github/quartz-manager
1
0
Fork 0
mirror of https://github.com/fabioformosa/quartz-manager.git synced 2026-05-14 22:00:30 +09:00
Code Issues Packages Projects Releases Wiki Activity

#75 removed the deprecated WebSecurityConfigurerAdapter

Browse Source
This commit is contained in:
Fabio Formosa
2022-10-15 15:38:44 +02:00
parent c725871a4e
commit bda37213f8
2 changed files with 46 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
quartz-manager-parent/quartz-manager-starter-security/src/main/java/it/fabioformosa/quartzmanager/api/security/WebSecurityConfigJWT.java
View File

@@ -8,10 +8,13 @@ import it.fabioformosa.quartzmanager.api.security.properties.InMemoryAccountProp
import it.fabioformosa.quartzmanager.api.security.properties.JwtSecurityProperties; import it.fabioformosa.quartzmanager.api.security.properties.JwtSecurityProperties;
import org.apache.commons.lang3.BooleanUtils; import org.apache.commons.lang3.BooleanUtils;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value; import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpMethod; import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus; import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationManager;
@@ -37,12 +40,12 @@ import java.util.ArrayList;
import java.util.List; import java.util.List;
import java.util.stream.Collectors; import java.util.stream.Collectors;
import static it.fabioformosa.quartzmanager.api.common.config.QuartzManagerPaths.QUARTZ_MANAGER_LOGIN_PATH; import static it.fabioformosa.quartzmanager.api.common.config.QuartzManagerPaths.*;
import static it.fabioformosa.quartzmanager.api.common.config.QuartzManagerPaths.QUARTZ_MANAGER_LOGOUT_PATH;
/** /**
* @author Fabio.Formosa * @author Fabio.Formosa
*/ */
@ComponentScan(basePackages = {"it.fabioformosa.quartzmanager.security"}) @ComponentScan(basePackages = {"it.fabioformosa.quartzmanager.security"})
@Configuration @Configuration
@EnableWebSecurity @EnableWebSecurity
@@ -87,7 +90,7 @@ public class WebSecurityConfigJWT {
// .build(); // .build();
// } // }
@Bean @Bean(name = "quartzManagerInMemoryAuthentication")
public InMemoryUserDetailsManager configureInMemoryAuthentication() throws Exception { public InMemoryUserDetailsManager configureInMemoryAuthentication() throws Exception {
List<UserDetails> users = new ArrayList<>(); List<UserDetails> users = new ArrayList<>();
if (inMemoryAccountProps.isEnabled() && inMemoryAccountProps.getUsers() != null && !inMemoryAccountProps.getUsers().isEmpty()) { if (inMemoryAccountProps.isEnabled() && inMemoryAccountProps.getUsers() != null && !inMemoryAccountProps.getUsers().isEmpty()) {
@@ -101,9 +104,10 @@ public class WebSecurityConfigJWT {
return new InMemoryUserDetailsManager(users); return new InMemoryUserDetailsManager(users);
} }
@Bean @Order(Ordered.HIGHEST_PRECEDENCE)
public SecurityFilterChain filterChain(HttpSecurity http, InMemoryUserDetailsManager userDetailsService, AuthenticationManager authenticationManager) throws Exception { @Bean(name = "quartzManagerFilterChain")
http.csrf().disable() // public SecurityFilterChain filterChain(HttpSecurity http, @Qualifier("quartzManagerInMemoryAuthentication") InMemoryUserDetailsManager userDetailsService, AuthenticationManager authenticationManager) throws Exception {
http.antMatcher(QUARTZ_MANAGER_BASE_CONTEXT_PATH + "/**").csrf().disable() //
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() // .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() //
.exceptionHandling().authenticationEntryPoint(restAuthEntryPoint()).and() // .exceptionHandling().authenticationEntryPoint(restAuthEntryPoint()).and() //
.addFilterBefore(jwtAuthenticationTokenFilter(userDetailsService), BasicAuthenticationFilter.class) // .addFilterBefore(jwtAuthenticationTokenFilter(userDetailsService), BasicAuthenticationFilter.class) //
@@ -112,20 +116,23 @@ public class WebSecurityConfigJWT {
QuartzManagerHttpSecurity.from(http).withLoginConfigurer(loginConfigurer(), logoutConfigurer()) // QuartzManagerHttpSecurity.from(http).withLoginConfigurer(loginConfigurer(), logoutConfigurer()) //
.login(QUARTZ_MANAGER_LOGIN_PATH, authenticationManager).logout(QUARTZ_MANAGER_LOGOUT_PATH); .login(QUARTZ_MANAGER_LOGIN_PATH, authenticationManager).logout(QUARTZ_MANAGER_LOGOUT_PATH);
http.authorizeRequests().anyRequest().authenticated(); http.authorizeRequests()
.antMatchers(HttpMethod.GET, QUARTZ_MANAGER_BASE_CONTEXT_PATH + "/**").authenticated()
.antMatchers(HttpMethod.POST, QUARTZ_MANAGER_BASE_CONTEXT_PATH + "/**").authenticated();
return http.build(); return http.build();
} }
@Bean @Bean(name = "quartzManagerWebSecurityCustomizer")
public WebSecurityCustomizer webSecurityCustomizer() { public WebSecurityCustomizer webSecurityCustomizer() {
return (web) -> return (web) ->
web.ignoring()// web.ignoring()//
.antMatchers(HttpMethod.GET, PATTERNS_SWAGGER_UI) // .antMatchers(HttpMethod.GET, PATTERNS_SWAGGER_UI) //
.antMatchers(HttpMethod.GET, QuartzManagerPaths.WEBJAR_PATH + "/**")
.antMatchers(HttpMethod.GET, QuartzManagerPaths.WEBJAR_PATH + "/css/**", QuartzManagerPaths.WEBJAR_PATH + "/js/**", QuartzManagerPaths.WEBJAR_PATH + "/img/**", QuartzManagerPaths.WEBJAR_PATH + "/lib/**", QuartzManagerPaths.WEBJAR_PATH + "/assets/**"); .antMatchers(HttpMethod.GET, QuartzManagerPaths.WEBJAR_PATH + "/css/**", QuartzManagerPaths.WEBJAR_PATH + "/js/**", QuartzManagerPaths.WEBJAR_PATH + "/img/**", QuartzManagerPaths.WEBJAR_PATH + "/lib/**", QuartzManagerPaths.WEBJAR_PATH + "/assets/**");
} }
@Bean @Bean(name = "quartzManagerCorsConfigurationSource")
CorsConfigurationSource corsConfigurationSource() { CorsConfigurationSource corsConfigurationSource() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", new CorsConfiguration().applyPermitDefaultValues()); source.registerCorsConfiguration("/**", new CorsConfiguration().applyPermitDefaultValues());
@@ -140,7 +147,7 @@ public class WebSecurityConfigJWT {
return loginConfigurer; return loginConfigurer;
} }
@Bean @Bean(name = "quartzManagerJwtAuthenticationSuccessHandler")
public JwtAuthenticationSuccessHandler jwtAuthenticationSuccessHandler() { public JwtAuthenticationSuccessHandler jwtAuthenticationSuccessHandler() {
JwtTokenHelper jwtTokenHelper = jwtTokenHelper(); JwtTokenHelper jwtTokenHelper = jwtTokenHelper();
JwtAuthenticationSuccessHandler jwtAuthenticationSuccessHandler = new JwtAuthenticationSuccessHandlerImpl(contextPath, jwtSecurityProps, jwtTokenHelper, objectMapper); JwtAuthenticationSuccessHandler jwtAuthenticationSuccessHandler = new JwtAuthenticationSuccessHandlerImpl(contextPath, jwtSecurityProps, jwtTokenHelper, objectMapper);
@@ -152,7 +159,7 @@ public class WebSecurityConfigJWT {
return new JwtTokenAuthenticationFilter(jwtTokenHelper(), userDetailsService); return new JwtTokenAuthenticationFilter(jwtTokenHelper(), userDetailsService);
} }
@Bean @Bean(name = "quartzManagerJwtTokenHelper")
public JwtTokenHelper jwtTokenHelper() { public JwtTokenHelper jwtTokenHelper() {
return new JwtTokenHelper(appName, jwtSecurityProps); return new JwtTokenHelper(appName, jwtSecurityProps);
} }
@@ -169,7 +176,7 @@ public class WebSecurityConfigJWT {
return new LogoutSuccess(objectMapper); return new LogoutSuccess(objectMapper);
} }
@Bean @Bean(name = "quartzManagerRestAuthEntryPoint")
public AuthenticationEntryPoint restAuthEntryPoint() { public AuthenticationEntryPoint restAuthEntryPoint() {
return new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED); return new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED);
} }

27
quartz-manager-parent/quartz-manager-web-showcase/src/main/java/it/fabioformosa/SecurityConfig.java Normal file
View File

@@ -0,0 +1,27 @@
package it.fabioformosa;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
@Configuration
public class SecurityConfig {
@Order(SecurityProperties.BASIC_AUTH_ORDER)
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.csrf().disable()
.authorizeRequests()
.anyRequest()
.authenticated().and()
.httpBasic();
return http.build();
}
}