Use method injection & Update docs

Author: AB-xdev

demo/webapp-vaadin/src/main/java/software/xdev/sse/demo/security/MainWebSecurity.java

@@ -4,7 +4,6 @@
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.Customizer;
@@ -31,23 +30,14 @@ public class MainWebSecurity
 {
 	private static final Logger LOG = LoggerFactory.getLogger(MainWebSecurity.class);
 
-	@Autowired
-	protected OAuth2CookieRememberMeServices cookieRememberMeServices;
-	
-	@Autowired
-	protected OAuth2RefreshFilter oAuth2RefreshFilter;
-	
-	@Autowired
-	protected CSPGenerator cspGenerator;
-	
-	@Autowired
-	protected CookieBasedRememberRedirectOAuth2LoginProvider rememberLoginProvider;
-	
-	@Autowired
-	protected OAuth2LoginUrlStoreAdapter oAuth2LoginUrlStoreAdapter;
-	
 	@Bean
-	protected SecurityFilterChain httpSecurityFilterChain(final HttpSecurity http) throws Exception
+	protected SecurityFilterChain httpSecurityFilterChain(
+		final HttpSecurity http,
+		final OAuth2CookieRememberMeServices cookieRememberMeServices,
+		final OAuth2RefreshFilter oAuth2RefreshFilter,
+		final CSPGenerator cspGenerator,
+		final CookieBasedRememberRedirectOAuth2LoginProvider rememberLoginProvider,
+		final OAuth2LoginUrlStoreAdapter oAuth2LoginUrlStoreAdapter) throws Exception
 	{
 		http
 			.with(new AdvancedLoginPageAdapter<>(http), c -> c
@@ -60,19 +50,19 @@ protected SecurityFilterChain httpSecurityFilterChain(final HttpSecurity http) t
 			// Permission-Policy removed as it's not supported by browsers (besides Chrome)
 			// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy#browser_compatibility
 			.headers(c -> c
-				.contentSecurityPolicy(p -> p.policyDirectives(this.cspGenerator.buildCSP()))
+				.contentSecurityPolicy(p -> p.policyDirectives(cspGenerator.buildCSP()))
 				// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
 				.contentTypeOptions(Customizer.withDefaults())
 				.referrerPolicy(p -> p.policy(ReferrerPolicyHeaderWriter.ReferrerPolicy.SAME_ORIGIN)))
 			.oauth2Login(c -> {
 				c.defaultSuccessUrl("/" + MainView.NAV);
-				this.rememberLoginProvider.configureOAuth2Login(c);
-				this.oAuth2LoginUrlStoreAdapter.postProcess(c);
+				rememberLoginProvider.configureOAuth2Login(c);
+				oAuth2LoginUrlStoreAdapter.postProcess(c);
 			})
-			.logout(this.rememberLoginProvider::configureOAuth2Logout)
-			.addFilterBefore(this.oAuth2RefreshFilter, AnonymousAuthenticationFilter.class);
+			.logout(rememberLoginProvider::configureOAuth2Logout)
+			.addFilterBefore(oAuth2RefreshFilter, AnonymousAuthenticationFilter.class);
 
-		this.cookieRememberMeServices.install(http);
+		cookieRememberMeServices.install(http);
 
 		final DefaultSecurityFilterChain build = http
 			.with(new TotalVaadinFlowSecurityConfigurer(), Customizer.withDefaults())

oauth2-oidc-remember-me/README.md

@@ -66,7 +66,7 @@ For more detailed docs have a look at [the javadoc of ``OAuth2CookieRememberMeSe
 * **You need to implement [``OAuth2RememberMeUserEnricher``](./src/main/java/software/xdev/sse/oauth2/rememberme/userenrichment/OAuth2RememberMeUserEnricher.java) and [``AuthRememberMeSecretService``](./src/main/java/software/xdev/sse/oauth2/rememberme/secrets/AuthRememberMeSecretService.java)**
 * Inside your main ``WebSecurity#configure`` add:
     ```java
-    this.cookieRememberMeServices.install(http);
+    cookieRememberMeServices.install(http);
     ```
 
 ## Example configuration

vaadin/README.md

@@ -7,57 +7,46 @@ Secures [Vaadin (Flow)](https://github.com/vaadin/platform).
 The overall goal is to
 * give Spring Security full access control before any requests are processed by Vaadin
 * only create Vaadin Sessions when they are really needed - as these are rather heavy (Vaadin stores the state of the UI in these)
-* make Vaadin's ``VaadinWebSecurity`` better customizable
+* make Vaadin's ``VaadinWebSecurity``/``VaadinSecurityConfigurer`` better customizable
 
 ## Requirements
 
 * ``com.vaadin:vaadin-spring`` must be provided manually (only included with scope ``provided`` by default to prevent versioning conflicts)
 
 ## Usage
 
-Create a ``Configuration``-class that extends from ``TotalVaadinFlowWebSecurity`` and extend it accordingly.
-
-Here is an example:
 ```java
 @EnableWebSecurity
 @Configuration
-public class MainWebSecurity extends TotalVaadinFlowWebSecurity
+public class MainWebSecurity
 {
-    @Autowired
-    protected OAuth2CookieRememberMeServices cookieRememberMeServices;
-    
-    @Autowired
-    protected OAuth2RefreshFilter oAuth2RefreshFilter;
-    
-    @Autowired
-    protected CSPGenerator cspGenerator;
-    
-    @Autowired
-    protected CookieBasedRememberRedirectOAuth2LoginProvider rememberLoginProvider;
-    
-    @Autowired
-    protected OAuth2LoginUrlStoreAdapter oAuth2LoginUrlStoreAdapter;
-    
-    @Override
-    protected void configure(final HttpSecurity http) throws Exception
+    @Bean
+    protected SecurityFilterChain httpSecurityFilterChain(
+        final HttpSecurity http,
+        final OAuth2CookieRememberMeServices cookieRememberMeServices,
+        final OAuth2RefreshFilter oAuth2RefreshFilter,
+        final CSPGenerator cspGenerator,
+        final CookieBasedRememberRedirectOAuth2LoginProvider rememberLoginProvider,
+        final OAuth2LoginUrlStoreAdapter oAuth2LoginUrlStoreAdapter) throws Exception
     {
         http
             .headers(c -> c
-                .contentSecurityPolicy(p -> p.policyDirectives(this.cspGenerator.buildCSP()))
-                // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
+                .contentSecurityPolicy(p -> p.policyDirectives(cspGenerator.buildCSP()))
                 .contentTypeOptions(Customizer.withDefaults())
                 .referrerPolicy(p -> p.policy(ReferrerPolicyHeaderWriter.ReferrerPolicy.SAME_ORIGIN)))
             .oauth2Login(c -> {
-                c.defaultSuccessUrl("/" + WorkdayView.NAV);
-                this.rememberLoginProvider.configureOAuth2Login(c);
-                this.oAuth2LoginUrlStoreAdapter.postProcess(c);
+                c.defaultSuccessUrl("/" + MainView.NAV);
+                rememberLoginProvider.configureOAuth2Login(c);
+                oAuth2LoginUrlStoreAdapter.postProcess(c);
             })
-            .logout(this.rememberLoginProvider::configureOAuth2Logout)
-            .addFilterBefore(this.oAuth2RefreshFilter, AnonymousAuthenticationFilter.class);
+            .logout(rememberLoginProvider::configureOAuth2Logout)
+            .addFilterBefore(oAuth2RefreshFilter, AnonymousAuthenticationFilter.class);
 
-        this.cookieRememberMeServices.install(http);
+        cookieRememberMeServices.install(http);
 
-        super.configure(http);
+        return http
+            .with(new TotalVaadinFlowSecurityConfigurer(), Customizer.withDefaults())
+            .build();
     }
 }
 ```