From 46702e8f6f771952b9eac78575afb6e03fd8903c Mon Sep 17 00:00:00 2001 From: Andreas Grub Date: Mon, 5 Sep 2022 08:38:05 +0200 Subject: [PATCH] Use SecurityFilterChain instead of deprecated WebSecurityConfigurerAdapter --- .../webmvc/SpringSecurityConfiguration.java | 10 ++++++---- ...isabledSpringSecurityTestConfiguration.java | 18 +++++++----------- .../App39SpringSecurityConfiguration.java | 11 ++++++----- 3 files changed, 19 insertions(+), 20 deletions(-) diff --git a/demo/openapi-generator-for-spring-demo-webmvc/src/main/java/de/qaware/openapigeneratorforspring/demo/webmvc/SpringSecurityConfiguration.java b/demo/openapi-generator-for-spring-demo-webmvc/src/main/java/de/qaware/openapigeneratorforspring/demo/webmvc/SpringSecurityConfiguration.java index 9afcb5b5..20680fee 100644 --- a/demo/openapi-generator-for-spring-demo-webmvc/src/main/java/de/qaware/openapigeneratorforspring/demo/webmvc/SpringSecurityConfiguration.java +++ b/demo/openapi-generator-for-spring-demo-webmvc/src/main/java/de/qaware/openapigeneratorforspring/demo/webmvc/SpringSecurityConfiguration.java @@ -1,20 +1,22 @@ package de.qaware.openapigeneratorforspring.demo.webmvc; +import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.csrf.CookieCsrfTokenRepository; @Configuration @EnableWebSecurity -public class SpringSecurityConfiguration extends WebSecurityConfigurerAdapter { - @Override - protected void configure(HttpSecurity http) throws Exception { +public class SpringSecurityConfiguration { + @Bean + public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { // do nothing else then configuring CSRF http .csrf() // it doesn't really matter which CSRF token repository is used .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()); + return http.build(); } } diff --git a/openapi-generator-for-spring-test/src/test/java/de/qaware/openapigeneratorforspring/test/OpenApiDisabledSpringSecurityTestConfiguration.java b/openapi-generator-for-spring-test/src/test/java/de/qaware/openapigeneratorforspring/test/OpenApiDisabledSpringSecurityTestConfiguration.java index 52b69c7b..456ea24b 100644 --- a/openapi-generator-for-spring-test/src/test/java/de/qaware/openapigeneratorforspring/test/OpenApiDisabledSpringSecurityTestConfiguration.java +++ b/openapi-generator-for-spring-test/src/test/java/de/qaware/openapigeneratorforspring/test/OpenApiDisabledSpringSecurityTestConfiguration.java @@ -4,8 +4,8 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication; import org.springframework.context.annotation.Bean; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.web.server.ServerHttpSecurity; +import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.server.SecurityWebFilterChain; /** @@ -13,21 +13,17 @@ * tests focus on CSRF support and thus Spring Security Basic Auth kicks in. */ public class OpenApiDisabledSpringSecurityTestConfiguration { - @Bean @ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET) - public WebSecurityConfigurerAdapter webSecurityConfigurerAdapter() { - return new WebSecurityConfigurerAdapter() { - @Override - protected void configure(HttpSecurity http) throws Exception { - // do nothing, this disables all security for tests by default - } - }; + @ConditionalOnMissingBean + @Bean + public SecurityFilterChain noWebMvcSecurityFilterChain(HttpSecurity http) throws Exception { + return http.build(); } - @Bean @ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.REACTIVE) @ConditionalOnMissingBean - public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) { + @Bean + public SecurityWebFilterChain noWebFluxSecurityFilterChain(ServerHttpSecurity http) { // do nothing, this disables all security for tests by default return http.build(); } diff --git a/openapi-generator-for-spring-test/src/test/java/de/qaware/openapigeneratorforspring/test/app39/App39SpringSecurityConfiguration.java b/openapi-generator-for-spring-test/src/test/java/de/qaware/openapigeneratorforspring/test/app39/App39SpringSecurityConfiguration.java index 5866ea6c..9cb9a1c6 100644 --- a/openapi-generator-for-spring-test/src/test/java/de/qaware/openapigeneratorforspring/test/app39/App39SpringSecurityConfiguration.java +++ b/openapi-generator-for-spring-test/src/test/java/de/qaware/openapigeneratorforspring/test/app39/App39SpringSecurityConfiguration.java @@ -1,16 +1,17 @@ package de.qaware.openapigeneratorforspring.test.app39; +import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.Ordered; import org.springframework.core.annotation.Order; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.web.SecurityFilterChain; @Configuration @Order(Ordered.HIGHEST_PRECEDENCE) -class App39SpringSecurityConfiguration extends WebSecurityConfigurerAdapter { - @Override - protected void configure(HttpSecurity http) throws Exception { - http.csrf().disable(); +class App39SpringSecurityConfiguration { + @Bean + public SecurityFilterChain noWebMvcSecurityFilterChain(HttpSecurity http) throws Exception { + return http.csrf().disable().build(); } }