From 1677836d53c9249d7ddaf6460548ed1406d27635 Mon Sep 17 00:00:00 2001 From: Rob Winch Date: Tue, 9 Dec 2014 16:17:58 -0600 Subject: [PATCH] SEC-2790: Deprecate @EnableWebMvcConfig --- .../ConditionalOnMissingBean.java | 13 +++++ .../web/configuration/EnableWebSecurity.java | 2 +- .../web/configuration/OnBeanCondition.java | 42 +++++++++++++++ .../SpringWebMvcImportSelector.java | 39 ++++++++++++++ .../WebMvcSecurityConfiguration.java | 54 +++++++++++++++++++ .../configuration/EnableWebMvcSecurity.java | 2 + .../WebMvcSecurityConfiguration.java | 1 + .../AuthenticationConfigurationTests.groovy | 2 +- .../configurers/CsrfConfigurerTests.groovy | 2 +- .../CsrfConfigurerNoWebMvcTests.java | 23 +++++++- .../secure-the-application.asc | 2 +- docs/guides/src/asciidoc/form.asc | 6 +-- docs/guides/src/asciidoc/hellomvc.asc | 13 +---- docs/manual/src/docs/asciidoc/index.adoc | 15 ++---- .../samples/config/SecurityConfig.java | 4 +- .../samples/config/SecurityConfig.java | 4 +- .../samples/config/SecurityConfig.java | 4 +- .../samples/config/SecurityConfig.java | 4 +- .../samples/config/SecurityConfig.java | 4 +- .../samples/config/SecurityConfig.java | 4 +- .../samples/config/SecurityConfig.java | 4 +- .../samples/config/SecurityConfig.java | 4 +- .../samples/config/SecurityConfig.java | 4 +- .../samples/config/SecurityConfig.java | 4 +- .../samples/config/SecurityConfig.java | 4 +- ...rocessorsAuthenticationStatelessTests.java | 4 +- ...sorsTestSecurityContextStatelessTests.java | 4 +- .../SecurityMockMvcResultMatchersTests.java | 4 +- .../showcase/csrf/CsrfShowcaseTests.java | 4 +- .../csrf/CustomCsrfShowcaseTests.java | 4 +- .../csrf/DefaultCsrfShowcaseTests.java | 4 +- .../showcase/login/AuthenticationTests.java | 4 +- .../CustomConfigAuthenticationTests.java | 4 +- ...oginRequestBuilderAuthenticationTests.java | 4 +- .../DefaultfSecurityRequestsTests.java | 4 +- .../secured/SecurityRequestsTests.java | 4 +- .../secured/WithUserAuthenticationTests.java | 4 +- ...WithUserClassLevelAuthenticationTests.java | 4 +- .../WithUserDetailsAuthenticationTests.java | 4 +- ...rDetailsClassLevelAuthenticationTests.java | 4 +- 40 files changed, 237 insertions(+), 83 deletions(-) create mode 100644 config/src/main/java/org/springframework/security/config/annotation/web/configuration/ConditionalOnMissingBean.java create mode 100644 config/src/main/java/org/springframework/security/config/annotation/web/configuration/OnBeanCondition.java create mode 100644 config/src/main/java/org/springframework/security/config/annotation/web/configuration/SpringWebMvcImportSelector.java create mode 100644 config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfiguration.java diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/ConditionalOnMissingBean.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/ConditionalOnMissingBean.java new file mode 100644 index 0000000000..9534273a92 --- /dev/null +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/ConditionalOnMissingBean.java @@ -0,0 +1,13 @@ +package org.springframework.security.config.annotation.web.configuration; + +import org.springframework.context.annotation.Conditional; + +/** + * @author Rob Winch + * @since 4.0 + */ +@Conditional(OnMissingBeanCondition.class) +@interface ConditionalOnMissingBean { + + Class value(); +} diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurity.java index 3d79304ed0..d5bce5e2fe 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurity.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurity.java @@ -78,7 +78,7 @@ import org.springframework.security.config.annotation.web.WebSecurityConfigurer; @Retention(value=java.lang.annotation.RetentionPolicy.RUNTIME) @Target(value={java.lang.annotation.ElementType.TYPE}) @Documented -@Import({WebSecurityConfiguration.class,ObjectPostProcessorConfiguration.class}) +@Import({WebSecurityConfiguration.class,ObjectPostProcessorConfiguration.class, SpringWebMvcImportSelector.class}) @EnableGlobalAuthentication @Configuration public @interface EnableWebSecurity { diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OnBeanCondition.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OnBeanCondition.java new file mode 100644 index 0000000000..b5e51850f0 --- /dev/null +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OnBeanCondition.java @@ -0,0 +1,42 @@ +/* + * Copyright 2002-2014 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of + * the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ +package org.springframework.security.config.annotation.web.configuration; + +import org.springframework.context.annotation.ConditionContext; +import org.springframework.context.annotation.ConfigurationCondition; +import org.springframework.core.type.AnnotatedTypeMetadata; +import org.springframework.util.ClassUtils; + +import java.util.Map; + +/** + * @author Rob Winch + */ +class OnMissingBeanCondition implements ConfigurationCondition { + @Override + public ConfigurationPhase getConfigurationPhase() { + return ConfigurationPhase.REGISTER_BEAN; + } + + @Override + public boolean matches(ConditionContext context, AnnotatedTypeMetadata metadata) { + Map attrs = metadata.getAnnotationAttributes(ConditionalOnMissingBean.class.getName()); + + Class type = (Class) attrs.get("value"); + final Map beans = context.getBeanFactory().getBeansOfType(type); + return beans.isEmpty(); + } +} diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SpringWebMvcImportSelector.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SpringWebMvcImportSelector.java new file mode 100644 index 0000000000..5d430b7bf6 --- /dev/null +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/SpringWebMvcImportSelector.java @@ -0,0 +1,39 @@ +/* + * Copyright 2002-2013 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.springframework.security.config.annotation.web.configuration; + +import org.springframework.context.annotation.ImportSelector; +import org.springframework.core.type.AnnotationMetadata; +import org.springframework.util.ClassUtils; + +/** + * Used by {@link EnableWebSecurity} to conditionaly import + * {@link WebMvcSecurityConfiguration} when the DispatcherServlet is present on the + * classpath. + * + * @author Rob Winch + * @since 3.2 + */ +class SpringWebMvcImportSelector implements ImportSelector { + + /* (non-Javadoc) + * @see org.springframework.context.annotation.ImportSelector#selectImports(org.springframework.core.type.AnnotationMetadata) + */ + public String[] selectImports(AnnotationMetadata importingClassMetadata) { + boolean webmvcPresent = ClassUtils.isPresent("org.springframework.web.servlet.DispatcherServlet", getClass().getClassLoader()); + return webmvcPresent ? new String[] {"org.springframework.security.config.annotation.web.configuration.WebMvcSecurityConfiguration"} : new String[] {}; + } +} diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfiguration.java new file mode 100644 index 0000000000..2928697ae3 --- /dev/null +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfiguration.java @@ -0,0 +1,54 @@ +/* + * Copyright 2002-2013 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.springframework.security.config.annotation.web.configuration; + +import org.springframework.context.annotation.Bean; +import org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver; +import org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor; +import org.springframework.web.method.support.HandlerMethodArgumentResolver; +import org.springframework.web.servlet.config.annotation.EnableWebMvc; +import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; +import org.springframework.web.servlet.support.RequestDataValueProcessor; + +import java.util.List; + +/** + * Used to add a {@link RequestDataValueProcessor} for Spring MVC and Spring + * Security CSRF integration. This configuration is added whenever + * {@link EnableWebMvc} is added by {@link SpringWebMvcImportSelector} and the + * DispatcherServlet is present on the classpath. It also adds the + * {@link AuthenticationPrincipalArgumentResolver} as a + * {@link HandlerMethodArgumentResolver}. + * + * @author Rob Winch + * @since 3.2 + */ +class WebMvcSecurityConfiguration extends WebMvcConfigurerAdapter { + + @Override + @SuppressWarnings("deprecation") + public void addArgumentResolvers( + List argumentResolvers) { + argumentResolvers.add(new AuthenticationPrincipalArgumentResolver()); + argumentResolvers.add(new org.springframework.security.web.bind.support.AuthenticationPrincipalArgumentResolver()); + } + + @ConditionalOnMissingBean(RequestDataValueProcessor.class) + @Bean + public RequestDataValueProcessor requestDataValueProcessor() { + return new CsrfRequestDataValueProcessor(); + } +} \ No newline at end of file diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/EnableWebMvcSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/EnableWebMvcSecurity.java index f5cca31a05..687a6861ca 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/EnableWebMvcSecurity.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/EnableWebMvcSecurity.java @@ -28,6 +28,7 @@ import org.springframework.security.config.annotation.authentication.configurati * Add this annotation to an {@code @Configuration} class to have the Spring Security * configuration integrate with Spring MVC. * + * @deprecated Use EnableWebSecurity instead which will automatically add the Spring MVC related Security items. * @author Rob Winch * @since 3.2 */ @@ -37,5 +38,6 @@ import org.springframework.security.config.annotation.authentication.configurati @Import(WebMvcSecurityConfiguration.class) @EnableGlobalAuthentication @Configuration +@Deprecated public @interface EnableWebMvcSecurity { } diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/WebMvcSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/WebMvcSecurityConfiguration.java index 7c762936d2..8c045b2fad 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/WebMvcSecurityConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/WebMvcSecurityConfiguration.java @@ -35,6 +35,7 @@ import org.springframework.web.servlet.support.RequestDataValueProcessor; * {@link AuthenticationPrincipalArgumentResolver} as a * {@link HandlerMethodArgumentResolver}. * + * @deprecated This is applied internally using SpringWebMvcImportSelector * @author Rob Winch * @since 3.2 */ diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.groovy index bc25464bc1..7b01aa97e4 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.groovy @@ -105,7 +105,7 @@ class AuthenticationConfigurationTests extends BaseSpringSpec { @Import([GlobalMethodSecurityConfig,WebMvcSecurityConfig,ServicesConfig]) static class GlobalMethodSecurityMvcSecurityAndServicesConfig {} - @EnableWebMvcSecurity + @EnableWebSecurity static class WebMvcSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) { diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.groovy index 938a43c2aa..d42b4d20ef 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.groovy @@ -72,7 +72,7 @@ class CsrfConfigurerTests extends BaseSpringSpec { context.getBean(RequestDataValueProcessor) } - @EnableWebMvcSecurity + @EnableWebSecurity static class CsrfAppliedDefaultConfig extends WebSecurityConfigurerAdapter { @Override diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java index 7ad6db35ac..250946e604 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java @@ -16,16 +16,20 @@ package org.springframework.security.config.annotation.web.configurers; import static org.fest.assertions.Assertions.assertThat; +import static org.mockito.Mockito.mock; import org.junit.After; import org.junit.Test; import org.springframework.context.ConfigurableApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; +import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity; +import org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor; +import org.springframework.web.servlet.support.RequestDataValueProcessor; /** * @author Rob Winch @@ -45,7 +49,7 @@ public class CsrfConfigurerNoWebMvcTests { public void missingDispatcherServletPreventsCsrfRequestDataValueProcessor() { loadContext(EnableWebConfig.class); - assertThat(context.containsBeanDefinition("requestDataValueProcessor")).isFalse(); + assertThat(context.containsBeanDefinition("requestDataValueProcessor")).isTrue(); } @Test @@ -55,6 +59,13 @@ public class CsrfConfigurerNoWebMvcTests { assertThat(context.containsBeanDefinition("requestDataValueProcessor")).isTrue(); } + @Test + public void overrideCsrfRequestDataValueProcessor() { + loadContext(EnableWebOverrideRequestDataConfig.class); + + assertThat(context.getBean(RequestDataValueProcessor.class).getClass()).isNotEqualTo(CsrfRequestDataValueProcessor.class); + } + @EnableWebSecurity static class EnableWebConfig extends WebSecurityConfigurerAdapter { @@ -63,7 +74,15 @@ public class CsrfConfigurerNoWebMvcTests { } } - @EnableWebMvcSecurity + @EnableWebSecurity + static class EnableWebOverrideRequestDataConfig { + @Bean + public RequestDataValueProcessor requestDataValueProcessor() { + return mock(RequestDataValueProcessor.class); + } + } + + @EnableWebSecurity static class EnableWebMvcConfig extends WebSecurityConfigurerAdapter { @Override diff --git a/docs/guides/src/asciidoc/_hello-includes/secure-the-application.asc b/docs/guides/src/asciidoc/_hello-includes/secure-the-application.asc index 34912f3754..99f28b4934 100644 --- a/docs/guides/src/asciidoc/_hello-includes/secure-the-application.asc +++ b/docs/guides/src/asciidoc/_hello-includes/secure-the-application.asc @@ -67,7 +67,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { } ---- -NOTE: The name of the configureGlobal method is not important. However, it is important to only configure AuthenticationManagerBuilder in a class annotated with either `@EnableWebSecurity`, `@EnableWebMvcSecurity`, `@EnableGlobalMethodSecurity`, or `@EnableGlobalAuthentication`. Doing otherwise has unpredictable results. +NOTE: The name of the configureGlobal method is not important. However, it is important to only configure AuthenticationManagerBuilder in a class annotated with either `@EnableWebSecurity`, `@EnableGlobalMethodSecurity`, or `@EnableGlobalAuthentication`. Doing otherwise has unpredictable results. [[servlet-api-integration]] The <> will: diff --git a/docs/guides/src/asciidoc/form.asc b/docs/guides/src/asciidoc/form.asc index 9cea1b4a68..5747c01882 100644 --- a/docs/guides/src/asciidoc/form.asc +++ b/docs/guides/src/asciidoc/form.asc @@ -54,7 +54,7 @@ We will want to ensure we compensate for overriding these defaults in our update import org.springframework.security.config.annotation.web.builders.HttpSecurity; -@EnableWebMvcSecurity +@EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override @@ -100,7 +100,7 @@ To fix this we need to instruct Spring Security to allow anyone to access the */ ---- // ... -@EnableWebMvcSecurity +@EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override @@ -210,7 +210,7 @@ We need to update our configuration to allow anyone to access our resources and ---- // ... -@EnableWebMvcSecurity +@EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override diff --git a/docs/guides/src/asciidoc/hellomvc.asc b/docs/guides/src/asciidoc/hellomvc.asc index 16be6aa712..d7b302e0b0 100644 --- a/docs/guides/src/asciidoc/hellomvc.asc +++ b/docs/guides/src/asciidoc/hellomvc.asc @@ -111,21 +111,10 @@ We can view the user name, but how are we able to log out? Below you can see how ---- -If you try to log out right now the request will fail. The reason is that Spring Security is protecting against CSRF attakcks and there is no CSRF token include in our request. Update our configuration to use the `@EnableWebMvcSecurity` annotation which will do the same as `@EnableWebMvcSecurity` and provide integration with Spring MVC. Among other things, it will ensure our CSRF Token is included in our forms automatically when using Thymleaf 2.1+ or Spring MVC taglibs. - -.src/main/java/org/springframework/security/samples/config/SecurityConfig.java -[source,java] ----- -import org.springframework.security.config.annotation.web.servlet.configuration.*; - -@EnableWebMvcSecurity -public class SecurityConfig extends WebSecurityConfigurerAdapter { ----- - In order to help protect against http://en.wikipedia.org/wiki/Cross-site_request_forgery[CSRF attacks], by default, Spring Security Java Configuration log out requires: * the HTTP method must be a POST -* the CSRF token must be added to the request. Since we have used `@EnableWebMvcSecurity` and are using Thymeleaf, the CSRF token is automatically added as a hidden input for you (view the source to see it). +* the CSRF token must be added to the request. Since we have used `@EnableWebSecurity` and are using Thymeleaf, the CSRF token is automatically added as a hidden input for you (view the source to see it). NOTE: If you were not using Spring MVC taglibs or Thymeleaf, you can access the CsrfToken on the ServletRequest using the attribute _csrf. You can find an example of including the CSRF token in a JSP within the link:helloworld.html[Hello Spring Security Java Config]. diff --git a/docs/manual/src/docs/asciidoc/index.adoc b/docs/manual/src/docs/asciidoc/index.adoc index 5ff09443d6..6c8e1e9d7e 100644 --- a/docs/manual/src/docs/asciidoc/index.adoc +++ b/docs/manual/src/docs/asciidoc/index.adoc @@ -430,7 +430,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { } ---- -NOTE: The name of the configureGlobal method is not important. However, it is important to only configure AuthenticationManagerBuilder in a class annotated with either `@EnableWebSecurity`, `@EnableWebMvcSecurity`, `@EnableGlobalMethodSecurity`, or `@EnableGlobalAuthentication`. Doing otherwise has unpredictable results. +NOTE: The name of the configureGlobal method is not important. However, it is important to only configure AuthenticationManagerBuilder in a class annotated with either `@EnableWebSecurity`, `@EnableGlobalMethodSecurity`, or `@EnableGlobalAuthentication`. Doing otherwise has unpredictable results. There really isn't much to this configuration, but it does a lot. You can find a summary of the features below: @@ -3126,7 +3126,7 @@ An easier approach is to use <> from the Sp [NOTE] ==== -If you are using Spring MVC `` tag or http://www.thymeleaf.org/whatsnew21.html#reqdata[Thymeleaf 2.1+], and you replace `@EnableWebSecurity` with `@EnableWebMvcSecurity`, the `CsrfToken` is automatically included for you (using the `CsrfRequestDataValueProcessor`). +If you are using Spring MVC `` tag or http://www.thymeleaf.org/whatsnew21.html#reqdata[Thymeleaf 2.1+] and are using `@EnableWebSecurity`, the `CsrfToken` is automatically included for you (using the `CsrfRequestDataValueProcessor`). ==== [[csrf-include-csrf-token-ajax]] @@ -5947,15 +5947,10 @@ Spring Security provides a number of optional integrations with Spring MVC. This [[mvc-enablewebmvcsecurity]] === @EnableWebMvcSecurity -To enable Spring Security integration with Spring MVC add the `@EnableWebMvcSecurity` annotation to your configuration. A typical example will look something like this: +WARN: As of Spring Security 4.0, `@EnableWebMvcSecurity` is deprecated. The replacement is `@EnableWebSecurity` which will determine adding the Spring MVC features based upon the classpath. + +To enable Spring Security integration with Spring MVC add the `@EnableWebSecurity` annotation to your configuration. A typical example will look something like this: -[source,java] ----- -@EnableWebMvcSecurity -public class SecurityConfig { - // ... -} ----- [[mvc-authentication-principal]] === @AuthenticationPrincipal diff --git a/samples/concurrency-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/concurrency-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java index e97a06a0de..ec4bccda74 100644 --- a/samples/concurrency-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java +++ b/samples/concurrency-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java @@ -6,9 +6,9 @@ import org.springframework.security.config.annotation.authentication.builders.Au import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -@EnableWebMvcSecurity +@EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled=true) public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired diff --git a/samples/form-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/form-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java index 15b46750b3..27ae25e937 100644 --- a/samples/form-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java +++ b/samples/form-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java @@ -4,10 +4,10 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity; -@EnableWebMvcSecurity +@EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override diff --git a/samples/hellojs-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/hellojs-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java index f1b92bb473..74fc1c03d9 100644 --- a/samples/hellojs-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java +++ b/samples/hellojs-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java @@ -4,9 +4,9 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -@EnableWebMvcSecurity +@EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired diff --git a/samples/hellomvc-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/hellomvc-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java index 7250fcf747..d1af3b6a6f 100644 --- a/samples/hellomvc-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java +++ b/samples/hellomvc-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java @@ -3,9 +3,9 @@ package org.springframework.security.samples.config; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; -import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -@EnableWebMvcSecurity +@EnableWebSecurity public class SecurityConfig { @Autowired diff --git a/samples/inmemory-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/inmemory-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java index 92683428a4..6141ccf13c 100644 --- a/samples/inmemory-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java +++ b/samples/inmemory-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java @@ -4,9 +4,9 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -@EnableWebMvcSecurity +@EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired diff --git a/samples/jdbc-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/jdbc-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java index 4971ffb3e2..7176fee2e2 100644 --- a/samples/jdbc-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java +++ b/samples/jdbc-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java @@ -7,9 +7,9 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -@EnableWebMvcSecurity +@EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private DataSource dataSource; diff --git a/samples/ldap-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/ldap-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java index aef365ec20..2ea6826c4c 100644 --- a/samples/ldap-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java +++ b/samples/ldap-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java @@ -4,9 +4,9 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -@EnableWebMvcSecurity +@EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired public void registerGlobalAuthentication( diff --git a/samples/openid-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/openid-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java index b2eb9d7322..c764dd689c 100644 --- a/samples/openid-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java +++ b/samples/openid-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java @@ -3,10 +3,10 @@ package org.springframework.security.samples.config; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.samples.security.CustomUserDetailsService; -@EnableWebMvcSecurity +@EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { diff --git a/samples/preauth-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/preauth-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java index 45b56d8d0b..c40cf6580e 100644 --- a/samples/preauth-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java +++ b/samples/preauth-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java @@ -3,9 +3,9 @@ package org.springframework.security.samples.config; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -@EnableWebMvcSecurity +@EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override diff --git a/samples/rememberme-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/rememberme-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java index f314750c20..7253142c8a 100644 --- a/samples/rememberme-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java +++ b/samples/rememberme-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java @@ -5,9 +5,9 @@ import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -@EnableWebMvcSecurity +@EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired diff --git a/samples/x509-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/x509-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java index 08035dbc7a..69b91c6355 100644 --- a/samples/x509-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java +++ b/samples/x509-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java @@ -5,9 +5,9 @@ import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -@EnableWebMvcSecurity +@EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests.java index 260d7bbf14..ec074d9f60 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests.java @@ -23,7 +23,7 @@ import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; @@ -69,7 +69,7 @@ public class SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests { .andExpect(status().is2xxSuccessful()); } - @EnableWebMvcSecurity + @EnableWebSecurity @EnableWebMvc static class Config extends WebSecurityConfigurerAdapter { diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java index e5fafc0441..327a90f4d5 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java @@ -23,7 +23,7 @@ import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.test.context.support.WithMockUser; import org.springframework.test.context.ContextConfiguration; @@ -73,7 +73,7 @@ public class SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTes .andExpect(status().is2xxSuccessful()); } - @EnableWebMvcSecurity + @EnableWebSecurity @EnableWebMvc static class Config extends WebSecurityConfigurerAdapter { diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchersTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchersTests.java index 342f5c1478..c50e212f97 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchersTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchersTests.java @@ -11,7 +11,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.context.web.WebAppConfiguration; @@ -52,7 +52,7 @@ public class SecurityMockMvcResultMatchersTests { .andExpect(authenticated().withRoles("USER")); } - @EnableWebMvcSecurity + @EnableWebSecurity @EnableWebMvc static class Config extends WebSecurityConfigurerAdapter { diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CsrfShowcaseTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CsrfShowcaseTests.java index 38b9ab2e69..b47ecda0d3 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CsrfShowcaseTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CsrfShowcaseTests.java @@ -23,7 +23,7 @@ import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.context.web.WebAppConfiguration; @@ -77,7 +77,7 @@ public class CsrfShowcaseTests { .andExpect(status().isForbidden()); } - @EnableWebMvcSecurity + @EnableWebSecurity @EnableWebMvc static class Config extends WebSecurityConfigurerAdapter { diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CustomCsrfShowcaseTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CustomCsrfShowcaseTests.java index 50adfe7211..49aa9f6453 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CustomCsrfShowcaseTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CustomCsrfShowcaseTests.java @@ -28,7 +28,7 @@ import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.web.csrf.CsrfTokenRepository; import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository; import org.springframework.test.context.ContextConfiguration; @@ -75,7 +75,7 @@ public class CustomCsrfShowcaseTests { .andExpect(status().isNotFound()); } - @EnableWebMvcSecurity + @EnableWebSecurity @EnableWebMvc static class Config extends WebSecurityConfigurerAdapter { diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/DefaultCsrfShowcaseTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/DefaultCsrfShowcaseTests.java index f0a7babb63..e998bb6cbc 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/DefaultCsrfShowcaseTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/DefaultCsrfShowcaseTests.java @@ -27,7 +27,7 @@ import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.context.web.WebAppConfiguration; @@ -69,7 +69,7 @@ public class DefaultCsrfShowcaseTests { .andExpect(status().isNotFound()); } - @EnableWebMvcSecurity + @EnableWebSecurity @EnableWebMvc static class Config extends WebSecurityConfigurerAdapter { diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/AuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/AuthenticationTests.java index 454237357d..fc4c407ce3 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/AuthenticationTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/AuthenticationTests.java @@ -29,7 +29,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.context.web.WebAppConfiguration; @@ -89,7 +89,7 @@ public class AuthenticationTests { .andExpect(unauthenticated()); } - @EnableWebMvcSecurity + @EnableWebSecurity @EnableWebMvc static class Config extends WebSecurityConfigurerAdapter { @Autowired diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java index 8cc93a31c8..d92c1f07e1 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java @@ -31,7 +31,7 @@ import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.web.context.HttpSessionSecurityContextRepository; import org.springframework.security.web.context.SecurityContextRepository; import org.springframework.test.context.ContextConfiguration; @@ -90,7 +90,7 @@ public class CustomConfigAuthenticationTests { .andExpect(unauthenticated()); } - @EnableWebMvcSecurity + @EnableWebSecurity @EnableWebMvc static class Config extends WebSecurityConfigurerAdapter { diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomLoginRequestBuilderAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomLoginRequestBuilderAuthenticationTests.java index 2ed4b65fc7..29ade4710e 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomLoginRequestBuilderAuthenticationTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomLoginRequestBuilderAuthenticationTests.java @@ -27,7 +27,7 @@ import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders; import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder; import org.springframework.test.context.ContextConfiguration; @@ -81,7 +81,7 @@ public class CustomLoginRequestBuilderAuthenticationTests { .passwordParam("pass"); } - @EnableWebMvcSecurity + @EnableWebSecurity @EnableWebMvc static class Config extends WebSecurityConfigurerAdapter { diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/DefaultfSecurityRequestsTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/DefaultfSecurityRequestsTests.java index 3f65f9f5da..87587810d4 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/DefaultfSecurityRequestsTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/DefaultfSecurityRequestsTests.java @@ -31,7 +31,7 @@ import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.context.web.WebAppConfiguration; @@ -82,7 +82,7 @@ public class DefaultfSecurityRequestsTests { .andExpect(authenticated().withUsername("user")); } - @EnableWebMvcSecurity + @EnableWebSecurity @EnableWebMvc static class Config extends WebSecurityConfigurerAdapter { diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/SecurityRequestsTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/SecurityRequestsTests.java index 77cc3e0b36..06725d62d4 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/SecurityRequestsTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/SecurityRequestsTests.java @@ -31,7 +31,7 @@ import org.springframework.security.authentication.TestingAuthenticationToken; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.core.Authentication; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; @@ -106,7 +106,7 @@ public class SecurityRequestsTests { .andExpect(authenticated().withAuthentication(authentication)); } - @EnableWebMvcSecurity + @EnableWebSecurity @EnableWebMvc static class Config extends WebSecurityConfigurerAdapter { diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserAuthenticationTests.java index a1911cf686..88803fdd99 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserAuthenticationTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserAuthenticationTests.java @@ -23,7 +23,7 @@ import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.test.context.support.WithMockUser; import org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers; import org.springframework.test.context.ContextConfiguration; @@ -78,7 +78,7 @@ public class WithUserAuthenticationTests { .andExpect(authenticated().withUsername("user").withRoles("ADMIN")); } - @EnableWebMvcSecurity + @EnableWebSecurity @EnableWebMvc static class Config extends WebSecurityConfigurerAdapter { diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserClassLevelAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserClassLevelAuthenticationTests.java index 91950fec5e..e2c8227731 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserClassLevelAuthenticationTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserClassLevelAuthenticationTests.java @@ -23,7 +23,7 @@ import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.test.context.support.WithMockUser; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; @@ -77,7 +77,7 @@ public class WithUserClassLevelAuthenticationTests { .andExpect(authenticated().withUsername("user").withRoles("ADMIN")); } - @EnableWebMvcSecurity + @EnableWebSecurity @EnableWebMvc static class Config extends WebSecurityConfigurerAdapter { diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsAuthenticationTests.java index 913cf794f1..fe769a6ef7 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsAuthenticationTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsAuthenticationTests.java @@ -24,7 +24,7 @@ import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.test.context.support.WithUserDetails; import org.springframework.test.context.ContextConfiguration; @@ -80,7 +80,7 @@ public class WithUserDetailsAuthenticationTests { .andExpect(authenticated().withUsername("admin").withRoles("ADMIN","USER")); } - @EnableWebMvcSecurity + @EnableWebSecurity @EnableWebMvc static class Config extends WebSecurityConfigurerAdapter { diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsClassLevelAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsClassLevelAuthenticationTests.java index b003caec7e..b1bb16ac33 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsClassLevelAuthenticationTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsClassLevelAuthenticationTests.java @@ -24,7 +24,7 @@ import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.test.context.support.WithUserDetails; import org.springframework.test.context.ContextConfiguration; @@ -79,7 +79,7 @@ public class WithUserDetailsClassLevelAuthenticationTests { .andExpect(authenticated().withUsername("admin").withRoles("ADMIN","USER")); } - @EnableWebMvcSecurity + @EnableWebSecurity @EnableWebMvc static class Config extends WebSecurityConfigurerAdapter {