JAVA-14878 Update spring-security-web-login-2 under spring-security-modules to remove usage of deprecated WebSecurityConfigurerAdapter (#12877)
This commit is contained in:
parent
a613929ed9
commit
cab7dee718
|
@ -2,17 +2,18 @@ package com.baeldung.logoutredirects.securityconfig;
|
|||
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
public class SpringSecurityConfig {
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests(authz -> authz.mvcMatchers("/login")
|
||||
.permitAll()
|
||||
.anyRequest()
|
||||
|
@ -21,7 +22,7 @@ public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
.logoutSuccessHandler((request, response, authentication) -> {
|
||||
response.setStatus(HttpServletResponse.SC_OK);
|
||||
}));
|
||||
|
||||
return http.build();
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -10,11 +10,12 @@ import javax.servlet.http.Cookie;
|
|||
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.core.annotation.Order;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.authentication.logout.HeaderWriterLogoutHandler;
|
||||
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
|
||||
import org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter;
|
||||
|
@ -27,9 +28,10 @@ public class SimpleSecurityConfiguration {
|
|||
|
||||
@Order(4)
|
||||
@Configuration
|
||||
public static class LogoutOnRequestConfiguration extends WebSecurityConfigurerAdapter {
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
public static class LogoutOnRequestConfiguration {
|
||||
|
||||
@Bean
|
||||
public SecurityFilterChain filterChainLogoutOnRequest(HttpSecurity http) throws Exception {
|
||||
http.antMatcher("/request/**")
|
||||
.authorizeRequests(authz -> authz.anyRequest()
|
||||
.permitAll())
|
||||
|
@ -41,26 +43,30 @@ public class SimpleSecurityConfiguration {
|
|||
logger.error(e.getMessage());
|
||||
}
|
||||
}));
|
||||
return http.build();
|
||||
}
|
||||
}
|
||||
|
||||
@Order(3)
|
||||
@Configuration
|
||||
public static class DefaultLogoutConfiguration extends WebSecurityConfigurerAdapter {
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
public static class DefaultLogoutConfiguration {
|
||||
|
||||
@Bean
|
||||
public SecurityFilterChain filterChainDefaultLogout(HttpSecurity http) throws Exception {
|
||||
http.antMatcher("/basic/**")
|
||||
.authorizeRequests(authz -> authz.anyRequest()
|
||||
.permitAll())
|
||||
.logout(logout -> logout.logoutUrl("/basic/basiclogout"));
|
||||
.authorizeRequests(authz -> authz.anyRequest()
|
||||
.permitAll())
|
||||
.logout(logout -> logout.logoutUrl("/basic/basiclogout"));
|
||||
return http.build();
|
||||
}
|
||||
}
|
||||
|
||||
@Order(2)
|
||||
@Configuration
|
||||
public static class AllCookieClearingLogoutConfiguration extends WebSecurityConfigurerAdapter {
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
public static class AllCookieClearingLogoutConfiguration {
|
||||
|
||||
@Bean
|
||||
public SecurityFilterChain filterChainAllCookieClearing(HttpSecurity http) throws Exception {
|
||||
http.antMatcher("/cookies/**")
|
||||
.authorizeRequests(authz -> authz.anyRequest()
|
||||
.permitAll())
|
||||
|
@ -74,22 +80,24 @@ public class SimpleSecurityConfiguration {
|
|||
response.addCookie(cookieToDelete);
|
||||
}
|
||||
}));
|
||||
return http.build();
|
||||
}
|
||||
}
|
||||
|
||||
@Order(1)
|
||||
@Configuration
|
||||
public static class ClearSiteDataHeaderLogoutConfiguration extends WebSecurityConfigurerAdapter {
|
||||
public static class ClearSiteDataHeaderLogoutConfiguration {
|
||||
|
||||
private static final ClearSiteDataHeaderWriter.Directive[] SOURCE = { CACHE, COOKIES, STORAGE, EXECUTION_CONTEXTS };
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
@Bean
|
||||
public SecurityFilterChain filterChainClearSiteDataHeader(HttpSecurity http) throws Exception {
|
||||
http.antMatcher("/csd/**")
|
||||
.authorizeRequests(authz -> authz.anyRequest()
|
||||
.permitAll())
|
||||
.logout(logout -> logout.logoutUrl("/csd/csdlogout")
|
||||
.addLogoutHandler(new HeaderWriterLogoutHandler(new ClearSiteDataHeaderWriter(SOURCE))));
|
||||
return http.build();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -8,13 +8,14 @@ import org.springframework.security.test.context.support.WithMockUser;
|
|||
import org.springframework.test.context.junit4.SpringRunner;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
|
||||
import com.baeldung.logoutredirects.securityconfig.SpringSecurityConfig;
|
||||
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
|
||||
import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.unauthenticated;
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
|
||||
|
||||
@RunWith(SpringRunner.class)
|
||||
@WebMvcTest()
|
||||
@WebMvcTest(SpringSecurityConfig.class)
|
||||
public class LogoutApplicationUnitTest {
|
||||
|
||||
@Autowired
|
||||
|
|
|
@ -23,7 +23,7 @@ import org.springframework.test.context.junit4.SpringRunner;
|
|||
import org.springframework.test.web.servlet.MockMvc;
|
||||
|
||||
@RunWith(SpringRunner.class)
|
||||
@WebMvcTest()
|
||||
@WebMvcTest(SimpleSecurityConfiguration.class)
|
||||
public class ManualLogoutIntegrationTest {
|
||||
|
||||
private static final String CLEAR_SITE_DATA_HEADER = "Clear-Site-Data";
|
||||
|
|
Loading…
Reference in New Issue