Grigory Kislin
Reputation: 18030
How to update deprecated WebSecurityConfigurerAdapter with userDetailsService in Spring Boot 2.7
WebSecurityConfigurerAdapter in Spring 2.7 is depricated. How should I update this class:
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
private final UserRepository userRepository;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(
email -> {
log.debug("Authenticating '{}'", email);
Optional<User> optionalUser = userRepository.findByEmailIgnoreCase(email);
return new AuthUser(optionalUser.orElseThrow(
() -> new UsernameNotFoundException("User '" + email + "' was not found")));
}
).passwordEncoder(PasswordEncoderFactories.createDelegatingPasswordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()....
}
}
Upvotes: 3
Views: 2758
Answers (3)
Oleh Tatsiun
Reputation: 939
https://spring.io/blog/2022/02/21/spring-security-without-the-websecurityconfigureradapter
@Configuration
public class SecurityConfiguration {
@Bean
public InMemoryUserDetailsManager userDetailsService() {
UserDetails user = User.withDefaultPasswordEncoder()
.username("user")
.password("password")
.roles("USER")
.build();
return new InMemoryUserDetailsManager(user);
}
}
Upvotes: 0
jplayin
Reputation: 11
// spring boot 2.7.0 + changes with spring security
@Configuration
public class SecurityConfiguration {
@Bean
UserDetailsService userDetailsService() {
return new MyUserDetailsService(); // to be created
}
@Bean
BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
DaoAuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
authProvider.setUserDetailsService(userDetailsService());
authProvider.setPasswordEncoder(passwordEncoder());
return authProvider;
}
@Bean
SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authenticationProvider(authenticationProvider());
http.authorizeRequests()...;
http.authorizeRequests().and().rememberMe().userDetailsService(userDetailsService()); // important
http.authorizeRequests()...;
return http.build();
}
}
Upvotes: 0
Grigory Kislin
Reputation: 18030
According Spring Security without the WebSecurityConfigurerAdapter it could be updated:
public class SecurityConfiguration {
private final UserRepository userRepository;
@Bean
public PasswordEncoder passwordEncoder() {
return PasswordEncoderFactories.createDelegatingPasswordEncoder();
}
@Bean
public UserDetailsService userDetailsService() {
return email -> {
log.debug("Authenticating '{}'", email);
Optional<User> optionalUser = userRepository.findByEmailIgnoreCase(email);
return new AuthUser(optionalUser.orElseThrow(
() -> new UsernameNotFoundException("User '" + email + "' was not found")));
};
}
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeRequests()...;
return http.build();
}
}
Upvotes: 3
Related Questions
- Upgrading the deprecated WebSecurityConfigurerAdapter in Spring Boot 2.7.0
- How do i re-write this after WebSecurityConfigurerAdapter has been deprecated
- extends WebSecurityConfigurerAdapter Cannot be resolved
- spring boot 2.7 websecurityconfigureradapter deprecated
- Spring Security: Error while upgrading the deprecated WebSecurityConfigurerAdapter in Spring Boot 2.7.2
- How to migrate deprecated WebSecurityConfigurerAdapter to SecurityFilterChain?
- SpringBoot UserDetailsService loadUserByUsername Method Never Called with custom WebSecurityConfigurerAdapter
- How to define a custom UserDetailsService with WebSecurityConfigurerAdapter?
- Spring WebMvcSecurityConfiguration is Deprecated
- Spring security UserDetailsService configuration