JAVA-14866 Update spring-security-core module under spring-security-modules to remove usage of deprecated WebSecurityConfigurerAdapter

2022-09-20 20:25:21 +05:30 · 2022-09-20 20:25:21 +05:30 · 9f3ef7db7c
parent 2842e5cee7
commit 9f3ef7db7c
2 changed files with 66 additions and 33 deletions
--- a/spring-security-modules/spring-security-core/src/main/java/com/baeldung/app/config/WebSecurityConfig.java
+++ b/spring-security-modules/spring-security-core/src/main/java/com/baeldung/app/config/WebSecurityConfig.java
@ -1,32 +1,55 @@
 package com.baeldung.app.config;

-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
-public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+public class WebSecurityConfig {

-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        http.authorizeRequests().antMatchers("/css/**", "/js/**", "/loggedout").permitAll().anyRequest().authenticated().and().httpBasic().and().logout().disable().csrf().disable();
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http.authorizeRequests()
+            .antMatchers("/css/**", "/js/**", "/loggedout")
+            .permitAll()
+            .anyRequest()
+            .authenticated()
+            .and()
+            .httpBasic()
+            .and()
+            .logout()
+            .disable()
+            .csrf()
+            .disable();
+        return http.build();
    }

-    @Autowired
-    public void configureGlobal(AuthenticationManagerBuilder auth, PasswordEncoder passwordEncoder) throws Exception {
-        auth.inMemoryAuthentication()
-            .withUser("jim").password(passwordEncoder.encode("jim")).roles("USER", "ACTUATOR")
-            .and().withUser("pam").password(passwordEncoder.encode("pam")).roles("USER")
-            .and().withUser("michael").password(passwordEncoder.encode("michael")).roles("MANAGER");
-    }
+    @Bean
+    public InMemoryUserDetailsManager userDetailsService(PasswordEncoder passwordEncoder) {
+        UserDetails jim = User.withUsername("jim")
+            .password(passwordEncoder.encode("jim"))
+            .roles("USER", "ACTUATOR")
+            .build();

+        UserDetails pam = User.withUsername("pam")
+            .password(passwordEncoder.encode("pam"))
+            .roles("USER")
+            .build();
+
+        UserDetails michael = User.withUsername("michael")
+            .password(passwordEncoder.encode("michael"))
+            .roles("MANAGER")
+            .build();
+
+        return new InMemoryUserDetailsManager(jim, pam, michael);
+    }
 }
--- a/spring-security-modules/spring-security-core/src/main/java/com/baeldung/filterresponse/config/AppConfig.java
+++ b/spring-security-modules/spring-security-core/src/main/java/com/baeldung/filterresponse/config/AppConfig.java
@ -3,12 +3,14 @@ package com.baeldung.filterresponse.config;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

@ -16,23 +18,33 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@EnableWebMvc
@EnableWebSecurity
@ComponentScan("com.baeldung.filterresponse")
-public class AppConfig extends WebSecurityConfigurerAdapter implements WebMvcConfigurer {
+public class AppConfig implements WebMvcConfigurer {

-    @Override
-    protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
-        auth.inMemoryAuthentication()
-                .withUser("user").password(passwordEncoder().encode("userPass")).roles("USER")
-                .and()
-                .withUser("admin").password(passwordEncoder().encode("adminPass")).roles("ADMIN");
+    @Bean
+    public InMemoryUserDetailsManager userDetailsService(PasswordEncoder passwordEncoder) {
+        UserDetails user = User.withUsername("user")
+            .password(passwordEncoder.encode("userPass"))
+            .roles("USER")
+            .build();
+
+        UserDetails admin = User.withUsername("admin")
+            .password(passwordEncoder.encode("adminPass"))
+            .roles("ADMIN")
+            .build();
+
+        return new InMemoryUserDetailsManager(user, admin);
    }

-    @Override
-    protected void configure(final HttpSecurity http) throws Exception {
-        http
-                .csrf().disable()
-                .authorizeRequests()
-                .anyRequest().authenticated()
-                .and().httpBasic();
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http.csrf()
+            .disable()
+            .authorizeRequests()
+            .anyRequest()
+            .authenticated()
+            .and()
+            .httpBasic();
+        return http.build();
    }

    @Bean
@ -40,8 +52,6 @@ public class AppConfig extends WebSecurityConfigurerAdapter implements WebMvcCon
        return new BCryptPasswordEncoder();
    }

-
-
    public enum Role {
        ROLE_USER,
        ROLE_ADMIN