diff --git a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/httpsecurityvswebsecurity/HttpSecurityConfig.java b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/httpsecurityvswebsecurity/HttpSecurityConfig.java index d6361255e5..414f782907 100644 --- a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/httpsecurityvswebsecurity/HttpSecurityConfig.java +++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/httpsecurityvswebsecurity/HttpSecurityConfig.java @@ -1,16 +1,17 @@ package com.baeldung.httpsecurityvswebsecurity; +import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.web.SecurityFilterChain; @Configuration @EnableWebSecurity -public class HttpSecurityConfig extends WebSecurityConfigurerAdapter { +public class HttpSecurityConfig { - @Override - protected void configure(HttpSecurity http) throws Exception { + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { // Given: HttpSecurity configured http.authorizeRequests() @@ -27,5 +28,6 @@ public class HttpSecurityConfig extends WebSecurityConfigurerAdapter { // When: Accessing specific URLs // Then: Access is granted based on defined rules + return http.build(); } } diff --git a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/httpsecurityvswebsecurity/WebSecurityConfig.java b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/httpsecurityvswebsecurity/WebSecurityConfig.java index 46a82918aa..ec50069ba5 100644 --- a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/httpsecurityvswebsecurity/WebSecurityConfig.java +++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/httpsecurityvswebsecurity/WebSecurityConfig.java @@ -1,35 +1,48 @@ package com.baeldung.httpsecurityvswebsecurity; +import org.springframework.context.annotation.Bean; +import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.web.SecurityFilterChain; @Configuration -public class WebSecurityConfig extends WebSecurityConfigurerAdapter { +public class WebSecurityConfig { @Autowired private UserDetailsService userDetailsService; - @Override - protected void configure(AuthenticationManagerBuilder auth) throws Exception { - auth - .userDetailsService(userDetailsService) - .passwordEncoder(new BCryptPasswordEncoder()); + @Bean + public BCryptPasswordEncoder bCryptPasswordEncoder() { + return new BCryptPasswordEncoder(); } - @Override - protected void configure(HttpSecurity http) throws Exception { + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + + AuthenticationManagerBuilder authenticationManagerBuilder = http.getSharedObject(AuthenticationManagerBuilder.class); + authenticationManagerBuilder.userDetailsService(userDetailsService); + AuthenticationManager authenticationManager = authenticationManagerBuilder.build(); + http.authorizeRequests() - .antMatchers("/") - .permitAll() - .anyRequest() - .authenticated() - .and() - .formLogin(); + .antMatchers("/") + .permitAll() + .anyRequest() + .authenticated() + .and() + .formLogin().and() + .authenticationManager(authenticationManager) + .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); + + return http.build(); + } + + protected void configure(HttpSecurity http) throws Exception { + } } diff --git a/spring-security-modules/spring-security-oauth2/src/main/java/com/baeldung/oauth2resttemplate/SecurityConfig.java b/spring-security-modules/spring-security-oauth2/src/main/java/com/baeldung/oauth2resttemplate/SecurityConfig.java index 1fb9a6773a..3a8e037f72 100644 --- a/spring-security-modules/spring-security-oauth2/src/main/java/com/baeldung/oauth2resttemplate/SecurityConfig.java +++ b/spring-security-modules/spring-security-oauth2/src/main/java/com/baeldung/oauth2resttemplate/SecurityConfig.java @@ -8,7 +8,6 @@ import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.Ordered; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.oauth2.client.OAuth2ClientContext; import org.springframework.security.oauth2.client.OAuth2RestTemplate; import org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter; diff --git a/spring-security-modules/spring-security-saml/src/main/java/com/baeldung/saml/config/WebSecurityConfig.java b/spring-security-modules/spring-security-saml/src/main/java/com/baeldung/saml/config/WebSecurityConfig.java index 297c391823..956233dfaf 100644 --- a/spring-security-modules/spring-security-saml/src/main/java/com/baeldung/saml/config/WebSecurityConfig.java +++ b/spring-security-modules/spring-security-saml/src/main/java/com/baeldung/saml/config/WebSecurityConfig.java @@ -10,11 +10,9 @@ import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.authentication.AuthenticationManager; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.saml.*; import org.springframework.security.saml.key.KeyManager; import org.springframework.security.saml.metadata.*; @@ -31,7 +29,7 @@ import org.springframework.security.web.util.matcher.AntPathRequestMatcher; @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(securedEnabled = true) -public class WebSecurityConfig extends WebSecurityConfigurerAdapter { +public class WebSecurityConfig { @Value("${saml.sp}") private String samlAudience; @@ -55,8 +53,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Bean public SAMLDiscovery samlDiscovery() { - SAMLDiscovery idpDiscovery = new SAMLDiscovery(); - return idpDiscovery; + return new SAMLDiscovery(); } @Autowired @@ -78,19 +75,19 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { } @Bean - public SAMLProcessingFilter samlWebSSOProcessingFilter() throws Exception { + public SAMLProcessingFilter samlWebSSOProcessingFilter(AuthenticationManager authenticationManager) { SAMLProcessingFilter samlWebSSOProcessingFilter = new SAMLProcessingFilter(); - samlWebSSOProcessingFilter.setAuthenticationManager(authenticationManager()); + samlWebSSOProcessingFilter.setAuthenticationManager(authenticationManager); samlWebSSOProcessingFilter.setAuthenticationSuccessHandler(samlAuthSuccessHandler); samlWebSSOProcessingFilter.setAuthenticationFailureHandler(samlAuthFailureHandler); return samlWebSSOProcessingFilter; } @Bean - public FilterChainProxy samlFilter() throws Exception { + public FilterChainProxy samlFilter(SAMLProcessingFilter samlProcessingFilter) throws Exception { List chains = new ArrayList<>(); chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSO/**"), - samlWebSSOProcessingFilter())); + samlProcessingFilter)); chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/discovery/**"), samlDiscovery())); chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/login/**"), @@ -102,19 +99,13 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { return new FilterChainProxy(chains); } - @Bean - @Override - public AuthenticationManager authenticationManagerBean() throws Exception { - return super.authenticationManagerBean(); - } - @Bean public MetadataGeneratorFilter metadataGeneratorFilter() { return new MetadataGeneratorFilter(metadataGenerator()); } - @Override - protected void configure(HttpSecurity http) throws Exception { + @Bean + public SecurityFilterChain filterChain(HttpSecurity http, SAMLProcessingFilter samlProcessingFilter) throws Exception { http .csrf() .disable(); @@ -125,8 +116,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { http .addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class) - .addFilterAfter(samlFilter(), BasicAuthenticationFilter.class) - .addFilterBefore(samlFilter(), CsrfFilter.class); + .addFilterAfter(samlProcessingFilter, BasicAuthenticationFilter.class) + .addFilterBefore(samlProcessingFilter, CsrfFilter.class); http .authorizeRequests() @@ -142,11 +133,10 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { e.printStackTrace(); } }); - } - @Override - protected void configure(AuthenticationManagerBuilder auth) throws Exception { - auth.authenticationProvider(samlAuthenticationProvider); + http.authenticationProvider(samlAuthenticationProvider); + + return http.build(); } } diff --git a/spring-security-modules/spring-security-web-persistent-login/src/main/java/com/baeldung/spring/SecurityConfig.java b/spring-security-modules/spring-security-web-persistent-login/src/main/java/com/baeldung/spring/SecurityConfig.java index d3cfff81cb..0a9c717f5a 100644 --- a/spring-security-modules/spring-security-web-persistent-login/src/main/java/com/baeldung/spring/SecurityConfig.java +++ b/spring-security-modules/spring-security-web-persistent-login/src/main/java/com/baeldung/spring/SecurityConfig.java @@ -3,7 +3,6 @@ package com.baeldung.spring; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.ImportResource; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; /** * Spring Security Configuration. @@ -11,7 +10,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur @Configuration @EnableWebSecurity @ImportResource({ "classpath:webSecurityConfig.xml" }) -public class SecurityConfig extends WebSecurityConfigurerAdapter { +public class SecurityConfig { public SecurityConfig() { super();