From 9f3ef7db7cfa341a6d605e44d9721fbcc08cd04b Mon Sep 17 00:00:00 2001 From: anuragkumawat Date: Tue, 20 Sep 2022 20:25:21 +0530 Subject: [PATCH] JAVA-14866 Update spring-security-core module under spring-security-modules to remove usage of deprecated WebSecurityConfigurerAdapter --- .../app/config/WebSecurityConfig.java | 53 +++++++++++++------ .../filterresponse/config/AppConfig.java | 46 +++++++++------- 2 files changed, 66 insertions(+), 33 deletions(-) diff --git a/spring-security-modules/spring-security-core/src/main/java/com/baeldung/app/config/WebSecurityConfig.java b/spring-security-modules/spring-security-core/src/main/java/com/baeldung/app/config/WebSecurityConfig.java index c0abd3cec1..34de9c1e23 100644 --- a/spring-security-modules/spring-security-core/src/main/java/com/baeldung/app/config/WebSecurityConfig.java +++ b/spring-security-modules/spring-security-core/src/main/java/com/baeldung/app/config/WebSecurityConfig.java @@ -1,32 +1,55 @@ package com.baeldung.app.config; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.provisioning.InMemoryUserDetailsManager; +import org.springframework.security.web.SecurityFilterChain; @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) -public class WebSecurityConfig extends WebSecurityConfigurerAdapter { +public class WebSecurityConfig { - @Override - protected void configure(HttpSecurity http) throws Exception { - http.authorizeRequests().antMatchers("/css/**", "/js/**", "/loggedout").permitAll().anyRequest().authenticated().and().httpBasic().and().logout().disable().csrf().disable(); + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + http.authorizeRequests() + .antMatchers("/css/**", "/js/**", "/loggedout") + .permitAll() + .anyRequest() + .authenticated() + .and() + .httpBasic() + .and() + .logout() + .disable() + .csrf() + .disable(); + return http.build(); } - @Autowired - public void configureGlobal(AuthenticationManagerBuilder auth, PasswordEncoder passwordEncoder) throws Exception { - auth.inMemoryAuthentication() - .withUser("jim").password(passwordEncoder.encode("jim")).roles("USER", "ACTUATOR") - .and().withUser("pam").password(passwordEncoder.encode("pam")).roles("USER") - .and().withUser("michael").password(passwordEncoder.encode("michael")).roles("MANAGER"); - } + @Bean + public InMemoryUserDetailsManager userDetailsService(PasswordEncoder passwordEncoder) { + UserDetails jim = User.withUsername("jim") + .password(passwordEncoder.encode("jim")) + .roles("USER", "ACTUATOR") + .build(); + UserDetails pam = User.withUsername("pam") + .password(passwordEncoder.encode("pam")) + .roles("USER") + .build(); + + UserDetails michael = User.withUsername("michael") + .password(passwordEncoder.encode("michael")) + .roles("MANAGER") + .build(); + + return new InMemoryUserDetailsManager(jim, pam, michael); + } } diff --git a/spring-security-modules/spring-security-core/src/main/java/com/baeldung/filterresponse/config/AppConfig.java b/spring-security-modules/spring-security-core/src/main/java/com/baeldung/filterresponse/config/AppConfig.java index 8ff6000129..439468f365 100644 --- a/spring-security-modules/spring-security-core/src/main/java/com/baeldung/filterresponse/config/AppConfig.java +++ b/spring-security-modules/spring-security-core/src/main/java/com/baeldung/filterresponse/config/AppConfig.java @@ -3,12 +3,14 @@ package com.baeldung.filterresponse.config; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.Configuration; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.provisioning.InMemoryUserDetailsManager; +import org.springframework.security.web.SecurityFilterChain; import org.springframework.web.servlet.config.annotation.EnableWebMvc; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; @@ -16,23 +18,33 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; @EnableWebMvc @EnableWebSecurity @ComponentScan("com.baeldung.filterresponse") -public class AppConfig extends WebSecurityConfigurerAdapter implements WebMvcConfigurer { +public class AppConfig implements WebMvcConfigurer { - @Override - protected void configure(final AuthenticationManagerBuilder auth) throws Exception { - auth.inMemoryAuthentication() - .withUser("user").password(passwordEncoder().encode("userPass")).roles("USER") - .and() - .withUser("admin").password(passwordEncoder().encode("adminPass")).roles("ADMIN"); + @Bean + public InMemoryUserDetailsManager userDetailsService(PasswordEncoder passwordEncoder) { + UserDetails user = User.withUsername("user") + .password(passwordEncoder.encode("userPass")) + .roles("USER") + .build(); + + UserDetails admin = User.withUsername("admin") + .password(passwordEncoder.encode("adminPass")) + .roles("ADMIN") + .build(); + + return new InMemoryUserDetailsManager(user, admin); } - @Override - protected void configure(final HttpSecurity http) throws Exception { - http - .csrf().disable() - .authorizeRequests() - .anyRequest().authenticated() - .and().httpBasic(); + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + http.csrf() + .disable() + .authorizeRequests() + .anyRequest() + .authenticated() + .and() + .httpBasic(); + return http.build(); } @Bean @@ -40,8 +52,6 @@ public class AppConfig extends WebSecurityConfigurerAdapter implements WebMvcCon return new BCryptPasswordEncoder(); } - - public enum Role { ROLE_USER, ROLE_ADMIN