diff --git a/spring-security-modules/spring-security-web-login/src/main/java/com/baeldung/loginextrafieldscustom/SecurityConfig.java b/spring-security-modules/spring-security-web-login/src/main/java/com/baeldung/loginextrafieldscustom/SecurityConfig.java index d20b7a10dc..fff9ade486 100644 --- a/spring-security-modules/spring-security-web-login/src/main/java/com/baeldung/loginextrafieldscustom/SecurityConfig.java +++ b/spring-security-modules/spring-security-web-login/src/main/java/com/baeldung/loginextrafieldscustom/SecurityConfig.java @@ -3,19 +3,20 @@ package com.baeldung.loginextrafieldscustom; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.PropertySource; +import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; @EnableWebSecurity @PropertySource("classpath:/application-extrafields.properties") -public class SecurityConfig extends WebSecurityConfigurerAdapter { +public class SecurityConfig extends AbstractHttpConfigurer { @Autowired private CustomUserDetailsService userDetailsService; @@ -24,23 +25,36 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { private PasswordEncoder passwordEncoder; @Override - protected void configure(HttpSecurity http) throws Exception { - - http - .addFilterBefore(authenticationFilter(), UsernamePasswordAuthenticationFilter.class) - .authorizeRequests() - .antMatchers("/css/**", "/index").permitAll() - .antMatchers("/user/**").authenticated() - .and() - .formLogin().loginPage("/login") - .and() - .logout() - .logoutUrl("/logout"); + public void configure(HttpSecurity http) throws Exception { + AuthenticationManager authenticationManager = http.getSharedObject(AuthenticationManager.class); + http.addFilterBefore(authenticationFilter(authenticationManager), UsernamePasswordAuthenticationFilter.class); } - public CustomAuthenticationFilter authenticationFilter() throws Exception { + public static SecurityConfig securityConfig() { + return new SecurityConfig(); + } + + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + http.authorizeRequests() + .antMatchers("/css/**", "/index") + .permitAll() + .antMatchers("/user/**") + .authenticated() + .and() + .formLogin() + .loginPage("/login") + .and() + .logout() + .logoutUrl("/logout") + .and() + .apply(securityConfig()); + return http.build(); + } + + public CustomAuthenticationFilter authenticationFilter(AuthenticationManager authenticationManager) throws Exception { CustomAuthenticationFilter filter = new CustomAuthenticationFilter(); - filter.setAuthenticationManager(authenticationManagerBean()); + filter.setAuthenticationManager(authenticationManager); filter.setAuthenticationFailureHandler(failureHandler()); return filter; } diff --git a/spring-security-modules/spring-security-web-login/src/main/java/com/baeldung/loginextrafieldssimple/SecurityConfig.java b/spring-security-modules/spring-security-web-login/src/main/java/com/baeldung/loginextrafieldssimple/SecurityConfig.java index 2989a4bbc6..dbe126b751 100644 --- a/spring-security-modules/spring-security-web-login/src/main/java/com/baeldung/loginextrafieldssimple/SecurityConfig.java +++ b/spring-security-modules/spring-security-web-login/src/main/java/com/baeldung/loginextrafieldssimple/SecurityConfig.java @@ -3,21 +3,22 @@ package com.baeldung.loginextrafieldssimple; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.PropertySource; +import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.authentication.dao.DaoAuthenticationProvider; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.core.userdetails.UserDetailsService; -import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; @EnableWebSecurity @PropertySource("classpath:/application-extrafields.properties") -public class SecurityConfig extends WebSecurityConfigurerAdapter { +public class SecurityConfig extends AbstractHttpConfigurer { @Autowired private UserDetailsService userDetailsService; @@ -26,23 +27,36 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { private PasswordEncoder passwordEncoder; @Override - protected void configure(HttpSecurity http) throws Exception { - - http - .addFilterBefore(authenticationFilter(), UsernamePasswordAuthenticationFilter.class) - .authorizeRequests() - .antMatchers("/css/**", "/index").permitAll() - .antMatchers("/user/**").authenticated() - .and() - .formLogin().loginPage("/login") - .and() - .logout() - .logoutUrl("/logout"); + public void configure(HttpSecurity http) throws Exception { + AuthenticationManager authenticationManager = http.getSharedObject(AuthenticationManager.class); + http.addFilterBefore(authenticationFilter(authenticationManager), UsernamePasswordAuthenticationFilter.class); } - public SimpleAuthenticationFilter authenticationFilter() throws Exception { + public static SecurityConfig securityConfig() { + return new SecurityConfig(); + } + + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + http.authorizeRequests() + .antMatchers("/css/**", "/index") + .permitAll() + .antMatchers("/user/**") + .authenticated() + .and() + .formLogin() + .loginPage("/login") + .and() + .logout() + .logoutUrl("/logout") + .and() + .apply(securityConfig()); + return http.getOrBuild(); + } + + public SimpleAuthenticationFilter authenticationFilter(AuthenticationManager authenticationManager) throws Exception { SimpleAuthenticationFilter filter = new SimpleAuthenticationFilter(); - filter.setAuthenticationManager(authenticationManagerBean()); + filter.setAuthenticationManager(authenticationManager); filter.setAuthenticationFailureHandler(failureHandler()); return filter; } diff --git a/spring-security-modules/spring-security-web-login/src/main/java/com/baeldung/security/config/SecSecurityConfig.java b/spring-security-modules/spring-security-web-login/src/main/java/com/baeldung/security/config/SecSecurityConfig.java index cfdaf7a13e..0a4f8ad4e4 100644 --- a/spring-security-modules/spring-security-web-login/src/main/java/com/baeldung/security/config/SecSecurityConfig.java +++ b/spring-security-modules/spring-security-web-login/src/main/java/com/baeldung/security/config/SecSecurityConfig.java @@ -3,12 +3,14 @@ package com.baeldung.security.config; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Profile; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.provisioning.InMemoryUserDetailsManager; +import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.access.AccessDeniedHandler; import org.springframework.security.web.authentication.AuthenticationFailureHandler; import org.springframework.security.web.authentication.logout.LogoutSuccessHandler; @@ -21,46 +23,54 @@ import com.baeldung.security.CustomLogoutSuccessHandler; // @ImportResource({ "classpath:webSecurityConfig.xml" }) @EnableWebSecurity @Profile("!https") -public class SecSecurityConfig extends WebSecurityConfigurerAdapter { +public class SecSecurityConfig { - @Override - protected void configure(final AuthenticationManagerBuilder auth) throws Exception { - // @formatter:off - auth.inMemoryAuthentication() - .withUser("user1").password(passwordEncoder().encode("user1Pass")).roles("USER") - .and() - .withUser("user2").password(passwordEncoder().encode("user2Pass")).roles("USER") - .and() - .withUser("admin").password(passwordEncoder().encode("adminPass")).roles("ADMIN"); - // @formatter:on + @Bean + public InMemoryUserDetailsManager userDetailsService() { + UserDetails user1 = User.withUsername("user1") + .password(passwordEncoder().encode("user1Pass")) + .roles("USER") + .build(); + UserDetails user2 = User.withUsername("user2") + .password(passwordEncoder().encode("user2Pass")) + .roles("USER") + .build(); + UserDetails admin = User.withUsername("admin") + .password(passwordEncoder().encode("adminPass")) + .roles("ADMIN") + .build(); + return new InMemoryUserDetailsManager(user1, user2, admin); } - @Override - protected void configure(final HttpSecurity http) throws Exception { - // @formatter:off - http - .csrf().disable() - .authorizeRequests() - .antMatchers("/admin/**").hasRole("ADMIN") - .antMatchers("/anonymous*").anonymous() - .antMatchers("/login*").permitAll() - .anyRequest().authenticated() - .and() - .formLogin() - .loginPage("/login.html") - .loginProcessingUrl("/perform_login") - .defaultSuccessUrl("/homepage.html", true) - //.failureUrl("/login.html?error=true") - .failureHandler(authenticationFailureHandler()) - .and() - .logout() - .logoutUrl("/perform_logout") - .deleteCookies("JSESSIONID") - .logoutSuccessHandler(logoutSuccessHandler()); - //.and() - //.exceptionHandling().accessDeniedPage("/accessDenied"); - //.exceptionHandling().accessDeniedHandler(accessDeniedHandler()); - // @formatter:on + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + http.csrf() + .disable() + .authorizeRequests() + .antMatchers("/admin/**") + .hasRole("ADMIN") + .antMatchers("/anonymous*") + .anonymous() + .antMatchers("/login*") + .permitAll() + .anyRequest() + .authenticated() + .and() + .formLogin() + .loginPage("/login.html") + .loginProcessingUrl("/perform_login") + .defaultSuccessUrl("/homepage.html", true) + // .failureUrl("/login.html?error=true") + .failureHandler(authenticationFailureHandler()) + .and() + .logout() + .logoutUrl("/perform_logout") + .deleteCookies("JSESSIONID") + .logoutSuccessHandler(logoutSuccessHandler()); + // .and() + // .exceptionHandling().accessDeniedPage("/accessDenied"); + // .exceptionHandling().accessDeniedHandler(accessDeniedHandler()); + return http.build(); } @Bean diff --git a/spring-security-modules/spring-security-web-login/src/main/java/com/baeldung/spring/ChannelSecSecurityConfig.java b/spring-security-modules/spring-security-web-login/src/main/java/com/baeldung/spring/ChannelSecSecurityConfig.java index 151df18d11..4cf9765b59 100644 --- a/spring-security-modules/spring-security-web-login/src/main/java/com/baeldung/spring/ChannelSecSecurityConfig.java +++ b/spring-security-modules/spring-security-web-login/src/main/java/com/baeldung/spring/ChannelSecSecurityConfig.java @@ -3,10 +3,12 @@ package com.baeldung.spring; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Profile; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.provisioning.InMemoryUserDetailsManager; +import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.logout.LogoutSuccessHandler; import com.baeldung.security.CustomLogoutSuccessHandler; @@ -15,47 +17,54 @@ import com.baeldung.security.CustomLogoutSuccessHandler; // @ImportResource({ "classpath:channelWebSecurityConfig.xml" }) @EnableWebSecurity @Profile("https") -public class ChannelSecSecurityConfig extends WebSecurityConfigurerAdapter { +public class ChannelSecSecurityConfig { - @Override - protected void configure(final AuthenticationManagerBuilder auth) throws Exception { - // @formatter:off - auth.inMemoryAuthentication() - .withUser("user1").password("user1Pass").roles("USER") - .and() - .withUser("user2").password("user2Pass").roles("USER"); - // @formatter:on + @Bean + public InMemoryUserDetailsManager userDetailsService() { + UserDetails user1 = User.withUsername("user1") + .password("user1Pass") + .roles("USER") + .build(); + UserDetails user2 = User.withUsername("user2") + .password("user2Pass") + .roles("USER") + .build(); + return new InMemoryUserDetailsManager(user1, user2); } - @Override - protected void configure(final HttpSecurity http) throws Exception { - // @formatter:off - http - .csrf().disable() - .authorizeRequests() - .antMatchers("/anonymous*").anonymous() - .antMatchers("/login*").permitAll() - .anyRequest().authenticated() - .and() - .requiresChannel() - .antMatchers("/login*", "/perform_login").requiresSecure() - .anyRequest().requiresInsecure() - .and() - .sessionManagement() - .sessionFixation() - .none() - .and() - .formLogin() - .loginPage("/login.html") - .loginProcessingUrl("/perform_login") - .defaultSuccessUrl("/homepage.html",true) - .failureUrl("/login.html?error=true") - .and() - .logout() - .logoutUrl("/perform_logout") - .deleteCookies("JSESSIONID") - .logoutSuccessHandler(logoutSuccessHandler()); - // @formatter:on + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + http.csrf() + .disable() + .authorizeRequests() + .antMatchers("/anonymous*") + .anonymous() + .antMatchers("/login*") + .permitAll() + .anyRequest() + .authenticated() + .and() + .requiresChannel() + .antMatchers("/login*", "/perform_login") + .requiresSecure() + .anyRequest() + .requiresInsecure() + .and() + .sessionManagement() + .sessionFixation() + .none() + .and() + .formLogin() + .loginPage("/login.html") + .loginProcessingUrl("/perform_login") + .defaultSuccessUrl("/homepage.html", true) + .failureUrl("/login.html?error=true") + .and() + .logout() + .logoutUrl("/perform_logout") + .deleteCookies("JSESSIONID") + .logoutSuccessHandler(logoutSuccessHandler()); + return http.build(); } @Bean diff --git a/spring-security-modules/spring-security-web-login/src/main/java/com/baeldung/spring/RedirectionSecurityConfig.java b/spring-security-modules/spring-security-web-login/src/main/java/com/baeldung/spring/RedirectionSecurityConfig.java index b27d999d56..f4ca880aeb 100644 --- a/spring-security-modules/spring-security-web-login/src/main/java/com/baeldung/spring/RedirectionSecurityConfig.java +++ b/spring-security-modules/spring-security-web-login/src/main/java/com/baeldung/spring/RedirectionSecurityConfig.java @@ -1,26 +1,30 @@ package com.baeldung.spring; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.context.annotation.Bean; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.provisioning.InMemoryUserDetailsManager; +import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler; //@Configuration //@ImportResource({ "classpath:RedirectionWebSecurityConfig.xml" }) //@EnableWebSecurity //@Profile("!https") -public class RedirectionSecurityConfig extends WebSecurityConfigurerAdapter { +public class RedirectionSecurityConfig { - @Override - protected void configure(final AuthenticationManagerBuilder auth) throws Exception { - auth.inMemoryAuthentication() - .withUser("user1") + @Bean + public InMemoryUserDetailsManager userDetailsService() { + UserDetails user1 = User.withUsername("user1") .password("user1Pass") - .roles("USER"); + .roles("USER") + .build(); + return new InMemoryUserDetailsManager(user1); } - @Override - protected void configure(final HttpSecurity http) throws Exception { + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/login*") .permitAll() @@ -30,6 +34,7 @@ public class RedirectionSecurityConfig extends WebSecurityConfigurerAdapter { .formLogin() .successHandler(new SavedRequestAwareAuthenticationSuccessHandler()); // .successHandler(new RefererAuthenticationSuccessHandler()) + return http.build(); } }