You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@streampipes.apache.org by ri...@apache.org on 2023/01/02 16:27:36 UTC
[streampipes] branch SP-1015 created (now 9cbc3cbfb)
This is an automated email from the ASF dual-hosted git repository.
riemer pushed a change to branch SP-1015
in repository https://gitbox.apache.org/repos/asf/streampipes.git
at 9cbc3cbfb Bump Spring versions, migrate Spring Security classes (#1015)
This branch includes the following new commits:
new 9cbc3cbfb Bump Spring versions, migrate Spring Security classes (#1015)
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[streampipes] 01/01: Bump Spring versions, migrate Spring Security classes (#1015)
Posted by ri...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
riemer pushed a commit to branch SP-1015
in repository https://gitbox.apache.org/repos/asf/streampipes.git
commit 9cbc3cbfb4958a0605f666f2c75c760760cb5512
Author: Dominik Riemer <do...@gmail.com>
AuthorDate: Mon Jan 2 17:27:01 2023 +0100
Bump Spring versions, migrate Spring Security classes (#1015)
---
pom.xml | 6 +++---
.../streampipes/service/core/WebSecurityConfig.java | 20 +++++++++++---------
.../extensions/security/WebSecurityConfig.java | 14 ++++++++------
3 files changed, 22 insertions(+), 18 deletions(-)
diff --git a/pom.xml b/pom.xml
index 929fd3780..46f096a93 100644
--- a/pom.xml
+++ b/pom.xml
@@ -109,9 +109,9 @@
<slf4j.version>1.7.30</slf4j.version>
<snakeyaml.version>1.26</snakeyaml.version>
<snappy-java.version>1.1.7.7</snappy-java.version>
- <spring.version>5.3.20</spring.version>
- <spring-boot.version>2.6.7</spring-boot.version>
- <spring-security.version>5.6.9</spring-security.version>
+ <spring.version>5.3.24</spring.version>
+ <spring-boot.version>2.7.7</spring-boot.version>
+ <spring-security.version>5.8.1</spring-security.version>
<swagger.version>2.1.12</swagger.version>
<type-parser.version>0.7.0</type-parser.version>
<underscore.version>1.47</underscore.version>
diff --git a/streampipes-service-core/src/main/java/org/apache/streampipes/service/core/WebSecurityConfig.java b/streampipes-service-core/src/main/java/org/apache/streampipes/service/core/WebSecurityConfig.java
index 140796b59..f4d0faf37 100644
--- a/streampipes-service-core/src/main/java/org/apache/streampipes/service/core/WebSecurityConfig.java
+++ b/streampipes-service-core/src/main/java/org/apache/streampipes/service/core/WebSecurityConfig.java
@@ -28,18 +28,19 @@ import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.BeanIds;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
-public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+public class WebSecurityConfig {
private final UserDetailsService userDetailsService;
private final StreamPipesPasswordEncoder passwordEncoder;
@@ -54,8 +55,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
auth.userDetailsService(userDetailsService).passwordEncoder(this.passwordEncoder.passwordEncoder());
}
- @Override
- protected void configure(HttpSecurity http) throws Exception {
+ @Bean
+ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.cors()
@@ -73,21 +74,22 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
.anyRequest()
.authenticated().and()
.addFilterBefore(tokenAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
+
+ return http.build();
}
public TokenAuthenticationFilter tokenAuthenticationFilter() {
return new TokenAuthenticationFilter();
}
- @Override
+ @Bean(BeanIds.USER_DETAILS_SERVICE)
public UserDetailsService userDetailsService() {
return userDetailsService;
}
- @Bean(BeanIds.AUTHENTICATION_MANAGER)
- @Override
- public AuthenticationManager authenticationManagerBean() throws Exception {
- return super.authenticationManagerBean();
+ @Bean
+ public AuthenticationManager authenticationManager(AuthenticationConfiguration authConfig) throws Exception {
+ return authConfig.getAuthenticationManager();
}
}
diff --git a/streampipes-service-extensions/src/main/java/org/apache/streampipes/service/extensions/security/WebSecurityConfig.java b/streampipes-service-extensions/src/main/java/org/apache/streampipes/service/extensions/security/WebSecurityConfig.java
index 340223719..52eec07b8 100644
--- a/streampipes-service-extensions/src/main/java/org/apache/streampipes/service/extensions/security/WebSecurityConfig.java
+++ b/streampipes-service-extensions/src/main/java/org/apache/streampipes/service/extensions/security/WebSecurityConfig.java
@@ -24,22 +24,23 @@ import org.apache.streampipes.service.base.security.UnauthorizedRequestEntryPoin
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
-public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+public class WebSecurityConfig {
- private static final Logger LOG = LoggerFactory.getLogger(WebSecurityConfigurerAdapter.class);
+ private static final Logger LOG = LoggerFactory.getLogger(WebSecurityConfig.class);
public WebSecurityConfig() {
@@ -50,8 +51,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
auth.userDetailsService(userDetailsService());
}
- @Override
- protected void configure(HttpSecurity http) throws Exception {
+ @Bean
+ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
if (isAnonymousAccess()) {
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
@@ -74,6 +75,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
.anyRequest().authenticated().and()
.addFilterBefore(tokenAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
}
+
+ return http.build();
}
private boolean isAnonymousAccess() {
@@ -97,7 +100,6 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
return new TokenAuthenticationFilter();
}
- @Override
public UserDetailsService userDetailsService() {
return username -> null;
}