16
16
import org .springframework .core .env .Environment ;
17
17
import org .springframework .security .authentication .AuthenticationProvider ;
18
18
import org .springframework .security .authentication .dao .DaoAuthenticationProvider ;
19
+ import org .springframework .security .config .Customizer ;
19
20
import org .springframework .security .config .annotation .web .builders .HttpSecurity ;
20
21
import org .springframework .security .config .annotation .web .configuration .EnableWebSecurity ;
22
+ import org .springframework .security .config .annotation .web .configurers .AbstractHttpConfigurer ;
21
23
import org .springframework .security .core .userdetails .User ;
22
24
import org .springframework .security .core .userdetails .UserDetails ;
23
25
import org .springframework .security .core .userdetails .UserDetailsService ;
@@ -88,19 +90,26 @@ public AuthenticationTokenFilter authenticationTokenFilter() {
88
90
public SecurityFilterChain filterChain (HttpSecurity security , TokenGateway tokenGateway , SecurityLoginHandler loginHandler ,
89
91
CodingApiSecurityProperties properties , AuthenticationTokenFilter authenticationTokenFilter ) throws Exception {
90
92
//disable basic auth
91
- security .httpBasic (). disable ( );
93
+ security .httpBasic (AbstractHttpConfigurer :: disable );
92
94
93
95
//before add addCorsMappings to enable cors.
94
- security .cors ();
95
- if (properties .isDisableCsrf ()) {
96
- security .csrf ().disable ();
97
- }
98
- security .apply (new HttpSecurityConfigurer (tokenGateway , loginHandler , properties , authenticationTokenFilter ));
99
- security
100
- .exceptionHandling ()
101
- .authenticationEntryPoint (new MyUnAuthenticationEntryPoint ())
102
- .accessDeniedHandler (new MyAccessDeniedHandler ())
103
- .and ()
96
+ security .cors (httpSecurityCorsConfigurer -> {
97
+ if (properties .isDisableCors ()) {
98
+ httpSecurityCorsConfigurer .disable ();
99
+ }
100
+ });
101
+
102
+ security .csrf (httpSecurityCsrfConfigurer -> {
103
+ if (properties .isDisableCsrf ()) {
104
+ httpSecurityCsrfConfigurer .disable ();
105
+ }
106
+ });
107
+
108
+
109
+ security .with (new HttpSecurityConfigurer (tokenGateway , loginHandler , properties , authenticationTokenFilter ), Customizer .withDefaults ());
110
+ security .exceptionHandling (httpSecurityExceptionHandlingConfigurer ->
111
+ httpSecurityExceptionHandlingConfigurer .authenticationEntryPoint (new MyUnAuthenticationEntryPoint ())
112
+ .accessDeniedHandler (new MyAccessDeniedHandler ()))
104
113
.authorizeHttpRequests (
105
114
registry -> {
106
115
registry .requestMatchers (properties .getIgnoreUrls ()).permitAll ()
@@ -109,15 +118,13 @@ public SecurityFilterChain filterChain(HttpSecurity security, TokenGateway token
109
118
}
110
119
)
111
120
//default login url :/login
112
- .formLogin ()
113
- .loginProcessingUrl (properties .getLoginProcessingUrl ())
114
- .permitAll ()
115
- .and ()
121
+ .formLogin (httpSecurityFormLoginConfigurer ->
122
+ httpSecurityFormLoginConfigurer .loginPage (properties .getLoginProcessingUrl ())
123
+ )
116
124
//default logout url :/logout
117
- .logout ()
118
- .logoutUrl (properties .getLogoutUrl ())
119
- .addLogoutHandler (new MyLogoutHandler ())
120
- .logoutSuccessHandler (new MyLogoutSuccessHandler ());
125
+ .logout (httpSecurityLogoutConfigurer -> httpSecurityLogoutConfigurer .logoutUrl (properties .getLogoutUrl ())
126
+ .addLogoutHandler (new MyLogoutHandler ())
127
+ .logoutSuccessHandler (new MyLogoutSuccessHandler ()));
121
128
122
129
return security .build ();
123
130
}
0 commit comments