Phillip Webb
parent
899ae9c37c
commit
00dc942e94
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2012-2022 the original author or authors.
|
||||
* Copyright 2012-2023 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -29,7 +29,6 @@ import org.springframework.boot.autoconfigure.security.oauth2.client.reactive.Re
|
|||
import org.springframework.boot.autoconfigure.security.oauth2.resource.reactive.ReactiveOAuth2ResourceServerAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.security.reactive.ReactiveSecurityAutoConfiguration;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
|
||||
import org.springframework.security.config.web.server.SecurityWebFiltersOrder;
|
||||
import org.springframework.security.config.web.server.ServerHttpSecurity;
|
||||
|
|
@ -38,6 +37,8 @@ import org.springframework.security.web.server.WebFilterChainProxy;
|
|||
import org.springframework.web.cors.reactive.PreFlightRequestHandler;
|
||||
import org.springframework.web.cors.reactive.PreFlightRequestWebFilter;
|
||||
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
/**
|
||||
* {@link EnableAutoConfiguration Auto-configuration} for Reactive Spring Security when
|
||||
* actuator is on the classpath. Specifically, it permits access to the health endpoint
|
||||
|
|
@ -63,8 +64,8 @@ public class ReactiveManagementWebSecurityAutoConfiguration {
|
|||
});
|
||||
PreFlightRequestWebFilter filter = new PreFlightRequestWebFilter(handler);
|
||||
http.addFilterAt(filter, SecurityWebFiltersOrder.CORS);
|
||||
http.httpBasic(Customizer.withDefaults());
|
||||
http.formLogin(Customizer.withDefaults());
|
||||
http.httpBasic(withDefaults());
|
||||
http.formLogin(withDefaults());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2012-2022 the original author or authors.
|
||||
* Copyright 2012-2023 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -31,11 +31,12 @@ import org.springframework.boot.autoconfigure.security.saml2.Saml2RelyingPartyAu
|
|||
import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.core.annotation.Order;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.util.ClassUtils;
|
||||
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
/**
|
||||
* {@link EnableAutoConfiguration Auto-configuration} for Spring Security when actuator is
|
||||
* on the classpath. It allows unauthenticated access to the {@link HealthEndpoint}. If
|
||||
|
|
@ -63,10 +64,10 @@ public class ManagementWebSecurityAutoConfiguration {
|
|||
requests.anyRequest().authenticated();
|
||||
});
|
||||
if (ClassUtils.isPresent("org.springframework.web.servlet.DispatcherServlet", null)) {
|
||||
http.cors();
|
||||
http.cors(withDefaults());
|
||||
}
|
||||
http.formLogin(Customizer.withDefaults());
|
||||
http.httpBasic(Customizer.withDefaults());
|
||||
http.formLogin(withDefaults());
|
||||
http.httpBasic(withDefaults());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -47,7 +47,6 @@ import org.springframework.http.server.reactive.ServerHttpResponse;
|
|||
import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
|
||||
import org.springframework.mock.http.server.reactive.MockServerHttpResponse;
|
||||
import org.springframework.security.authentication.ReactiveAuthenticationManager;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.web.server.ServerHttpSecurity;
|
||||
import org.springframework.security.web.server.SecurityWebFilterChain;
|
||||
import org.springframework.security.web.server.WebFilterChainProxy;
|
||||
|
|
@ -57,6 +56,7 @@ import org.springframework.web.server.adapter.HttpWebHandlerAdapter;
|
|||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
/**
|
||||
* Tests for {@link ReactiveManagementWebSecurityAutoConfiguration}.
|
||||
|
|
@ -164,7 +164,7 @@ class ReactiveManagementWebSecurityAutoConfigurationTests {
|
|||
exchanges.pathMatchers("/foo").permitAll();
|
||||
exchanges.anyExchange().authenticated();
|
||||
});
|
||||
http.formLogin(Customizer.withDefaults());
|
||||
http.formLogin(withDefaults());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
|
@ -192,7 +192,7 @@ class ReactiveManagementWebSecurityAutoConfigurationTests {
|
|||
|
||||
private List<SecurityWebFilterChain> getFilterChains(ServerHttpSecurity http) {
|
||||
http.authorizeExchange((exchanges) -> exchanges.anyExchange().authenticated());
|
||||
http.formLogin(Customizer.withDefaults());
|
||||
http.formLogin(withDefaults());
|
||||
return Collections.singletonList(http.build());
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -48,6 +48,8 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.test.web.reactive.server.WebTestClient;
|
||||
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
/**
|
||||
* Abstract base class for {@link EndpointRequest} tests.
|
||||
*
|
||||
|
|
@ -195,7 +197,7 @@ abstract class AbstractEndpointRequestIntegrationTests {
|
|||
requests.requestMatchers(EndpointRequest.toAnyEndpoint()).authenticated();
|
||||
requests.anyRequest().hasRole("ADMIN");
|
||||
});
|
||||
http.httpBasic();
|
||||
http.httpBasic(withDefaults());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -44,7 +44,6 @@ import org.springframework.mock.web.MockFilterChain;
|
|||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.mock.web.MockServletContext;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.web.FilterChainProxy;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
|
|
@ -52,6 +51,7 @@ import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
|||
import org.springframework.web.context.WebApplicationContext;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
/**
|
||||
* Tests for {@link ManagementWebSecurityAutoConfiguration}.
|
||||
|
|
@ -181,8 +181,8 @@ class ManagementWebSecurityAutoConfigurationTests {
|
|||
requests.requestMatchers(new AntPathRequestMatcher("/foo")).permitAll();
|
||||
requests.anyRequest().authenticated();
|
||||
});
|
||||
http.formLogin(Customizer.withDefaults());
|
||||
http.httpBasic();
|
||||
http.formLogin(withDefaults());
|
||||
http.httpBasic(withDefaults());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
|
@ -207,8 +207,8 @@ class ManagementWebSecurityAutoConfigurationTests {
|
|||
@Order(SecurityProperties.BASIC_AUTH_ORDER - 1)
|
||||
SecurityFilterChain testRemoteDevToolsSecurityFilterChain(HttpSecurity http) throws Exception {
|
||||
http.securityMatcher(new AntPathRequestMatcher("/**"));
|
||||
http.authorizeHttpRequests().anyRequest().anonymous();
|
||||
http.csrf().disable();
|
||||
http.authorizeHttpRequests((requests) -> requests.anyRequest().anonymous());
|
||||
http.csrf((csrf) -> csrf.disable());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2012-2020 the original author or authors.
|
||||
* Copyright 2012-2023 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -38,6 +38,8 @@ import org.springframework.security.oauth2.client.web.server.AuthenticatedPrinci
|
|||
import org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository;
|
||||
import org.springframework.security.web.server.SecurityWebFilterChain;
|
||||
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
/**
|
||||
* Reactive OAuth2 Client configurations.
|
||||
*
|
||||
|
|
@ -84,9 +86,9 @@ class ReactiveOAuth2ClientConfigurations {
|
|||
@Bean
|
||||
@ConditionalOnMissingBean
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http.authorizeExchange().anyExchange().authenticated();
|
||||
http.oauth2Login();
|
||||
http.oauth2Client();
|
||||
http.authorizeExchange((exchange) -> exchange.anyExchange().authenticated());
|
||||
http.oauth2Login(withDefaults());
|
||||
http.oauth2Client(withDefaults());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2012-2022 the original author or authors.
|
||||
* Copyright 2012-2023 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -21,7 +21,6 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean
|
|||
import org.springframework.boot.autoconfigure.security.ConditionalOnDefaultWebSecurity;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
|
||||
|
|
@ -30,6 +29,8 @@ import org.springframework.security.oauth2.client.web.AuthenticatedPrincipalOAut
|
|||
import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
/**
|
||||
* {@link SecurityFilterChain} to add OAuth client support.
|
||||
*
|
||||
|
|
@ -59,8 +60,8 @@ class OAuth2WebSecurityConfiguration {
|
|||
@Bean
|
||||
SecurityFilterChain oauth2SecurityFilterChain(HttpSecurity http) throws Exception {
|
||||
http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated());
|
||||
http.oauth2Login(Customizer.withDefaults());
|
||||
http.oauth2Client();
|
||||
http.oauth2Login(withDefaults());
|
||||
http.oauth2Client(withDefaults());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2012-2022 the original author or authors.
|
||||
* Copyright 2012-2023 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -23,11 +23,12 @@ import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2Res
|
|||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.web.server.ServerHttpSecurity;
|
||||
import org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec;
|
||||
import org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenIntrospector;
|
||||
import org.springframework.security.oauth2.server.resource.introspection.SpringReactiveOpaqueTokenIntrospector;
|
||||
import org.springframework.security.web.server.SecurityWebFilterChain;
|
||||
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
/**
|
||||
* Configures a {@link ReactiveOpaqueTokenIntrospector} when a token introspection
|
||||
* endpoint is available. Also configures a {@link SecurityWebFilterChain} if a
|
||||
|
|
@ -59,7 +60,7 @@ class ReactiveOAuth2ResourceServerOpaqueTokenConfiguration {
|
|||
@ConditionalOnBean(ReactiveOpaqueTokenIntrospector.class)
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http.authorizeExchange((exchanges) -> exchanges.anyExchange().authenticated());
|
||||
http.oauth2ResourceServer(OAuth2ResourceServerSpec::opaqueToken);
|
||||
http.oauth2ResourceServer((resourceServer) -> resourceServer.opaqueToken(withDefaults()));
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -37,7 +37,6 @@ import org.springframework.context.annotation.Bean;
|
|||
import org.springframework.context.annotation.Conditional;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
|
||||
import org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator;
|
||||
import org.springframework.security.oauth2.core.OAuth2TokenValidator;
|
||||
import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
|
||||
|
|
@ -52,6 +51,8 @@ import org.springframework.security.oauth2.jwt.SupplierJwtDecoder;
|
|||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.util.CollectionUtils;
|
||||
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
/**
|
||||
* Configures a {@link JwtDecoder} when a JWK Set URI, OpenID Connect Issuer URI or Public
|
||||
* Key configuration is available. Also configures a {@link SecurityFilterChain} if a
|
||||
|
|
@ -156,7 +157,7 @@ class OAuth2ResourceServerJwtConfiguration {
|
|||
@ConditionalOnBean(JwtDecoder.class)
|
||||
SecurityFilterChain jwtSecurityFilterChain(HttpSecurity http) throws Exception {
|
||||
http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated());
|
||||
http.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
|
||||
http.oauth2ResourceServer((resourceServer) -> resourceServer.jwt(withDefaults()));
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2012-2022 the original author or authors.
|
||||
* Copyright 2012-2023 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -24,11 +24,12 @@ import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2Res
|
|||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
|
||||
import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
|
||||
import org.springframework.security.oauth2.server.resource.introspection.SpringOpaqueTokenIntrospector;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
/**
|
||||
* Configures an {@link OpaqueTokenIntrospector} when a token introspection endpoint is
|
||||
* available. Also configures a {@link SecurityFilterChain} if a
|
||||
|
|
@ -61,7 +62,7 @@ class OAuth2ResourceServerOpaqueTokenConfiguration {
|
|||
@ConditionalOnBean(OpaqueTokenIntrospector.class)
|
||||
SecurityFilterChain opaqueTokenSecurityFilterChain(HttpSecurity http) throws Exception {
|
||||
http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated());
|
||||
http.oauth2ResourceServer(OAuth2ResourceServerConfigurer::opaqueToken);
|
||||
http.oauth2ResourceServer((resourceServer) -> resourceServer.opaqueToken(withDefaults()));
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -23,9 +23,7 @@ import org.springframework.context.annotation.Bean;
|
|||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.core.Ordered;
|
||||
import org.springframework.core.annotation.Order;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
|
||||
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
|
||||
import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
|
||||
import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer;
|
||||
|
|
@ -33,6 +31,8 @@ import org.springframework.security.oauth2.server.authorization.settings.Authori
|
|||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
|
||||
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
/**
|
||||
* {@link Configuration @Configuration} for OAuth2 authorization server support.
|
||||
*
|
||||
|
|
@ -47,18 +47,17 @@ class OAuth2AuthorizationServerWebSecurityConfiguration {
|
|||
@Order(Ordered.HIGHEST_PRECEDENCE)
|
||||
SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
|
||||
OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
|
||||
http.getConfigurer(OAuth2AuthorizationServerConfigurer.class).oidc(Customizer.withDefaults());
|
||||
http.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt)
|
||||
.exceptionHandling((exceptions) -> exceptions
|
||||
.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login")));
|
||||
http.getConfigurer(OAuth2AuthorizationServerConfigurer.class).oidc(withDefaults());
|
||||
http.oauth2ResourceServer((resourceServer) -> resourceServer.jwt(withDefaults()));
|
||||
http.exceptionHandling(
|
||||
(exceptions) -> exceptions.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login")));
|
||||
return http.build();
|
||||
}
|
||||
|
||||
@Bean
|
||||
@Order(SecurityProperties.BASIC_AUTH_ORDER)
|
||||
SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
|
||||
http.authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated())
|
||||
.formLogin(Customizer.withDefaults());
|
||||
http.authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated()).formLogin(withDefaults());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2012-2022 the original author or authors.
|
||||
* Copyright 2012-2023 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -24,6 +24,8 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
/**
|
||||
* {@link SecurityFilterChain} configuration for Spring Security's relying party SAML
|
||||
* support.
|
||||
|
|
@ -37,8 +39,9 @@ class Saml2LoginConfiguration {
|
|||
|
||||
@Bean
|
||||
SecurityFilterChain samlSecurityFilterChain(HttpSecurity http) throws Exception {
|
||||
http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated()).saml2Login();
|
||||
http.saml2Logout();
|
||||
http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated());
|
||||
http.saml2Login(withDefaults());
|
||||
http.saml2Logout(withDefaults());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2012-2022 the original author or authors.
|
||||
* Copyright 2012-2023 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -30,6 +30,8 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
/**
|
||||
* {@link Configuration @Configuration} class securing servlet applications.
|
||||
*
|
||||
|
|
@ -53,9 +55,9 @@ class SpringBootWebSecurityConfiguration {
|
|||
@Bean
|
||||
@Order(SecurityProperties.BASIC_AUTH_ORDER)
|
||||
SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
|
||||
http.authorizeHttpRequests().anyRequest().authenticated();
|
||||
http.formLogin();
|
||||
http.httpBasic();
|
||||
http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated());
|
||||
http.formLogin(withDefaults());
|
||||
http.httpBasic(withDefaults());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -73,6 +73,7 @@ import org.springframework.web.server.WebFilter;
|
|||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
/**
|
||||
* Tests for {@link ReactiveOAuth2ResourceServerAutoConfiguration}.
|
||||
|
|
@ -698,7 +699,7 @@ class ReactiveOAuth2ResourceServerAutoConfigurationTests {
|
|||
exchanges.pathMatchers("/message/**").hasRole("ADMIN");
|
||||
exchanges.anyExchange().authenticated();
|
||||
});
|
||||
http.httpBasic();
|
||||
http.httpBasic(withDefaults());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -711,7 +711,7 @@ class OAuth2ResourceServerAutoConfigurationTests {
|
|||
@Bean
|
||||
SecurityFilterChain testSecurityFilterChain(HttpSecurity http) throws Exception {
|
||||
http.securityMatcher("/**");
|
||||
http.authorizeHttpRequests().anyRequest().authenticated();
|
||||
http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -28,7 +28,6 @@ import org.springframework.context.annotation.Configuration;
|
|||
import org.springframework.context.annotation.Import;
|
||||
import org.springframework.core.annotation.Order;
|
||||
import org.springframework.security.config.BeanIds;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
||||
|
|
@ -53,6 +52,7 @@ import org.springframework.security.web.authentication.UsernamePasswordAuthentic
|
|||
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
/**
|
||||
* Tests for {@link OAuth2AuthorizationServerWebSecurityConfiguration}.
|
||||
|
|
@ -170,7 +170,7 @@ class OAuth2AuthorizationServerWebSecurityConfigurationTests {
|
|||
@Bean
|
||||
@Order(2)
|
||||
SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
||||
return http.httpBasic(Customizer.withDefaults()).build();
|
||||
return http.httpBasic(withDefaults()).build();
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -48,8 +48,8 @@ class RemoteDevtoolsSecurityConfiguration {
|
|||
@Order(SecurityProperties.BASIC_AUTH_ORDER - 1)
|
||||
SecurityFilterChain devtoolsSecurityFilterChain(HttpSecurity http) throws Exception {
|
||||
http.securityMatcher(new AntPathRequestMatcher(this.url));
|
||||
http.authorizeHttpRequests().anyRequest().anonymous();
|
||||
http.csrf().disable();
|
||||
http.authorizeHttpRequests((requests) -> requests.anyRequest().anonymous());
|
||||
http.csrf((csrf) -> csrf.disable());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2012-2022 the original author or authors.
|
||||
* Copyright 2012-2023 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -36,7 +36,7 @@ public class DevProfileSecurityConfiguration {
|
|||
http.securityMatcher(PathRequest.toH2Console());
|
||||
http.authorizeHttpRequests(yourCustomAuthorization());
|
||||
http.csrf((csrf) -> csrf.disable());
|
||||
http.headers((headers) -> headers.frameOptions().sameOrigin());
|
||||
http.headers((headers) -> headers.frameOptions((frame) -> frame.sameOrigin()));
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2012-2022 the original author or authors.
|
||||
* Copyright 2012-2023 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -27,7 +27,7 @@ public class MyOAuthClientConfiguration {
|
|||
@Bean
|
||||
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
||||
http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated());
|
||||
http.oauth2Login((login) -> login.redirectionEndpoint().baseUri("custom-callback"));
|
||||
http.oauth2Login((login) -> login.redirectionEndpoint((endpoint) -> endpoint.baseUri("custom-callback")));
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -21,13 +21,15 @@ import org.springframework.context.annotation.Configuration;
|
|||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
public class MySamlRelyingPartyConfiguration {
|
||||
|
||||
@Bean
|
||||
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
||||
http.authorizeHttpRequests().anyRequest().authenticated();
|
||||
http.saml2Login();
|
||||
http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated());
|
||||
http.saml2Login(withDefaults());
|
||||
http.saml2Logout((saml2) -> saml2.logoutRequest((request) -> request.logoutUrl("/SLOService.saml2"))
|
||||
.logoutResponse((response) -> response.logoutUrl("/SLOService.saml2")));
|
||||
return http.build();
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@ package org.springframework.boot.docs.actuator.endpoints.security.typical
|
|||
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest
|
||||
import org.springframework.context.annotation.Bean
|
||||
import org.springframework.context.annotation.Configuration
|
||||
import org.springframework.security.config.Customizer.withDefaults
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
||||
import org.springframework.security.web.SecurityFilterChain
|
||||
|
||||
|
|
@ -30,7 +31,7 @@ class MySecurityConfiguration {
|
|||
http.securityMatcher(EndpointRequest.toAnyEndpoint()).authorizeHttpRequests { requests ->
|
||||
requests.anyRequest().hasRole("ENDPOINT_ADMIN")
|
||||
}
|
||||
http.httpBasic()
|
||||
http.httpBasic(withDefaults())
|
||||
return http.build()
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -33,8 +33,8 @@ class DevProfileSecurityConfiguration {
|
|||
@Order(Ordered.HIGHEST_PRECEDENCE)
|
||||
fun h2ConsoleSecurityFilterChain(http: HttpSecurity): SecurityFilterChain {
|
||||
return http.authorizeHttpRequests(yourCustomAuthorization())
|
||||
.csrf().disable()
|
||||
.headers().frameOptions().sameOrigin().and()
|
||||
.csrf { csrf -> csrf.disable() }
|
||||
.headers { headers -> headers.frameOptions { frameOptions -> frameOptions.sameOrigin() } }
|
||||
.build()
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ class MySecurityConfig {
|
|||
@Bean
|
||||
fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
|
||||
// Customize the application security ...
|
||||
http.requiresChannel().anyRequest().requiresSecure()
|
||||
http.requiresChannel { requests -> requests.anyRequest().requiresSecure() }
|
||||
return http.build()
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -26,8 +26,8 @@ class MyOAuthClientConfiguration {
|
|||
|
||||
@Bean
|
||||
fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
|
||||
http.authorizeHttpRequests().anyRequest().authenticated()
|
||||
http.oauth2Login().redirectionEndpoint().baseUri("custom-callback")
|
||||
http.authorizeHttpRequests { requests -> requests.anyRequest().authenticated() }
|
||||
http.oauth2Login { login -> login.redirectionEndpoint { redirectionEndpoint -> redirectionEndpoint.baseUri("custom-callback") } }
|
||||
return http.build()
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -19,6 +19,8 @@ package org.springframework.boot.docs.web.security.springwebflux
|
|||
import org.springframework.boot.autoconfigure.security.reactive.PathRequest
|
||||
import org.springframework.context.annotation.Bean
|
||||
import org.springframework.context.annotation.Configuration
|
||||
import org.springframework.security.config.Customizer
|
||||
import org.springframework.security.config.Customizer.withDefaults
|
||||
import org.springframework.security.config.web.server.ServerHttpSecurity
|
||||
import org.springframework.security.web.server.SecurityWebFilterChain
|
||||
|
||||
|
|
@ -31,7 +33,7 @@ class MyWebFluxSecurityConfiguration {
|
|||
spec.matchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
|
||||
spec.pathMatchers("/foo", "/bar").authenticated()
|
||||
}
|
||||
http.formLogin()
|
||||
http.formLogin(withDefaults())
|
||||
return http.build()
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -24,7 +24,6 @@ import org.springframework.boot.actuate.web.mappings.MappingsEndpoint;
|
|||
import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.User.UserBuilder;
|
||||
|
|
@ -32,6 +31,8 @@ import org.springframework.security.core.userdetails.UserDetails;
|
|||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
public class SecurityConfiguration {
|
||||
|
||||
|
|
@ -65,8 +66,8 @@ public class SecurityConfiguration {
|
|||
requests.requestMatchers("/error").permitAll();
|
||||
requests.requestMatchers("/**").hasRole("USER");
|
||||
});
|
||||
http.cors(Customizer.withDefaults());
|
||||
http.httpBasic();
|
||||
http.cors(withDefaults());
|
||||
http.httpBasic(withDefaults());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -74,7 +74,7 @@ class ShutdownSampleActuatorApplicationTests {
|
|||
|
||||
@Bean
|
||||
SecurityFilterChain configure(HttpSecurity http) throws Exception {
|
||||
http.csrf().disable();
|
||||
http.csrf((csrf) -> csrf.disable());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointR
|
|||
import org.springframework.boot.actuate.web.mappings.MappingsEndpoint;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||
|
|
@ -28,8 +29,8 @@ import org.springframework.security.web.SecurityFilterChain;
|
|||
@Configuration
|
||||
public class SecurityConfiguration {
|
||||
|
||||
@SuppressWarnings("deprecation")
|
||||
@Bean
|
||||
@SuppressWarnings("deprecation")
|
||||
public InMemoryUserDetailsManager inMemoryUserDetailsManager() {
|
||||
return new InMemoryUserDetailsManager(
|
||||
User.withDefaultPasswordEncoder()
|
||||
|
|
@ -52,7 +53,7 @@ public class SecurityConfiguration {
|
|||
.hasRole("ACTUATOR");
|
||||
requests.requestMatchers("/**").hasRole("USER");
|
||||
});
|
||||
http.httpBasic();
|
||||
http.httpBasic(Customizer.withDefaults());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -35,6 +35,7 @@ import org.springframework.security.web.server.SecurityWebFilterChain;
|
|||
import org.springframework.test.web.reactive.server.WebTestClient;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
/**
|
||||
* Integration tests for separate management and main service ports.
|
||||
|
|
@ -119,7 +120,7 @@ class ManagementPortSampleSecureWebFluxTests {
|
|||
exchanges.pathMatchers("/login").permitAll();
|
||||
exchanges.anyExchange().authenticated();
|
||||
});
|
||||
http.httpBasic();
|
||||
http.httpBasic(withDefaults());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -29,13 +29,14 @@ import org.springframework.context.annotation.Bean;
|
|||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.web.server.ServerHttpSecurity;
|
||||
import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.web.server.SecurityWebFilterChain;
|
||||
import org.springframework.test.web.reactive.server.WebTestClient;
|
||||
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
/**
|
||||
* Integration tests for a secure reactive application with custom security.
|
||||
*
|
||||
|
|
@ -165,7 +166,7 @@ class SampleSecureWebFluxCustomSecurityTests {
|
|||
exchanges.pathMatchers("/login").permitAll();
|
||||
exchanges.anyExchange().authenticated();
|
||||
});
|
||||
http.httpBasic(Customizer.withDefaults());
|
||||
http.httpBasic(withDefaults());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2012-2022 the original author or authors.
|
||||
* Copyright 2012-2023 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -20,10 +20,11 @@ import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointR
|
|||
import org.springframework.boot.actuate.health.HealthEndpoint;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
/**
|
||||
* Security configuration.
|
||||
*
|
||||
|
|
@ -38,9 +39,9 @@ class SecurityConfiguration {
|
|||
requests.requestMatchers(EndpointRequest.to(HealthEndpoint.class)).permitAll();
|
||||
requests.anyRequest().authenticated();
|
||||
});
|
||||
http.formLogin(Customizer.withDefaults());
|
||||
http.httpBasic(Customizer.withDefaults());
|
||||
http.csrf().disable();
|
||||
http.formLogin(withDefaults());
|
||||
http.httpBasic(withDefaults());
|
||||
http.csrf((csrf) -> csrf.disable());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2012-2022 the original author or authors.
|
||||
* Copyright 2012-2023 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -20,10 +20,11 @@ import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointR
|
|||
import org.springframework.boot.actuate.health.HealthEndpoint;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
/**
|
||||
* Security configuration.
|
||||
*
|
||||
|
|
@ -38,9 +39,9 @@ class SecurityConfiguration {
|
|||
requests.requestMatchers(EndpointRequest.to(HealthEndpoint.class)).permitAll();
|
||||
requests.anyRequest().authenticated();
|
||||
});
|
||||
http.formLogin(Customizer.withDefaults());
|
||||
http.httpBasic(Customizer.withDefaults());
|
||||
http.csrf().disable();
|
||||
http.formLogin(withDefaults());
|
||||
http.httpBasic(withDefaults());
|
||||
http.csrf((csrf) -> csrf.disable());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2012-2022 the original author or authors.
|
||||
* Copyright 2012-2023 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -20,10 +20,11 @@ import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointR
|
|||
import org.springframework.boot.actuate.health.HealthEndpoint;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
/**
|
||||
* Security configuration.
|
||||
*
|
||||
|
|
@ -38,9 +39,9 @@ class SecurityConfiguration {
|
|||
requests.requestMatchers(EndpointRequest.to(HealthEndpoint.class)).permitAll();
|
||||
requests.anyRequest().authenticated();
|
||||
});
|
||||
http.formLogin(Customizer.withDefaults());
|
||||
http.httpBasic(Customizer.withDefaults());
|
||||
http.csrf().disable();
|
||||
http.formLogin(withDefaults());
|
||||
http.httpBasic(withDefaults());
|
||||
http.csrf((csrf) -> csrf.disable());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2012-2022 the original author or authors.
|
||||
* Copyright 2012-2023 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -20,10 +20,11 @@ import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointR
|
|||
import org.springframework.boot.actuate.health.HealthEndpoint;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
/**
|
||||
* Security configuration.
|
||||
*
|
||||
|
|
@ -38,9 +39,9 @@ class SecurityConfiguration {
|
|||
requests.requestMatchers(EndpointRequest.to(HealthEndpoint.class)).permitAll();
|
||||
requests.anyRequest().authenticated();
|
||||
});
|
||||
http.formLogin(Customizer.withDefaults());
|
||||
http.httpBasic(Customizer.withDefaults());
|
||||
http.csrf().disable();
|
||||
http.formLogin(withDefaults());
|
||||
http.httpBasic(withDefaults());
|
||||
http.csrf((csrf) -> csrf.disable());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2012-2022 the original author or authors.
|
||||
* Copyright 2012-2023 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -23,6 +23,8 @@ import org.springframework.security.config.web.server.ServerHttpSecurity;
|
|||
import org.springframework.security.web.server.SecurityWebFilterChain;
|
||||
import org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository;
|
||||
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
@SpringBootApplication
|
||||
public class SampleSessionWebFluxMongoApplication {
|
||||
|
||||
|
|
@ -32,17 +34,10 @@ public class SampleSessionWebFluxMongoApplication {
|
|||
|
||||
@Bean
|
||||
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
// @formatter:off
|
||||
return http
|
||||
.authorizeExchange()
|
||||
.anyExchange().authenticated()
|
||||
.and()
|
||||
.httpBasic().securityContextRepository(new WebSessionServerSecurityContextRepository())
|
||||
.and()
|
||||
.formLogin()
|
||||
.and()
|
||||
.build();
|
||||
// @formatter:on
|
||||
http.authorizeExchange((exchange) -> exchange.anyExchange().authenticated());
|
||||
http.httpBasic((basic) -> basic.securityContextRepository(new WebSessionServerSecurityContextRepository()));
|
||||
http.formLogin(withDefaults());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2012-2022 the original author or authors.
|
||||
* Copyright 2012-2023 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -23,6 +23,8 @@ import org.springframework.security.config.web.server.ServerHttpSecurity;
|
|||
import org.springframework.security.web.server.SecurityWebFilterChain;
|
||||
import org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository;
|
||||
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
@SpringBootApplication
|
||||
public class SampleSessionWebFluxRedisApplication {
|
||||
|
||||
|
|
@ -32,17 +34,10 @@ public class SampleSessionWebFluxRedisApplication {
|
|||
|
||||
@Bean
|
||||
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
// @formatter:off
|
||||
return http
|
||||
.authorizeExchange()
|
||||
.anyExchange().authenticated()
|
||||
.and()
|
||||
.httpBasic().securityContextRepository(new WebSessionServerSecurityContextRepository())
|
||||
.and()
|
||||
.formLogin()
|
||||
.and()
|
||||
.build();
|
||||
// @formatter:on
|
||||
http.authorizeExchange((exchange) -> exchange.anyExchange().authenticated());
|
||||
http.httpBasic((basic) -> basic.securityContextRepository(new WebSessionServerSecurityContextRepository()));
|
||||
http.formLogin(withDefaults());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -36,6 +36,8 @@ import org.springframework.web.bind.annotation.GetMapping;
|
|||
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
|
||||
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
|
||||
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
@SpringBootApplication
|
||||
@EnableMethodSecurity(securedEnabled = true)
|
||||
public class SampleMethodSecurityApplication implements WebMvcConfigurer {
|
||||
|
|
@ -73,12 +75,12 @@ public class SampleMethodSecurityApplication implements WebMvcConfigurer {
|
|||
|
||||
@Bean
|
||||
SecurityFilterChain configure(HttpSecurity http) throws Exception {
|
||||
http.csrf().disable();
|
||||
http.csrf((csrf) -> csrf.disable());
|
||||
http.authorizeHttpRequests((requests) -> {
|
||||
requests.dispatcherTypeMatchers(DispatcherType.FORWARD).permitAll();
|
||||
requests.anyRequest().fullyAuthenticated();
|
||||
});
|
||||
http.httpBasic();
|
||||
http.httpBasic(withDefaults());
|
||||
http.formLogin((form) -> form.loginPage("/login").permitAll());
|
||||
http.exceptionHandling((exceptions) -> exceptions.accessDeniedPage("/access"));
|
||||
return http.build();
|
||||
|
|
@ -92,10 +94,10 @@ public class SampleMethodSecurityApplication implements WebMvcConfigurer {
|
|||
|
||||
@Bean
|
||||
SecurityFilterChain actuatorSecurity(HttpSecurity http) throws Exception {
|
||||
http.csrf().disable();
|
||||
http.csrf((csrf) -> csrf.disable());
|
||||
http.securityMatcher(EndpointRequest.toAnyEndpoint());
|
||||
http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated());
|
||||
http.httpBasic();
|
||||
http.httpBasic(withDefaults());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2012-2022 the original author or authors.
|
||||
* Copyright 2012-2023 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -45,7 +45,7 @@ public class SampleWebSecureCustomApplication implements WebMvcConfigurer {
|
|||
|
||||
@Bean
|
||||
SecurityFilterChain configure(HttpSecurity http) throws Exception {
|
||||
http.csrf().disable();
|
||||
http.csrf((csrf) -> csrf.disable());
|
||||
http.authorizeHttpRequests((requests) -> {
|
||||
requests.dispatcherTypeMatchers(DispatcherType.FORWARD).permitAll();
|
||||
requests.anyRequest().fullyAuthenticated();
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2012-2022 the original author or authors.
|
||||
* Copyright 2012-2023 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -48,7 +48,7 @@ public class SampleWebSecureJdbcApplication implements WebMvcConfigurer {
|
|||
|
||||
@Bean
|
||||
SecurityFilterChain configure(HttpSecurity http) throws Exception {
|
||||
http.csrf().disable();
|
||||
http.csrf((csrf) -> csrf.disable());
|
||||
http.authorizeHttpRequests((requests) -> {
|
||||
requests.dispatcherTypeMatchers(DispatcherType.FORWARD).permitAll();
|
||||
requests.anyRequest().fullyAuthenticated();
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2012-2022 the original author or authors.
|
||||
* Copyright 2012-2023 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -22,6 +22,8 @@ import org.springframework.context.annotation.Bean;
|
|||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
/**
|
||||
* Tests to ensure that the error page with a custom servlet path is accessible only to
|
||||
* authorized users.
|
||||
|
|
@ -48,7 +50,7 @@ class CustomServletPathErrorPageTests extends AbstractErrorPageTests {
|
|||
requests.requestMatchers("/public/**").permitAll();
|
||||
requests.anyRequest().fullyAuthenticated();
|
||||
});
|
||||
http.httpBasic();
|
||||
http.httpBasic(withDefaults());
|
||||
http.formLogin((form) -> form.loginPage("/custom/servlet/path/login").permitAll());
|
||||
return http.build();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2012-2022 the original author or authors.
|
||||
* Copyright 2012-2023 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -21,6 +21,8 @@ import org.springframework.context.annotation.Bean;
|
|||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
/**
|
||||
* Tests for error page that permits access to all with a custom servlet path.
|
||||
*
|
||||
|
|
@ -48,7 +50,7 @@ class CustomServletPathUnauthenticatedErrorPageTests extends AbstractUnauthentic
|
|||
requests.requestMatchers("/public/**").permitAll();
|
||||
requests.anyRequest().authenticated();
|
||||
});
|
||||
http.httpBasic();
|
||||
http.httpBasic(withDefaults());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2012-2022 the original author or authors.
|
||||
* Copyright 2012-2023 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -22,6 +22,8 @@ import org.springframework.context.annotation.Bean;
|
|||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
/**
|
||||
* Tests to ensure that the error page is accessible only to authorized users.
|
||||
*
|
||||
|
|
@ -47,7 +49,7 @@ class ErrorPageTests extends AbstractErrorPageTests {
|
|||
requests.requestMatchers("/public/**").permitAll();
|
||||
requests.anyRequest().fullyAuthenticated();
|
||||
});
|
||||
http.httpBasic();
|
||||
http.httpBasic(withDefaults());
|
||||
http.formLogin((form) -> form.loginPage("/login").permitAll());
|
||||
return http.build();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -23,6 +23,8 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|||
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
/**
|
||||
* Tests for error page when a stateless session creation policy is used.
|
||||
*
|
||||
|
|
@ -49,7 +51,7 @@ class NoSessionErrorPageTests extends AbstractErrorPageTests {
|
|||
requests.requestMatchers("/public/**").permitAll();
|
||||
requests.anyRequest().authenticated();
|
||||
});
|
||||
http.httpBasic();
|
||||
http.httpBasic(withDefaults());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2012-2022 the original author or authors.
|
||||
* Copyright 2012-2023 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -39,6 +39,7 @@ import org.springframework.util.LinkedMultiValueMap;
|
|||
import org.springframework.util.MultiValueMap;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
/**
|
||||
* Basic integration tests for demo application.
|
||||
|
|
@ -95,13 +96,13 @@ class SampleWebSecureApplicationTests {
|
|||
|
||||
@Bean
|
||||
SecurityFilterChain configure(HttpSecurity http) throws Exception {
|
||||
http.csrf().disable();
|
||||
http.csrf((csrf) -> csrf.disable());
|
||||
http.authorizeHttpRequests((requests) -> {
|
||||
requests.requestMatchers("/public/**").permitAll();
|
||||
requests.dispatcherTypeMatchers(DispatcherType.FORWARD).permitAll();
|
||||
requests.anyRequest().fullyAuthenticated();
|
||||
});
|
||||
http.httpBasic();
|
||||
http.httpBasic(withDefaults());
|
||||
http.formLogin((form) -> form.loginPage("/login").permitAll());
|
||||
return http.build();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2012-2022 the original author or authors.
|
||||
* Copyright 2012-2023 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -22,6 +22,8 @@ import org.springframework.context.annotation.Bean;
|
|||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
/**
|
||||
* Tests for error page that permits access to all.
|
||||
*
|
||||
|
|
@ -48,7 +50,7 @@ class UnauthenticatedErrorPageTests extends AbstractUnauthenticatedErrorPageTest
|
|||
requests.requestMatchers("/public/**").permitAll();
|
||||
requests.anyRequest().authenticated();
|
||||
});
|
||||
http.httpBasic();
|
||||
http.httpBasic(withDefaults());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue