JAVA-14878 Update spring-security-web-login-2 under spring-security-modules to remove usage of deprecated WebSecurityConfigurerAdapter (#12877)

This commit is contained in:
anuragkumawat 2022-10-19 00:55:42 +05:30 committed by GitHub
parent a613929ed9
commit cab7dee718
4 changed files with 33 additions and 23 deletions

View File

@ -2,17 +2,18 @@ package com.baeldung.logoutredirects.securityconfig;
import javax.servlet.http.HttpServletResponse;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.SecurityFilterChain;
@Configuration
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
public class SpringSecurityConfig {
@Override
protected void configure(HttpSecurity http) throws Exception {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeRequests(authz -> authz.mvcMatchers("/login")
.permitAll()
.anyRequest()
@ -21,7 +22,7 @@ public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
.logoutSuccessHandler((request, response, authentication) -> {
response.setStatus(HttpServletResponse.SC_OK);
}));
return http.build();
}
}

View File

@ -10,11 +10,12 @@ import javax.servlet.http.Cookie;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.logout.HeaderWriterLogoutHandler;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter;
@ -27,9 +28,10 @@ public class SimpleSecurityConfiguration {
@Order(4)
@Configuration
public static class LogoutOnRequestConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
public static class LogoutOnRequestConfiguration {
@Bean
public SecurityFilterChain filterChainLogoutOnRequest(HttpSecurity http) throws Exception {
http.antMatcher("/request/**")
.authorizeRequests(authz -> authz.anyRequest()
.permitAll())
@ -41,26 +43,30 @@ public class SimpleSecurityConfiguration {
logger.error(e.getMessage());
}
}));
return http.build();
}
}
@Order(3)
@Configuration
public static class DefaultLogoutConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
public static class DefaultLogoutConfiguration {
@Bean
public SecurityFilterChain filterChainDefaultLogout(HttpSecurity http) throws Exception {
http.antMatcher("/basic/**")
.authorizeRequests(authz -> authz.anyRequest()
.permitAll())
.logout(logout -> logout.logoutUrl("/basic/basiclogout"));
.authorizeRequests(authz -> authz.anyRequest()
.permitAll())
.logout(logout -> logout.logoutUrl("/basic/basiclogout"));
return http.build();
}
}
@Order(2)
@Configuration
public static class AllCookieClearingLogoutConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
public static class AllCookieClearingLogoutConfiguration {
@Bean
public SecurityFilterChain filterChainAllCookieClearing(HttpSecurity http) throws Exception {
http.antMatcher("/cookies/**")
.authorizeRequests(authz -> authz.anyRequest()
.permitAll())
@ -74,22 +80,24 @@ public class SimpleSecurityConfiguration {
response.addCookie(cookieToDelete);
}
}));
return http.build();
}
}
@Order(1)
@Configuration
public static class ClearSiteDataHeaderLogoutConfiguration extends WebSecurityConfigurerAdapter {
public static class ClearSiteDataHeaderLogoutConfiguration {
private static final ClearSiteDataHeaderWriter.Directive[] SOURCE = { CACHE, COOKIES, STORAGE, EXECUTION_CONTEXTS };
@Override
protected void configure(HttpSecurity http) throws Exception {
@Bean
public SecurityFilterChain filterChainClearSiteDataHeader(HttpSecurity http) throws Exception {
http.antMatcher("/csd/**")
.authorizeRequests(authz -> authz.anyRequest()
.permitAll())
.logout(logout -> logout.logoutUrl("/csd/csdlogout")
.addLogoutHandler(new HeaderWriterLogoutHandler(new ClearSiteDataHeaderWriter(SOURCE))));
return http.build();
}
}
}

View File

@ -8,13 +8,14 @@ import org.springframework.security.test.context.support.WithMockUser;
import org.springframework.test.context.junit4.SpringRunner;
import org.springframework.test.web.servlet.MockMvc;
import com.baeldung.logoutredirects.securityconfig.SpringSecurityConfig;
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.unauthenticated;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
@RunWith(SpringRunner.class)
@WebMvcTest()
@WebMvcTest(SpringSecurityConfig.class)
public class LogoutApplicationUnitTest {
@Autowired

View File

@ -23,7 +23,7 @@ import org.springframework.test.context.junit4.SpringRunner;
import org.springframework.test.web.servlet.MockMvc;
@RunWith(SpringRunner.class)
@WebMvcTest()
@WebMvcTest(SimpleSecurityConfiguration.class)
public class ManualLogoutIntegrationTest {
private static final String CLEAR_SITE_DATA_HEADER = "Clear-Site-Data";