JAVA-29329 Upgrade spring-security-web-rest-basic-auth (#15457)
Co-authored-by: timis1 <noreplay@yahoo.com>
This commit is contained in:
parent
750cc9b748
commit
a5b9e8fde2
|
@ -10,8 +10,9 @@
|
|||
|
||||
<parent>
|
||||
<groupId>com.baeldung</groupId>
|
||||
<artifactId>spring-security-modules</artifactId>
|
||||
<artifactId>parent-boot-3</artifactId>
|
||||
<version>0.0.1-SNAPSHOT</version>
|
||||
<relativePath>../../parent-boot-3</relativePath>
|
||||
</parent>
|
||||
|
||||
<dependencies>
|
||||
|
@ -92,8 +93,8 @@
|
|||
</exclusions>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.apache.httpcomponents</groupId>
|
||||
<artifactId>httpclient</artifactId>
|
||||
<groupId>org.apache.httpcomponents.client5</groupId>
|
||||
<artifactId>httpclient5</artifactId>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
<artifactId>commons-logging</artifactId>
|
||||
|
@ -101,19 +102,6 @@
|
|||
</exclusion>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
<!-- web -->
|
||||
<dependency>
|
||||
<groupId>javax.servlet</groupId>
|
||||
<artifactId>javax.servlet-api</artifactId>
|
||||
<version>${javax.servlet-api.version}</version>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>javax.servlet</groupId>
|
||||
<artifactId>jstl</artifactId>
|
||||
<version>${jstl.version}</version>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<!-- util -->
|
||||
<dependency>
|
||||
<groupId>com.google.guava</groupId>
|
||||
|
@ -127,9 +115,9 @@
|
|||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>javax.xml.bind</groupId>
|
||||
<artifactId>jaxb-api</artifactId>
|
||||
<version>${jaxb-api.version}</version>
|
||||
<groupId>jakarta.xml.bind</groupId>
|
||||
<artifactId>jakarta.xml.bind-api</artifactId>
|
||||
<version>4.0.1</version>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
|
@ -230,6 +218,7 @@
|
|||
<httpclient.version>4.5.8</httpclient.version>
|
||||
<!-- Maven plugins -->
|
||||
<cargo-maven2-plugin.version>1.6.1</cargo-maven2-plugin.version>
|
||||
<start-class>com.baeldung.inmemory.InMemoryAuthApplication</start-class>
|
||||
</properties>
|
||||
|
||||
</project>
|
|
@ -4,9 +4,8 @@ import org.springframework.security.core.AuthenticationException;
|
|||
import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
import java.io.IOException;
|
||||
import java.io.PrintWriter;
|
||||
|
||||
|
|
|
@ -2,13 +2,13 @@ package com.baeldung.client;
|
|||
|
||||
import java.net.URI;
|
||||
|
||||
import org.apache.http.HttpHost;
|
||||
import org.apache.http.client.AuthCache;
|
||||
import org.apache.http.client.protocol.HttpClientContext;
|
||||
import org.apache.http.impl.auth.BasicScheme;
|
||||
import org.apache.http.impl.client.BasicAuthCache;
|
||||
import org.apache.http.protocol.BasicHttpContext;
|
||||
import org.apache.http.protocol.HttpContext;
|
||||
import org.apache.hc.client5.http.auth.AuthCache;
|
||||
import org.apache.hc.client5.http.impl.auth.BasicAuthCache;
|
||||
import org.apache.hc.client5.http.impl.auth.BasicScheme;
|
||||
import org.apache.hc.client5.http.protocol.HttpClientContext;
|
||||
import org.apache.hc.core5.http.HttpHost;
|
||||
import org.apache.hc.core5.http.protocol.BasicHttpContext;
|
||||
import org.apache.hc.core5.http.protocol.HttpContext;
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
package com.baeldung.client;
|
||||
|
||||
import org.apache.http.HttpHost;
|
||||
import org.apache.hc.core5.http.HttpHost;
|
||||
import org.springframework.beans.factory.FactoryBean;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.http.client.ClientHttpRequestFactory;
|
||||
|
@ -35,7 +35,7 @@ public class RestTemplateFactory implements FactoryBean<RestTemplate>, Initializ
|
|||
|
||||
@Override
|
||||
public void afterPropertiesSet() {
|
||||
HttpHost host = new HttpHost("localhost", 8082, "http");
|
||||
HttpHost host = new HttpHost( "http", "localhost", 8082);
|
||||
final ClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactoryBasicAuth(host);
|
||||
restTemplate = new RestTemplate(requestFactory);
|
||||
restTemplate.getInterceptors().add(new BasicAuthenticationInterceptor("user1", "user1Pass"));
|
||||
|
|
|
@ -2,10 +2,10 @@ package com.baeldung.filter;
|
|||
|
||||
import org.springframework.web.filter.GenericFilterBean;
|
||||
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
import jakarta.servlet.FilterChain;
|
||||
import jakarta.servlet.ServletException;
|
||||
import jakarta.servlet.ServletRequest;
|
||||
import jakarta.servlet.ServletResponse;
|
||||
import java.io.IOException;
|
||||
|
||||
public class CustomFilter extends GenericFilterBean {
|
||||
|
|
|
@ -30,14 +30,10 @@ public class CustomWebSecurityConfigurerAdapter {
|
|||
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests()
|
||||
.antMatchers("/securityNone")
|
||||
.permitAll()
|
||||
.anyRequest()
|
||||
.authenticated()
|
||||
.and()
|
||||
.httpBasic()
|
||||
.authenticationEntryPoint(authenticationEntryPoint);
|
||||
http.authorizeHttpRequests(expressionInterceptUrlRegistry ->
|
||||
expressionInterceptUrlRegistry.requestMatchers("/securityNone").permitAll()
|
||||
.anyRequest().authenticated())
|
||||
.httpBasic(httpSecurityHttpBasicConfigurer -> httpSecurityHttpBasicConfigurer.authenticationEntryPoint(authenticationEntryPoint));
|
||||
http.addFilterAfter(new CustomFilter(), BasicAuthenticationFilter.class);
|
||||
return http.build();
|
||||
}
|
||||
|
|
|
@ -2,6 +2,7 @@ package com.baeldung.inmemory;
|
|||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
|
@ -25,13 +26,11 @@ public class InMemoryAuthWebSecurityConfigurer {
|
|||
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests()
|
||||
.antMatchers("/private/**")
|
||||
.authenticated()
|
||||
.antMatchers("/public/**")
|
||||
.permitAll()
|
||||
.and()
|
||||
.httpBasic();
|
||||
http.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry ->
|
||||
authorizationManagerRequestMatcherRegistry.requestMatchers("/private/**").authenticated()
|
||||
.requestMatchers("/public/**").permitAll()
|
||||
)
|
||||
.httpBasic(Customizer.withDefaults());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
package com.baeldung.inmemory;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
|
@ -21,13 +22,9 @@ public class InMemoryNoOpAuthWebSecurityConfigurer {
|
|||
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests()
|
||||
.antMatchers("/private/**")
|
||||
.authenticated()
|
||||
.antMatchers("/public/**")
|
||||
.permitAll()
|
||||
.and()
|
||||
.httpBasic();
|
||||
http.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> authorizationManagerRequestMatcherRegistry.requestMatchers("/private/**").authenticated()
|
||||
.requestMatchers("/public/**").permitAll())
|
||||
.httpBasic(Customizer.withDefaults());
|
||||
return http.build();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -46,7 +46,7 @@ public class PasswordStorageWebSecurityConfigurer {
|
|||
PasswordEncoder defaultEncoder = new StandardPasswordEncoder();
|
||||
Map<String, PasswordEncoder> encoders = new HashMap<>();
|
||||
encoders.put("bcrypt", new BCryptPasswordEncoder());
|
||||
encoders.put("scrypt", new SCryptPasswordEncoder());
|
||||
encoders.put("scrypt", new SCryptPasswordEncoder(1, 1, 1, 1, 10));
|
||||
encoders.put("noop", NoOpPasswordEncoder.getInstance());
|
||||
|
||||
DelegatingPasswordEncoder passwordEncoder = new DelegatingPasswordEncoder("bcrypt", encoders);
|
||||
|
|
|
@ -2,9 +2,9 @@ package com.baeldung.security;
|
|||
|
||||
import java.io.IOException;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import jakarta.servlet.ServletException;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
|
||||
|
|
|
@ -2,8 +2,8 @@ package com.baeldung.security;
|
|||
|
||||
import java.io.IOException;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||
|
@ -16,8 +16,7 @@ import org.springframework.stereotype.Component;
|
|||
public final class RestAuthenticationEntryPoint implements AuthenticationEntryPoint {
|
||||
|
||||
@Override
|
||||
public void commence(final HttpServletRequest request, final HttpServletResponse response, final AuthenticationException authException) throws IOException {
|
||||
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException {
|
||||
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
|
||||
}
|
||||
|
||||
}
|
|
@ -2,8 +2,9 @@ package com.baeldung.web.controller;
|
|||
|
||||
import java.nio.charset.Charset;
|
||||
|
||||
import org.apache.commons.codec.binary.Base64;
|
||||
import com.baeldung.web.dto.Bar;
|
||||
|
||||
import org.apache.hc.client5.http.utils.Base64;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.ApplicationEventPublisher;
|
||||
import org.springframework.http.HttpHeaders;
|
||||
|
|
|
@ -2,7 +2,7 @@ package com.baeldung.web.dto;
|
|||
|
||||
import java.io.Serializable;
|
||||
|
||||
import javax.xml.bind.annotation.XmlRootElement;
|
||||
import jakarta.xml.bind.annotation.XmlRootElement;
|
||||
|
||||
@XmlRootElement
|
||||
public class Bar implements Serializable {
|
||||
|
|
|
@ -2,7 +2,7 @@ package com.baeldung.web.dto;
|
|||
|
||||
import java.io.Serializable;
|
||||
|
||||
import javax.xml.bind.annotation.XmlRootElement;
|
||||
import jakarta.xml.bind.annotation.XmlRootElement;
|
||||
|
||||
@XmlRootElement
|
||||
public class Foo implements Serializable {
|
||||
|
|
|
@ -11,6 +11,7 @@
|
|||
|
||||
<http-basic entry-point-ref="myBasicAuthenticationEntryPoint"/>
|
||||
|
||||
<intercept-url pattern="/**" access="permitAll" />
|
||||
</http>
|
||||
|
||||
<authentication-manager>
|
||||
|
|
Loading…
Reference in New Issue