JAVA-14878 Update spring-security-web-login-2 under spring-security-modules to remove usage of deprecated WebSecurityConfigurerAdapter (#12877)

2022-10-19 00:55:42 +05:30 · 2022-10-19 00:55:42 +05:30 · cab7dee718
parent a613929ed9
commit cab7dee718
4 changed files with 33 additions and 23 deletions
--- a/spring-security-modules/spring-security-web-login-2/src/main/java/com/baeldung/logoutredirects/securityconfig/SpringSecurityConfig.java
+++ b/spring-security-modules/spring-security-web-login-2/src/main/java/com/baeldung/logoutredirects/securityconfig/SpringSecurityConfig.java
@ -2,17 +2,18 @@ package com.baeldung.logoutredirects.securityconfig;

 import javax.servlet.http.HttpServletResponse;

+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.SecurityFilterChain;

@Configuration
@EnableWebSecurity
-public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
+public class SpringSecurityConfig {

-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.authorizeRequests(authz -> authz.mvcMatchers("/login")
            .permitAll()
            .anyRequest()
@ -21,7 +22,7 @@ public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
                .logoutSuccessHandler((request, response, authentication) -> {
                    response.setStatus(HttpServletResponse.SC_OK);
                }));
-
+        return http.build();
    }

 }
--- a/spring-security-modules/spring-security-web-login-2/src/main/java/com/baeldung/manuallogout/SimpleSecurityConfiguration.java
+++ b/spring-security-modules/spring-security-web-login-2/src/main/java/com/baeldung/manuallogout/SimpleSecurityConfiguration.java
@ -10,11 +10,12 @@ import javax.servlet.http.Cookie;

 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.annotation.Order;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.logout.HeaderWriterLogoutHandler;
 import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
 import org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter;
@ -27,9 +28,10 @@ public class SimpleSecurityConfiguration {

    @Order(4)
    @Configuration
-    public static class LogoutOnRequestConfiguration extends WebSecurityConfigurerAdapter {
-        @Override
-        protected void configure(HttpSecurity http) throws Exception {
+    public static class LogoutOnRequestConfiguration {
+
+        @Bean
+        public SecurityFilterChain filterChainLogoutOnRequest(HttpSecurity http) throws Exception {
            http.antMatcher("/request/**")
                .authorizeRequests(authz -> authz.anyRequest()
                    .permitAll())
@ -41,26 +43,30 @@ public class SimpleSecurityConfiguration {
                            logger.error(e.getMessage());
                        }
                    }));
+            return http.build();
        }
    }

    @Order(3)
    @Configuration
-    public static class DefaultLogoutConfiguration extends WebSecurityConfigurerAdapter {
-        @Override
-        protected void configure(HttpSecurity http) throws Exception {
+    public static class DefaultLogoutConfiguration {
+        
+        @Bean
+        public SecurityFilterChain filterChainDefaultLogout(HttpSecurity http) throws Exception {
            http.antMatcher("/basic/**")
-                .authorizeRequests(authz -> authz.anyRequest()
-                    .permitAll())
-                .logout(logout -> logout.logoutUrl("/basic/basiclogout"));
+            .authorizeRequests(authz -> authz.anyRequest()
+                .permitAll())
+            .logout(logout -> logout.logoutUrl("/basic/basiclogout"));
+            return http.build();
        }
    }

    @Order(2)
    @Configuration
-    public static class AllCookieClearingLogoutConfiguration extends WebSecurityConfigurerAdapter {
-        @Override
-        protected void configure(HttpSecurity http) throws Exception {
+    public static class AllCookieClearingLogoutConfiguration {
+
+        @Bean
+        public SecurityFilterChain filterChainAllCookieClearing(HttpSecurity http) throws Exception {
            http.antMatcher("/cookies/**")
                .authorizeRequests(authz -> authz.anyRequest()
                    .permitAll())
@ -74,22 +80,24 @@ public class SimpleSecurityConfiguration {
                            response.addCookie(cookieToDelete);
                        }
                    }));
+            return http.build();
        }
    }

    @Order(1)
    @Configuration
-    public static class ClearSiteDataHeaderLogoutConfiguration extends WebSecurityConfigurerAdapter {
+    public static class ClearSiteDataHeaderLogoutConfiguration {

        private static final ClearSiteDataHeaderWriter.Directive[] SOURCE = { CACHE, COOKIES, STORAGE, EXECUTION_CONTEXTS };

-        @Override
-        protected void configure(HttpSecurity http) throws Exception {
+        @Bean
+        public SecurityFilterChain filterChainClearSiteDataHeader(HttpSecurity http) throws Exception {
            http.antMatcher("/csd/**")
                .authorizeRequests(authz -> authz.anyRequest()
                    .permitAll())
                .logout(logout -> logout.logoutUrl("/csd/csdlogout")
                    .addLogoutHandler(new HeaderWriterLogoutHandler(new ClearSiteDataHeaderWriter(SOURCE))));
+            return http.build();
        }
    }
 }
--- a/spring-security-modules/spring-security-web-login-2/src/test/java/com/baeldung/logoutredirects/LogoutApplicationUnitTest.java
+++ b/spring-security-modules/spring-security-web-login-2/src/test/java/com/baeldung/logoutredirects/LogoutApplicationUnitTest.java
@ -8,13 +8,14 @@ import org.springframework.security.test.context.support.WithMockUser;
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.servlet.MockMvc;

+import com.baeldung.logoutredirects.securityconfig.SpringSecurityConfig;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
 import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.unauthenticated;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;

@RunWith(SpringRunner.class)
-@WebMvcTest()
+@WebMvcTest(SpringSecurityConfig.class)
 public class LogoutApplicationUnitTest {

    @Autowired
--- a/spring-security-modules/spring-security-web-login-2/src/test/java/com/baeldung/manuallogout/ManualLogoutIntegrationTest.java
+++ b/spring-security-modules/spring-security-web-login-2/src/test/java/com/baeldung/manuallogout/ManualLogoutIntegrationTest.java
@ -23,7 +23,7 @@ import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.servlet.MockMvc;

@RunWith(SpringRunner.class)
-@WebMvcTest()
+@WebMvcTest(SimpleSecurityConfiguration.class)
 public class ManualLogoutIntegrationTest {

    private static final String CLEAR_SITE_DATA_HEADER = "Clear-Site-Data";