Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add noformat blocks around http config 

Find `http` config using a regex search of `^\s*https*$` and protect
them against formatting.

Issue gh-8945
This commit is contained in:
Phillip Webb 2020-07-23 12:40:37 -07:00 committed by Rob Winch
parent 27ac046d8a
commit 103d822e46
65 changed files with 325 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java
View File

@ -357,18 +357,18 @@ public abstract class WebSecurityConfigurerAdapter implements
* @param http the {@link HttpSecurity} to modify
* @throws Exception if an error occurs
*/
// @formatter:off
protected void configure(HttpSecurity http) throws Exception {
logger.debug("Using default configure(HttpSecurity). If subclassed this will potentially override subclass configure(HttpSecurity).");
// @formatter:off
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin().and()
.httpBasic();
// @formatter:on
}
// @formatter:on
/**
* Gets the ApplicationContext

4
config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java
View File

@ -169,17 +169,17 @@ public final class X509Configurer<H extends HttpSecurityBuilder<H>> extends
return this;
}
// @formatter:off
@Override
public void init(H http) {
PreAuthenticatedAuthenticationProvider authenticationProvider = new PreAuthenticatedAuthenticationProvider();
authenticationProvider.setPreAuthenticatedUserDetailsService(getAuthenticationUserDetailsService(http));
// @formatter:off
http
.authenticationProvider(authenticationProvider)
.setSharedObject(AuthenticationEntryPoint.class, new Http403ForbiddenEntryPoint());
// @formatter:on
}
// @formatter:on
@Override
public void configure(H http) {

6
config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java
View File

@ -96,16 +96,20 @@ class WebFluxSecurityConfiguration {
* @return
*/
private SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
// @formatter:off
http
.authorizeExchange()
.anyExchange().authenticated();
// @formatter:on
if (isOAuth2Present && OAuth2ClasspathGuard.shouldConfigure(this.context)) {
OAuth2ClasspathGuard.configure(this.context, http);
} else {
// @formatter:off
http
.httpBasic().and()
.formLogin();
// @formatter:on
}
SecurityWebFilterChain result = http.build();
@ -114,9 +118,11 @@ class WebFluxSecurityConfiguration {
private static class OAuth2ClasspathGuard {
static void configure(ApplicationContext context, ServerHttpSecurity http) {
// @formatter:off
http
.oauth2Login().and()
.oauth2Client();
// @formatter:on
}
static boolean shouldConfigure(ApplicationContext context) {

4
config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
View File

@ -1812,6 +1812,7 @@ public class ServerHttpSecurity {
private void registerDefaultCsrfOverride(ServerHttpSecurity http) {
if ( http.csrf != null && !http.csrf.specifiedRequireCsrfProtectionMatcher ) {
// @formatter:off
http
.csrf()
.requireCsrfProtectionMatcher(
@ -1819,6 +1820,7 @@ public class ServerHttpSecurity {
CsrfWebFilter.DEFAULT_CSRF_MATCHER,
new NegatedServerWebExchangeMatcher(
this.authenticationConverterServerWebExchangeMatcher)));
// @formatter:on
}
}
@ -1920,8 +1922,10 @@ public class ServerHttpSecurity {
AuthenticationWebFilter oauth2 = new BearerTokenAuthenticationWebFilter(authenticationManager);
oauth2.setServerAuthenticationConverter(bearerTokenConverter);
oauth2.setAuthenticationFailureHandler(new ServerAuthenticationEntryPointFailureHandler(entryPoint));
// @formatter:off
http
.addFilterAt(oauth2, SecurityWebFiltersOrder.AUTHENTICATION);
// @formatter:on
}
protected ReactiveJwtDecoder getJwtDecoder() {

8
config/src/test/java/org/springframework/security/config/annotation/issue50/SecurityConfig.java
View File

@ -45,22 +45,22 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserRepository myUserRepository;
// @formatter:off
@Override
protected void configure(AuthenticationManagerBuilder auth) {
// @formatter:off
auth
.authenticationProvider(authenticationProvider());
// @formatter:on
}
// @formatter:on
// @formatter:off
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.antMatchers("/*").permitAll();
// @formatter:on
}
// @formatter:on
@Bean
@Override

2
config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java
View File

@ -96,9 +96,11 @@ public class Sec2758Tests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().access("hasAnyRole('CUSTOM')");
// @formatter:on
}
@Bean

10
config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryAnyMatcherTests.java
View File

@ -35,10 +35,12 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests{
@EnableWebSecurity
static class AntMatchersAfterAnyRequestConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().authenticated()
.antMatchers("/demo/**").permitAll();
// @formatter:on
}
}
@ -51,10 +53,12 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests{
@EnableWebSecurity
static class MvcMatchersAfterAnyRequestConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().authenticated()
.mvcMatchers("/demo/**").permitAll();
// @formatter:on
}
}
@ -67,10 +71,12 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests{
@EnableWebSecurity
static class RegexMatchersAfterAnyRequestConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().authenticated()
.regexMatchers(".*").permitAll();
// @formatter:on
}
}
@ -83,10 +89,12 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests{
@EnableWebSecurity
static class AnyRequestAfterItselfConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().authenticated()
.anyRequest().permitAll();
// @formatter:on
}
}
@ -99,10 +107,12 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests{
@EnableWebSecurity
static class RequestMatchersAfterAnyRequestConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().authenticated()
.requestMatchers(new AntPathRequestMatcher("/**")).permitAll();
// @formatter:on
}
}

6
config/src/test/java/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.java
View File

@ -218,6 +218,7 @@ public class SampleWebSecurityConfigurerAdapterTests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.antMatchers("/signup", "/about").permitAll()
@ -227,6 +228,7 @@ public class SampleWebSecurityConfigurerAdapterTests {
.loginPage("/login")
// set permitAll for all URLs associated with Form Login
.permitAll();
// @formatter:on
}
@Override
@ -354,6 +356,7 @@ public class SampleWebSecurityConfigurerAdapterTests {
@Order(1)
public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.antMatcher("/api/**")
.authorizeRequests()
@ -361,6 +364,7 @@ public class SampleWebSecurityConfigurerAdapterTests {
.antMatchers("/api/**").hasRole("USER")
.and()
.httpBasic();
// @formatter:on
}
}
@ -375,6 +379,7 @@ public class SampleWebSecurityConfigurerAdapterTests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.antMatchers("/signup", "/about").permitAll()
@ -383,6 +388,7 @@ public class SampleWebSecurityConfigurerAdapterTests {
.formLogin()
.loginPage("/login")
.permitAll();
// @formatter:on
}
}
}

6
config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java
View File

@ -68,8 +68,10 @@ public class HttpConfigurationTests {
static class UnregisteredFilterConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) {
// @formatter:off
http
.addFilter(new UnregisteredFilter());
// @formatter:on
}
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
@ -105,8 +107,10 @@ public class HttpConfigurationTests {
static CasAuthenticationFilter CAS_AUTHENTICATION_FILTER;
protected void configure(HttpSecurity http) {
// @formatter:off
http
.addFilter(CAS_AUTHENTICATION_FILTER);
// @formatter:on
}
}
@ -124,6 +128,7 @@ public class HttpConfigurationTests {
static class RequestMatcherRegistryConfigs extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.requestMatchers()
.antMatchers("/api/**")
@ -133,6 +138,7 @@ public class HttpConfigurationTests {
.antMatchers("/**").hasRole("USER")
.and()
.httpBasic();
// @formatter:on
}
}
}

36
config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java
View File

@ -94,10 +94,12 @@ public class NamespaceHttpTests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().permitAll()
.accessDecisionManager(ACCESS_DECISION_MANAGER);
// @formatter:on
}
}
@ -114,6 +116,7 @@ public class NamespaceHttpTests {
static class AccessDeniedPageConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.antMatchers("/admin").hasRole("ADMIN")
@ -121,6 +124,7 @@ public class NamespaceHttpTests {
.and()
.exceptionHandling()
.accessDeniedPage("/AccessDeniedPage");
// @formatter:on
}
}
@ -145,11 +149,13 @@ public class NamespaceHttpTests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin();
// @formatter:on
}
}
@ -168,12 +174,14 @@ public class NamespaceHttpTests {
static class CreateSessionAlwaysConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().permitAll()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.ALWAYS);
// @formatter:on
}
}
@ -191,12 +199,14 @@ public class NamespaceHttpTests {
static class CreateSessionStatelessConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().permitAll()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
// @formatter:on
}
}
@ -220,6 +230,7 @@ public class NamespaceHttpTests {
static class IfRequiredConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.antMatchers("/unsecure").permitAll()
@ -229,6 +240,7 @@ public class NamespaceHttpTests {
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and()
.formLogin();
// @formatter:on
}
}
@ -246,12 +258,14 @@ public class NamespaceHttpTests {
static class CreateSessionNeverConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().anonymous()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.NEVER);
// @formatter:on
}
}
@ -268,6 +282,7 @@ public class NamespaceHttpTests {
static class EntryPointRefConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().authenticated()
@ -276,6 +291,7 @@ public class NamespaceHttpTests {
.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/entry-point"))
.and()
.formLogin();
// @formatter:on
}
}
@ -299,8 +315,10 @@ public class NamespaceHttpTests {
static class JaasApiProvisionConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) {
// @formatter:off
http
.addFilter(new JaasApiIntegrationFilter());
// @formatter:on
}
}
@ -317,12 +335,14 @@ public class NamespaceHttpTests {
static class RealmConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.httpBasic()
.realmName("RealmConfig");
// @formatter:on
}
}
@ -341,8 +361,10 @@ public class NamespaceHttpTests {
static class RequestMatcherAntConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) {
// @formatter:off
http
.antMatcher("/api/**");
// @formatter:on
}
}
@ -361,8 +383,10 @@ public class NamespaceHttpTests {
static class RequestMatcherRegexConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) {
// @formatter:off
http
.regexMatcher("/regex/.*");
// @formatter:on
}
}
@ -381,8 +405,10 @@ public class NamespaceHttpTests {
static class RequestMatcherRefConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) {
// @formatter:off
http
.requestMatcher(new MyRequestMatcher());
// @formatter:on
}
static class MyRequestMatcher implements RequestMatcher {
@ -439,6 +465,7 @@ public class NamespaceHttpTests {
static class SecurityContextRepoConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().authenticated()
@ -447,6 +474,7 @@ public class NamespaceHttpTests {
.securityContextRepository(new NullSecurityContextRepository())
.and()
.formLogin();
// @formatter:on
}
@Override
@ -470,12 +498,14 @@ public class NamespaceHttpTests {
static class ServletApiProvisionConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().permitAll()
.and()
.servletApi()
.disable();
// @formatter:on
}
}
@ -492,9 +522,11 @@ public class NamespaceHttpTests {
static class ServletApiProvisionDefaultsConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().permitAll();
// @formatter:on
}
}
@ -525,11 +557,13 @@ public class NamespaceHttpTests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.antMatchers("/users**", "/sessions/**").hasRole("USER")
.antMatchers("/signup").permitAll()
.anyRequest().hasRole("USER");
// @formatter:on
}
@Override
@ -560,11 +594,13 @@ public class NamespaceHttpTests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.apply(new UrlAuthorizationConfigurer<>(getApplicationContext())).getRegistry()
.antMatchers("/users**", "/sessions/**").hasRole("USER")
.antMatchers("/signup").hasRole("ANONYMOUS")
.anyRequest().hasRole("USER");
// @formatter:on
}
@Override

2
config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java
View File

@ -77,11 +77,13 @@ public class EnableWebSecurityTests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.antMatchers("/*").hasRole("USER")
.and()
.formLogin();
// @formatter:on
}
}

24
config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java
View File

@ -127,10 +127,12 @@ public class WebSecurityConfigurationTests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.antMatcher("/role1/**")
.authorizeRequests()
.anyRequest().hasRole("1");
// @formatter:on
}
}
@ -139,10 +141,12 @@ public class WebSecurityConfigurationTests {
static class WebConfigurer2 extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.antMatcher("/role2/**")
.authorizeRequests()
.anyRequest().hasRole("2");
// @formatter:on
}
}
@ -151,10 +155,12 @@ public class WebSecurityConfigurationTests {
static class WebConfigurer3 extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.antMatcher("/role3/**")
.authorizeRequests()
.anyRequest().hasRole("3");
// @formatter:on
}
}
@ -163,9 +169,11 @@ public class WebSecurityConfigurationTests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().hasRole("4");
// @formatter:on
}
}
}
@ -258,10 +266,12 @@ public class WebSecurityConfigurationTests {
static class WebConfigurer1 extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.antMatcher("/role1/**")
.authorizeRequests()
.anyRequest().hasRole("1");
// @formatter:on
}
}
@ -269,10 +279,12 @@ public class WebSecurityConfigurationTests {
static class WebConfigurer2 extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.antMatcher("/role2/**")
.authorizeRequests()
.anyRequest().hasRole("2");
// @formatter:on
}
}
}
@ -319,10 +331,12 @@ public class WebSecurityConfigurationTests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().authenticated()
.expressionHandler(EXPRESSION_HANDLER);
// @formatter:on
}
}
@ -357,9 +371,11 @@ public class WebSecurityConfigurationTests {
static class WebSecurityExpressionHandlerDefaultsConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().authenticated();
// @formatter:on
}
}
@ -436,9 +452,11 @@ public class WebSecurityConfigurationTests {
static class WebInvocationPrivilegeEvaluatorDefaultsConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().authenticated();
// @formatter:on
}
}
@ -475,9 +493,11 @@ public class WebSecurityConfigurationTests {
static class DefaultExpressionHandlerSetsBeanResolverConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().access("request.method == 'GET' ? @b.grant() : @b.deny()");
// @formatter:on
}
@RestController
@ -571,10 +591,12 @@ public class WebSecurityConfigurationTests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.antMatcher("/anonymous/**")
.authorizeRequests()
.anyRequest().anonymous();
// @formatter:on
}
}
@ -583,9 +605,11 @@ public class WebSecurityConfigurationTests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().authenticated();
// @formatter:on
}
}
}

2
config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java
View File

@ -60,12 +60,14 @@ public class AnonymousConfigurerTests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.anonymous()
.key("key")
.principal("principal")
.and()
.anonymous();
// @formatter:on
}
}

2
config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java
View File

@ -83,10 +83,12 @@ public class FormLoginConfigurerTests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.formLogin().and()
.requestCache()
.requestCache(this.requestCache);
// @formatter:on
}
}

4
config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java
View File

@ -78,12 +78,14 @@ public class HttpSecurityAntMatchersTests {
@Configuration
static class AntMatchersNoPatternsConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.requestMatchers()
.antMatchers(HttpMethod.POST)
.and()
.authorizeRequests()
.anyRequest().denyAll();
// @formatter:on
}
@Override
@ -108,6 +110,7 @@ public class HttpSecurityAntMatchersTests {
@Configuration
static class AntMatchersEmptyPatternsConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.requestMatchers()
.antMatchers("/never/")
@ -115,6 +118,7 @@ public class HttpSecurityAntMatchersTests {
.and()
.authorizeRequests()
.anyRequest().denyAll();
// @formatter:on
}
@Override

2
config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java
View File

@ -85,10 +85,12 @@ public class HttpSecurityLogoutTests {
@Configuration
static class ClearAuthenticationFalseConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.csrf().disable()
.logout()
.clearAuthentication(false);
// @formatter:on
}
@Override

2
config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerClearSiteDataTests.java
View File

@ -97,9 +97,11 @@ public class LogoutConfigurerClearSiteDataTests {
static class HttpLogoutConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.logout()
.addLogoutHandler(new HeaderWriterLogoutHandler(new ClearSiteDataHeaderWriter(SOURCE)));
// @formatter:on
}
}
}

8
config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java
View File

@ -95,11 +95,13 @@ public class NamespaceHttpBasicTests {
@EnableWebSecurity
static class HttpBasicConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.httpBasic();
// @formatter:on
}
}
@ -151,11 +153,13 @@ public class NamespaceHttpBasicTests {
static class CustomHttpBasicConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.httpBasic().realmName("Custom Realm");
// @formatter:on
}
}
@ -207,9 +211,11 @@ public class NamespaceHttpBasicTests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.httpBasic()
.authenticationDetailsSource(this.authenticationDetailsSource);
// @formatter:on
}
@Bean
@ -278,12 +284,14 @@ public class NamespaceHttpBasicTests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.httpBasic()
.authenticationEntryPoint(this.authenticationEntryPoint);
// @formatter:on
}
}

10
config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java
View File

@ -67,9 +67,11 @@ public class NamespaceHttpCustomFilterTests {
@EnableWebSecurity
static class CustomFilterBeforeConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.addFilterBefore(new CustomFilter(), UsernamePasswordAuthenticationFilter.class)
.formLogin();
// @formatter:on
}
}
@ -82,9 +84,11 @@ public class NamespaceHttpCustomFilterTests {
@EnableWebSecurity
static class CustomFilterAfterConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.addFilterAfter(new CustomFilter(), UsernamePasswordAuthenticationFilter.class)
.formLogin();
// @formatter:on
}
}
@ -102,10 +106,12 @@ public class NamespaceHttpCustomFilterTests {
}
protected void configure(HttpSecurity http) {
// @formatter:off
http
// this works so long as the CustomFilter extends one of the standard filters
// if not, use addFilterBefore or addFilterAfter
.addFilter(new CustomFilter());
// @formatter:on
}
}
@ -124,8 +130,10 @@ public class NamespaceHttpCustomFilterTests {
}
protected void configure(HttpSecurity http) {
// @formatter:off
http
.addFilterAt(new OtherCustomFilter(), UsernamePasswordAuthenticationFilter.class);
// @formatter:on
}
}
@ -147,11 +155,13 @@ public class NamespaceHttpCustomFilterTests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.addFilterBefore(new CustomFilter(), UsernamePasswordAuthenticationFilter.class);
// @formatter:on
}
}

3
config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpExpressionHandlerTests.java
View File

@ -86,11 +86,12 @@ public class NamespaceHttpExpressionHandlerTests {
protected void configure(HttpSecurity http) throws Exception {
DefaultWebSecurityExpressionHandler handler = new DefaultWebSecurityExpressionHandler();
handler.setExpressionParser(expressionParser());
// @formatter:off
http
.authorizeRequests()
.expressionHandler(handler)
.anyRequest().access("hasRole('USER')");
// @formatter:on
}
@Bean

7
config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java
View File

@ -90,11 +90,13 @@ public class NamespaceHttpFormLoginTests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.formLogin();
// @formatter:on
}
}
@ -120,6 +122,7 @@ public class NamespaceHttpFormLoginTests {
static class FormLoginCustomConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
boolean alwaysUseDefaultSuccess = true;
// @formatter:off
http
.authorizeRequests()
.anyRequest().hasRole("USER")
@ -131,6 +134,7 @@ public class NamespaceHttpFormLoginTests {
.failureUrl("/authentication/login?failed") // form-login@authentication-failure-url
.loginProcessingUrl("/authentication/login/process") // form-login@login-processing-url
.defaultSuccessUrl("/default", alwaysUseDefaultSuccess); // form-login@default-target-url / form-login@always-use-default-target
// @formatter:on
}
}
@ -159,7 +163,7 @@ public class NamespaceHttpFormLoginTests {
SavedRequestAwareAuthenticationSuccessHandler successHandler =
new SavedRequestAwareAuthenticationSuccessHandler();
successHandler.setDefaultTargetUrl("/custom/targetUrl");
// @formatter:off
http
.authorizeRequests()
.anyRequest().hasRole("USER")
@ -170,6 +174,7 @@ public class NamespaceHttpFormLoginTests {
.successHandler(successHandler) // form-login@authentication-success-handler-ref
.authenticationDetailsSource(authenticationDetailsSource()) // form-login@authentication-details-source-ref
.and();
// @formatter:on
}
@Bean

20
config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.java
View File

@ -77,8 +77,10 @@ public class NamespaceHttpHeadersTests {
static class HeadersDefaultConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.headers();
// @formatter:on
}
}
@ -94,10 +96,12 @@ public class NamespaceHttpHeadersTests {
static class HeadersCacheControlConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.headers()
.defaultsDisabled()
.cacheControl();
// @formatter:on
}
}
@ -113,10 +117,12 @@ public class NamespaceHttpHeadersTests {
static class HstsConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.headers()
.defaultsDisabled()
.httpStrictTransportSecurity();
// @formatter:on
}
}
@ -132,6 +138,7 @@ public class NamespaceHttpHeadersTests {
static class HstsCustomConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.headers()
// hsts@request-matcher-ref, hsts@max-age-seconds, hsts@include-subdomains
@ -140,6 +147,7 @@ public class NamespaceHttpHeadersTests {
.requestMatcher(AnyRequestMatcher.INSTANCE)
.maxAgeInSeconds(15768000)
.includeSubDomains(false);
// @formatter:on
}
}
@ -155,12 +163,14 @@ public class NamespaceHttpHeadersTests {
static class FrameOptionsSameOriginConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.headers()
// frame-options@policy=SAMEORIGIN
.defaultsDisabled()
.frameOptions()
.sameOrigin();
// @formatter:on
}
}
@ -178,12 +188,14 @@ public class NamespaceHttpHeadersTests {
static class FrameOptionsAllowFromConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.headers()
// frame-options@ref
.defaultsDisabled()
.addHeaderWriter(new XFrameOptionsHeaderWriter(
new StaticAllowFromStrategy(URI.create("https://example.com"))));
// @formatter:on
}
}
@ -199,11 +211,13 @@ public class NamespaceHttpHeadersTests {
static class XssProtectionConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.headers()
// xss-protection
.defaultsDisabled()
.xssProtection();
// @formatter:on
}
}
@ -219,6 +233,7 @@ public class NamespaceHttpHeadersTests {
static class XssProtectionCustomConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.headers()
// xss-protection@enabled and xss-protection@block
@ -226,6 +241,7 @@ public class NamespaceHttpHeadersTests {
.xssProtection()
.xssProtectionEnabled(true)
.block(false);
// @formatter:on
}
}
@ -241,11 +257,13 @@ public class NamespaceHttpHeadersTests {
static class ContentTypeOptionsConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.headers()
// content-type-options
.defaultsDisabled()
.contentTypeOptions();
// @formatter:on
}
}
@ -263,10 +281,12 @@ public class NamespaceHttpHeadersTests {
static class HeaderRefConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.headers()
.defaultsDisabled()
.addHeaderWriter(new StaticHeadersWriter("customHeaderName", "customHeaderValue"));
// @formatter:on
}
}

2
config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java
View File

@ -120,6 +120,7 @@ public class NamespaceHttpInterceptUrlTests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
// the line below is similar to intercept-url@pattern:
@ -142,6 +143,7 @@ public class NamespaceHttpInterceptUrlTests {
// the line below is similar to intercept-url@requires-channel="http":
// <intercept-url pattern="/**" requires-channel="http"/>
.anyRequest().requiresInsecure();
// @formatter:on
}
protected void configure(AuthenticationManagerBuilder auth) throws Exception {

4
config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java
View File

@ -83,12 +83,14 @@ public class NamespaceHttpJeeTests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().hasRole("user")
.and()
.jee()
.mappableRoles("user", "admin");
// @formatter:on
}
}
@ -120,6 +122,7 @@ public class NamespaceHttpJeeTests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().hasRole("user")
@ -127,6 +130,7 @@ public class NamespaceHttpJeeTests {
.jee()
.mappableAuthorities("ROLE_user", "ROLE_admin")
.authenticatedUserDetailsService(this.authenticationUserDetailsService);
// @formatter:on
}
@Bean

5
config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java
View File

@ -122,12 +122,14 @@ public class NamespaceHttpLogoutTests {
static class CustomHttpLogoutConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.logout()
.deleteCookies("remove") // logout@delete-cookies
.invalidateHttpSession(false) // logout@invalidate-session=false (default is true)
.logoutUrl("/custom-logout") // logout@logout-url (default is /logout)
.logoutSuccessUrl("/logout-success"); // logout@success-url (default is /login?logout)
// @formatter:on
}
}
@ -182,10 +184,11 @@ public class NamespaceHttpLogoutTests {
SimpleUrlLogoutSuccessHandler logoutSuccessHandler =
new SimpleUrlLogoutSuccessHandler();
logoutSuccessHandler.setDefaultTargetUrl("/SuccessHandlerRefHttpLogoutConfig");
// @formatter:off
http
.logout()
.logoutSuccessHandler(logoutSuccessHandler);
// @formatter:on
}
}

10
config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.java
View File

@ -97,12 +97,14 @@ public class NamespaceHttpOpenIDLoginTests {
static class OpenIDLoginConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.openidLogin()
.permitAll();
// @formatter:on
}
}
@ -159,6 +161,7 @@ public class NamespaceHttpOpenIDLoginTests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().hasRole("USER")
@ -191,6 +194,7 @@ public class NamespaceHttpOpenIDLoginTests {
.and()
.and()
.permitAll();
// @formatter:on
}
}
@ -209,6 +213,7 @@ public class NamespaceHttpOpenIDLoginTests {
@Override
protected void configure(HttpSecurity http) throws Exception {
boolean alwaysUseDefaultSuccess = true;
// @formatter:off
http
.authorizeRequests()
.anyRequest().hasRole("USER")
@ -219,6 +224,7 @@ public class NamespaceHttpOpenIDLoginTests {
.failureUrl("/authentication/login?failed") // openid-login@authentication-failure-url
.loginProcessingUrl("/authentication/login/process") // openid-login@login-processing-url
.defaultSuccessUrl("/default", alwaysUseDefaultSuccess); // openid-login@default-target-url / openid-login@always-use-default-target
// @formatter:on
}
}
@ -267,7 +273,7 @@ public class NamespaceHttpOpenIDLoginTests {
SavedRequestAwareAuthenticationSuccessHandler handler =
new SavedRequestAwareAuthenticationSuccessHandler();
handler.setDefaultTargetUrl("/custom/targetUrl");
// @formatter:off
http
.authorizeRequests()
.anyRequest().hasRole("USER")
@ -285,7 +291,7 @@ public class NamespaceHttpOpenIDLoginTests {
return filter;
}
});
// @formatter:on
}
}

2
config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.java
View File

@ -64,6 +64,7 @@ public class NamespaceHttpPortMappingsTests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().hasRole("USER")
@ -74,6 +75,7 @@ public class NamespaceHttpPortMappingsTests {
.requiresChannel()
.antMatchers("/login", "/secured/**").requiresSecure()
.anyRequest().requiresInsecure();
// @formatter:on
}
protected void configure(AuthenticationManagerBuilder auth) throws Exception {

4
config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java
View File

@ -67,12 +67,14 @@ public class NamespaceHttpRequestCacheTests {
@EnableWebSecurity
static class RequestCacheRefConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.requestCache()
.requestCache(requestCache());
// @formatter:on
}
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
@ -104,9 +106,11 @@ public class NamespaceHttpRequestCacheTests {
@EnableWebSecurity
static class DefaultRequestCacheRefConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().authenticated();
// @formatter:on
}
protected void configure(AuthenticationManagerBuilder auth) throws Exception {

4
config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java
View File

@ -70,12 +70,14 @@ public class NamespaceHttpServerAccessDeniedHandlerTests {
@EnableWebSecurity
static class AccessDeniedPageConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().denyAll()
.and()
.exceptionHandling()
.accessDeniedPage("/AccessDeniedPageConfig");
// @formatter:on
}
}
@ -121,12 +123,14 @@ public class NamespaceHttpServerAccessDeniedHandlerTests {
@EnableWebSecurity
static class AccessDeniedHandlerRefConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().denyAll()
.and()
.exceptionHandling()
.accessDeniedHandler(accessDeniedHandler());
// @formatter:on
}
@Bean

12
config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java
View File

@ -88,11 +88,13 @@ public class NamespaceHttpX509Tests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.x509();
// @formatter:on
}
}
@ -119,12 +121,14 @@ public class NamespaceHttpX509Tests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.x509()
.authenticationDetailsSource(authenticationDetailsSource());
// @formatter:on
}
@Bean
@ -155,12 +159,14 @@ public class NamespaceHttpX509Tests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.x509()
.subjectPrincipalRegex("CN=(.*?)@example.com(?:,|$)");
// @formatter:on
}
}
@ -184,12 +190,14 @@ public class NamespaceHttpX509Tests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.x509()
.x509PrincipalExtractor(this::extractCommonName);
// @formatter:on
}
private String extractCommonName(X509Certificate certificate) {
@ -221,12 +229,14 @@ public class NamespaceHttpX509Tests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.x509()
.userDetailsService(username -> USER);
// @formatter:on
}
}
@ -248,12 +258,14 @@ public class NamespaceHttpX509Tests {
}
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.x509()
.authenticationUserDetailsService(authentication -> USER);
// @formatter:on
}
}

14
config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java
View File

@ -174,6 +174,7 @@ public class NamespaceSessionManagementTests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().authenticated()
@ -187,6 +188,7 @@ public class NamespaceSessionManagementTests {
.maxSessionsPreventsLogin(true) // session-management/concurrency-control@error-if-maximum-exceeded
.expiredUrl("/expired-session") // session-management/concurrency-control@expired-url
.sessionRegistry(sessionRegistry()); // session-management/concurrency-control@session-registry-ref
// @formatter:on
}
@Bean
@ -219,9 +221,11 @@ public class NamespaceSessionManagementTests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.sessionManagement()
.invalidSessionStrategy(invalidSessionStrategy());
// @formatter:on
}
@Bean
@ -250,11 +254,13 @@ public class NamespaceSessionManagementTests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.sessionManagement()
.sessionAuthenticationStrategy(sessionAuthenticationStrategy()) // session-management@session-authentication-strategy-ref
.and()
.httpBasic();
// @formatter:on
}
@Bean
@ -283,11 +289,13 @@ public class NamespaceSessionManagementTests {
static class SFPNoneSessionManagementConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.sessionManagement()
.sessionAuthenticationStrategy(new NullAuthenticatedSessionStrategy())
.and()
.httpBasic();
// @formatter:on
}
}
@ -314,10 +322,12 @@ public class NamespaceSessionManagementTests {
static class SFPMigrateSessionManagementConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.sessionManagement()
.and()
.httpBasic();
// @formatter:on
}
}
@ -338,10 +348,12 @@ public class NamespaceSessionManagementTests {
static class SFPPostProcessedConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.sessionManagement()
.and()
.httpBasic();
// @formatter:on
}
@Bean
@ -373,11 +385,13 @@ public class NamespaceSessionManagementTests {
static class SFPNewSessionSessionManagementConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.sessionManagement()
.sessionFixation().newSession()
.and()
.httpBasic();
// @formatter:on
}
}

4
config/src/test/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.java
View File

@ -63,6 +63,7 @@ public class PermitAllSupportTests {
static class PermitAllConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().authenticated()
@ -70,6 +71,7 @@ public class PermitAllSupportTests {
.formLogin()
.loginPage("/xyz").permitAll()
.loginProcessingUrl("/abc?def").permitAll();
// @formatter:on
}
}
@ -85,9 +87,11 @@ public class PermitAllSupportTests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.formLogin()
.permitAll();
// @formatter:on
}
}
}

2
config/src/test/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurerTests.java
View File

@ -54,6 +54,7 @@ public class PortMapperConfigurerTests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.requiresChannel()
.anyRequest().requiresSecure()
@ -62,6 +63,7 @@ public class PortMapperConfigurerTests {
.http(543).mapsTo(123)
.and()
.portMapper();
// @formatter:on
}
}

2
config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java
View File

@ -260,11 +260,13 @@ public class RequestCacheConfigurerTests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin();
// @formatter:on
}
}

4
config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java
View File

@ -103,15 +103,15 @@ public class SessionManagementConfigurerServlet31Tests {
@EnableWebSecurity
static class SessionManagementDefaultSessionFixationServlet31Config extends
WebSecurityConfigurerAdapter {
// @formatter:off
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.formLogin()
.and()
.sessionManagement();
// @formatter:on
}
// @formatter:on
// @formatter:off
@Override

4
config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionAuthenticationStrategyTests.java
View File

@ -60,16 +60,16 @@ public class SessionManagementConfigurerSessionAuthenticationStrategyTests {
static class CustomSessionAuthenticationStrategyConfig extends WebSecurityConfigurerAdapter {
static SessionAuthenticationStrategy customSessionAuthenticationStrategy = mock(SessionAuthenticationStrategy.class);
// @formatter:off
@Override
public void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.formLogin()
.and()
.sessionManagement()
.sessionAuthenticationStrategy(customSessionAuthenticationStrategy);
// @formatter:on
}
// @formatter:on
// @formatter:off
@Override

2
config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionCreationPolicyTests.java
View File

@ -80,8 +80,10 @@ public class SessionManagementConfigurerSessionCreationPolicyTests {
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
// @formatter:off
http
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
// @formatter:on
http.setSharedObject(SessionCreationPolicy.class, SessionCreationPolicy.ALWAYS);
}

5
config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTransientAuthenticationTests.java
View File

@ -70,9 +70,10 @@ public class SessionManagementConfigurerTransientAuthenticationTests {
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
// @formatter:off
http
.csrf().disable();
// @formatter:on
}
@Override
@ -86,8 +87,10 @@ public class SessionManagementConfigurerTransientAuthenticationTests {
static class AlwaysCreateSessionConfig extends WithTransientAuthenticationConfig {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.ALWAYS);
// @formatter:on
}
}

2
config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java
View File

@ -268,6 +268,7 @@ public class OAuth2ClientConfigurerTests {
static class OAuth2ClientConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().authenticated()
@ -279,6 +280,7 @@ public class OAuth2ClientConfigurerTests {
.authorizationCodeGrant()
.authorizationRequestResolver(authorizationRequestResolver)
.accessTokenResponseClient(accessTokenResponseClient);
// @formatter:on
}
@Bean

22
config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
View File

@ -617,10 +617,12 @@ public class OAuth2LoginConfigurerTests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.oauth2Login()
.clientRegistrationRepository(
new InMemoryClientRegistrationRepository(GOOGLE_CLIENT_REGISTRATION));
// @formatter:on
super.configure(http);
}
@ -658,12 +660,14 @@ public class OAuth2LoginConfigurerTests {
static class OAuth2LoginConfigCustomWithConfigurer extends CommonWebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.oauth2Login()
.clientRegistrationRepository(
new InMemoryClientRegistrationRepository(GOOGLE_CLIENT_REGISTRATION))
.userInfoEndpoint()
.userAuthoritiesMapper(createGrantedAuthoritiesMapper());
// @formatter:on
super.configure(http);
}
}
@ -672,8 +676,10 @@ public class OAuth2LoginConfigurerTests {
static class OAuth2LoginConfigCustomWithBeanRegistration extends CommonWebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.oauth2Login();
// @formatter:on
super.configure(http);
}
@ -692,6 +698,7 @@ public class OAuth2LoginConfigurerTests {
static class OAuth2LoginConfigCustomUserServiceBeanRegistration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().authenticated()
@ -702,6 +709,7 @@ public class OAuth2LoginConfigurerTests {
.oauth2Login()
.tokenEndpoint()
.accessTokenResponseClient(createOauth2AccessTokenResponseClient());
// @formatter:on
}
@Bean
@ -739,11 +747,13 @@ public class OAuth2LoginConfigurerTests {
static class OAuth2LoginConfigLoginProcessingUrl extends CommonWebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.oauth2Login()
.clientRegistrationRepository(
new InMemoryClientRegistrationRepository(GOOGLE_CLIENT_REGISTRATION))
.loginProcessingUrl("/login/oauth2/*");
// @formatter:on
super.configure(http);
}
}
@ -757,11 +767,13 @@ public class OAuth2LoginConfigurerTests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.oauth2Login()
.clientRegistrationRepository(this.clientRegistrationRepository)
.authorizationEndpoint()
.authorizationRequestResolver(this.resolver);
// @formatter:on
super.configure(http);
}
}
@ -775,6 +787,7 @@ public class OAuth2LoginConfigurerTests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.oauth2Login(oauth2Login ->
oauth2Login
@ -784,6 +797,7 @@ public class OAuth2LoginConfigurerTests {
.authorizationRequestResolver(this.resolver)
)
);
// @formatter:on
super.configure(http);
}
}
@ -792,11 +806,13 @@ public class OAuth2LoginConfigurerTests {
static class OAuth2LoginConfigMultipleClients extends CommonWebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.oauth2Login()
.clientRegistrationRepository(
new InMemoryClientRegistrationRepository(
GOOGLE_CLIENT_REGISTRATION, GITHUB_CLIENT_REGISTRATION));
// @formatter:on
super.configure(http);
}
}
@ -805,11 +821,13 @@ public class OAuth2LoginConfigurerTests {
static class OAuth2LoginConfigCustomLoginPage extends CommonWebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.oauth2Login()
.clientRegistrationRepository(
new InMemoryClientRegistrationRepository(GOOGLE_CLIENT_REGISTRATION))
.loginPage("/custom-login");
// @formatter:on
super.configure(http);
}
}
@ -835,9 +853,11 @@ public class OAuth2LoginConfigurerTests {
static class OAuth2LoginConfigWithOidcLogoutSuccessHandler extends CommonWebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.logout()
.logoutSuccessHandler(oidcLogoutSuccessHandler());
// @formatter:on
super.configure(http);
}
@ -859,6 +879,7 @@ public class OAuth2LoginConfigurerTests {
private static abstract class CommonWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().authenticated()
@ -873,6 +894,7 @@ public class OAuth2LoginConfigurerTests {
.userInfoEndpoint()
.userService(createOauth2UserService())
.oidcUserService(createOidcUserService());
// @formatter:on
}
@Bean

6
config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
View File

@ -1761,7 +1761,6 @@ public class OAuth2ResourceServerConfigurerTests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().authenticated()
@ -1769,7 +1768,6 @@ public class OAuth2ResourceServerConfigurerTests {
.oauth2ResourceServer()
.jwt()
.jwtAuthenticationConverter(getJwtAuthenticationConverter());
// @formatter:on
}
@ -1783,7 +1781,6 @@ public class OAuth2ResourceServerConfigurerTests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.antMatchers("/requires-read-scope").access("hasAuthority('message:read')")
@ -1791,7 +1788,6 @@ public class OAuth2ResourceServerConfigurerTests {
.oauth2ResourceServer()
.jwt()
.jwtAuthenticationConverter(getJwtAuthenticationConverter());
// @formatter:on
}
@ -2255,6 +2251,7 @@ public class OAuth2ResourceServerConfigurerTests {
.jwt()
.and()
.opaqueToken();
// @formatter:on
}
}
@ -2306,6 +2303,7 @@ public class OAuth2ResourceServerConfigurerTests {
.oauth2ResourceServer()
.authenticationManagerResolver(mock(AuthenticationManagerResolver.class))
.opaqueToken();
// @formatter:on
}
}

4
config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
View File

@ -300,11 +300,13 @@ public class Saml2LoginConfigurerTests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests(authz -> authz
.anyRequest().authenticated()
)
.saml2Login(withDefaults());
// @formatter:on
}
@Bean
@ -319,11 +321,13 @@ public class Saml2LoginConfigurerTests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests(authz -> authz
.anyRequest().authenticated()
)
.saml2Login(saml2 -> {});
// @formatter:on
}
@Bean

2
config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java
View File

@ -165,9 +165,11 @@ public class GrantedAuthorityDefaultsJcTests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().access("hasRole('USER')");
// @formatter:on
}
@Bean

6
config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomConfigurer.java
View File

@ -42,17 +42,19 @@ public class CustomConfigurer extends SecurityConfigurerAdapter<DefaultSecurityF
// autowire this bean
ApplicationContext context = http.getSharedObject(ApplicationContext.class);
context.getAutowireCapableBeanFactory().autowireBean(this);
// @formatter:off
http
.authorizeRequests()
.antMatchers(permitAllPattern).permitAll()
.anyRequest().authenticated();
// @formatter:on
if (http.getConfigurer(FormLoginConfigurer.class) == null) {
// only apply if formLogin() was not invoked by the user
// @formatter:off
http
.formLogin()
.loginPage(loginPage);
// @formatter:on
}
}

4
config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java
View File

@ -120,9 +120,11 @@ public class CustomHttpSecurityConfigurerTests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.apply(customConfigurer())
.loginPage("/custom");
// @formatter:on
}
@Bean
@ -142,12 +144,14 @@ public class CustomHttpSecurityConfigurerTests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.apply(customConfigurer())
.and()
.csrf().disable()
.formLogin()
.loginPage("/other");
// @formatter:on
}
@Bean

6
config/src/test/java/org/springframework/security/config/web/server/OAuth2ClientSpecTests.java
View File

@ -117,8 +117,10 @@ public class OAuth2ClientSpecTests {
static class Config {
@Bean
SecurityWebFilterChain springSecurity(ServerHttpSecurity http) {
// @formatter:off
http
.oauth2Client();
// @formatter:on
return http.build();
}
@ -208,6 +210,7 @@ public class OAuth2ClientSpecTests {
@Bean
public SecurityWebFilterChain springSecurityFilter(ServerHttpSecurity http) {
// @formatter:off
http
.oauth2Client()
.authenticationConverter(this.authenticationConverter)
@ -215,6 +218,7 @@ public class OAuth2ClientSpecTests {
.authorizationRequestRepository(this.authorizationRequestRepository)
.and()
.requestCache(c -> c.requestCache(this.requestCache));
// @formatter:on
return http.build();
}
}
@ -274,6 +278,7 @@ public class OAuth2ClientSpecTests {
@Bean
public SecurityWebFilterChain springSecurityFilter(ServerHttpSecurity http) {
// @formatter:off
http
.oauth2Client(oauth2Client ->
oauth2Client
@ -281,6 +286,7 @@ public class OAuth2ClientSpecTests {
.authenticationManager(this.manager)
.authorizationRequestRepository(this.authorizationRequestRepository))
.requestCache(c -> c.requestCache(this.requestCache));
// @formatter:on
return http.build();
}
}

10
config/src/test/java/org/springframework/security/config/web/server/OAuth2LoginTests.java
View File

@ -253,12 +253,14 @@ public class OAuth2LoginTests {
@Bean
SecurityWebFilterChain springSecurity(ServerHttpSecurity http) {
// @formatter:off
http
.requestCache()
.requestCache(this.requestCache)
.and()
.oauth2Login()
.authorizationRequestRepository(this.authorizationRequestRepository);
// @formatter:on
return http.build();
}
@ -395,6 +397,7 @@ public class OAuth2LoginTests {
@Bean
public SecurityWebFilterChain springSecurityFilter(ServerHttpSecurity http) {
// @formatter:off
http
.authorizeExchange()
.anyExchange().authenticated()
@ -406,6 +409,7 @@ public class OAuth2LoginTests {
.authorizationRequestResolver(resolver)
.authenticationSuccessHandler(successHandler)
.authenticationFailureHandler(failureHandler);
// @formatter:on
return http.build();
}
}
@ -474,6 +478,7 @@ public class OAuth2LoginTests {
@Bean
public SecurityWebFilterChain springSecurityFilter(ServerHttpSecurity http) {
// @formatter:off
http
.authorizeExchange(exchanges ->
exchanges
@ -487,6 +492,7 @@ public class OAuth2LoginTests {
.authorizationRequestResolver(resolver)
.authenticationSuccessHandler(successHandler)
);
// @formatter:on
return http.build();
}
}
@ -715,7 +721,7 @@ public class OAuth2LoginTests {
@Bean
public SecurityWebFilterChain springSecurity(ServerHttpSecurity http) {
// @formatter:off
http
.csrf().disable()
.logout()
@ -726,7 +732,7 @@ public class OAuth2LoginTests {
new InMemoryReactiveClientRegistrationRepository(this.withLogout)))
.and()
.securityContextRepository(this.repository);
// @formatter:on
return http.build();
}

6
config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
View File

@ -486,8 +486,6 @@ public class OAuth2ResourceServerSpecTests {
.jwt()
.publicKey(publicKey());
// @formatter:on
return http.build();
}
}
@ -511,7 +509,6 @@ public class OAuth2ResourceServerSpecTests {
)
);
// @formatter:on
return http.build();
}
}
@ -533,8 +530,6 @@ public class OAuth2ResourceServerSpecTests {
.jwt()
.publicKey(this.key);
// @formatter:on
return http.build();
}
}
@ -877,6 +872,7 @@ public class OAuth2ResourceServerSpecTests {
.oauth2ResourceServer()
.authenticationManagerResolver(mock(ReactiveAuthenticationManagerResolver.class))
.opaqueToken();
// @formatter:on
return http.build();
}

2
test/src/test/java/org/springframework/security/test/web/servlet/request/Sec2935Tests.java
View File

@ -148,12 +148,14 @@ public class Sec2935Tests {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.antMatchers("/admin/**").hasRole("ADMIN")
.anyRequest().authenticated()
.and()
.httpBasic();
// @formatter:on
}
@Autowired

5
test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests.java
View File

@ -72,16 +72,15 @@ public class SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests {
@EnableWebMvc
static class Config extends WebSecurityConfigurerAdapter {
// @formatter:off
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
// @formatter:off
http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
// @formatter:on
}
// @formatter:on
// @formatter:off
@Autowired

2
test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2ClientTests.java
View File

@ -165,11 +165,13 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2ClientTests {
static class OAuth2ClientConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests(authz -> authz
.anyRequest().permitAll()
)
.oauth2Client();
// @formatter:on
}
@Bean

2
test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOAuth2LoginTests.java
View File

@ -167,11 +167,13 @@ public class SecurityMockMvcRequestPostProcessorsOAuth2LoginTests {
static class OAuth2LoginConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests(authorize -> authorize
.mvcMatchers("/admin/**").hasAuthority("SCOPE_admin")
.anyRequest().hasAuthority("SCOPE_read")
).oauth2Login();
// @formatter:on
}
@Bean

2
test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOidcLoginTests.java
View File

@ -173,12 +173,14 @@ public class SecurityMockMvcRequestPostProcessorsOidcLoginTests {
static class OAuth2LoginConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.mvcMatchers("/admin/**").hasAuthority("SCOPE_admin")
.anyRequest().hasAuthority("SCOPE_read")
.and()
.oauth2Login();
// @formatter:on
}
@Bean

2
test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsOpaqueTokenTests.java
View File

@ -130,6 +130,7 @@ public class SecurityMockMvcRequestPostProcessorsOpaqueTokenTests {
static class OAuth2LoginConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.mvcMatchers("/admin/**").hasAuthority("SCOPE_admin")
@ -138,6 +139,7 @@ public class SecurityMockMvcRequestPostProcessorsOpaqueTokenTests {
.oauth2ResourceServer()
.opaqueToken()
.introspector(mock(OpaqueTokenIntrospector.class));
// @formatter:on
}
@RestController

5
test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java
View File

@ -72,16 +72,15 @@ public class SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTes
@EnableWebMvc
static class Config extends WebSecurityConfigurerAdapter {
// @formatter:off
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
// @formatter:off
http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
// @formatter:on
}
// @formatter:on
// @formatter:off
@Autowired

4
test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CustomCsrfShowcaseTests.java
View File

@ -74,14 +74,14 @@ public class CustomCsrfShowcaseTests {
@EnableWebMvc
static class Config extends WebSecurityConfigurerAdapter {
// @formatter:off
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.csrf()
.csrfTokenRepository(repo());
// @formatter:on
}
// @formatter:on
// @formatter:off
@Autowired

4
test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java
View File

@ -91,9 +91,9 @@ public class CustomConfigAuthenticationTests {
@EnableWebMvc
static class Config extends WebSecurityConfigurerAdapter {
// @formatter:off
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().authenticated()
@ -105,8 +105,8 @@ public class CustomConfigAuthenticationTests {
.usernameParameter("user")
.passwordParameter("pass")
.loginPage("/authenticate");
// @formatter:on
}
// @formatter:on
// @formatter:off
@Bean

4
test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomLoginRequestBuilderAuthenticationTests.java
View File

@ -81,9 +81,9 @@ public class CustomLoginRequestBuilderAuthenticationTests {
@EnableWebMvc
static class Config extends WebSecurityConfigurerAdapter {
// @formatter:off
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().authenticated()
@ -92,8 +92,8 @@ public class CustomLoginRequestBuilderAuthenticationTests {
.usernameParameter("user")
.passwordParameter("pass")
.loginPage("/authenticate");
// @formatter:on
}
// @formatter:on
// @formatter:off
@Bean

4
test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/DefaultfSecurityRequestsTests.java
View File

@ -85,17 +85,17 @@ public class DefaultfSecurityRequestsTests {
@EnableWebMvc
static class Config extends WebSecurityConfigurerAdapter {
// @formatter:off
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.antMatchers("/admin/**").hasRole("ADMIN")
.anyRequest().authenticated()
.and()
.httpBasic();
// @formatter:on
}
// @formatter:on
// @formatter:off
@Autowired

4
test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/SecurityRequestsTests.java
View File

@ -103,17 +103,17 @@ public class SecurityRequestsTests {
@EnableWebMvc
static class Config extends WebSecurityConfigurerAdapter {
// @formatter:off
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.antMatchers("/admin/**").hasRole("ADMIN")
.anyRequest().authenticated()
.and()
.formLogin();
// @formatter:on
}
// @formatter:on
// @formatter:off
@Autowired

4
test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserAuthenticationTests.java
View File

@ -87,17 +87,17 @@ public class WithUserAuthenticationTests {
@EnableWebMvc
static class Config extends WebSecurityConfigurerAdapter {
// @formatter:off
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.antMatchers("/admin/**").hasRole("ADMIN")
.anyRequest().authenticated()
.and()
.formLogin();
// @formatter:on
}
// @formatter:on
// @formatter:off
@Autowired

4
test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserClassLevelAuthenticationTests.java
View File

@ -87,17 +87,17 @@ public class WithUserClassLevelAuthenticationTests {
@EnableWebMvc
static class Config extends WebSecurityConfigurerAdapter {
// @formatter:off
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.antMatchers("/admin/**").hasRole("ADMIN")
.anyRequest().authenticated()
.and()
.httpBasic();
// @formatter:on
}
// @formatter:on
// @formatter:off
@Autowired

4
test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsAuthenticationTests.java
View File

@ -79,17 +79,17 @@ public class WithUserDetailsAuthenticationTests {
@EnableWebMvc
static class Config extends WebSecurityConfigurerAdapter {
// @formatter:off
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.antMatchers("/admin/**").hasRole("ADMIN")
.anyRequest().authenticated()
.and()
.formLogin();
// @formatter:on
}
// @formatter:on
@Bean
@Override

4
test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsClassLevelAuthenticationTests.java
View File

@ -79,17 +79,17 @@ public class WithUserDetailsClassLevelAuthenticationTests {
@EnableWebMvc
static class Config extends WebSecurityConfigurerAdapter {
// @formatter:off
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.antMatchers("/admin/**").hasRole("ADMIN")
.anyRequest().authenticated()
.and()
.formLogin();
// @formatter:on
}
// @formatter:on
@Bean
@Override

8
test/src/test/java/org/springframework/security/test/web/support/WebTestUtilsTests.java
View File

@ -189,29 +189,29 @@ public class WebTestUtilsTests {
static CsrfTokenRepository CSRF_REPO;
static SecurityContextRepository CONTEXT_REPO;
// @formatter:off
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.csrf()
.csrfTokenRepository(CSRF_REPO)
.and()
.securityContext()
.securityContextRepository(CONTEXT_REPO);
// @formatter:on
}
// @formatter:on
}
@EnableWebSecurity
static class PartialSecurityConfig extends WebSecurityConfigurerAdapter {
// @formatter:off
@Override
public void configure(HttpSecurity http) {
// @formatter:off
http
.antMatcher("/willnotmatchthis");
// @formatter:on
}
// @formatter:on
}
@Configuration