Fix use of deprecated WebSecurityConfigurerAdapter.

HSLdevcom · Sep 8, 2023 · a8b701a · a8b701a
1 parent c31dc51
commit a8b701a
Showing 1 changed file with 29 additions and 21 deletions.
diff --git a/spring-boot/src/main/kotlin/fi/hsl/jore4/mapmatching/config/WebSecurityConfig.kt b/spring-boot/src/main/kotlin/fi/hsl/jore4/mapmatching/config/WebSecurityConfig.kt
@@ -2,38 +2,46 @@ package fi.hsl.jore4.mapmatching.config
 
 import fi.hsl.jore4.mapmatching.api.MapMatchingController
 import fi.hsl.jore4.mapmatching.api.RouteController
+import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
 import org.springframework.http.HttpMethod
+import org.springframework.security.config.Customizer.withDefaults
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.http.SessionCreationPolicy
+import org.springframework.security.web.SecurityFilterChain
 
 @Configuration
 @EnableWebSecurity
-class WebSecurityConfig : WebSecurityConfigurerAdapter() {
+class WebSecurityConfig {
 
-    override fun configure(httpSec: HttpSecurity) {
-        httpSec
-            .sessionManagement()
-            .sessionCreationPolicy(SessionCreationPolicy.NEVER)
+    @Bean
+    @Throws(Exception::class)
+    fun configure(httpSecurity: HttpSecurity): SecurityFilterChain {
+        return httpSecurity
+            .sessionManagement { it.sessionCreationPolicy(SessionCreationPolicy.NEVER) }
 
-            .and()
+            // CSRF is not needed.
             .csrf().disable()
 
-            .authorizeRequests()
-
-            .antMatchers(HttpMethod.GET,
-                         RouteController.URL_PREFIX + "/**",
-                         "/actuator/health",
-                         "/*" // matches static landing page for examining results from route API
-            ).permitAll()
-
-            .antMatchers(HttpMethod.POST,
-                         MapMatchingController.URL_PREFIX + "/**",
-                         RouteController.URL_PREFIX + "/**"
-            ).permitAll()
-
-            .anyRequest().denyAll()
+            /** A CORS mapping is defined in [WebConfig] within "development" Spring profile. */
+            .cors(withDefaults())
+
+            .authorizeHttpRequests {
+                it
+                    .antMatchers(HttpMethod.GET,
+                                 RouteController.URL_PREFIX + "/**",
+                                 "/actuator/health",
+                                 "/*" // matches static landing page for examining results from route API
+                    ).permitAll()
+
+                    .antMatchers(HttpMethod.POST,
+                                 MapMatchingController.URL_PREFIX + "/**",
+                                 RouteController.URL_PREFIX + "/**"
+                    ).permitAll()
+
+                    .anyRequest().denyAll()
+            }
+            .build()
     }
 }