From dea22a68632b94ee4dfe45c64ec631fd350fdba2 Mon Sep 17 00:00:00 2001 From: michaelin007 Date: Thu, 30 Nov 2023 18:42:41 +0000 Subject: [PATCH] Update article httpsecurity vs websecurity --- .../SecurityConfiguration.java | 78 +++++++++++++++++ .../WebSecurityConfig.java | 87 +++++-------------- 2 files changed, 100 insertions(+), 65 deletions(-) create mode 100644 spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/httpsecurityvswebsecurity/SecurityConfiguration.java diff --git a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/httpsecurityvswebsecurity/SecurityConfiguration.java b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/httpsecurityvswebsecurity/SecurityConfiguration.java new file mode 100644 index 0000000000..5c0853e6f3 --- /dev/null +++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/httpsecurityvswebsecurity/SecurityConfiguration.java @@ -0,0 +1,78 @@ +package com.baeldung.httpsecurityvswebsecurity; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; +import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.provisioning.InMemoryUserDetailsManager; +import org.springframework.security.web.SecurityFilterChain; +import org.springframework.security.web.firewall.HttpFirewall; +import org.springframework.security.web.firewall.StrictHttpFirewall; + +import java.util.ArrayList; +import java.util.List; + +import static org.springframework.security.config.Customizer.withDefaults; + +@Configuration +@EnableWebSecurity +public class SecurityConfiguration { + + @Bean + public HttpFirewall allowHttpMethod() { + List allowedMethods = new ArrayList(); + allowedMethods.add("GET"); + allowedMethods.add("POST"); + StrictHttpFirewall firewall = new StrictHttpFirewall(); + firewall.setAllowedHttpMethods(allowedMethods); + return firewall; + } + + @Bean + public WebSecurityCustomizer fireWall() { + return (web) -> web.httpFirewall(allowHttpMethod()); + } + + @Bean + public WebSecurityCustomizer ignoringCustomizer() { + return (web) -> web.ignoring().antMatchers("/resources/**", "/static/**"); + } + + @Bean + public WebSecurityCustomizer debugSecurity() { + return (web) -> web.debug(true); + } + + @Bean + public InMemoryUserDetailsManager userDetailsService() { + UserDetails user = User.withUsername("user") + .password(encoder().encode("userPass")) + .roles("ADMIN") + .build(); + return new InMemoryUserDetailsManager(user); + } + + @Bean + public PasswordEncoder encoder() { + return new BCryptPasswordEncoder(); + } + + @Bean + public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { + http.authorizeHttpRequests((authorize) -> authorize.antMatchers("/admin/**") + .hasRole("ADMIN") + .anyRequest() + .permitAll()) + .httpBasic(withDefaults()) + .formLogin(withDefaults()) + .csrf(AbstractHttpConfigurer::disable); + return http.build(); + } + +} diff --git a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/httpsecurityvswebsecurity/WebSecurityConfig.java b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/httpsecurityvswebsecurity/WebSecurityConfig.java index f5b799065b..46a82918aa 100644 --- a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/httpsecurityvswebsecurity/WebSecurityConfig.java +++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/httpsecurityvswebsecurity/WebSecurityConfig.java @@ -1,78 +1,35 @@ package com.baeldung.httpsecurityvswebsecurity; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; -import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer; -import org.springframework.security.core.userdetails.User; -import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; -import org.springframework.security.crypto.password.PasswordEncoder; -import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.springframework.security.web.SecurityFilterChain; -import org.springframework.security.web.firewall.HttpFirewall; -import org.springframework.security.web.firewall.StrictHttpFirewall; - -import java.util.ArrayList; -import java.util.List; - -import static org.springframework.security.config.Customizer.withDefaults; @Configuration -@EnableWebSecurity -public class WebSecurityConfig { +public class WebSecurityConfig extends WebSecurityConfigurerAdapter { - @Bean - public HttpFirewall allowHttpMethod() { - List allowedMethods = new ArrayList(); - allowedMethods.add("GET"); - allowedMethods.add("POST"); - StrictHttpFirewall firewall = new StrictHttpFirewall(); - firewall.setAllowedHttpMethods(allowedMethods); - return firewall; + @Autowired + private UserDetailsService userDetailsService; + + @Override + protected void configure(AuthenticationManagerBuilder auth) throws Exception { + auth + .userDetailsService(userDetailsService) + .passwordEncoder(new BCryptPasswordEncoder()); } - @Bean - public WebSecurityCustomizer fireWall() { - return (web) -> web.httpFirewall(allowHttpMethod()); - } - - @Bean - public WebSecurityCustomizer ignoringCustomizer() { - return (web) -> web.ignoring().antMatchers("/resources/**", "/static/**"); - } - - @Bean - public WebSecurityCustomizer debugSecurity() { - return (web) -> web.debug(true); - } - - @Bean - public InMemoryUserDetailsManager userDetailsService() { - UserDetails user = User.withUsername("user") - .password(encoder().encode("userPass")) - .roles("ADMIN") - .build(); - return new InMemoryUserDetailsManager(user); - } - - @Bean - public PasswordEncoder encoder() { - return new BCryptPasswordEncoder(); - } - - @Bean - public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { - http.authorizeHttpRequests((authorize) -> authorize.antMatchers("/admin/**") - .hasRole("ADMIN") + @Override + protected void configure(HttpSecurity http) throws Exception { + http.authorizeRequests() + .antMatchers("/") + .permitAll() .anyRequest() - .permitAll()) - .httpBasic(withDefaults()) - .formLogin(withDefaults()) - .csrf(AbstractHttpConfigurer::disable); - return http.build(); + .authenticated() + .and() + .formLogin(); } - }