Merge pull request #12736 from anuragkumawat/JAVA-14676
JAVA-14676 Update spring-boot-security module under spring-boot-modules to remove usage of deprecated WebSecurityConfigurerAdapter
This commit is contained in:
commit
be5b79756b
|
@ -2,16 +2,13 @@ package com.baeldung.annotations.globalmethod;
|
|||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
|
||||
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class AnnotationSecuredStaticResourceConfig extends WebSecurityConfigurerAdapter {
|
||||
public class AnnotationSecuredStaticResourceConfig {
|
||||
|
||||
@Bean
|
||||
public WebSecurityCustomizer ignoreResources() {
|
||||
|
|
|
@ -1,29 +1,29 @@
|
|||
package com.baeldung.annotations.websecurity;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.builders.WebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class CustomWebSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
public class CustomWebSecurityConfig {
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeRequests()
|
||||
.antMatchers("/admin/**")
|
||||
.hasRole("ADMIN")
|
||||
.antMatchers("/protected/**")
|
||||
.hasRole("USER");
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests()
|
||||
.antMatchers("/admin/**")
|
||||
.hasRole("ADMIN")
|
||||
.antMatchers("/protected/**")
|
||||
.hasRole("USER");
|
||||
return http.build();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void configure(WebSecurity web) throws Exception {
|
||||
web
|
||||
.ignoring()
|
||||
.antMatchers("/public/*");
|
||||
@Bean
|
||||
public WebSecurityCustomizer webSecurityCustomizer() {
|
||||
return (web) -> web.ignoring()
|
||||
.antMatchers("/public/*");
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2,21 +2,30 @@ package com.baeldung.antmatchers.config;
|
|||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
@Configuration
|
||||
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
|
||||
public class SecurityConfiguration {
|
||||
|
||||
@Override
|
||||
public void configure(AuthenticationManagerBuilder auth) throws Exception {
|
||||
auth.inMemoryAuthentication()
|
||||
.withUser("admin").password(passwordEncoder().encode("password")).roles("USER", "ADMIN")
|
||||
.and()
|
||||
.withUser("user").password(passwordEncoder().encode("password")).roles("USER");
|
||||
@Bean
|
||||
public InMemoryUserDetailsManager userDetailsService(PasswordEncoder passwordEncoder) {
|
||||
UserDetails admin = User.withUsername("admin")
|
||||
.password(passwordEncoder.encode("password"))
|
||||
.roles("USER", "ADMIN")
|
||||
.build();
|
||||
|
||||
UserDetails user = User.withUsername("user")
|
||||
.password(passwordEncoder.encode("password"))
|
||||
.roles("USER")
|
||||
.build();
|
||||
|
||||
return new InMemoryUserDetailsManager(admin, user);
|
||||
}
|
||||
|
||||
@Bean
|
||||
|
@ -24,16 +33,19 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
|
|||
return new BCryptPasswordEncoder();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeRequests()
|
||||
.antMatchers("/products/**").permitAll()
|
||||
.and()
|
||||
.authorizeRequests()
|
||||
.antMatchers("/customers/**").hasRole("ADMIN")
|
||||
.anyRequest().authenticated()
|
||||
.and()
|
||||
.httpBasic();
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests()
|
||||
.antMatchers("/products/**")
|
||||
.permitAll()
|
||||
.and()
|
||||
.authorizeRequests()
|
||||
.antMatchers("/customers/**")
|
||||
.hasRole("ADMIN")
|
||||
.anyRequest()
|
||||
.authenticated()
|
||||
.and()
|
||||
.httpBasic();
|
||||
return http.build();
|
||||
}
|
||||
}
|
|
@ -2,28 +2,29 @@ package com.baeldung.integrationtesting;
|
|||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
@Configuration
|
||||
public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
|
||||
public class WebSecurityConfigurer {
|
||||
|
||||
@Override
|
||||
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
||||
|
||||
BCryptPasswordEncoder encoder = passwordEncoder();
|
||||
|
||||
auth.inMemoryAuthentication()
|
||||
.passwordEncoder(encoder)
|
||||
.withUser("spring")
|
||||
.password(encoder.encode("secret"))
|
||||
.roles("USER");
|
||||
@Bean
|
||||
public InMemoryUserDetailsManager userDetailsService(PasswordEncoder passwordEncoder) {
|
||||
UserDetails user = User.withUsername("spring")
|
||||
.password(passwordEncoder.encode("secret"))
|
||||
.roles("USER")
|
||||
.build();
|
||||
|
||||
return new InMemoryUserDetailsManager(user);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests()
|
||||
.antMatchers("/private/**")
|
||||
.hasRole("USER")
|
||||
|
@ -31,6 +32,7 @@ public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
|
|||
.permitAll()
|
||||
.and()
|
||||
.httpBasic();
|
||||
return http.build();
|
||||
}
|
||||
|
||||
@Bean
|
||||
|
|
|
@ -1,17 +1,17 @@
|
|||
package com.baeldung.securityprofile;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.context.annotation.Profile;
|
||||
import org.springframework.security.config.annotation.web.builders.WebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
|
||||
|
||||
@Configuration
|
||||
@Profile("test")
|
||||
public class ApplicationNoSecurity extends WebSecurityConfigurerAdapter {
|
||||
public class ApplicationNoSecurity {
|
||||
|
||||
@Override
|
||||
public void configure(WebSecurity web) {
|
||||
web.ignoring().antMatchers("/**");
|
||||
@Bean
|
||||
public WebSecurityCustomizer webSecurityCustomizer() {
|
||||
return (web) -> web.ignoring()
|
||||
.antMatchers("/**");
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -1,16 +1,20 @@
|
|||
package com.baeldung.securityprofile;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.context.annotation.Profile;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
@Configuration
|
||||
@Profile("prod")
|
||||
public class ApplicationSecurity extends WebSecurityConfigurerAdapter {
|
||||
public class ApplicationSecurity {
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests().anyRequest().authenticated();
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests()
|
||||
.anyRequest()
|
||||
.authenticated();
|
||||
return http.build();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,38 +1,48 @@
|
|||
package com.baeldung.springbootsecurity.autoconfig.config;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class BasicConfiguration extends WebSecurityConfigurerAdapter {
|
||||
public class BasicConfiguration {
|
||||
|
||||
@Override
|
||||
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
||||
PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
|
||||
auth
|
||||
.inMemoryAuthentication()
|
||||
.withUser("user")
|
||||
.password(encoder.encode("password"))
|
||||
.roles("USER")
|
||||
.and()
|
||||
.withUser("admin")
|
||||
.password(encoder.encode("admin"))
|
||||
.roles("USER", "ADMIN");
|
||||
@Bean
|
||||
public InMemoryUserDetailsManager userDetailsService(PasswordEncoder passwordEncoder) {
|
||||
UserDetails user = User.withUsername("user")
|
||||
.password(passwordEncoder.encode("password"))
|
||||
.roles("USER")
|
||||
.build();
|
||||
|
||||
UserDetails admin = User.withUsername("admin")
|
||||
.password(passwordEncoder.encode("admin"))
|
||||
.roles("USER", "ADMIN")
|
||||
.build();
|
||||
|
||||
return new InMemoryUserDetailsManager(user, admin);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeRequests()
|
||||
.anyRequest()
|
||||
.authenticated()
|
||||
.and()
|
||||
.httpBasic();
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests()
|
||||
.anyRequest()
|
||||
.authenticated()
|
||||
.and()
|
||||
.httpBasic();
|
||||
return http.build();
|
||||
}
|
||||
|
||||
@Bean
|
||||
public PasswordEncoder passwordEncoder() {
|
||||
PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
|
||||
return encoder;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2,37 +2,43 @@ package com.baeldung.springsecuritytaglibs.config;
|
|||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class SpringBootSecurityTagLibsConfig extends WebSecurityConfigurerAdapter {
|
||||
public class SpringBootSecurityTagLibsConfig {
|
||||
|
||||
@Override
|
||||
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
||||
BCryptPasswordEncoder encoder = passwordEncoder();
|
||||
auth.inMemoryAuthentication()
|
||||
.passwordEncoder(encoder)
|
||||
.withUser("testUser")
|
||||
.password(encoder.encode("password"))
|
||||
.roles("ADMIN");
|
||||
@Bean
|
||||
public InMemoryUserDetailsManager userDetailsService(PasswordEncoder passwordEncoder) {
|
||||
UserDetails user = User.withUsername("testUser")
|
||||
.password(passwordEncoder.encode("password"))
|
||||
.roles("ADMIN")
|
||||
.build();
|
||||
|
||||
return new InMemoryUserDetailsManager(user);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
// @formatter:off
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http.csrf()
|
||||
.and()
|
||||
.and()
|
||||
.authorizeRequests()
|
||||
.antMatchers("/userManagement").hasRole("ADMIN")
|
||||
.anyRequest().permitAll().and().httpBasic();
|
||||
// @formatter:on
|
||||
.antMatchers("/userManagement")
|
||||
.hasRole("ADMIN")
|
||||
.anyRequest()
|
||||
.permitAll()
|
||||
.and()
|
||||
.httpBasic();
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
||||
@Bean
|
||||
public BCryptPasswordEncoder passwordEncoder() {
|
||||
return new BCryptPasswordEncoder();
|
||||
|
|
|
@ -1,36 +1,41 @@
|
|||
package com.baeldung.antmatchers.controllers;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
|
||||
import org.springframework.test.context.junit4.SpringRunner;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
|
||||
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user;
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
import org.springframework.test.context.junit4.SpringRunner;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
|
||||
import com.baeldung.antmatchers.AntMatchersExampleApplication;
|
||||
import com.baeldung.antmatchers.config.SecurityConfiguration;
|
||||
|
||||
@RunWith(SpringRunner.class)
|
||||
@WebMvcTest(value = CustomerController.class)
|
||||
class CustomerControllerIntegrationTest {
|
||||
@ContextConfiguration(classes = { AntMatchersExampleApplication.class, SecurityConfiguration.class })
|
||||
public class CustomerControllerIntegrationTest {
|
||||
|
||||
@Autowired
|
||||
private MockMvc mockMvc;
|
||||
|
||||
@Test
|
||||
void getCustomerByIdUnauthorized() throws Exception {
|
||||
public void getCustomerByIdUnauthorized() throws Exception {
|
||||
mockMvc.perform(get("/customers/1")).andExpect(status().isUnauthorized());
|
||||
}
|
||||
|
||||
@Test
|
||||
void getCustomerByIdForbidden() throws Exception {
|
||||
public void getCustomerByIdForbidden() throws Exception {
|
||||
mockMvc.perform(get("/customers/1").with(user("user").roles("USER")))
|
||||
.andExpect(status().isForbidden());
|
||||
}
|
||||
|
||||
@Test
|
||||
void getCustomerByIdOk() throws Exception {
|
||||
public void getCustomerByIdOk() throws Exception {
|
||||
mockMvc.perform(get("/customers/1").with(user("admin").roles("ADMIN")))
|
||||
.andExpect(status().isOk());
|
||||
}
|
|
@ -1,24 +1,29 @@
|
|||
package com.baeldung.antmatchers.controllers;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
import org.springframework.test.context.junit4.SpringRunner;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
|
||||
import com.baeldung.antmatchers.AntMatchersExampleApplication;
|
||||
import com.baeldung.antmatchers.config.SecurityConfiguration;
|
||||
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||
|
||||
@RunWith(SpringRunner.class)
|
||||
@WebMvcTest(value = ProductController.class)
|
||||
class ProductControllerIntegrationTest {
|
||||
@ContextConfiguration(classes = { AntMatchersExampleApplication.class, SecurityConfiguration.class })
|
||||
public class ProductControllerIntegrationTest {
|
||||
|
||||
@Autowired
|
||||
private MockMvc mockMvc;
|
||||
|
||||
@Test
|
||||
void getProducts() throws Exception {
|
||||
public void getProducts() throws Exception {
|
||||
mockMvc.perform(get("/products"))
|
||||
.andExpect(status().isOk());
|
||||
}
|
|
@ -5,6 +5,7 @@ import org.junit.runner.RunWith;
|
|||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
|
||||
import org.springframework.test.context.ActiveProfiles;
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
import org.springframework.test.context.junit4.SpringRunner;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
|
||||
|
@ -14,6 +15,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
|
|||
@RunWith(SpringRunner.class)
|
||||
@WebMvcTest(value = EmployeeController.class)
|
||||
@ActiveProfiles("test")
|
||||
@ContextConfiguration(classes = { Application.class, ApplicationNoSecurity.class })
|
||||
public class EmployeeControllerNoSecurityUnitTest {
|
||||
|
||||
@Autowired
|
||||
|
|
|
@ -5,6 +5,7 @@ import org.junit.runner.RunWith;
|
|||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
|
||||
import org.springframework.test.context.ActiveProfiles;
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
import org.springframework.test.context.junit4.SpringRunner;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
|
||||
|
@ -14,6 +15,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
|
|||
@RunWith(SpringRunner.class)
|
||||
@WebMvcTest(value = EmployeeController.class)
|
||||
@ActiveProfiles("prod")
|
||||
@ContextConfiguration(classes = { Application.class, ApplicationSecurity.class })
|
||||
public class EmployeeControllerUnitTest {
|
||||
|
||||
@Autowired
|
||||
|
|
Loading…
Reference in New Issue