JAVA-28925 | Upgrade libraries-security to Spring Boot 3 (#15500)

2023-12-29 22:17:55 +01:00 · 2023-12-29 22:17:55 +01:00 · f471384958
parent 62f7a1911f
commit f471384958
11 changed files with 129 additions and 106 deletions
--- a/libraries-security/pom.xml
+++ b/libraries-security/pom.xml
@ -9,9 +9,9 @@

    <parent>
        <groupId>com.baeldung</groupId>
-        <artifactId>parent-boot-2</artifactId>
+        <artifactId>parent-boot-3</artifactId>
        <version>0.0.1-SNAPSHOT</version>
-        <relativePath>../parent-boot-2</relativePath>
+        <relativePath>../parent-boot-3</relativePath>
    </parent>

    <dependencies>
@ -20,9 +20,8 @@
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
-            <groupId>org.springframework.security.oauth</groupId>
-            <artifactId>spring-security-oauth2</artifactId>
-            <version>${spring-security-oauth2.version}</version>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
@ -68,6 +67,29 @@
            <artifactId>jsch</artifactId>
            <version>${jsch.version}</version>
        </dependency>
+        <dependency>
+            <groupId>com.sun.xml.bind</groupId>
+            <artifactId>jaxb-core</artifactId>
+            <version>2.3.0.1</version>
+            <scope>runtime</scope>
+        </dependency>
+        <dependency>
+            <groupId>javax.xml.bind</groupId>
+            <artifactId>jaxb-api</artifactId>
+            <version>2.3.1</version>
+            <scope>runtime</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.sun.xml.bind</groupId>
+            <artifactId>jaxb-impl</artifactId>
+            <version>2.3.1</version>
+            <scope>runtime</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-oauth2-authorization-server</artifactId>
+            <version>1.2.1</version>
+        </dependency>
        <dependency>
            <groupId>org.apache.sshd</groupId>
            <artifactId>sshd-core</artifactId>
@ -125,7 +147,6 @@
        <bouncycastle.version>1.68</bouncycastle.version>
        <jsch.version>0.1.55</jsch.version>
        <apache-mina.version>2.5.1</apache-mina.version>
-        <spring-security-oauth2.version>2.4.0.RELEASE</spring-security-oauth2.version>
        <xacml4j.version>1.4.0</xacml4j.version>
    </properties>

--- a/libraries-security/src/main/java/com/baeldung/scribejava/ScribejavaApplication.java
+++ b/libraries-security/src/main/java/com/baeldung/scribejava/ScribejavaApplication.java
@ -4,7 +4,6 @@ import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.web.servlet.ServletComponentScan;

-
@SpringBootApplication
@ServletComponentScan
 public class ScribejavaApplication {
@ -13,5 +12,4 @@ public class ScribejavaApplication {
        SpringApplication.run(ScribejavaApplication.class, args);
    }

-
 }
--- a/libraries-security/src/main/java/com/baeldung/scribejava/controller/GoogleController.java
+++ b/libraries-security/src/main/java/com/baeldung/scribejava/controller/GoogleController.java
@ -10,7 +10,7 @@ import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;

-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponse;

@RestController
 public class GoogleController {
--- a/libraries-security/src/main/java/com/baeldung/scribejava/controller/RBACController.java
+++ b/libraries-security/src/main/java/com/baeldung/scribejava/controller/RBACController.java
@ -2,15 +2,14 @@ package com.baeldung.scribejava.controller;

 import java.io.IOException;

-import javax.annotation.security.DeclareRoles;
-import javax.annotation.security.RolesAllowed;
-import javax.servlet.ServletException;
-import javax.servlet.annotation.HttpConstraint;
-import javax.servlet.annotation.ServletSecurity;
-import javax.servlet.annotation.WebServlet;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.annotation.security.DeclareRoles;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.annotation.HttpConstraint;
+import jakarta.servlet.annotation.ServletSecurity;
+import jakarta.servlet.annotation.WebServlet;
+import jakarta.servlet.http.HttpServlet;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;

@WebServlet(name="rbac", urlPatterns = {"/protected"})
@DeclareRoles("USER")
--- a/libraries-security/src/main/java/com/baeldung/scribejava/controller/TwitterController.java
+++ b/libraries-security/src/main/java/com/baeldung/scribejava/controller/TwitterController.java
@ -6,7 +6,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;

-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.util.Scanner;
 import java.util.concurrent.ExecutionException;
--- a/libraries-security/src/main/java/com/baeldung/scribejava/controller/UserController.java
+++ b/libraries-security/src/main/java/com/baeldung/scribejava/controller/UserController.java
@ -10,7 +10,7 @@ import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;

-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
 import java.security.Principal;

@RestController(value = "/user")
--- a/libraries-security/src/main/java/com/baeldung/scribejava/oauth/AuthServiceConfig.java
+++ b/libraries-security/src/main/java/com/baeldung/scribejava/oauth/AuthServiceConfig.java
@ -1,45 +1,103 @@
 package com.baeldung.scribejava.oauth;

+import java.util.UUID;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.http.HttpMethod;
-import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
-import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
-import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
-import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
-import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
-
+import org.springframework.core.annotation.Order;
+import org.springframework.http.MediaType;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.oauth2.core.AuthorizationGrantType;
+import org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository;
+import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
+import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
+import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
+import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer;
+import org.springframework.security.oauth2.server.authorization.settings.ClientSettings;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
+import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher;

@Configuration
-@EnableAuthorizationServer
-public class AuthServiceConfig extends AuthorizationServerConfigurerAdapter {
+@EnableWebSecurity
+public class AuthServiceConfig {

-    @Autowired
-    @Qualifier("authenticationManagerBean")
-    private AuthenticationManager authenticationManager;
-
-    @Override
-    public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
-        oauthServer.tokenKeyAccess("permitAll()")
-                .checkTokenAccess("isAuthenticated()");
+    @Bean
+    public SecurityFilterChain securityFilter(HttpSecurity http) throws Exception {
+        http.headers( it -> it.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable))
+            .csrf(AbstractHttpConfigurer::disable);
+        return http.build();
    }

-    @Override
-    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
-        clients.inMemory()
-                .withClient("baeldung_api_key")
-                .secret("baeldung_api_secret")
-                .authorizedGrantTypes("password","refresh_token")
-                .scopes("read","write").autoApprove(true);
+    @Bean
+    public InMemoryUserDetailsManager userDetailsService() {
+        UserDetails user = User.withUsername("baeldung")
+            .password("scribejava")
+            .roles("USER")
+            .build();
+
+        return new InMemoryUserDetailsManager(user);
+    }
+    @Bean
+    public RegisteredClientRepository registeredClientRepository() {
+        RegisteredClient oidcClient = RegisteredClient.withId(UUID.randomUUID().toString())
+            .clientId("baeldung_api_key")
+            .clientSecret("baeldung_api_secret")
+            .authorizationGrantType(AuthorizationGrantType.PASSWORD)
+            .authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
+            .scope("read")
+            .scope("write")
+            .clientSettings(ClientSettings.builder().requireAuthorizationConsent(false).build())
+            .build();
+
+        return new InMemoryRegisteredClientRepository(oidcClient);
    }

-    @Override
-    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
-        endpoints
-                .authenticationManager(authenticationManager)
-                .allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST);
+    @Bean
+    @Order(1)
+    public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
+        OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
+        http.getConfigurer(OAuth2AuthorizationServerConfigurer.class)
+            .oidc(Customizer.withDefaults());	// Enable OpenID Connect 1.0
+        http
+            // Redirect to the login page when not authenticated from the
+            // authorization endpoint
+            .exceptionHandling((exceptions) -> exceptions
+                .defaultAuthenticationEntryPointFor(
+                    new LoginUrlAuthenticationEntryPoint("/login"),
+                    new MediaTypeRequestMatcher(MediaType.TEXT_HTML)
+                )
+            )
+            // Accept access tokens for User Info and/or Client Registration
+            .oauth2ResourceServer((resourceServer) -> resourceServer
+                .jwt(Customizer.withDefaults()));
+
+        return http.build();
    }

+    @Bean
+    @Order(2)
+    public SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http)
+        throws Exception {
+        http
+            .authorizeHttpRequests((authorize) -> authorize
+                .anyRequest().authenticated()
+            )
+            // Form login handles the redirect to the login page from the
+            // authorization server filter chain
+            .formLogin(Customizer.withDefaults());
+
+        return http.build();
+    }
+
+
 }
--- a/libraries-security/src/main/java/com/baeldung/scribejava/oauth/WebSecurityConfig.java
+++ b/libraries-security/src/main/java/com/baeldung/scribejava/oauth/WebSecurityConfig.java
@ -1,53 +0,0 @@
-package com.baeldung.scribejava.oauth;
-
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
-import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
-
-@Configuration
-@EnableResourceServer
-public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
-
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        http
-            .headers().frameOptions().disable()
-            .and()
-            .csrf().disable();
-    }
-
-    @Override
-    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-        auth.inMemoryAuthentication()
-                .withUser("baeldung")
-                .password("scribejava")
-                .roles("USER");
-    }
-
-    @Override
-    @Bean
-    public AuthenticationManager authenticationManagerBean() throws Exception {
-        return super.authenticationManagerBean();
-    }
-
-
-    @EnableResourceServer
-    @Configuration
-    public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
-
-        @Override
-        public void configure(HttpSecurity http) throws Exception {
-            http
-                .authorizeRequests()
-                .antMatchers("/user/me").authenticated()
-                .and()
-                .csrf().disable();
-        }
-    }
-
-}
--- a/libraries-security/src/main/java/com/baeldung/scribejava/service/GoogleService.java
+++ b/libraries-security/src/main/java/com/baeldung/scribejava/service/GoogleService.java
@ -5,7 +5,7 @@ import com.github.scribejava.core.builder.ServiceBuilder;
 import com.github.scribejava.core.oauth.OAuth20Service;
 import org.springframework.stereotype.Component;

-import javax.annotation.PostConstruct;
+import jakarta.annotation.PostConstruct;
@Component
 public class GoogleService {

--- a/libraries-security/src/main/java/com/baeldung/scribejava/service/MyService.java
+++ b/libraries-security/src/main/java/com/baeldung/scribejava/service/MyService.java
@ -5,7 +5,7 @@ import com.github.scribejava.core.builder.ServiceBuilder;
 import com.github.scribejava.core.oauth.OAuth20Service;
 import org.springframework.stereotype.Component;

-import javax.annotation.PostConstruct;
+import jakarta.annotation.PostConstruct;

@Component
 public class MyService {
--- a/libraries-security/src/main/java/com/baeldung/scribejava/service/TwitterService.java
+++ b/libraries-security/src/main/java/com/baeldung/scribejava/service/TwitterService.java
@ -5,7 +5,7 @@ import com.github.scribejava.core.builder.ServiceBuilder;
 import com.github.scribejava.core.oauth.OAuth10aService;
 import org.springframework.stereotype.Component;

-import javax.annotation.PostConstruct;
+import jakarta.annotation.PostConstruct;

@Component
 public class TwitterService {