
+    @Autowired
+    private BCryptPasswordEncoder passwordEncoder;

    @Override
    public void configure(
@ -45,8 +47,8 @@ public class AuthServerConfigurer
        clients
            .inMemory()
            .withClient("authserver")
-            .secret("passwordforauthserver")
-            .redirectUris("http://localhost:8080/")
+            .secret(passwordEncoder.encode("passwordforauthserver"))
+            .redirectUris("http://localhost:8080/login")
            .authorizedGrantTypes("authorization_code",
                "refresh_token")
            .scopes("myscope")
--- a/spring-cloud/spring-cloud-security/auth-server/src/main/java/com/baeldung/config/WebMvcConfigurer.java
+++ b/spring-cloud/spring-cloud-security/auth-server/src/main/java/com/baeldung/config/WebMvcConfigurer.java
@ -2,10 +2,10 @@ package com.baeldung.config;

 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
-import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

@Configuration
-public class WebMvcConfigurer extends WebMvcConfigurerAdapter {
+public class WebMvcConfig implements WebMvcConfigurer {

    @Override
    public void addViewControllers(ViewControllerRegistry registry) {
--- a/spring-cloud/spring-cloud-security/auth-server/src/main/java/com/baeldung/config/WebSecurityConfigurer.java
+++ b/spring-cloud/spring-cloud-security/auth-server/src/main/java/com/baeldung/config/WebSecurityConfigurer.java
@ -6,8 +6,8 @@ import org.springframework.security.config.annotation.authentication.builders.Au
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-
 import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;

@Configuration
@ -34,7 +34,7 @@ public class WebSecurityConfigurer
        AuthenticationManagerBuilder auth) throws Exception {
        auth
            .inMemoryAuthentication()
-            .withUser("user").password("user")
+            .withUser("user").password(passwordEncoder().encode("user"))
            .roles("USER")
            .and()
            .withUser("admin").password("admin")
@ -48,5 +48,9 @@ public class WebSecurityConfigurer
        return super.userDetailsServiceBean();
    }

+    @Bean
+    public BCryptPasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }

 }
--- a/spring-cloud/spring-cloud-security/auth-server/src/main/resources/application.yml
+++ b/spring-cloud/spring-cloud-security/auth-server/src/main/resources/application.yml
@ -1,7 +1,8 @@
 # Make the application available at http://localhost:7070/authserver
 server:
  port: 7070
-  contextPath: /authserver
+  servlet: 
+    context-path: /authserver

 # Our certificate settings for enabling JWT tokens
 jwt:
@ -11,11 +12,4 @@ jwt:
      password: abirkhan04
    key:
      alias: myauthkey
-      password: abirkhan04
-
-      
-security:
-  oauth2:
-    resource: 
-      filter-order: 3
-      
+      password: abirkhan04       
--- a/spring-cloud/spring-cloud-security/pom.xml
+++ b/spring-cloud/spring-cloud-security/pom.xml
@ -8,10 +8,10 @@
    <packaging>pom</packaging>

   <parent>
-        <artifactId>parent-boot-1</artifactId>
+        <artifactId>parent-boot-2</artifactId>
        <groupId>com.baeldung</groupId>
        <version>0.0.1-SNAPSHOT</version>
-        <relativePath>../../parent-boot-1</relativePath>
+        <relativePath>../../parent-boot-2</relativePath>
    </parent>
    
    <modules>