diff --git a/spring-security-modules/spring-security-web-mvc-custom/src/main/java/com/baeldung/spring/SecSecurityConfig.java b/spring-security-modules/spring-security-web-mvc-custom/src/main/java/com/baeldung/spring/SecSecurityConfig.java index 9cee909ad4..d5e83a1110 100644 --- a/spring-security-modules/spring-security-web-mvc-custom/src/main/java/com/baeldung/spring/SecSecurityConfig.java +++ b/spring-security-modules/spring-security-web-mvc-custom/src/main/java/com/baeldung/spring/SecSecurityConfig.java @@ -1,56 +1,69 @@ package com.baeldung.spring; -import com.baeldung.security.MySimpleUrlAuthenticationSuccessHandler; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.provisioning.InMemoryUserDetailsManager; +import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.AuthenticationSuccessHandler; +import com.baeldung.security.MySimpleUrlAuthenticationSuccessHandler; + @Configuration //@ImportResource({ "classpath:webSecurityConfig.xml" }) @EnableWebSecurity -public class SecSecurityConfig extends WebSecurityConfigurerAdapter { +public class SecSecurityConfig { - public SecSecurityConfig() { - super(); + @Bean + public AuthenticationManager authenticationManager(HttpSecurity http) throws Exception { + return http.getSharedObject(AuthenticationManagerBuilder.class) + .build(); } - @Bean("authenticationManager") - @Override - public AuthenticationManager authenticationManagerBean() throws Exception { - return super.authenticationManagerBean(); + @Bean + public InMemoryUserDetailsManager userDetailsService() { + UserDetails user = User.withUsername("user1") + .password("{noop}user1Pass") + .authorities("ROLE_USER") + .build(); + UserDetails admin = User.withUsername("admin1") + .password("{noop}admin1Pass") + .authorities("ROLE_ADMIN") + .build(); + return new InMemoryUserDetailsManager(user, admin); } - @Override - protected void configure(final HttpSecurity http) throws Exception { - // @formatter:off - http - .authorizeRequests() - .antMatchers("/anonymous*").anonymous() - .antMatchers("/login*").permitAll() - .anyRequest().authenticated() - + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + http.authorizeRequests() + .antMatchers("/anonymous*") + .anonymous() + .antMatchers("/login*") + .permitAll() + .anyRequest() + .authenticated() .and() .formLogin() - .loginPage("/login.html") - .loginProcessingUrl("/login") - .successHandler(myAuthenticationSuccessHandler()) - .failureUrl("/login.html?error=true") - + .loginPage("/login.html") + .loginProcessingUrl("/login") + .successHandler(myAuthenticationSuccessHandler()) + .failureUrl("/login.html?error=true") .and() - .logout().deleteCookies("JSESSIONID") - + .logout() + .deleteCookies("JSESSIONID") .and() - .rememberMe().key("uniqueAndSecret").tokenValiditySeconds(86400) - + .rememberMe() + .key("uniqueAndSecret") + .tokenValiditySeconds(86400) .and() - .csrf().disable() - ; - // @formatter:on + .csrf() + .disable(); + return http.build(); } @Bean diff --git a/spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/spring/ManualSecurityConfig.java b/spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/spring/ManualSecurityConfig.java index 438cec38bb..d2553ac2a8 100644 --- a/spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/spring/ManualSecurityConfig.java +++ b/spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/spring/ManualSecurityConfig.java @@ -6,52 +6,60 @@ import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.provisioning.InMemoryUserDetailsManager; +import org.springframework.security.web.SecurityFilterChain; @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) -public class ManualSecurityConfig extends WebSecurityConfigurerAdapter { +public class ManualSecurityConfig { - public ManualSecurityConfig() { - super(); + @Bean + public InMemoryUserDetailsManager userDetailsService() { + UserDetails user = User.withUsername("user1") + .password("{noop}user1Pass") + .authorities("ROLE_USER") + .build(); + UserDetails admin = User.withUsername("admin") + .password("adminPass") + .authorities("ROLE_ADMIN") + .build(); + return new InMemoryUserDetailsManager(user, admin); } - // java config - - @Override - protected void configure(final AuthenticationManagerBuilder auth) throws Exception { - auth.inMemoryAuthentication().withUser("user1").password("{noop}user1Pass").authorities("ROLE_USER").and().withUser("admin").password("adminPass").authorities("ROLE_ADMIN"); + @Bean + public WebSecurityCustomizer webSecurityCustomizer() { + return (web) -> web.ignoring() + .antMatchers("/resources/**"); } - @Override - public void configure(final WebSecurity web) throws Exception { - web.ignoring().antMatchers("/resources/**"); - } - - @Bean("authenticationManager") - @Override - public AuthenticationManager authenticationManagerBean() throws Exception { - return super.authenticationManagerBean(); + @Bean + public AuthenticationManager authenticationManager(HttpSecurity http) throws Exception { + return http.getSharedObject(AuthenticationManagerBuilder.class) + .build(); } - @Override - protected void configure(final HttpSecurity http) throws Exception { - // @formatter:off - http - .authorizeRequests() - .mvcMatchers("/custom/login").permitAll() - .anyRequest().authenticated() - .and() - .httpBasic() - .and() - .headers().cacheControl().disable() - .and() - .csrf().disable() - ; - // @formatter:on + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + http.authorizeRequests() + .mvcMatchers("/custom/login") + .permitAll() + .anyRequest() + .authenticated() + .and() + .httpBasic() + .and() + .headers() + .cacheControl() + .disable() + .and() + .csrf() + .disable(); + return http.build(); } } diff --git a/spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/spring/SecurityWithCsrfConfig.java b/spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/spring/SecurityWithCsrfConfig.java index 4ec7a50abc..a1a7c8bc54 100644 --- a/spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/spring/SecurityWithCsrfConfig.java +++ b/spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/spring/SecurityWithCsrfConfig.java @@ -6,57 +6,57 @@ import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.provisioning.InMemoryUserDetailsManager; +import org.springframework.security.web.SecurityFilterChain; @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) -public class SecurityWithCsrfConfig extends WebSecurityConfigurerAdapter { +public class SecurityWithCsrfConfig { - public SecurityWithCsrfConfig() { - super(); + @Bean + public AuthenticationManager authenticationManager(HttpSecurity http) throws Exception { + return http.getSharedObject(AuthenticationManagerBuilder.class) + .build(); } - @Bean("authenticationManager") - @Override - public AuthenticationManager authenticationManagerBean() throws Exception { - return super.authenticationManagerBean(); + @Bean + public InMemoryUserDetailsManager userDetailsService() { + UserDetails user = User.withUsername("user1") + .password("user1Pass") + .authorities("ROLE_USER") + .build(); + UserDetails admin = User.withUsername("admin") + .password("adminPass") + .authorities("ROLE_ADMIN") + .build(); + return new InMemoryUserDetailsManager(user, admin); } - @Override - protected void configure(final AuthenticationManagerBuilder auth) throws Exception { - // @formatter:off - auth - .inMemoryAuthentication() - .withUser("user1") - .password("user1Pass") - .authorities("ROLE_USER") - .and() - .withUser("admin") - .password("adminPass") - .authorities("ROLE_ADMIN"); - // @formatter:on + @Bean + public WebSecurityCustomizer webSecurityCustomizer() { + return (web) -> web.ignoring() + .antMatchers("/resources/**"); } - @Override - public void configure(final WebSecurity web) throws Exception { - web.ignoring().antMatchers("/resources/**"); - } - - @Override - protected void configure(final HttpSecurity http) throws Exception { - // @formatter:off - http - .authorizeRequests() - .antMatchers("/auth/admin/*").hasAnyRole("ROLE_ADMIN") - .anyRequest().authenticated() - .and() - .httpBasic() - .and() - .headers().cacheControl().disable(); - // @formatter:on + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + http.authorizeRequests() + .antMatchers("/auth/admin/*") + .hasAnyRole("ROLE_ADMIN") + .anyRequest() + .authenticated() + .and() + .httpBasic() + .and() + .headers() + .cacheControl() + .disable(); + return http.build(); } } diff --git a/spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/spring/SecurityWithCsrfCookieConfig.java b/spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/spring/SecurityWithCsrfCookieConfig.java index 5b58349629..a34fa4c704 100644 --- a/spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/spring/SecurityWithCsrfCookieConfig.java +++ b/spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/spring/SecurityWithCsrfCookieConfig.java @@ -6,62 +6,62 @@ import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.provisioning.InMemoryUserDetailsManager; +import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.csrf.CookieCsrfTokenRepository; @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) -public class SecurityWithCsrfCookieConfig extends WebSecurityConfigurerAdapter { +public class SecurityWithCsrfCookieConfig { - public SecurityWithCsrfCookieConfig() { - super(); + @Bean + public AuthenticationManager authenticationManager(HttpSecurity http) throws Exception { + return http.getSharedObject(AuthenticationManagerBuilder.class) + .build(); } - @Bean("authenticationManager") - @Override - public AuthenticationManager authenticationManagerBean() throws Exception { - return super.authenticationManagerBean(); + @Bean + public InMemoryUserDetailsManager userDetailsService() { + UserDetails user = User.withUsername("user1") + .password("user1Pass") + .authorities("ROLE_USER") + .build(); + UserDetails admin = User.withUsername("admin") + .password("adminPass") + .authorities("ROLE_ADMIN") + .build(); + return new InMemoryUserDetailsManager(user, admin); } - @Override - protected void configure(final AuthenticationManagerBuilder auth) throws Exception { - // @formatter:off - auth - .inMemoryAuthentication() - .withUser("user1") - .password("user1Pass") - .authorities("ROLE_USER") - .and() - .withUser("admin") - .password("adminPass") - .authorities("ROLE_ADMIN"); - // @formatter:on + @Bean + public WebSecurityCustomizer webSecurityCustomizer() { + return (web) -> web.ignoring() + .antMatchers("/resources/**"); } - @Override - public void configure(final WebSecurity web) throws Exception { - web.ignoring().antMatchers("/resources/**"); - } - - @Override - protected void configure(final HttpSecurity http) throws Exception { - // @formatter:off - http - .authorizeRequests() - .antMatchers("/auth/admin/*").hasAnyRole("ROLE_ADMIN") - .anyRequest().authenticated() - .and() - .httpBasic() - .and() - .headers().cacheControl().disable() - // Stateless API CSRF configuration - .and() - .csrf() - .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()); - // @formatter:on + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + http.authorizeRequests() + .antMatchers("/auth/admin/*") + .hasAnyRole("ROLE_ADMIN") + .anyRequest() + .authenticated() + .and() + .httpBasic() + .and() + .headers() + .cacheControl() + .disable() + // Stateless API CSRF configuration + .and() + .csrf() + .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()); + return http.build(); } } diff --git a/spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/spring/SecurityWithoutCsrfConfig.java b/spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/spring/SecurityWithoutCsrfConfig.java index bd9ca67ad5..20df0f4d6d 100644 --- a/spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/spring/SecurityWithoutCsrfConfig.java +++ b/spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/spring/SecurityWithoutCsrfConfig.java @@ -6,59 +6,60 @@ import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.provisioning.InMemoryUserDetailsManager; +import org.springframework.security.web.SecurityFilterChain; @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) -public class SecurityWithoutCsrfConfig extends WebSecurityConfigurerAdapter { +public class SecurityWithoutCsrfConfig { - public SecurityWithoutCsrfConfig() { - super(); + @Bean + public AuthenticationManager authenticationManager(HttpSecurity http) throws Exception { + return http.getSharedObject(AuthenticationManagerBuilder.class) + .build(); } - @Bean("authenticationManager") - @Override - public AuthenticationManager authenticationManagerBean() throws Exception { - return super.authenticationManagerBean(); + @Bean + public InMemoryUserDetailsManager userDetailsService() { + UserDetails user = User.withUsername("user1") + .password("user1Pass") + .authorities("ROLE_USER") + .build(); + UserDetails admin = User.withUsername("admin") + .password("adminPass") + .authorities("ROLE_ADMIN") + .build(); + return new InMemoryUserDetailsManager(user, admin); } - @Override - protected void configure(final AuthenticationManagerBuilder auth) throws Exception { - // @formatter:off - auth - .inMemoryAuthentication() - .withUser("user1") - .password("user1Pass") - .authorities("ROLE_USER") - .and() - .withUser("admin") - .password("adminPass") - .authorities("ROLE_ADMIN"); - // @formatter:on + @Bean + public WebSecurityCustomizer webSecurityCustomizer() { + return (web) -> web.ignoring() + .antMatchers("/resources/**"); } - @Override - public void configure(final WebSecurity web) throws Exception { - web.ignoring().antMatchers("/resources/**"); - } - - @Override - protected void configure(final HttpSecurity http) throws Exception { - // @formatter:off - http - .authorizeRequests() - .antMatchers("/auth/admin/*").hasAnyRole("ROLE_ADMIN") - .anyRequest().authenticated() - .and() - .httpBasic() - .and() - .headers().cacheControl().disable() - .and() - .csrf().disable(); - // @formatter:on + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + http.authorizeRequests() + .antMatchers("/auth/admin/*") + .hasAnyRole("ROLE_ADMIN") + .anyRequest() + .authenticated() + .and() + .httpBasic() + .and() + .headers() + .cacheControl() + .disable() + .and() + .csrf() + .disable(); + return http.build(); } }