[ISSUE #11586]Remove deprecated api of spring security (#11587)

* remove deprecated config * style fix
alibaba · Jan 5, 2024 · 97104b2 · 97104b2
1 parent 6b0636d
commit 97104b2
Show file tree

Hide file tree

Showing 3 changed files with 63 additions and 48 deletions.
diff --git a/...ss/src/main/java/com/alibaba/nacos/address/config/AddressServerSecurityConfiguration.java b/...ss/src/main/java/com/alibaba/nacos/address/config/AddressServerSecurityConfiguration.java
@@ -16,22 +16,26 @@
 
 package com.alibaba.nacos.address.config;
 
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.annotation.Order;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.SecurityFilterChain;
 
 /**
  * nacos web security configuration.
+ *
  * @author onewe
  */
 @Configuration
-@Order(99)
-public class AddressServerSecurityConfiguration extends WebSecurityConfigurerAdapter {
+public class AddressServerSecurityConfiguration {
 
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        http.authorizeHttpRequests(requestMatcherRegistry -> requestMatcherRegistry.mvcMatchers("/nacos/v1/as/**").authenticated())
-                .csrf().disable().httpBasic();
+    @Bean
+    @Order(99)
+    public SecurityFilterChain addressServerSecurityFilterChain(HttpSecurity http) throws Exception {
+        http.authorizeHttpRequests(
+                requestMatcherRegistry -> requestMatcherRegistry.mvcMatchers("/nacos/v1/as/**").authenticated()).csrf()
+                .disable().httpBasic();
+        return http.build();
     }
 }
diff --git a/...default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/NacosAuthConfig.java b/...default-auth-plugin/src/main/java/com/alibaba/nacos/plugin/auth/impl/NacosAuthConfig.java
@@ -28,20 +28,23 @@
 import com.alibaba.nacos.plugin.auth.impl.roles.NacosRoleServiceImpl;
 import com.alibaba.nacos.plugin.auth.impl.token.TokenManagerDelegate;
 import com.alibaba.nacos.plugin.auth.impl.users.NacosUserDetailsServiceImpl;
+import com.alibaba.nacos.sys.utils.ApplicationUtils;
 import org.springframework.beans.factory.ObjectProvider;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Primary;
 import org.springframework.core.env.Environment;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.BeanIds;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
+import org.springframework.security.config.annotation.authentication.configuration.GlobalAuthenticationConfigurerAdapter;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.builders.WebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.web.cors.CorsUtils;
 
@@ -53,7 +56,7 @@
  * @author Nacos
  */
 @EnableGlobalMethodSecurity(prePostEnabled = true)
-public class NacosAuthConfig extends WebSecurityConfigurerAdapter {
+public class NacosAuthConfig {
 
     private static final String SECURITY_IGNORE_URLS_SPILT_CHAR = ",";
 
@@ -100,42 +103,48 @@ public void init() {
     }
 
     @Bean(name = BeanIds.AUTHENTICATION_MANAGER)
-    @Override
     public AuthenticationManager authenticationManagerBean() throws Exception {
-        return super.authenticationManagerBean();
+        AuthenticationConfiguration authenticationConfiguration = ApplicationUtils.getBean(
+                AuthenticationConfiguration.class);
+        return authenticationConfiguration.getAuthenticationManager();
     }
 
-    @Override
-    public void configure(WebSecurity web) {
-
-        String ignoreUrls = null;
-        if (AuthSystemTypes.NACOS.name().equalsIgnoreCase(authConfigs.getNacosAuthSystemType())) {
-            ignoreUrls = DEFAULT_ALL_PATH_PATTERN;
-        } else if (AuthSystemTypes.LDAP.name().equalsIgnoreCase(authConfigs.getNacosAuthSystemType())) {
-            ignoreUrls = DEFAULT_ALL_PATH_PATTERN;
-        }
-        if (StringUtils.isBlank(authConfigs.getNacosAuthSystemType())) {
-            ignoreUrls = env.getProperty(PROPERTY_IGNORE_URLS, DEFAULT_ALL_PATH_PATTERN);
-        }
-        if (StringUtils.isNotBlank(ignoreUrls)) {
-            for (String each : ignoreUrls.trim().split(SECURITY_IGNORE_URLS_SPILT_CHAR)) {
-                web.ignoring().antMatchers(each.trim());
+    @Bean
+    public WebSecurityCustomizer webSecurityCustomizer() {
+        return web -> {
+            String ignoreUrls = null;
+            if (AuthSystemTypes.NACOS.name().equalsIgnoreCase(authConfigs.getNacosAuthSystemType())) {
+                ignoreUrls = DEFAULT_ALL_PATH_PATTERN;
+            } else if (AuthSystemTypes.LDAP.name().equalsIgnoreCase(authConfigs.getNacosAuthSystemType())) {
+                ignoreUrls = DEFAULT_ALL_PATH_PATTERN;
             }
-        }
+            if (StringUtils.isBlank(authConfigs.getNacosAuthSystemType())) {
+                ignoreUrls = env.getProperty(PROPERTY_IGNORE_URLS, DEFAULT_ALL_PATH_PATTERN);
+            }
+            if (StringUtils.isNotBlank(ignoreUrls)) {
+                for (String each : ignoreUrls.trim().split(SECURITY_IGNORE_URLS_SPILT_CHAR)) {
+                    web.ignoring().antMatchers(each.trim());
+                }
+            }
+        };
     }
 
-    @Override
-    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-        if (AuthSystemTypes.NACOS.name().equalsIgnoreCase(authConfigs.getNacosAuthSystemType())) {
-            auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
-        } else if (AuthSystemTypes.LDAP.name().equalsIgnoreCase(authConfigs.getNacosAuthSystemType())) {
-            auth.authenticationProvider(ldapAuthenticationProvider);
-        }
+    @Bean
+    public GlobalAuthenticationConfigurerAdapter authenticationConfigurer() {
+        return new GlobalAuthenticationConfigurerAdapter() {
+            @Override
+            public void init(AuthenticationManagerBuilder auth) throws Exception {
+                if (AuthSystemTypes.NACOS.name().equalsIgnoreCase(authConfigs.getNacosAuthSystemType())) {
+                    auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
+                } else if (AuthSystemTypes.LDAP.name().equalsIgnoreCase(authConfigs.getNacosAuthSystemType())) {
+                    auth.authenticationProvider(ldapAuthenticationProvider);
+                }
+            }
+        };
     }
 
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
         if (StringUtils.isBlank(authConfigs.getNacosAuthSystemType())) {
             http.csrf().disable().cors()// We don't need CSRF for JWT based authentication
                     .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
@@ -149,6 +158,7 @@ protected void configure(HttpSecurity http) throws Exception {
             http.addFilterBefore(new JwtAuthenticationTokenFilter(tokenProvider),
                     UsernamePasswordAuthenticationFilter.class);
         }
+        return http.build();
     }
 
     @Bean

diff --git a/...heus/src/main/java/com/alibaba/nacos/prometheus/conf/PrometheusSecurityConfiguration.java b/...heus/src/main/java/com/alibaba/nacos/prometheus/conf/PrometheusSecurityConfiguration.java
@@ -16,10 +16,9 @@
 
 package com.alibaba.nacos.prometheus.conf;
 
-import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.web.builders.WebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
 
 import static com.alibaba.nacos.prometheus.api.ApiConstants.PROMETHEUS_CONTROLLER_NAMESPACE_PATH;
 import static com.alibaba.nacos.prometheus.api.ApiConstants.PROMETHEUS_CONTROLLER_PATH;
@@ -32,13 +31,15 @@
  * @author vividfish
  */
 @Configuration
-@ConditionalOnMissingBean(value = WebSecurityConfigurerAdapter.class)
-public class PrometheusSecurityConfiguration extends WebSecurityConfigurerAdapter {
+public class PrometheusSecurityConfiguration {
 
-    @Override
-    public void configure(WebSecurity web) throws Exception {
-        web.ignoring().mvcMatchers(PROMETHEUS_CONTROLLER_PATH);
-        web.ignoring().mvcMatchers(PROMETHEUS_CONTROLLER_NAMESPACE_PATH);
-        web.ignoring().mvcMatchers(PROMETHEUS_CONTROLLER_SERVICE_PATH);
+    @Bean
+    public WebSecurityCustomizer prometheusWebSecurityCustomizer() {
+        return web -> {
+            web.ignoring().mvcMatchers(PROMETHEUS_CONTROLLER_PATH);
+            web.ignoring().mvcMatchers(PROMETHEUS_CONTROLLER_NAMESPACE_PATH);
+            web.ignoring().mvcMatchers(PROMETHEUS_CONTROLLER_SERVICE_PATH);
+        };
     }
+
 }