root
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Actions 12 Packages Projects Releases Wiki Activity

Refactor security auto-configuration package structure
Build and Deploy Snapshot / Build and Deploy Snapshot (push) Waiting to run Details
Build and Deploy Snapshot / Trigger Docs Build (push) Blocked by required conditions Details
Build and Deploy Snapshot / Verify (push) Blocked by required conditions Details
CI / ${{ matrix.os.name}} | Java ${{ matrix.java.version}} (map[toolchain:false version:25], map[id:${{ vars.UBUNTU_MEDIUM || 'ubuntu-latest' }} name:Linux]) (push) Waiting to run Details
CI / ${{ matrix.os.name}} | Java ${{ matrix.java.version}} (map[toolchain:false version:25], map[id:windows-latest name:Windows]) (push) Waiting to run Details
CI / ${{ matrix.os.name}} | Java ${{ matrix.java.version}} (map[toolchain:true version:17], map[id:${{ vars.UBUNTU_MEDIUM || 'ubuntu-latest' }} name:Linux]) (push) Waiting to run Details
CI / ${{ matrix.os.name}} | Java ${{ matrix.java.version}} (map[toolchain:true version:17], map[id:windows-latest name:Windows]) (push) Waiting to run Details
CI / ${{ matrix.os.name}} | Java ${{ matrix.java.version}} (map[toolchain:true version:21], map[id:${{ vars.UBUNTU_MEDIUM || 'ubuntu-latest' }} name:Linux]) (push) Waiting to run Details
CI / ${{ matrix.os.name}} | Java ${{ matrix.java.version}} (map[toolchain:true version:21], map[id:windows-latest name:Windows]) (push) Waiting to run Details
Run CodeQL Analysis / run-analysis (push) Waiting to run Details
Run System Tests / Java ${{ matrix.java.version}} (map[toolchain:true version:17]) (push) Waiting to run Details
Run System Tests / Java ${{ matrix.java.version}} (map[toolchain:true version:21]) (push) Waiting to run Details 

Refactor security auto-configuration package structure and classes to
create distinct web configurations.

Closes gh-14412
This commit is contained in:
Phillip Webb 2025-10-15 18:55:53 -07:00
parent 6c12521ad2
commit c2e68c0911
106 changed files with 633 additions and 503 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
documentation/spring-boot-docs/src/docs/antora/modules/reference/pages/web/spring-security.adoc
View File

@ -35,8 +35,8 @@ You can provide a different javadoc:org.springframework.security.authentication.
[[web.security.spring-mvc]]
== MVC Security
The default security configuration is implemented in javadoc:org.springframework.boot.security.autoconfigure.servlet.SecurityAutoConfiguration[] and javadoc:org.springframework.boot.security.autoconfigure.servlet.UserDetailsServiceAutoConfiguration[].
javadoc:org.springframework.boot.security.autoconfigure.servlet.SecurityAutoConfiguration[] imports `SpringBootWebSecurityConfiguration` for web security and javadoc:org.springframework.boot.security.autoconfigure.servlet.UserDetailsServiceAutoConfiguration[] for authentication.
The default security configuration is implemented in javadoc:org.springframework.boot.security.autoconfigure.SecurityAutoConfiguration[] and javadoc:org.springframework.boot.security.autoconfigure.UserDetailsServiceAutoConfiguration[].
javadoc:org.springframework.boot.security.autoconfigure.SecurityAutoConfiguration[] imports `SpringBootWebSecurityConfiguration` for web security and javadoc:org.springframework.boot.security.autoconfigure.UserDetailsServiceAutoConfiguration[] for authentication.
To completely switch off the default web application security configuration, including Actuator security, or to combine multiple Spring Security components such as OAuth2 Client and Resource Server, add a bean of type javadoc:org.springframework.security.web.SecurityFilterChain[] (doing so does not disable the javadoc:org.springframework.security.core.userdetails.UserDetailsService[] configuration).
To also switch off the javadoc:org.springframework.security.core.userdetails.UserDetailsService[] configuration, add a bean of type javadoc:org.springframework.security.core.userdetails.UserDetailsService[], javadoc:org.springframework.security.authentication.AuthenticationProvider[], or javadoc:org.springframework.security.authentication.AuthenticationManager[].
@ -52,7 +52,7 @@ To use javadoc:org.springframework.security.core.userdetails.UserDetailsService[
Access rules can be overridden by adding a custom javadoc:org.springframework.security.web.SecurityFilterChain[] bean.
Spring Boot provides convenience methods that can be used to override access rules for actuator endpoints and static resources.
javadoc:org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest[] can be used to create a javadoc:org.springframework.security.web.util.matcher.RequestMatcher[] that is based on the configprop:management.endpoints.web.base-path[] property.
javadoc:org.springframework.boot.security.autoconfigure.servlet.PathRequest[] can be used to create a javadoc:org.springframework.security.web.util.matcher.RequestMatcher[] for resources in commonly used locations.
javadoc:org.springframework.boot.security.autoconfigure.web.servlet.PathRequest[] can be used to create a javadoc:org.springframework.security.web.util.matcher.RequestMatcher[] for resources in commonly used locations.
@ -60,8 +60,8 @@ javadoc:org.springframework.boot.security.autoconfigure.servlet.PathRequest[] ca
== WebFlux Security
Similar to Spring MVC applications, you can secure your WebFlux applications by adding the `spring-boot-starter-security` dependency.
The default security configuration is implemented in javadoc:org.springframework.boot.security.autoconfigure.reactive.ReactiveSecurityAutoConfiguration[] and javadoc:org.springframework.boot.security.autoconfigure.reactive.ReactiveUserDetailsServiceAutoConfiguration[].
javadoc:org.springframework.boot.security.autoconfigure.reactive.ReactiveSecurityAutoConfiguration[] imports `WebFluxSecurityConfiguration` for web security and javadoc:org.springframework.boot.security.autoconfigure.reactive.ReactiveUserDetailsServiceAutoConfiguration[] for authentication.
The default security configuration is implemented in javadoc:org.springframework.boot.security.autoconfigure.web.reactive.ReactiveWebSecurityAutoConfiguration[] and javadoc:org.springframework.boot.security.autoconfigure.ReactiveUserDetailsServiceAutoConfiguration[].
javadoc:org.springframework.boot.security.autoconfigure.web.reactive.ReactiveWebSecurityAutoConfiguration[] imports `WebFluxSecurityConfiguration` for web security and javadoc:org.springframework.boot.security.autoconfigure.ReactiveUserDetailsServiceAutoConfiguration[] for authentication.
In addition to reactive web applications, the latter is also auto-configured when RSocket is in use.
To completely switch off the default web application security configuration, including Actuator security, add a bean of type javadoc:org.springframework.security.web.server.WebFilterChainProxy[] (doing so does not disable the javadoc:org.springframework.security.core.userdetails.ReactiveUserDetailsService[] configuration).

2
documentation/spring-boot-docs/src/main/java/org/springframework/boot/docs/actuator/endpoints/security/exposeall/MySecurityConfiguration.java
View File

@ -16,7 +16,7 @@
package org.springframework.boot.docs.actuator.endpoints.security.exposeall;
import org.springframework.boot.security.autoconfigure.actuate.servlet.EndpointRequest;
import org.springframework.boot.security.autoconfigure.actuate.web.servlet.EndpointRequest;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;

2
documentation/spring-boot-docs/src/main/java/org/springframework/boot/docs/actuator/endpoints/security/typical/MySecurityConfiguration.java
View File

@ -16,7 +16,7 @@
package org.springframework.boot.docs.actuator.endpoints.security.typical;
import org.springframework.boot.security.autoconfigure.actuate.servlet.EndpointRequest;
import org.springframework.boot.security.autoconfigure.actuate.web.servlet.EndpointRequest;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;

2
documentation/spring-boot-docs/src/main/java/org/springframework/boot/docs/data/sql/h2webconsole/springsecurity/DevProfileSecurityConfiguration.java
View File

@ -16,7 +16,7 @@
package org.springframework.boot.docs.data.sql.h2webconsole.springsecurity;
import org.springframework.boot.security.autoconfigure.servlet.PathRequest;
import org.springframework.boot.security.autoconfigure.web.servlet.PathRequest;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;

2
documentation/spring-boot-docs/src/main/java/org/springframework/boot/docs/web/security/springwebflux/MyWebFluxSecurityConfiguration.java
View File

@ -16,7 +16,7 @@
package org.springframework.boot.docs.web.security.springwebflux;
import org.springframework.boot.security.autoconfigure.reactive.PathRequest;
import org.springframework.boot.security.autoconfigure.web.reactive.PathRequest;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.web.server.ServerHttpSecurity;

2
documentation/spring-boot-docs/src/main/kotlin/org/springframework/boot/docs/actuator/endpoints/security/exposeall/MySecurityConfiguration.kt
View File

@ -16,7 +16,7 @@
package org.springframework.boot.docs.actuator.endpoints.security.exposeall
import org.springframework.boot.security.autoconfigure.actuate.servlet.EndpointRequest
import org.springframework.boot.security.autoconfigure.actuate.web.servlet.EndpointRequest
import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.security.config.annotation.web.builders.HttpSecurity

2
documentation/spring-boot-docs/src/main/kotlin/org/springframework/boot/docs/actuator/endpoints/security/typical/MySecurityConfiguration.kt
View File

@ -16,7 +16,7 @@
package org.springframework.boot.docs.actuator.endpoints.security.typical
import org.springframework.boot.security.autoconfigure.actuate.servlet.EndpointRequest
import org.springframework.boot.security.autoconfigure.actuate.web.servlet.EndpointRequest
import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.security.config.Customizer.withDefaults

2
documentation/spring-boot-docs/src/main/kotlin/org/springframework/boot/docs/web/security/springwebflux/MyWebFluxSecurityConfiguration.kt
View File

@ -16,7 +16,7 @@
package org.springframework.boot.docs.web.security.springwebflux
import org.springframework.boot.security.autoconfigure.reactive.PathRequest
import org.springframework.boot.security.autoconfigure.web.reactive.PathRequest
import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.security.config.Customizer.withDefaults

4
module/spring-boot-cloudfoundry/src/test/java/org/springframework/boot/cloudfoundry/autoconfigure/actuate/endpoint/reactive/CloudFoundryReactiveActuatorAutoConfigurationTests.java
View File

@ -54,7 +54,7 @@ import org.springframework.boot.health.autoconfigure.contributor.HealthContribut
import org.springframework.boot.health.autoconfigure.registry.HealthContributorRegistryAutoConfiguration;
import org.springframework.boot.http.converter.autoconfigure.HttpMessageConvertersAutoConfiguration;
import org.springframework.boot.jackson.autoconfigure.JacksonAutoConfiguration;
import org.springframework.boot.security.autoconfigure.reactive.ReactiveSecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.web.reactive.ReactiveWebSecurityAutoConfiguration;
import org.springframework.boot.ssl.SslBundle;
import org.springframework.boot.ssl.jks.JksSslStoreBundle;
import org.springframework.boot.ssl.jks.JksSslStoreDetails;
@ -97,7 +97,7 @@ class CloudFoundryReactiveActuatorAutoConfigurationTests {
private static final String V3_JSON = ApiVersion.V3.getProducedMimeType().toString();
private final ReactiveWebApplicationContextRunner contextRunner = new ReactiveWebApplicationContextRunner()
.withConfiguration(AutoConfigurations.of(ReactiveSecurityAutoConfiguration.class,
.withConfiguration(AutoConfigurations.of(ReactiveWebSecurityAutoConfiguration.class,
WebFluxAutoConfiguration.class, JacksonAutoConfiguration.class,
HttpMessageConvertersAutoConfiguration.class, PropertyPlaceholderAutoConfiguration.class,
WebClientCustomizerConfig.class, WebClientAutoConfiguration.class,

4
module/spring-boot-cloudfoundry/src/test/java/org/springframework/boot/cloudfoundry/autoconfigure/actuate/endpoint/reactive/CloudFoundryReactiveHealthEndpointWebExtensionTests.java
View File

@ -38,7 +38,7 @@ import org.springframework.boot.health.contributor.Health;
import org.springframework.boot.health.contributor.HealthIndicator;
import org.springframework.boot.http.converter.autoconfigure.HttpMessageConvertersAutoConfiguration;
import org.springframework.boot.jackson.autoconfigure.JacksonAutoConfiguration;
import org.springframework.boot.security.autoconfigure.reactive.ReactiveSecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.web.reactive.ReactiveWebSecurityAutoConfiguration;
import org.springframework.boot.test.context.runner.ReactiveWebApplicationContextRunner;
import org.springframework.boot.webclient.autoconfigure.WebClientAutoConfiguration;
import org.springframework.boot.webflux.autoconfigure.WebFluxAutoConfiguration;
@ -58,7 +58,7 @@ class CloudFoundryReactiveHealthEndpointWebExtensionTests {
private final ReactiveWebApplicationContextRunner contextRunner = new ReactiveWebApplicationContextRunner()
.withPropertyValues("VCAP_APPLICATION={}")
.withConfiguration(AutoConfigurations.of(ReactiveSecurityAutoConfiguration.class,
.withConfiguration(AutoConfigurations.of(ReactiveWebSecurityAutoConfiguration.class,
WebFluxAutoConfiguration.class, JacksonAutoConfiguration.class,
HttpMessageConvertersAutoConfiguration.class, PropertyPlaceholderAutoConfiguration.class,
CloudFoundryReactiveActuatorAutoConfigurationTests.WebClientCustomizerConfig.class,

6
module/spring-boot-cloudfoundry/src/test/java/org/springframework/boot/cloudfoundry/autoconfigure/actuate/endpoint/servlet/CloudFoundryActuatorAutoConfigurationTests.java
View File

@ -43,7 +43,8 @@ import org.springframework.boot.health.autoconfigure.registry.HealthContributorR
import org.springframework.boot.http.converter.autoconfigure.HttpMessageConvertersAutoConfiguration;
import org.springframework.boot.jackson.autoconfigure.JacksonAutoConfiguration;
import org.springframework.boot.restclient.autoconfigure.RestTemplateAutoConfiguration;
import org.springframework.boot.security.autoconfigure.servlet.SecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.SecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.web.servlet.ServletWebSecurityAutoConfiguration;
import org.springframework.boot.servlet.autoconfigure.actuate.web.ServletManagementContextAutoConfiguration;
import org.springframework.boot.test.context.assertj.AssertableWebApplicationContext;
import org.springframework.boot.test.context.runner.WebApplicationContextRunner;
@ -82,7 +83,8 @@ class CloudFoundryActuatorAutoConfigurationTests {
private static final String BASE_PATH = "/cloudfoundryapplication";
private final WebApplicationContextRunner contextRunner = new WebApplicationContextRunner()
.withConfiguration(AutoConfigurations.of(SecurityAutoConfiguration.class, WebMvcAutoConfiguration.class,
.withConfiguration(AutoConfigurations.of(SecurityAutoConfiguration.class,
ServletWebSecurityAutoConfiguration.class, WebMvcAutoConfiguration.class,
JacksonAutoConfiguration.class, DispatcherServletAutoConfiguration.class,
HttpMessageConvertersAutoConfiguration.class, PropertyPlaceholderAutoConfiguration.class,
RestTemplateAutoConfiguration.class, ManagementContextAutoConfiguration.class,

20
module/spring-boot-cloudfoundry/src/test/java/org/springframework/boot/cloudfoundry/autoconfigure/actuate/endpoint/servlet/CloudFoundryHealthEndpointWebExtensionTests.java
View File

@ -37,7 +37,8 @@ import org.springframework.boot.health.contributor.HealthIndicator;
import org.springframework.boot.http.converter.autoconfigure.HttpMessageConvertersAutoConfiguration;
import org.springframework.boot.jackson.autoconfigure.JacksonAutoConfiguration;
import org.springframework.boot.restclient.autoconfigure.RestTemplateAutoConfiguration;
import org.springframework.boot.security.autoconfigure.servlet.SecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.SecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.web.servlet.ServletWebSecurityAutoConfiguration;
import org.springframework.boot.servlet.autoconfigure.actuate.web.ServletManagementContextAutoConfiguration;
import org.springframework.boot.test.context.runner.WebApplicationContextRunner;
import org.springframework.boot.webmvc.autoconfigure.DispatcherServletAutoConfiguration;
@ -54,14 +55,15 @@ class CloudFoundryHealthEndpointWebExtensionTests {
private final WebApplicationContextRunner contextRunner = new WebApplicationContextRunner()
.withPropertyValues("VCAP_APPLICATION={}")
.withConfiguration(AutoConfigurations.of(SecurityAutoConfiguration.class, WebMvcAutoConfiguration.class,
JacksonAutoConfiguration.class, DispatcherServletAutoConfiguration.class,
HttpMessageConvertersAutoConfiguration.class, PropertyPlaceholderAutoConfiguration.class,
RestTemplateAutoConfiguration.class, ManagementContextAutoConfiguration.class,
ServletManagementContextAutoConfiguration.class, EndpointAutoConfiguration.class,
WebEndpointAutoConfiguration.class, HealthContributorAutoConfiguration.class,
HealthContributorRegistryAutoConfiguration.class, HealthEndpointAutoConfiguration.class,
CloudFoundryActuatorAutoConfiguration.class))
.withConfiguration(
AutoConfigurations.of(SecurityAutoConfiguration.class, ServletWebSecurityAutoConfiguration.class,
WebMvcAutoConfiguration.class, JacksonAutoConfiguration.class,
DispatcherServletAutoConfiguration.class, HttpMessageConvertersAutoConfiguration.class,
PropertyPlaceholderAutoConfiguration.class, RestTemplateAutoConfiguration.class,
ManagementContextAutoConfiguration.class, ServletManagementContextAutoConfiguration.class,
EndpointAutoConfiguration.class, WebEndpointAutoConfiguration.class,
HealthContributorAutoConfiguration.class, HealthContributorRegistryAutoConfiguration.class,
HealthEndpointAutoConfiguration.class, CloudFoundryActuatorAutoConfiguration.class))
.withUserConfiguration(TestHealthIndicator.class);
@Test

6
module/spring-boot-cloudfoundry/src/test/java/org/springframework/boot/cloudfoundry/autoconfigure/actuate/endpoint/servlet/CloudFoundryInfoEndpointWebExtensionTests.java
View File

@ -32,7 +32,8 @@ import org.springframework.boot.health.autoconfigure.actuate.endpoint.HealthEndp
import org.springframework.boot.http.converter.autoconfigure.HttpMessageConvertersAutoConfiguration;
import org.springframework.boot.jackson.autoconfigure.JacksonAutoConfiguration;
import org.springframework.boot.restclient.autoconfigure.RestTemplateAutoConfiguration;
import org.springframework.boot.security.autoconfigure.servlet.SecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.SecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.web.servlet.ServletWebSecurityAutoConfiguration;
import org.springframework.boot.servlet.autoconfigure.actuate.web.ServletManagementContextAutoConfiguration;
import org.springframework.boot.test.context.runner.WebApplicationContextRunner;
import org.springframework.boot.testsupport.classpath.resources.WithResource;
@ -50,7 +51,8 @@ class CloudFoundryInfoEndpointWebExtensionTests {
private final WebApplicationContextRunner contextRunner = new WebApplicationContextRunner()
.withPropertyValues("VCAP_APPLICATION={}")
.withConfiguration(AutoConfigurations.of(SecurityAutoConfiguration.class, WebMvcAutoConfiguration.class,
.withConfiguration(AutoConfigurations.of(SecurityAutoConfiguration.class,
ServletWebSecurityAutoConfiguration.class, WebMvcAutoConfiguration.class,
JacksonAutoConfiguration.class, DispatcherServletAutoConfiguration.class,
HttpMessageConvertersAutoConfiguration.class, PropertyPlaceholderAutoConfiguration.class,
RestTemplateAutoConfiguration.class, ManagementContextAutoConfiguration.class,

3
module/spring-boot-devtools/src/main/java/org/springframework/boot/devtools/autoconfigure/RemoteDevToolsAutoConfiguration.java
View File

@ -59,7 +59,8 @@ import org.springframework.util.Assert;
* @author Madhura Bhave
* @since 1.3.0
*/
@AutoConfiguration(afterName = "org.springframework.boot.security.autoconfigure.servlet.SecurityAutoConfiguration")
@AutoConfiguration(
afterName = "org.springframework.boot.security.autoconfigure.web.servlet.ServletWebSecurityAutoConfiguration")
@ConditionalOnEnabledDevTools
@ConditionalOnProperty("spring.devtools.remote.secret")
@ConditionalOnClass({ Filter.class, ServerHttpRequest.class, ServerProperties.class })

4
module/spring-boot-devtools/src/main/java/org/springframework/boot/devtools/autoconfigure/RemoteDevtoolsSecurityConfiguration.java
View File

@ -17,7 +17,7 @@
package org.springframework.boot.devtools.autoconfigure;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.security.autoconfigure.SecurityProperties;
import org.springframework.boot.security.autoconfigure.web.servlet.SecurityFilterProperties;
import org.springframework.boot.web.server.autoconfigure.ServerProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@ -46,7 +46,7 @@ class RemoteDevtoolsSecurityConfiguration {
}
@Bean
@Order(SecurityProperties.BASIC_AUTH_ORDER - 1)
@Order(SecurityFilterProperties.BASIC_AUTH_ORDER - 1)
SecurityFilterChain devtoolsSecurityFilterChain(HttpSecurity http) {
http.securityMatcher(PathPatternRequestMatcher.withDefaults().matcher(this.url));
http.authorizeHttpRequests((requests) -> requests.anyRequest().anonymous());

7
module/spring-boot-devtools/src/test/java/org/springframework/boot/devtools/autoconfigure/RemoteDevToolsAutoConfigurationTests.java
View File

@ -32,7 +32,8 @@ import org.springframework.boot.devtools.remote.server.DispatcherFilter;
import org.springframework.boot.devtools.restart.MockRestarter;
import org.springframework.boot.devtools.restart.server.HttpRestartServer;
import org.springframework.boot.devtools.restart.server.SourceDirectoryUrlFilter;
import org.springframework.boot.security.autoconfigure.servlet.SecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.SecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.web.servlet.ServletWebSecurityAutoConfiguration;
import org.springframework.boot.test.util.TestPropertyValues;
import org.springframework.boot.web.context.servlet.AnnotationConfigServletWebApplicationContext;
import org.springframework.context.annotation.Bean;
@ -236,8 +237,8 @@ class RemoteDevToolsAutoConfigurationTests {
private AnnotationConfigServletWebApplicationContext loadContext(String... properties) {
AnnotationConfigServletWebApplicationContext context = new AnnotationConfigServletWebApplicationContext();
context.setServletContext(new MockServletContext());
context.register(Config.class, SecurityAutoConfiguration.class, RemoteDevToolsAutoConfiguration.class,
PropertyPlaceholderAutoConfiguration.class);
context.register(Config.class, SecurityAutoConfiguration.class, ServletWebSecurityAutoConfiguration.class,
RemoteDevToolsAutoConfiguration.class, PropertyPlaceholderAutoConfiguration.class);
TestPropertyValues.of(properties).applyTo(context);
context.refresh();
return context;

4
module/spring-boot-graphql/src/test/java/org/springframework/boot/graphql/autoconfigure/security/GraphQlWebFluxSecurityAutoConfigurationTests.java
View File

@ -30,7 +30,7 @@ import org.springframework.boot.graphql.autoconfigure.GraphQlTestDataFetchers;
import org.springframework.boot.graphql.autoconfigure.reactive.GraphQlWebFluxAutoConfiguration;
import org.springframework.boot.http.codec.autoconfigure.CodecsAutoConfiguration;
import org.springframework.boot.jackson.autoconfigure.JacksonAutoConfiguration;
import org.springframework.boot.security.autoconfigure.reactive.ReactiveSecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.web.reactive.ReactiveWebSecurityAutoConfiguration;
import org.springframework.boot.test.context.runner.ReactiveWebApplicationContextRunner;
import org.springframework.boot.testsupport.classpath.resources.WithResource;
import org.springframework.boot.webflux.autoconfigure.HttpHandlerAutoConfiguration;
@ -87,7 +87,7 @@ class GraphQlWebFluxSecurityAutoConfigurationTests {
.withConfiguration(AutoConfigurations.of(HttpHandlerAutoConfiguration.class, WebFluxAutoConfiguration.class,
CodecsAutoConfiguration.class, JacksonAutoConfiguration.class, GraphQlAutoConfiguration.class,
GraphQlWebFluxAutoConfiguration.class, GraphQlWebFluxSecurityAutoConfiguration.class,
ReactiveSecurityAutoConfiguration.class))
ReactiveWebSecurityAutoConfiguration.class))
.withUserConfiguration(DataFetchersConfiguration.class, SecurityConfig.class)
.withPropertyValues("spring.main.web-application-type=reactive");

2
module/spring-boot-graphql/src/test/java/org/springframework/boot/graphql/autoconfigure/security/GraphQlWebMvcSecurityAutoConfigurationTests.java
View File

@ -28,7 +28,7 @@ import org.springframework.boot.graphql.autoconfigure.GraphQlTestDataFetchers;
import org.springframework.boot.graphql.autoconfigure.servlet.GraphQlWebMvcAutoConfiguration;
import org.springframework.boot.http.converter.autoconfigure.HttpMessageConvertersAutoConfiguration;
import org.springframework.boot.jackson.autoconfigure.JacksonAutoConfiguration;
import org.springframework.boot.security.autoconfigure.servlet.SecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.SecurityAutoConfiguration;
import org.springframework.boot.test.context.runner.WebApplicationContextRunner;
import org.springframework.boot.testsupport.classpath.resources.WithResource;
import org.springframework.boot.webmvc.autoconfigure.DispatcherServletAutoConfiguration;

6
module/spring-boot-security-oauth2-authorization-server/src/main/java/org/springframework/boot/security/oauth2/server/authorization/autoconfigure/servlet/OAuth2AuthorizationServerAutoConfiguration.java
View File

@ -21,9 +21,9 @@ import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication.Type;
import org.springframework.boot.security.autoconfigure.actuate.servlet.ManagementWebSecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.servlet.SecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.servlet.UserDetailsServiceAutoConfiguration;
import org.springframework.boot.security.autoconfigure.SecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.UserDetailsServiceAutoConfiguration;
import org.springframework.boot.security.autoconfigure.actuate.web.servlet.ManagementWebSecurityAutoConfiguration;
import org.springframework.context.annotation.Import;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;

2
module/spring-boot-security-oauth2-authorization-server/src/main/java/org/springframework/boot/security/oauth2/server/authorization/autoconfigure/servlet/OAuth2AuthorizationServerJwtAutoConfiguration.java
View File

@ -35,7 +35,7 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication.Type;
import org.springframework.boot.security.autoconfigure.servlet.UserDetailsServiceAutoConfiguration;
import org.springframework.boot.security.autoconfigure.UserDetailsServiceAutoConfiguration;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Role;

6
module/spring-boot-security-oauth2-authorization-server/src/main/java/org/springframework/boot/security/oauth2/server/authorization/autoconfigure/servlet/OAuth2AuthorizationServerWebSecurityConfiguration.java
View File

@ -19,8 +19,8 @@ package org.springframework.boot.security.oauth2.server.authorization.autoconfig
import java.util.Set;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.security.autoconfigure.ConditionalOnDefaultWebSecurity;
import org.springframework.boot.security.autoconfigure.SecurityProperties;
import org.springframework.boot.security.autoconfigure.web.servlet.ConditionalOnDefaultWebSecurity;
import org.springframework.boot.security.autoconfigure.web.servlet.SecurityFilterProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.Ordered;
@ -62,7 +62,7 @@ class OAuth2AuthorizationServerWebSecurityConfiguration {
}
@Bean
@Order(SecurityProperties.BASIC_AUTH_ORDER)
@Order(SecurityFilterProperties.BASIC_AUTH_ORDER)
SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) {
http.authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated()).formLogin(withDefaults());
return http.build();

9
module/spring-boot-security-oauth2-authorization-server/src/test/java/org/springframework/boot/security/oauth2/server/authorization/autoconfigure/servlet/OAuth2AuthorizationServerAutoConfigurationTests.java
View File

@ -19,9 +19,10 @@ package org.springframework.boot.security.oauth2.server.authorization.autoconfig
import org.junit.jupiter.api.Test;
import org.springframework.boot.autoconfigure.AutoConfigurations;
import org.springframework.boot.security.autoconfigure.actuate.servlet.ManagementWebSecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.servlet.SecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.servlet.UserDetailsServiceAutoConfiguration;
import org.springframework.boot.security.autoconfigure.SecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.UserDetailsServiceAutoConfiguration;
import org.springframework.boot.security.autoconfigure.actuate.web.servlet.ManagementWebSecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.web.servlet.ServletWebSecurityAutoConfiguration;
import org.springframework.boot.test.context.FilteredClassLoader;
import org.springframework.boot.test.context.runner.WebApplicationContextRunner;
import org.springframework.boot.testsupport.classpath.ClassPathExclusions;
@ -53,7 +54,7 @@ class OAuth2AuthorizationServerAutoConfigurationTests {
private final WebApplicationContextRunner contextRunner = new WebApplicationContextRunner()
.withConfiguration(AutoConfigurations.of(OAuth2AuthorizationServerAutoConfiguration.class,
OAuth2AuthorizationServerJwtAutoConfiguration.class, SecurityAutoConfiguration.class,
UserDetailsServiceAutoConfiguration.class));
ServletWebSecurityAutoConfiguration.class, UserDetailsServiceAutoConfiguration.class));
@Test
void autoConfigurationConditionalOnClassOauth2Authorization() {

6
module/spring-boot-security-oauth2-client/src/main/java/org/springframework/boot/security/oauth2/client/autoconfigure/reactive/ReactiveOAuth2ClientWebSecurityAutoConfiguration.java
View File

@ -24,8 +24,8 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication.Type;
import org.springframework.boot.security.autoconfigure.actuate.reactive.ReactiveManagementWebSecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.reactive.ReactiveSecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.actuate.web.reactive.ReactiveManagementWebSecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.web.reactive.ReactiveWebSecurityAutoConfiguration;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
@ -45,7 +45,7 @@ import static org.springframework.security.config.Customizer.withDefaults;
* @since 4.0.0
*/
@AutoConfiguration(
before = { ReactiveManagementWebSecurityAutoConfiguration.class, ReactiveSecurityAutoConfiguration.class },
before = { ReactiveManagementWebSecurityAutoConfiguration.class, ReactiveWebSecurityAutoConfiguration.class },
after = ReactiveOAuth2ClientAutoConfiguration.class)
@ConditionalOnClass({ Flux.class, EnableWebFluxSecurity.class, ServerOAuth2AuthorizedClientRepository.class })
@ConditionalOnBean(ReactiveOAuth2AuthorizedClientService.class)

6
module/spring-boot-security-oauth2-client/src/main/java/org/springframework/boot/security/oauth2/client/autoconfigure/servlet/OAuth2ClientWebSecurityAutoConfiguration.java
View File

@ -22,9 +22,9 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication.Type;
import org.springframework.boot.security.autoconfigure.ConditionalOnDefaultWebSecurity;
import org.springframework.boot.security.autoconfigure.actuate.servlet.ManagementWebSecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.servlet.SecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.SecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.actuate.web.servlet.ManagementWebSecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.web.servlet.ConditionalOnDefaultWebSecurity;
import org.springframework.boot.security.oauth2.client.autoconfigure.OAuth2ClientAutoConfiguration;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

4
module/spring-boot-security-oauth2-client/src/test/java/org/springframework/boot/security/oauth2/client/autoconfigure/reactive/ReactiveOAuth2ClientAutoConfigurationTests.java
View File

@ -22,7 +22,7 @@ import org.junit.jupiter.api.Test;
import reactor.core.publisher.Flux;
import org.springframework.boot.autoconfigure.AutoConfigurations;
import org.springframework.boot.security.autoconfigure.reactive.ReactiveSecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.web.reactive.ReactiveWebSecurityAutoConfiguration;
import org.springframework.boot.test.context.FilteredClassLoader;
import org.springframework.boot.test.context.runner.ApplicationContextRunner;
import org.springframework.boot.test.context.runner.WebApplicationContextRunner;
@ -46,7 +46,7 @@ class ReactiveOAuth2ClientAutoConfigurationTests {
private final ApplicationContextRunner contextRunner = new ApplicationContextRunner()
.withConfiguration(AutoConfigurations.of(ReactiveOAuth2ClientAutoConfiguration.class,
ReactiveSecurityAutoConfiguration.class));
ReactiveWebSecurityAutoConfiguration.class));
@Test
void autoConfigurationShouldBackOffForServletEnvironments() {

6
module/spring-boot-security-oauth2-client/src/test/java/org/springframework/boot/security/oauth2/client/autoconfigure/reactive/ReactiveOAuth2ClientWebSecurityAutoConfigurationTests.java
View File

@ -22,7 +22,7 @@ import java.util.List;
import org.junit.jupiter.api.Test;
import org.springframework.boot.autoconfigure.AutoConfigurations;
import org.springframework.boot.security.autoconfigure.reactive.ReactiveSecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.web.reactive.ReactiveWebSecurityAutoConfiguration;
import org.springframework.boot.test.context.assertj.AssertableReactiveWebApplicationContext;
import org.springframework.boot.test.context.runner.ApplicationContextRunner;
import org.springframework.boot.test.context.runner.ReactiveWebApplicationContextRunner;
@ -60,7 +60,7 @@ class ReactiveOAuth2ClientWebSecurityAutoConfigurationTests {
private final ReactiveWebApplicationContextRunner contextRunner = new ReactiveWebApplicationContextRunner()
.withConfiguration(AutoConfigurations.of(ReactiveOAuth2ClientWebSecurityAutoConfiguration.class,
ReactiveSecurityAutoConfiguration.class));
ReactiveWebSecurityAutoConfiguration.class));
@Test
void autoConfigurationShouldBackOffForServletEnvironments() {
@ -107,7 +107,7 @@ class ReactiveOAuth2ClientWebSecurityAutoConfigurationTests {
void securityWebFilterChainBeanConditionalOnWebApplication() {
new ApplicationContextRunner()
.withConfiguration(AutoConfigurations.of(ReactiveOAuth2ClientWebSecurityAutoConfiguration.class,
ReactiveSecurityAutoConfiguration.class))
ReactiveWebSecurityAutoConfiguration.class))
.withUserConfiguration(ReactiveOAuth2AuthorizedClientRepositoryConfiguration.class)
.run((context) -> assertThat(context).doesNotHaveBean(SecurityWebFilterChain.class));
}

8
module/spring-boot-security-oauth2-resource-server/src/main/java/org/springframework/boot/security/oauth2/server/resource/autoconfigure/reactive/ReactiveOAuth2ResourceServerAutoConfiguration.java
View File

@ -22,9 +22,9 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication.Type;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.security.autoconfigure.actuate.reactive.ReactiveManagementWebSecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.reactive.ReactiveSecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.reactive.ReactiveUserDetailsServiceAutoConfiguration;
import org.springframework.boot.security.autoconfigure.ReactiveUserDetailsServiceAutoConfiguration;
import org.springframework.boot.security.autoconfigure.actuate.web.reactive.ReactiveManagementWebSecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.web.reactive.ReactiveWebSecurityAutoConfiguration;
import org.springframework.boot.security.oauth2.server.resource.autoconfigure.OAuth2ResourceServerProperties;
import org.springframework.context.annotation.Import;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
@ -37,7 +37,7 @@ import org.springframework.security.config.annotation.web.reactive.EnableWebFlux
* @since 4.0.0
*/
@AutoConfiguration(before = { ReactiveManagementWebSecurityAutoConfiguration.class,
ReactiveSecurityAutoConfiguration.class, ReactiveUserDetailsServiceAutoConfiguration.class })
ReactiveWebSecurityAutoConfiguration.class, ReactiveUserDetailsServiceAutoConfiguration.class })
@EnableConfigurationProperties(OAuth2ResourceServerProperties.class)
@ConditionalOnClass({ EnableWebFluxSecurity.class })
@ConditionalOnWebApplication(type = Type.REACTIVE)

6
module/spring-boot-security-oauth2-resource-server/src/main/java/org/springframework/boot/security/oauth2/server/resource/autoconfigure/servlet/OAuth2ResourceServerAutoConfiguration.java
View File

@ -22,9 +22,9 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication.Type;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.security.autoconfigure.actuate.servlet.ManagementWebSecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.servlet.SecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.servlet.UserDetailsServiceAutoConfiguration;
import org.springframework.boot.security.autoconfigure.SecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.UserDetailsServiceAutoConfiguration;
import org.springframework.boot.security.autoconfigure.actuate.web.servlet.ManagementWebSecurityAutoConfiguration;
import org.springframework.boot.security.oauth2.server.resource.autoconfigure.OAuth2ResourceServerProperties;
import org.springframework.context.annotation.Import;
import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthenticationToken;

2
module/spring-boot-security-oauth2-resource-server/src/main/java/org/springframework/boot/security/oauth2/server/resource/autoconfigure/servlet/OAuth2ResourceServerJwtConfiguration.java
View File

@ -33,7 +33,7 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.PropertyMapper;
import org.springframework.boot.security.autoconfigure.ConditionalOnDefaultWebSecurity;
import org.springframework.boot.security.autoconfigure.web.servlet.ConditionalOnDefaultWebSecurity;
import org.springframework.boot.security.oauth2.server.resource.autoconfigure.ConditionalOnIssuerLocationJwtDecoder;
import org.springframework.boot.security.oauth2.server.resource.autoconfigure.ConditionalOnPublicKeyJwtDecoder;
import org.springframework.boot.security.oauth2.server.resource.autoconfigure.OAuth2ResourceServerProperties;

2
module/spring-boot-security-oauth2-resource-server/src/main/java/org/springframework/boot/security/oauth2/server/resource/autoconfigure/servlet/OAuth2ResourceServerOpaqueTokenConfiguration.java
View File

@ -19,7 +19,7 @@ package org.springframework.boot.security.oauth2.server.resource.autoconfigure.s
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.security.autoconfigure.ConditionalOnDefaultWebSecurity;
import org.springframework.boot.security.autoconfigure.web.servlet.ConditionalOnDefaultWebSecurity;
import org.springframework.boot.security.oauth2.server.resource.autoconfigure.OAuth2ResourceServerProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

6
module/spring-boot-security-oauth2-resource-server/src/test/java/org/springframework/boot/security/oauth2/server/resource/autoconfigure/reactive/ReactiveOAuth2ResourceServerAutoConfigurationTests.java
View File

@ -49,8 +49,8 @@ import reactor.core.publisher.Mono;
import tools.jackson.databind.ObjectMapper;
import org.springframework.boot.autoconfigure.AutoConfigurations;
import org.springframework.boot.security.autoconfigure.actuate.reactive.ReactiveManagementWebSecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.reactive.ReactiveSecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.actuate.web.reactive.ReactiveManagementWebSecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.web.reactive.ReactiveWebSecurityAutoConfiguration;
import org.springframework.boot.security.oauth2.server.resource.autoconfigure.JwtConverterCustomizationsArgumentsProvider;
import org.springframework.boot.test.context.FilteredClassLoader;
import org.springframework.boot.test.context.assertj.AssertableReactiveWebApplicationContext;
@ -718,7 +718,7 @@ class ReactiveOAuth2ResourceServerAutoConfigurationTests {
void causesReactiveManagementWebSecurityAutoConfigurationToBackOff() {
ReactiveWebApplicationContextRunner contextRunner = new ReactiveWebApplicationContextRunner()
.withConfiguration(AutoConfigurations.of(ReactiveManagementWebSecurityAutoConfiguration.class,
ReactiveOAuth2ResourceServerAutoConfiguration.class, ReactiveSecurityAutoConfiguration.class,
ReactiveOAuth2ResourceServerAutoConfiguration.class, ReactiveWebSecurityAutoConfiguration.class,
WebFluxAutoConfiguration.class));
contextRunner
.run((context) -> assertThat(context).hasSingleBean(ReactiveManagementWebSecurityAutoConfiguration.class));

7
module/spring-boot-security-oauth2-resource-server/src/test/java/org/springframework/boot/security/oauth2/server/resource/autoconfigure/servlet/OAuth2ResourceServerAutoConfigurationTests.java
View File

@ -47,8 +47,9 @@ import org.mockito.InOrder;
import tools.jackson.databind.ObjectMapper;
import org.springframework.boot.autoconfigure.AutoConfigurations;
import org.springframework.boot.security.autoconfigure.actuate.servlet.ManagementWebSecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.servlet.SecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.SecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.actuate.web.servlet.ManagementWebSecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.web.servlet.ServletWebSecurityAutoConfiguration;
import org.springframework.boot.security.oauth2.server.resource.autoconfigure.JwtConverterCustomizationsArgumentsProvider;
import org.springframework.boot.test.context.FilteredClassLoader;
import org.springframework.boot.test.context.assertj.AssertableWebApplicationContext;
@ -737,7 +738,7 @@ class OAuth2ResourceServerAutoConfigurationTests {
WebApplicationContextRunner contextRunner = new WebApplicationContextRunner()
.withConfiguration(AutoConfigurations.of(ManagementWebSecurityAutoConfiguration.class,
OAuth2ResourceServerAutoConfiguration.class, SecurityAutoConfiguration.class,
WebMvcAutoConfiguration.class));
ServletWebSecurityAutoConfiguration.class, WebMvcAutoConfiguration.class));
contextRunner.run((context) -> assertThat(context).hasSingleBean(ManagementWebSecurityAutoConfiguration.class));
contextRunner.withPropertyValues("spring.security.oauth2.resourceserver.jwt.jwk-set-uri=https://authserver")
.run((context) -> assertThat(context).doesNotHaveBean(ManagementWebSecurityAutoConfiguration.class)

2
module/spring-boot-security-saml2/src/main/java/org/springframework/boot/security/saml2/autoconfigure/Saml2LoginConfiguration.java
View File

@ -17,7 +17,7 @@
package org.springframework.boot.security.saml2.autoconfigure;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.security.autoconfigure.ConditionalOnDefaultWebSecurity;
import org.springframework.boot.security.autoconfigure.web.servlet.ConditionalOnDefaultWebSecurity;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;

4
module/spring-boot-security-saml2/src/main/java/org/springframework/boot/security/saml2/autoconfigure/Saml2RelyingPartyAutoConfiguration.java
View File

@ -22,8 +22,8 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication.Type;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.security.autoconfigure.actuate.servlet.ManagementWebSecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.servlet.SecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.SecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.actuate.web.servlet.ManagementWebSecurityAutoConfiguration;
import org.springframework.context.annotation.Import;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;

12
module/spring-boot-security-saml2/src/test/java/org/springframework/boot/security/saml2/autoconfigure/Saml2RelyingPartyAutoConfigurationTests.java
View File

@ -27,8 +27,9 @@ import org.jspecify.annotations.Nullable;
import org.junit.jupiter.api.Test;
import org.springframework.boot.autoconfigure.AutoConfigurations;
import org.springframework.boot.security.autoconfigure.actuate.servlet.ManagementWebSecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.servlet.SecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.SecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.actuate.web.servlet.ManagementWebSecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.web.servlet.ServletWebSecurityAutoConfiguration;
import org.springframework.boot.test.context.FilteredClassLoader;
import org.springframework.boot.test.context.assertj.AssertableWebApplicationContext;
import org.springframework.boot.test.context.runner.ApplicationContextRunner;
@ -69,8 +70,9 @@ class Saml2RelyingPartyAutoConfigurationTests {
private static final String MANAGEMENT_SECURITY_FILTER_CHAIN_BEAN = "managementSecurityFilterChain";
private final WebApplicationContextRunner contextRunner = new WebApplicationContextRunner().withConfiguration(
AutoConfigurations.of(Saml2RelyingPartyAutoConfiguration.class, SecurityAutoConfiguration.class));
private final WebApplicationContextRunner contextRunner = new WebApplicationContextRunner()
.withConfiguration(AutoConfigurations.of(Saml2RelyingPartyAutoConfiguration.class,
SecurityAutoConfiguration.class, ServletWebSecurityAutoConfiguration.class));
@Test
void autoConfigurationShouldBeConditionalOnRelyingPartyRegistrationRepositoryClass() {
@ -444,7 +446,7 @@ class Saml2RelyingPartyAutoConfigurationTests {
}
@EnableWebSecurity
static class WebSecurityEnablerConfiguration {
static class EnableWebSecurityConfiguration {
}

9
module/spring-boot-security-test/src/main/resources/META-INF/spring/org.springframework.boot.webmvc.test.autoconfigure.AutoConfigureMockMvc.imports
View File

@ -1,4 +1,5 @@
org.springframework.boot.security.autoconfigure.servlet.SecurityAutoConfiguration
org.springframework.boot.security.autoconfigure.servlet.SecurityFilterAutoConfiguration
org.springframework.boot.security.autoconfigure.servlet.UserDetailsServiceAutoConfiguration
org.springframework.boot.security.test.autoconfigure.webmvc.SecurityMockMvcAutoConfiguration
org.springframework.boot.security.autoconfigure.SecurityAutoConfiguration
org.springframework.boot.security.autoconfigure.UserDetailsServiceAutoConfiguration
org.springframework.boot.security.autoconfigure.web.servlet.SecurityFilterAutoConfiguration
org.springframework.boot.security.autoconfigure.web.servlet.ServletWebSecurityAutoConfiguration
org.springframework.boot.security.test.autoconfigure.webmvc.SecurityMockMvcAutoConfiguration

5
module/spring-boot-security-test/src/main/resources/META-INF/spring/org.springframework.boot.webtestclient.AutoConfigureWebTestClient.imports
View File

@ -1,3 +1,4 @@
org.springframework.boot.security.autoconfigure.reactive.ReactiveSecurityAutoConfiguration
org.springframework.boot.security.autoconfigure.reactive.ReactiveUserDetailsServiceAutoConfiguration
org.springframework.boot.security.autoconfigure.ReactiveUserDetailsServiceAutoConfiguration
org.springframework.boot.security.autoconfigure.SecurityAutoConfiguration
org.springframework.boot.security.autoconfigure.web.reactive.ReactiveWebSecurityAutoConfiguration
org.springframework.boot.security.test.autoconfigure.webflux.SecurityWebTestClientAutoConfiguration

4
module/spring-boot-security-test/src/test/java/org/springframework/boot/security/test/autoconfigure/webmvc/AfterSecurityFilter.java
View File

@ -26,7 +26,7 @@ import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import org.springframework.boot.security.autoconfigure.SecurityProperties;
import org.springframework.boot.security.autoconfigure.web.servlet.SecurityFilterProperties;
import org.springframework.core.Ordered;
/**
@ -38,7 +38,7 @@ public class AfterSecurityFilter implements Filter, Ordered {
@Override
public int getOrder() {
return SecurityProperties.DEFAULT_FILTER_ORDER + 1;
return SecurityFilterProperties.DEFAULT_FILTER_ORDER + 1;
}
@Override

4
module/spring-boot-security-test/src/test/java/org/springframework/boot/security/test/autoconfigure/webmvc/ExampleFilter.java
View File

@ -26,7 +26,7 @@ import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletResponse;
import org.springframework.boot.security.autoconfigure.SecurityProperties;
import org.springframework.boot.security.autoconfigure.web.servlet.SecurityFilterProperties;
import org.springframework.boot.webmvc.test.autoconfigure.WebMvcTest;
import org.springframework.core.Ordered;
import org.springframework.stereotype.Component;
@ -56,7 +56,7 @@ public class ExampleFilter implements Filter, Ordered {
@Override
public int getOrder() {
return SecurityProperties.DEFAULT_FILTER_ORDER - 1;
return SecurityFilterProperties.DEFAULT_FILTER_ORDER - 1;
}
}

53
module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/MissingAlternativeUserDetailsManagerOrUserPropertiesConfigured.java Normal file
View File

@ -0,0 +1,53 @@
/*
* Copyright 2012-present the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure;
import org.springframework.boot.autoconfigure.condition.AnyNestedCondition;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Condition;
/**
* {@link Condition} used to check if security username or passowrd properties have been
* set or there are no alternatives to the user details manager available.
*
* @author Andy Wilkinson
*/
final class MissingAlternativeUserDetailsManagerOrUserPropertiesConfigured extends AnyNestedCondition {
MissingAlternativeUserDetailsManagerOrUserPropertiesConfigured() {
super(ConfigurationPhase.PARSE_CONFIGURATION);
}
@ConditionalOnMissingClass({ "org.springframework.security.oauth2.client.registration.ClientRegistrationRepository",
"org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector",
"org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository" })
static final class MissingAlternative {
}
@ConditionalOnProperty("spring.security.user.name")
static final class NameConfigured {
}
@ConditionalOnProperty("spring.security.user.password")
static final class PasswordConfigured {
}
}

49
module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/reactive/ReactiveUserDetailsServiceAutoConfiguration.java → module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/ReactiveUserDetailsServiceAutoConfiguration.java
View File

@ -14,7 +14,7 @@
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure.reactive;
package org.springframework.boot.security.autoconfigure;
import java.util.List;
import java.util.regex.Pattern;
@ -25,19 +25,16 @@ import org.jspecify.annotations.Nullable;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.condition.AnyNestedCondition;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication.Type;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.security.autoconfigure.SecurityProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Conditional;
import org.springframework.context.annotation.Configuration;
import org.springframework.messaging.rsocket.annotation.support.RSocketMessageHandler;
import org.springframework.security.authentication.ReactiveAuthenticationManager;
import org.springframework.security.authentication.ReactiveAuthenticationManagerResolver;
@ -49,24 +46,29 @@ import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.util.StringUtils;
/**
* Default user {@link Configuration @Configuration} for a reactive web application.
* Configures a {@link ReactiveUserDetailsService} with a default user and generated
* password. This backs-off completely if there is a bean of type
* {@link EnableAutoConfiguration Auto-configuration} for a Spring Security in-memory
* {@link ReactiveUserDetailsService}. Adds a {@link MapReactiveUserDetailsService} with a
* default user and generated password.
* <p>
* This configuration backs-off completely if there is a bean of type
* {@link ReactiveUserDetailsService}, {@link ReactiveAuthenticationManager}, or
* {@link ReactiveAuthenticationManagerResolver}.
* <p>
* Note that the reactive application detection mechanism is limited to web applications
* only. If you're writing a non-web application you will need to configure reactive
* security yourself.
*
* @author Madhura Bhave
* @since 4.0.0
*/
@AutoConfiguration(before = ReactiveSecurityAutoConfiguration.class,
afterName = "org.springframework.boot.rsocket.autoconfigure.RSocketMessagingAutoConfiguration")
@AutoConfiguration(afterName = "org.springframework.boot.rsocket.autoconfigure.RSocketMessagingAutoConfiguration")
@ConditionalOnClass({ ReactiveAuthenticationManager.class })
@ConditionalOnMissingBean(
value = { ReactiveAuthenticationManager.class, ReactiveUserDetailsService.class,
ReactiveAuthenticationManagerResolver.class },
type = { "org.springframework.security.oauth2.jwt.ReactiveJwtDecoder" })
@Conditional({ ReactiveUserDetailsServiceAutoConfiguration.RSocketEnabledOrReactiveWebApplication.class,
ReactiveUserDetailsServiceAutoConfiguration.MissingAlternativeOrUserPropertiesConfigured.class })
MissingAlternativeUserDetailsManagerOrUserPropertiesConfigured.class })
@EnableConfigurationProperties(SecurityProperties.class)
public final class ReactiveUserDetailsServiceAutoConfiguration {
@ -118,29 +120,4 @@ public final class ReactiveUserDetailsServiceAutoConfiguration {
}
static final class MissingAlternativeOrUserPropertiesConfigured extends AnyNestedCondition {
MissingAlternativeOrUserPropertiesConfigured() {
super(ConfigurationPhase.PARSE_CONFIGURATION);
}
@ConditionalOnMissingClass({
"org.springframework.security.oauth2.client.registration.ClientRegistrationRepository",
"org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenIntrospector" })
static final class MissingAlternative {
}
@ConditionalOnProperty("spring.security.user.name")
static final class NameConfigured {
}
@ConditionalOnProperty("spring.security.user.password")
static final class PasswordConfigured {
}
}
}

22
module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/servlet/SecurityAutoConfiguration.java → module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/SecurityAutoConfiguration.java
View File

@ -14,20 +14,19 @@
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure.servlet;
package org.springframework.boot.security.autoconfigure;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.security.autoconfigure.SecurityDataConfiguration;
import org.springframework.boot.security.autoconfigure.SecurityProperties;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Import;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationEventPublisher;
import org.springframework.security.authentication.DefaultAuthenticationEventPublisher;
import org.springframework.security.data.repository.query.SecurityEvaluationContextExtension;
/**
* {@link EnableAutoConfiguration Auto-configuration} for Spring Security.
@ -37,10 +36,9 @@ import org.springframework.security.authentication.DefaultAuthenticationEventPub
* @author Madhura Bhave
* @since 4.0.0
*/
@AutoConfiguration(before = UserDetailsServiceAutoConfiguration.class)
@AutoConfiguration
@ConditionalOnClass(DefaultAuthenticationEventPublisher.class)
@EnableConfigurationProperties(SecurityProperties.class)
@Import({ SpringBootWebSecurityConfiguration.class, SecurityDataConfiguration.class })
public final class SecurityAutoConfiguration {
@Bean
@ -49,4 +47,16 @@ public final class SecurityAutoConfiguration {
return new DefaultAuthenticationEventPublisher(publisher);
}
@Configuration(proxyBeanMethods = false)
@ConditionalOnClass(SecurityEvaluationContextExtension.class)
static class SecurityDataConfiguration {
@Bean
@ConditionalOnMissingBean
SecurityEvaluationContextExtension securityEvaluationContextExtension() {
return new SecurityEvaluationContextExtension();
}
}
}

41
module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/SecurityDataConfiguration.java
View File

@ -1,41 +0,0 @@
/*
* Copyright 2012-present the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.data.repository.query.SecurityEvaluationContextExtension;
/**
* Automatically adds Spring Security's integration with Spring Data.
*
* @author Rob Winch
* @since 4.0.0
*/
@Configuration(proxyBeanMethods = false)
@ConditionalOnClass(SecurityEvaluationContextExtension.class)
public class SecurityDataConfiguration {
@Bean
@ConditionalOnMissingBean
public SecurityEvaluationContextExtension securityEvaluationContextExtension() {
return new SecurityEvaluationContextExtension();
}
}

56
module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/SecurityProperties.java
View File

@ -17,15 +17,10 @@
package org.springframework.boot.security.autoconfigure;
import java.util.ArrayList;
import java.util.EnumSet;
import java.util.List;
import java.util.Set;
import java.util.UUID;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.boot.servlet.filter.OrderedFilter;
import org.springframework.boot.web.servlet.DispatcherType;
import org.springframework.core.Ordered;
import org.springframework.util.StringUtils;
/**
@ -39,63 +34,12 @@ import org.springframework.util.StringUtils;
@ConfigurationProperties("spring.security")
public class SecurityProperties {
/**
* Order applied to the {@code SecurityFilterChain} that is used to configure basic
* authentication for application endpoints. Create your own
* {@code SecurityFilterChain} if you want to add your own authentication for all or
* some of those endpoints.
*/
public static final int BASIC_AUTH_ORDER = Ordered.LOWEST_PRECEDENCE - 5;
/**
* Default order of Spring Security's Filter in the servlet container (i.e. amongst
* other filters registered with the container). There is no connection between this
* and the {@code @Order} on a {@code SecurityFilterChain}.
*/
public static final int DEFAULT_FILTER_ORDER = OrderedFilter.REQUEST_WRAPPER_FILTER_MAX_ORDER - 100;
private final Filter filter = new Filter();
private final User user = new User();
public User getUser() {
return this.user;
}
public Filter getFilter() {
return this.filter;
}
public static class Filter {
/**
* Security filter chain order for Servlet-based web applications.
*/
private int order = DEFAULT_FILTER_ORDER;
/**
* Security filter chain dispatcher types for Servlet-based web applications.
*/
private Set<DispatcherType> dispatcherTypes = EnumSet.allOf(DispatcherType.class);
public int getOrder() {
return this.order;
}
public void setOrder(int order) {
this.order = order;
}
public Set<DispatcherType> getDispatcherTypes() {
return this.dispatcherTypes;
}
public void setDispatcherTypes(Set<DispatcherType> dispatcherTypes) {
this.dispatcherTypes = dispatcherTypes;
}
}
public static class User {
/**

38
module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/servlet/UserDetailsServiceAutoConfiguration.java → module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/UserDetailsServiceAutoConfiguration.java
View File

@ -14,7 +14,7 @@
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure.servlet;
package org.springframework.boot.security.autoconfigure;
import java.util.List;
import java.util.regex.Pattern;
@ -26,22 +26,15 @@ import org.jspecify.annotations.Nullable;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.condition.AnyNestedCondition;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication.Type;
import org.springframework.boot.security.autoconfigure.SecurityProperties;
import org.springframework.boot.security.autoconfigure.servlet.UserDetailsServiceAutoConfiguration.MissingAlternativeOrUserPropertiesConfigured;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Conditional;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationManagerResolver;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.ObjectPostProcessor;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
@ -61,8 +54,7 @@ import org.springframework.util.StringUtils;
*/
@AutoConfiguration
@ConditionalOnClass(AuthenticationManager.class)
@Conditional(MissingAlternativeOrUserPropertiesConfigured.class)
@ConditionalOnBean(ObjectPostProcessor.class)
@Conditional(MissingAlternativeUserDetailsManagerOrUserPropertiesConfigured.class)
@ConditionalOnMissingBean(value = { AuthenticationManager.class, AuthenticationProvider.class, UserDetailsService.class,
AuthenticationManagerResolver.class }, type = "org.springframework.security.oauth2.jwt.JwtDecoder")
@ConditionalOnWebApplication(type = Type.SERVLET)
@ -100,30 +92,4 @@ public final class UserDetailsServiceAutoConfiguration {
return NOOP_PASSWORD_PREFIX + password;
}
static final class MissingAlternativeOrUserPropertiesConfigured extends AnyNestedCondition {
MissingAlternativeOrUserPropertiesConfigured() {
super(ConfigurationPhase.PARSE_CONFIGURATION);
}
@ConditionalOnMissingClass({
"org.springframework.security.oauth2.client.registration.ClientRegistrationRepository",
"org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector",
"org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository" })
static final class MissingAlternative {
}
@ConditionalOnProperty("spring.security.user.name")
static final class NameConfigured {
}
@ConditionalOnProperty("spring.security.user.password")
static final class PasswordConfigured {
}
}
}

4
module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/actuate/reactive/EndpointRequest.java → module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/actuate/web/reactive/EndpointRequest.java
View File

@ -14,7 +14,7 @@
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure.actuate.reactive;
package org.springframework.boot.security.autoconfigure.actuate.web.reactive;
import java.util.ArrayList;
import java.util.Arrays;
@ -37,7 +37,7 @@ import org.springframework.boot.actuate.endpoint.EndpointId;
import org.springframework.boot.actuate.endpoint.annotation.Endpoint;
import org.springframework.boot.actuate.endpoint.web.PathMappedEndpoints;
import org.springframework.boot.actuate.endpoint.web.WebServerNamespace;
import org.springframework.boot.security.reactive.ApplicationContextServerWebExchangeMatcher;
import org.springframework.boot.security.web.reactive.ApplicationContextServerWebExchangeMatcher;
import org.springframework.boot.web.server.context.WebServerApplicationContext;
import org.springframework.context.ApplicationContext;
import org.springframework.core.annotation.MergedAnnotation;

8
module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/actuate/reactive/ReactiveManagementWebSecurityAutoConfiguration.java → module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/actuate/web/reactive/ReactiveManagementWebSecurityAutoConfiguration.java
View File

@ -14,7 +14,7 @@
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure.actuate.reactive;
package org.springframework.boot.security.autoconfigure.actuate.web.reactive;
import reactor.core.publisher.Mono;
@ -27,8 +27,7 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication.Type;
import org.springframework.boot.health.actuate.endpoint.HealthEndpoint;
import org.springframework.boot.security.autoconfigure.reactive.ReactiveSecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.reactive.ReactiveUserDetailsServiceAutoConfiguration;
import org.springframework.boot.security.autoconfigure.web.reactive.ReactiveWebSecurityAutoConfiguration;
import org.springframework.context.annotation.Bean;
import org.springframework.security.authentication.ReactiveAuthenticationManager;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
@ -52,8 +51,7 @@ import static org.springframework.security.config.Customizer.withDefaults;
* @author Madhura Bhave
* @since 4.0.0
*/
@AutoConfiguration(before = ReactiveSecurityAutoConfiguration.class,
after = ReactiveUserDetailsServiceAutoConfiguration.class,
@AutoConfiguration(before = ReactiveWebSecurityAutoConfiguration.class,
afterName = { "org.springframework.boot.health.autoconfigure.actuate.endpoint.HealthEndpointAutoConfiguration",
"org.springframework.boot.actuate.autoconfigure.info.InfoEndpointAutoConfiguration",
"org.springframework.boot.actuate.autoconfigure.endpoint.web.WebEndpointAutoConfiguration" })

2
module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/actuate/reactive/package-info.java → module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/actuate/web/reactive/package-info.java
View File

@ -18,6 +18,6 @@
* Auto-configuration for actuator security using WebFlux.
*/
@NullMarked
package org.springframework.boot.security.autoconfigure.actuate.reactive;
package org.springframework.boot.security.autoconfigure.actuate.web.reactive;
import org.jspecify.annotations.NullMarked;

4
module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/actuate/servlet/EndpointRequest.java → module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/actuate/web/servlet/EndpointRequest.java
View File

@ -14,7 +14,7 @@
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure.actuate.servlet;
package org.springframework.boot.security.autoconfigure.actuate.web.servlet;
import java.util.ArrayList;
import java.util.Arrays;
@ -37,7 +37,7 @@ import org.springframework.boot.actuate.endpoint.EndpointId;
import org.springframework.boot.actuate.endpoint.annotation.Endpoint;
import org.springframework.boot.actuate.endpoint.web.PathMappedEndpoints;
import org.springframework.boot.actuate.endpoint.web.WebServerNamespace;
import org.springframework.boot.security.servlet.ApplicationContextRequestMatcher;
import org.springframework.boot.security.web.servlet.ApplicationContextRequestMatcher;
import org.springframework.boot.web.server.context.WebServerApplicationContext;
import org.springframework.context.ApplicationContext;
import org.springframework.core.annotation.MergedAnnotation;

12
module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/actuate/servlet/ManagementWebSecurityAutoConfiguration.java → module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/actuate/web/servlet/ManagementWebSecurityAutoConfiguration.java
View File

@ -14,7 +14,7 @@
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure.actuate.servlet;
package org.springframework.boot.security.autoconfigure.actuate.web.servlet;
import org.springframework.boot.actuate.autoconfigure.endpoint.web.WebEndpointAutoConfiguration;
import org.springframework.boot.actuate.endpoint.web.WebServerNamespace;
@ -24,9 +24,9 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication.Type;
import org.springframework.boot.health.actuate.endpoint.HealthEndpoint;
import org.springframework.boot.security.autoconfigure.ConditionalOnDefaultWebSecurity;
import org.springframework.boot.security.autoconfigure.SecurityProperties;
import org.springframework.boot.security.autoconfigure.servlet.SecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.web.servlet.ConditionalOnDefaultWebSecurity;
import org.springframework.boot.security.autoconfigure.web.servlet.SecurityFilterProperties;
import org.springframework.boot.security.autoconfigure.web.servlet.ServletWebSecurityAutoConfiguration;
import org.springframework.context.annotation.Bean;
import org.springframework.core.annotation.Order;
import org.springframework.core.env.Environment;
@ -48,7 +48,7 @@ import static org.springframework.security.config.Customizer.withDefaults;
* @author Hatef Palizgar
* @since 4.0.0
*/
@AutoConfiguration(before = SecurityAutoConfiguration.class,
@AutoConfiguration(before = ServletWebSecurityAutoConfiguration.class,
afterName = { "org.springframework.boot.health.autoconfigure.actuate.endpoint.HealthEndpointAutoConfiguration",
"org.springframework.boot.actuate.autoconfigure.info.InfoEndpointAutoConfiguration" })
@ConditionalOnWebApplication(type = Type.SERVLET)
@ -57,7 +57,7 @@ import static org.springframework.security.config.Customizer.withDefaults;
public final class ManagementWebSecurityAutoConfiguration {
@Bean
@Order(SecurityProperties.BASIC_AUTH_ORDER)
@Order(SecurityFilterProperties.BASIC_AUTH_ORDER)
SecurityFilterChain managementSecurityFilterChain(Environment environment, HttpSecurity http) {
if (ClassUtils.isPresent("org.springframework.boot.health.actuate.endpoint.HealthEndpoint",
getClass().getClassLoader())) {

2
module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/actuate/servlet/PathPatternRequestMatcherProvider.java → module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/actuate/web/servlet/PathPatternRequestMatcherProvider.java
View File

@ -14,7 +14,7 @@
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure.actuate.servlet;
package org.springframework.boot.security.autoconfigure.actuate.web.servlet;
import java.util.function.Function;

2
module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/actuate/servlet/RequestMatcherProvider.java → module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/actuate/web/servlet/RequestMatcherProvider.java
View File

@ -14,7 +14,7 @@
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure.actuate.servlet;
package org.springframework.boot.security.autoconfigure.actuate.web.servlet;
import org.jspecify.annotations.Nullable;

2
module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/actuate/servlet/SecurityRequestMatchersManagementContextConfiguration.java → module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/actuate/web/servlet/SecurityRequestMatchersManagementContextConfiguration.java
View File

@ -14,7 +14,7 @@
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure.actuate.servlet;
package org.springframework.boot.security.autoconfigure.actuate.web.servlet;
import org.springframework.boot.actuate.autoconfigure.web.ManagementContextConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;

2
module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/actuate/servlet/package-info.java → module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/actuate/web/servlet/package-info.java
View File

@ -18,6 +18,6 @@
* Auto-configuration for actuator security using Spring MVC.
*/
@NullMarked
package org.springframework.boot.security.autoconfigure.actuate.servlet;
package org.springframework.boot.security.autoconfigure.actuate.web.servlet;
import org.jspecify.annotations.NullMarked;

2
module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/StaticResourceLocation.java → module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/web/StaticResourceLocation.java
View File

@ -14,7 +14,7 @@
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure;
package org.springframework.boot.security.autoconfigure.web;
import java.util.Arrays;
import java.util.stream.Stream;

23
module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/web/package-info.java Normal file
View File

@ -0,0 +1,23 @@
/*
* Copyright 2012-present the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* Support classes for Spring Security web Auto-configuration.
*/
@NullMarked
package org.springframework.boot.security.autoconfigure.web;
import org.jspecify.annotations.NullMarked;

4
module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/reactive/PathRequest.java → module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/web/reactive/PathRequest.java
View File

@ -14,9 +14,9 @@
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure.reactive;
package org.springframework.boot.security.autoconfigure.web.reactive;
import org.springframework.boot.security.autoconfigure.StaticResourceLocation;
import org.springframework.boot.security.autoconfigure.web.StaticResourceLocation;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
/**

8
module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/reactive/ReactiveSecurityAutoConfiguration.java → module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/web/reactive/ReactiveWebSecurityAutoConfiguration.java
View File

@ -14,7 +14,7 @@
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure.reactive;
package org.springframework.boot.security.autoconfigure.web.reactive;
import reactor.core.publisher.Flux;
import reactor.core.publisher.Mono;
@ -26,6 +26,7 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication.Type;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.security.autoconfigure.ReactiveUserDetailsServiceAutoConfiguration;
import org.springframework.boot.security.autoconfigure.SecurityProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@ -48,10 +49,11 @@ import org.springframework.web.reactive.config.WebFluxConfigurer;
* @author Madhura Bhave
* @since 4.0.0
*/
@AutoConfiguration
@AutoConfiguration(after = ReactiveUserDetailsServiceAutoConfiguration.class,
afterName = "org.springframework.boot.webflux.autoconfigure.WebFluxAutoConfiguration")
@EnableConfigurationProperties(SecurityProperties.class)
@ConditionalOnClass({ Flux.class, EnableWebFluxSecurity.class, WebFilterChainProxy.class, WebFluxConfigurer.class })
public final class ReactiveSecurityAutoConfiguration {
public final class ReactiveWebSecurityAutoConfiguration {
@ConditionalOnWebApplication(type = Type.REACTIVE)
@Configuration(proxyBeanMethods = false)

4
module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/reactive/StaticResourceRequest.java → module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/web/reactive/StaticResourceRequest.java
View File

@ -14,7 +14,7 @@
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure.reactive;
package org.springframework.boot.security.autoconfigure.web.reactive;
import java.util.EnumSet;
import java.util.LinkedHashSet;
@ -23,7 +23,7 @@ import java.util.stream.Stream;
import reactor.core.publisher.Mono;
import org.springframework.boot.security.autoconfigure.StaticResourceLocation;
import org.springframework.boot.security.autoconfigure.web.StaticResourceLocation;
import org.springframework.security.web.server.util.matcher.OrServerWebExchangeMatcher;
import org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;

2
module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/reactive/package-info.java → module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/web/reactive/package-info.java
View File

@ -18,6 +18,6 @@
* Auto-configuration for reactive Spring Security.
*/
@NullMarked
package org.springframework.boot.security.autoconfigure.reactive;
package org.springframework.boot.security.autoconfigure.web.reactive;
import org.jspecify.annotations.NullMarked;

2
module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/ConditionalOnDefaultWebSecurity.java → module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/web/servlet/ConditionalOnDefaultWebSecurity.java
View File

@ -14,7 +14,7 @@
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure;
package org.springframework.boot.security.autoconfigure.web.servlet;
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;

2
module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/DefaultWebSecurityCondition.java → module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/web/servlet/DefaultWebSecurityCondition.java
View File

@ -14,7 +14,7 @@
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure;
package org.springframework.boot.security.autoconfigure.web.servlet;
import org.springframework.boot.autoconfigure.condition.AllNestedConditions;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;

6
module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/servlet/PathRequest.java → module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/web/servlet/PathRequest.java
View File

@ -14,7 +14,7 @@
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure.servlet;
package org.springframework.boot.security.autoconfigure.web.servlet;
import java.util.function.Supplier;
@ -22,8 +22,8 @@ import jakarta.servlet.http.HttpServletRequest;
import org.jspecify.annotations.Nullable;
import org.springframework.boot.h2console.autoconfigure.H2ConsoleProperties;
import org.springframework.boot.security.autoconfigure.StaticResourceLocation;
import org.springframework.boot.security.servlet.ApplicationContextRequestMatcher;
import org.springframework.boot.security.autoconfigure.web.StaticResourceLocation;
import org.springframework.boot.security.web.servlet.ApplicationContextRequestMatcher;
import org.springframework.boot.web.server.context.WebServerApplicationContext;
import org.springframework.context.ApplicationContext;
import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher;

23
module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/servlet/SecurityFilterAutoConfiguration.java → module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/web/servlet/SecurityFilterAutoConfiguration.java
View File

@ -14,7 +14,7 @@
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure.servlet;
package org.springframework.boot.security.autoconfigure.web.servlet;
import java.util.EnumSet;
import java.util.stream.Collectors;
@ -29,7 +29,6 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication.Type;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.security.autoconfigure.SecurityProperties;
import org.springframework.boot.web.servlet.DelegatingFilterProxyRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration;
@ -38,7 +37,7 @@ import org.springframework.security.web.context.AbstractSecurityWebApplicationIn
/**
* {@link EnableAutoConfiguration Auto-configuration} for Spring Security's Filter.
* Configured separately from {@link SpringBootWebSecurityConfiguration} to ensure that
* Configured separately from {@link ServletWebSecurityAutoConfiguration} to ensure that
* the filter's order is still configured when a user-provided
* {@link WebSecurityConfiguration} exists.
*
@ -47,9 +46,9 @@ import org.springframework.security.web.context.AbstractSecurityWebApplicationIn
* @author Andy Wilkinson
* @since 4.0.0
*/
@AutoConfiguration(after = SecurityAutoConfiguration.class)
@AutoConfiguration(after = ServletWebSecurityAutoConfiguration.class)
@ConditionalOnWebApplication(type = Type.SERVLET)
@EnableConfigurationProperties(SecurityProperties.class)
@EnableConfigurationProperties(SecurityFilterProperties.class)
@ConditionalOnClass({ AbstractSecurityWebApplicationInitializer.class, SessionCreationPolicy.class })
public final class SecurityFilterAutoConfiguration {
@ -57,20 +56,20 @@ public final class SecurityFilterAutoConfiguration {
@Bean
@ConditionalOnBean(name = DEFAULT_FILTER_NAME)
DelegatingFilterProxyRegistrationBean securityFilterChainRegistration(SecurityProperties securityProperties) {
DelegatingFilterProxyRegistrationBean securityFilterChainRegistration(
SecurityFilterProperties securityFilterProperties) {
DelegatingFilterProxyRegistrationBean registration = new DelegatingFilterProxyRegistrationBean(
DEFAULT_FILTER_NAME);
registration.setOrder(securityProperties.getFilter().getOrder());
registration.setDispatcherTypes(getDispatcherTypes(securityProperties));
registration.setOrder(securityFilterProperties.getOrder());
registration.setDispatcherTypes(getDispatcherTypes(securityFilterProperties));
return registration;
}
private @Nullable EnumSet<DispatcherType> getDispatcherTypes(SecurityProperties securityProperties) {
if (securityProperties.getFilter().getDispatcherTypes() == null) {
private @Nullable EnumSet<DispatcherType> getDispatcherTypes(SecurityFilterProperties securityFilterProperties) {
if (securityFilterProperties.getDispatcherTypes() == null) {
return null;
}
return securityProperties.getFilter()
.getDispatcherTypes()
return securityFilterProperties.getDispatcherTypes()
.stream()
.map((type) -> DispatcherType.valueOf(type.name()))
.collect(Collectors.toCollection(() -> EnumSet.noneOf(DispatcherType.class)));

77
module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/web/servlet/SecurityFilterProperties.java Normal file
View File

@ -0,0 +1,77 @@
/*
* Copyright 2012-present the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure.web.servlet;
import java.util.EnumSet;
import java.util.Set;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.boot.servlet.filter.OrderedFilter;
import org.springframework.boot.web.servlet.DispatcherType;
import org.springframework.core.Ordered;
/**
* Configuration properties for Spring Security Filter.
*
* @author Phillip Webb
* @since 4.0.0
*/
@ConfigurationProperties("spring.security.filter")
public class SecurityFilterProperties {
/**
* Order applied to the {@code SecurityFilterChain} that is used to configure basic
* authentication for application endpoints. Create your own
* {@code SecurityFilterChain} if you want to add your own authentication for all or
* some of those endpoints.
*/
public static final int BASIC_AUTH_ORDER = Ordered.LOWEST_PRECEDENCE - 5;
/**
* Default order of Spring Security's Filter in the servlet container (i.e. amongst
* other filters registered with the container). There is no connection between this
* and the {@code @Order} on a {@code SecurityFilterChain}.
*/
public static final int DEFAULT_FILTER_ORDER = OrderedFilter.REQUEST_WRAPPER_FILTER_MAX_ORDER - 100;
/**
* Security filter chain order for Servlet-based web applications.
*/
private int order = DEFAULT_FILTER_ORDER;
/**
* Security filter chain dispatcher types for Servlet-based web applications.
*/
private Set<DispatcherType> dispatcherTypes = EnumSet.allOf(DispatcherType.class);
public int getOrder() {
return this.order;
}
public void setOrder(int order) {
this.order = order;
}
public Set<DispatcherType> getDispatcherTypes() {
return this.dispatcherTypes;
}
public void setDispatcherTypes(Set<DispatcherType> dispatcherTypes) {
this.dispatcherTypes = dispatcherTypes;
}
}

22
module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/servlet/SpringBootWebSecurityConfiguration.java → module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/web/servlet/ServletWebSecurityAutoConfiguration.java
View File

@ -14,15 +14,16 @@
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure.servlet;
package org.springframework.boot.security.autoconfigure.web.servlet;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication.Type;
import org.springframework.boot.security.autoconfigure.ConditionalOnDefaultWebSecurity;
import org.springframework.boot.security.autoconfigure.SecurityProperties;
import org.springframework.boot.security.autoconfigure.UserDetailsServiceAutoConfiguration;
import org.springframework.boot.webmvc.autoconfigure.DispatcherServletPath;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@ -36,13 +37,18 @@ import org.springframework.security.web.servlet.util.matcher.PathPatternRequestM
import static org.springframework.security.config.Customizer.withDefaults;
/**
* {@link Configuration @Configuration} class securing servlet applications.
* {@link EnableAutoConfiguration Auto-configuration} for Spring Security.
*
* @author Dave Syer
* @author Andy Wilkinson
* @author Madhura Bhave
* @since 4.0.0
*/
@Configuration(proxyBeanMethods = false)
@AutoConfiguration(after = UserDetailsServiceAutoConfiguration.class,
afterName = "org.springframework.boot.webmvc.autoconfigure.WebMvcAutoConfiguration")
@ConditionalOnClass(EnableWebSecurity.class)
@ConditionalOnWebApplication(type = Type.SERVLET)
class SpringBootWebSecurityConfiguration {
public final class ServletWebSecurityAutoConfiguration {
@Configuration(proxyBeanMethods = false)
@ConditionalOnBean(DispatcherServletPath.class)
@ -72,7 +78,7 @@ class SpringBootWebSecurityConfiguration {
static class SecurityFilterChainConfiguration {
@Bean
@Order(SecurityProperties.BASIC_AUTH_ORDER)
@Order(SecurityFilterProperties.BASIC_AUTH_ORDER)
SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) {
http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated());
http.formLogin(withDefaults());
@ -95,7 +101,7 @@ class SpringBootWebSecurityConfiguration {
@ConditionalOnMissingBean(name = BeanIds.SPRING_SECURITY_FILTER_CHAIN)
@ConditionalOnClass(EnableWebSecurity.class)
@EnableWebSecurity
static class WebSecurityEnablerConfiguration {
static class EnableWebSecurityConfiguration {
}

6
module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/servlet/StaticResourceRequest.java → module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/web/servlet/StaticResourceRequest.java
View File

@ -14,7 +14,7 @@
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure.servlet;
package org.springframework.boot.security.autoconfigure.web.servlet;
import java.util.EnumSet;
import java.util.LinkedHashSet;
@ -25,8 +25,8 @@ import java.util.stream.Stream;
import jakarta.servlet.http.HttpServletRequest;
import org.jspecify.annotations.Nullable;
import org.springframework.boot.security.autoconfigure.StaticResourceLocation;
import org.springframework.boot.security.servlet.ApplicationContextRequestMatcher;
import org.springframework.boot.security.autoconfigure.web.StaticResourceLocation;
import org.springframework.boot.security.web.servlet.ApplicationContextRequestMatcher;
import org.springframework.boot.web.server.context.WebServerApplicationContext;
import org.springframework.boot.webmvc.autoconfigure.DispatcherServletPath;
import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher;

2
module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/servlet/package-info.java → module/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/web/servlet/package-info.java
View File

@ -18,6 +18,6 @@
* Auto-configuration for Servlet-based Spring Security.
*/
@NullMarked
package org.springframework.boot.security.autoconfigure.servlet;
package org.springframework.boot.security.autoconfigure.web.servlet;
import org.jspecify.annotations.NullMarked;

2
module/spring-boot-security/src/main/java/org/springframework/boot/security/reactive/ApplicationContextServerWebExchangeMatcher.java → module/spring-boot-security/src/main/java/org/springframework/boot/security/web/reactive/ApplicationContextServerWebExchangeMatcher.java
View File

@ -14,7 +14,7 @@
* limitations under the License.
*/
package org.springframework.boot.security.reactive;
package org.springframework.boot.security.web.reactive;
import java.util.function.Supplier;

2
module/spring-boot-security/src/main/java/org/springframework/boot/security/reactive/package-info.java → module/spring-boot-security/src/main/java/org/springframework/boot/security/web/reactive/package-info.java
View File

@ -18,6 +18,6 @@
* Classes and utilities for reactive Spring Security.
*/
@NullMarked
package org.springframework.boot.security.reactive;
package org.springframework.boot.security.web.reactive;
import org.jspecify.annotations.NullMarked;

2
module/spring-boot-security/src/main/java/org/springframework/boot/security/servlet/ApplicationContextRequestMatcher.java → module/spring-boot-security/src/main/java/org/springframework/boot/security/web/servlet/ApplicationContextRequestMatcher.java
View File

@ -14,7 +14,7 @@
* limitations under the License.
*/
package org.springframework.boot.security.servlet;
package org.springframework.boot.security.web.servlet;
import java.util.function.Supplier;

2
module/spring-boot-security/src/main/java/org/springframework/boot/security/servlet/package-info.java → module/spring-boot-security/src/main/java/org/springframework/boot/security/web/servlet/package-info.java
View File

@ -18,6 +18,6 @@
* Classes and utilities for Servlet-based Spring Security.
*/
@NullMarked
package org.springframework.boot.security.servlet;
package org.springframework.boot.security.web.servlet;
import org.jspecify.annotations.NullMarked;

2
module/spring-boot-security/src/main/resources/META-INF/spring/org.springframework.boot.actuate.autoconfigure.web.ManagementContextConfiguration.imports
View File

@ -1 +1 @@
org.springframework.boot.security.autoconfigure.actuate.servlet.SecurityRequestMatchersManagementContextConfiguration
org.springframework.boot.security.autoconfigure.actuate.web.servlet.SecurityRequestMatchersManagementContextConfiguration

15
module/spring-boot-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
View File

@ -1,8 +1,9 @@
org.springframework.boot.security.autoconfigure.actuate.reactive.ReactiveManagementWebSecurityAutoConfiguration
org.springframework.boot.security.autoconfigure.actuate.servlet.ManagementWebSecurityAutoConfiguration
org.springframework.boot.security.autoconfigure.reactive.ReactiveSecurityAutoConfiguration
org.springframework.boot.security.autoconfigure.reactive.ReactiveUserDetailsServiceAutoConfiguration
org.springframework.boot.security.autoconfigure.ReactiveUserDetailsServiceAutoConfiguration
org.springframework.boot.security.autoconfigure.SecurityAutoConfiguration
org.springframework.boot.security.autoconfigure.UserDetailsServiceAutoConfiguration
org.springframework.boot.security.autoconfigure.actuate.web.reactive.ReactiveManagementWebSecurityAutoConfiguration
org.springframework.boot.security.autoconfigure.actuate.web.servlet.ManagementWebSecurityAutoConfiguration
org.springframework.boot.security.autoconfigure.rsocket.RSocketSecurityAutoConfiguration
org.springframework.boot.security.autoconfigure.servlet.SecurityAutoConfiguration
org.springframework.boot.security.autoconfigure.servlet.SecurityFilterAutoConfiguration
org.springframework.boot.security.autoconfigure.servlet.UserDetailsServiceAutoConfiguration
org.springframework.boot.security.autoconfigure.web.reactive.ReactiveWebSecurityAutoConfiguration
org.springframework.boot.security.autoconfigure.web.servlet.SecurityFilterAutoConfiguration
org.springframework.boot.security.autoconfigure.web.servlet.ServletWebSecurityAutoConfiguration

25
module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/reactive/ReactiveUserDetailsServiceAutoConfigurationTests.java → module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/ReactiveUserDetailsServiceAutoConfigurationTests.java
View File

@ -14,7 +14,7 @@
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure.reactive;
package org.springframework.boot.security.autoconfigure;
import java.time.Duration;
@ -25,7 +25,7 @@ import org.springframework.boot.autoconfigure.AutoConfigurations;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.rsocket.autoconfigure.RSocketMessagingAutoConfiguration;
import org.springframework.boot.rsocket.autoconfigure.RSocketStrategiesAutoConfiguration;
import org.springframework.boot.security.autoconfigure.SecurityProperties;
import org.springframework.boot.security.autoconfigure.web.reactive.ReactiveWebSecurityAutoConfiguration;
import org.springframework.boot.test.context.FilteredClassLoader;
import org.springframework.boot.test.context.runner.ApplicationContextRunner;
import org.springframework.boot.test.context.runner.ReactiveWebApplicationContextRunner;
@ -42,7 +42,9 @@ import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
import org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenIntrospector;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Mockito.mock;
@ -60,9 +62,7 @@ class ReactiveUserDetailsServiceAutoConfigurationTests {
@Test
void configuresADefaultUser() {
this.contextRunner
.withClassLoader(
new FilteredClassLoader(ClientRegistrationRepository.class, ReactiveOpaqueTokenIntrospector.class))
this.contextRunner.withClassLoader(filterAlternativeUserDetailsManager())
.withUserConfiguration(TestSecurityConfiguration.class)
.run((context) -> {
ReactiveUserDetailsService userDetailsService = context.getBean(ReactiveUserDetailsService.class);
@ -72,9 +72,7 @@ class ReactiveUserDetailsServiceAutoConfigurationTests {
@Test
void userDetailsServiceWhenRSocketConfigured() {
new ApplicationContextRunner()
.withClassLoader(
new FilteredClassLoader(ClientRegistrationRepository.class, ReactiveOpaqueTokenIntrospector.class))
new ApplicationContextRunner().withClassLoader(filterAlternativeUserDetailsManager())
.withConfiguration(AutoConfigurations.of(ReactiveUserDetailsServiceAutoConfiguration.class,
RSocketMessagingAutoConfiguration.class, RSocketStrategiesAutoConfiguration.class))
.withUserConfiguration(TestRSocketSecurityConfiguration.class)
@ -97,7 +95,7 @@ class ReactiveUserDetailsServiceAutoConfigurationTests {
@Test
void doesNotConfigureDefaultUserIfAuthenticationManagerAvailable() {
this.contextRunner.withUserConfiguration(AuthenticationManagerConfig.class, TestSecurityConfiguration.class)
.withConfiguration(AutoConfigurations.of(ReactiveSecurityAutoConfiguration.class))
.withConfiguration(AutoConfigurations.of(ReactiveWebSecurityAutoConfiguration.class))
.run((context) -> assertThat(context).getBean(ReactiveUserDetailsService.class).isNull());
}
@ -127,9 +125,7 @@ class ReactiveUserDetailsServiceAutoConfigurationTests {
@Test
void userDetailsServiceWhenPasswordEncoderAbsentAndDefaultPassword() {
this.contextRunner
.withClassLoader(
new FilteredClassLoader(ClientRegistrationRepository.class, ReactiveOpaqueTokenIntrospector.class))
this.contextRunner.withClassLoader(filterAlternativeUserDetailsManager())
.withUserConfiguration(TestSecurityConfiguration.class)
.run(((context) -> {
MapReactiveUserDetailsService userDetailsService = context.getBean(MapReactiveUserDetailsService.class);
@ -171,6 +167,11 @@ class ReactiveUserDetailsServiceAutoConfigurationTests {
}));
}
private FilteredClassLoader filterAlternativeUserDetailsManager() {
return new FilteredClassLoader(ClientRegistrationRepository.class, ReactiveOpaqueTokenIntrospector.class,
OpaqueTokenIntrospector.class, RelyingPartyRegistrationRepository.class);
}
@Configuration(proxyBeanMethods = false)
@EnableWebFluxSecurity
@EnableConfigurationProperties(SecurityProperties.class)

112
module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/SecurityAutoConfigurationTests.java Normal file
View File

@ -0,0 +1,112 @@
/*
* Copyright 2012-present the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure;
import org.junit.jupiter.api.Test;
import org.springframework.boot.autoconfigure.AutoConfigurations;
import org.springframework.boot.autoconfigure.TestAutoConfigurationPackage;
import org.springframework.boot.autoconfigure.context.PropertyPlaceholderAutoConfiguration;
import org.springframework.boot.hibernate.autoconfigure.HibernateJpaAutoConfiguration;
import org.springframework.boot.jdbc.autoconfigure.DataSourceAutoConfiguration;
import org.springframework.boot.security.autoconfigure.jpa.City;
import org.springframework.boot.test.context.runner.WebApplicationContextRunner;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.orm.jpa.JpaTransactionManager;
import org.springframework.security.authentication.AuthenticationEventPublisher;
import org.springframework.security.authentication.DefaultAuthenticationEventPublisher;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.data.repository.query.SecurityEvaluationContextExtension;
import static org.assertj.core.api.Assertions.assertThat;
/**
* Tests for {@link SecurityAutoConfiguration}.
*
* @author Dave Syer
* @author Rob Winch
* @author Andy Wilkinson
* @author Madhura Bhave
*/
class SecurityAutoConfigurationTests {
private final WebApplicationContextRunner contextRunner = new WebApplicationContextRunner().withConfiguration(
AutoConfigurations.of(SecurityAutoConfiguration.class, PropertyPlaceholderAutoConfiguration.class));
@Test
void defaultAuthenticationEventPublisherRegistered() {
this.contextRunner.run((context) -> assertThat(context.getBean(AuthenticationEventPublisher.class))
.isInstanceOf(DefaultAuthenticationEventPublisher.class));
}
@Test
void defaultAuthenticationEventPublisherIsConditionalOnMissingBean() {
this.contextRunner.withUserConfiguration(AuthenticationEventPublisherConfiguration.class)
.run((context) -> assertThat(context.getBean(AuthenticationEventPublisher.class))
.isInstanceOf(AuthenticationEventPublisherConfiguration.TestAuthenticationEventPublisher.class));
}
@Test
void testJpaCoexistsHappily() {
this.contextRunner.withPropertyValues("spring.datasource.url:jdbc:hsqldb:mem:testsecdb")
.withUserConfiguration(EntityConfiguration.class)
.withConfiguration(
AutoConfigurations.of(HibernateJpaAutoConfiguration.class, DataSourceAutoConfiguration.class))
.run((context) -> assertThat(context.getBean(JpaTransactionManager.class)).isNotNull());
// This can fail if security @Conditionals force early instantiation of the
// HibernateJpaAutoConfiguration (e.g. the EntityManagerFactory is not found)
}
@Test
void testSecurityEvaluationContextExtensionSupport() {
this.contextRunner
.run((context) -> assertThat(context).getBean(SecurityEvaluationContextExtension.class).isNotNull());
}
@Configuration(proxyBeanMethods = false)
@TestAutoConfigurationPackage(City.class)
static class EntityConfiguration {
}
@Configuration(proxyBeanMethods = false)
static class AuthenticationEventPublisherConfiguration {
@Bean
AuthenticationEventPublisher authenticationEventPublisher() {
return new TestAuthenticationEventPublisher();
}
class TestAuthenticationEventPublisher implements AuthenticationEventPublisher {
@Override
public void publishAuthenticationSuccess(Authentication authentication) {
}
@Override
public void publishAuthenticationFailure(AuthenticationException exception, Authentication authentication) {
}
}
}
}

24
module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/SecurityPropertiesTests.java
View File

@ -33,7 +33,7 @@ import static org.assertj.core.api.Assertions.assertThat;
*/
class SecurityPropertiesTests {
private final SecurityProperties security = new SecurityProperties();
private final SecurityProperties properties = new SecurityProperties();
private Binder binder;
@ -44,21 +44,9 @@ class SecurityPropertiesTests {
this.binder = new Binder(this.source);
}
@Test
void validateDefaultFilterOrderMatchesMetadata() {
assertThat(this.security.getFilter().getOrder()).isEqualTo(-100);
}
@Test
void filterOrderShouldBind() {
this.source.put("spring.security.filter.order", "55");
this.binder.bind("spring.security", Bindable.ofInstance(this.security));
assertThat(this.security.getFilter().getOrder()).isEqualTo(55);
}
@Test
void userWhenNotConfiguredShouldUseDefaultNameAndGeneratedPassword() {
SecurityProperties.User user = this.security.getUser();
SecurityProperties.User user = this.properties.getUser();
assertThat(user.getName()).isEqualTo("user");
assertThat(user.getPassword()).isNotNull();
assertThat(user.isPasswordGenerated()).isTrue();
@ -70,8 +58,8 @@ class SecurityPropertiesTests {
this.source.put("spring.security.user.name", "foo");
this.source.put("spring.security.user.password", "password");
this.source.put("spring.security.user.roles", "ADMIN,USER");
this.binder.bind("spring.security", Bindable.ofInstance(this.security));
SecurityProperties.User user = this.security.getUser();
this.binder.bind("spring.security", Bindable.ofInstance(this.properties));
SecurityProperties.User user = this.properties.getUser();
assertThat(user.getName()).isEqualTo("foo");
assertThat(user.getPassword()).isEqualTo("password");
assertThat(user.isPasswordGenerated()).isFalse();
@ -81,8 +69,8 @@ class SecurityPropertiesTests {
@Test
void passwordAutogeneratedIfEmpty() {
this.source.put("spring.security.user.password", "");
this.binder.bind("spring.security", Bindable.ofInstance(this.security));
assertThat(this.security.getUser().isPasswordGenerated()).isTrue();
this.binder.bind("spring.security", Bindable.ofInstance(this.properties));
assertThat(this.properties.getUser().isPasswordGenerated()).isTrue();
}
}

9
module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/servlet/UserDetailsServiceAutoConfigurationTests.java → module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/UserDetailsServiceAutoConfigurationTests.java
View File

@ -14,7 +14,7 @@
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure.servlet;
package org.springframework.boot.security.autoconfigure;
import java.util.Collections;
import java.util.function.Function;
@ -33,8 +33,6 @@ import org.springframework.boot.autoconfigure.condition.ConditionEvaluationRepor
import org.springframework.boot.autoconfigure.condition.ConditionEvaluationReport.ConditionAndOutcomes;
import org.springframework.boot.autoconfigure.condition.ConditionOutcome;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.security.autoconfigure.SecurityProperties;
import org.springframework.boot.security.autoconfigure.servlet.UserDetailsServiceAutoConfiguration.MissingAlternativeOrUserPropertiesConfigured;
import org.springframework.boot.test.context.FilteredClassLoader;
import org.springframework.boot.test.context.runner.AbstractApplicationContextRunner;
import org.springframework.boot.test.context.runner.ApplicationContextRunner;
@ -243,11 +241,12 @@ class UserDetailsServiceAutoConfigurationTests {
.get(UserDetailsServiceAutoConfiguration.class.getName());
assertThat(conditionAndOutcomes).isNotNull();
for (ConditionAndOutcome conditionAndOutcome : conditionAndOutcomes) {
if (conditionAndOutcome.getCondition() instanceof MissingAlternativeOrUserPropertiesConfigured) {
if (conditionAndOutcome
.getCondition() instanceof MissingAlternativeUserDetailsManagerOrUserPropertiesConfigured) {
return conditionAndOutcome.getOutcome();
}
}
fail("No outcome for MissingAlternativeOrUserPropertiesConfigured found");
fail("No outcome for MissingAlternativeUserDetailsManagerOrUserPropertiesConfigured found");
throw new AssertionError("Should not be reached");
}

8
module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/actuate/reactive/EndpointRequestIntegrationTests.java → module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/actuate/web/reactive/EndpointRequestIntegrationTests.java
View File

@ -14,7 +14,7 @@
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure.actuate.reactive;
package org.springframework.boot.security.autoconfigure.actuate.web.reactive;
import java.time.Duration;
import java.util.Base64;
@ -33,8 +33,8 @@ import org.springframework.boot.autoconfigure.AutoConfigurations;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.http.converter.autoconfigure.HttpMessageConvertersAutoConfiguration;
import org.springframework.boot.jackson.autoconfigure.JacksonAutoConfiguration;
import org.springframework.boot.security.autoconfigure.reactive.ReactiveSecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.reactive.ReactiveUserDetailsServiceAutoConfiguration;
import org.springframework.boot.security.autoconfigure.ReactiveUserDetailsServiceAutoConfiguration;
import org.springframework.boot.security.autoconfigure.web.reactive.ReactiveWebSecurityAutoConfiguration;
import org.springframework.boot.test.context.assertj.AssertableReactiveWebApplicationContext;
import org.springframework.boot.test.context.runner.ReactiveWebApplicationContextRunner;
import org.springframework.boot.tomcat.reactive.TomcatReactiveWebServerFactory;
@ -110,7 +110,7 @@ class EndpointRequestIntegrationTests {
return createContextRunner().withPropertyValues("management.endpoints.web.exposure.include=*")
.withUserConfiguration(BaseConfiguration.class, SecurityConfiguration.class)
.withConfiguration(
AutoConfigurations.of(JacksonAutoConfiguration.class, ReactiveSecurityAutoConfiguration.class,
AutoConfigurations.of(JacksonAutoConfiguration.class, ReactiveWebSecurityAutoConfiguration.class,
ReactiveUserDetailsServiceAutoConfiguration.class, EndpointAutoConfiguration.class,
WebEndpointAutoConfiguration.class, ManagementContextAutoConfiguration.class));

2
module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/actuate/reactive/EndpointRequestTests.java → module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/actuate/web/reactive/EndpointRequestTests.java
View File

@ -14,7 +14,7 @@
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure.actuate.reactive;
package org.springframework.boot.security.autoconfigure.actuate.web.reactive;
import java.time.Duration;
import java.util.ArrayList;

6
module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/actuate/reactive/ReactiveManagementWebSecurityAutoConfigurationTests.java → module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/actuate/web/reactive/ReactiveManagementWebSecurityAutoConfigurationTests.java
View File

@ -14,7 +14,7 @@
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure.actuate.reactive;
package org.springframework.boot.security.autoconfigure.actuate.web.reactive;
import java.net.URI;
import java.time.Duration;
@ -33,7 +33,7 @@ import org.springframework.boot.autoconfigure.AutoConfigurations;
import org.springframework.boot.health.autoconfigure.actuate.endpoint.HealthEndpointAutoConfiguration;
import org.springframework.boot.health.autoconfigure.contributor.HealthContributorAutoConfiguration;
import org.springframework.boot.health.autoconfigure.registry.HealthContributorRegistryAutoConfiguration;
import org.springframework.boot.security.autoconfigure.reactive.ReactiveSecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.web.reactive.ReactiveWebSecurityAutoConfiguration;
import org.springframework.boot.test.context.assertj.AssertableReactiveWebApplicationContext;
import org.springframework.boot.test.context.runner.ReactiveWebApplicationContextRunner;
import org.springframework.boot.webflux.autoconfigure.WebFluxAutoConfiguration;
@ -72,7 +72,7 @@ class ReactiveManagementWebSecurityAutoConfigurationTests {
HealthContributorRegistryAutoConfiguration.class, HealthEndpointAutoConfiguration.class,
InfoEndpointAutoConfiguration.class, WebFluxAutoConfiguration.class,
EnvironmentEndpointAutoConfiguration.class, EndpointAutoConfiguration.class,
WebEndpointAutoConfiguration.class, ReactiveSecurityAutoConfiguration.class,
WebEndpointAutoConfiguration.class, ReactiveWebSecurityAutoConfiguration.class,
ReactiveManagementWebSecurityAutoConfiguration.class));
@Test

9
module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/actuate/servlet/AbstractEndpointRequestIntegrationTests.java → module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/actuate/web/servlet/AbstractEndpointRequestIntegrationTests.java
View File

@ -14,7 +14,7 @@
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure.actuate.servlet;
package org.springframework.boot.security.autoconfigure.actuate.web.servlet;
import java.io.IOException;
import java.time.Duration;
@ -36,7 +36,8 @@ import org.springframework.boot.actuate.endpoint.annotation.ReadOperation;
import org.springframework.boot.actuate.endpoint.annotation.WriteOperation;
import org.springframework.boot.autoconfigure.AutoConfigurations;
import org.springframework.boot.jackson.autoconfigure.JacksonAutoConfiguration;
import org.springframework.boot.security.autoconfigure.servlet.SecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.SecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.web.servlet.ServletWebSecurityAutoConfiguration;
import org.springframework.boot.test.context.assertj.AssertableWebApplicationContext;
import org.springframework.boot.test.context.runner.WebApplicationContextRunner;
import org.springframework.boot.web.server.WebServer;
@ -120,8 +121,8 @@ abstract class AbstractEndpointRequestIntegrationTests {
return createContextRunner().withPropertyValues("management.endpoints.web.exposure.include=*")
.withUserConfiguration(BaseConfiguration.class, SecurityConfiguration.class)
.withConfiguration(AutoConfigurations.of(JacksonAutoConfiguration.class, SecurityAutoConfiguration.class,
EndpointAutoConfiguration.class, WebEndpointAutoConfiguration.class,
ManagementContextAutoConfiguration.class));
ServletWebSecurityAutoConfiguration.class, EndpointAutoConfiguration.class,
WebEndpointAutoConfiguration.class, ManagementContextAutoConfiguration.class));
}

6
module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/actuate/servlet/EndpointRequestTests.java → module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/actuate/web/servlet/EndpointRequestTests.java
View File

@ -14,7 +14,7 @@
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure.actuate.servlet;
package org.springframework.boot.security.autoconfigure.actuate.web.servlet;
import java.util.ArrayList;
import java.util.Arrays;
@ -33,8 +33,8 @@ import org.springframework.boot.actuate.endpoint.annotation.Endpoint;
import org.springframework.boot.actuate.endpoint.web.PathMappedEndpoint;
import org.springframework.boot.actuate.endpoint.web.PathMappedEndpoints;
import org.springframework.boot.actuate.endpoint.web.WebServerNamespace;
import org.springframework.boot.security.autoconfigure.actuate.servlet.EndpointRequest.AdditionalPathsEndpointRequestMatcher;
import org.springframework.boot.security.autoconfigure.actuate.servlet.EndpointRequest.EndpointRequestMatcher;
import org.springframework.boot.security.autoconfigure.actuate.web.servlet.EndpointRequest.AdditionalPathsEndpointRequestMatcher;
import org.springframework.boot.security.autoconfigure.actuate.web.servlet.EndpointRequest.EndpointRequestMatcher;
import org.springframework.boot.web.server.WebServer;
import org.springframework.boot.web.server.context.WebServerApplicationContext;
import org.springframework.http.HttpMethod;

12
module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/actuate/servlet/ManagementWebSecurityAutoConfigurationTests.java → module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/actuate/web/servlet/ManagementWebSecurityAutoConfigurationTests.java
View File

@ -14,7 +14,7 @@
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure.actuate.servlet;
package org.springframework.boot.security.autoconfigure.actuate.web.servlet;
import java.io.IOException;
import java.util.List;
@ -31,8 +31,9 @@ import org.springframework.boot.autoconfigure.AutoConfigurations;
import org.springframework.boot.health.autoconfigure.actuate.endpoint.HealthEndpointAutoConfiguration;
import org.springframework.boot.health.autoconfigure.contributor.HealthContributorAutoConfiguration;
import org.springframework.boot.health.autoconfigure.registry.HealthContributorRegistryAutoConfiguration;
import org.springframework.boot.security.autoconfigure.SecurityProperties;
import org.springframework.boot.security.autoconfigure.servlet.SecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.SecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.web.servlet.SecurityFilterProperties;
import org.springframework.boot.security.autoconfigure.web.servlet.ServletWebSecurityAutoConfiguration;
import org.springframework.boot.test.context.FilteredClassLoader;
import org.springframework.boot.test.context.assertj.AssertableWebApplicationContext;
import org.springframework.boot.test.context.runner.WebApplicationContextRunner;
@ -74,7 +75,8 @@ class ManagementWebSecurityAutoConfigurationTests {
HealthContributorRegistryAutoConfiguration.class, HealthEndpointAutoConfiguration.class,
InfoEndpointAutoConfiguration.class, EnvironmentEndpointAutoConfiguration.class,
EndpointAutoConfiguration.class, WebMvcAutoConfiguration.class, WebEndpointAutoConfiguration.class,
SecurityAutoConfiguration.class, ManagementWebSecurityAutoConfiguration.class));
SecurityAutoConfiguration.class, ServletWebSecurityAutoConfiguration.class,
ManagementWebSecurityAutoConfiguration.class));
private static Supplier<ConfigurableWebApplicationContext> contextSupplier() {
return WebApplicationContextRunner.withMockServletContext(MockWebServerApplicationContext::new);
@ -222,7 +224,7 @@ class ManagementWebSecurityAutoConfigurationTests {
static class TestRemoteDevToolsSecurityFilterChainConfig extends TestSecurityFilterChainConfig {
@Bean
@Order(SecurityProperties.BASIC_AUTH_ORDER - 1)
@Order(SecurityFilterProperties.BASIC_AUTH_ORDER - 1)
SecurityFilterChain testRemoteDevToolsSecurityFilterChain(HttpSecurity http) {
http.securityMatcher(PathPatternRequestMatcher.withDefaults().matcher("/**"));
http.authorizeHttpRequests((requests) -> requests.anyRequest().anonymous());

2
module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/actuate/servlet/MvcEndpointRequestIntegrationTests.java → module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/actuate/web/servlet/MvcEndpointRequestIntegrationTests.java
View File

@ -14,7 +14,7 @@
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure.actuate.servlet;
package org.springframework.boot.security.autoconfigure.actuate.web.servlet;
import org.junit.jupiter.api.Test;

2
module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/actuate/servlet/SecurityRequestMatchersManagementContextConfigurationTests.java → module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/actuate/web/servlet/SecurityRequestMatchersManagementContextConfigurationTests.java
View File

@ -14,7 +14,7 @@
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure.actuate.servlet;
package org.springframework.boot.security.autoconfigure.actuate.web.servlet;
import org.junit.jupiter.api.Test;

2
module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/jpa/JpaUserDetailsTests.java
View File

@ -22,7 +22,7 @@ import org.springframework.boot.autoconfigure.context.PropertyPlaceholderAutoCon
import org.springframework.boot.hibernate.autoconfigure.HibernateJpaAutoConfiguration;
import org.springframework.boot.jdbc.autoconfigure.DataSourceAutoConfiguration;
import org.springframework.boot.jdbc.autoconfigure.EmbeddedDataSourceConfiguration;
import org.springframework.boot.security.autoconfigure.servlet.SecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.SecurityAutoConfiguration;
import org.springframework.boot.test.context.SpringBootContextLoader;
import org.springframework.context.annotation.Import;
import org.springframework.test.annotation.DirtiesContext;

2
module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/reactive/PathRequestTests.java → module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/web/reactive/PathRequestTests.java
View File

@ -14,7 +14,7 @@
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure.reactive;
package org.springframework.boot.security.autoconfigure.web.reactive;
import org.junit.jupiter.api.Test;

11
module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/reactive/ReactiveSecurityAutoConfigurationTests.java → module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/web/reactive/ReactiveSecurityAutoConfigurationTests.java
View File

@ -14,7 +14,7 @@
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure.reactive;
package org.springframework.boot.security.autoconfigure.web.reactive;
import org.junit.jupiter.api.Test;
import reactor.core.publisher.Flux;
@ -36,14 +36,14 @@ import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Mockito.mock;
/**
* Tests for {@link ReactiveSecurityAutoConfiguration}.
* Tests for {@link ReactiveWebSecurityAutoConfiguration}.
*
* @author Madhura Bhave
*/
class ReactiveSecurityAutoConfigurationTests {
private final ReactiveWebApplicationContextRunner contextRunner = new ReactiveWebApplicationContextRunner()
.withConfiguration(AutoConfigurations.of(ReactiveSecurityAutoConfiguration.class));
.withConfiguration(AutoConfigurations.of(ReactiveWebSecurityAutoConfiguration.class));
@Test
void backsOffWhenWebFilterChainProxyBeanPresent() {
@ -53,8 +53,9 @@ class ReactiveSecurityAutoConfigurationTests {
@Test
void autoConfiguresDenyAllReactiveAuthenticationManagerWhenNoAlternativeIsAvailable() {
this.contextRunner.run((context) -> assertThat(context).hasSingleBean(ReactiveSecurityAutoConfiguration.class)
.hasBean("denyAllAuthenticationManager"));
this.contextRunner
.run((context) -> assertThat(context).hasSingleBean(ReactiveWebSecurityAutoConfiguration.class)
.hasBean("denyAllAuthenticationManager"));
}
@Test

4
module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/reactive/StaticResourceRequestTests.java → module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/web/reactive/StaticResourceRequestTests.java
View File

@ -14,14 +14,14 @@
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure.reactive;
package org.springframework.boot.security.autoconfigure.web.reactive;
import java.time.Duration;
import org.assertj.core.api.AssertDelegateTarget;
import org.junit.jupiter.api.Test;
import org.springframework.boot.security.autoconfigure.StaticResourceLocation;
import org.springframework.boot.security.autoconfigure.web.StaticResourceLocation;
import org.springframework.boot.web.server.autoconfigure.ServerProperties;
import org.springframework.context.support.StaticApplicationContext;
import org.springframework.http.server.reactive.ServerHttpRequest;

2
module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/servlet/PathRequestTests.java → module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/web/servlet/PathRequestTests.java
View File

@ -14,7 +14,7 @@
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure.servlet;
package org.springframework.boot.security.autoconfigure.web.servlet;
import jakarta.servlet.http.HttpServletRequest;
import org.assertj.core.api.AssertDelegateTarget;

9
module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/servlet/SecurityFilterAutoConfigurationEarlyInitializationTests.java → module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/web/servlet/SecurityFilterAutoConfigurationEarlyInitializationTests.java
View File

@ -14,7 +14,7 @@
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure.servlet;
package org.springframework.boot.security.autoconfigure.web.servlet;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
@ -33,6 +33,8 @@ import org.springframework.boot.autoconfigure.context.PropertyPlaceholderAutoCon
import org.springframework.boot.http.converter.autoconfigure.HttpMessageConvertersAutoConfiguration;
import org.springframework.boot.jackson.autoconfigure.JacksonAutoConfiguration;
import org.springframework.boot.resttestclient.TestRestTemplate;
import org.springframework.boot.security.autoconfigure.SecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.UserDetailsServiceAutoConfiguration;
import org.springframework.boot.test.system.CapturedOutput;
import org.springframework.boot.test.system.OutputCaptureExtension;
import org.springframework.boot.test.util.TestPropertyValues;
@ -89,8 +91,9 @@ class SecurityFilterAutoConfigurationEarlyInitializationTests {
@Import({ DeserializerBean.class, JacksonModuleBean.class, ExampleController.class, ConverterBean.class })
@ImportAutoConfiguration({ WebMvcAutoConfiguration.class, JacksonAutoConfiguration.class,
HttpMessageConvertersAutoConfiguration.class, DispatcherServletAutoConfiguration.class,
SecurityAutoConfiguration.class, UserDetailsServiceAutoConfiguration.class,
SecurityFilterAutoConfiguration.class, PropertyPlaceholderAutoConfiguration.class })
SecurityAutoConfiguration.class, ServletWebSecurityAutoConfiguration.class,
UserDetailsServiceAutoConfiguration.class, SecurityFilterAutoConfiguration.class,
PropertyPlaceholderAutoConfiguration.class })
static class Config {
@Bean

13
module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/servlet/SecurityFilterAutoConfigurationTests.java → module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/web/servlet/SecurityFilterAutoConfigurationTests.java
View File

@ -14,7 +14,7 @@
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure.servlet;
package org.springframework.boot.security.autoconfigure.web.servlet;
import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.Test;
@ -23,10 +23,11 @@ import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
import org.springframework.boot.autoconfigure.context.PropertyPlaceholderAutoConfiguration;
import org.springframework.boot.http.converter.autoconfigure.HttpMessageConvertersAutoConfiguration;
import org.springframework.boot.jackson.autoconfigure.JacksonAutoConfiguration;
import org.springframework.boot.security.autoconfigure.servlet.SecurityFilterAutoConfigurationEarlyInitializationTests.ConverterBean;
import org.springframework.boot.security.autoconfigure.servlet.SecurityFilterAutoConfigurationEarlyInitializationTests.DeserializerBean;
import org.springframework.boot.security.autoconfigure.servlet.SecurityFilterAutoConfigurationEarlyInitializationTests.ExampleController;
import org.springframework.boot.security.autoconfigure.servlet.SecurityFilterAutoConfigurationEarlyInitializationTests.JacksonModuleBean;
import org.springframework.boot.security.autoconfigure.SecurityAutoConfiguration;
import org.springframework.boot.security.autoconfigure.web.servlet.SecurityFilterAutoConfigurationEarlyInitializationTests.ConverterBean;
import org.springframework.boot.security.autoconfigure.web.servlet.SecurityFilterAutoConfigurationEarlyInitializationTests.DeserializerBean;
import org.springframework.boot.security.autoconfigure.web.servlet.SecurityFilterAutoConfigurationEarlyInitializationTests.ExampleController;
import org.springframework.boot.security.autoconfigure.web.servlet.SecurityFilterAutoConfigurationEarlyInitializationTests.JacksonModuleBean;
import org.springframework.boot.servlet.filter.OrderedRequestContextFilter;
import org.springframework.boot.web.context.servlet.AnnotationConfigServletWebApplicationContext;
import org.springframework.boot.web.servlet.DelegatingFilterProxyRegistrationBean;
@ -58,7 +59,7 @@ class SecurityFilterAutoConfigurationTests {
void filterIsOrderedShortlyAfterRequestContextFilter() {
try (AnnotationConfigServletWebApplicationContext context = new AnnotationConfigServletWebApplicationContext()) {
context.setServletContext(new MockServletContext());
context.register(SecurityAutoConfiguration.class);
context.register(ServletWebSecurityAutoConfiguration.class, SecurityAutoConfiguration.class);
context.register(Config.class);
context.refresh();
int securityFilterOrder = context.getBean(DelegatingFilterProxyRegistrationBean.class).getOrder();

59
module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/web/servlet/SecurityFilterPropertiesTests.java Normal file
View File

@ -0,0 +1,59 @@
/*
* Copyright 2012-present the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure.web.servlet;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.springframework.boot.context.properties.bind.Bindable;
import org.springframework.boot.context.properties.bind.Binder;
import org.springframework.boot.context.properties.source.MapConfigurationPropertySource;
import static org.assertj.core.api.Assertions.assertThat;
/**
* Tests for {@link SecurityFilterProperties}.
*
* @author Dave Syer
* @author Madhura Bhave
*/
class SecurityFilterPropertiesTests {
private final SecurityFilterProperties properties = new SecurityFilterProperties();
private Binder binder;
private final MapConfigurationPropertySource source = new MapConfigurationPropertySource();
@BeforeEach
void setUp() {
this.binder = new Binder(this.source);
}
@Test
void validateDefaultFilterOrderMatchesMetadata() {
assertThat(this.properties.getOrder()).isEqualTo(-100);
}
@Test
void filterOrderShouldBind() {
this.source.put("spring.security.filter.order", "55");
this.binder.bind("spring.security.filter", Bindable.ofInstance(this.properties));
assertThat(this.properties.getOrder()).isEqualTo(55);
}
}

82
module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/servlet/SecurityAutoConfigurationTests.java → module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/web/servlet/ServletWebSecurityAutoConfigurationTests.java
View File

@ -14,7 +14,7 @@
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure.servlet;
package org.springframework.boot.security.autoconfigure.web.servlet;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
@ -29,15 +29,12 @@ import org.jspecify.annotations.Nullable;
import org.junit.jupiter.api.Test;
import org.springframework.boot.autoconfigure.AutoConfigurations;
import org.springframework.boot.autoconfigure.TestAutoConfigurationPackage;
import org.springframework.boot.autoconfigure.context.PropertyPlaceholderAutoConfiguration;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.boot.context.properties.ConfigurationPropertiesBinding;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.convert.ApplicationConversionService;
import org.springframework.boot.hibernate.autoconfigure.HibernateJpaAutoConfiguration;
import org.springframework.boot.jdbc.autoconfigure.DataSourceAutoConfiguration;
import org.springframework.boot.security.autoconfigure.jpa.City;
import org.springframework.boot.security.autoconfigure.SecurityAutoConfiguration;
import org.springframework.boot.servlet.filter.OrderedFilter;
import org.springframework.boot.test.context.FilteredClassLoader;
import org.springframework.boot.test.context.runner.WebApplicationContextRunner;
@ -49,15 +46,9 @@ import org.springframework.context.annotation.AnnotationConfigApplicationContext
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.convert.converter.Converter;
import org.springframework.orm.jpa.JpaTransactionManager;
import org.springframework.security.authentication.AuthenticationEventPublisher;
import org.springframework.security.authentication.DefaultAuthenticationEventPublisher;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.web.PathPatternRequestMatcherBuilderFactoryBean;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.data.repository.query.SecurityEvaluationContextExtension;
import org.springframework.security.web.FilterChainProxy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher;
@ -65,17 +56,18 @@ import org.springframework.security.web.servlet.util.matcher.PathPatternRequestM
import static org.assertj.core.api.Assertions.assertThat;
/**
* Tests for {@link SecurityAutoConfiguration}.
* Tests for {@link ServletWebSecurityAutoConfiguration}.
*
* @author Dave Syer
* @author Rob Winch
* @author Andy Wilkinson
* @author Madhura Bhave
*/
class SecurityAutoConfigurationTests {
class ServletWebSecurityAutoConfigurationTests {
private final WebApplicationContextRunner contextRunner = new WebApplicationContextRunner().withConfiguration(
AutoConfigurations.of(SecurityAutoConfiguration.class, PropertyPlaceholderAutoConfiguration.class));
private final WebApplicationContextRunner contextRunner = new WebApplicationContextRunner()
.withConfiguration(AutoConfigurations.of(SecurityAutoConfiguration.class,
ServletWebSecurityAutoConfiguration.class, PropertyPlaceholderAutoConfiguration.class));
@Test
void testWebConfiguration() {
@ -117,19 +109,6 @@ class SecurityAutoConfigurationTests {
}
}
@Test
void defaultAuthenticationEventPublisherRegistered() {
this.contextRunner.run((context) -> assertThat(context.getBean(AuthenticationEventPublisher.class))
.isInstanceOf(DefaultAuthenticationEventPublisher.class));
}
@Test
void defaultAuthenticationEventPublisherIsConditionalOnMissingBean() {
this.contextRunner.withUserConfiguration(AuthenticationEventPublisherConfiguration.class)
.run((context) -> assertThat(context.getBean(AuthenticationEventPublisher.class))
.isInstanceOf(AuthenticationEventPublisherConfiguration.TestAuthenticationEventPublisher.class));
}
@Test
void testDefaultFilterOrder() {
this.contextRunner.withConfiguration(AutoConfigurations.of(SecurityFilterAutoConfiguration.class))
@ -149,23 +128,6 @@ class SecurityAutoConfigurationTests {
.isEqualTo(12345));
}
@Test
void testJpaCoexistsHappily() {
this.contextRunner.withPropertyValues("spring.datasource.url:jdbc:hsqldb:mem:testsecdb")
.withUserConfiguration(EntityConfiguration.class)
.withConfiguration(
AutoConfigurations.of(HibernateJpaAutoConfiguration.class, DataSourceAutoConfiguration.class))
.run((context) -> assertThat(context.getBean(JpaTransactionManager.class)).isNotNull());
// This can fail if security @Conditionals force early instantiation of the
// HibernateJpaAutoConfiguration (e.g. the EntityManagerFactory is not found)
}
@Test
void testSecurityEvaluationContextExtensionSupport() {
this.contextRunner
.run((context) -> assertThat(context).getBean(SecurityEvaluationContextExtension.class).isNotNull());
}
@Test
void defaultFilterDispatcherTypes() {
this.contextRunner.withConfiguration(AutoConfigurations.of(SecurityFilterAutoConfiguration.class))
@ -238,36 +200,6 @@ class SecurityAutoConfigurationTests {
});
}
@Configuration(proxyBeanMethods = false)
@TestAutoConfigurationPackage(City.class)
static class EntityConfiguration {
}
@Configuration(proxyBeanMethods = false)
static class AuthenticationEventPublisherConfiguration {
@Bean
AuthenticationEventPublisher authenticationEventPublisher() {
return new TestAuthenticationEventPublisher();
}
class TestAuthenticationEventPublisher implements AuthenticationEventPublisher {
@Override
public void publishAuthenticationSuccess(Authentication authentication) {
}
@Override
public void publishAuthenticationFailure(AuthenticationException exception, Authentication authentication) {
}
}
}
@Configuration(proxyBeanMethods = false)
static class TestSecurityFilterChainConfig {

4
module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/servlet/StaticResourceRequestTests.java → module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/web/servlet/StaticResourceRequestTests.java
View File

@ -14,14 +14,14 @@
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure.servlet;
package org.springframework.boot.security.autoconfigure.web.servlet;
import jakarta.servlet.http.HttpServletRequest;
import org.assertj.core.api.AssertDelegateTarget;
import org.jspecify.annotations.Nullable;
import org.junit.jupiter.api.Test;
import org.springframework.boot.security.autoconfigure.StaticResourceLocation;
import org.springframework.boot.security.autoconfigure.web.StaticResourceLocation;
import org.springframework.boot.webmvc.autoconfigure.DispatcherServletPath;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockServletContext;

2
module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/servlet/TestWebApplicationContext.java → module/spring-boot-security/src/test/java/org/springframework/boot/security/autoconfigure/web/servlet/TestWebApplicationContext.java
View File

@ -14,7 +14,7 @@
* limitations under the License.
*/
package org.springframework.boot.security.autoconfigure.servlet;
package org.springframework.boot.security.autoconfigure.web.servlet;
import org.jspecify.annotations.Nullable;

2
module/spring-boot-security/src/test/java/org/springframework/boot/security/reactive/ApplicationContextServerWebExchangeMatcherTests.java → module/spring-boot-security/src/test/java/org/springframework/boot/security/web/reactive/ApplicationContextServerWebExchangeMatcherTests.java
View File

@ -14,7 +14,7 @@
* limitations under the License.
*/
package org.springframework.boot.security.reactive;
package org.springframework.boot.security.web.reactive;
import java.util.function.Supplier;

2
module/spring-boot-security/src/test/java/org/springframework/boot/security/servlet/ApplicationContextRequestMatcherTests.java → module/spring-boot-security/src/test/java/org/springframework/boot/security/web/servlet/ApplicationContextRequestMatcherTests.java
View File

@ -14,7 +14,7 @@
* limitations under the License.
*/
package org.springframework.boot.security.servlet;
package org.springframework.boot.security.web.servlet;
import java.lang.Thread.UncaughtExceptionHandler;
import java.util.ArrayList;

4
smoke-test/spring-boot-smoke-test-actuator-custom-security/src/main/java/smoketest/actuator/customsecurity/SecurityConfiguration.java
View File

@ -20,8 +20,8 @@ import java.util.ArrayList;
import java.util.List;
import org.springframework.boot.actuate.web.mappings.MappingsEndpoint;
import org.springframework.boot.security.autoconfigure.actuate.servlet.EndpointRequest;
import org.springframework.boot.security.autoconfigure.servlet.PathRequest;
import org.springframework.boot.security.autoconfigure.actuate.web.servlet.EndpointRequest;
import org.springframework.boot.security.autoconfigure.web.servlet.PathRequest;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;

Some files were not shown because too many files have changed in this diff Show More