Skip to content

Commit

Permalink
fix: security configuration updated for 6.3.x version
Browse files Browse the repository at this point in the history
  • Loading branch information
thisdudkin committed Aug 6, 2024
1 parent d01b91b commit 53ee685
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 17 deletions.
Original file line number Diff line number Diff line change
@@ -1,23 +1,22 @@
package org.springframework.samples.petclinic.security;

import javax.sql.DataSource;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.web.SecurityFilterChain;

import javax.sql.DataSource;

@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true) // Enable @PreAuthorize method-level security
@EnableMethodSecurity(prePostEnabled = true) // Enable @PreAuthorize method-level security
@ConditionalOnProperty(name = "petclinic.security.enable", havingValue = "true")
public class BasicAuthenticationConfig {
public class BasicAuthenticationConfig {

@Autowired
private DataSource dataSource;
Expand All @@ -26,13 +25,10 @@ public class BasicAuthenticationConfig {
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
// @formatter:off
http
.csrf(AbstractHttpConfigurer::disable)
.authorizeHttpRequests((authz) -> authz
.anyRequest().authenticated()
)
.httpBasic()
.and()
.csrf()
.disable();
.anyRequest().authenticated())
.httpBasic(Customizer.withDefaults());
// @formatter:on
return http.build();
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.web.SecurityFilterChain;

/**
Expand All @@ -18,11 +19,10 @@ public class DisableSecurityConfig {
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
// @formatter:off
http
.csrf(AbstractHttpConfigurer::disable)
.authorizeHttpRequests((authz) -> authz
.anyRequest().permitAll()
)
.csrf()
.disable();
);
// @formatter:on
return http.build();
}
Expand Down

0 comments on commit 53ee685

Please sign in to comment.