SEC-2790: Deprecate @EnableWebMvcConfig
This commit is contained in:
Rob Winch
parent
62e127e978
commit
1677836d53
|
|
@ -0,0 +1,13 @@
|
|||
package org.springframework.security.config.annotation.web.configuration;
|
||||
|
||||
import org.springframework.context.annotation.Conditional;
|
||||
|
||||
/**
|
||||
* @author Rob Winch
|
||||
* @since 4.0
|
||||
*/
|
||||
@Conditional(OnMissingBeanCondition.class)
|
||||
@interface ConditionalOnMissingBean {
|
||||
|
||||
Class<?> value();
|
||||
}
|
||||
|
|
@ -78,7 +78,7 @@ import org.springframework.security.config.annotation.web.WebSecurityConfigurer;
|
|||
@Retention(value=java.lang.annotation.RetentionPolicy.RUNTIME)
|
||||
@Target(value={java.lang.annotation.ElementType.TYPE})
|
||||
@Documented
|
||||
@Import({WebSecurityConfiguration.class,ObjectPostProcessorConfiguration.class})
|
||||
@Import({WebSecurityConfiguration.class,ObjectPostProcessorConfiguration.class, SpringWebMvcImportSelector.class})
|
||||
@EnableGlobalAuthentication
|
||||
@Configuration
|
||||
public @interface EnableWebSecurity {
|
||||
|
|
|
|||
|
|
@ -0,0 +1,42 @@
|
|||
/*
|
||||
* Copyright 2002-2014 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
* use this file except in compliance with the License. You may obtain a copy of
|
||||
* the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
* License for the specific language governing permissions and limitations under
|
||||
* the License.
|
||||
*/
|
||||
package org.springframework.security.config.annotation.web.configuration;
|
||||
|
||||
import org.springframework.context.annotation.ConditionContext;
|
||||
import org.springframework.context.annotation.ConfigurationCondition;
|
||||
import org.springframework.core.type.AnnotatedTypeMetadata;
|
||||
import org.springframework.util.ClassUtils;
|
||||
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
* @author Rob Winch
|
||||
*/
|
||||
class OnMissingBeanCondition implements ConfigurationCondition {
|
||||
@Override
|
||||
public ConfigurationPhase getConfigurationPhase() {
|
||||
return ConfigurationPhase.REGISTER_BEAN;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean matches(ConditionContext context, AnnotatedTypeMetadata metadata) {
|
||||
Map<String,Object> attrs = metadata.getAnnotationAttributes(ConditionalOnMissingBean.class.getName());
|
||||
|
||||
Class<?> type = (Class) attrs.get("value");
|
||||
final Map<String, ?> beans = context.getBeanFactory().getBeansOfType(type);
|
||||
return beans.isEmpty();
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,39 @@
|
|||
/*
|
||||
* Copyright 2002-2013 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.config.annotation.web.configuration;
|
||||
|
||||
import org.springframework.context.annotation.ImportSelector;
|
||||
import org.springframework.core.type.AnnotationMetadata;
|
||||
import org.springframework.util.ClassUtils;
|
||||
|
||||
/**
|
||||
* Used by {@link EnableWebSecurity} to conditionaly import
|
||||
* {@link WebMvcSecurityConfiguration} when the DispatcherServlet is present on the
|
||||
* classpath.
|
||||
*
|
||||
* @author Rob Winch
|
||||
* @since 3.2
|
||||
*/
|
||||
class SpringWebMvcImportSelector implements ImportSelector {
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.springframework.context.annotation.ImportSelector#selectImports(org.springframework.core.type.AnnotationMetadata)
|
||||
*/
|
||||
public String[] selectImports(AnnotationMetadata importingClassMetadata) {
|
||||
boolean webmvcPresent = ClassUtils.isPresent("org.springframework.web.servlet.DispatcherServlet", getClass().getClassLoader());
|
||||
return webmvcPresent ? new String[] {"org.springframework.security.config.annotation.web.configuration.WebMvcSecurityConfiguration"} : new String[] {};
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,54 @@
|
|||
/*
|
||||
* Copyright 2002-2013 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.config.annotation.web.configuration;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver;
|
||||
import org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor;
|
||||
import org.springframework.web.method.support.HandlerMethodArgumentResolver;
|
||||
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
|
||||
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
|
||||
import org.springframework.web.servlet.support.RequestDataValueProcessor;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* Used to add a {@link RequestDataValueProcessor} for Spring MVC and Spring
|
||||
* Security CSRF integration. This configuration is added whenever
|
||||
* {@link EnableWebMvc} is added by {@link SpringWebMvcImportSelector} and the
|
||||
* DispatcherServlet is present on the classpath. It also adds the
|
||||
* {@link AuthenticationPrincipalArgumentResolver} as a
|
||||
* {@link HandlerMethodArgumentResolver}.
|
||||
*
|
||||
* @author Rob Winch
|
||||
* @since 3.2
|
||||
*/
|
||||
class WebMvcSecurityConfiguration extends WebMvcConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
@SuppressWarnings("deprecation")
|
||||
public void addArgumentResolvers(
|
||||
List<HandlerMethodArgumentResolver> argumentResolvers) {
|
||||
argumentResolvers.add(new AuthenticationPrincipalArgumentResolver());
|
||||
argumentResolvers.add(new org.springframework.security.web.bind.support.AuthenticationPrincipalArgumentResolver());
|
||||
}
|
||||
|
||||
@ConditionalOnMissingBean(RequestDataValueProcessor.class)
|
||||
@Bean
|
||||
public RequestDataValueProcessor requestDataValueProcessor() {
|
||||
return new CsrfRequestDataValueProcessor();
|
||||
}
|
||||
}
|
||||
|
|
@ -28,6 +28,7 @@ import org.springframework.security.config.annotation.authentication.configurati
|
|||
* Add this annotation to an {@code @Configuration} class to have the Spring Security
|
||||
* configuration integrate with Spring MVC.
|
||||
*
|
||||
* @deprecated Use EnableWebSecurity instead which will automatically add the Spring MVC related Security items.
|
||||
* @author Rob Winch
|
||||
* @since 3.2
|
||||
*/
|
||||
|
|
@ -37,5 +38,6 @@ import org.springframework.security.config.annotation.authentication.configurati
|
|||
@Import(WebMvcSecurityConfiguration.class)
|
||||
@EnableGlobalAuthentication
|
||||
@Configuration
|
||||
@Deprecated
|
||||
public @interface EnableWebMvcSecurity {
|
||||
}
|
||||
|
|
|
|||
|
|
@ -35,6 +35,7 @@ import org.springframework.web.servlet.support.RequestDataValueProcessor;
|
|||
* {@link AuthenticationPrincipalArgumentResolver} as a
|
||||
* {@link HandlerMethodArgumentResolver}.
|
||||
*
|
||||
* @deprecated This is applied internally using SpringWebMvcImportSelector
|
||||
* @author Rob Winch
|
||||
* @since 3.2
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -105,7 +105,7 @@ class AuthenticationConfigurationTests extends BaseSpringSpec {
|
|||
@Import([GlobalMethodSecurityConfig,WebMvcSecurityConfig,ServicesConfig])
|
||||
static class GlobalMethodSecurityMvcSecurityAndServicesConfig {}
|
||||
|
||||
@EnableWebMvcSecurity
|
||||
@EnableWebSecurity
|
||||
static class WebMvcSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
@Autowired
|
||||
public void configureGlobal(AuthenticationManagerBuilder auth) {
|
||||
|
|
|
|||
|
|
@ -72,7 +72,7 @@ class CsrfConfigurerTests extends BaseSpringSpec {
|
|||
context.getBean(RequestDataValueProcessor)
|
||||
}
|
||||
|
||||
@EnableWebMvcSecurity
|
||||
@EnableWebSecurity
|
||||
static class CsrfAppliedDefaultConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -16,16 +16,20 @@
|
|||
package org.springframework.security.config.annotation.web.configurers;
|
||||
|
||||
import static org.fest.assertions.Assertions.assertThat;
|
||||
import static org.mockito.Mockito.mock;
|
||||
|
||||
import org.junit.After;
|
||||
import org.junit.Test;
|
||||
import org.springframework.context.ConfigurableApplicationContext;
|
||||
import org.springframework.context.annotation.AnnotationConfigApplicationContext;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
|
||||
import org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor;
|
||||
import org.springframework.web.servlet.support.RequestDataValueProcessor;
|
||||
|
||||
/**
|
||||
* @author Rob Winch
|
||||
|
|
@ -45,7 +49,7 @@ public class CsrfConfigurerNoWebMvcTests {
|
|||
public void missingDispatcherServletPreventsCsrfRequestDataValueProcessor() {
|
||||
loadContext(EnableWebConfig.class);
|
||||
|
||||
assertThat(context.containsBeanDefinition("requestDataValueProcessor")).isFalse();
|
||||
assertThat(context.containsBeanDefinition("requestDataValueProcessor")).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -55,6 +59,13 @@ public class CsrfConfigurerNoWebMvcTests {
|
|||
assertThat(context.containsBeanDefinition("requestDataValueProcessor")).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void overrideCsrfRequestDataValueProcessor() {
|
||||
loadContext(EnableWebOverrideRequestDataConfig.class);
|
||||
|
||||
assertThat(context.getBean(RequestDataValueProcessor.class).getClass()).isNotEqualTo(CsrfRequestDataValueProcessor.class);
|
||||
}
|
||||
|
||||
@EnableWebSecurity
|
||||
static class EnableWebConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
|
|
@ -63,7 +74,15 @@ public class CsrfConfigurerNoWebMvcTests {
|
|||
}
|
||||
}
|
||||
|
||||
@EnableWebMvcSecurity
|
||||
@EnableWebSecurity
|
||||
static class EnableWebOverrideRequestDataConfig {
|
||||
@Bean
|
||||
public RequestDataValueProcessor requestDataValueProcessor() {
|
||||
return mock(RequestDataValueProcessor.class);
|
||||
}
|
||||
}
|
||||
|
||||
@EnableWebSecurity
|
||||
static class EnableWebMvcConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -67,7 +67,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
}
|
||||
----
|
||||
|
||||
NOTE: The name of the configureGlobal method is not important. However, it is important to only configure AuthenticationManagerBuilder in a class annotated with either `@EnableWebSecurity`, `@EnableWebMvcSecurity`, `@EnableGlobalMethodSecurity`, or `@EnableGlobalAuthentication`. Doing otherwise has unpredictable results.
|
||||
NOTE: The name of the configureGlobal method is not important. However, it is important to only configure AuthenticationManagerBuilder in a class annotated with either `@EnableWebSecurity`, `@EnableGlobalMethodSecurity`, or `@EnableGlobalAuthentication`. Doing otherwise has unpredictable results.
|
||||
|
||||
[[servlet-api-integration]]
|
||||
The <<security-config-java,SecurityConfig>> will:
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ We will want to ensure we compensate for overriding these defaults in our update
|
|||
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
|
||||
@EnableWebMvcSecurity
|
||||
@EnableWebSecurity
|
||||
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
|
|
@ -100,7 +100,7 @@ To fix this we need to instruct Spring Security to allow anyone to access the */
|
|||
----
|
||||
// ...
|
||||
|
||||
@EnableWebMvcSecurity
|
||||
@EnableWebSecurity
|
||||
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
|
|
@ -210,7 +210,7 @@ We need to update our configuration to allow anyone to access our resources and
|
|||
----
|
||||
// ...
|
||||
|
||||
@EnableWebMvcSecurity
|
||||
@EnableWebSecurity
|
||||
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -111,21 +111,10 @@ We can view the user name, but how are we able to log out? Below you can see how
|
|||
</form>
|
||||
----
|
||||
|
||||
If you try to log out right now the request will fail. The reason is that Spring Security is protecting against CSRF attakcks and there is no CSRF token include in our request. Update our configuration to use the `@EnableWebMvcSecurity` annotation which will do the same as `@EnableWebMvcSecurity` and provide integration with Spring MVC. Among other things, it will ensure our CSRF Token is included in our forms automatically when using Thymleaf 2.1+ or Spring MVC taglibs.
|
||||
|
||||
.src/main/java/org/springframework/security/samples/config/SecurityConfig.java
|
||||
[source,java]
|
||||
----
|
||||
import org.springframework.security.config.annotation.web.servlet.configuration.*;
|
||||
|
||||
@EnableWebMvcSecurity
|
||||
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
----
|
||||
|
||||
In order to help protect against http://en.wikipedia.org/wiki/Cross-site_request_forgery[CSRF attacks], by default, Spring Security Java Configuration log out requires:
|
||||
|
||||
* the HTTP method must be a POST
|
||||
* the CSRF token must be added to the request. Since we have used `@EnableWebMvcSecurity` and are using Thymeleaf, the CSRF token is automatically added as a hidden input for you (view the source to see it).
|
||||
* the CSRF token must be added to the request. Since we have used `@EnableWebSecurity` and are using Thymeleaf, the CSRF token is automatically added as a hidden input for you (view the source to see it).
|
||||
|
||||
NOTE: If you were not using Spring MVC taglibs or Thymeleaf, you can access the CsrfToken on the ServletRequest using the attribute _csrf. You can find an example of including the CSRF token in a JSP within the link:helloworld.html[Hello Spring Security Java Config].
|
||||
|
||||
|
|
|
|||
|
|
@ -430,7 +430,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
}
|
||||
----
|
||||
|
||||
NOTE: The name of the configureGlobal method is not important. However, it is important to only configure AuthenticationManagerBuilder in a class annotated with either `@EnableWebSecurity`, `@EnableWebMvcSecurity`, `@EnableGlobalMethodSecurity`, or `@EnableGlobalAuthentication`. Doing otherwise has unpredictable results.
|
||||
NOTE: The name of the configureGlobal method is not important. However, it is important to only configure AuthenticationManagerBuilder in a class annotated with either `@EnableWebSecurity`, `@EnableGlobalMethodSecurity`, or `@EnableGlobalAuthentication`. Doing otherwise has unpredictable results.
|
||||
|
||||
There really isn't much to this configuration, but it does a lot. You can find a summary of the features below:
|
||||
|
||||
|
|
@ -3126,7 +3126,7 @@ An easier approach is to use <<the-csrfInput-tag,the csrfInput tag>> from the Sp
|
|||
|
||||
[NOTE]
|
||||
====
|
||||
If you are using Spring MVC `<form:form>` tag or http://www.thymeleaf.org/whatsnew21.html#reqdata[Thymeleaf 2.1+], and you replace `@EnableWebSecurity` with `@EnableWebMvcSecurity`, the `CsrfToken` is automatically included for you (using the `CsrfRequestDataValueProcessor`).
|
||||
If you are using Spring MVC `<form:form>` tag or http://www.thymeleaf.org/whatsnew21.html#reqdata[Thymeleaf 2.1+] and are using `@EnableWebSecurity`, the `CsrfToken` is automatically included for you (using the `CsrfRequestDataValueProcessor`).
|
||||
====
|
||||
|
||||
[[csrf-include-csrf-token-ajax]]
|
||||
|
|
@ -5947,15 +5947,10 @@ Spring Security provides a number of optional integrations with Spring MVC. This
|
|||
[[mvc-enablewebmvcsecurity]]
|
||||
=== @EnableWebMvcSecurity
|
||||
|
||||
To enable Spring Security integration with Spring MVC add the `@EnableWebMvcSecurity` annotation to your configuration. A typical example will look something like this:
|
||||
WARN: As of Spring Security 4.0, `@EnableWebMvcSecurity` is deprecated. The replacement is `@EnableWebSecurity` which will determine adding the Spring MVC features based upon the classpath.
|
||||
|
||||
To enable Spring Security integration with Spring MVC add the `@EnableWebSecurity` annotation to your configuration. A typical example will look something like this:
|
||||
|
||||
[source,java]
|
||||
----
|
||||
@EnableWebMvcSecurity
|
||||
public class SecurityConfig {
|
||||
// ...
|
||||
}
|
||||
----
|
||||
|
||||
[[mvc-authentication-principal]]
|
||||
=== @AuthenticationPrincipal
|
||||
|
|
|
|||
|
|
@ -6,9 +6,9 @@ import org.springframework.security.config.annotation.authentication.builders.Au
|
|||
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
|
||||
@EnableWebMvcSecurity
|
||||
@EnableWebSecurity
|
||||
@EnableGlobalMethodSecurity(prePostEnabled=true)
|
||||
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
@Autowired
|
||||
|
|
|
|||
|
|
@ -4,10 +4,10 @@ import org.springframework.beans.factory.annotation.Autowired;
|
|||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
|
||||
|
||||
@EnableWebMvcSecurity
|
||||
@EnableWebSecurity
|
||||
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -4,9 +4,9 @@ import org.springframework.beans.factory.annotation.Autowired;
|
|||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
|
||||
@EnableWebMvcSecurity
|
||||
@EnableWebSecurity
|
||||
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Autowired
|
||||
|
|
|
|||
|
|
@ -3,9 +3,9 @@ package org.springframework.security.samples.config;
|
|||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
|
||||
@EnableWebMvcSecurity
|
||||
@EnableWebSecurity
|
||||
public class SecurityConfig {
|
||||
|
||||
@Autowired
|
||||
|
|
|
|||
|
|
@ -4,9 +4,9 @@ import org.springframework.beans.factory.annotation.Autowired;
|
|||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
|
||||
@EnableWebMvcSecurity
|
||||
@EnableWebSecurity
|
||||
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Autowired
|
||||
|
|
|
|||
|
|
@ -7,9 +7,9 @@ import org.springframework.beans.factory.annotation.Autowired;
|
|||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
|
||||
@EnableWebMvcSecurity
|
||||
@EnableWebSecurity
|
||||
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
@Autowired
|
||||
private DataSource dataSource;
|
||||
|
|
|
|||
|
|
@ -4,9 +4,9 @@ import org.springframework.beans.factory.annotation.Autowired;
|
|||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
|
||||
@EnableWebMvcSecurity
|
||||
@EnableWebSecurity
|
||||
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
@Autowired
|
||||
public void registerGlobalAuthentication(
|
||||
|
|
|
|||
|
|
@ -3,10 +3,10 @@ package org.springframework.security.samples.config;
|
|||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.samples.security.CustomUserDetailsService;
|
||||
|
||||
@EnableWebMvcSecurity
|
||||
@EnableWebSecurity
|
||||
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
|
|
|
|||
|
|
@ -3,9 +3,9 @@ package org.springframework.security.samples.config;
|
|||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
|
||||
@EnableWebMvcSecurity
|
||||
@EnableWebSecurity
|
||||
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -5,9 +5,9 @@ import org.springframework.context.annotation.Configuration;
|
|||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
|
||||
@EnableWebMvcSecurity
|
||||
@EnableWebSecurity
|
||||
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Autowired
|
||||
|
|
|
|||
|
|
@ -5,9 +5,9 @@ import org.springframework.context.annotation.Configuration;
|
|||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
|
||||
@EnableWebMvcSecurity
|
||||
@EnableWebSecurity
|
||||
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Autowired
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ import org.springframework.context.annotation.Configuration;
|
|||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
|
||||
|
|
@ -69,7 +69,7 @@ public class SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests {
|
|||
.andExpect(status().is2xxSuccessful());
|
||||
}
|
||||
|
||||
@EnableWebMvcSecurity
|
||||
@EnableWebSecurity
|
||||
@EnableWebMvc
|
||||
static class Config extends WebSecurityConfigurerAdapter {
|
||||
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ import org.springframework.context.annotation.Configuration;
|
|||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||
import org.springframework.security.test.context.support.WithMockUser;
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
|
|
@ -73,7 +73,7 @@ public class SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTes
|
|||
.andExpect(status().is2xxSuccessful());
|
||||
}
|
||||
|
||||
@EnableWebMvcSecurity
|
||||
@EnableWebSecurity
|
||||
@EnableWebMvc
|
||||
static class Config extends WebSecurityConfigurerAdapter {
|
||||
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ import org.springframework.beans.factory.annotation.Autowired;
|
|||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
|
||||
import org.springframework.test.context.web.WebAppConfiguration;
|
||||
|
|
@ -52,7 +52,7 @@ public class SecurityMockMvcResultMatchersTests {
|
|||
.andExpect(authenticated().withRoles("USER"));
|
||||
}
|
||||
|
||||
@EnableWebMvcSecurity
|
||||
@EnableWebSecurity
|
||||
@EnableWebMvc
|
||||
static class Config extends WebSecurityConfigurerAdapter {
|
||||
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ import org.springframework.context.annotation.Configuration;
|
|||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
|
||||
import org.springframework.test.context.web.WebAppConfiguration;
|
||||
|
|
@ -77,7 +77,7 @@ public class CsrfShowcaseTests {
|
|||
.andExpect(status().isForbidden());
|
||||
}
|
||||
|
||||
@EnableWebMvcSecurity
|
||||
@EnableWebSecurity
|
||||
@EnableWebMvc
|
||||
static class Config extends WebSecurityConfigurerAdapter {
|
||||
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@ import org.springframework.context.annotation.Configuration;
|
|||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.web.csrf.CsrfTokenRepository;
|
||||
import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
|
|
@ -75,7 +75,7 @@ public class CustomCsrfShowcaseTests {
|
|||
.andExpect(status().isNotFound());
|
||||
}
|
||||
|
||||
@EnableWebMvcSecurity
|
||||
@EnableWebSecurity
|
||||
@EnableWebMvc
|
||||
static class Config extends WebSecurityConfigurerAdapter {
|
||||
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ import org.springframework.context.annotation.Configuration;
|
|||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
|
||||
import org.springframework.test.context.web.WebAppConfiguration;
|
||||
|
|
@ -69,7 +69,7 @@ public class DefaultCsrfShowcaseTests {
|
|||
.andExpect(status().isNotFound());
|
||||
}
|
||||
|
||||
@EnableWebMvcSecurity
|
||||
@EnableWebSecurity
|
||||
@EnableWebMvc
|
||||
static class Config extends WebSecurityConfigurerAdapter {
|
||||
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ import org.springframework.beans.factory.annotation.Autowired;
|
|||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
|
||||
import org.springframework.test.context.web.WebAppConfiguration;
|
||||
|
|
@ -89,7 +89,7 @@ public class AuthenticationTests {
|
|||
.andExpect(unauthenticated());
|
||||
}
|
||||
|
||||
@EnableWebMvcSecurity
|
||||
@EnableWebSecurity
|
||||
@EnableWebMvc
|
||||
static class Config extends WebSecurityConfigurerAdapter {
|
||||
@Autowired
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ import org.springframework.context.annotation.Configuration;
|
|||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
|
||||
import org.springframework.security.web.context.SecurityContextRepository;
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
|
|
@ -90,7 +90,7 @@ public class CustomConfigAuthenticationTests {
|
|||
.andExpect(unauthenticated());
|
||||
}
|
||||
|
||||
@EnableWebMvcSecurity
|
||||
@EnableWebSecurity
|
||||
@EnableWebMvc
|
||||
static class Config extends WebSecurityConfigurerAdapter {
|
||||
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ import org.springframework.context.annotation.Configuration;
|
|||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders;
|
||||
import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder;
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
|
|
@ -81,7 +81,7 @@ public class CustomLoginRequestBuilderAuthenticationTests {
|
|||
.passwordParam("pass");
|
||||
}
|
||||
|
||||
@EnableWebMvcSecurity
|
||||
@EnableWebSecurity
|
||||
@EnableWebMvc
|
||||
static class Config extends WebSecurityConfigurerAdapter {
|
||||
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ import org.springframework.context.annotation.Configuration;
|
|||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
|
||||
import org.springframework.test.context.web.WebAppConfiguration;
|
||||
|
|
@ -82,7 +82,7 @@ public class DefaultfSecurityRequestsTests {
|
|||
.andExpect(authenticated().withUsername("user"));
|
||||
}
|
||||
|
||||
@EnableWebMvcSecurity
|
||||
@EnableWebSecurity
|
||||
@EnableWebMvc
|
||||
static class Config extends WebSecurityConfigurerAdapter {
|
||||
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ import org.springframework.security.authentication.TestingAuthenticationToken;
|
|||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
|
|
@ -106,7 +106,7 @@ public class SecurityRequestsTests {
|
|||
.andExpect(authenticated().withAuthentication(authentication));
|
||||
}
|
||||
|
||||
@EnableWebMvcSecurity
|
||||
@EnableWebSecurity
|
||||
@EnableWebMvc
|
||||
static class Config extends WebSecurityConfigurerAdapter {
|
||||
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ import org.springframework.context.annotation.Configuration;
|
|||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.test.context.support.WithMockUser;
|
||||
import org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers;
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
|
|
@ -78,7 +78,7 @@ public class WithUserAuthenticationTests {
|
|||
.andExpect(authenticated().withUsername("user").withRoles("ADMIN"));
|
||||
}
|
||||
|
||||
@EnableWebMvcSecurity
|
||||
@EnableWebSecurity
|
||||
@EnableWebMvc
|
||||
static class Config extends WebSecurityConfigurerAdapter {
|
||||
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ import org.springframework.context.annotation.Configuration;
|
|||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.test.context.support.WithMockUser;
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
|
||||
|
|
@ -77,7 +77,7 @@ public class WithUserClassLevelAuthenticationTests {
|
|||
.andExpect(authenticated().withUsername("user").withRoles("ADMIN"));
|
||||
}
|
||||
|
||||
@EnableWebMvcSecurity
|
||||
@EnableWebSecurity
|
||||
@EnableWebMvc
|
||||
static class Config extends WebSecurityConfigurerAdapter {
|
||||
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ import org.springframework.context.annotation.Configuration;
|
|||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.test.context.support.WithUserDetails;
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
|
|
@ -80,7 +80,7 @@ public class WithUserDetailsAuthenticationTests {
|
|||
.andExpect(authenticated().withUsername("admin").withRoles("ADMIN","USER"));
|
||||
}
|
||||
|
||||
@EnableWebMvcSecurity
|
||||
@EnableWebSecurity
|
||||
@EnableWebMvc
|
||||
static class Config extends WebSecurityConfigurerAdapter {
|
||||
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ import org.springframework.context.annotation.Configuration;
|
|||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.test.context.support.WithUserDetails;
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
|
|
@ -79,7 +79,7 @@ public class WithUserDetailsClassLevelAuthenticationTests {
|
|||
.andExpect(authenticated().withUsername("admin").withRoles("ADMIN","USER"));
|
||||
}
|
||||
|
||||
@EnableWebMvcSecurity
|
||||
@EnableWebSecurity
|
||||
@EnableWebMvc
|
||||
static class Config extends WebSecurityConfigurerAdapter {
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue