Start building against Spring Security 6.5.0-RC1 snapshots
See gh-45147
This commit is contained in:
Phillip Webb
parent
7abfde7ddf
commit
c263c85de8
|
|
@ -62,7 +62,6 @@ import org.springframework.http.HttpMethod;
|
|||
import org.springframework.security.config.annotation.web.WebSecurityConfigurer;
|
||||
import org.springframework.security.config.annotation.web.builders.WebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
|
||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
||||
import org.springframework.security.web.util.matcher.OrRequestMatcher;
|
||||
import org.springframework.security.web.util.matcher.RequestMatcher;
|
||||
import org.springframework.web.cors.CorsConfiguration;
|
||||
|
|
@ -184,12 +183,15 @@ public class CloudFoundryActuatorAutoConfiguration {
|
|||
}
|
||||
|
||||
@Override
|
||||
@SuppressWarnings("removal")
|
||||
public void customize(WebSecurity web) {
|
||||
List<RequestMatcher> requestMatchers = new ArrayList<>();
|
||||
this.pathMappedEndpoints.getAllPaths()
|
||||
.forEach((path) -> requestMatchers.add(new AntPathRequestMatcher(path + "/**")));
|
||||
requestMatchers.add(new AntPathRequestMatcher(BASE_PATH));
|
||||
requestMatchers.add(new AntPathRequestMatcher(BASE_PATH + "/"));
|
||||
.forEach((path) -> requestMatchers
|
||||
.add(new org.springframework.security.web.util.matcher.AntPathRequestMatcher(path + "/**")));
|
||||
requestMatchers.add(new org.springframework.security.web.util.matcher.AntPathRequestMatcher(BASE_PATH));
|
||||
requestMatchers
|
||||
.add(new org.springframework.security.web.util.matcher.AntPathRequestMatcher(BASE_PATH + "/"));
|
||||
web.ignoring().requestMatchers(new OrRequestMatcher(requestMatchers));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -37,9 +37,11 @@ class AntPathRequestMatcherProvider implements RequestMatcherProvider {
|
|||
}
|
||||
|
||||
@Override
|
||||
@SuppressWarnings("removal")
|
||||
public RequestMatcher getRequestMatcher(String pattern, HttpMethod httpMethod) {
|
||||
String path = this.pathFactory.apply(pattern);
|
||||
return new AntPathRequestMatcher(path, (httpMethod != null) ? httpMethod.name() : null);
|
||||
return new org.springframework.security.web.util.matcher.AntPathRequestMatcher(path,
|
||||
(httpMethod != null) ? httpMethod.name() : null);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -42,7 +42,6 @@ import org.springframework.context.ApplicationContext;
|
|||
import org.springframework.core.annotation.MergedAnnotation;
|
||||
import org.springframework.core.annotation.MergedAnnotations;
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
||||
import org.springframework.security.web.util.matcher.OrRequestMatcher;
|
||||
import org.springframework.security.web.util.matcher.RequestMatcher;
|
||||
import org.springframework.util.Assert;
|
||||
|
|
@ -232,12 +231,14 @@ public final class EndpointRequest {
|
|||
return linksMatchers;
|
||||
}
|
||||
|
||||
@SuppressWarnings("removal")
|
||||
protected RequestMatcherProvider getRequestMatcherProvider(WebApplicationContext context) {
|
||||
try {
|
||||
return getRequestMatcherProviderBean(context);
|
||||
}
|
||||
catch (NoSuchBeanDefinitionException ex) {
|
||||
return (pattern, method) -> new AntPathRequestMatcher(pattern, (method != null) ? method.name() : null);
|
||||
return (pattern, method) -> new org.springframework.security.web.util.matcher.AntPathRequestMatcher(
|
||||
pattern, (method != null) ? method.name() : null);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -24,7 +24,6 @@ import org.springframework.boot.autoconfigure.h2.H2ConsoleProperties;
|
|||
import org.springframework.boot.autoconfigure.security.StaticResourceLocation;
|
||||
import org.springframework.boot.security.servlet.ApplicationContextRequestMatcher;
|
||||
import org.springframework.boot.web.context.WebServerApplicationContext;
|
||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
||||
import org.springframework.security.web.util.matcher.RequestMatcher;
|
||||
import org.springframework.web.context.WebApplicationContext;
|
||||
|
||||
|
|
@ -77,8 +76,10 @@ public final class PathRequest {
|
|||
}
|
||||
|
||||
@Override
|
||||
@SuppressWarnings("removal")
|
||||
protected void initialized(Supplier<H2ConsoleProperties> h2ConsoleProperties) {
|
||||
this.delegate = new AntPathRequestMatcher(h2ConsoleProperties.get().getPath() + "/**");
|
||||
this.delegate = new org.springframework.security.web.util.matcher.AntPathRequestMatcher(
|
||||
h2ConsoleProperties.get().getPath() + "/**");
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -28,7 +28,6 @@ import org.springframework.boot.autoconfigure.security.StaticResourceLocation;
|
|||
import org.springframework.boot.autoconfigure.web.servlet.DispatcherServletPath;
|
||||
import org.springframework.boot.security.servlet.ApplicationContextRequestMatcher;
|
||||
import org.springframework.boot.web.context.WebServerApplicationContext;
|
||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
||||
import org.springframework.security.web.util.matcher.OrRequestMatcher;
|
||||
import org.springframework.security.web.util.matcher.RequestMatcher;
|
||||
import org.springframework.util.Assert;
|
||||
|
|
@ -135,8 +134,10 @@ public final class StaticResourceRequest {
|
|||
this.delegate = new OrRequestMatcher(getDelegateMatchers(dispatcherServletPath.get()).toList());
|
||||
}
|
||||
|
||||
@SuppressWarnings("removal")
|
||||
private Stream<RequestMatcher> getDelegateMatchers(DispatcherServletPath dispatcherServletPath) {
|
||||
return getPatterns(dispatcherServletPath).map(AntPathRequestMatcher::new);
|
||||
return getPatterns(dispatcherServletPath)
|
||||
.map(org.springframework.security.web.util.matcher.AntPathRequestMatcher::new);
|
||||
}
|
||||
|
||||
private Stream<String> getPatterns(DispatcherServletPath dispatcherServletPath) {
|
||||
|
|
|
|||
|
|
@ -2362,7 +2362,7 @@ bom {
|
|||
releaseNotes("https://github.com/spring-projects/spring-retry/releases/tag/v{version}")
|
||||
}
|
||||
}
|
||||
library("Spring Security", "6.5.0-M3") {
|
||||
library("Spring Security", "6.5.0-SNAPSHOT") {
|
||||
considerSnapshots()
|
||||
group("org.springframework.security") {
|
||||
bom("spring-security-bom")
|
||||
|
|
|
|||
|
|
@ -25,7 +25,6 @@ import org.springframework.core.annotation.Order;
|
|||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
||||
|
||||
/**
|
||||
* Spring Security configuration that allows anonymous access to the remote devtools
|
||||
|
|
@ -46,9 +45,10 @@ class RemoteDevtoolsSecurityConfiguration {
|
|||
}
|
||||
|
||||
@Bean
|
||||
@SuppressWarnings("removal")
|
||||
@Order(SecurityProperties.BASIC_AUTH_ORDER - 1)
|
||||
SecurityFilterChain devtoolsSecurityFilterChain(HttpSecurity http) throws Exception {
|
||||
http.securityMatcher(new AntPathRequestMatcher(this.url));
|
||||
http.securityMatcher(new org.springframework.security.web.util.matcher.AntPathRequestMatcher(this.url));
|
||||
http.authorizeHttpRequests((requests) -> requests.anyRequest().anonymous());
|
||||
http.csrf(CsrfConfigurer::disable);
|
||||
return http.build();
|
||||
|
|
|
|||
|
|
@ -58,6 +58,7 @@ public class SecurityConfiguration {
|
|||
}
|
||||
|
||||
@Bean
|
||||
@SuppressWarnings("removal")
|
||||
SecurityFilterChain configure(HttpSecurity http, HandlerMappingIntrospector handlerMappingIntrospector)
|
||||
throws Exception {
|
||||
http.authorizeHttpRequests((requests) -> {
|
||||
|
|
|
|||
Loading…
Reference in New Issue