From c4c0c227205d96e436a70885611e955e6fef7746 Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Wed, 31 May 2023 22:00:06 +0300
Subject: Modernize spring-security configuration and minor changes

* Clean up warnings
---
 src/main/java/com/juick/config/SecurityConfig.java | 48 ++++++++++++++--------
 1 file changed, 32 insertions(+), 16 deletions(-)

(limited to 'src/main/java/com/juick/config/SecurityConfig.java')

diff --git a/src/main/java/com/juick/config/SecurityConfig.java b/src/main/java/com/juick/config/SecurityConfig.java
index 8a41ab5b..70dc19fa 100644
--- a/src/main/java/com/juick/config/SecurityConfig.java
+++ b/src/main/java/com/juick/config/SecurityConfig.java
@@ -40,7 +40,6 @@ import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
-import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.oauth2.jwt.JwtDecoder;
@@ -68,6 +67,8 @@ import java.security.interfaces.RSAPublicKey;
 import java.util.Arrays;
 import java.util.Collections;
 
+import static org.springframework.security.config.Customizer.withDefaults;
+
 /**
  * Created by aalexeev on 11/21/16.
  */
@@ -81,6 +82,7 @@ public class SecurityConfig {
     @Inject
     private JdbcTemplate jdbcTemplate;
     private static final String COOKIE_NAME = "juick-remember-me";
+
     @Bean
     UserDetailsService userDetailsService() {
         return new JuickUserDetailsService(userService);
@@ -139,27 +141,25 @@ public class SecurityConfig {
         services.setUseSecureCookie(false); // TODO set true if https is supports
         return services;
     }
+
     @Bean
     @Order(Ordered.HIGHEST_PRECEDENCE)
     public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http)
             throws Exception {
         OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
         http.getConfigurer(OAuth2AuthorizationServerConfigurer.class)
-                .authorizationServerSettings(AuthorizationServerSettings.builder()
-                        .authorizationEndpoint("/oauth/authorize")
-                        .tokenEndpoint("/oauth/token")
-                        .build())
                 .oidc(Customizer.withDefaults());
         http.cors(cors -> cors.configurationSource(corsConfigurationSource()))
                 // Accept access tokens for User Info and/or Client Registration
-                .oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
-
+                .oauth2ResourceServer(resourceServer -> resourceServer.jwt(withDefaults()));
         return http.formLogin(Customizer.withDefaults()).build();
     }
+
     @Bean
     public RegisteredClientRepository registeredClientRepository() {
         return new JdbcRegisteredClientRepository(jdbcTemplate);
     }
+
     @Bean
     public JWKSource<SecurityContext> jwkSource() {
         RSAPublicKey publicKey = (RSAPublicKey) keystoreManager.getPublicKey();
@@ -171,10 +171,20 @@ public class SecurityConfig {
         JWKSet jwkSet = new JWKSet(rsaKey);
         return new ImmutableJWKSet<>(jwkSet);
     }
+
     @Bean
     public JwtDecoder jwtDecoder(JWKSource<SecurityContext> jwkSource) {
         return OAuth2AuthorizationServerConfiguration.jwtDecoder(jwkSource);
     }
+
+    @Bean
+    public AuthorizationServerSettings authorizationServerSettings() {
+        return AuthorizationServerSettings.builder()
+                .authorizationEndpoint("/oauth/authorize")
+                .tokenEndpoint("/oauth/token")
+                .build();
+    }
+
     @Bean
     @Order(Ordered.HIGHEST_PRECEDENCE + 1)
     SecurityFilterChain apiChain(HttpSecurity http) throws Exception {
@@ -194,8 +204,10 @@ public class SecurityConfig {
                                 "/api/skypebotendpoint", "/api/_fblogin",
                                 "/api/_vklogin", "/api/_tglogin",
                                 "/api/_google", "/api/_applelogin", "/api/signup",
-                                "/api/inbox", "/api/events", "/api/u/", "/u/**", "/n/**",
-                                "/api/info/**", "/api/v1/apps", "/api/v1/instance", "/api/v2/instance",
+                                "/api/inbox", "/api/events", "/api/u/", "/u/**",
+                                "/n/**",
+                                "/api/info/**", "/api/v1/apps", "/api/v1/instance",
+                                "/api/v2/instance",
                                 "/api/nodeinfo/2.0", "/oauth/**")
                         .permitAll()
                         .anyRequest().hasAnyAuthority("SCOPE_write", "ROLE_USER"))
@@ -204,36 +216,39 @@ public class SecurityConfig {
                 .httpBasic(httpBasic -> httpBasic
                         .authenticationEntryPoint(apiAuthenticationEntryPoint()))
                 .cors(cors -> cors.configurationSource(corsConfigurationSource()))
-                .oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt)
+                .oauth2ResourceServer(resourceServer -> resourceServer.jwt(withDefaults()))
                 .sessionManagement(sessionManagement -> sessionManagement
                         .sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                 .exceptionHandling(exceptionHandling -> exceptionHandling
                         .authenticationEntryPoint(apiAuthenticationEntryPoint()))
-                .csrf().disable()
-                .headers().defaultsDisabled().cacheControl();
+                .csrf(AbstractHttpConfigurer::disable)
+                .headers(headers -> headers.defaultsDisabled().cacheControl(withDefaults()));
         return http.build();
     }
+
     @Bean
-    SecurityFilterChain h2ConsoFilterChain(HttpSecurity http) throws Exception {
+    SecurityFilterChain h2ConsoleFilterChain(HttpSecurity http) throws Exception {
         http.securityMatcher("/h2-console/**")
                 .authorizeHttpRequests(auth -> auth
                         .anyRequest().permitAll())
                 .anonymous(anonymous -> anonymous.principal(JuickUser.ANONYMOUS_USER)
                         .authorities(JuickUser.ANONYMOUS_AUTHORITY))
-                .csrf().disable()
+                .csrf(AbstractHttpConfigurer::disable)
                 .sessionManagement(sessionManagement -> sessionManagement
                         .sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                 .exceptionHandling(exceptionHandling -> exceptionHandling
                         .authenticationEntryPoint(apiAuthenticationEntryPoint()))
-                .headers().defaultsDisabled().cacheControl();
+                .headers(headers -> headers.defaultsDisabled().cacheControl(withDefaults()));
         return http.build();
     }
+
     @Bean
     AuthenticationSuccessHandler successHandler() {
         var handler = new SavedRequestAwareAuthenticationSuccessHandler();
         handler.setUseReferer(true);
         return handler;
     }
+
     @Bean
     @Order(Ordered.HIGHEST_PRECEDENCE + 2)
     SecurityFilterChain wwwChain(HttpSecurity http) throws Exception {
@@ -263,9 +278,10 @@ public class SecurityConfig {
                 .rememberMe(rememberMe -> rememberMe
                         .rememberMeCookieDomain(webDomain).key(rememberMeKey)
                         .rememberMeServices(hashCookieServices()))
-                .headers().defaultsDisabled().cacheControl();
+                .headers(headers -> headers.defaultsDisabled().cacheControl(withDefaults()));
         return http.build();
     }
+
     @Bean
     public SecurityFilterChain securityWebFilterChain(
             HttpSecurity http) throws Exception {
-- 
cgit v1.2.3