(causeway) branch v4 updated: CAUSEWAY-3892: migrate deprecated Spring Security stuff (keycloak)

Mon, 23 Jun 2025 04:16:50 -0700 

This is an automated email from the ASF dual-hosted git repository.

ahuber pushed a commit to branch v4
in repository https://gitbox.apache.org/repos/asf/causeway.git


The following commit(s) were added to refs/heads/v4 by this push:
     new d467693d66c CAUSEWAY-3892: migrate deprecated Spring Security stuff 
(keycloak)
d467693d66c is described below

commit d467693d66c866a5841346e0583e9a9abbb1ace3
Author: andi-huber <[email protected]>
AuthorDate: Mon Jun 23 07:20:05 2025 +0200

    CAUSEWAY-3892: migrate deprecated Spring Security stuff (keycloak)
---
 .../keycloak/CausewayModuleSecurityKeycloak.java   | 76 ++++++++++++++--------
 1 file changed, 49 insertions(+), 27 deletions(-)

diff --git 
a/security/keycloak/src/main/java/org/apache/causeway/security/keycloak/CausewayModuleSecurityKeycloak.java
 
b/security/keycloak/src/main/java/org/apache/causeway/security/keycloak/CausewayModuleSecurityKeycloak.java
index cbe68ef1400..e31b12c14f8 100644
--- 
a/security/keycloak/src/main/java/org/apache/causeway/security/keycloak/CausewayModuleSecurityKeycloak.java
+++ 
b/security/keycloak/src/main/java/org/apache/causeway/security/keycloak/CausewayModuleSecurityKeycloak.java
@@ -42,7 +42,7 @@
 import org.springframework.security.web.SecurityFilterChain;
 import 
org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.logout.LogoutHandler;
-import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import 
org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher;
 import org.springframework.util.Assert;
 
 import org.apache.causeway.core.config.CausewayConfiguration;
@@ -87,40 +87,62 @@ public SecurityFilterChain filterChain(
         var loginPage = 
OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI
                 + "/" + realm;
 
-        var httpSecurityLogoutConfigurer =
-            http
-                .sessionManagement()
-                    .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
-                .and()
-
-                .authorizeHttpRequests()
-                    .anyRequest().authenticated()
-                .and()
-
+        return http
+                
.sessionManagement(t->t.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED))
+                .authorizeHttpRequests(t->t.anyRequest().authenticated())
                 // responsibility to propagate logout to Keycloak is performed 
by
                 // LogoutHandlerForKeycloak (called by Causeway' LogoutMenu, 
not by Spring)
                 // this is to ensure that Causeway can invalidate the http 
session eagerly and not preserve it in
                 // the SecurityContextPersistenceFilter (which uses http 
session to do its work)
-                .logout()
-                    .logoutRequestMatcher(new 
AntPathRequestMatcher("/logout"));
-
-        logoutHandlers.forEach(httpSecurityLogoutConfigurer::addLogoutHandler);
-
-        httpSecurityLogoutConfigurer
-                .and()
-
-                // This is the point where OAuth2 login of Spring 5 gets 
enabled
-                .oauth2Login()
+                .logout(t->{
+                    var x = 
t.logoutRequestMatcher(PathPatternRequestMatcher.withDefaults().matcher("/logout"));
+                    logoutHandlers.forEach(x::addLogoutHandler);   
+                })
+                // This is the point where OAuth2 login of Spring gets enabled
+                .oauth2Login(t->t
                     .defaultSuccessUrl(successUrl, true)
 //                        .successHandler(new 
AuthSuccessHandler(loginSuccessHandlers))
                     .successHandler(new 
SavedRequestAwareAuthenticationSuccessHandler())
-                    .userInfoEndpoint()
-                        .oidcUserService(keycloakOidcUserService)
-                .and()
-
-                .loginPage(loginPage);
+                    
.userInfoEndpoint(c->c.oidcUserService(keycloakOidcUserService))
+                    .loginPage(loginPage))
+                .build();
 
-        return http.build();
+        
+// Spring 6 Legacy        
+//        var httpSecurityLogoutConfigurer =
+//            http
+//                .sessionManagement()
+//                    .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
+//                .and()
+//
+//                .authorizeHttpRequests()
+//                    .anyRequest().authenticated()
+//                .and()
+//
+//                // responsibility to propagate logout to Keycloak is 
performed by
+//                // LogoutHandlerForKeycloak (called by Causeway' LogoutMenu, 
not by Spring)
+//                // this is to ensure that Causeway can invalidate the http 
session eagerly and not preserve it in
+//                // the SecurityContextPersistenceFilter (which uses http 
session to do its work)
+//                .logout()
+//                    .logoutRequestMatcher(new 
AntPathRequestMatcher("/logout"));
+//
+//        
logoutHandlers.forEach(httpSecurityLogoutConfigurer::addLogoutHandler);
+//
+//        httpSecurityLogoutConfigurer
+//                .and()
+//
+//                // This is the point where OAuth2 login of Spring 5 gets 
enabled
+//                .oauth2Login()
+//                    .defaultSuccessUrl(successUrl, true)
+////                        .successHandler(new 
AuthSuccessHandler(loginSuccessHandlers))
+//                    .successHandler(new 
SavedRequestAwareAuthenticationSuccessHandler())
+//                    .userInfoEndpoint()
+//                        .oidcUserService(keycloakOidcUserService)
+//                .and()
+//
+//                .loginPage(loginPage);
+//
+//        return http.build();
     }
 
     @Bean

Reply via email to