From 53ee685b6c319e4ebe4e14ce6a9c3ec1bca1af93 Mon Sep 17 00:00:00 2001 From: earlspilner Date: Tue, 6 Aug 2024 14:46:29 +0300 Subject: [PATCH] fix: security configuration updated for 6.3.x version --- .../security/BasicAuthenticationConfig.java | 24 ++++++++----------- .../security/DisableSecurityConfig.java | 6 ++--- 2 files changed, 13 insertions(+), 17 deletions(-) diff --git a/src/main/java/org/springframework/samples/petclinic/security/BasicAuthenticationConfig.java b/src/main/java/org/springframework/samples/petclinic/security/BasicAuthenticationConfig.java index 2d2e6aeda..ffd73283b 100644 --- a/src/main/java/org/springframework/samples/petclinic/security/BasicAuthenticationConfig.java +++ b/src/main/java/org/springframework/samples/petclinic/security/BasicAuthenticationConfig.java @@ -1,23 +1,22 @@ package org.springframework.samples.petclinic.security; -import javax.sql.DataSource; - import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; -import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; +import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.crypto.factory.PasswordEncoderFactories; -import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.web.SecurityFilterChain; +import javax.sql.DataSource; + @Configuration -@EnableGlobalMethodSecurity(prePostEnabled = true) // Enable @PreAuthorize method-level security +@EnableMethodSecurity(prePostEnabled = true) // Enable @PreAuthorize method-level security @ConditionalOnProperty(name = "petclinic.security.enable", havingValue = "true") -public class BasicAuthenticationConfig { +public class BasicAuthenticationConfig { @Autowired private DataSource dataSource; @@ -26,13 +25,10 @@ public class BasicAuthenticationConfig { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { // @formatter:off http + .csrf(AbstractHttpConfigurer::disable) .authorizeHttpRequests((authz) -> authz - .anyRequest().authenticated() - ) - .httpBasic() - .and() - .csrf() - .disable(); + .anyRequest().authenticated()) + .httpBasic(Customizer.withDefaults()); // @formatter:on return http.build(); } diff --git a/src/main/java/org/springframework/samples/petclinic/security/DisableSecurityConfig.java b/src/main/java/org/springframework/samples/petclinic/security/DisableSecurityConfig.java index 6de93b6ed..2075fcbe4 100644 --- a/src/main/java/org/springframework/samples/petclinic/security/DisableSecurityConfig.java +++ b/src/main/java/org/springframework/samples/petclinic/security/DisableSecurityConfig.java @@ -4,6 +4,7 @@ import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.web.SecurityFilterChain; /** @@ -18,11 +19,10 @@ public class DisableSecurityConfig { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { // @formatter:off http + .csrf(AbstractHttpConfigurer::disable) .authorizeHttpRequests((authz) -> authz .anyRequest().permitAll() - ) - .csrf() - .disable(); + ); // @formatter:on return http.build(); }