JAVA-14877 Update spring-security-core-2 under spring-security-modules to remove usage of deprecated WebSecurityConfigurerAdapter (#12875)

2022-10-19 00:46:38 +05:30 · 2022-10-19 00:46:38 +05:30 · a613929ed9
parent 0c7e1e7a49
commit a613929ed9
6 changed files with 60 additions and 70 deletions
--- a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/authresolver/CustomWebSecurityConfigurer.java
+++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/authresolver/CustomWebSecurityConfigurer.java
@ -2,22 +2,23 @@ package com.baeldung.authresolver;

 import java.util.Collections;
 import javax.servlet.http.HttpServletRequest;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.AuthenticationManagerResolver;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.AuthenticationConverter;
 import org.springframework.security.web.authentication.AuthenticationFilter;
 import org.springframework.security.web.authentication.www.BasicAuthenticationConverter;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;

@Configuration
-public class CustomWebSecurityConfigurer extends WebSecurityConfigurerAdapter {
+public class CustomWebSecurityConfigurer {

    public AuthenticationConverter authenticationConverter() {
        return new BasicAuthenticationConverter();
@ -85,12 +86,10 @@ public class CustomWebSecurityConfigurer extends WebSecurityConfigurerAdapter {
        };
    }

-    @Override
-    protected void configure(HttpSecurity http) {
-        http.addFilterBefore(
-          authenticationFilter(),
-          BasicAuthenticationFilter.class
-        );
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http.addFilterBefore(authenticationFilter(), BasicAuthenticationFilter.class);
+        return http.build();
    }

 }
--- a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/dsl/SecurityConfig.java
+++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/dsl/SecurityConfig.java
@ -2,17 +2,19 @@ package com.baeldung.dsl;

 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;

@Configuration
-public class SecurityConfig extends WebSecurityConfigurerAdapter {
+public class SecurityConfig {

-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.authorizeRequests()
            .antMatchers("/admin*")
            .hasAnyRole("ADMIN")
@ -22,6 +24,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
            .formLogin()
            .and()
            .apply(clientErrorLogging());
+        return http.build();
    }

    @Bean
@ -29,17 +32,17 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
        return new ClientErrorLoggingConfigurer();
    }

-    @Override
-    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-        auth.inMemoryAuthentication()
-            .passwordEncoder(passwordEncoder())
-            .withUser("user1")
+    @Bean
+    public InMemoryUserDetailsManager userDetailsService() {
+        UserDetails user1 = User.withUsername("user1")
            .password(passwordEncoder().encode("user"))
            .roles("USER")
-            .and()
-            .withUser("admin")
+            .build();
+        UserDetails admin = User.withUsername("admin")
            .password(passwordEncoder().encode("admin"))
-            .roles("ADMIN");
+            .roles("ADMIN")
+            .build();
+        return new InMemoryUserDetailsManager(user1, admin);
    }

    @Bean
--- a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/exceptionhandler/security/SecurityConfig.java
+++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/exceptionhandler/security/SecurityConfig.java
@ -1,21 +1,20 @@
 package com.baeldung.exceptionhandler.security;

 import org.springframework.context.annotation.Bean;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.factory.PasswordEncoderFactories;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.access.AccessDeniedHandler;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;

@EnableWebSecurity
-public class SecurityConfig extends WebSecurityConfigurerAdapter {
+public class SecurityConfig {

    @Bean
    public UserDetailsService userDetailsService() {
@ -40,20 +39,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
        return userDetailsManager;
    }

-    @Override
-    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-        auth.inMemoryAuthentication()
-            .withUser("user")
-            .password("{noop}password")
-            .roles("USER")
-            .and()
-            .withUser("admin")
-            .password("{noop}password")
-            .roles("ADMIN");
-    }
-
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.csrf()
            .disable()
            .httpBasic()
@ -78,6 +65,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
            .accessDeniedHandler(accessDeniedHandler())
            .and()
            .logout();
+        return http.build();
    }

    @Bean
--- a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/global/exceptionhandler/security/CustomSecurityConfig.java
+++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/global/exceptionhandler/security/CustomSecurityConfig.java
@ -4,19 +4,18 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.security.web.SecurityFilterChain;

@Configuration
@EnableWebSecurity
-public class CustomSecurityConfig extends WebSecurityConfigurerAdapter {
+public class CustomSecurityConfig {

    @Autowired
    @Qualifier("customAuthenticationEntryPoint")
@ -33,8 +32,8 @@ public class CustomSecurityConfig extends WebSecurityConfigurerAdapter {
        return userDetailsManager;
    }

-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.requestMatchers()
            .antMatchers("/login")
            .and()
@ -46,13 +45,7 @@ public class CustomSecurityConfig extends WebSecurityConfigurerAdapter {
            .and()
            .exceptionHandling()
            .authenticationEntryPoint(authEntryPoint);
+        return http.build();
    }

-    @Override
-    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-        auth.inMemoryAuthentication()
-            .withUser("admin")
-            .password("password")
-            .roles("ADMIN");
-    }
 }
--- a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/global/exceptionhandler/security/DelegatedSecurityConfig.java
+++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/global/exceptionhandler/security/DelegatedSecurityConfig.java
@ -2,25 +2,28 @@ package com.baeldung.global.exceptionhandler.security;

 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.annotation.Order;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.security.web.SecurityFilterChain;

@Configuration
@EnableWebSecurity
@Order(101)
-public class DelegatedSecurityConfig extends WebSecurityConfigurerAdapter {
+public class DelegatedSecurityConfig {

    @Autowired
    @Qualifier("delegatedAuthenticationEntryPoint")
    AuthenticationEntryPoint authEntryPoint;

-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.requestMatchers()
            .antMatchers("/login-handler")
            .and()
@ -32,13 +35,15 @@ public class DelegatedSecurityConfig extends WebSecurityConfigurerAdapter {
            .and()
            .exceptionHandling()
            .authenticationEntryPoint(authEntryPoint);
+        return http.build();
    }

-    @Override
-    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-        auth.inMemoryAuthentication()
-            .withUser("admin")
+    @Bean
+    public InMemoryUserDetailsManager userDetailsService() {
+        UserDetails admin = User.withUsername("admin")
            .password("password")
-            .roles("ADMIN");
+            .roles("ADMIN")
+            .build();
+        return new InMemoryUserDetailsManager(admin);
    }
 }
--- a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/xss/SecurityConf.java
+++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/xss/SecurityConf.java
@ -1,25 +1,27 @@
 package com.baeldung.xss;

+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.builders.WebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
+import org.springframework.security.web.SecurityFilterChain;

@Configuration
-public class SecurityConf extends WebSecurityConfigurerAdapter {
+public class SecurityConf {

-    @Override
-    public void configure(WebSecurity web) {
+    @Bean
+    public WebSecurityCustomizer webSecurityCustomizer() {
        // Ignoring here is only for this example. Normally people would apply their own authentication/authorization policies
-        web.ignoring().antMatchers("/**");
+        return (web) -> web.ignoring()
+            .antMatchers("/**");
    }

-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        http
-            .headers()
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http.headers()
            .xssProtection()
            .and()
            .contentSecurityPolicy("script-src 'self'");
+        return http.build();
    }
 }