Merge pull request #12745 from anuragkumawat/JAVA-14866

JAVA-14866 Update spring-security-core module under spring-security-modules to remove usage of deprecated WebSecurityConfigurerAdapter
This commit is contained in:
Loredana Crusoveanu 2022-09-22 12:17:22 +03:00 committed by GitHub
commit ea73ba8eab
2 changed files with 66 additions and 33 deletions

View File

@ -1,32 +1,55 @@
package com.baeldung.app.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
public class WebSecurityConfig {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/css/**", "/js/**", "/loggedout").permitAll().anyRequest().authenticated().and().httpBasic().and().logout().disable().csrf().disable();
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/css/**", "/js/**", "/loggedout")
.permitAll()
.anyRequest()
.authenticated()
.and()
.httpBasic()
.and()
.logout()
.disable()
.csrf()
.disable();
return http.build();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth, PasswordEncoder passwordEncoder) throws Exception {
auth.inMemoryAuthentication()
.withUser("jim").password(passwordEncoder.encode("jim")).roles("USER", "ACTUATOR")
.and().withUser("pam").password(passwordEncoder.encode("pam")).roles("USER")
.and().withUser("michael").password(passwordEncoder.encode("michael")).roles("MANAGER");
}
@Bean
public InMemoryUserDetailsManager userDetailsService(PasswordEncoder passwordEncoder) {
UserDetails jim = User.withUsername("jim")
.password(passwordEncoder.encode("jim"))
.roles("USER", "ACTUATOR")
.build();
UserDetails pam = User.withUsername("pam")
.password(passwordEncoder.encode("pam"))
.roles("USER")
.build();
UserDetails michael = User.withUsername("michael")
.password(passwordEncoder.encode("michael"))
.roles("MANAGER")
.build();
return new InMemoryUserDetailsManager(jim, pam, michael);
}
}

View File

@ -3,12 +3,14 @@ package com.baeldung.filterresponse.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@ -16,23 +18,33 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@EnableWebMvc
@EnableWebSecurity
@ComponentScan("com.baeldung.filterresponse")
public class AppConfig extends WebSecurityConfigurerAdapter implements WebMvcConfigurer {
public class AppConfig implements WebMvcConfigurer {
@Override
protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user").password(passwordEncoder().encode("userPass")).roles("USER")
.and()
.withUser("admin").password(passwordEncoder().encode("adminPass")).roles("ADMIN");
@Bean
public InMemoryUserDetailsManager userDetailsService(PasswordEncoder passwordEncoder) {
UserDetails user = User.withUsername("user")
.password(passwordEncoder.encode("userPass"))
.roles("USER")
.build();
UserDetails admin = User.withUsername("admin")
.password(passwordEncoder.encode("adminPass"))
.roles("ADMIN")
.build();
return new InMemoryUserDetailsManager(user, admin);
}
@Override
protected void configure(final HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.anyRequest().authenticated()
.and().httpBasic();
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.csrf()
.disable()
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.httpBasic();
return http.build();
}
@Bean
@ -40,8 +52,6 @@ public class AppConfig extends WebSecurityConfigurerAdapter implements WebMvcCon
return new BCryptPasswordEncoder();
}
public enum Role {
ROLE_USER,
ROLE_ADMIN