From fa77f4c8ff4f796f6cadc5fd9aa385e9707135fc Mon Sep 17 00:00:00 2001 From: Eleftheria Stein Date: Wed, 19 May 2021 10:01:41 +0200 Subject: [PATCH] Deprecate feature-policy where not already deprecated Issue gh-9262 --- .../security/config/web/server/ServerHttpSecurity.java | 2 ++ .../security/config/web/server/ServerHeadersDsl.kt | 4 +++- .../security/config/web/servlet/HeadersDsl.kt | 6 ++++-- .../security/config/web/server/ServerHeadersDslTests.kt | 3 ++- .../security/config/web/servlet/HeadersDslTests.kt | 3 ++- 5 files changed, 13 insertions(+), 5 deletions(-) diff --git a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java index 7c8cc759e2..e7b92b7892 100644 --- a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java +++ b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java @@ -2420,7 +2420,9 @@ public class ServerHttpSecurity { * Configures {@code Feature-Policy} response header. * @param policyDirectives the policy * @return the {@link FeaturePolicySpec} to configure + * @deprecated Use {@link #permissionsPolicy(Customizer)} instead. */ + @Deprecated public FeaturePolicySpec featurePolicy(String policyDirectives) { return new FeaturePolicySpec(policyDirectives); } diff --git a/config/src/main/kotlin/org/springframework/security/config/web/server/ServerHeadersDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/server/ServerHeadersDsl.kt index 06e9eeeaaa..f38b152721 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/server/ServerHeadersDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/server/ServerHeadersDsl.kt @@ -1,5 +1,5 @@ /* - * Copyright 2002-2020 the original author or authors. + * Copyright 2002-2021 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -137,6 +137,7 @@ class ServerHeadersDsl { * * @param policyDirectives policyDirectives the security policy directive(s) */ + @Deprecated("Use 'permissionsPolicy { }' instead.") fun featurePolicy(policyDirectives: String) { this.featurePolicyDirectives = policyDirectives } @@ -163,6 +164,7 @@ class ServerHeadersDsl { disabled = true } + @Suppress("DEPRECATION") internal fun get(): (ServerHttpSecurity.HeaderSpec) -> Unit { return { headers -> contentTypeOptions?.also { diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/HeadersDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/servlet/HeadersDsl.kt index 36b42f2371..3079dd11ff 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/HeadersDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/HeadersDsl.kt @@ -1,5 +1,5 @@ /* - * Copyright 2002-2020 the original author or authors. + * Copyright 2002-2021 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -161,6 +161,7 @@ class HeadersDsl { * * @param policyDirectives policyDirectives the security policy directive(s) */ + @Deprecated("Use 'permissionsPolicy { }' instead.") fun featurePolicy(policyDirectives: String) { this.featurePolicyDirectives = policyDirectives } @@ -174,7 +175,7 @@ class HeadersDsl { * header in the response using the supplied policy directive(s). *

* - * @param policyDirectives policyDirectives the security policy directive(s) + * @param permissionsPolicyConfig the customization to apply to the header */ fun permissionsPolicy(permissionsPolicyConfig: PermissionsPolicyDsl.() -> Unit) { this.permissionsPolicy = PermissionsPolicyDsl().apply(permissionsPolicyConfig).get() @@ -199,6 +200,7 @@ class HeadersDsl { disabled = true } + @Suppress("DEPRECATION") internal fun get(): (HeadersConfigurer) -> Unit { return { headers -> defaultsDisabled?.also { diff --git a/config/src/test/kotlin/org/springframework/security/config/web/server/ServerHeadersDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/web/server/ServerHeadersDslTests.kt index 6cebc2cbc3..f2bf454c09 100644 --- a/config/src/test/kotlin/org/springframework/security/config/web/server/ServerHeadersDslTests.kt +++ b/config/src/test/kotlin/org/springframework/security/config/web/server/ServerHeadersDslTests.kt @@ -1,5 +1,5 @@ /* - * Copyright 2002-2020 the original author or authors. + * Copyright 2002-2021 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -121,6 +121,7 @@ class ServerHeadersDslTests { @EnableWebFluxSecurity @EnableWebFlux + @Suppress("DEPRECATION") open class FeaturePolicyConfig { @Bean open fun springWebFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain { diff --git a/config/src/test/kotlin/org/springframework/security/config/web/servlet/HeadersDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/web/servlet/HeadersDslTests.kt index f4ce0a5d03..fe992b4cc4 100644 --- a/config/src/test/kotlin/org/springframework/security/config/web/servlet/HeadersDslTests.kt +++ b/config/src/test/kotlin/org/springframework/security/config/web/servlet/HeadersDslTests.kt @@ -1,5 +1,5 @@ /* - * Copyright 2002-2020 the original author or authors. + * Copyright 2002-2021 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -84,6 +84,7 @@ class HeadersDslTests { } @EnableWebSecurity + @Suppress("DEPRECATION") open class FeaturePolicyConfig : WebSecurityConfigurerAdapter() { override fun configure(http: HttpSecurity) { http {