Merge pull request #31255 from vpavic
* gh-31255: Migrate to AuthorizationFilter in Spring Security auto-config Closes gh-31255
This commit is contained in:
Andy Wilkinson
commit
6e3a87d315
|
|
@ -58,7 +58,7 @@ public class ManagementWebSecurityAutoConfiguration {
|
|||
@Bean
|
||||
@Order(SecurityProperties.BASIC_AUTH_ORDER)
|
||||
SecurityFilterChain managementSecurityFilterChain(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests((requests) -> {
|
||||
http.authorizeHttpRequests((requests) -> {
|
||||
requests.requestMatchers(EndpointRequest.to(HealthEndpoint.class)).permitAll();
|
||||
requests.anyRequest().authenticated();
|
||||
});
|
||||
|
|
|
|||
|
|
@ -183,7 +183,7 @@ abstract class AbstractEndpointRequestIntegrationTests {
|
|||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests((requests) -> {
|
||||
http.authorizeHttpRequests((requests) -> {
|
||||
requests.requestMatchers(EndpointRequest.toLinks()).permitAll();
|
||||
requests.requestMatchers(EndpointRequest.to(TestEndpoint1.class)).permitAll();
|
||||
requests.requestMatchers(EndpointRequest.toAnyEndpoint()).authenticated();
|
||||
|
|
|
|||
|
|
@ -179,7 +179,7 @@ class ManagementWebSecurityAutoConfigurationTests {
|
|||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests((requests) -> {
|
||||
http.authorizeHttpRequests((requests) -> {
|
||||
requests.antMatchers("/foo").permitAll();
|
||||
requests.anyRequest().authenticated();
|
||||
});
|
||||
|
|
@ -194,7 +194,7 @@ class ManagementWebSecurityAutoConfigurationTests {
|
|||
|
||||
@Bean
|
||||
SecurityFilterChain testSecurityFilterChain(HttpSecurity http) throws Exception {
|
||||
return http.antMatcher("/**").authorizeRequests((authorize) -> authorize.anyRequest().authenticated())
|
||||
return http.antMatcher("/**").authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated())
|
||||
.build();
|
||||
}
|
||||
|
||||
|
|
@ -206,8 +206,8 @@ class ManagementWebSecurityAutoConfigurationTests {
|
|||
@Bean
|
||||
@Order(SecurityProperties.BASIC_AUTH_ORDER - 1)
|
||||
SecurityFilterChain testRemoteDevToolsSecurityFilterChain(HttpSecurity http) throws Exception {
|
||||
return http.requestMatcher(new AntPathRequestMatcher("/**")).authorizeRequests().anyRequest().anonymous()
|
||||
.and().csrf().disable().build();
|
||||
return http.requestMatcher(new AntPathRequestMatcher("/**")).authorizeHttpRequests().anyRequest()
|
||||
.anonymous().and().csrf().disable().build();
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -58,7 +58,7 @@ class OAuth2WebSecurityConfiguration {
|
|||
|
||||
@Bean
|
||||
SecurityFilterChain oauth2SecurityFilterChain(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests((requests) -> requests.anyRequest().authenticated());
|
||||
http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated());
|
||||
http.oauth2Login(Customizer.withDefaults());
|
||||
http.oauth2Client();
|
||||
return http.build();
|
||||
|
|
|
|||
|
|
@ -153,7 +153,7 @@ class OAuth2ResourceServerJwtConfiguration {
|
|||
@Bean
|
||||
@ConditionalOnBean(JwtDecoder.class)
|
||||
SecurityFilterChain jwtSecurityFilterChain(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests((requests) -> requests.anyRequest().authenticated());
|
||||
http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated());
|
||||
http.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
|
||||
return http.build();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -60,7 +60,7 @@ class OAuth2ResourceServerOpaqueTokenConfiguration {
|
|||
@Bean
|
||||
@ConditionalOnBean(OpaqueTokenIntrospector.class)
|
||||
SecurityFilterChain opaqueTokenSecurityFilterChain(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests((requests) -> requests.anyRequest().authenticated());
|
||||
http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated());
|
||||
http.oauth2ResourceServer(OAuth2ResourceServerConfigurer::opaqueToken);
|
||||
return http.build();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -37,7 +37,7 @@ class Saml2LoginConfiguration {
|
|||
|
||||
@Bean
|
||||
SecurityFilterChain samlSecurityFilterChain(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests((requests) -> requests.anyRequest().authenticated()).saml2Login();
|
||||
http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated()).saml2Login();
|
||||
http.saml2Logout();
|
||||
return http.build();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ class SpringBootWebSecurityConfiguration {
|
|||
@Bean
|
||||
@Order(SecurityProperties.BASIC_AUTH_ORDER)
|
||||
SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests().anyRequest().authenticated();
|
||||
http.authorizeHttpRequests().anyRequest().authenticated();
|
||||
http.formLogin();
|
||||
http.httpBasic();
|
||||
return http.build();
|
||||
|
|
|
|||
|
|
@ -160,7 +160,7 @@ class GraphQlWebMvcSecurityAutoConfigurationTests {
|
|||
return http.csrf((c) -> c.disable())
|
||||
// Demonstrate that method security works
|
||||
// Best practice to use both for defense in depth
|
||||
.authorizeRequests((requests) -> requests.anyRequest().permitAll()).httpBasic(withDefaults())
|
||||
.authorizeHttpRequests((requests) -> requests.anyRequest().permitAll()).httpBasic(withDefaults())
|
||||
.build();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -241,7 +241,7 @@ class OAuth2WebSecurityConfigurationTests {
|
|||
|
||||
@Bean
|
||||
SecurityFilterChain testSecurityFilterChain(HttpSecurity http) throws Exception {
|
||||
return http.antMatcher("/**").authorizeRequests((authorize) -> authorize.anyRequest().authenticated())
|
||||
return http.antMatcher("/**").authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated())
|
||||
.build();
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -692,7 +692,7 @@ class OAuth2ResourceServerAutoConfigurationTests {
|
|||
|
||||
@Bean
|
||||
SecurityFilterChain testSecurityFilterChain(HttpSecurity http) throws Exception {
|
||||
return http.antMatcher("/**").authorizeRequests((authorize) -> authorize.anyRequest().authenticated())
|
||||
return http.antMatcher("/**").authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated())
|
||||
.build();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -321,7 +321,7 @@ class Saml2RelyingPartyAutoConfigurationTests {
|
|||
|
||||
@Bean
|
||||
SecurityFilterChain testSecurityFilterChain(HttpSecurity http) throws Exception {
|
||||
return http.antMatcher("/**").authorizeRequests((authorize) -> authorize.anyRequest().authenticated())
|
||||
return http.antMatcher("/**").authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated())
|
||||
.build();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -298,7 +298,7 @@ class SecurityAutoConfigurationTests {
|
|||
|
||||
@Bean
|
||||
SecurityFilterChain testSecurityFilterChain(HttpSecurity http) throws Exception {
|
||||
return http.antMatcher("/**").authorizeRequests((authorize) -> authorize.anyRequest().authenticated())
|
||||
return http.antMatcher("/**").authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated())
|
||||
.build();
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -50,7 +50,7 @@ class RemoteDevtoolsSecurityConfiguration {
|
|||
@ConditionalOnMissingBean(org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.class)
|
||||
@SuppressWarnings("deprecation")
|
||||
SecurityFilterChain devtoolsSecurityFilterChain(HttpSecurity http) throws Exception {
|
||||
http.requestMatcher(new AntPathRequestMatcher(this.url)).authorizeRequests().anyRequest().anonymous().and()
|
||||
http.requestMatcher(new AntPathRequestMatcher(this.url)).authorizeHttpRequests().anyRequest().anonymous().and()
|
||||
.csrf().disable();
|
||||
return http.build();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -277,7 +277,7 @@ class RemoteDevToolsAutoConfigurationTests {
|
|||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http.antMatcher("/foo/**").authorizeRequests().anyRequest().authenticated().and().httpBasic();
|
||||
http.antMatcher("/foo/**").authorizeHttpRequests().anyRequest().authenticated().and().httpBasic();
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@ public class MySecurityConfiguration {
|
|||
@Bean
|
||||
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
||||
http.requestMatcher(EndpointRequest.toAnyEndpoint());
|
||||
http.authorizeRequests((requests) -> requests.anyRequest().permitAll());
|
||||
http.authorizeHttpRequests((requests) -> requests.anyRequest().permitAll());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ public class MySecurityConfiguration {
|
|||
@Bean
|
||||
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
||||
http.requestMatcher(EndpointRequest.toAnyEndpoint());
|
||||
http.authorizeRequests((requests) -> requests.anyRequest().hasRole("ENDPOINT_ADMIN"));
|
||||
http.authorizeHttpRequests((requests) -> requests.anyRequest().hasRole("ENDPOINT_ADMIN"));
|
||||
http.httpBasic(withDefaults());
|
||||
return http.build();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ public class DevProfileSecurityConfiguration {
|
|||
@Order(Ordered.HIGHEST_PRECEDENCE)
|
||||
SecurityFilterChain h2ConsoleSecurityFilterChain(HttpSecurity http) throws Exception {
|
||||
http.requestMatcher(PathRequest.toH2Console());
|
||||
http.authorizeRequests(yourCustomAuthorization());
|
||||
http.authorizeHttpRequests(yourCustomAuthorization());
|
||||
http.csrf((csrf) -> csrf.disable());
|
||||
http.headers((headers) -> headers.frameOptions().sameOrigin());
|
||||
return http.build();
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ public class MyConfiguration {
|
|||
|
||||
@Bean
|
||||
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests((requests) -> requests.anyRequest().authenticated());
|
||||
http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ public class MySecurityConfiguration {
|
|||
|
||||
@Bean
|
||||
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests((requests) -> requests.anyRequest().authenticated());
|
||||
http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ public class MyOAuthClientConfiguration {
|
|||
|
||||
@Bean
|
||||
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests((requests) -> requests.anyRequest().authenticated());
|
||||
http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated());
|
||||
http.oauth2Login((login) -> login.redirectionEndpoint().baseUri("custom-callback"));
|
||||
return http.build();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ public class MySamlRelyingPartyConfiguration {
|
|||
|
||||
@Bean
|
||||
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests().anyRequest().authenticated();
|
||||
http.authorizeHttpRequests().anyRequest().authenticated();
|
||||
http.saml2Login();
|
||||
http.saml2Logout((saml2) -> saml2.logoutRequest((request) -> request.logoutUrl("/SLOService.saml2"))
|
||||
.logoutResponse((response) -> response.logoutUrl("/SLOService.saml2")));
|
||||
|
|
|
|||
|
|
@ -27,9 +27,9 @@ class MySecurityConfiguration {
|
|||
|
||||
@Bean
|
||||
fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
|
||||
http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests {
|
||||
http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeHttpRequests {
|
||||
requests -> requests.anyRequest().permitAll() }
|
||||
return http.build()
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -27,11 +27,11 @@ class MySecurityConfiguration {
|
|||
|
||||
@Bean
|
||||
fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
|
||||
http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests { requests ->
|
||||
http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeHttpRequests { requests ->
|
||||
requests.anyRequest().hasRole("ENDPOINT_ADMIN")
|
||||
}
|
||||
http.httpBasic()
|
||||
return http.build()
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ class MyOAuthClientConfiguration {
|
|||
|
||||
@Bean
|
||||
fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
|
||||
http.authorizeRequests().anyRequest().authenticated()
|
||||
http.authorizeHttpRequests().anyRequest().authenticated()
|
||||
http.oauth2Login().redirectionEndpoint().baseUri("custom-callback")
|
||||
return http.build()
|
||||
}
|
||||
|
|
|
|||
|
|
@ -55,7 +55,7 @@ public class SecurityConfiguration {
|
|||
|
||||
@Bean
|
||||
SecurityFilterChain configure(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests((requests) -> {
|
||||
http.authorizeHttpRequests((requests) -> {
|
||||
requests.mvcMatchers("/actuator/beans").hasRole("BEANS");
|
||||
requests.requestMatchers(EndpointRequest.to("health")).permitAll();
|
||||
requests.requestMatchers(EndpointRequest.toAnyEndpoint().excluding(MappingsEndpoint.class))
|
||||
|
|
|
|||
|
|
@ -38,7 +38,8 @@ public class SecurityConfig {
|
|||
return http.csrf((csrf) -> csrf.disable())
|
||||
// Demonstrate that method security works
|
||||
// Best practice to use both for defense in depth
|
||||
.authorizeRequests((requests) -> requests.anyRequest().permitAll()).httpBasic(withDefaults()).build();
|
||||
.authorizeHttpRequests((requests) -> requests.anyRequest().permitAll()).httpBasic(withDefaults())
|
||||
.build();
|
||||
}
|
||||
|
||||
@Bean
|
||||
|
|
|
|||
|
|
@ -41,7 +41,7 @@ public class SecurityConfiguration {
|
|||
@Bean
|
||||
SecurityFilterChain configure(HttpSecurity http) throws Exception {
|
||||
// @formatter:off
|
||||
http.authorizeRequests()
|
||||
http.authorizeHttpRequests()
|
||||
.requestMatchers(EndpointRequest.to("health")).permitAll()
|
||||
.requestMatchers(EndpointRequest.toAnyEndpoint().excluding(MappingsEndpoint.class)).hasRole("ACTUATOR")
|
||||
.antMatchers("/**").hasRole("USER")
|
||||
|
|
|
|||
|
|
@ -69,8 +69,8 @@ public class SampleMethodSecurityApplication implements WebMvcConfigurer {
|
|||
@Bean
|
||||
SecurityFilterChain configure(HttpSecurity http) throws Exception {
|
||||
http.csrf().disable();
|
||||
http.authorizeRequests((requests) -> requests.anyRequest().fullyAuthenticated()
|
||||
.filterSecurityInterceptorOncePerRequest(true));
|
||||
http.authorizeHttpRequests(
|
||||
(requests) -> requests.anyRequest().fullyAuthenticated().shouldFilterAllDispatcherTypes(false));
|
||||
http.formLogin((form) -> form.loginPage("/login").permitAll());
|
||||
http.exceptionHandling((exceptions) -> exceptions.accessDeniedPage("/access"));
|
||||
return http.build();
|
||||
|
|
@ -86,8 +86,8 @@ public class SampleMethodSecurityApplication implements WebMvcConfigurer {
|
|||
SecurityFilterChain actuatorSecurity(HttpSecurity http) throws Exception {
|
||||
http.csrf().disable();
|
||||
http.requestMatcher(EndpointRequest.toAnyEndpoint());
|
||||
http.authorizeRequests(
|
||||
(requests) -> requests.anyRequest().authenticated().filterSecurityInterceptorOncePerRequest(true));
|
||||
http.authorizeHttpRequests(
|
||||
(requests) -> requests.anyRequest().authenticated().shouldFilterAllDispatcherTypes(false));
|
||||
http.httpBasic();
|
||||
return http.build();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2012-2021 the original author or authors.
|
||||
* Copyright 2012-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -44,7 +44,7 @@ public class SampleWebSecureCustomApplication implements WebMvcConfigurer {
|
|||
@Bean
|
||||
SecurityFilterChain configure(HttpSecurity http) throws Exception {
|
||||
http.csrf().disable();
|
||||
http.authorizeRequests((requests) -> requests.anyRequest().fullyAuthenticated());
|
||||
http.authorizeHttpRequests((requests) -> requests.anyRequest().fullyAuthenticated());
|
||||
http.formLogin((form) -> form.loginPage("/login").permitAll());
|
||||
return http.build();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2012-2021 the original author or authors.
|
||||
* Copyright 2012-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -47,7 +47,7 @@ public class SampleWebSecureJdbcApplication implements WebMvcConfigurer {
|
|||
@Bean
|
||||
SecurityFilterChain configure(HttpSecurity http) throws Exception {
|
||||
http.csrf().disable();
|
||||
http.authorizeRequests((requests) -> requests.anyRequest().fullyAuthenticated());
|
||||
http.authorizeHttpRequests((requests) -> requests.anyRequest().fullyAuthenticated());
|
||||
http.formLogin((form) -> form.loginPage("/login").permitAll());
|
||||
return http.build();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -50,7 +50,7 @@ abstract class AbstractErrorPageTests {
|
|||
@Test
|
||||
void testBadCredentials() {
|
||||
final ResponseEntity<JsonNode> response = this.testRestTemplate.withBasicAuth("username", "wrongpassword")
|
||||
.exchange("/test", HttpMethod.GET, null, JsonNode.class);
|
||||
.exchange(this.pathPrefix + "/test", HttpMethod.GET, null, JsonNode.class);
|
||||
assertThat(response.getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
|
||||
JsonNode jsonResponse = response.getBody();
|
||||
assertThat(jsonResponse).isNull();
|
||||
|
|
|
|||
|
|
@ -44,10 +44,10 @@ class CustomServletPathErrorPageTests extends AbstractErrorPageTests {
|
|||
|
||||
@Bean
|
||||
SecurityFilterChain configure(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests((requests) -> {
|
||||
http.authorizeHttpRequests((requests) -> {
|
||||
requests.antMatchers("/custom/servlet/path/public/**").permitAll();
|
||||
requests.anyRequest().fullyAuthenticated();
|
||||
requests.filterSecurityInterceptorOncePerRequest(true);
|
||||
requests.shouldFilterAllDispatcherTypes(false);
|
||||
});
|
||||
http.httpBasic();
|
||||
http.formLogin((form) -> form.loginPage("/custom/servlet/path/login").permitAll());
|
||||
|
|
|
|||
|
|
@ -43,7 +43,7 @@ class CustomServletPathUnauthenticatedErrorPageTests extends AbstractUnauthentic
|
|||
|
||||
@Bean
|
||||
SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests((requests) -> {
|
||||
http.authorizeHttpRequests((requests) -> {
|
||||
requests.antMatchers("/custom/servlet/path/error").permitAll();
|
||||
requests.antMatchers("/custom/servlet/path/public/**").permitAll();
|
||||
requests.anyRequest().authenticated();
|
||||
|
|
|
|||
|
|
@ -43,10 +43,10 @@ class ErrorPageTests extends AbstractErrorPageTests {
|
|||
|
||||
@Bean
|
||||
SecurityFilterChain configure(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests((requests) -> {
|
||||
http.authorizeHttpRequests((requests) -> {
|
||||
requests.antMatchers("/public/**").permitAll();
|
||||
requests.anyRequest().fullyAuthenticated();
|
||||
requests.filterSecurityInterceptorOncePerRequest(true);
|
||||
requests.shouldFilterAllDispatcherTypes(false);
|
||||
});
|
||||
http.httpBasic();
|
||||
http.formLogin((form) -> form.loginPage("/login").permitAll());
|
||||
|
|
|
|||
|
|
@ -45,10 +45,10 @@ class NoSessionErrorPageTests extends AbstractErrorPageTests {
|
|||
@Bean
|
||||
SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
|
||||
http.sessionManagement((session) -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
|
||||
.authorizeRequests((requests) -> {
|
||||
.authorizeHttpRequests((requests) -> {
|
||||
requests.antMatchers("/public/**").permitAll();
|
||||
requests.anyRequest().authenticated();
|
||||
requests.filterSecurityInterceptorOncePerRequest(true);
|
||||
requests.shouldFilterAllDispatcherTypes(false);
|
||||
});
|
||||
http.httpBasic();
|
||||
return http.build();
|
||||
|
|
|
|||
|
|
@ -95,7 +95,7 @@ class SampleWebSecureApplicationTests {
|
|||
@Bean
|
||||
SecurityFilterChain configure(HttpSecurity http) throws Exception {
|
||||
http.csrf().disable();
|
||||
http.authorizeRequests((requests) -> {
|
||||
http.authorizeHttpRequests((requests) -> {
|
||||
requests.antMatchers("/public/**").permitAll();
|
||||
requests.anyRequest().fullyAuthenticated();
|
||||
});
|
||||
|
|
|
|||
|
|
@ -43,7 +43,7 @@ class UnauthenticatedErrorPageTests extends AbstractUnauthenticatedErrorPageTest
|
|||
|
||||
@Bean
|
||||
SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests((requests) -> {
|
||||
http.authorizeHttpRequests((requests) -> {
|
||||
requests.antMatchers("/error").permitAll();
|
||||
requests.antMatchers("/public/**").permitAll();
|
||||
requests.anyRequest().authenticated();
|
||||
|
|
|
|||
Loading…
Reference in New Issue