Vivi Adelia
Reputation: 41
How to transform deprecated WebSecurityConfigurerAdapter to SecurityFilterChain?
I'm working on a project and my problem is the WebSecurityConfigurerAdapter. It's doesn't work. It's say "The type WebSecurityConfigurerAdapter is deprecated" How to transform deprecated WebSecurityConfigurerAdapter to SecurityFilterChain? Can you help me please? I don't know what to do
Here is my WebSecurityConfig class :
package com.projectuas.controller;
import com.projectuas.service.UserDetailsServiceImpl;
import org.springframework.context.annotation.*;
import org.springframework.security.authentication.dao.*;
import org.springframework.security.config.annotation.authentication.builders.*;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.*;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public UserDetailsService userDetailsService() {
return new UserDetailsServiceImpl();
}
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public DaoAuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
authProvider.setUserDetailsService(userDetailsService());
authProvider.setPasswordEncoder(passwordEncoder());
return authProvider;
}
@Overide
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(authenticationProvider());
}
@Overide
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/").hasAnyAuthority("USER", "ADMIN")
.antMatchers("/new").hasAnyAuthority("ADMIN")
.antMatchers("/edit/**").hasAnyAuthority("ADMIN")
.antMatchers("/delete/**").hasAuthority("ADMIN")
.anyRequest().authenticated()
.and()
.formLogin().permitAll()
.and()
.logout().permitAll()
.and()
.exceptionHandling().accessDeniedPage("/403")
;
}
}
Upvotes: 4
Views: 10193
Answers (1)
Ruchira Nawarathna
Reputation: 1507
When using WebSecurityConfigurerAdapter we need to override following methods.
@Override
protected void configure(HttpSecurity http) throws Exception {
// http security configuration
}
@Override
public void configure(WebSecurity web) throws Exception {
// web security configuration
}
If we want to do this without using WebSecurityConfigurerAdapter we should replace them by registering these beans.
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
}
@Bean
public WebSecurityCustomizer webSecurityCustomizer() {
}
Example
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig {
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
return authenticationConfiguration.getAuthenticationManager();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public AuthenticationManager authManager(HttpSecurity http, PasswordEncoder passwordEncoder, UserDetailsService userDetailService)
throws Exception {
return http.getSharedObject(AuthenticationManagerBuilder.class)
.userDetailsService(userDetailService)
.passwordEncoder(passwordEncoder)
.and()
.build();
}
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/").hasAnyAuthority("USER", "ADMIN")
.antMatchers("/new").hasAnyAuthority("ADMIN")
.antMatchers("/edit/**").hasAnyAuthority("ADMIN")
.antMatchers("/delete/**").hasAuthority("ADMIN")
.anyRequest().authenticated()
.and()
.formLogin().permitAll()
.and()
.logout().permitAll()
.and()
.exceptionHandling().accessDeniedPage("/403")
;
return http.build();
}
@Bean
public WebSecurityCustomizer webSecurityCustomizer() {
return (web) -> web.ignoring().antMatchers("/images/**", "/js/**", "/webjars/**");
}
}
Upvotes: 2
Related Questions
- Upgrading the deprecated WebSecurityConfigurerAdapter in Spring Boot 2.7.0
- How do i re-write this after WebSecurityConfigurerAdapter has been deprecated
- Can't use WebSecurityConfigurerAdapter in a custom spring boot starter
- Deprecate WebSecurityConfigurerAdapter and move to SecurityFilterChain
- spring boot 2.7 websecurityconfigureradapter deprecated
- How to update deprecated WebSecurityConfigurerAdapter with userDetailsService in Spring Boot 2.7
- Migrating from WebSecurityConfigurerAdapter to SecurityFilterChain
- Spring get instance of AuthenticationManager complicated since WebSecurityConfigurerAdapter deprecated
- How to migrate deprecated WebSecurityConfigurerAdapter to SecurityFilterChain?
- WebSecurityConfigurerAdapter with custom authentication filter - dependency issue