iSharkFly-Docs
/
java-tutorials
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #15269 from GaetanoPiazzolla/JAVA-27657-web-adapter-security-modules 

JAVA-27657 | Replacing deprecated WebSecurityConfigurerAdapter
This commit is contained in:
Alvin Austria 2023-11-26 00:02:22 +01:00 committed by GitHub
parent 9af7dad83d 760481ec04
commit e5e8ecf27d
5 changed files with 48 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/httpsecurityvswebsecurity/HttpSecurityConfig.java
View File

@ -1,16 +1,17 @@
package com.baeldung.httpsecurityvswebsecurity; package com.baeldung.httpsecurityvswebsecurity;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.web.SecurityFilterChain;
@Configuration @Configuration
@EnableWebSecurity @EnableWebSecurity
public class HttpSecurityConfig extends WebSecurityConfigurerAdapter { public class HttpSecurityConfig {
@Override @Bean
protected void configure(HttpSecurity http) throws Exception { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
// Given: HttpSecurity configured // Given: HttpSecurity configured
http.authorizeRequests() http.authorizeRequests()
@ -27,5 +28,6 @@ public class HttpSecurityConfig extends WebSecurityConfigurerAdapter {
// When: Accessing specific URLs // When: Accessing specific URLs
// Then: Access is granted based on defined rules // Then: Access is granted based on defined rules
return http.build();
} }
} }

33
spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/httpsecurityvswebsecurity/WebSecurityConfig.java
View File

@ -1,35 +1,48 @@
package com.baeldung.httpsecurityvswebsecurity; package com.baeldung.httpsecurityvswebsecurity;
import org.springframework.context.annotation.Bean;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.SecurityFilterChain;
@Configuration @Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter { public class WebSecurityConfig {
@Autowired @Autowired
private UserDetailsService userDetailsService; private UserDetailsService userDetailsService;
@Override @Bean
protected void configure(AuthenticationManagerBuilder auth) throws Exception { public BCryptPasswordEncoder bCryptPasswordEncoder() {
auth return new BCryptPasswordEncoder();
.userDetailsService(userDetailsService)
.passwordEncoder(new BCryptPasswordEncoder());
} }
@Override @Bean
protected void configure(HttpSecurity http) throws Exception { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
AuthenticationManagerBuilder authenticationManagerBuilder = http.getSharedObject(AuthenticationManagerBuilder.class);
authenticationManagerBuilder.userDetailsService(userDetailsService);
AuthenticationManager authenticationManager = authenticationManagerBuilder.build();
http.authorizeRequests() http.authorizeRequests()
.antMatchers("/") .antMatchers("/")
.permitAll() .permitAll()
.anyRequest() .anyRequest()
.authenticated() .authenticated()
.and() .and()
.formLogin(); .formLogin().and()
.authenticationManager(authenticationManager)
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
return http.build();
}
protected void configure(HttpSecurity http) throws Exception {
} }
} }

1
spring-security-modules/spring-security-oauth2/src/main/java/com/baeldung/oauth2resttemplate/SecurityConfig.java
View File

@ -8,7 +8,6 @@ import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.core.Ordered; import org.springframework.core.Ordered;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.oauth2.client.OAuth2ClientContext; import org.springframework.security.oauth2.client.OAuth2ClientContext;
import org.springframework.security.oauth2.client.OAuth2RestTemplate; import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter; import org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter;

36
spring-security-modules/spring-security-saml/src/main/java/com/baeldung/saml/config/WebSecurityConfig.java
View File

@ -10,11 +10,9 @@ import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.saml.*; import org.springframework.security.saml.*;
import org.springframework.security.saml.key.KeyManager; import org.springframework.security.saml.key.KeyManager;
import org.springframework.security.saml.metadata.*; import org.springframework.security.saml.metadata.*;
@ -31,7 +29,7 @@ import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
@Configuration @Configuration
@EnableWebSecurity @EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true) @EnableGlobalMethodSecurity(securedEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter { public class WebSecurityConfig {
@Value("${saml.sp}") @Value("${saml.sp}")
private String samlAudience; private String samlAudience;
@ -55,8 +53,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Bean @Bean
public SAMLDiscovery samlDiscovery() { public SAMLDiscovery samlDiscovery() {
SAMLDiscovery idpDiscovery = new SAMLDiscovery(); return new SAMLDiscovery();
return idpDiscovery;
} }
@Autowired @Autowired
@ -78,19 +75,19 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
} }
@Bean @Bean
public SAMLProcessingFilter samlWebSSOProcessingFilter() throws Exception { public SAMLProcessingFilter samlWebSSOProcessingFilter(AuthenticationManager authenticationManager) {
SAMLProcessingFilter samlWebSSOProcessingFilter = new SAMLProcessingFilter(); SAMLProcessingFilter samlWebSSOProcessingFilter = new SAMLProcessingFilter();
samlWebSSOProcessingFilter.setAuthenticationManager(authenticationManager()); samlWebSSOProcessingFilter.setAuthenticationManager(authenticationManager);
samlWebSSOProcessingFilter.setAuthenticationSuccessHandler(samlAuthSuccessHandler); samlWebSSOProcessingFilter.setAuthenticationSuccessHandler(samlAuthSuccessHandler);
samlWebSSOProcessingFilter.setAuthenticationFailureHandler(samlAuthFailureHandler); samlWebSSOProcessingFilter.setAuthenticationFailureHandler(samlAuthFailureHandler);
return samlWebSSOProcessingFilter; return samlWebSSOProcessingFilter;
} }
@Bean @Bean
public FilterChainProxy samlFilter() throws Exception { public FilterChainProxy samlFilter(SAMLProcessingFilter samlProcessingFilter) throws Exception {
List<SecurityFilterChain> chains = new ArrayList<>(); List<SecurityFilterChain> chains = new ArrayList<>();
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSO/**"), chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSO/**"),
samlWebSSOProcessingFilter())); samlProcessingFilter));
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/discovery/**"), chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/discovery/**"),
samlDiscovery())); samlDiscovery()));
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/login/**"), chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/login/**"),
@ -102,19 +99,13 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
return new FilterChainProxy(chains); return new FilterChainProxy(chains);
} }
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean @Bean
public MetadataGeneratorFilter metadataGeneratorFilter() { public MetadataGeneratorFilter metadataGeneratorFilter() {
return new MetadataGeneratorFilter(metadataGenerator()); return new MetadataGeneratorFilter(metadataGenerator());
} }
@Override @Bean
protected void configure(HttpSecurity http) throws Exception { public SecurityFilterChain filterChain(HttpSecurity http, SAMLProcessingFilter samlProcessingFilter) throws Exception {
http http
.csrf() .csrf()
.disable(); .disable();
@ -125,8 +116,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
http http
.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class) .addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class)
.addFilterAfter(samlFilter(), BasicAuthenticationFilter.class) .addFilterAfter(samlProcessingFilter, BasicAuthenticationFilter.class)
.addFilterBefore(samlFilter(), CsrfFilter.class); .addFilterBefore(samlProcessingFilter, CsrfFilter.class);
http http
.authorizeRequests() .authorizeRequests()
@ -142,11 +133,10 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
e.printStackTrace(); e.printStackTrace();
} }
}); });
}
@Override http.authenticationProvider(samlAuthenticationProvider);
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(samlAuthenticationProvider); return http.build();
} }
} }

3
spring-security-modules/spring-security-web-persistent-login/src/main/java/com/baeldung/spring/SecurityConfig.java
View File

@ -3,7 +3,6 @@ package com.baeldung.spring;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ImportResource; import org.springframework.context.annotation.ImportResource;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
/** /**
* Spring Security Configuration. * Spring Security Configuration.
@ -11,7 +10,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
@Configuration @Configuration
@EnableWebSecurity @EnableWebSecurity
@ImportResource({ "classpath:webSecurityConfig.xml" }) @ImportResource({ "classpath:webSecurityConfig.xml" })
public class SecurityConfig extends WebSecurityConfigurerAdapter { public class SecurityConfig {
public SecurityConfig() { public SecurityConfig() {
super(); super();