JAVA-14877 Update spring-security-core-2 under spring-security-modules to remove usage of deprecated WebSecurityConfigurerAdapter (#12875)
This commit is contained in:
parent
0c7e1e7a49
commit
a613929ed9
|
@ -2,22 +2,23 @@ package com.baeldung.authresolver;
|
||||||
|
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
import org.springframework.security.authentication.AuthenticationManager;
|
import org.springframework.security.authentication.AuthenticationManager;
|
||||||
import org.springframework.security.authentication.AuthenticationManagerResolver;
|
import org.springframework.security.authentication.AuthenticationManagerResolver;
|
||||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||||
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
||||||
|
import org.springframework.security.web.SecurityFilterChain;
|
||||||
import org.springframework.security.web.authentication.AuthenticationConverter;
|
import org.springframework.security.web.authentication.AuthenticationConverter;
|
||||||
import org.springframework.security.web.authentication.AuthenticationFilter;
|
import org.springframework.security.web.authentication.AuthenticationFilter;
|
||||||
import org.springframework.security.web.authentication.www.BasicAuthenticationConverter;
|
import org.springframework.security.web.authentication.www.BasicAuthenticationConverter;
|
||||||
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
|
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
|
||||||
|
|
||||||
@Configuration
|
@Configuration
|
||||||
public class CustomWebSecurityConfigurer extends WebSecurityConfigurerAdapter {
|
public class CustomWebSecurityConfigurer {
|
||||||
|
|
||||||
public AuthenticationConverter authenticationConverter() {
|
public AuthenticationConverter authenticationConverter() {
|
||||||
return new BasicAuthenticationConverter();
|
return new BasicAuthenticationConverter();
|
||||||
|
@ -85,12 +86,10 @@ public class CustomWebSecurityConfigurer extends WebSecurityConfigurerAdapter {
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Bean
|
||||||
protected void configure(HttpSecurity http) {
|
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||||
http.addFilterBefore(
|
http.addFilterBefore(authenticationFilter(), BasicAuthenticationFilter.class);
|
||||||
authenticationFilter(),
|
return http.build();
|
||||||
BasicAuthenticationFilter.class
|
|
||||||
);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,17 +2,19 @@ package com.baeldung.dsl;
|
||||||
|
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
import org.springframework.security.core.userdetails.User;
|
||||||
|
import org.springframework.security.core.userdetails.UserDetails;
|
||||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||||
|
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||||
|
import org.springframework.security.web.SecurityFilterChain;
|
||||||
|
|
||||||
@Configuration
|
@Configuration
|
||||||
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
public class SecurityConfig {
|
||||||
|
|
||||||
@Override
|
@Bean
|
||||||
protected void configure(HttpSecurity http) throws Exception {
|
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||||
http.authorizeRequests()
|
http.authorizeRequests()
|
||||||
.antMatchers("/admin*")
|
.antMatchers("/admin*")
|
||||||
.hasAnyRole("ADMIN")
|
.hasAnyRole("ADMIN")
|
||||||
|
@ -22,6 +24,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||||
.formLogin()
|
.formLogin()
|
||||||
.and()
|
.and()
|
||||||
.apply(clientErrorLogging());
|
.apply(clientErrorLogging());
|
||||||
|
return http.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
|
@ -29,17 +32,17 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||||
return new ClientErrorLoggingConfigurer();
|
return new ClientErrorLoggingConfigurer();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Bean
|
||||||
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
public InMemoryUserDetailsManager userDetailsService() {
|
||||||
auth.inMemoryAuthentication()
|
UserDetails user1 = User.withUsername("user1")
|
||||||
.passwordEncoder(passwordEncoder())
|
|
||||||
.withUser("user1")
|
|
||||||
.password(passwordEncoder().encode("user"))
|
.password(passwordEncoder().encode("user"))
|
||||||
.roles("USER")
|
.roles("USER")
|
||||||
.and()
|
.build();
|
||||||
.withUser("admin")
|
UserDetails admin = User.withUsername("admin")
|
||||||
.password(passwordEncoder().encode("admin"))
|
.password(passwordEncoder().encode("admin"))
|
||||||
.roles("ADMIN");
|
.roles("ADMIN")
|
||||||
|
.build();
|
||||||
|
return new InMemoryUserDetailsManager(user1, admin);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
|
|
|
@ -1,21 +1,20 @@
|
||||||
package com.baeldung.exceptionhandler.security;
|
package com.baeldung.exceptionhandler.security;
|
||||||
|
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
|
||||||
import org.springframework.security.core.userdetails.User;
|
import org.springframework.security.core.userdetails.User;
|
||||||
import org.springframework.security.core.userdetails.UserDetails;
|
import org.springframework.security.core.userdetails.UserDetails;
|
||||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||||
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
|
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
|
||||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||||
|
import org.springframework.security.web.SecurityFilterChain;
|
||||||
import org.springframework.security.web.access.AccessDeniedHandler;
|
import org.springframework.security.web.access.AccessDeniedHandler;
|
||||||
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
|
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
|
||||||
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
|
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
|
||||||
|
|
||||||
@EnableWebSecurity
|
@EnableWebSecurity
|
||||||
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
public class SecurityConfig {
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
public UserDetailsService userDetailsService() {
|
public UserDetailsService userDetailsService() {
|
||||||
|
@ -40,20 +39,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||||
return userDetailsManager;
|
return userDetailsManager;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Bean
|
||||||
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||||
auth.inMemoryAuthentication()
|
|
||||||
.withUser("user")
|
|
||||||
.password("{noop}password")
|
|
||||||
.roles("USER")
|
|
||||||
.and()
|
|
||||||
.withUser("admin")
|
|
||||||
.password("{noop}password")
|
|
||||||
.roles("ADMIN");
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
protected void configure(HttpSecurity http) throws Exception {
|
|
||||||
http.csrf()
|
http.csrf()
|
||||||
.disable()
|
.disable()
|
||||||
.httpBasic()
|
.httpBasic()
|
||||||
|
@ -78,6 +65,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||||
.accessDeniedHandler(accessDeniedHandler())
|
.accessDeniedHandler(accessDeniedHandler())
|
||||||
.and()
|
.and()
|
||||||
.logout();
|
.logout();
|
||||||
|
return http.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
|
|
|
@ -4,19 +4,18 @@ import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.beans.factory.annotation.Qualifier;
|
import org.springframework.beans.factory.annotation.Qualifier;
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
|
||||||
import org.springframework.security.core.userdetails.User;
|
import org.springframework.security.core.userdetails.User;
|
||||||
import org.springframework.security.core.userdetails.UserDetails;
|
import org.springframework.security.core.userdetails.UserDetails;
|
||||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||||
|
import org.springframework.security.web.SecurityFilterChain;
|
||||||
|
|
||||||
@Configuration
|
@Configuration
|
||||||
@EnableWebSecurity
|
@EnableWebSecurity
|
||||||
public class CustomSecurityConfig extends WebSecurityConfigurerAdapter {
|
public class CustomSecurityConfig {
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
@Qualifier("customAuthenticationEntryPoint")
|
@Qualifier("customAuthenticationEntryPoint")
|
||||||
|
@ -33,8 +32,8 @@ public class CustomSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||||
return userDetailsManager;
|
return userDetailsManager;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Bean
|
||||||
protected void configure(HttpSecurity http) throws Exception {
|
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||||
http.requestMatchers()
|
http.requestMatchers()
|
||||||
.antMatchers("/login")
|
.antMatchers("/login")
|
||||||
.and()
|
.and()
|
||||||
|
@ -46,13 +45,7 @@ public class CustomSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||||
.and()
|
.and()
|
||||||
.exceptionHandling()
|
.exceptionHandling()
|
||||||
.authenticationEntryPoint(authEntryPoint);
|
.authenticationEntryPoint(authEntryPoint);
|
||||||
|
return http.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
|
||||||
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
|
||||||
auth.inMemoryAuthentication()
|
|
||||||
.withUser("admin")
|
|
||||||
.password("password")
|
|
||||||
.roles("ADMIN");
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,25 +2,28 @@ package com.baeldung.global.exceptionhandler.security;
|
||||||
|
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.beans.factory.annotation.Qualifier;
|
import org.springframework.beans.factory.annotation.Qualifier;
|
||||||
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
import org.springframework.core.annotation.Order;
|
import org.springframework.core.annotation.Order;
|
||||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
import org.springframework.security.core.userdetails.User;
|
||||||
|
import org.springframework.security.core.userdetails.UserDetails;
|
||||||
|
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||||
|
import org.springframework.security.web.SecurityFilterChain;
|
||||||
|
|
||||||
@Configuration
|
@Configuration
|
||||||
@EnableWebSecurity
|
@EnableWebSecurity
|
||||||
@Order(101)
|
@Order(101)
|
||||||
public class DelegatedSecurityConfig extends WebSecurityConfigurerAdapter {
|
public class DelegatedSecurityConfig {
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
@Qualifier("delegatedAuthenticationEntryPoint")
|
@Qualifier("delegatedAuthenticationEntryPoint")
|
||||||
AuthenticationEntryPoint authEntryPoint;
|
AuthenticationEntryPoint authEntryPoint;
|
||||||
|
|
||||||
@Override
|
@Bean
|
||||||
protected void configure(HttpSecurity http) throws Exception {
|
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||||
http.requestMatchers()
|
http.requestMatchers()
|
||||||
.antMatchers("/login-handler")
|
.antMatchers("/login-handler")
|
||||||
.and()
|
.and()
|
||||||
|
@ -32,13 +35,15 @@ public class DelegatedSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||||
.and()
|
.and()
|
||||||
.exceptionHandling()
|
.exceptionHandling()
|
||||||
.authenticationEntryPoint(authEntryPoint);
|
.authenticationEntryPoint(authEntryPoint);
|
||||||
|
return http.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Bean
|
||||||
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
public InMemoryUserDetailsManager userDetailsService() {
|
||||||
auth.inMemoryAuthentication()
|
UserDetails admin = User.withUsername("admin")
|
||||||
.withUser("admin")
|
|
||||||
.password("password")
|
.password("password")
|
||||||
.roles("ADMIN");
|
.roles("ADMIN")
|
||||||
|
.build();
|
||||||
|
return new InMemoryUserDetailsManager(admin);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,25 +1,27 @@
|
||||||
package com.baeldung.xss;
|
package com.baeldung.xss;
|
||||||
|
|
||||||
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.builders.WebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
|
||||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
import org.springframework.security.web.SecurityFilterChain;
|
||||||
|
|
||||||
@Configuration
|
@Configuration
|
||||||
public class SecurityConf extends WebSecurityConfigurerAdapter {
|
public class SecurityConf {
|
||||||
|
|
||||||
@Override
|
@Bean
|
||||||
public void configure(WebSecurity web) {
|
public WebSecurityCustomizer webSecurityCustomizer() {
|
||||||
// Ignoring here is only for this example. Normally people would apply their own authentication/authorization policies
|
// Ignoring here is only for this example. Normally people would apply their own authentication/authorization policies
|
||||||
web.ignoring().antMatchers("/**");
|
return (web) -> web.ignoring()
|
||||||
|
.antMatchers("/**");
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Bean
|
||||||
protected void configure(HttpSecurity http) throws Exception {
|
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||||
http
|
http.headers()
|
||||||
.headers()
|
|
||||||
.xssProtection()
|
.xssProtection()
|
||||||
.and()
|
.and()
|
||||||
.contentSecurityPolicy("script-src 'self'");
|
.contentSecurityPolicy("script-src 'self'");
|
||||||
|
return http.build();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue