Use SecurityFilterChain instead of deprecated WebSecurityConfigurerAd…

…apter
qaware · Sep 5, 2022 · 46702e8 · 46702e8
1 parent 282cbf4
commit 46702e8
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 20 deletions.
diff --git a/...ain/java/de/qaware/openapigeneratorforspring/demo/webmvc/SpringSecurityConfiguration.java b/...ain/java/de/qaware/openapigeneratorforspring/demo/webmvc/SpringSecurityConfiguration.java
@@ -1,20 +1,22 @@
 package de.qaware.openapigeneratorforspring.demo.webmvc;
 
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
 
 @Configuration
 @EnableWebSecurity
-public class SpringSecurityConfiguration extends WebSecurityConfigurerAdapter {
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
+public class SpringSecurityConfiguration {
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
         // do nothing else then configuring CSRF
         http
                 .csrf()
                 // it doesn't really matter which CSRF token repository is used
                 .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
+        return http.build();
     }
 }
diff --git a/...qaware/openapigeneratorforspring/test/OpenApiDisabledSpringSecurityTestConfiguration.java b/...qaware/openapigeneratorforspring/test/OpenApiDisabledSpringSecurityTestConfiguration.java
@@ -4,30 +4,26 @@
 import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.web.server.ServerHttpSecurity;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.server.SecurityWebFilterChain;
 
 /**
  * Disables Spring Security by default, which is activated because some
  * tests focus on CSRF support and thus Spring Security Basic Auth kicks in.
  */
 public class OpenApiDisabledSpringSecurityTestConfiguration {
-    @Bean
     @ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
-    public WebSecurityConfigurerAdapter webSecurityConfigurerAdapter() {
-        return new WebSecurityConfigurerAdapter() {
-            @Override
-            protected void configure(HttpSecurity http) throws Exception {
-                // do nothing, this disables all security for tests by default
-            }
-        };
+    @ConditionalOnMissingBean
+    @Bean
+    public SecurityFilterChain noWebMvcSecurityFilterChain(HttpSecurity http) throws Exception {
+        return http.build();
     }
 
-    @Bean
     @ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.REACTIVE)
     @ConditionalOnMissingBean
-    public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
+    @Bean
+    public SecurityWebFilterChain noWebFluxSecurityFilterChain(ServerHttpSecurity http) {
         // do nothing, this disables all security for tests by default
         return http.build();
     }

diff --git a/...java/de/qaware/openapigeneratorforspring/test/app39/App39SpringSecurityConfiguration.java b/...java/de/qaware/openapigeneratorforspring/test/app39/App39SpringSecurityConfiguration.java
@@ -1,16 +1,17 @@
 package de.qaware.openapigeneratorforspring.test.app39;
 
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.Ordered;
 import org.springframework.core.annotation.Order;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.SecurityFilterChain;
 
 @Configuration
 @Order(Ordered.HIGHEST_PRECEDENCE)
-class App39SpringSecurityConfiguration extends WebSecurityConfigurerAdapter {
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        http.csrf().disable();
+class App39SpringSecurityConfiguration {
+    @Bean
+    public SecurityFilterChain noWebMvcSecurityFilterChain(HttpSecurity http) throws Exception {
+        return http.csrf().disable().build();
     }
 }