[ISSUE #11586]Remove deprecated api of spring security (#11587)

* remove deprecated config

* style fix
This commit is contained in:
Karson 2024-01-05 17:02:39 +08:00 committed by GitHub
parent 6b0636dd5d
commit 97104b2445
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 63 additions and 48 deletions

View File

@ -16,22 +16,26 @@
package com.alibaba.nacos.address.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.SecurityFilterChain;
/**
* nacos web security configuration.
*
* @author onewe
*/
@Configuration
@Order(99)
public class AddressServerSecurityConfiguration extends WebSecurityConfigurerAdapter {
public class AddressServerSecurityConfiguration {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeHttpRequests(requestMatcherRegistry -> requestMatcherRegistry.mvcMatchers("/nacos/v1/as/**").authenticated())
.csrf().disable().httpBasic();
@Bean
@Order(99)
public SecurityFilterChain addressServerSecurityFilterChain(HttpSecurity http) throws Exception {
http.authorizeHttpRequests(
requestMatcherRegistry -> requestMatcherRegistry.mvcMatchers("/nacos/v1/as/**").authenticated()).csrf()
.disable().httpBasic();
return http.build();
}
}

View File

@ -28,6 +28,7 @@ import com.alibaba.nacos.plugin.auth.impl.filter.JwtAuthenticationTokenFilter;
import com.alibaba.nacos.plugin.auth.impl.roles.NacosRoleServiceImpl;
import com.alibaba.nacos.plugin.auth.impl.token.TokenManagerDelegate;
import com.alibaba.nacos.plugin.auth.impl.users.NacosUserDetailsServiceImpl;
import com.alibaba.nacos.sys.utils.ApplicationUtils;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Primary;
@ -35,13 +36,15 @@ import org.springframework.core.env.Environment;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.BeanIds;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.authentication.configuration.GlobalAuthenticationConfigurerAdapter;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.cors.CorsUtils;
@ -53,7 +56,7 @@ import javax.annotation.PostConstruct;
* @author Nacos
*/
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class NacosAuthConfig extends WebSecurityConfigurerAdapter {
public class NacosAuthConfig {
private static final String SECURITY_IGNORE_URLS_SPILT_CHAR = ",";
@ -100,14 +103,15 @@ public class NacosAuthConfig extends WebSecurityConfigurerAdapter {
}
@Bean(name = BeanIds.AUTHENTICATION_MANAGER)
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
AuthenticationConfiguration authenticationConfiguration = ApplicationUtils.getBean(
AuthenticationConfiguration.class);
return authenticationConfiguration.getAuthenticationManager();
}
@Override
public void configure(WebSecurity web) {
@Bean
public WebSecurityCustomizer webSecurityCustomizer() {
return web -> {
String ignoreUrls = null;
if (AuthSystemTypes.NACOS.name().equalsIgnoreCase(authConfigs.getNacosAuthSystemType())) {
ignoreUrls = DEFAULT_ALL_PATH_PATTERN;
@ -122,20 +126,25 @@ public class NacosAuthConfig extends WebSecurityConfigurerAdapter {
web.ignoring().antMatchers(each.trim());
}
}
};
}
@Bean
public GlobalAuthenticationConfigurerAdapter authenticationConfigurer() {
return new GlobalAuthenticationConfigurerAdapter() {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
public void init(AuthenticationManagerBuilder auth) throws Exception {
if (AuthSystemTypes.NACOS.name().equalsIgnoreCase(authConfigs.getNacosAuthSystemType())) {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
} else if (AuthSystemTypes.LDAP.name().equalsIgnoreCase(authConfigs.getNacosAuthSystemType())) {
auth.authenticationProvider(ldapAuthenticationProvider);
}
}
};
}
@Override
protected void configure(HttpSecurity http) throws Exception {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
if (StringUtils.isBlank(authConfigs.getNacosAuthSystemType())) {
http.csrf().disable().cors()// We don't need CSRF for JWT based authentication
.and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
@ -149,6 +158,7 @@ public class NacosAuthConfig extends WebSecurityConfigurerAdapter {
http.addFilterBefore(new JwtAuthenticationTokenFilter(tokenProvider),
UsernamePasswordAuthenticationFilter.class);
}
return http.build();
}
@Bean

View File

@ -16,10 +16,9 @@
package com.alibaba.nacos.prometheus.conf;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import static com.alibaba.nacos.prometheus.api.ApiConstants.PROMETHEUS_CONTROLLER_NAMESPACE_PATH;
import static com.alibaba.nacos.prometheus.api.ApiConstants.PROMETHEUS_CONTROLLER_PATH;
@ -32,13 +31,15 @@ import static com.alibaba.nacos.prometheus.api.ApiConstants.PROMETHEUS_CONTROLLE
* @author vividfish
*/
@Configuration
@ConditionalOnMissingBean(value = WebSecurityConfigurerAdapter.class)
public class PrometheusSecurityConfiguration extends WebSecurityConfigurerAdapter {
public class PrometheusSecurityConfiguration {
@Override
public void configure(WebSecurity web) throws Exception {
@Bean
public WebSecurityCustomizer prometheusWebSecurityCustomizer() {
return web -> {
web.ignoring().mvcMatchers(PROMETHEUS_CONTROLLER_PATH);
web.ignoring().mvcMatchers(PROMETHEUS_CONTROLLER_NAMESPACE_PATH);
web.ignoring().mvcMatchers(PROMETHEUS_CONTROLLER_SERVICE_PATH);
};
}
}