Scribd
Upload
38 views

JWT new Spring Security Baeldung-1

Uploaded by

Sofy Torres
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
38 views

JWT new Spring Security Baeldung-1

Uploaded by

Sofy Torres
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

RSS feeds

WebSecurityConfigurerAdapter

HttpSecurity#authorizeHttpRequests

HttpSecurity#authorizeHttpRequests
Spring Security without the WebSecurityConfigurerAdapter https://spring.io/blog/2022/02/21/spring-security-without-the-websecuri...

HttpSecurity

SecurityFilterChain

WebSecurityConfigurerAdapter

COPY
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAda

@Override
protected void configure(HttpSecurity http)
http
.authorizeHttpRequests((authz) -> authz
.anyRequest().authenticated()
)
.httpBasic(withDefaults());
}

SecurityFilterChain

COPY
@Configuration
public class SecurityConfiguration {

@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throw
http
.authorizeHttpRequests((authz) -> authz
.anyRequest().authenticated()
)
.httpBasic(withDefaults());
return http.build();

2 de 32 7/18/2023, 2:25 p. m.
Spring Security without the WebSecurityConfigurerAdapter https://spring.io/blog/2022/02/21/spring-security-without-the-websecuri...

WebSecurityCustomizer

WebSecurityCustomizer

WebSecurity

WebSecurityConfigurerAdapter

/ignore1 /ignore2

COPY
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAda

@Override
public void configure(WebSecurity web) {
web.ignoring().antMatchers("/ignore1", "/ignore2"
}

WebSecurityCustomizer

COPY
@Configuration
public class SecurityConfiguration {

@Bean
public WebSecurityCustomizer webSecurityCustomizer
return (web) -> web.ignoring().antMatchers(
}

3 de 32 7/18/2023, 2:25 p. m.
Spring Security without the WebSecurityConfigurerAdapter https://spring.io/blog/2022/02/21/spring-security-without-the-websecuri...

WebSecurity

permitAll

configure

EmbeddedLdapServerContextSourceFactoryBean

LdapBindAuthenticationManagerFactory

LdapPasswordComparisonAuthenticationManagerFactory

AuthenticationManager

WebSecurityConfigurerAdapter

AuthenticationManager

@Configuration COPY

public class SecurityConfiguration extends WebSecurityConfigurerAda

@Override
protected void configure(AuthenticationManagerBuilder auth)
auth
.ldapAuthentication()
.userDetailsContextMapper(new PersonContextMapper())
.userDnPatterns("uid={0},ou=people")
.contextSource()
.port(0);
}

4 de 32 7/18/2023, 2:25 p. m.
Spring Security without the WebSecurityConfigurerAdapter https://spring.io/blog/2022/02/21/spring-security-without-the-websecuri...

@Configuration COPY

public class SecurityConfiguration {


@Bean
public EmbeddedLdapServerContextSourceFactoryBean
EmbeddedLdapServerContextSourceFactoryBean contextSourceFac
EmbeddedLdapServerContextSourceFactoryBean.fromEmbedded
contextSourceFactoryBean.setPort(0);
return contextSourceFactoryBean;
}

@Bean
AuthenticationManager ldapAuthenticationManager
BaseLdapPathContextSource contextSource)
LdapBindAuthenticationManagerFactory factory =
new LdapBindAuthenticationManagerFactory(contextSource)
factory.setUserDnPatterns("uid={0},ou=people"
factory.setUserDetailsContextMapper(new PersonContextMapper
return factory.createAuthenticationManager();
}
}

WebSecurityConfigurerAdapter

DataSource

COPY
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAda
@Bean
public DataSource dataSource() {
return new EmbeddedDatabaseBuilder()
.setType(EmbeddedDatabaseType.H2)
.build();
}

5 de 32 7/18/2023, 2:25 p. m.
Spring Security without the WebSecurityConfigurerAdapter https://spring.io/blog/2022/02/21/spring-security-without-the-websecuri...

@Override
protected void configure(AuthenticationManagerBuilder auth)
UserDetails user = User.withDefaultPasswordEncoder()
.username("user")
.password("password")
.roles("USER")
.build();
auth.jdbcAuthentication()
.withDefaultSchema()
.dataSource(dataSource())
.withUser(user);
}
}

JdbcUserDetailsManager

COPY
@Configuration
public class SecurityConfiguration {
@Bean
public DataSource dataSource() {
return new EmbeddedDatabaseBuilder()
.setType(EmbeddedDatabaseType.H2)
.addScript(JdbcDaoImpl.DEFAULT_USER_SCHEMA_DDL_LOCATION
.build();
}

@Bean
public UserDetailsManager users(DataSource dataSource)
UserDetails user = User.withDefaultPasswordEncoder()
.username("user")
.password("password")
.roles("USER")
.build();
JdbcUserDetailsManager users = new JdbcUserDetailsManager(d
users.createUser(user);

6 de 32 7/18/2023, 2:25 p. m.
Spring Security without the WebSecurityConfigurerAdapter https://spring.io/blog/2022/02/21/spring-security-without-the-websecuri...

return users;
}
}

User.withDefaultPasswordEncoder()

WebSecurityConfigurerAdapter

COPY
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAda
@Override
protected void configure(AuthenticationManagerBuilder auth)
UserDetails user = User.withDefaultPasswordEncoder()
.username("user")
.password("password")
.roles("USER")
.build();
auth.inMemoryAuthentication()
.withUser(user);
}
}

InMemoryUserDetailsManager

COPY
@Configuration
public class SecurityConfiguration {

7 de 32 7/18/2023, 2:25 p. m.
Spring Security without the WebSecurityConfigurerAdapter https://spring.io/blog/2022/02/21/spring-security-without-the-websecuri...

@Bean
public InMemoryUserDetailsManager userDetailsService
UserDetails user = User.withDefaultPasswordEncoder()
.username("user")
.password("password")
.roles("USER")
.build();
return new InMemoryUserDetailsManager(user);
}
}

User.withDefaultPasswordEncoder()

AuthenticationManager

AuthenticationManager @Bean

AuthenticationManager

SecurityFilterChain

AuthenticationManager

8 de 32 7/18/2023, 2:25 p. m.
Spring Security without the WebSecurityConfigurerAdapter https://spring.io/blog/2022/02/21/spring-security-without-the-websecuri...

COPY
@Configuration
public class SecurityConfiguration {

@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throw
http
.authorizeHttpRequests((authz) -> authz
.anyRequest().authenticated()
)
.httpBasic(withDefaults())
.authenticationManager(new CustomAuthenticationManager
return http.build();
}

AuthenticationManager

HttpSecurity.authorizeRequests()

COPY
public class MyCustomDsl extends AbstractHttpConfigurer
@Override
public void configure(HttpSecurity http) throws
AuthenticationManager authenticationManager = http.getShare
http.addFilter(new CustomFilter(authenticationManager));
}

public static MyCustomDsl customDsl() {


return new MyCustomDsl();
}
}

9 de 32 7/18/2023, 2:25 p. m.
Spring Security without the WebSecurityConfigurerAdapter https://spring.io/blog/2022/02/21/spring-security-without-the-websecuri...

SecurityFilterChain

COPY
@Bean
public SecurityFilterChain filterChain(HttpSecurity http)
// ...
http.apply(customDsl());
return http.build();
}

10 de 32 7/18/2023, 2:25 p. m.

You might also like