Upgrade to Spring Security 5.0.0.BUILD-SNAPSHOT

Following some changes in the latest snapshot this includes:
- Some updates to oauth2 client auto-config
- Security auto-config no longer relies on GlobalAuthenticationConfigurerAdapter
- Remove reactive security starter

Closes gh-10704
This commit is contained in:
Madhura Bhave
2017-10-19 15:14:58 -07:00
parent eb446d07d9
commit 8600bd7294
19 changed files with 52 additions and 147 deletions

View File

@@ -18,19 +18,21 @@ package sample.security.method;
import java.util.Date;
import java.util.Map;
import java.util.UUID;
import org.springframework.boot.actuate.autoconfigure.security.EndpointRequest;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.builder.SpringApplicationBuilder;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configurers.GlobalAuthenticationConfigurerAdapter;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
@@ -67,14 +69,14 @@ public class SampleMethodSecurityApplication implements WebMvcConfigurer {
@Order(Ordered.HIGHEST_PRECEDENCE)
@Configuration
protected static class AuthenticationSecurity
extends GlobalAuthenticationConfigurerAdapter {
protected static class AuthenticationSecurity {
@Override
public void init(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("admin").password("admin")
.roles("ADMIN", "USER", "ACTUATOR").and().withUser("user")
.password("user").roles("USER");
@Bean
public InMemoryUserDetailsManager inMemoryUserDetailsManager() throws Exception {
String password = UUID.randomUUID().toString();
return new InMemoryUserDetailsManager(
User.withUsername("admin").password("admin").roles("ADMIN", "USER", "ACTUATOR").build(),
User.withUsername("user").password("user").roles("USER").build());
}
}