root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 9 Packages Projects Releases Wiki Activity

Update Deprecated Spring Web Usage

This commit is contained in:
Josh Cummings 2025-04-23 11:28:20 -06:00
parent 216680bb50
commit 834370d8eb
No known key found for this signature in database
GPG Key ID: 869B37A20E876129
7 changed files with 22 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OidcBackChannelLogoutHandler.java
View File

@ -127,7 +127,7 @@ public final class OidcBackChannelLogoutHandler implements LogoutHandler {
String computeLogoutEndpoint(HttpServletRequest request, OidcBackChannelLogoutAuthentication token) { String computeLogoutEndpoint(HttpServletRequest request, OidcBackChannelLogoutAuthentication token) {
// @formatter:off // @formatter:off
UriComponents uriComponents = UriComponentsBuilder UriComponents uriComponents = UriComponentsBuilder
.fromHttpUrl(UrlUtils.buildFullRequestUrl(request)) .fromUriString(UrlUtils.buildFullRequestUrl(request))
.replacePath(request.getContextPath()) .replacePath(request.getContextPath())
.replaceQuery(null) .replaceQuery(null)
.fragment(null) .fragment(null)

2
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandler.java
View File

@ -95,7 +95,7 @@ public class OidcClientInitiatedLogoutSuccessHandler extends SimpleUrlLogoutSucc
} }
// @formatter:off // @formatter:off
UriComponents uriComponents = UriComponentsBuilder UriComponents uriComponents = UriComponentsBuilder
.fromHttpUrl(UrlUtils.buildFullRequestUrl(request)) .fromUriString(UrlUtils.buildFullRequestUrl(request))
.replacePath(request.getContextPath()) .replacePath(request.getContextPath())
.replaceQuery(null) .replaceQuery(null)
.fragment(null) .fragment(null)

2
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java
View File

@ -226,7 +226,7 @@ public final class DefaultOAuth2AuthorizationRequestResolver implements OAuth2Au
Map<String, String> uriVariables = new HashMap<>(); Map<String, String> uriVariables = new HashMap<>();
uriVariables.put("registrationId", clientRegistration.getRegistrationId()); uriVariables.put("registrationId", clientRegistration.getRegistrationId());
// @formatter:off // @formatter:off
UriComponents uriComponents = UriComponentsBuilder.fromHttpUrl(UrlUtils.buildFullRequestUrl(request)) UriComponents uriComponents = UriComponentsBuilder.fromUriString(UrlUtils.buildFullRequestUrl(request))
.replacePath(request.getContextPath()) .replacePath(request.getContextPath())
.replaceQuery(null) .replaceQuery(null)
.fragment(null) .fragment(null)

2
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java
View File

@ -184,7 +184,7 @@ public class OAuth2LoginAuthenticationFilter extends AbstractAuthenticationProce
throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString()); throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
} }
// @formatter:off // @formatter:off
String redirectUri = UriComponentsBuilder.fromHttpUrl(UrlUtils.buildFullRequestUrl(request)) String redirectUri = UriComponentsBuilder.fromUriString(UrlUtils.buildFullRequestUrl(request))
.replaceQuery(null) .replaceQuery(null)
.build() .build()
.toUriString(); .toUriString();

15
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServerOAuth2AuthorizedClientExchangeFilterFunction.java
View File

@ -29,6 +29,7 @@ import reactor.core.publisher.Mono;
import org.springframework.http.HttpHeaders; import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus; import org.springframework.http.HttpStatus;
import org.springframework.http.HttpStatusCode;
import org.springframework.security.authentication.AnonymousAuthenticationToken; import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.authority.AuthorityUtils;
@ -469,7 +470,7 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
* A map of HTTP Status Code to OAuth 2.0 Error codes for HTTP status codes that * A map of HTTP Status Code to OAuth 2.0 Error codes for HTTP status codes that
* should be interpreted as authentication or authorization failures. * should be interpreted as authentication or authorization failures.
*/ */
private final Map<Integer, String> httpStatusToOAuth2ErrorCodeMap; private final Map<HttpStatusCode, String> httpStatusToOAuth2ErrorCodeMap;
/** /**
* The {@link ReactiveOAuth2AuthorizationFailureHandler} to notify when an * The {@link ReactiveOAuth2AuthorizationFailureHandler} to notify when an
@ -480,9 +481,9 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
private AuthorizationFailureForwarder(ReactiveOAuth2AuthorizationFailureHandler authorizationFailureHandler) { private AuthorizationFailureForwarder(ReactiveOAuth2AuthorizationFailureHandler authorizationFailureHandler) {
Assert.notNull(authorizationFailureHandler, "authorizationFailureHandler cannot be null"); Assert.notNull(authorizationFailureHandler, "authorizationFailureHandler cannot be null");
this.authorizationFailureHandler = authorizationFailureHandler; this.authorizationFailureHandler = authorizationFailureHandler;
Map<Integer, String> httpStatusToOAuth2Error = new HashMap<>(); Map<HttpStatusCode, String> httpStatusToOAuth2Error = new HashMap<>();
httpStatusToOAuth2Error.put(HttpStatus.UNAUTHORIZED.value(), OAuth2ErrorCodes.INVALID_TOKEN); httpStatusToOAuth2Error.put(HttpStatus.UNAUTHORIZED, OAuth2ErrorCodes.INVALID_TOKEN);
httpStatusToOAuth2Error.put(HttpStatus.FORBIDDEN.value(), OAuth2ErrorCodes.INSUFFICIENT_SCOPE); httpStatusToOAuth2Error.put(HttpStatus.FORBIDDEN, OAuth2ErrorCodes.INSUFFICIENT_SCOPE);
this.httpStatusToOAuth2ErrorCodeMap = Collections.unmodifiableMap(httpStatusToOAuth2Error); this.httpStatusToOAuth2ErrorCodeMap = Collections.unmodifiableMap(httpStatusToOAuth2Error);
} }
@ -525,10 +526,10 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
authParameters.get(OAuth2ParameterNames.ERROR_URI)); authParameters.get(OAuth2ParameterNames.ERROR_URI));
} }
} }
return resolveErrorIfPossible(response.statusCode().value()); return resolveErrorIfPossible(response.statusCode());
} }
private OAuth2Error resolveErrorIfPossible(int statusCode) { private OAuth2Error resolveErrorIfPossible(HttpStatusCode statusCode) {
if (this.httpStatusToOAuth2ErrorCodeMap.containsKey(statusCode)) { if (this.httpStatusToOAuth2ErrorCodeMap.containsKey(statusCode)) {
return new OAuth2Error(this.httpStatusToOAuth2ErrorCodeMap.get(statusCode), null, return new OAuth2Error(this.httpStatusToOAuth2ErrorCodeMap.get(statusCode), null,
"https://tools.ietf.org/html/rfc6750#section-3.1"); "https://tools.ietf.org/html/rfc6750#section-3.1");
@ -563,7 +564,7 @@ public final class ServerOAuth2AuthorizedClientExchangeFilterFunction implements
*/ */
private Mono<Void> handleWebClientResponseException(ClientRequest request, private Mono<Void> handleWebClientResponseException(ClientRequest request,
WebClientResponseException exception) { WebClientResponseException exception) {
return Mono.justOrEmpty(resolveErrorIfPossible(exception.getRawStatusCode())).flatMap((oauth2Error) -> { return Mono.justOrEmpty(resolveErrorIfPossible(exception.getStatusCode())).flatMap((oauth2Error) -> {
Mono<Optional<ServerWebExchange>> serverWebExchange = effectiveServerWebExchange(request); Mono<Optional<ServerWebExchange>> serverWebExchange = effectiveServerWebExchange(request);
Mono<String> clientRegistrationId = effectiveClientRegistrationId(request); Mono<String> clientRegistrationId = effectiveClientRegistrationId(request);
return Mono return Mono

15
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.java
View File

@ -32,6 +32,7 @@ import reactor.util.context.Context;
import org.springframework.http.HttpHeaders; import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus; import org.springframework.http.HttpStatus;
import org.springframework.http.HttpStatusCode;
import org.springframework.security.authentication.AbstractAuthenticationToken; import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.AnonymousAuthenticationToken; import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
@ -585,7 +586,7 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
* A map of HTTP status code to OAuth 2.0 error code for HTTP status codes that * A map of HTTP status code to OAuth 2.0 error code for HTTP status codes that
* should be interpreted as authentication or authorization failures. * should be interpreted as authentication or authorization failures.
*/ */
private final Map<Integer, String> httpStatusToOAuth2ErrorCodeMap; private final Map<HttpStatusCode, String> httpStatusToOAuth2ErrorCodeMap;
/** /**
* The {@link OAuth2AuthorizationFailureHandler} to notify when an * The {@link OAuth2AuthorizationFailureHandler} to notify when an
@ -596,9 +597,9 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
private AuthorizationFailureForwarder(OAuth2AuthorizationFailureHandler authorizationFailureHandler) { private AuthorizationFailureForwarder(OAuth2AuthorizationFailureHandler authorizationFailureHandler) {
Assert.notNull(authorizationFailureHandler, "authorizationFailureHandler cannot be null"); Assert.notNull(authorizationFailureHandler, "authorizationFailureHandler cannot be null");
this.authorizationFailureHandler = authorizationFailureHandler; this.authorizationFailureHandler = authorizationFailureHandler;
Map<Integer, String> httpStatusToOAuth2Error = new HashMap<>(); Map<HttpStatusCode, String> httpStatusToOAuth2Error = new HashMap<>();
httpStatusToOAuth2Error.put(HttpStatus.UNAUTHORIZED.value(), OAuth2ErrorCodes.INVALID_TOKEN); httpStatusToOAuth2Error.put(HttpStatus.UNAUTHORIZED, OAuth2ErrorCodes.INVALID_TOKEN);
httpStatusToOAuth2Error.put(HttpStatus.FORBIDDEN.value(), OAuth2ErrorCodes.INSUFFICIENT_SCOPE); httpStatusToOAuth2Error.put(HttpStatus.FORBIDDEN, OAuth2ErrorCodes.INSUFFICIENT_SCOPE);
this.httpStatusToOAuth2ErrorCodeMap = Collections.unmodifiableMap(httpStatusToOAuth2Error); this.httpStatusToOAuth2ErrorCodeMap = Collections.unmodifiableMap(httpStatusToOAuth2Error);
} }
@ -641,10 +642,10 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
authParameters.get(OAuth2ParameterNames.ERROR_URI)); authParameters.get(OAuth2ParameterNames.ERROR_URI));
} }
} }
return resolveErrorIfPossible(response.statusCode().value()); return resolveErrorIfPossible(response.statusCode());
} }
private OAuth2Error resolveErrorIfPossible(int statusCode) { private OAuth2Error resolveErrorIfPossible(HttpStatusCode statusCode) {
if (this.httpStatusToOAuth2ErrorCodeMap.containsKey(statusCode)) { if (this.httpStatusToOAuth2ErrorCodeMap.containsKey(statusCode)) {
return new OAuth2Error(this.httpStatusToOAuth2ErrorCodeMap.get(statusCode), null, return new OAuth2Error(this.httpStatusToOAuth2ErrorCodeMap.get(statusCode), null,
"https://tools.ietf.org/html/rfc6750#section-3.1"); "https://tools.ietf.org/html/rfc6750#section-3.1");
@ -678,7 +679,7 @@ public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implement
*/ */
private Mono<Void> handleWebClientResponseException(ClientRequest request, private Mono<Void> handleWebClientResponseException(ClientRequest request,
WebClientResponseException exception) { WebClientResponseException exception) {
return Mono.justOrEmpty(resolveErrorIfPossible(exception.getRawStatusCode())).flatMap((oauth2Error) -> { return Mono.justOrEmpty(resolveErrorIfPossible(exception.getStatusCode())).flatMap((oauth2Error) -> {
Map<String, Object> attrs = request.attributes(); Map<String, Object> attrs = request.attributes();
OAuth2AuthorizedClient authorizedClient = getOAuth2AuthorizedClient(attrs); OAuth2AuthorizedClient authorizedClient = getOAuth2AuthorizedClient(attrs);
if (authorizedClient == null) { if (authorizedClient == null) {

4
saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/RelyingPartyRegistrationPlaceholderResolvers.java
View File

@ -82,7 +82,7 @@ public final class RelyingPartyRegistrationPlaceholderResolvers {
private static Map<String, String> uriVariables(HttpServletRequest request) { private static Map<String, String> uriVariables(HttpServletRequest request) {
String baseUrl = getApplicationUri(request); String baseUrl = getApplicationUri(request);
Map<String, String> uriVariables = new HashMap<>(); Map<String, String> uriVariables = new HashMap<>();
UriComponents uriComponents = UriComponentsBuilder.fromHttpUrl(baseUrl) UriComponents uriComponents = UriComponentsBuilder.fromUriString(baseUrl)
.replaceQuery(null) .replaceQuery(null)
.fragment(null) .fragment(null)
.build(); .build();
@ -103,7 +103,7 @@ public final class RelyingPartyRegistrationPlaceholderResolvers {
} }
private static String getApplicationUri(HttpServletRequest request) { private static String getApplicationUri(HttpServletRequest request) {
UriComponents uriComponents = UriComponentsBuilder.fromHttpUrl(UrlUtils.buildFullRequestUrl(request)) UriComponents uriComponents = UriComponentsBuilder.fromUriString(UrlUtils.buildFullRequestUrl(request))
.replacePath(request.getContextPath()) .replacePath(request.getContextPath())
.replaceQuery(null) .replaceQuery(null)
.fragment(null) .fragment(null)