Due to a migration to Spring security 6 and the WebSecurityConfigurerAdapter deprecation I need to adapt the security conf below, buit not sure if I am going in the correct way.
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Inject
private UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService)
.passwordEncoder(new BCryptPasswordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/v1/**", "/v2/**", "/swagger-ui/**", "/api-docs/**").permitAll()
.antMatchers("/v3/polls/**").authenticated()
.and()
.httpBasic()
.realmName("Quick Poll")
.and()
.csrf()
.disable();
}
}
I tried so far this below but not sure it is correct:
@Configuration
public class SecurityConfig {
@Bean
public PasswordEncoder encoder() {
return new BCryptPasswordEncoder();
}
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
return authenticationConfiguration.getAuthenticationManager();
}
}
>Solution :
The remaining step is to replace WebSecurityConfigurerAdapter#configure with a SecurityFilterChain bean.
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
return http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeHttpRequests().requestMatchers("/v1/**", "/v2/**", "/swagger-ui/**", "/api-docs/**")
.permitAll().requestMatchers("/v3/polls/**").authenticated().and().httpBasic().realmName("Quick Poll")
.and().csrf().disable().build();
}