JAVA-28925 | Upgrade libraries-security to Spring Boot 3 (#15500)
This commit is contained in:
Gaetano Piazzolla
GitHub
parent
62f7a1911f
commit
f471384958
@ -9,9 +9,9 @@
|
|||||||
|
|
||||||
<parent>
|
<parent>
|
||||||
<groupId>com.baeldung</groupId>
|
<groupId>com.baeldung</groupId>
|
||||||
<artifactId>parent-boot-2</artifactId>
|
<artifactId>parent-boot-3</artifactId>
|
||||||
<version>0.0.1-SNAPSHOT</version>
|
<version>0.0.1-SNAPSHOT</version>
|
||||||
<relativePath>../parent-boot-2</relativePath>
|
<relativePath>../parent-boot-3</relativePath>
|
||||||
</parent>
|
</parent>
|
||||||
|
|
||||||
<dependencies>
|
<dependencies>
|
||||||
@ -20,9 +20,8 @@
|
|||||||
<artifactId>spring-boot-starter-web</artifactId>
|
<artifactId>spring-boot-starter-web</artifactId>
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.springframework.security.oauth</groupId>
|
<groupId>org.springframework.boot</groupId>
|
||||||
<artifactId>spring-security-oauth2</artifactId>
|
<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
|
||||||
<version>${spring-security-oauth2.version}</version>
|
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.springframework</groupId>
|
<groupId>org.springframework</groupId>
|
||||||
@ -68,6 +67,29 @@
|
|||||||
<artifactId>jsch</artifactId>
|
<artifactId>jsch</artifactId>
|
||||||
<version>${jsch.version}</version>
|
<version>${jsch.version}</version>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>com.sun.xml.bind</groupId>
|
||||||
|
<artifactId>jaxb-core</artifactId>
|
||||||
|
<version>2.3.0.1</version>
|
||||||
|
<scope>runtime</scope>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>javax.xml.bind</groupId>
|
||||||
|
<artifactId>jaxb-api</artifactId>
|
||||||
|
<version>2.3.1</version>
|
||||||
|
<scope>runtime</scope>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>com.sun.xml.bind</groupId>
|
||||||
|
<artifactId>jaxb-impl</artifactId>
|
||||||
|
<version>2.3.1</version>
|
||||||
|
<scope>runtime</scope>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.springframework.security</groupId>
|
||||||
|
<artifactId>spring-security-oauth2-authorization-server</artifactId>
|
||||||
|
<version>1.2.1</version>
|
||||||
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.apache.sshd</groupId>
|
<groupId>org.apache.sshd</groupId>
|
||||||
<artifactId>sshd-core</artifactId>
|
<artifactId>sshd-core</artifactId>
|
||||||
@ -125,7 +147,6 @@
|
|||||||
<bouncycastle.version>1.68</bouncycastle.version>
|
<bouncycastle.version>1.68</bouncycastle.version>
|
||||||
<jsch.version>0.1.55</jsch.version>
|
<jsch.version>0.1.55</jsch.version>
|
||||||
<apache-mina.version>2.5.1</apache-mina.version>
|
<apache-mina.version>2.5.1</apache-mina.version>
|
||||||
<spring-security-oauth2.version>2.4.0.RELEASE</spring-security-oauth2.version>
|
|
||||||
<xacml4j.version>1.4.0</xacml4j.version>
|
<xacml4j.version>1.4.0</xacml4j.version>
|
||||||
</properties>
|
</properties>
|
||||||
|
|
||||||
|
|||||||
@ -4,7 +4,6 @@ import org.springframework.boot.SpringApplication;
|
|||||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||||
import org.springframework.boot.web.servlet.ServletComponentScan;
|
import org.springframework.boot.web.servlet.ServletComponentScan;
|
||||||
|
|
||||||
|
|
||||||
@SpringBootApplication
|
@SpringBootApplication
|
||||||
@ServletComponentScan
|
@ServletComponentScan
|
||||||
public class ScribejavaApplication {
|
public class ScribejavaApplication {
|
||||||
@ -13,5 +12,4 @@ public class ScribejavaApplication {
|
|||||||
SpringApplication.run(ScribejavaApplication.class, args);
|
SpringApplication.run(ScribejavaApplication.class, args);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -10,7 +10,7 @@ import org.springframework.web.bind.annotation.GetMapping;
|
|||||||
import org.springframework.web.bind.annotation.RequestParam;
|
import org.springframework.web.bind.annotation.RequestParam;
|
||||||
import org.springframework.web.bind.annotation.RestController;
|
import org.springframework.web.bind.annotation.RestController;
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletResponse;
|
import jakarta.servlet.http.HttpServletResponse;
|
||||||
|
|
||||||
@RestController
|
@RestController
|
||||||
public class GoogleController {
|
public class GoogleController {
|
||||||
|
|||||||
@ -2,15 +2,14 @@ package com.baeldung.scribejava.controller;
|
|||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
|
||||||
import javax.annotation.security.DeclareRoles;
|
import jakarta.annotation.security.DeclareRoles;
|
||||||
import javax.annotation.security.RolesAllowed;
|
import jakarta.servlet.ServletException;
|
||||||
import javax.servlet.ServletException;
|
import jakarta.servlet.annotation.HttpConstraint;
|
||||||
import javax.servlet.annotation.HttpConstraint;
|
import jakarta.servlet.annotation.ServletSecurity;
|
||||||
import javax.servlet.annotation.ServletSecurity;
|
import jakarta.servlet.annotation.WebServlet;
|
||||||
import javax.servlet.annotation.WebServlet;
|
import jakarta.servlet.http.HttpServlet;
|
||||||
import javax.servlet.http.HttpServlet;
|
import jakarta.servlet.http.HttpServletRequest;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import jakarta.servlet.http.HttpServletResponse;
|
||||||
import javax.servlet.http.HttpServletResponse;
|
|
||||||
|
|
||||||
@WebServlet(name="rbac", urlPatterns = {"/protected"})
|
@WebServlet(name="rbac", urlPatterns = {"/protected"})
|
||||||
@DeclareRoles("USER")
|
@DeclareRoles("USER")
|
||||||
|
|||||||
@ -6,7 +6,7 @@ import org.springframework.beans.factory.annotation.Autowired;
|
|||||||
import org.springframework.web.bind.annotation.GetMapping;
|
import org.springframework.web.bind.annotation.GetMapping;
|
||||||
import org.springframework.web.bind.annotation.RestController;
|
import org.springframework.web.bind.annotation.RestController;
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletResponse;
|
import jakarta.servlet.http.HttpServletResponse;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.util.Scanner;
|
import java.util.Scanner;
|
||||||
import java.util.concurrent.ExecutionException;
|
import java.util.concurrent.ExecutionException;
|
||||||
|
|||||||
@ -10,7 +10,7 @@ import org.springframework.web.bind.annotation.GetMapping;
|
|||||||
import org.springframework.web.bind.annotation.RequestParam;
|
import org.springframework.web.bind.annotation.RequestParam;
|
||||||
import org.springframework.web.bind.annotation.RestController;
|
import org.springframework.web.bind.annotation.RestController;
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletResponse;
|
import jakarta.servlet.http.HttpServletResponse;
|
||||||
import java.security.Principal;
|
import java.security.Principal;
|
||||||
|
|
||||||
@RestController(value = "/user")
|
@RestController(value = "/user")
|
||||||
|
|||||||
@ -1,45 +1,103 @@
|
|||||||
package com.baeldung.scribejava.oauth;
|
package com.baeldung.scribejava.oauth;
|
||||||
|
|
||||||
|
import java.util.UUID;
|
||||||
|
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.beans.factory.annotation.Qualifier;
|
import org.springframework.beans.factory.annotation.Qualifier;
|
||||||
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
import org.springframework.http.HttpMethod;
|
import org.springframework.core.annotation.Order;
|
||||||
import org.springframework.security.authentication.AuthenticationManager;
|
import org.springframework.http.MediaType;
|
||||||
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
|
import org.springframework.security.config.Customizer;
|
||||||
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
|
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
||||||
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
|
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
|
||||||
|
import org.springframework.security.core.userdetails.User;
|
||||||
|
import org.springframework.security.core.userdetails.UserDetails;
|
||||||
|
import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
||||||
|
import org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository;
|
||||||
|
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
|
||||||
|
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
|
||||||
|
import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
|
||||||
|
import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer;
|
||||||
|
import org.springframework.security.oauth2.server.authorization.settings.ClientSettings;
|
||||||
|
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||||
|
import org.springframework.security.web.SecurityFilterChain;
|
||||||
|
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
|
||||||
|
import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher;
|
||||||
|
|
||||||
@Configuration
|
@Configuration
|
||||||
@EnableAuthorizationServer
|
@EnableWebSecurity
|
||||||
public class AuthServiceConfig extends AuthorizationServerConfigurerAdapter {
|
public class AuthServiceConfig {
|
||||||
|
|
||||||
@Autowired
|
@Bean
|
||||||
@Qualifier("authenticationManagerBean")
|
public SecurityFilterChain securityFilter(HttpSecurity http) throws Exception {
|
||||||
private AuthenticationManager authenticationManager;
|
http.headers( it -> it.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable))
|
||||||
|
.csrf(AbstractHttpConfigurer::disable);
|
||||||
@Override
|
return http.build();
|
||||||
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
|
|
||||||
oauthServer.tokenKeyAccess("permitAll()")
|
|
||||||
.checkTokenAccess("isAuthenticated()");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Bean
|
||||||
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
|
public InMemoryUserDetailsManager userDetailsService() {
|
||||||
clients.inMemory()
|
UserDetails user = User.withUsername("baeldung")
|
||||||
.withClient("baeldung_api_key")
|
.password("scribejava")
|
||||||
.secret("baeldung_api_secret")
|
.roles("USER")
|
||||||
.authorizedGrantTypes("password","refresh_token")
|
.build();
|
||||||
.scopes("read","write").autoApprove(true);
|
|
||||||
|
return new InMemoryUserDetailsManager(user);
|
||||||
|
}
|
||||||
|
@Bean
|
||||||
|
public RegisteredClientRepository registeredClientRepository() {
|
||||||
|
RegisteredClient oidcClient = RegisteredClient.withId(UUID.randomUUID().toString())
|
||||||
|
.clientId("baeldung_api_key")
|
||||||
|
.clientSecret("baeldung_api_secret")
|
||||||
|
.authorizationGrantType(AuthorizationGrantType.PASSWORD)
|
||||||
|
.authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
|
||||||
|
.scope("read")
|
||||||
|
.scope("write")
|
||||||
|
.clientSettings(ClientSettings.builder().requireAuthorizationConsent(false).build())
|
||||||
|
.build();
|
||||||
|
|
||||||
|
return new InMemoryRegisteredClientRepository(oidcClient);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Bean
|
||||||
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
|
@Order(1)
|
||||||
endpoints
|
public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
|
||||||
.authenticationManager(authenticationManager)
|
OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
|
||||||
.allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST);
|
http.getConfigurer(OAuth2AuthorizationServerConfigurer.class)
|
||||||
|
.oidc(Customizer.withDefaults()); // Enable OpenID Connect 1.0
|
||||||
|
http
|
||||||
|
// Redirect to the login page when not authenticated from the
|
||||||
|
// authorization endpoint
|
||||||
|
.exceptionHandling((exceptions) -> exceptions
|
||||||
|
.defaultAuthenticationEntryPointFor(
|
||||||
|
new LoginUrlAuthenticationEntryPoint("/login"),
|
||||||
|
new MediaTypeRequestMatcher(MediaType.TEXT_HTML)
|
||||||
|
)
|
||||||
|
)
|
||||||
|
// Accept access tokens for User Info and/or Client Registration
|
||||||
|
.oauth2ResourceServer((resourceServer) -> resourceServer
|
||||||
|
.jwt(Customizer.withDefaults()));
|
||||||
|
|
||||||
|
return http.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
@Order(2)
|
||||||
|
public SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http)
|
||||||
|
throws Exception {
|
||||||
|
http
|
||||||
|
.authorizeHttpRequests((authorize) -> authorize
|
||||||
|
.anyRequest().authenticated()
|
||||||
|
)
|
||||||
|
// Form login handles the redirect to the login page from the
|
||||||
|
// authorization server filter chain
|
||||||
|
.formLogin(Customizer.withDefaults());
|
||||||
|
|
||||||
|
return http.build();
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,53 +0,0 @@
|
|||||||
package com.baeldung.scribejava.oauth;
|
|
||||||
|
|
||||||
import org.springframework.context.annotation.Bean;
|
|
||||||
import org.springframework.context.annotation.Configuration;
|
|
||||||
import org.springframework.security.authentication.AuthenticationManager;
|
|
||||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|
||||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
|
||||||
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
|
|
||||||
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
|
|
||||||
|
|
||||||
@Configuration
|
|
||||||
@EnableResourceServer
|
|
||||||
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
|
||||||
|
|
||||||
@Override
|
|
||||||
protected void configure(HttpSecurity http) throws Exception {
|
|
||||||
http
|
|
||||||
.headers().frameOptions().disable()
|
|
||||||
.and()
|
|
||||||
.csrf().disable();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
|
||||||
auth.inMemoryAuthentication()
|
|
||||||
.withUser("baeldung")
|
|
||||||
.password("scribejava")
|
|
||||||
.roles("USER");
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
@Bean
|
|
||||||
public AuthenticationManager authenticationManagerBean() throws Exception {
|
|
||||||
return super.authenticationManagerBean();
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
@EnableResourceServer
|
|
||||||
@Configuration
|
|
||||||
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void configure(HttpSecurity http) throws Exception {
|
|
||||||
http
|
|
||||||
.authorizeRequests()
|
|
||||||
.antMatchers("/user/me").authenticated()
|
|
||||||
.and()
|
|
||||||
.csrf().disable();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
@ -5,7 +5,7 @@ import com.github.scribejava.core.builder.ServiceBuilder;
|
|||||||
import com.github.scribejava.core.oauth.OAuth20Service;
|
import com.github.scribejava.core.oauth.OAuth20Service;
|
||||||
import org.springframework.stereotype.Component;
|
import org.springframework.stereotype.Component;
|
||||||
|
|
||||||
import javax.annotation.PostConstruct;
|
import jakarta.annotation.PostConstruct;
|
||||||
@Component
|
@Component
|
||||||
public class GoogleService {
|
public class GoogleService {
|
||||||
|
|
||||||
|
|||||||
@ -5,7 +5,7 @@ import com.github.scribejava.core.builder.ServiceBuilder;
|
|||||||
import com.github.scribejava.core.oauth.OAuth20Service;
|
import com.github.scribejava.core.oauth.OAuth20Service;
|
||||||
import org.springframework.stereotype.Component;
|
import org.springframework.stereotype.Component;
|
||||||
|
|
||||||
import javax.annotation.PostConstruct;
|
import jakarta.annotation.PostConstruct;
|
||||||
|
|
||||||
@Component
|
@Component
|
||||||
public class MyService {
|
public class MyService {
|
||||||
|
|||||||
@ -5,7 +5,7 @@ import com.github.scribejava.core.builder.ServiceBuilder;
|
|||||||
import com.github.scribejava.core.oauth.OAuth10aService;
|
import com.github.scribejava.core.oauth.OAuth10aService;
|
||||||
import org.springframework.stereotype.Component;
|
import org.springframework.stereotype.Component;
|
||||||
|
|
||||||
import javax.annotation.PostConstruct;
|
import jakarta.annotation.PostConstruct;
|
||||||
|
|
||||||
@Component
|
@Component
|
||||||
public class TwitterService {
|
public class TwitterService {
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user