JAVA-14878 Update spring-security-web-login-2 under spring-security-modules to remove usage of deprecated WebSecurityConfigurerAdapter (#12877)
This commit is contained in:
anuragkumawat
GitHub
parent
a613929ed9
commit
cab7dee718
@ -2,17 +2,18 @@ package com.baeldung.logoutredirects.securityconfig;
|
|||||||
|
|
||||||
import javax.servlet.http.HttpServletResponse;
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
|
||||||
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
import org.springframework.security.web.SecurityFilterChain;
|
||||||
|
|
||||||
@Configuration
|
@Configuration
|
||||||
@EnableWebSecurity
|
@EnableWebSecurity
|
||||||
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
|
public class SpringSecurityConfig {
|
||||||
|
|
||||||
@Override
|
@Bean
|
||||||
protected void configure(HttpSecurity http) throws Exception {
|
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||||
http.authorizeRequests(authz -> authz.mvcMatchers("/login")
|
http.authorizeRequests(authz -> authz.mvcMatchers("/login")
|
||||||
.permitAll()
|
.permitAll()
|
||||||
.anyRequest()
|
.anyRequest()
|
||||||
@ -21,7 +22,7 @@ public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
|
|||||||
.logoutSuccessHandler((request, response, authentication) -> {
|
.logoutSuccessHandler((request, response, authentication) -> {
|
||||||
response.setStatus(HttpServletResponse.SC_OK);
|
response.setStatus(HttpServletResponse.SC_OK);
|
||||||
}));
|
}));
|
||||||
|
return http.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -10,11 +10,12 @@ import javax.servlet.http.Cookie;
|
|||||||
|
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
import org.springframework.core.annotation.Order;
|
import org.springframework.core.annotation.Order;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
import org.springframework.security.web.SecurityFilterChain;
|
||||||
import org.springframework.security.web.authentication.logout.HeaderWriterLogoutHandler;
|
import org.springframework.security.web.authentication.logout.HeaderWriterLogoutHandler;
|
||||||
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
|
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
|
||||||
import org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter;
|
import org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter;
|
||||||
@ -27,9 +28,10 @@ public class SimpleSecurityConfiguration {
|
|||||||
|
|
||||||
@Order(4)
|
@Order(4)
|
||||||
@Configuration
|
@Configuration
|
||||||
public static class LogoutOnRequestConfiguration extends WebSecurityConfigurerAdapter {
|
public static class LogoutOnRequestConfiguration {
|
||||||
@Override
|
|
||||||
protected void configure(HttpSecurity http) throws Exception {
|
@Bean
|
||||||
|
public SecurityFilterChain filterChainLogoutOnRequest(HttpSecurity http) throws Exception {
|
||||||
http.antMatcher("/request/**")
|
http.antMatcher("/request/**")
|
||||||
.authorizeRequests(authz -> authz.anyRequest()
|
.authorizeRequests(authz -> authz.anyRequest()
|
||||||
.permitAll())
|
.permitAll())
|
||||||
@ -41,26 +43,30 @@ public class SimpleSecurityConfiguration {
|
|||||||
logger.error(e.getMessage());
|
logger.error(e.getMessage());
|
||||||
}
|
}
|
||||||
}));
|
}));
|
||||||
|
return http.build();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Order(3)
|
@Order(3)
|
||||||
@Configuration
|
@Configuration
|
||||||
public static class DefaultLogoutConfiguration extends WebSecurityConfigurerAdapter {
|
public static class DefaultLogoutConfiguration {
|
||||||
@Override
|
|
||||||
protected void configure(HttpSecurity http) throws Exception {
|
@Bean
|
||||||
|
public SecurityFilterChain filterChainDefaultLogout(HttpSecurity http) throws Exception {
|
||||||
http.antMatcher("/basic/**")
|
http.antMatcher("/basic/**")
|
||||||
.authorizeRequests(authz -> authz.anyRequest()
|
.authorizeRequests(authz -> authz.anyRequest()
|
||||||
.permitAll())
|
.permitAll())
|
||||||
.logout(logout -> logout.logoutUrl("/basic/basiclogout"));
|
.logout(logout -> logout.logoutUrl("/basic/basiclogout"));
|
||||||
|
return http.build();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Order(2)
|
@Order(2)
|
||||||
@Configuration
|
@Configuration
|
||||||
public static class AllCookieClearingLogoutConfiguration extends WebSecurityConfigurerAdapter {
|
public static class AllCookieClearingLogoutConfiguration {
|
||||||
@Override
|
|
||||||
protected void configure(HttpSecurity http) throws Exception {
|
@Bean
|
||||||
|
public SecurityFilterChain filterChainAllCookieClearing(HttpSecurity http) throws Exception {
|
||||||
http.antMatcher("/cookies/**")
|
http.antMatcher("/cookies/**")
|
||||||
.authorizeRequests(authz -> authz.anyRequest()
|
.authorizeRequests(authz -> authz.anyRequest()
|
||||||
.permitAll())
|
.permitAll())
|
||||||
@ -74,22 +80,24 @@ public class SimpleSecurityConfiguration {
|
|||||||
response.addCookie(cookieToDelete);
|
response.addCookie(cookieToDelete);
|
||||||
}
|
}
|
||||||
}));
|
}));
|
||||||
|
return http.build();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Order(1)
|
@Order(1)
|
||||||
@Configuration
|
@Configuration
|
||||||
public static class ClearSiteDataHeaderLogoutConfiguration extends WebSecurityConfigurerAdapter {
|
public static class ClearSiteDataHeaderLogoutConfiguration {
|
||||||
|
|
||||||
private static final ClearSiteDataHeaderWriter.Directive[] SOURCE = { CACHE, COOKIES, STORAGE, EXECUTION_CONTEXTS };
|
private static final ClearSiteDataHeaderWriter.Directive[] SOURCE = { CACHE, COOKIES, STORAGE, EXECUTION_CONTEXTS };
|
||||||
|
|
||||||
@Override
|
@Bean
|
||||||
protected void configure(HttpSecurity http) throws Exception {
|
public SecurityFilterChain filterChainClearSiteDataHeader(HttpSecurity http) throws Exception {
|
||||||
http.antMatcher("/csd/**")
|
http.antMatcher("/csd/**")
|
||||||
.authorizeRequests(authz -> authz.anyRequest()
|
.authorizeRequests(authz -> authz.anyRequest()
|
||||||
.permitAll())
|
.permitAll())
|
||||||
.logout(logout -> logout.logoutUrl("/csd/csdlogout")
|
.logout(logout -> logout.logoutUrl("/csd/csdlogout")
|
||||||
.addLogoutHandler(new HeaderWriterLogoutHandler(new ClearSiteDataHeaderWriter(SOURCE))));
|
.addLogoutHandler(new HeaderWriterLogoutHandler(new ClearSiteDataHeaderWriter(SOURCE))));
|
||||||
|
return http.build();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -8,13 +8,14 @@ import org.springframework.security.test.context.support.WithMockUser;
|
|||||||
import org.springframework.test.context.junit4.SpringRunner;
|
import org.springframework.test.context.junit4.SpringRunner;
|
||||||
import org.springframework.test.web.servlet.MockMvc;
|
import org.springframework.test.web.servlet.MockMvc;
|
||||||
|
|
||||||
|
import com.baeldung.logoutredirects.securityconfig.SpringSecurityConfig;
|
||||||
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
|
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
|
||||||
import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.unauthenticated;
|
import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.unauthenticated;
|
||||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
|
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
|
||||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
|
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
|
||||||
|
|
||||||
@RunWith(SpringRunner.class)
|
@RunWith(SpringRunner.class)
|
||||||
@WebMvcTest()
|
@WebMvcTest(SpringSecurityConfig.class)
|
||||||
public class LogoutApplicationUnitTest {
|
public class LogoutApplicationUnitTest {
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
|
|||||||
@ -23,7 +23,7 @@ import org.springframework.test.context.junit4.SpringRunner;
|
|||||||
import org.springframework.test.web.servlet.MockMvc;
|
import org.springframework.test.web.servlet.MockMvc;
|
||||||
|
|
||||||
@RunWith(SpringRunner.class)
|
@RunWith(SpringRunner.class)
|
||||||
@WebMvcTest()
|
@WebMvcTest(SimpleSecurityConfiguration.class)
|
||||||
public class ManualLogoutIntegrationTest {
|
public class ManualLogoutIntegrationTest {
|
||||||
|
|
||||||
private static final String CLEAR_SITE_DATA_HEADER = "Clear-Site-Data";
|
private static final String CLEAR_SITE_DATA_HEADER = "Clear-Site-Data";
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user