iSharkFly-Docs/java-tutorials
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

JAVA-14876 Update spring-security-web-mvc-custom under spring-security-modules to remove usage of deprecated WebSecurityConfigurerAdapter (#12820)

Browse Source
This commit is contained in:
anuragkumawat 2022-10-05 23:37:59 +05:30 committed by GitHub
parent da42c4af4f
commit b95f463a7e
5 changed files with 210 additions and 188 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
spring-security-modules/spring-security-web-mvc-custom/src/main/java/com/baeldung/spring/SecSecurityConfig.java
View File

@ -1,56 +1,69 @@
package com.baeldung.spring; package com.baeldung.spring;
import com.baeldung.security.MySimpleUrlAuthenticationSuccessHandler;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler; import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import com.baeldung.security.MySimpleUrlAuthenticationSuccessHandler;
@Configuration @Configuration
//@ImportResource({ "classpath:webSecurityConfig.xml" }) //@ImportResource({ "classpath:webSecurityConfig.xml" })
@EnableWebSecurity @EnableWebSecurity
public class SecSecurityConfig extends WebSecurityConfigurerAdapter { public class SecSecurityConfig {
public SecSecurityConfig() { @Bean
super(); public AuthenticationManager authenticationManager(HttpSecurity http) throws Exception {
return http.getSharedObject(AuthenticationManagerBuilder.class)
.build();
} }
@Bean("authenticationManager") @Bean
@Override public InMemoryUserDetailsManager userDetailsService() {
public AuthenticationManager authenticationManagerBean() throws Exception { UserDetails user = User.withUsername("user1")
return super.authenticationManagerBean(); .password("{noop}user1Pass")
.authorities("ROLE_USER")
.build();
UserDetails admin = User.withUsername("admin1")
.password("{noop}admin1Pass")
.authorities("ROLE_ADMIN")
.build();
return new InMemoryUserDetailsManager(user, admin);
} }
@Override @Bean
protected void configure(final HttpSecurity http) throws Exception { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
// @formatter:off http.authorizeRequests()
http .antMatchers("/anonymous*")
.authorizeRequests() .anonymous()
.antMatchers("/anonymous*").anonymous() .antMatchers("/login*")
.antMatchers("/login*").permitAll() .permitAll()
.anyRequest().authenticated() .anyRequest()
.authenticated()
.and() .and()
.formLogin() .formLogin()
.loginPage("/login.html") .loginPage("/login.html")
.loginProcessingUrl("/login") .loginProcessingUrl("/login")
.successHandler(myAuthenticationSuccessHandler()) .successHandler(myAuthenticationSuccessHandler())
.failureUrl("/login.html?error=true") .failureUrl("/login.html?error=true")
.and() .and()
.logout().deleteCookies("JSESSIONID") .logout()
.deleteCookies("JSESSIONID")
.and() .and()
.rememberMe().key("uniqueAndSecret").tokenValiditySeconds(86400) .rememberMe()
.key("uniqueAndSecret")
.tokenValiditySeconds(86400)
.and() .and()
.csrf().disable() .csrf()
; .disable();
// @formatter:on return http.build();
} }
@Bean @Bean

76
spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/spring/ManualSecurityConfig.java
View File

@ -6,52 +6,60 @@ import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
@Configuration @Configuration
@EnableWebSecurity @EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true) @EnableGlobalMethodSecurity(prePostEnabled = true)
public class ManualSecurityConfig extends WebSecurityConfigurerAdapter { public class ManualSecurityConfig {
public ManualSecurityConfig() { @Bean
super(); public InMemoryUserDetailsManager userDetailsService() {
UserDetails user = User.withUsername("user1")
.password("{noop}user1Pass")
.authorities("ROLE_USER")
.build();
UserDetails admin = User.withUsername("admin")
.password("adminPass")
.authorities("ROLE_ADMIN")
.build();
return new InMemoryUserDetailsManager(user, admin);
} }
// java config @Bean
public WebSecurityCustomizer webSecurityCustomizer() {
@Override return (web) -> web.ignoring()
protected void configure(final AuthenticationManagerBuilder auth) throws Exception { .antMatchers("/resources/**");
auth.inMemoryAuthentication().withUser("user1").password("{noop}user1Pass").authorities("ROLE_USER").and().withUser("admin").password("adminPass").authorities("ROLE_ADMIN");
} }
@Override @Bean
public void configure(final WebSecurity web) throws Exception { public AuthenticationManager authenticationManager(HttpSecurity http) throws Exception {
web.ignoring().antMatchers("/resources/**"); return http.getSharedObject(AuthenticationManagerBuilder.class)
.build();
} }
@Bean("authenticationManager") @Bean
@Override public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
public AuthenticationManager authenticationManagerBean() throws Exception { http.authorizeRequests()
return super.authenticationManagerBean(); .mvcMatchers("/custom/login")
} .permitAll()
.anyRequest()
@Override .authenticated()
protected void configure(final HttpSecurity http) throws Exception { .and()
// @formatter:off .httpBasic()
http .and()
.authorizeRequests() .headers()
.mvcMatchers("/custom/login").permitAll() .cacheControl()
.anyRequest().authenticated() .disable()
.and() .and()
.httpBasic() .csrf()
.and() .disable();
.headers().cacheControl().disable() return http.build();
.and()
.csrf().disable()
;
// @formatter:on
} }
} }

78
spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/spring/SecurityWithCsrfConfig.java
View File

@ -6,57 +6,57 @@ import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
@Configuration @Configuration
@EnableWebSecurity @EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true) @EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityWithCsrfConfig extends WebSecurityConfigurerAdapter { public class SecurityWithCsrfConfig {
public SecurityWithCsrfConfig() { @Bean
super(); public AuthenticationManager authenticationManager(HttpSecurity http) throws Exception {
return http.getSharedObject(AuthenticationManagerBuilder.class)
.build();
} }
@Bean("authenticationManager") @Bean
@Override public InMemoryUserDetailsManager userDetailsService() {
public AuthenticationManager authenticationManagerBean() throws Exception { UserDetails user = User.withUsername("user1")
return super.authenticationManagerBean(); .password("user1Pass")
.authorities("ROLE_USER")
.build();
UserDetails admin = User.withUsername("admin")
.password("adminPass")
.authorities("ROLE_ADMIN")
.build();
return new InMemoryUserDetailsManager(user, admin);
} }
@Override @Bean
protected void configure(final AuthenticationManagerBuilder auth) throws Exception { public WebSecurityCustomizer webSecurityCustomizer() {
// @formatter:off return (web) -> web.ignoring()
auth .antMatchers("/resources/**");
.inMemoryAuthentication()
.withUser("user1")
.password("user1Pass")
.authorities("ROLE_USER")
.and()
.withUser("admin")
.password("adminPass")
.authorities("ROLE_ADMIN");
// @formatter:on
} }
@Override @Bean
public void configure(final WebSecurity web) throws Exception { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
web.ignoring().antMatchers("/resources/**"); http.authorizeRequests()
} .antMatchers("/auth/admin/*")
.hasAnyRole("ROLE_ADMIN")
@Override .anyRequest()
protected void configure(final HttpSecurity http) throws Exception { .authenticated()
// @formatter:off .and()
http .httpBasic()
.authorizeRequests() .and()
.antMatchers("/auth/admin/*").hasAnyRole("ROLE_ADMIN") .headers()
.anyRequest().authenticated() .cacheControl()
.and() .disable();
.httpBasic() return http.build();
.and()
.headers().cacheControl().disable();
// @formatter:on
} }
} }

86
spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/spring/SecurityWithCsrfCookieConfig.java
View File

@ -6,62 +6,62 @@ import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository; import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
@Configuration @Configuration
@EnableWebSecurity @EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true) @EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityWithCsrfCookieConfig extends WebSecurityConfigurerAdapter { public class SecurityWithCsrfCookieConfig {
public SecurityWithCsrfCookieConfig() { @Bean
super(); public AuthenticationManager authenticationManager(HttpSecurity http) throws Exception {
return http.getSharedObject(AuthenticationManagerBuilder.class)
.build();
} }
@Bean("authenticationManager") @Bean
@Override public InMemoryUserDetailsManager userDetailsService() {
public AuthenticationManager authenticationManagerBean() throws Exception { UserDetails user = User.withUsername("user1")
return super.authenticationManagerBean(); .password("user1Pass")
.authorities("ROLE_USER")
.build();
UserDetails admin = User.withUsername("admin")
.password("adminPass")
.authorities("ROLE_ADMIN")
.build();
return new InMemoryUserDetailsManager(user, admin);
} }
@Override @Bean
protected void configure(final AuthenticationManagerBuilder auth) throws Exception { public WebSecurityCustomizer webSecurityCustomizer() {
// @formatter:off return (web) -> web.ignoring()
auth .antMatchers("/resources/**");
.inMemoryAuthentication()
.withUser("user1")
.password("user1Pass")
.authorities("ROLE_USER")
.and()
.withUser("admin")
.password("adminPass")
.authorities("ROLE_ADMIN");
// @formatter:on
} }
@Override @Bean
public void configure(final WebSecurity web) throws Exception { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
web.ignoring().antMatchers("/resources/**"); http.authorizeRequests()
} .antMatchers("/auth/admin/*")
.hasAnyRole("ROLE_ADMIN")
@Override .anyRequest()
protected void configure(final HttpSecurity http) throws Exception { .authenticated()
// @formatter:off .and()
http .httpBasic()
.authorizeRequests() .and()
.antMatchers("/auth/admin/*").hasAnyRole("ROLE_ADMIN") .headers()
.anyRequest().authenticated() .cacheControl()
.and() .disable()
.httpBasic() // Stateless API CSRF configuration
.and() .and()
.headers().cacheControl().disable() .csrf()
// Stateless API CSRF configuration .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
.and() return http.build();
.csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
// @formatter:on
} }
} }

83
spring-security-modules/spring-security-web-mvc-custom/src/test/java/com/baeldung/security/spring/SecurityWithoutCsrfConfig.java
View File

@ -6,59 +6,60 @@ import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
@Configuration @Configuration
@EnableWebSecurity @EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true) @EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityWithoutCsrfConfig extends WebSecurityConfigurerAdapter { public class SecurityWithoutCsrfConfig {
public SecurityWithoutCsrfConfig() { @Bean
super(); public AuthenticationManager authenticationManager(HttpSecurity http) throws Exception {
return http.getSharedObject(AuthenticationManagerBuilder.class)
.build();
} }
@Bean("authenticationManager") @Bean
@Override public InMemoryUserDetailsManager userDetailsService() {
public AuthenticationManager authenticationManagerBean() throws Exception { UserDetails user = User.withUsername("user1")
return super.authenticationManagerBean(); .password("user1Pass")
.authorities("ROLE_USER")
.build();
UserDetails admin = User.withUsername("admin")
.password("adminPass")
.authorities("ROLE_ADMIN")
.build();
return new InMemoryUserDetailsManager(user, admin);
} }
@Override @Bean
protected void configure(final AuthenticationManagerBuilder auth) throws Exception { public WebSecurityCustomizer webSecurityCustomizer() {
// @formatter:off return (web) -> web.ignoring()
auth .antMatchers("/resources/**");
.inMemoryAuthentication()
.withUser("user1")
.password("user1Pass")
.authorities("ROLE_USER")
.and()
.withUser("admin")
.password("adminPass")
.authorities("ROLE_ADMIN");
// @formatter:on
} }
@Override @Bean
public void configure(final WebSecurity web) throws Exception { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
web.ignoring().antMatchers("/resources/**"); http.authorizeRequests()
} .antMatchers("/auth/admin/*")
.hasAnyRole("ROLE_ADMIN")
@Override .anyRequest()
protected void configure(final HttpSecurity http) throws Exception { .authenticated()
// @formatter:off .and()
http .httpBasic()
.authorizeRequests() .and()
.antMatchers("/auth/admin/*").hasAnyRole("ROLE_ADMIN") .headers()
.anyRequest().authenticated() .cacheControl()
.and() .disable()
.httpBasic() .and()
.and() .csrf()
.headers().cacheControl().disable() .disable();
.and() return http.build();
.csrf().disable();
// @formatter:on
} }
} }