sandeeppagatur/securityconfig.java

## securityconfig.java
@Configuration
@EnableMethodSecurity //- new config
//@EnableWebSecurity - old one deprecated
public class SecurityConfig { //extends WebSecurityConfigurerAdapter -
//this class WebSecurityConfigurerAdapter is now removed


    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.securityContext((securityContext) -> {
            securityContext
                    .requireExplicitSave(true);
            securityContext.
                    securityContextRepository(securityContextRepository);
        });
//you have to register filter for config of spring redis session index session repository
        http.addFilterBefore(sessionRepositoryFilter, SecurityContextHolderAwareRequestFilter.class);
        http.addFilterBefore(new CustomAuthFilter(), sessionRepositoryFilter.getClass());
        http.authorizeHttpRequests((authorize) ->
                        authorize.
                                requestMatchers(new OrRequestMatcher(getNoAuthRequestMatchers())).
                                permitAll().
                                requestMatchers(new OrRequestMatcher(getAuthRequestMatchers()))
                                .authenticated()

                )
                .cors().and().csrf().disable().exceptionHandling()
                .authenticationEntryPoint(new XAuthEntryPointExceptionHandler())
                .and()
                .logout()
                .logoutUrl("/logout").permitAll();
        return http.build();
    }

    @Bean
    public WebSecurityCustomizer webSecurityCustomizer() {
        return (web) -> web.ignoring().requestMatchers("/api/v2/api-docs/*", "/api/configuration/ui/*",
                "/api/swagger-resources/*",
                "/api/swagger-ui.html", "/api/webjars/*", "/*/*");
    }
}

public List<RequestMatcher> getNoAuthRequestMatchers() {
    List<RequestMatcher> noAuthAntPathRequestMatchers = new ArrayList<>();
    for (String url : noAuthUrls) {
        noAuthAntPathRequestMatchers.add(new AntPathRequestMatcher(url));
    }
    return noAuthAntPathRequestMatchers;
}

public List<RequestMatcher> getAuthRequestMatchers() {
    List<RequestMatcher> authAntPathRequestMatchers = new ArrayList<>();
    for (String url : authUrls) {
        authAntPathRequestMatchers.add(new AntPathRequestMatcher(url));
    }
    return authAntPathRequestMatchers;
}
	@Configuration
	@EnableMethodSecurity //- new config
	//@EnableWebSecurity - old one deprecated
	public class SecurityConfig { //extends WebSecurityConfigurerAdapter -
	//this class WebSecurityConfigurerAdapter is now removed


	@Bean
	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
	http.securityContext((securityContext) -> {
	securityContext
	.requireExplicitSave(true);
	securityContext.
	securityContextRepository(securityContextRepository);
	});
	//you have to register filter for config of spring redis session index session repository
	http.addFilterBefore(sessionRepositoryFilter, SecurityContextHolderAwareRequestFilter.class);
	http.addFilterBefore(new CustomAuthFilter(), sessionRepositoryFilter.getClass());
	http.authorizeHttpRequests((authorize) ->
	authorize.
	requestMatchers(new OrRequestMatcher(getNoAuthRequestMatchers())).
	permitAll().
	requestMatchers(new OrRequestMatcher(getAuthRequestMatchers()))
	.authenticated()

	)
	.cors().and().csrf().disable().exceptionHandling()
	.authenticationEntryPoint(new XAuthEntryPointExceptionHandler())
	.and()
	.logout()
	.logoutUrl("/logout").permitAll();
	return http.build();
	}

	@Bean
	public WebSecurityCustomizer webSecurityCustomizer() {
	return (web) -> web.ignoring().requestMatchers("/api/v2/api-docs/", "/api/configuration/ui/",
	"/api/swagger-resources/*",
	"/api/swagger-ui.html", "/api/webjars/", "//*");
	}
	}

	public List<RequestMatcher> getNoAuthRequestMatchers() {
	List<RequestMatcher> noAuthAntPathRequestMatchers = new ArrayList<>();
	for (String url : noAuthUrls) {
	noAuthAntPathRequestMatchers.add(new AntPathRequestMatcher(url));
	}
	return noAuthAntPathRequestMatchers;
	}

	public List<RequestMatcher> getAuthRequestMatchers() {
	List<RequestMatcher> authAntPathRequestMatchers = new ArrayList<>();
	for (String url : authUrls) {
	authAntPathRequestMatchers.add(new AntPathRequestMatcher(url));
	}
	return authAntPathRequestMatchers;
	}