|
|
@@ -1,5 +1,5 @@
|
|
|
/*
|
|
|
- * Copyright 2002-2020 the original author or authors.
|
|
|
+ * Copyright 2002-2022 the original author or authors.
|
|
|
*
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
@@ -26,48 +26,56 @@ import org.springframework.context.annotation.Configuration;
|
|
|
import org.springframework.context.annotation.Import;
|
|
|
import org.springframework.security.config.annotation.authentication.configuration.EnableGlobalAuthentication;
|
|
|
import org.springframework.security.config.annotation.web.WebSecurityConfigurer;
|
|
|
+import org.springframework.security.web.SecurityFilterChain;
|
|
|
|
|
|
/**
|
|
|
* Add this annotation to an {@code @Configuration} class to have the Spring Security
|
|
|
- * configuration defined in any {@link WebSecurityConfigurer} or more likely by extending
|
|
|
- * the {@link WebSecurityConfigurerAdapter} base class and overriding individual methods:
|
|
|
+ * configuration defined in any {@link WebSecurityConfigurer} or more likely by exposing a
|
|
|
+ * {@link SecurityFilterChain} bean:
|
|
|
*
|
|
|
* <pre class="code">
|
|
|
* @Configuration
|
|
|
* @EnableWebSecurity
|
|
|
- * public class MyWebSecurityConfiguration extends WebSecurityConfigurerAdapter {
|
|
|
+ * public class MyWebSecurityConfiguration {
|
|
|
*
|
|
|
- * @Override
|
|
|
- * public void configure(WebSecurity web) throws Exception {
|
|
|
- * web.ignoring()
|
|
|
+ * @Bean
|
|
|
+ * public WebSecurityCustomizer webSecurityCustomizer() {
|
|
|
+ * return (web) -> web.ignoring()
|
|
|
* // Spring Security should completely ignore URLs starting with /resources/
|
|
|
* .antMatchers("/resources/**");
|
|
|
* }
|
|
|
*
|
|
|
- * @Override
|
|
|
- * protected void configure(HttpSecurity http) throws Exception {
|
|
|
+ * @Bean
|
|
|
+ * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
|
|
* http.authorizeRequests().antMatchers("/public/**").permitAll().anyRequest()
|
|
|
* .hasRole("USER").and()
|
|
|
* // Possibly more configuration ...
|
|
|
* .formLogin() // enable form based log in
|
|
|
* // set permitAll for all URLs associated with Form Login
|
|
|
* .permitAll();
|
|
|
+ * return http.build();
|
|
|
* }
|
|
|
*
|
|
|
- * @Override
|
|
|
- * protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
|
|
- * auth
|
|
|
- * // enable in memory based authentication with a user named "user" and "admin"
|
|
|
- * .inMemoryAuthentication().withUser("user").password("password").roles("USER")
|
|
|
- * .and().withUser("admin").password("password").roles("USER", "ADMIN");
|
|
|
+ * @Bean
|
|
|
+ * public UserDetailsService userDetailsService() {
|
|
|
+ * UserDetails user = User.withDefaultPasswordEncoder()
|
|
|
+ * .username("user")
|
|
|
+ * .password("password")
|
|
|
+ * .roles("USER")
|
|
|
+ * .build();
|
|
|
+ * UserDetails admin = User.withDefaultPasswordEncoder()
|
|
|
+ * .username("admin")
|
|
|
+ * .password("password")
|
|
|
+ * .roles("ADMIN", "USER")
|
|
|
+ * .build();
|
|
|
+ * return new InMemoryUserDetailsManager(user, admin);
|
|
|
* }
|
|
|
*
|
|
|
- * // Possibly more overridden methods ...
|
|
|
+ * // Possibly more bean methods ...
|
|
|
* }
|
|
|
* </pre>
|
|
|
*
|
|
|
* @see WebSecurityConfigurer
|
|
|
- * @see WebSecurityConfigurerAdapter
|
|
|
*
|
|
|
* @author Rob Winch
|
|
|
* @since 3.2
|
Steve Riesenberg