1.0.2: Remove usage of deprecated WebSecurityConfigurerAdapter

naturalprogrammer · naturalprogrammer · commit b58472bd879f · 2022-07-01T12:58:18.000+05:30
diff --git a/spring-lemon-commons-web/src/main/java/com/naturalprogrammer/spring/lemon/commonsweb/LemonCommonsWebAutoConfiguration.java b/spring-lemon-commons-web/src/main/java/com/naturalprogrammer/spring/lemon/commonsweb/LemonCommonsWebAutoConfiguration.java
@@ -19,7 +19,6 @@
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.naturalprogrammer.spring.lemon.commons.LemonCommonsAutoConfiguration;
 import com.naturalprogrammer.spring.lemon.commons.LemonProperties;
-import com.naturalprogrammer.spring.lemon.commons.exceptions.handlers.BadCredentialsExceptionHandler;
 import com.naturalprogrammer.spring.lemon.commonsweb.exceptions.DefaultExceptionHandlerControllerAdvice;
 import com.naturalprogrammer.spring.lemon.commonsweb.exceptions.LemonErrorAttributes;
 import com.naturalprogrammer.spring.lemon.commonsweb.exceptions.LemonErrorController;
@@ -32,6 +31,7 @@
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.boot.autoconfigure.AutoConfigureBefore;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
@@ -50,6 +50,8 @@
 import org.springframework.data.web.config.EnableSpringDataWebSupport;
 import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.web.cors.CorsConfigurationSource;
 
 import java.io.Serializable;
@@ -107,9 +109,9 @@ public MappingJackson2HttpMessageConverter mappingJackson2HttpMessageConverter(
 	public <T extends Throwable>
 	DefaultExceptionHandlerControllerAdvice<T> defaultExceptionHandlerControllerAdvice(
     		ErrorResponseComposer<T> errorResponseComposer) {
-		
-        log.info("Configuring DefaultExceptionHandlerControllerAdvice");       
-		return new DefaultExceptionHandlerControllerAdvice<T>(errorResponseComposer);
+
+		log.info("Configuring DefaultExceptionHandlerControllerAdvice");
+		return new DefaultExceptionHandlerControllerAdvice<>(errorResponseComposer);
 	}
 	
 	/**
@@ -120,8 +122,8 @@ DefaultExceptionHandlerControllerAdvice<T> defaultExceptionHandlerControllerAdvi
 	public <T extends Throwable>
 	ErrorAttributes errorAttributes(ErrorResponseComposer<T> errorResponseComposer) {
 		
-        log.info("Configuring LemonErrorAttributes");       
-		return new LemonErrorAttributes<T>(errorResponseComposer);
+        log.info("Configuring LemonErrorAttributes");
+		return new LemonErrorAttributes<>(errorResponseComposer);
 	}
 	
 	/**
@@ -148,16 +150,16 @@ public LemonCorsConfigurationSource corsConfigurationSource(LemonProperties prop
         log.info("Configuring LemonCorsConfigurationSource");       
 		return new LemonCorsConfigurationSource(properties);		
 	}
-	
+
 	/**
 	 * Configures LemonSecurityConfig if missing
 	 */
 	@Bean
-	@ConditionalOnMissingBean(LemonWebSecurityConfig.class)	
-	public LemonWebSecurityConfig lemonSecurityConfig() {
-		
-        log.info("Configuring LemonWebSecurityConfig");       
-		return new LemonWebSecurityConfig();
+	@ConditionalOnBean(LemonWebSecurityConfig.class)
+	public SecurityFilterChain lemonSecurityFilterChain(HttpSecurity http, LemonWebSecurityConfig securityConfig) throws Exception {
+
+		log.info("Configuring lemonSecurityFilterChain");
+		return securityConfig.configure(http).build();
 	}
 	
 	/**
@@ -167,9 +169,9 @@ public LemonWebSecurityConfig lemonSecurityConfig() {
 	@ConditionalOnMissingBean(AuditorAware.class)
 	public <ID extends Serializable>
 	AuditorAware<ID> auditorAware() {
-		
-        log.info("Configuring LemonAuditorAware");       
-		return new LemonWebAuditorAware<ID>();
+
+		log.info("Configuring LemonAuditorAware");
+		return new LemonWebAuditorAware<>();
 	}
 
 	/**
diff --git a/spring-lemon-commons-web/src/main/java/com/naturalprogrammer/spring/lemon/commonsweb/security/LemonWebSecurityConfig.java b/spring-lemon-commons-web/src/main/java/com/naturalprogrammer/spring/lemon/commonsweb/security/LemonWebSecurityConfig.java
@@ -21,7 +21,6 @@
 import org.apache.commons.logging.LogFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.authentication.Http403ForbiddenEntryPoint;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@@ -30,28 +29,27 @@
  * Security configuration class. Extend it in the
  * application, and make a configuration class. Override
  * protected methods, if you need any customization.
- * 
+ *
  * @author Sanjay Patel
  */
-public class LemonWebSecurityConfig extends WebSecurityConfigurerAdapter {
-	
+public class LemonWebSecurityConfig {
+
 	private static final Log log = LogFactory.getLog(LemonWebSecurityConfig.class);
 
 	protected BlueTokenService blueTokenService;
-	
+
 	@Autowired
 	public void createLemonWebSecurityConfig(BlueTokenService blueTokenService) {
 
-		this.blueTokenService = blueTokenService;		
+		this.blueTokenService = blueTokenService;
 		log.info("Created");
 	}
 
 	/**
 	 * Security configuration, calling protected methods
 	 */
-	@Override
-	protected void configure(HttpSecurity http) throws Exception {
-		
+	public HttpSecurity configure(HttpSecurity http) throws Exception {
+
 		sessionCreationPolicy(http); // set session creation policy
 		logout(http); // logout related configuration
 		exceptionHandling(http); // exception handling
@@ -60,6 +58,7 @@ protected void configure(HttpSecurity http) throws Exception {
 		cors(http); // CORS configuration
 		authorizeRequests(http); // authorize requests
 		otherConfigurations(http); // override this to add more configurations
+		return http;
 	}
 
 	
@@ -135,18 +134,18 @@ protected void cors(HttpSecurity http) throws Exception {
 	 */
 	protected void authorizeRequests(HttpSecurity http) throws Exception {
 		http.authorizeRequests()
-			.mvcMatchers("/**").permitAll();                  
+			.mvcMatchers("/**").permitAll();
 	}
-	
+
 
 	/**
 	 * Override this to add more http configurations,
 	 * such as more authentication methods.
-	 * 
+	 *
 	 * @param http
 	 * @throws Exception
 	 */
-	protected void otherConfigurations(HttpSecurity http)  throws Exception {
-
+	protected void otherConfigurations(HttpSecurity http) {
+		// Override this method to provide other configurations
 	}
 }
diff --git a/spring-lemon-jpa/src/main/java/com/naturalprogrammer/spring/lemon/security/LemonJpaSecurityConfig.java b/spring-lemon-jpa/src/main/java/com/naturalprogrammer/spring/lemon/security/LemonJpaSecurityConfig.java
@@ -67,12 +67,13 @@ public void createLemonSecurityConfig(LemonProperties properties, LemonUserDetai
 	 * Security configuration, calling protected methods
 	 */
 	@Override
-	protected void configure(HttpSecurity http) throws Exception {
-		
+	public HttpSecurity configure(HttpSecurity http) throws Exception {
+
 		super.configure(http);
 		login(http); // authentication
 		exceptionHandling(http); // exception handling
 		oauth2Client(http);
+		return http;
 	}
 
 	
@@ -99,11 +100,11 @@ protected void login(HttpSecurity http) throws Exception {
         	.failureHandler(new SimpleUrlAuthenticationFailureHandler());
 	}
 
-	
+
 	/**
 	 * Override this to change login URL
-	 * 
-	 * @return
+	 *
+	 * @return String
 	 */
 	protected String loginPage() {
 		
