Merge pull request #15303 from GaetanoPiazzolla/java-27655-websecurity

Java-27655 | Removing deprecated WebSecurityConfigurerAdapter

apache-httpclient4/src/main/java/com/baeldung/filter/CustomWebSecurityConfigurerAdapter.java

@@ -7,14 +7,14 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
 
 @Configuration
 @EnableWebSecurity
-public class CustomWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
+public class CustomWebSecurityConfigurerAdapter {
 
     @Autowired private RestAuthenticationEntryPoint authenticationEntryPoint;
 
@@ -27,8 +27,8 @@ public class CustomWebSecurityConfigurerAdapter extends WebSecurityConfigurerAda
           .authorities("ROLE_USER");
     }
 
-    @Override
+    @Bean
-    protected void configure(HttpSecurity http) throws Exception {
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
           .authorizeRequests()
           .antMatchers("/securityNone")
@@ -40,6 +40,8 @@ public class CustomWebSecurityConfigurerAdapter extends WebSecurityConfigurerAda
           .authenticationEntryPoint(authenticationEntryPoint);
 
         http.addFilterAfter(new CustomFilter(), BasicAuthenticationFilter.class);
+
+        return http.build();
     }
     
     @Bean

jmeter/src/main/java/com/baeldung/configuration/WebSecurityConfiguration.java

@@ -1,46 +1,36 @@
 package com.baeldung.configuration;
 
+import java.util.HashSet;
+import java.util.Set;
+
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.crypto.factory.PasswordEncoderFactories;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
 
 @Configuration
-public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
+public class WebSecurityConfiguration {
-
-    @Override
-    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 
+    @Bean
+    public InMemoryUserDetailsManager userDetailsService() {
         PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
 
-        auth.inMemoryAuthentication()
+        Set<UserDetails> users = new HashSet<>();
-          .withUser("admin").password(encoder.encode("admin")).roles("USER", "ADMIN")
+        users.add(User.withUsername("admin").password(encoder.encode("admin")).roles("USER", "ADMIN").build());
-          .and()
+        for(int i=1;i<=10;i++){
-          .withUser("user1").password(encoder.encode("password1")).roles("USER")
+            users.add(User.withUsername("user"+i).password(encoder.encode("password")+i).roles("USER").build());
-          .and()
-          .withUser("user2").password(encoder.encode("password2")).roles("USER")
-          .and()
-          .withUser("user3").password(encoder.encode("password3")).roles("USER")
-          .and()
-          .withUser("user4").password(encoder.encode("password4")).roles("USER")
-          .and()
-          .withUser("user5").password(encoder.encode("password5")).roles("USER")
-          .and()
-          .withUser("user6").password(encoder.encode("password6")).roles("USER")
-          .and()
-          .withUser("user7").password(encoder.encode("password7")).roles("USER")
-          .and()
-          .withUser("user8").password(encoder.encode("password8")).roles("USER")
-          .and()
-          .withUser("user9").password(encoder.encode("password9")).roles("USER")
-          .and()
-          .withUser("user10").password(encoder.encode("password10")).roles("USER");
         }
 
-    @Override
+        return new InMemoryUserDetailsManager(users);
-    protected void configure(HttpSecurity http) throws Exception {
+    }
+
+    @Bean
+    public SecurityFilterChain securityFilter(HttpSecurity http) throws Exception {
 
         http
           .authorizeRequests()
@@ -48,5 +38,7 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
           .anyRequest().permitAll()
           .and()
           .httpBasic();
+
+        return http.build();
     }    
 }

security-modules/jjwt/src/main/java/io/jsonwebtoken/jjwtfun/config/WebSecurityConfig.java

@@ -4,9 +4,11 @@ import io.jsonwebtoken.JwtException;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.jjwtfun.service.SecretService;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.csrf.CsrfFilter;
 import org.springframework.security.web.csrf.CsrfToken;
 import org.springframework.security.web.csrf.CsrfTokenRepository;
@@ -21,19 +23,19 @@ import java.io.IOException;
 import java.util.Arrays;
 
 @Configuration
-public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+public class WebSecurityConfig {
 
     @Autowired
-    CsrfTokenRepository jwtCsrfTokenRepository;
+    private CsrfTokenRepository jwtCsrfTokenRepository;
 
     @Autowired
-    SecretService secretService;
+    private SecretService secretService;
 
     // ordered so we can use binary search below
-    private String[] ignoreCsrfAntMatchers = { "/dynamic-builder-compress", "/dynamic-builder-general", "/dynamic-builder-specific", "/set-secrets" };
+    private final String[] ignoreCsrfAntMatchers = { "/dynamic-builder-compress", "/dynamic-builder-general", "/dynamic-builder-specific", "/set-secrets" };
 
-    @Override
+    @Bean
-    protected void configure(HttpSecurity http) throws Exception {
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http.addFilterAfter(new JwtCsrfValidatorFilter(), CsrfFilter.class)
             .csrf()
             .csrfTokenRepository(jwtCsrfTokenRepository)
@@ -42,6 +44,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
             .authorizeRequests()
             .antMatchers("/**")
             .permitAll();
+
+        return http.build();
     }
 
     private class JwtCsrfValidatorFilter extends OncePerRequestFilter {