Merge pull request #15303 from GaetanoPiazzolla/java-27655-websecurity
Java-27655 | Removing deprecated WebSecurityConfigurerAdapter
This commit is contained in:
Alvin Austria
GitHub
commit
fbc88e5388
|
|
@ -7,14 +7,14 @@ import org.springframework.context.annotation.Configuration;
|
|||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class CustomWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
|
||||
public class CustomWebSecurityConfigurerAdapter {
|
||||
|
||||
@Autowired private RestAuthenticationEntryPoint authenticationEntryPoint;
|
||||
|
||||
|
|
@ -27,8 +27,8 @@ public class CustomWebSecurityConfigurerAdapter extends WebSecurityConfigurerAda
|
|||
.authorities("ROLE_USER");
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeRequests()
|
||||
.antMatchers("/securityNone")
|
||||
|
|
@ -40,6 +40,8 @@ public class CustomWebSecurityConfigurerAdapter extends WebSecurityConfigurerAda
|
|||
.authenticationEntryPoint(authenticationEntryPoint);
|
||||
|
||||
http.addFilterAfter(new CustomFilter(), BasicAuthenticationFilter.class);
|
||||
|
||||
return http.build();
|
||||
}
|
||||
|
||||
@Bean
|
||||
|
|
|
|||
|
|
@ -1,52 +1,44 @@
|
|||
package com.baeldung.configuration;
|
||||
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
@Configuration
|
||||
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
|
||||
public class WebSecurityConfiguration {
|
||||
|
||||
@Override
|
||||
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
||||
|
||||
@Bean
|
||||
public InMemoryUserDetailsManager userDetailsService() {
|
||||
PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
|
||||
|
||||
auth.inMemoryAuthentication()
|
||||
.withUser("admin").password(encoder.encode("admin")).roles("USER", "ADMIN")
|
||||
.and()
|
||||
.withUser("user1").password(encoder.encode("password1")).roles("USER")
|
||||
.and()
|
||||
.withUser("user2").password(encoder.encode("password2")).roles("USER")
|
||||
.and()
|
||||
.withUser("user3").password(encoder.encode("password3")).roles("USER")
|
||||
.and()
|
||||
.withUser("user4").password(encoder.encode("password4")).roles("USER")
|
||||
.and()
|
||||
.withUser("user5").password(encoder.encode("password5")).roles("USER")
|
||||
.and()
|
||||
.withUser("user6").password(encoder.encode("password6")).roles("USER")
|
||||
.and()
|
||||
.withUser("user7").password(encoder.encode("password7")).roles("USER")
|
||||
.and()
|
||||
.withUser("user8").password(encoder.encode("password8")).roles("USER")
|
||||
.and()
|
||||
.withUser("user9").password(encoder.encode("password9")).roles("USER")
|
||||
.and()
|
||||
.withUser("user10").password(encoder.encode("password10")).roles("USER");
|
||||
|
||||
Set<UserDetails> users = new HashSet<>();
|
||||
users.add(User.withUsername("admin").password(encoder.encode("admin")).roles("USER", "ADMIN").build());
|
||||
for(int i=1;i<=10;i++){
|
||||
users.add(User.withUsername("user"+i).password(encoder.encode("password")+i).roles("USER").build());
|
||||
}
|
||||
|
||||
return new InMemoryUserDetailsManager(users);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
|
||||
@Bean
|
||||
public SecurityFilterChain securityFilter(HttpSecurity http) throws Exception {
|
||||
|
||||
http
|
||||
.authorizeRequests()
|
||||
.antMatchers("/secured/**").authenticated()
|
||||
.anyRequest().permitAll()
|
||||
.and()
|
||||
.httpBasic();
|
||||
|
||||
return http.build();
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4,9 +4,11 @@ import io.jsonwebtoken.JwtException;
|
|||
import io.jsonwebtoken.Jwts;
|
||||
import io.jsonwebtoken.jjwtfun.service.SecretService;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.csrf.CsrfFilter;
|
||||
import org.springframework.security.web.csrf.CsrfToken;
|
||||
import org.springframework.security.web.csrf.CsrfTokenRepository;
|
||||
|
|
@ -21,19 +23,19 @@ import java.io.IOException;
|
|||
import java.util.Arrays;
|
||||
|
||||
@Configuration
|
||||
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
public class WebSecurityConfig {
|
||||
|
||||
@Autowired
|
||||
CsrfTokenRepository jwtCsrfTokenRepository;
|
||||
private CsrfTokenRepository jwtCsrfTokenRepository;
|
||||
|
||||
@Autowired
|
||||
SecretService secretService;
|
||||
private SecretService secretService;
|
||||
|
||||
// ordered so we can use binary search below
|
||||
private String[] ignoreCsrfAntMatchers = { "/dynamic-builder-compress", "/dynamic-builder-general", "/dynamic-builder-specific", "/set-secrets" };
|
||||
private final String[] ignoreCsrfAntMatchers = { "/dynamic-builder-compress", "/dynamic-builder-general", "/dynamic-builder-specific", "/set-secrets" };
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http.addFilterAfter(new JwtCsrfValidatorFilter(), CsrfFilter.class)
|
||||
.csrf()
|
||||
.csrfTokenRepository(jwtCsrfTokenRepository)
|
||||
|
|
@ -42,6 +44,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
.authorizeRequests()
|
||||
.antMatchers("/**")
|
||||
.permitAll();
|
||||
|
||||
return http.build();
|
||||
}
|
||||
|
||||
private class JwtCsrfValidatorFilter extends OncePerRequestFilter {
|
||||
|
|
|
|||
Loading…
Reference in New Issue