From 36b28540ee14f681519fd0331f923ce91caffbe0 Mon Sep 17 00:00:00 2001 From: lexandro Date: Mon, 13 Mar 2017 20:07:50 +0100 Subject: [PATCH] Fix invalid security example in doc Closes gh-8580 --- .../main/asciidoc/spring-boot-features.adoc | 18 +------ .../UnAuthenticatedAccessExample.java | 50 +++++++++++++++++++ 2 files changed, 52 insertions(+), 16 deletions(-) create mode 100644 spring-boot-docs/src/main/java/org/springframework/boot/web/security/UnAuthenticatedAccessExample.java diff --git a/spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc b/spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc index 3aed175f3da..8fec0d137e5 100644 --- a/spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc +++ b/spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc @@ -2685,26 +2685,12 @@ annotation will cause it to be decorated and enhanced with the necessary pieces the `/login` path working. For example, here we simply allow unauthenticated access to the home page at "/" and keep the default for everything else: + [source,java,indent=0] ---- - @Configuration - public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { - - @Override - public void init(WebSecurity web) { - web.ignore("/"); - } - - @Override - protected void configure(HttpSecurity http) throws Exception { - http.antMatcher("/**").authorizeRequests().anyRequest().authenticated(); - } - - } +include::{code-examples}/web/security/UnAuthenticatedAccessExample.java[tag=configuration] ---- - - [[boot-features-security-actuator]] === Actuator Security If the Actuator is also in use, you will find: diff --git a/spring-boot-docs/src/main/java/org/springframework/boot/web/security/UnAuthenticatedAccessExample.java b/spring-boot-docs/src/main/java/org/springframework/boot/web/security/UnAuthenticatedAccessExample.java new file mode 100644 index 00000000000..e50982db24d --- /dev/null +++ b/spring-boot-docs/src/main/java/org/springframework/boot/web/security/UnAuthenticatedAccessExample.java @@ -0,0 +1,50 @@ +/* + * Copyright 2012-2016 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.boot.web.security; + +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.builders.WebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; + +/** + * Example configuration for using a {@link WebSecurityConfigurerAdapter} to configure unauthenticated access + * to the home page at "/" + * + * @author Robert Stern + */ +public class UnAuthenticatedAccessExample { + + // tag::configuration[] + /** + * {@link WebSecurityConfigurerAdapter} that provides init to configure + * {@link WebSecurity} argument to customize access rules + */ + @Configuration + static class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { + + @Override + public void init(WebSecurity web) { + web.ignoring().antMatchers("/"); + } + + @Override + protected void configure(HttpSecurity http) throws Exception { + http.antMatcher("/**").authorizeRequests().anyRequest().authenticated(); + } + } +}