Start building against Spring Security 6.5.0-RC1 snapshots
See gh-45147
This commit is contained in:
Phillip Webb
parent
7abfde7ddf
commit
c263c85de8
|
|
@ -62,7 +62,6 @@ import org.springframework.http.HttpMethod;
|
||||||
import org.springframework.security.config.annotation.web.WebSecurityConfigurer;
|
import org.springframework.security.config.annotation.web.WebSecurityConfigurer;
|
||||||
import org.springframework.security.config.annotation.web.builders.WebSecurity;
|
import org.springframework.security.config.annotation.web.builders.WebSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
|
||||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
|
||||||
import org.springframework.security.web.util.matcher.OrRequestMatcher;
|
import org.springframework.security.web.util.matcher.OrRequestMatcher;
|
||||||
import org.springframework.security.web.util.matcher.RequestMatcher;
|
import org.springframework.security.web.util.matcher.RequestMatcher;
|
||||||
import org.springframework.web.cors.CorsConfiguration;
|
import org.springframework.web.cors.CorsConfiguration;
|
||||||
|
|
@ -184,12 +183,15 @@ public class CloudFoundryActuatorAutoConfiguration {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@SuppressWarnings("removal")
|
||||||
public void customize(WebSecurity web) {
|
public void customize(WebSecurity web) {
|
||||||
List<RequestMatcher> requestMatchers = new ArrayList<>();
|
List<RequestMatcher> requestMatchers = new ArrayList<>();
|
||||||
this.pathMappedEndpoints.getAllPaths()
|
this.pathMappedEndpoints.getAllPaths()
|
||||||
.forEach((path) -> requestMatchers.add(new AntPathRequestMatcher(path + "/**")));
|
.forEach((path) -> requestMatchers
|
||||||
requestMatchers.add(new AntPathRequestMatcher(BASE_PATH));
|
.add(new org.springframework.security.web.util.matcher.AntPathRequestMatcher(path + "/**")));
|
||||||
requestMatchers.add(new AntPathRequestMatcher(BASE_PATH + "/"));
|
requestMatchers.add(new org.springframework.security.web.util.matcher.AntPathRequestMatcher(BASE_PATH));
|
||||||
|
requestMatchers
|
||||||
|
.add(new org.springframework.security.web.util.matcher.AntPathRequestMatcher(BASE_PATH + "/"));
|
||||||
web.ignoring().requestMatchers(new OrRequestMatcher(requestMatchers));
|
web.ignoring().requestMatchers(new OrRequestMatcher(requestMatchers));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -37,9 +37,11 @@ class AntPathRequestMatcherProvider implements RequestMatcherProvider {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@SuppressWarnings("removal")
|
||||||
public RequestMatcher getRequestMatcher(String pattern, HttpMethod httpMethod) {
|
public RequestMatcher getRequestMatcher(String pattern, HttpMethod httpMethod) {
|
||||||
String path = this.pathFactory.apply(pattern);
|
String path = this.pathFactory.apply(pattern);
|
||||||
return new AntPathRequestMatcher(path, (httpMethod != null) ? httpMethod.name() : null);
|
return new org.springframework.security.web.util.matcher.AntPathRequestMatcher(path,
|
||||||
|
(httpMethod != null) ? httpMethod.name() : null);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -42,7 +42,6 @@ import org.springframework.context.ApplicationContext;
|
||||||
import org.springframework.core.annotation.MergedAnnotation;
|
import org.springframework.core.annotation.MergedAnnotation;
|
||||||
import org.springframework.core.annotation.MergedAnnotations;
|
import org.springframework.core.annotation.MergedAnnotations;
|
||||||
import org.springframework.http.HttpMethod;
|
import org.springframework.http.HttpMethod;
|
||||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
|
||||||
import org.springframework.security.web.util.matcher.OrRequestMatcher;
|
import org.springframework.security.web.util.matcher.OrRequestMatcher;
|
||||||
import org.springframework.security.web.util.matcher.RequestMatcher;
|
import org.springframework.security.web.util.matcher.RequestMatcher;
|
||||||
import org.springframework.util.Assert;
|
import org.springframework.util.Assert;
|
||||||
|
|
@ -232,12 +231,14 @@ public final class EndpointRequest {
|
||||||
return linksMatchers;
|
return linksMatchers;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@SuppressWarnings("removal")
|
||||||
protected RequestMatcherProvider getRequestMatcherProvider(WebApplicationContext context) {
|
protected RequestMatcherProvider getRequestMatcherProvider(WebApplicationContext context) {
|
||||||
try {
|
try {
|
||||||
return getRequestMatcherProviderBean(context);
|
return getRequestMatcherProviderBean(context);
|
||||||
}
|
}
|
||||||
catch (NoSuchBeanDefinitionException ex) {
|
catch (NoSuchBeanDefinitionException ex) {
|
||||||
return (pattern, method) -> new AntPathRequestMatcher(pattern, (method != null) ? method.name() : null);
|
return (pattern, method) -> new org.springframework.security.web.util.matcher.AntPathRequestMatcher(
|
||||||
|
pattern, (method != null) ? method.name() : null);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -24,7 +24,6 @@ import org.springframework.boot.autoconfigure.h2.H2ConsoleProperties;
|
||||||
import org.springframework.boot.autoconfigure.security.StaticResourceLocation;
|
import org.springframework.boot.autoconfigure.security.StaticResourceLocation;
|
||||||
import org.springframework.boot.security.servlet.ApplicationContextRequestMatcher;
|
import org.springframework.boot.security.servlet.ApplicationContextRequestMatcher;
|
||||||
import org.springframework.boot.web.context.WebServerApplicationContext;
|
import org.springframework.boot.web.context.WebServerApplicationContext;
|
||||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
|
||||||
import org.springframework.security.web.util.matcher.RequestMatcher;
|
import org.springframework.security.web.util.matcher.RequestMatcher;
|
||||||
import org.springframework.web.context.WebApplicationContext;
|
import org.springframework.web.context.WebApplicationContext;
|
||||||
|
|
||||||
|
|
@ -77,8 +76,10 @@ public final class PathRequest {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@SuppressWarnings("removal")
|
||||||
protected void initialized(Supplier<H2ConsoleProperties> h2ConsoleProperties) {
|
protected void initialized(Supplier<H2ConsoleProperties> h2ConsoleProperties) {
|
||||||
this.delegate = new AntPathRequestMatcher(h2ConsoleProperties.get().getPath() + "/**");
|
this.delegate = new org.springframework.security.web.util.matcher.AntPathRequestMatcher(
|
||||||
|
h2ConsoleProperties.get().getPath() + "/**");
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
||||||
|
|
@ -28,7 +28,6 @@ import org.springframework.boot.autoconfigure.security.StaticResourceLocation;
|
||||||
import org.springframework.boot.autoconfigure.web.servlet.DispatcherServletPath;
|
import org.springframework.boot.autoconfigure.web.servlet.DispatcherServletPath;
|
||||||
import org.springframework.boot.security.servlet.ApplicationContextRequestMatcher;
|
import org.springframework.boot.security.servlet.ApplicationContextRequestMatcher;
|
||||||
import org.springframework.boot.web.context.WebServerApplicationContext;
|
import org.springframework.boot.web.context.WebServerApplicationContext;
|
||||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
|
||||||
import org.springframework.security.web.util.matcher.OrRequestMatcher;
|
import org.springframework.security.web.util.matcher.OrRequestMatcher;
|
||||||
import org.springframework.security.web.util.matcher.RequestMatcher;
|
import org.springframework.security.web.util.matcher.RequestMatcher;
|
||||||
import org.springframework.util.Assert;
|
import org.springframework.util.Assert;
|
||||||
|
|
@ -135,8 +134,10 @@ public final class StaticResourceRequest {
|
||||||
this.delegate = new OrRequestMatcher(getDelegateMatchers(dispatcherServletPath.get()).toList());
|
this.delegate = new OrRequestMatcher(getDelegateMatchers(dispatcherServletPath.get()).toList());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@SuppressWarnings("removal")
|
||||||
private Stream<RequestMatcher> getDelegateMatchers(DispatcherServletPath dispatcherServletPath) {
|
private Stream<RequestMatcher> getDelegateMatchers(DispatcherServletPath dispatcherServletPath) {
|
||||||
return getPatterns(dispatcherServletPath).map(AntPathRequestMatcher::new);
|
return getPatterns(dispatcherServletPath)
|
||||||
|
.map(org.springframework.security.web.util.matcher.AntPathRequestMatcher::new);
|
||||||
}
|
}
|
||||||
|
|
||||||
private Stream<String> getPatterns(DispatcherServletPath dispatcherServletPath) {
|
private Stream<String> getPatterns(DispatcherServletPath dispatcherServletPath) {
|
||||||
|
|
|
||||||
|
|
@ -2362,7 +2362,7 @@ bom {
|
||||||
releaseNotes("https://github.com/spring-projects/spring-retry/releases/tag/v{version}")
|
releaseNotes("https://github.com/spring-projects/spring-retry/releases/tag/v{version}")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
library("Spring Security", "6.5.0-M3") {
|
library("Spring Security", "6.5.0-SNAPSHOT") {
|
||||||
considerSnapshots()
|
considerSnapshots()
|
||||||
group("org.springframework.security") {
|
group("org.springframework.security") {
|
||||||
bom("spring-security-bom")
|
bom("spring-security-bom")
|
||||||
|
|
|
||||||
|
|
@ -25,7 +25,6 @@ import org.springframework.core.annotation.Order;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer;
|
import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer;
|
||||||
import org.springframework.security.web.SecurityFilterChain;
|
import org.springframework.security.web.SecurityFilterChain;
|
||||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Spring Security configuration that allows anonymous access to the remote devtools
|
* Spring Security configuration that allows anonymous access to the remote devtools
|
||||||
|
|
@ -46,9 +45,10 @@ class RemoteDevtoolsSecurityConfiguration {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
|
@SuppressWarnings("removal")
|
||||||
@Order(SecurityProperties.BASIC_AUTH_ORDER - 1)
|
@Order(SecurityProperties.BASIC_AUTH_ORDER - 1)
|
||||||
SecurityFilterChain devtoolsSecurityFilterChain(HttpSecurity http) throws Exception {
|
SecurityFilterChain devtoolsSecurityFilterChain(HttpSecurity http) throws Exception {
|
||||||
http.securityMatcher(new AntPathRequestMatcher(this.url));
|
http.securityMatcher(new org.springframework.security.web.util.matcher.AntPathRequestMatcher(this.url));
|
||||||
http.authorizeHttpRequests((requests) -> requests.anyRequest().anonymous());
|
http.authorizeHttpRequests((requests) -> requests.anyRequest().anonymous());
|
||||||
http.csrf(CsrfConfigurer::disable);
|
http.csrf(CsrfConfigurer::disable);
|
||||||
return http.build();
|
return http.build();
|
||||||
|
|
|
||||||
|
|
@ -58,6 +58,7 @@ public class SecurityConfiguration {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
|
@SuppressWarnings("removal")
|
||||||
SecurityFilterChain configure(HttpSecurity http, HandlerMappingIntrospector handlerMappingIntrospector)
|
SecurityFilterChain configure(HttpSecurity http, HandlerMappingIntrospector handlerMappingIntrospector)
|
||||||
throws Exception {
|
throws Exception {
|
||||||
http.authorizeHttpRequests((requests) -> {
|
http.authorizeHttpRequests((requests) -> {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue