Use standard lambda syntax in documentation
Fixes: gh-7774
This commit is contained in:
Eleftheria Stein
parent
a35ce77451
commit
1e33627d87
|
|
@ -23,12 +23,10 @@ You can easily do this with the following Java Configuration:
|
|||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
// ...
|
||||
.headers(headers ->
|
||||
headers
|
||||
.frameOptions(frameOptions ->
|
||||
frameOptions
|
||||
.mode(Mode.SAMEORIGIN)
|
||||
)
|
||||
.headers(headers -> headers
|
||||
.frameOptions(frameOptions -> frameOptions
|
||||
.mode(Mode.SAMEORIGIN)
|
||||
)
|
||||
);
|
||||
return http.build();
|
||||
}
|
||||
|
|
@ -46,10 +44,7 @@ An example for both Java configuration is provided below:
|
|||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
// ...
|
||||
.headers(headers ->
|
||||
headers
|
||||
.disable()
|
||||
);
|
||||
.headers(headers -> headers.disable());
|
||||
return http.build();
|
||||
}
|
||||
----
|
||||
|
|
@ -76,9 +71,8 @@ If necessary, you can also disable Spring Security's cache control HTTP response
|
|||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
// ...
|
||||
.headers(headers ->
|
||||
headers
|
||||
.cache(cache -> cache.disable())
|
||||
.headers(headers -> headers
|
||||
.cache(cache -> cache.disable())
|
||||
);
|
||||
return http.build();
|
||||
}
|
||||
|
|
@ -99,9 +93,8 @@ However, you can disable it in Java Configuration with:
|
|||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
// ...
|
||||
.headers(headers ->
|
||||
headers
|
||||
.contentTypeOptions(contentTypeOptions -> contentTypeOptions.disable())
|
||||
.headers(headers -> headers
|
||||
.contentTypeOptions(contentTypeOptions -> contentTypeOptions.disable())
|
||||
);
|
||||
return http.build();
|
||||
}
|
||||
|
|
@ -122,14 +115,12 @@ For example, the following is an example of explicitly providing HSTS with Java
|
|||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
// ...
|
||||
.headers(headers ->
|
||||
headers
|
||||
.hsts(hsts ->
|
||||
hsts
|
||||
.includeSubdomains(true)
|
||||
.preload(true)
|
||||
.maxAge(Duration.ofDays(365))
|
||||
)
|
||||
.headers(headers -> headers
|
||||
.hsts(hsts -> hsts
|
||||
.includeSubdomains(true)
|
||||
.preload(true)
|
||||
.maxAge(Duration.ofDays(365))
|
||||
)
|
||||
);
|
||||
return http.build();
|
||||
}
|
||||
|
|
@ -150,12 +141,10 @@ You can customize frame options to use the same origin within Java Configuration
|
|||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
// ...
|
||||
.headers(headers ->
|
||||
headers
|
||||
.frameOptions(frameOptions ->
|
||||
frameOptions
|
||||
.mode(SAMEORIGIN)
|
||||
)
|
||||
.headers(headers -> headers
|
||||
.frameOptions(frameOptions -> frameOptions
|
||||
.mode(SAMEORIGIN)
|
||||
)
|
||||
);
|
||||
return http.build();
|
||||
}
|
||||
|
|
@ -175,9 +164,8 @@ You can disable `X-XSS-Protection` with the following Java Configuration:
|
|||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
// ...
|
||||
.headers(headers ->
|
||||
headers
|
||||
.xssProtection(xssProtection -> xssProtection.disable())
|
||||
.headers(headers -> headers
|
||||
.xssProtection(xssProtection -> xssProtection.disable())
|
||||
);
|
||||
return http.build();
|
||||
}
|
||||
|
|
@ -209,12 +197,10 @@ You can enable the CSP header using Java configuration as shown below:
|
|||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
// ...
|
||||
.headers(headers ->
|
||||
headers
|
||||
.contentSecurityPolicy(contentSecurityPolicy ->
|
||||
contentSecurityPolicy
|
||||
.policyDirectives("script-src 'self' https://trustedscripts.example.com; object-src https://trustedplugins.example.com; report-uri /csp-report-endpoint/")
|
||||
)
|
||||
.headers(headers -> headers
|
||||
.contentSecurityPolicy(policy -> policy
|
||||
.policyDirectives("script-src 'self' https://trustedscripts.example.com; object-src https://trustedplugins.example.com; report-uri /csp-report-endpoint/")
|
||||
)
|
||||
);
|
||||
return http.build();
|
||||
}
|
||||
|
|
@ -231,13 +217,11 @@ To enable the CSP `report-only` header, provide the following Java configuration
|
|||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
// ...
|
||||
.headers(headers ->
|
||||
headers
|
||||
.contentSecurityPolicy(contentSecurityPolicy ->
|
||||
contentSecurityPolicy
|
||||
.policyDirectives("script-src 'self' https://trustedscripts.example.com; object-src https://trustedplugins.example.com; report-uri /csp-report-endpoint/")
|
||||
.reportOnly()
|
||||
)
|
||||
.headers(headers -> headers
|
||||
.contentSecurityPolicy(policy -> policy
|
||||
.policyDirectives("script-src 'self' https://trustedscripts.example.com; object-src https://trustedplugins.example.com; report-uri /csp-report-endpoint/")
|
||||
.reportOnly()
|
||||
)
|
||||
);
|
||||
return http.build();
|
||||
}
|
||||
|
|
@ -258,12 +242,10 @@ You can enable the Referrer Policy header using Java configuration as shown belo
|
|||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
// ...
|
||||
.headers(headers ->
|
||||
headers
|
||||
.referrerPolicy(referrerPolicy ->
|
||||
referrerPolicy
|
||||
.policy(ReferrerPolicy.SAME_ORIGIN)
|
||||
)
|
||||
.headers(headers -> headers
|
||||
.referrerPolicy(referrer -> referrer
|
||||
.policy(ReferrerPolicy.SAME_ORIGIN)
|
||||
)
|
||||
);
|
||||
return http.build();
|
||||
}
|
||||
|
|
@ -295,9 +277,8 @@ can enable the Feature Policy header using Java configuration as shown below:
|
|||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
// ...
|
||||
.headers(headers ->
|
||||
headers
|
||||
.featurePolicy("geolocation 'self'")
|
||||
.headers(headers -> headers
|
||||
.featurePolicy("geolocation 'self'")
|
||||
);
|
||||
return http.build();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -38,9 +38,8 @@ For example, if the production environment adds a header named `X-Forwarded-Prot
|
|||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
// ...
|
||||
.redirectToHttps(redirectToHttps ->
|
||||
redirectToHttps
|
||||
.httpsRedirectWhen(e -> e.getRequest().getHeaders().containsKey("X-Forwarded-Proto"))
|
||||
.redirectToHttps(redirect -> redirect
|
||||
.httpsRedirectWhen(e -> e.getRequest().getHeaders().containsKey("X-Forwarded-Proto"))
|
||||
);
|
||||
return http.build();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -88,9 +88,8 @@ public class SecurityConfig {
|
|||
return http
|
||||
// Demonstrate that method security works
|
||||
// Best practice to use both for defense in depth
|
||||
.authorizeExchange(exchanges ->
|
||||
exchanges
|
||||
.anyExchange().permitAll()
|
||||
.authorizeExchange(exchanges -> exchanges
|
||||
.anyExchange().permitAll()
|
||||
)
|
||||
.httpBasic(withDefaults())
|
||||
.build();
|
||||
|
|
|
|||
|
|
@ -151,12 +151,11 @@ Additional configuration options can be seen below:
|
|||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
// ...
|
||||
.oauth2Login(oauth2Login ->
|
||||
oauth2Login
|
||||
.authenticationConverter(converter)
|
||||
.authenticationManager(manager)
|
||||
.authorizedClientRepository(authorizedClients)
|
||||
.clientRegistrationRepository(clientRegistrations)
|
||||
.oauth2Login(oauth2 -> oauth2
|
||||
.authenticationConverter(converter)
|
||||
.authenticationManager(manager)
|
||||
.authorizedClientRepository(authorizedClients)
|
||||
.clientRegistrationRepository(clientRegistrations)
|
||||
);
|
||||
return http.build();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -129,9 +129,8 @@ The first is a `SecurityWebFilterChain` that configures the app as a resource se
|
|||
@Bean
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
.authorizeExchange(exchanges ->
|
||||
exchanges
|
||||
.anyExchange().authenticated()
|
||||
.authorizeExchange(exchanges -> exchanges
|
||||
.anyExchange().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(OAuth2ResourceServerSpec::jwt)
|
||||
return http.build();
|
||||
|
|
@ -147,14 +146,12 @@ Replacing this is as simple as exposing the bean within the application:
|
|||
@Bean
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
.authorizeExchange(exchanges ->
|
||||
exchanges
|
||||
.pathMatchers("/message/**").hasAuthority("SCOPE_message:read")
|
||||
.anyExchange().authenticated()
|
||||
.authorizeExchange(exchanges -> exchanges
|
||||
.pathMatchers("/message/**").hasAuthority("SCOPE_message:read")
|
||||
.anyExchange().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(oauth2ResourceServer ->
|
||||
oauth2ResourceServer
|
||||
.jwt(withDefaults())
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.jwt(withDefaults())
|
||||
);
|
||||
return http.build();
|
||||
}
|
||||
|
|
@ -190,16 +187,13 @@ An authorization server's JWK Set Uri can be configured <<webflux-oauth2resource
|
|||
@Bean
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
.authorizeExchange(exchanges ->
|
||||
exchanges
|
||||
.anyExchange().authenticated()
|
||||
.authorizeExchange(exchanges -> exchanges
|
||||
.anyExchange().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(oauth2ResourceServer ->
|
||||
oauth2ResourceServer
|
||||
.jwt(jwt ->
|
||||
jwt
|
||||
.jwkSetUri("https://idp.example.com/.well-known/jwks.json")
|
||||
)
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.jwt(jwt -> jwt
|
||||
.jwkSetUri("https://idp.example.com/.well-known/jwks.json")
|
||||
)
|
||||
);
|
||||
return http.build();
|
||||
}
|
||||
|
|
@ -217,16 +211,13 @@ More powerful than `jwkSetUri()` is `decoder()`, which will completely replace a
|
|||
@Bean
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
.authorizeExchange(exchanges ->
|
||||
exchanges
|
||||
.anyExchange().authenticated()
|
||||
.authorizeExchange(exchanges -> exchanges
|
||||
.anyExchange().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(oauth2ResourceServer ->
|
||||
oauth2ResourceServer
|
||||
.jwt(jwt ->
|
||||
jwt
|
||||
.decoder(myCustomDecoder())
|
||||
)
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.jwt(jwt -> jwt
|
||||
.decoder(myCustomDecoder())
|
||||
)
|
||||
);
|
||||
return http.build();
|
||||
}
|
||||
|
|
@ -398,7 +389,7 @@ This means that to protect an endpoint or method with a scope derived from a JWT
|
|||
@Bean
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
.authorizeExchange(exchanges ->exchanges
|
||||
.authorizeExchange(exchanges -> exchanges
|
||||
.mvcMatchers("/contacts/**").hasAuthority("SCOPE_contacts")
|
||||
.mvcMatchers("/messages/**").hasAuthority("SCOPE_messages")
|
||||
.anyExchange().authenticated()
|
||||
|
|
@ -430,16 +421,13 @@ To this end, the DSL exposes `jwtAuthenticationConverter()`:
|
|||
@Bean
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
.authorizeExchange(exchanges ->
|
||||
exchanges
|
||||
.anyExchange().authenticated()
|
||||
.authorizeExchange(exchanges -> exchanges
|
||||
.anyExchange().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(oauth2ResourceServer ->
|
||||
oauth2ResourceServer
|
||||
.jwt(jwt ->
|
||||
jwt
|
||||
.jwtAuthenticationConverter(grantedAuthoritiesExtractor())
|
||||
)
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.jwt(jwt -> jwt
|
||||
.jwtAuthenticationConverter(grantedAuthoritiesExtractor())
|
||||
)
|
||||
);
|
||||
return http.build();
|
||||
}
|
||||
|
|
@ -678,9 +666,8 @@ When use Opaque Token, this `SecurityWebFilterChain` looks like:
|
|||
@Bean
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
.authorizeExchange(exchanges ->
|
||||
exchanges
|
||||
.anyExchange().authenticated()
|
||||
.authorizeExchange(exchanges -> exchanges
|
||||
.anyExchange().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(ServerHttpSecurity.OAuth2ResourceServerSpec::opaqueToken)
|
||||
return http.build();
|
||||
|
|
@ -698,17 +685,14 @@ public class MyCustomSecurityConfiguration {
|
|||
@Bean
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
.authorizeExchange(exchanges ->
|
||||
exchanges
|
||||
.pathMatchers("/messages/**").hasAuthority("SCOPE_message:read")
|
||||
.anyExchange().authenticated()
|
||||
.authorizeExchange(exchanges -> exchanges
|
||||
.pathMatchers("/messages/**").hasAuthority("SCOPE_message:read")
|
||||
.anyExchange().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(oauth2ResourceServer ->
|
||||
oauth2ResourceServer
|
||||
.opaqueToken(opaqueToken ->
|
||||
opaqueToken
|
||||
.introspector(myIntrospector())
|
||||
)
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.opaqueToken(opaqueToken -> opaqueToken
|
||||
.introspector(myIntrospector())
|
||||
)
|
||||
);
|
||||
return http.build();
|
||||
}
|
||||
|
|
@ -745,17 +729,14 @@ public class DirectlyConfiguredIntrospectionUri {
|
|||
@Bean
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
.authorizeExchange(exchanges ->
|
||||
exchanges
|
||||
.anyExchange().authenticated()
|
||||
.authorizeExchange(exchanges -> exchanges
|
||||
.anyExchange().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(oauth2ResourceServer ->
|
||||
oauth2ResourceServer
|
||||
.opaqueToken(opaqueToken ->
|
||||
opaqueToken
|
||||
.introspectionUri("https://idp.example.com/introspect")
|
||||
.introspectionClientCredentials("client", "secret")
|
||||
)
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.opaqueToken(opaqueToken -> opaqueToken
|
||||
.introspectionUri("https://idp.example.com/introspect")
|
||||
.introspectionClientCredentials("client", "secret")
|
||||
)
|
||||
);
|
||||
return http.build();
|
||||
}
|
||||
|
|
@ -776,16 +757,13 @@ public class DirectlyConfiguredIntrospector {
|
|||
@Bean
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
.authorizeExchange(exchanges ->
|
||||
exchanges
|
||||
.anyExchange().authenticated()
|
||||
.authorizeExchange(exchanges -> exchanges
|
||||
.anyExchange().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(oauth2ResourceServer ->
|
||||
oauth2ResourceServer
|
||||
.opaqueToken(opaqueToken ->
|
||||
opaqueToken
|
||||
.introspector(myCustomIntrospector())
|
||||
)
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.opaqueToken(opaqueToken -> opaqueToken
|
||||
.introspector(myCustomIntrospector())
|
||||
)
|
||||
);
|
||||
return http.build();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -56,9 +56,8 @@ public class HelloWebfluxSecurityConfig {
|
|||
@Bean
|
||||
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
.authorizeExchange(exchanges ->
|
||||
exchanges
|
||||
.anyExchange().authenticated()
|
||||
.authorizeExchange(exchanges -> exchanges
|
||||
.anyExchange().authenticated()
|
||||
)
|
||||
.httpBasic(withDefaults())
|
||||
.formLogin(withDefaults());
|
||||
|
|
|
|||
|
|
@ -10,9 +10,8 @@ Below is an example of a reactive x509 security configuration:
|
|||
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
.x509(withDefaults())
|
||||
.authorizeExchange(exchanges ->
|
||||
exchanges
|
||||
.anyExchange().permitAll()
|
||||
.authorizeExchange(exchanges -> exchanges
|
||||
.anyExchange().permitAll()
|
||||
);
|
||||
return http.build();
|
||||
}
|
||||
|
|
@ -37,14 +36,12 @@ public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
|
|||
};
|
||||
|
||||
http
|
||||
.x509(x509 ->
|
||||
x509
|
||||
.principalExtractor(principalExtractor)
|
||||
.authenticationManager(authenticationManager)
|
||||
.x509(x509 -> x509
|
||||
.principalExtractor(principalExtractor)
|
||||
.authenticationManager(authenticationManager)
|
||||
)
|
||||
.authorizeExchange(exchanges ->
|
||||
exchanges
|
||||
.anyExchange().authenticated()
|
||||
.authorizeExchange(exchanges -> exchanges
|
||||
.anyExchange().authenticated()
|
||||
);
|
||||
return http.build();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,17 +17,16 @@ Similar to configuring login capabilities, however, you also have various option
|
|||
[source,java]
|
||||
----
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.logout(logout -> // <1>
|
||||
logout
|
||||
.logoutUrl("/my/logout") // <2>
|
||||
.logoutSuccessUrl("/my/index") // <3>
|
||||
.logoutSuccessHandler(logoutSuccessHandler) // <4>
|
||||
.invalidateHttpSession(true) // <5>
|
||||
.addLogoutHandler(logoutHandler) // <6>
|
||||
.deleteCookies(cookieNamesToClear) // <7>
|
||||
)
|
||||
...
|
||||
http
|
||||
.logout(logout -> logout // <1>
|
||||
.logoutUrl("/my/logout") // <2>
|
||||
.logoutSuccessUrl("/my/index") // <3>
|
||||
.logoutSuccessHandler(logoutSuccessHandler) // <4>
|
||||
.invalidateHttpSession(true) // <5>
|
||||
.addLogoutHandler(logoutHandler) // <6>
|
||||
.deleteCookies(cookieNamesToClear) // <7>
|
||||
)
|
||||
...
|
||||
}
|
||||
----
|
||||
|
||||
|
|
|
|||
|
|
@ -9,12 +9,11 @@ For example:
|
|||
----
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeRequests(authorizeRequests -> // <1>
|
||||
authorizeRequests
|
||||
.antMatchers("/resources/**", "/signup", "/about").permitAll() // <2>
|
||||
.antMatchers("/admin/**").hasRole("ADMIN") // <3>
|
||||
.antMatchers("/db/**").access("hasRole('ADMIN') and hasRole('DBA')") // <4>
|
||||
.anyRequest().authenticated() // <5>
|
||||
.authorizeRequests(authorize -> authorize // <1>
|
||||
.antMatchers("/resources/**", "/signup", "/about").permitAll() // <2>
|
||||
.antMatchers("/admin/**").hasRole("ADMIN") // <3>
|
||||
.antMatchers("/db/**").access("hasRole('ADMIN') and hasRole('DBA')") // <4>
|
||||
.anyRequest().authenticated() // <5>
|
||||
)
|
||||
.formLogin(withDefaults());
|
||||
}
|
||||
|
|
|
|||
|
|
@ -140,10 +140,9 @@ or in Java configuration
|
|||
[source,java]
|
||||
----
|
||||
http
|
||||
.authorizeRequests(authorizeRequests ->
|
||||
authorizeRequests
|
||||
.antMatchers("/user/**").access("@webSecurity.check(authentication,request)")
|
||||
...
|
||||
.authorizeRequests(authorize -> authorize
|
||||
.antMatchers("/user/**").access("@webSecurity.check(authentication,request)")
|
||||
...
|
||||
)
|
||||
----
|
||||
|
||||
|
|
@ -181,10 +180,9 @@ or in Java configuration
|
|||
[source,java]
|
||||
----
|
||||
http
|
||||
.authorizeRequests(authorizeRequests ->
|
||||
authorizeRequests
|
||||
.antMatchers("/user/{userId}/**").access("@webSecurity.checkUserId(authentication,#userId)")
|
||||
...
|
||||
.authorizeRequests(authorize -> authorize
|
||||
.antMatchers("/user/{userId}/**").access("@webSecurity.checkUserId(authentication,#userId)")
|
||||
...
|
||||
);
|
||||
----
|
||||
|
||||
|
|
|
|||
|
|
@ -70,9 +70,8 @@ public class WebSecurityConfig extends
|
|||
@Override
|
||||
protected void configure(HttpSecurity http) {
|
||||
http
|
||||
.csrf(csrf ->
|
||||
csrf
|
||||
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
|
||||
.csrf(csrf -> csrf
|
||||
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
@ -119,9 +118,7 @@ public class WebSecurityConfig extends
|
|||
@Override
|
||||
protected void configure(HttpSecurity http) {
|
||||
http
|
||||
.csrf(csrf ->
|
||||
csrf.disable()
|
||||
);
|
||||
.csrf(csrf -> csrf.disable());
|
||||
}
|
||||
}
|
||||
----
|
||||
|
|
@ -303,9 +300,8 @@ public class WebSecurityConfig extends
|
|||
@Override
|
||||
protected void configure(HttpSecurity http) {
|
||||
http
|
||||
.logout(logout ->
|
||||
logout
|
||||
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
|
||||
.logout(logout -> logout
|
||||
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -27,11 +27,10 @@ public class WebSecurityConfig extends
|
|||
protected void configure(HttpSecurity http) {
|
||||
http
|
||||
// ...
|
||||
.headers(headers ->
|
||||
headers
|
||||
.frameOptions(frameOptions ->
|
||||
frameOptions.sameOrigin()
|
||||
)
|
||||
.headers(headers -> headers
|
||||
.frameOptions(frameOptions -> frameOptions
|
||||
.sameOrigin()
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
@ -69,11 +68,10 @@ WebSecurityConfigurerAdapter {
|
|||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
// ...
|
||||
.headers(headers ->
|
||||
headers
|
||||
// do not use any default headers unless explicitly listed
|
||||
.defaultsDisabled()
|
||||
.cacheControl(withDefaults())
|
||||
.headers(headers -> headers
|
||||
// do not use any default headers unless explicitly listed
|
||||
.defaultsDisabled()
|
||||
.cacheControl(withDefaults())
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
@ -105,9 +103,7 @@ WebSecurityConfigurerAdapter {
|
|||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
// ...
|
||||
.headers(headers ->
|
||||
headers.disable()
|
||||
);
|
||||
.headers(headers -> headers.disable());
|
||||
}
|
||||
}
|
||||
----
|
||||
|
|
@ -149,10 +145,8 @@ WebSecurityConfigurerAdapter {
|
|||
protected void configure(HttpSecurity http) {
|
||||
http
|
||||
// ...
|
||||
.headers(headers ->
|
||||
headers.cacheControl(cache ->
|
||||
cache.disabled()
|
||||
)
|
||||
.headers(headers -> headers
|
||||
.cacheControl(cache -> cache.disable())
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
@ -194,10 +188,8 @@ public class WebSecurityConfig extends
|
|||
protected void configure(HttpSecurity http) {
|
||||
http
|
||||
// ...
|
||||
.headers(headers ->
|
||||
headers.contentTypeOptions(contentType ->
|
||||
contentType.disabled()
|
||||
)
|
||||
.headers(headers -> headers
|
||||
.contentTypeOptions(contentTypeOptions -> contentTypeOptions.disable())
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
@ -239,14 +231,12 @@ WebSecurityConfigurerAdapter {
|
|||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
// ...
|
||||
.headers(headers ->
|
||||
headers
|
||||
.httpStrictTransportSecurity(hsts ->
|
||||
hsts
|
||||
.includeSubDomains(true)
|
||||
.preload(true)
|
||||
.maxAgeInSeconds(31536000)
|
||||
)
|
||||
.headers(headers -> headers
|
||||
.httpStrictTransportSecurity(hsts -> hsts
|
||||
.includeSubDomains(true)
|
||||
.preload(true)
|
||||
.maxAgeInSeconds(31536000)
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
@ -291,14 +281,12 @@ WebSecurityConfigurerAdapter {
|
|||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
// ...
|
||||
.headers(headers ->
|
||||
headers
|
||||
.httpPublicKeyPinning(hpkp ->
|
||||
hpkp
|
||||
.includeSubDomains(true)
|
||||
.reportUri("https://example.net/pkp-report")
|
||||
.addSha256Pins("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=", "E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=")
|
||||
)
|
||||
.headers(headers -> headers
|
||||
.httpPublicKeyPinning(hpkp -> hpkp
|
||||
.includeSubDomains(true)
|
||||
.reportUri("https://example.net/pkp-report")
|
||||
.addSha256Pins("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=", "E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=")
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
@ -348,12 +336,10 @@ WebSecurityConfigurerAdapter {
|
|||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
// ...
|
||||
.headers(headers ->
|
||||
headers
|
||||
.frameOptions(frameOptions ->
|
||||
frameOptions
|
||||
.sameOrigin()
|
||||
)
|
||||
.headers(headers -> headers
|
||||
.frameOptions(frameOptions -> frameOptions
|
||||
.sameOrigin()
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
@ -397,12 +383,10 @@ WebSecurityConfigurerAdapter {
|
|||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
// ...
|
||||
.headers(headers ->
|
||||
headers
|
||||
.xssProtection(xssProtection ->
|
||||
xssProtection
|
||||
.block(false)
|
||||
)
|
||||
.headers(headers -> headers
|
||||
.xssProtection(xss -> xss
|
||||
.block(false)
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
@ -456,12 +440,10 @@ WebSecurityConfigurerAdapter {
|
|||
protected void configure(HttpSecurity http) {
|
||||
http
|
||||
// ...
|
||||
.headers(headers ->
|
||||
headers
|
||||
.contentSecurityPolicy(csp ->
|
||||
csp
|
||||
.policyDirectives("script-src 'self' https://trustedscripts.example.com; object-src https://trustedplugins.example.com; report-uri /csp-report-endpoint/")
|
||||
)
|
||||
.headers(headers -> headers
|
||||
.contentSecurityPolicy(csp -> csp
|
||||
.policyDirectives("script-src 'self' https://trustedscripts.example.com; object-src https://trustedplugins.example.com; report-uri /csp-report-endpoint/")
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
@ -499,13 +481,11 @@ public class WebSecurityConfig extends
|
|||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
// ...
|
||||
.headers(headers ->
|
||||
headers
|
||||
.contentSecurityPolicy(csp ->
|
||||
csp
|
||||
.policyDirectives("script-src 'self' https://trustedscripts.example.com; object-src https://trustedplugins.example.com; report-uri /csp-report-endpoint/")
|
||||
.reportOnly()
|
||||
)
|
||||
.headers(headers -> headers
|
||||
.contentSecurityPolicy(csp -> csp
|
||||
.policyDirectives("script-src 'self' https://trustedscripts.example.com; object-src https://trustedplugins.example.com; report-uri /csp-report-endpoint/")
|
||||
.reportOnly()
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
@ -548,12 +528,10 @@ WebSecurityConfigurerAdapter {
|
|||
protected void configure(HttpSecurity http) {
|
||||
http
|
||||
// ...
|
||||
.headers(headers ->
|
||||
headers
|
||||
.referrerPolicy(referrerPolicy ->
|
||||
referrerPolicy
|
||||
.policy(ReferrerPolicy.SAME_ORIGIN)
|
||||
)
|
||||
.headers(headers -> headers
|
||||
.referrerPolicy(referrer -> referrer
|
||||
.policy(ReferrerPolicy.SAME_ORIGIN)
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
@ -605,9 +583,8 @@ WebSecurityConfigurerAdapter {
|
|||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
// ...
|
||||
.headers(headers ->
|
||||
headers
|
||||
.featurePolicy("geolocation 'self'")
|
||||
.headers(headers -> headers
|
||||
.featurePolicy("geolocation 'self'")
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
@ -694,9 +671,8 @@ WebSecurityConfigurerAdapter {
|
|||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
// ...
|
||||
.headers(headers ->
|
||||
headers
|
||||
.addHeaderWriter(new StaticHeadersWriter("X-Custom-Security-Header","header-value"))
|
||||
.headers(headers -> headers
|
||||
.addHeaderWriter(new StaticHeadersWriter("X-Custom-Security-Header","header-value"))
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
@ -739,9 +715,8 @@ WebSecurityConfigurerAdapter {
|
|||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
// ...
|
||||
.headers(headers ->
|
||||
headers
|
||||
.addHeaderWriter(new XFrameOptionsHeaderWriter(XFrameOptionsMode.SAMEORIGIN))
|
||||
.headers(headers -> headers
|
||||
.addHeaderWriter(new XFrameOptionsHeaderWriter(XFrameOptionsMode.SAMEORIGIN))
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
@ -794,12 +769,9 @@ WebSecurityConfigurerAdapter {
|
|||
new DelegatingRequestMatcherHeaderWriter(matcher,new XFrameOptionsHeaderWriter());
|
||||
http
|
||||
// ...
|
||||
.headers(headers ->
|
||||
headers
|
||||
.frameOptions(frameOptions ->
|
||||
frameOptions.disable()
|
||||
)
|
||||
.addHeaderWriter(headerWriter)
|
||||
.headers(headers -> headers
|
||||
.frameOptions(frameOptions -> frameOptions.disable())
|
||||
.addHeaderWriter(headerWriter)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -25,9 +25,8 @@ public class WebSecurityConfig extends
|
|||
protected void configure(HttpSecurity http) {
|
||||
http
|
||||
// ...
|
||||
.requiresChannel(channel ->
|
||||
channel
|
||||
.anyRequest().requiresSecure()
|
||||
.requiresChannel(channel -> channel
|
||||
.anyRequest().requiresSecure()
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -102,9 +102,8 @@ If we wanted to restrict access to this controller method to admin users, a deve
|
|||
----
|
||||
protected configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeRequests(authorizeRequests ->
|
||||
authorizeRequests
|
||||
.antMatchers("/admin").hasRole("ADMIN")
|
||||
.authorizeRequests(authorize -> authorize
|
||||
.antMatchers("/admin").hasRole("ADMIN")
|
||||
);
|
||||
}
|
||||
----
|
||||
|
|
@ -133,9 +132,8 @@ The following configuration will protect the same URLs that Spring MVC will matc
|
|||
----
|
||||
protected configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeRequests(authorizeRequests ->
|
||||
authorizeRequests
|
||||
.mvcMatchers("/admin").hasRole("ADMIN")
|
||||
.authorizeRequests(authorize -> authorize
|
||||
.mvcMatchers("/admin").hasRole("ADMIN")
|
||||
);
|
||||
}
|
||||
----
|
||||
|
|
|
|||
|
|
@ -319,18 +319,16 @@ Similarly, you can customize frame options to use the same origin within Java Co
|
|||
public class WebSecurityConfig extends
|
||||
WebSecurityConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
// ...
|
||||
.headers(headers ->
|
||||
headers
|
||||
.frameOptions(frameOptions ->
|
||||
frameOptions
|
||||
.sameOrigin()
|
||||
)
|
||||
);
|
||||
}
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
// ...
|
||||
.headers(headers -> headers
|
||||
.frameOptions(frameOptions -> frameOptions
|
||||
.sameOrigin()
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
----
|
||||
|
||||
|
|
@ -361,20 +359,17 @@ public class WebSecurityConfig
|
|||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.csrf(csrf ->
|
||||
csrf
|
||||
// ignore our stomp endpoints since they are protected using Stomp headers
|
||||
.ignoringAntMatchers("/chat/**")
|
||||
.csrf(csrf -> csrf
|
||||
// ignore our stomp endpoints since they are protected using Stomp headers
|
||||
.ignoringAntMatchers("/chat/**")
|
||||
)
|
||||
.headers(headers ->
|
||||
headers
|
||||
// allow same origin to frame our site to support iframe SockJS
|
||||
.frameOptions(frameOptions ->
|
||||
frameOptions
|
||||
.sameOrigin()
|
||||
)
|
||||
.headers(headers -> headers
|
||||
// allow same origin to frame our site to support iframe SockJS
|
||||
.frameOptions(frameOptions -> frameOptions
|
||||
.sameOrigin()
|
||||
)
|
||||
)
|
||||
.authorizeRequests(authorizeRequests ->
|
||||
.authorizeRequests(authorize -> authorize
|
||||
...
|
||||
)
|
||||
...
|
||||
|
|
|
|||
|
|
@ -140,9 +140,8 @@ It has a method called `configure` with the following default implementation:
|
|||
----
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeRequests(authorizeRequests ->
|
||||
authorizeRequests
|
||||
.anyRequest().authenticated()
|
||||
.authorizeRequests(authorize -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.formLogin(withDefaults())
|
||||
.httpBasic(withDefaults());
|
||||
|
|
@ -192,9 +191,8 @@ public class MultiHttpSecurityConfig {
|
|||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.antMatcher("/api/**") <3>
|
||||
.authorizeRequests(authorizeRequests ->
|
||||
authorizeRequests
|
||||
.anyRequest().hasRole("ADMIN")
|
||||
.authorizeRequests(authorize -> authorize
|
||||
.anyRequest().hasRole("ADMIN")
|
||||
)
|
||||
.httpBasic(withDefaults());
|
||||
}
|
||||
|
|
@ -206,9 +204,8 @@ public class MultiHttpSecurityConfig {
|
|||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeRequests(authorizeRequests ->
|
||||
authorizeRequests
|
||||
.anyRequest().authenticated()
|
||||
.authorizeRequests(authorize -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.formLogin(withDefaults());
|
||||
}
|
||||
|
|
@ -326,16 +323,15 @@ For example, if you wanted to configure the `filterSecurityPublishAuthorizationS
|
|||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeRequests(authorizeRequests ->
|
||||
authorizeRequests
|
||||
.anyRequest().authenticated()
|
||||
.withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() {
|
||||
public <O extends FilterSecurityInterceptor> O postProcess(
|
||||
O fsi) {
|
||||
fsi.setPublishAuthorizationSuccess(true);
|
||||
return fsi;
|
||||
}
|
||||
})
|
||||
.authorizeRequests(authorize -> authorize
|
||||
.anyRequest().authenticated()
|
||||
.withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() {
|
||||
public <O extends FilterSecurityInterceptor> O postProcess(
|
||||
O fsi) {
|
||||
fsi.setPublishAuthorizationSuccess(true);
|
||||
return fsi;
|
||||
}
|
||||
})
|
||||
);
|
||||
}
|
||||
----
|
||||
|
|
|
|||
|
|
@ -27,17 +27,15 @@ public class OAuth2ClientSecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.oauth2Client(oauth2Client ->
|
||||
oauth2Client
|
||||
.clientRegistrationRepository(this.clientRegistrationRepository())
|
||||
.authorizedClientRepository(this.authorizedClientRepository())
|
||||
.authorizedClientService(this.authorizedClientService())
|
||||
.authorizationCodeGrant(authorizationCodeGrant ->
|
||||
authorizationCodeGrant
|
||||
.authorizationRequestRepository(this.authorizationRequestRepository())
|
||||
.authorizationRequestResolver(this.authorizationRequestResolver())
|
||||
.accessTokenResponseClient(this.accessTokenResponseClient())
|
||||
)
|
||||
.oauth2Client(oauth2 -> oauth2
|
||||
.clientRegistrationRepository(this.clientRegistrationRepository())
|
||||
.authorizedClientRepository(this.authorizedClientRepository())
|
||||
.authorizedClientService(this.authorizedClientService())
|
||||
.authorizationCodeGrant(codeGrant -> codeGrant
|
||||
.authorizationRequestRepository(this.authorizationRequestRepository())
|
||||
.authorizationRequestResolver(this.authorizationRequestResolver())
|
||||
.accessTokenResponseClient(this.accessTokenResponseClient())
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
@ -465,18 +463,16 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeRequests(authorizeRequests ->
|
||||
authorizeRequests
|
||||
.anyRequest().authenticated()
|
||||
.authorizeRequests(authorize -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.oauth2Login(oauth2Login ->
|
||||
oauth2Login
|
||||
.authorizationEndpoint(authorizationEndpoint ->
|
||||
authorizationEndpoint
|
||||
.authorizationRequestResolver(
|
||||
new CustomAuthorizationRequestResolver(
|
||||
this.clientRegistrationRepository)) <1>
|
||||
.oauth2Login(oauth2 -> oauth2
|
||||
.authorizationEndpoint(authorization -> authorization
|
||||
.authorizationRequestResolver(
|
||||
new CustomAuthorizationRequestResolver(
|
||||
this.clientRegistrationRepository) <1>
|
||||
)
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
@ -595,13 +591,11 @@ public class OAuth2ClientSecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.oauth2Client(oauth2Client ->
|
||||
oauth2Client
|
||||
.authorizationCodeGrant(authorizationCodeGrant ->
|
||||
authorizationCodeGrant
|
||||
.authorizationRequestRepository(this.authorizationRequestRepository())
|
||||
...
|
||||
)
|
||||
.oauth2Client(oauth2 -> oauth2
|
||||
.authorizationCodeGrant(codeGrant -> codeGrant
|
||||
.authorizationRequestRepository(this.authorizationRequestRepository())
|
||||
...
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
@ -659,13 +653,11 @@ public class OAuth2ClientSecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.oauth2Client(oauth2Client ->
|
||||
oauth2Client
|
||||
.authorizationCodeGrant(authorizationCodeGrant ->
|
||||
authorizationCodeGrant
|
||||
.accessTokenResponseClient(this.accessTokenResponseClient())
|
||||
...
|
||||
)
|
||||
.oauth2Client(oauth2 -> oauth2
|
||||
.authorizationCodeGrant(codeGrant -> codeGrant
|
||||
.accessTokenResponseClient(this.accessTokenResponseClient())
|
||||
...
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -291,9 +291,8 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeRequests(authorizeRequests ->
|
||||
authorizeRequests
|
||||
.anyRequest().authenticated()
|
||||
.authorizeRequests(authorize -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.oauth2Login(withDefaults());
|
||||
}
|
||||
|
|
@ -317,9 +316,8 @@ public class OAuth2LoginConfig {
|
|||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeRequests(authorizeRequests ->
|
||||
authorizeRequests
|
||||
.anyRequest().authenticated()
|
||||
.authorizeRequests(authorize -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.oauth2Login(withDefaults());
|
||||
}
|
||||
|
|
@ -366,9 +364,8 @@ public class OAuth2LoginConfig {
|
|||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeRequests(authorizeRequests ->
|
||||
authorizeRequests
|
||||
.anyRequest().authenticated()
|
||||
.authorizeRequests(authorize -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.oauth2Login(withDefaults());
|
||||
}
|
||||
|
|
@ -418,24 +415,19 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.oauth2Login(oauth2Login ->
|
||||
oauth2Login
|
||||
.authorizationEndpoint(authorizationEndpoint ->
|
||||
authorizationEndpoint
|
||||
...
|
||||
)
|
||||
.redirectionEndpoint(redirectionEndpoint ->
|
||||
redirectionEndpoint
|
||||
...
|
||||
)
|
||||
.tokenEndpoint(tokenEndpoint ->
|
||||
tokenEndpoint
|
||||
...
|
||||
)
|
||||
.userInfoEndpoint(userInfoEndpoint ->
|
||||
userInfoEndpoint
|
||||
...
|
||||
)
|
||||
.oauth2Login(oauth2 -> oauth2
|
||||
.authorizationEndpoint(authorization -> authorization
|
||||
...
|
||||
)
|
||||
.redirectionEndpoint(redirection -> redirection
|
||||
...
|
||||
)
|
||||
.tokenEndpoint(token -> token
|
||||
...
|
||||
)
|
||||
.userInfoEndpoint(userInfo -> userInfo
|
||||
...
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
@ -470,33 +462,28 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.oauth2Login(oauth2Login ->
|
||||
oauth2Login
|
||||
.clientRegistrationRepository(this.clientRegistrationRepository())
|
||||
.authorizedClientRepository(this.authorizedClientRepository())
|
||||
.authorizedClientService(this.authorizedClientService())
|
||||
.loginPage("/login")
|
||||
.authorizationEndpoint(authorizationEndpoint ->
|
||||
authorizationEndpoint
|
||||
.baseUri(this.authorizationRequestBaseUri())
|
||||
.authorizationRequestRepository(this.authorizationRequestRepository())
|
||||
.authorizationRequestResolver(this.authorizationRequestResolver())
|
||||
)
|
||||
.redirectionEndpoint(redirectionEndpoint ->
|
||||
redirectionEndpoint
|
||||
.baseUri(this.authorizationResponseBaseUri())
|
||||
)
|
||||
.tokenEndpoint(tokenEndpoint ->
|
||||
tokenEndpoint
|
||||
.accessTokenResponseClient(this.accessTokenResponseClient())
|
||||
)
|
||||
.userInfoEndpoint(userInfoEndpoint ->
|
||||
userInfoEndpoint
|
||||
.userAuthoritiesMapper(this.userAuthoritiesMapper())
|
||||
.userService(this.oauth2UserService())
|
||||
.oidcUserService(this.oidcUserService())
|
||||
.customUserType(GitHubOAuth2User.class, "github")
|
||||
)
|
||||
.oauth2Login(oauth2 -> oauth2
|
||||
.clientRegistrationRepository(this.clientRegistrationRepository())
|
||||
.authorizedClientRepository(this.authorizedClientRepository())
|
||||
.authorizedClientService(this.authorizedClientService())
|
||||
.loginPage("/login")
|
||||
.authorizationEndpoint(authorization -> authorization
|
||||
.baseUri(this.authorizationRequestBaseUri())
|
||||
.authorizationRequestRepository(this.authorizationRequestRepository())
|
||||
.authorizationRequestResolver(this.authorizationRequestResolver())
|
||||
)
|
||||
.redirectionEndpoint(redirection -> redirection
|
||||
.baseUri(this.authorizationResponseBaseUri())
|
||||
)
|
||||
.tokenEndpoint(token -> token
|
||||
.accessTokenResponseClient(this.accessTokenResponseClient())
|
||||
)
|
||||
.userInfoEndpoint(userInfo -> userInfo
|
||||
.userAuthoritiesMapper(this.userAuthoritiesMapper())
|
||||
.userService(this.oauth2UserService())
|
||||
.oidcUserService(this.oidcUserService())
|
||||
.customUserType(GitHubOAuth2User.class, "github")
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
@ -542,15 +529,13 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.oauth2Login(oauth2Login ->
|
||||
oauth2Login
|
||||
.loginPage("/login/oauth2")
|
||||
.oauth2Login(oauth2 -> oauth2
|
||||
.loginPage("/login/oauth2")
|
||||
...
|
||||
.authorizationEndpoint(authorization -> authorization
|
||||
.baseUri("/login/oauth2/authorization")
|
||||
...
|
||||
.authorizationEndpoint(authorizationEndpoint ->
|
||||
authorizationEndpoint
|
||||
.baseUri("/login/oauth2/authorization")
|
||||
...
|
||||
)
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
@ -594,13 +579,11 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.oauth2Login(oauth2Login ->
|
||||
oauth2Login
|
||||
.redirectionEndpoint(redirectionEndpoint ->
|
||||
redirectionEndpoint
|
||||
.baseUri("/login/oauth2/callback/*")
|
||||
...
|
||||
)
|
||||
.oauth2Login(oauth2 -> oauth2
|
||||
.redirectionEndpoint(redirection -> redirection
|
||||
.baseUri("/login/oauth2/callback/*")
|
||||
...
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
@ -661,13 +644,11 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.oauth2Login(oauth2Login ->
|
||||
oauth2Login
|
||||
.userInfoEndpoint(userInfoEndpoint ->
|
||||
userInfoEndpoint
|
||||
.userAuthoritiesMapper(this.userAuthoritiesMapper())
|
||||
...
|
||||
)
|
||||
.oauth2Login(oauth2 -> oauth2
|
||||
.userInfoEndpoint(userInfo -> userInfo
|
||||
.userAuthoritiesMapper(this.userAuthoritiesMapper())
|
||||
...
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
|
|
@ -740,13 +721,11 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.oauth2Login(oauth2Login ->
|
||||
oauth2Login
|
||||
.userInfoEndpoint(userInfoEndpoint ->
|
||||
userInfoEndpoint
|
||||
.oidcUserService(this.oidcUserService())
|
||||
...
|
||||
)
|
||||
.oauth2Login(oauth2 -> oauth2
|
||||
.userInfoEndpoint(userInfo -> userInfo
|
||||
.oidcUserService(this.oidcUserService())
|
||||
...
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
|
|
@ -791,13 +770,11 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.oauth2Login(oauth2Login ->
|
||||
oauth2Login
|
||||
.userInfoEndpoint(userInfoEndpoint ->
|
||||
userInfoEndpoint
|
||||
.customUserType(GitHubOAuth2User.class, "github")
|
||||
...
|
||||
)
|
||||
.oauth2Login(oauth2 -> oauth2
|
||||
.userInfoEndpoint(userInfo -> userInfo
|
||||
.customUserType(GitHubOAuth2User.class, "github")
|
||||
...
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
@ -909,13 +886,11 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.oauth2Login(oauth2Login ->
|
||||
oauth2Login
|
||||
.userInfoEndpoint(userInfoEndpoint ->
|
||||
userInfoEndpoint
|
||||
.userService(this.oauth2UserService())
|
||||
...
|
||||
)
|
||||
.oauth2Login(oauth2 -> oauth2
|
||||
.userInfoEndpoint(userInfo -> userInfo
|
||||
.userService(this.oauth2UserService())
|
||||
...
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
|
|
@ -945,13 +920,11 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.oauth2Login(oauth2Login ->
|
||||
oauth2Login
|
||||
.userInfoEndpoint(userInfoEndpoint ->
|
||||
userInfoEndpoint
|
||||
.oidcUserService(this.oidcUserService())
|
||||
...
|
||||
)
|
||||
.oauth2Login(oauth2 -> oauth2
|
||||
.userInfoEndpoint(userInfo -> userInfo
|
||||
.oidcUserService(this.oidcUserService())
|
||||
...
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
|
|
@ -1031,14 +1004,12 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeRequests(authorizeRequests ->
|
||||
authorizeRequests
|
||||
.anyRequest().authenticated()
|
||||
.authorizeRequests(authorize -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.oauth2Login(withDefaults())
|
||||
.logout(logout ->
|
||||
logout
|
||||
.logoutSuccessHandler(oidcLogoutSuccessHandler())
|
||||
.logout(logout -> logout
|
||||
.logoutSuccessHandler(oidcLogoutSuccessHandler())
|
||||
);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -128,9 +128,8 @@ The first is a `WebSecurityConfigurerAdapter` that configures the app as a resou
|
|||
----
|
||||
protected void configure(HttpSecurity http) {
|
||||
http
|
||||
.authorizeRequests(authorizeRequests ->
|
||||
authorizeRequests
|
||||
.anyRequest().authenticated()
|
||||
.authorizeRequests(authorize -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
|
||||
}
|
||||
|
|
@ -146,17 +145,14 @@ Replacing this is as simple as exposing the bean within the application:
|
|||
public class MyCustomSecurityConfiguration extends WebSecurityConfigurerAdapter {
|
||||
protected void configure(HttpSecurity http) {
|
||||
http
|
||||
.authorizeRequests(authorizeRequests ->
|
||||
authorizeRequests
|
||||
.mvcMatchers("/messages/**").hasAuthority("SCOPE_message:read")
|
||||
.anyRequest().authenticated()
|
||||
.authorizeRequests(authorize -> authorize
|
||||
.mvcMatchers("/messages/**").hasAuthority("SCOPE_message:read")
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(oauth2ResourceServer ->
|
||||
oauth2ResourceServer
|
||||
.jwt(jwt ->
|
||||
jwt
|
||||
.jwtAuthenticationConverter(myConverter())
|
||||
)
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.jwt(jwt -> jwt
|
||||
.jwtAuthenticationConverter(myConverter())
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
@ -194,16 +190,13 @@ An authorization server's JWK Set Uri can be configured <<oauth2resourceserver-j
|
|||
public class DirectlyConfiguredJwkSetUri extends WebSecurityConfigurerAdapter {
|
||||
protected void configure(HttpSecurity http) {
|
||||
http
|
||||
.authorizeRequests(authorizeRequests ->
|
||||
authorizeRequests
|
||||
.anyRequest().authenticated()
|
||||
.authorizeRequests(authorize -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(oauth2ResourceServer ->
|
||||
oauth2ResourceServer
|
||||
.jwt(jwt ->
|
||||
jwt
|
||||
.jwkSetUri("https://idp.example.com/.well-known/jwks.json")
|
||||
)
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.jwt(jwt -> jwt
|
||||
.jwkSetUri("https://idp.example.com/.well-known/jwks.json")
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
@ -222,16 +215,13 @@ More powerful than `jwkSetUri()` is `decoder()`, which will completely replace a
|
|||
public class DirectlyConfiguredJwtDecoder extends WebSecurityConfigurerAdapter {
|
||||
protected void configure(HttpSecurity http) {
|
||||
http
|
||||
.authorizeRequests(authorizeRequests ->
|
||||
authorizeRequests
|
||||
.anyRequest().authenticated()
|
||||
.authorizeRequests(authorize -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(oauth2ResourceServer ->
|
||||
oauth2ResourceServer
|
||||
.jwt(jwt ->
|
||||
jwt
|
||||
.decoder(myCustomDecoder())
|
||||
)
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.jwt(jwt -> jwt
|
||||
.decoder(myCustomDecoder())
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
@ -427,7 +417,7 @@ This means that to protect an endpoint or method with a scope derived from a JWT
|
|||
public class DirectlyConfiguredJwkSetUri extends WebSecurityConfigurerAdapter {
|
||||
protected void configure(HttpSecurity http) {
|
||||
http
|
||||
.authorizeRequests(authorizeRequests -> authorizeRequests
|
||||
.authorizeRequests(authorize -> authorize
|
||||
.mvcMatchers("/contacts/**").hasAuthority("SCOPE_contacts")
|
||||
.mvcMatchers("/messages/**").hasAuthority("SCOPE_messages")
|
||||
.anyRequest().authenticated()
|
||||
|
|
@ -460,16 +450,13 @@ To this end, the DSL exposes `jwtAuthenticationConverter()`:
|
|||
public class DirectlyConfiguredJwkSetUri extends WebSecurityConfigurerAdapter {
|
||||
protected void configure(HttpSecurity http) {
|
||||
http
|
||||
.authorizeRequests(authorizeRequests ->
|
||||
authorizeRequests
|
||||
.anyRequest().authenticated()
|
||||
.authorizeRequests(authorize -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(oauth2ResourceServer ->
|
||||
oauth2ResourceServer
|
||||
.jwt(jwt ->
|
||||
jwt
|
||||
.jwtAuthenticationConverter(grantedAuthoritiesExtractor())
|
||||
)
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.jwt(jwt -> jwt
|
||||
.jwtAuthenticationConverter(grantedAuthoritiesExtractor())
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
@ -828,9 +815,8 @@ When use Opaque Token, this `WebSecurityConfigurerAdapter` looks like:
|
|||
----
|
||||
protected void configure(HttpSecurity http) {
|
||||
http
|
||||
.authorizeRequests(authorizeRequests ->
|
||||
authorizeRequests
|
||||
.anyRequest().authenticated()
|
||||
.authorizeRequests(authorize -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(OAuth2ResourceServerConfigurer::opaqueToken);
|
||||
}
|
||||
|
|
@ -846,17 +832,14 @@ Replacing this is as simple as exposing the bean within the application:
|
|||
public class MyCustomSecurityConfiguration extends WebSecurityConfigurerAdapter {
|
||||
protected void configure(HttpSecurity http) {
|
||||
http
|
||||
.authorizeRequests(authorizeRequests ->
|
||||
authorizeRequests
|
||||
.mvcMatchers("/messages/**").hasAuthority("SCOPE_message:read")
|
||||
.anyRequest().authenticated()
|
||||
.authorizeRequests(authorize -> authorize
|
||||
.mvcMatchers("/messages/**").hasAuthority("SCOPE_message:read")
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(oauth2ResourceServer ->
|
||||
oauth2ResourceServer
|
||||
.opaqueToken(opaqueToken ->
|
||||
opaqueToken
|
||||
.introspector(myIntrospector())
|
||||
)
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.opaqueToken(opaqueToken -> opaqueToken
|
||||
.introspector(myIntrospector())
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
@ -891,17 +874,14 @@ An authorization server's Introspection Uri can be configured <<oauth2resourcese
|
|||
public class DirectlyConfiguredIntrospectionUri extends WebSecurityConfigurerAdapter {
|
||||
protected void configure(HttpSecurity http) {
|
||||
http
|
||||
.authorizeRequests(authorizeRequests ->
|
||||
authorizeRequests
|
||||
.anyRequest().authenticated()
|
||||
.authorizeRequests(authorize -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(oauth2ResourceServer ->
|
||||
oauth2ResourceServer
|
||||
.opaqueToken(opaqueToken ->
|
||||
opaqueToken
|
||||
.introspectionUri("https://idp.example.com/introspect")
|
||||
.introspectionClientCredentials("client", "secret")
|
||||
)
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.opaqueToken(opaqueToken -> opaqueToken
|
||||
.introspectionUri("https://idp.example.com/introspect")
|
||||
.introspectionClientCredentials("client", "secret")
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
@ -920,16 +900,13 @@ More powerful than `introspectionUri()` is `introspector()`, which will complete
|
|||
public class DirectlyConfiguredIntrospector extends WebSecurityConfigurerAdapter {
|
||||
protected void configure(HttpSecurity http) {
|
||||
http
|
||||
.authorizeRequests(authorizeRequests ->
|
||||
authorizeRequests
|
||||
.anyRequest().authenticated()
|
||||
.authorizeRequests(authorize -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(oauth2ResourceServer ->
|
||||
oauth2ResourceServer
|
||||
.opaqueToken(opaqueToken ->
|
||||
opaqueToken
|
||||
.introspector(myCustomIntrospector())
|
||||
)
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.opaqueToken(opaqueToken -> opaqueToken
|
||||
.introspector(myCustomIntrospector())
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
@ -1220,13 +1197,11 @@ And then specify this `AuthenticationManagerResolver` in the DSL:
|
|||
[source,java]
|
||||
----
|
||||
http
|
||||
.authorizeRequests(authorizeRequests ->
|
||||
authorizeRequests
|
||||
.anyRequest().authenticated()
|
||||
.authorizeRequests(authorize -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(oauth2ResourceServer ->
|
||||
oauth2ResourceServer
|
||||
.authenticationManagerResolver(this.tokenAuthenticationManagerResolver)
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.authenticationManagerResolver(this.tokenAuthenticationManagerResolver)
|
||||
);
|
||||
----
|
||||
|
||||
|
|
@ -1253,13 +1228,11 @@ JwtIssuerAuthenticationManagerResolver authenticationManagerResolver = new JwtIs
|
|||
("https://idp.example.org/issuerOne", "https://idp.example.org/issuerTwo");
|
||||
|
||||
http
|
||||
.authorizeRequests(authorizeRequests ->
|
||||
authorizeRequests
|
||||
.anyRequest().authenticated()
|
||||
.authorizeRequests(authorize -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(oauth2ResourceServer ->
|
||||
oauth2ResourceServer
|
||||
.authenticationManagerResolver(authenticationManagerResolver)
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.authenticationManagerResolver(authenticationManagerResolver)
|
||||
);
|
||||
----
|
||||
|
||||
|
|
@ -1286,13 +1259,11 @@ JwtIssuerAuthenticationManagerResolver authenticationManagerResolver =
|
|||
new JwtIssuerAuthenticationManagerResolver(authenticationManagers::get);
|
||||
|
||||
http
|
||||
.authorizeRequests(authorizeRequests ->
|
||||
authorizeRequests
|
||||
.anyRequest().authenticated()
|
||||
.authorizeRequests(authorize -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(oauth2ResourceServer ->
|
||||
oauth2ResourceServer
|
||||
.authenticationManagerResolver(authenticationManagerResolver)
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.authenticationManagerResolver(authenticationManagerResolver)
|
||||
);
|
||||
----
|
||||
|
||||
|
|
@ -1443,9 +1414,8 @@ To achieve this, you can wire a `HeaderBearerTokenResolver` instance into the DS
|
|||
[source,java]
|
||||
----
|
||||
http
|
||||
.oauth2ResourceServer(oauth2ResourceServer ->
|
||||
oauth2ResourceServer
|
||||
.bearerTokenResolver(new HeaderBearerTokenResolver("x-goog-iap-jwt-assertion"))
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.bearerTokenResolver(new HeaderBearerTokenResolver("x-goog-iap-jwt-assertion"))
|
||||
);
|
||||
----
|
||||
|
||||
|
|
@ -1458,9 +1428,8 @@ Or, you may wish to read the token from a form parameter, which you can do by co
|
|||
DefaultBearerTokenResolver resolver = new DefaultBearerTokenResolver();
|
||||
resolver.setAllowFormEncodedBodyParameter(true);
|
||||
http
|
||||
.oauth2ResourceServer(oauth2ResourceServer ->
|
||||
oauth2ResourceServer
|
||||
.bearerTokenResolver(resolver)
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.bearerTokenResolver(resolver)
|
||||
);
|
||||
----
|
||||
|
||||
|
|
|
|||
|
|
@ -85,9 +85,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeRequests(authorizeRequests ->
|
||||
authorizeRequests
|
||||
.anyRequest().authenticated()
|
||||
.authorizeRequests(authorize -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.saml2Login(withDefaults())
|
||||
;
|
||||
|
|
@ -105,13 +104,11 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeRequests(authorizeRequests ->
|
||||
authorizeRequests
|
||||
.anyRequest().authenticated()
|
||||
.authorizeRequests(authorize -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.saml2Login(saml2Login ->
|
||||
saml2Login
|
||||
.relyingPartyRegistrationRepository(...)
|
||||
.saml2Login(saml2 -> saml2
|
||||
.relyingPartyRegistrationRepository(...)
|
||||
)
|
||||
;
|
||||
}
|
||||
|
|
@ -262,13 +259,11 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
};
|
||||
|
||||
http
|
||||
.authorizeRequests(authorizeRequests ->
|
||||
authorizeRequests
|
||||
.anyRequest().authenticated()
|
||||
.authorizeRequests(authorize -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.saml2Login(saml2Login ->
|
||||
saml2Login
|
||||
.addObjectPostProcessor(processor)
|
||||
.saml2Login(saml2 -> saml2
|
||||
.addObjectPostProcessor(processor)
|
||||
)
|
||||
;
|
||||
}
|
||||
|
|
@ -291,13 +286,11 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
authProvider.setAuthoritiesMapper(AUTHORITIES_MAPPER);
|
||||
authProvider.setAuthoritiesExtractor(AUTHORITIES_EXTRACTOR);
|
||||
http
|
||||
.authorizeRequests(authorizeRequests ->
|
||||
authorizeRequests
|
||||
.anyRequest().authenticated()
|
||||
.authorizeRequests(authorize -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.saml2Login(saml2Login ->
|
||||
saml2Login
|
||||
.authenticationManager(new ProviderManager(asList(authProvider)))
|
||||
.saml2Login(saml2 -> saml2
|
||||
.authenticationManager(new ProviderManager(asList(authProvider)))
|
||||
)
|
||||
;
|
||||
}
|
||||
|
|
@ -319,13 +312,11 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
protected void configure(HttpSecurity http) throws Exception {
|
||||
AuthenticationManager authenticationManager = new MySaml2AuthenticationManager(...);
|
||||
http
|
||||
.authorizeRequests(authorizeRequests ->
|
||||
authorizeRequests
|
||||
.anyRequest().authenticated()
|
||||
.authorizeRequests(authorize -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.saml2Login(saml2Login ->
|
||||
saml2Login
|
||||
.authenticationManager(authenticationManager)
|
||||
.saml2Login(saml2 -> saml2
|
||||
.authenticationManager(authenticationManager)
|
||||
)
|
||||
;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -40,9 +40,8 @@ public class SecurityConfig {
|
|||
return http
|
||||
// Demonstrate that method security works
|
||||
// Best practice to use both for defense in depth
|
||||
.authorizeExchange(exchanges ->
|
||||
exchanges
|
||||
.anyExchange().permitAll()
|
||||
.authorizeExchange(exchanges -> exchanges
|
||||
.anyExchange().permitAll()
|
||||
)
|
||||
.httpBasic(withDefaults())
|
||||
.build();
|
||||
|
|
|
|||
|
|
@ -34,15 +34,13 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeRequests(authorizeRequests ->
|
||||
authorizeRequests
|
||||
.antMatchers("/css/**", "/index").permitAll()
|
||||
.antMatchers("/user/**").hasRole("USER")
|
||||
.authorizeRequests(authorize -> authorize
|
||||
.antMatchers("/css/**", "/index").permitAll()
|
||||
.antMatchers("/user/**").hasRole("USER")
|
||||
)
|
||||
.formLogin(formLogin ->
|
||||
formLogin
|
||||
.loginPage("/login")
|
||||
.failureUrl("/login-error")
|
||||
.formLogin(formLogin -> formLogin
|
||||
.loginPage("/login")
|
||||
.failureUrl("/login-error")
|
||||
);
|
||||
}
|
||||
// @formatter:on
|
||||
|
|
|
|||
Loading…
Reference in New Issue