Update article httpsecurity vs websecurity

2023-11-30 18:42:41 +00:00 · 2023-11-30 18:42:41 +00:00 · dea22a6863
parent 339b269caa
commit dea22a6863
2 changed files with 100 additions and 65 deletions
--- a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/httpsecurityvswebsecurity/SecurityConfiguration.java
+++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/httpsecurityvswebsecurity/SecurityConfiguration.java
@ -0,0 +1,78 @@
+package com.baeldung.httpsecurityvswebsecurity;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.firewall.HttpFirewall;
+import org.springframework.security.web.firewall.StrictHttpFirewall;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import static org.springframework.security.config.Customizer.withDefaults;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfiguration {
+
+    @Bean
+    public HttpFirewall allowHttpMethod() {
+        List<String> allowedMethods = new ArrayList<String>();
+        allowedMethods.add("GET");
+        allowedMethods.add("POST");
+        StrictHttpFirewall firewall = new StrictHttpFirewall();
+        firewall.setAllowedHttpMethods(allowedMethods);
+        return firewall;
+    }
+
+    @Bean
+    public WebSecurityCustomizer fireWall() {
+        return (web) -> web.httpFirewall(allowHttpMethod());
+    }
+
+    @Bean
+    public WebSecurityCustomizer ignoringCustomizer() {
+        return (web) -> web.ignoring().antMatchers("/resources/**", "/static/**");
+    }
+
+    @Bean
+    public WebSecurityCustomizer debugSecurity() {
+        return (web) -> web.debug(true);
+    }
+
+    @Bean
+    public InMemoryUserDetailsManager userDetailsService() {
+        UserDetails user = User.withUsername("user")
+          .password(encoder().encode("userPass"))
+          .roles("ADMIN")
+          .build();
+        return new InMemoryUserDetailsManager(user);
+    }
+
+    @Bean
+    public PasswordEncoder encoder() {
+        return new BCryptPasswordEncoder();
+    }
+
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        http.authorizeHttpRequests((authorize) -> authorize.antMatchers("/admin/**")
+          .hasRole("ADMIN")
+          .anyRequest()
+          .permitAll())
+          .httpBasic(withDefaults())
+          .formLogin(withDefaults())
+          .csrf(AbstractHttpConfigurer::disable);
+        return http.build();
+    }
+
+}
--- a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/httpsecurityvswebsecurity/WebSecurityConfig.java
+++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/httpsecurityvswebsecurity/WebSecurityConfig.java
@ -1,78 +1,35 @@
 package com.baeldung.httpsecurityvswebsecurity;

-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
-import org.springframework.security.core.userdetails.User;
-import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
-import org.springframework.security.crypto.password.PasswordEncoder;
-import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.firewall.HttpFirewall;
-import org.springframework.security.web.firewall.StrictHttpFirewall;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import static org.springframework.security.config.Customizer.withDefaults;

@Configuration
-@EnableWebSecurity
-public class WebSecurityConfig {
+public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

-    @Bean
-    public HttpFirewall allowHttpMethod() {
-        List<String> allowedMethods = new ArrayList<String>();
-        allowedMethods.add("GET");
-        allowedMethods.add("POST");
-        StrictHttpFirewall firewall = new StrictHttpFirewall();
-        firewall.setAllowedHttpMethods(allowedMethods);
-        return firewall;
+    @Autowired
+    private UserDetailsService userDetailsService;
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth
+          .userDetailsService(userDetailsService)
+          .passwordEncoder(new BCryptPasswordEncoder());
    }

-    @Bean
-    public WebSecurityCustomizer fireWall() {
-        return (web) -> web.httpFirewall(allowHttpMethod());
-    }
-
-    @Bean
-    public WebSecurityCustomizer ignoringCustomizer() {
-        return (web) -> web.ignoring().antMatchers("/resources/**", "/static/**");
-    }
-
-    @Bean
-    public WebSecurityCustomizer debugSecurity() {
-        return (web) -> web.debug(true);
-    }
-
-    @Bean
-    public InMemoryUserDetailsManager userDetailsService() {
-        UserDetails user = User.withUsername("user")
-          .password(encoder().encode("userPass"))
-          .roles("ADMIN")
-          .build();
-        return new InMemoryUserDetailsManager(user);
-    }
-
-    @Bean
-    public PasswordEncoder encoder() {
-        return new BCryptPasswordEncoder();
-    }
-
-    @Bean
-    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-        http.authorizeHttpRequests((authorize) -> authorize.antMatchers("/admin/**")
-          .hasRole("ADMIN")
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.authorizeRequests()
+          .antMatchers("/")
+          .permitAll()
          .anyRequest()
-          .permitAll())
-          .httpBasic(withDefaults())
-          .formLogin(withDefaults())
-          .csrf(AbstractHttpConfigurer::disable);
-        return http.build();
+          .authenticated()
+          .and()
+          .formLogin();
    }
-
 }