Update article httpsecurity vs websecurity
This commit is contained in:
michaelin007
parent
339b269caa
commit
dea22a6863
|
|
@ -0,0 +1,78 @@
|
||||||
|
package com.baeldung.httpsecurityvswebsecurity;
|
||||||
|
|
||||||
|
import org.springframework.context.annotation.Bean;
|
||||||
|
import org.springframework.context.annotation.Configuration;
|
||||||
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
|
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
||||||
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
|
||||||
|
import org.springframework.security.core.userdetails.User;
|
||||||
|
import org.springframework.security.core.userdetails.UserDetails;
|
||||||
|
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||||
|
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||||
|
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||||
|
import org.springframework.security.web.SecurityFilterChain;
|
||||||
|
import org.springframework.security.web.firewall.HttpFirewall;
|
||||||
|
import org.springframework.security.web.firewall.StrictHttpFirewall;
|
||||||
|
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
import static org.springframework.security.config.Customizer.withDefaults;
|
||||||
|
|
||||||
|
@Configuration
|
||||||
|
@EnableWebSecurity
|
||||||
|
public class SecurityConfiguration {
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
public HttpFirewall allowHttpMethod() {
|
||||||
|
List<String> allowedMethods = new ArrayList<String>();
|
||||||
|
allowedMethods.add("GET");
|
||||||
|
allowedMethods.add("POST");
|
||||||
|
StrictHttpFirewall firewall = new StrictHttpFirewall();
|
||||||
|
firewall.setAllowedHttpMethods(allowedMethods);
|
||||||
|
return firewall;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
public WebSecurityCustomizer fireWall() {
|
||||||
|
return (web) -> web.httpFirewall(allowHttpMethod());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
public WebSecurityCustomizer ignoringCustomizer() {
|
||||||
|
return (web) -> web.ignoring().antMatchers("/resources/**", "/static/**");
|
||||||
|
}
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
public WebSecurityCustomizer debugSecurity() {
|
||||||
|
return (web) -> web.debug(true);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
public InMemoryUserDetailsManager userDetailsService() {
|
||||||
|
UserDetails user = User.withUsername("user")
|
||||||
|
.password(encoder().encode("userPass"))
|
||||||
|
.roles("ADMIN")
|
||||||
|
.build();
|
||||||
|
return new InMemoryUserDetailsManager(user);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
public PasswordEncoder encoder() {
|
||||||
|
return new BCryptPasswordEncoder();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
||||||
|
http.authorizeHttpRequests((authorize) -> authorize.antMatchers("/admin/**")
|
||||||
|
.hasRole("ADMIN")
|
||||||
|
.anyRequest()
|
||||||
|
.permitAll())
|
||||||
|
.httpBasic(withDefaults())
|
||||||
|
.formLogin(withDefaults())
|
||||||
|
.csrf(AbstractHttpConfigurer::disable);
|
||||||
|
return http.build();
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
@ -1,78 +1,35 @@
|
||||||
package com.baeldung.httpsecurityvswebsecurity;
|
package com.baeldung.httpsecurityvswebsecurity;
|
||||||
|
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||||
import org.springframework.context.annotation.Configuration;
|
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
import org.springframework.context.annotation.Configuration;
|
||||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||||
import org.springframework.security.core.userdetails.User;
|
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||||
import org.springframework.security.core.userdetails.UserDetails;
|
|
||||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
|
||||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
|
||||||
import org.springframework.security.web.SecurityFilterChain;
|
import org.springframework.security.web.SecurityFilterChain;
|
||||||
import org.springframework.security.web.firewall.HttpFirewall;
|
|
||||||
import org.springframework.security.web.firewall.StrictHttpFirewall;
|
|
||||||
|
|
||||||
import java.util.ArrayList;
|
|
||||||
import java.util.List;
|
|
||||||
|
|
||||||
import static org.springframework.security.config.Customizer.withDefaults;
|
|
||||||
|
|
||||||
@Configuration
|
@Configuration
|
||||||
@EnableWebSecurity
|
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||||
public class WebSecurityConfig {
|
|
||||||
|
|
||||||
@Bean
|
@Autowired
|
||||||
public HttpFirewall allowHttpMethod() {
|
private UserDetailsService userDetailsService;
|
||||||
List<String> allowedMethods = new ArrayList<String>();
|
|
||||||
allowedMethods.add("GET");
|
@Override
|
||||||
allowedMethods.add("POST");
|
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
||||||
StrictHttpFirewall firewall = new StrictHttpFirewall();
|
auth
|
||||||
firewall.setAllowedHttpMethods(allowedMethods);
|
.userDetailsService(userDetailsService)
|
||||||
return firewall;
|
.passwordEncoder(new BCryptPasswordEncoder());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
@Override
|
||||||
public WebSecurityCustomizer fireWall() {
|
protected void configure(HttpSecurity http) throws Exception {
|
||||||
return (web) -> web.httpFirewall(allowHttpMethod());
|
http.authorizeRequests()
|
||||||
}
|
.antMatchers("/")
|
||||||
|
.permitAll()
|
||||||
@Bean
|
|
||||||
public WebSecurityCustomizer ignoringCustomizer() {
|
|
||||||
return (web) -> web.ignoring().antMatchers("/resources/**", "/static/**");
|
|
||||||
}
|
|
||||||
|
|
||||||
@Bean
|
|
||||||
public WebSecurityCustomizer debugSecurity() {
|
|
||||||
return (web) -> web.debug(true);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Bean
|
|
||||||
public InMemoryUserDetailsManager userDetailsService() {
|
|
||||||
UserDetails user = User.withUsername("user")
|
|
||||||
.password(encoder().encode("userPass"))
|
|
||||||
.roles("ADMIN")
|
|
||||||
.build();
|
|
||||||
return new InMemoryUserDetailsManager(user);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Bean
|
|
||||||
public PasswordEncoder encoder() {
|
|
||||||
return new BCryptPasswordEncoder();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Bean
|
|
||||||
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
|
||||||
http.authorizeHttpRequests((authorize) -> authorize.antMatchers("/admin/**")
|
|
||||||
.hasRole("ADMIN")
|
|
||||||
.anyRequest()
|
.anyRequest()
|
||||||
.permitAll())
|
.authenticated()
|
||||||
.httpBasic(withDefaults())
|
.and()
|
||||||
.formLogin(withDefaults())
|
.formLogin();
|
||||||
.csrf(AbstractHttpConfigurer::disable);
|
|
||||||
return http.build();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue