Use standard lambda syntax in documentation

Fixes: gh-7774
This commit is contained in:
Eleftheria Stein 2020-01-10 13:10:36 +01:00
parent a35ce77451
commit 1e33627d87
22 changed files with 423 additions and 599 deletions

View File

@ -23,10 +23,8 @@ You can easily do this with the following Java Configuration:
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http
// ...
.headers(headers ->
headers
.frameOptions(frameOptions ->
frameOptions
.headers(headers -> headers
.frameOptions(frameOptions -> frameOptions
.mode(Mode.SAMEORIGIN)
)
);
@ -46,10 +44,7 @@ An example for both Java configuration is provided below:
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http
// ...
.headers(headers ->
headers
.disable()
);
.headers(headers -> headers.disable());
return http.build();
}
----
@ -76,8 +71,7 @@ If necessary, you can also disable Spring Security's cache control HTTP response
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http
// ...
.headers(headers ->
headers
.headers(headers -> headers
.cache(cache -> cache.disable())
);
return http.build();
@ -99,8 +93,7 @@ However, you can disable it in Java Configuration with:
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http
// ...
.headers(headers ->
headers
.headers(headers -> headers
.contentTypeOptions(contentTypeOptions -> contentTypeOptions.disable())
);
return http.build();
@ -122,10 +115,8 @@ For example, the following is an example of explicitly providing HSTS with Java
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http
// ...
.headers(headers ->
headers
.hsts(hsts ->
hsts
.headers(headers -> headers
.hsts(hsts -> hsts
.includeSubdomains(true)
.preload(true)
.maxAge(Duration.ofDays(365))
@ -150,10 +141,8 @@ You can customize frame options to use the same origin within Java Configuration
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http
// ...
.headers(headers ->
headers
.frameOptions(frameOptions ->
frameOptions
.headers(headers -> headers
.frameOptions(frameOptions -> frameOptions
.mode(SAMEORIGIN)
)
);
@ -175,8 +164,7 @@ You can disable `X-XSS-Protection` with the following Java Configuration:
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http
// ...
.headers(headers ->
headers
.headers(headers -> headers
.xssProtection(xssProtection -> xssProtection.disable())
);
return http.build();
@ -209,10 +197,8 @@ You can enable the CSP header using Java configuration as shown below:
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http
// ...
.headers(headers ->
headers
.contentSecurityPolicy(contentSecurityPolicy ->
contentSecurityPolicy
.headers(headers -> headers
.contentSecurityPolicy(policy -> policy
.policyDirectives("script-src 'self' https://trustedscripts.example.com; object-src https://trustedplugins.example.com; report-uri /csp-report-endpoint/")
)
);
@ -231,10 +217,8 @@ To enable the CSP `report-only` header, provide the following Java configuration
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http
// ...
.headers(headers ->
headers
.contentSecurityPolicy(contentSecurityPolicy ->
contentSecurityPolicy
.headers(headers -> headers
.contentSecurityPolicy(policy -> policy
.policyDirectives("script-src 'self' https://trustedscripts.example.com; object-src https://trustedplugins.example.com; report-uri /csp-report-endpoint/")
.reportOnly()
)
@ -258,10 +242,8 @@ You can enable the Referrer Policy header using Java configuration as shown belo
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http
// ...
.headers(headers ->
headers
.referrerPolicy(referrerPolicy ->
referrerPolicy
.headers(headers -> headers
.referrerPolicy(referrer -> referrer
.policy(ReferrerPolicy.SAME_ORIGIN)
)
);
@ -295,8 +277,7 @@ can enable the Feature Policy header using Java configuration as shown below:
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http
// ...
.headers(headers ->
headers
.headers(headers -> headers
.featurePolicy("geolocation 'self'")
);
return http.build();

View File

@ -38,8 +38,7 @@ For example, if the production environment adds a header named `X-Forwarded-Prot
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http
// ...
.redirectToHttps(redirectToHttps ->
redirectToHttps
.redirectToHttps(redirect -> redirect
.httpsRedirectWhen(e -> e.getRequest().getHeaders().containsKey("X-Forwarded-Proto"))
);
return http.build();

View File

@ -88,8 +88,7 @@ public class SecurityConfig {
return http
// Demonstrate that method security works
// Best practice to use both for defense in depth
.authorizeExchange(exchanges ->
exchanges
.authorizeExchange(exchanges -> exchanges
.anyExchange().permitAll()
)
.httpBasic(withDefaults())

View File

@ -151,8 +151,7 @@ Additional configuration options can be seen below:
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http
// ...
.oauth2Login(oauth2Login ->
oauth2Login
.oauth2Login(oauth2 -> oauth2
.authenticationConverter(converter)
.authenticationManager(manager)
.authorizedClientRepository(authorizedClients)

View File

@ -129,8 +129,7 @@ The first is a `SecurityWebFilterChain` that configures the app as a resource se
@Bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http
.authorizeExchange(exchanges ->
exchanges
.authorizeExchange(exchanges -> exchanges
.anyExchange().authenticated()
)
.oauth2ResourceServer(OAuth2ResourceServerSpec::jwt)
@ -147,13 +146,11 @@ Replacing this is as simple as exposing the bean within the application:
@Bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http
.authorizeExchange(exchanges ->
exchanges
.authorizeExchange(exchanges -> exchanges
.pathMatchers("/message/**").hasAuthority("SCOPE_message:read")
.anyExchange().authenticated()
)
.oauth2ResourceServer(oauth2ResourceServer ->
oauth2ResourceServer
.oauth2ResourceServer(oauth2 -> oauth2
.jwt(withDefaults())
);
return http.build();
@ -190,14 +187,11 @@ An authorization server's JWK Set Uri can be configured <<webflux-oauth2resource
@Bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http
.authorizeExchange(exchanges ->
exchanges
.authorizeExchange(exchanges -> exchanges
.anyExchange().authenticated()
)
.oauth2ResourceServer(oauth2ResourceServer ->
oauth2ResourceServer
.jwt(jwt ->
jwt
.oauth2ResourceServer(oauth2 -> oauth2
.jwt(jwt -> jwt
.jwkSetUri("https://idp.example.com/.well-known/jwks.json")
)
);
@ -217,14 +211,11 @@ More powerful than `jwkSetUri()` is `decoder()`, which will completely replace a
@Bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http
.authorizeExchange(exchanges ->
exchanges
.authorizeExchange(exchanges -> exchanges
.anyExchange().authenticated()
)
.oauth2ResourceServer(oauth2ResourceServer ->
oauth2ResourceServer
.jwt(jwt ->
jwt
.oauth2ResourceServer(oauth2 -> oauth2
.jwt(jwt -> jwt
.decoder(myCustomDecoder())
)
);
@ -398,7 +389,7 @@ This means that to protect an endpoint or method with a scope derived from a JWT
@Bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http
.authorizeExchange(exchanges ->exchanges
.authorizeExchange(exchanges -> exchanges
.mvcMatchers("/contacts/**").hasAuthority("SCOPE_contacts")
.mvcMatchers("/messages/**").hasAuthority("SCOPE_messages")
.anyExchange().authenticated()
@ -430,14 +421,11 @@ To this end, the DSL exposes `jwtAuthenticationConverter()`:
@Bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http
.authorizeExchange(exchanges ->
exchanges
.authorizeExchange(exchanges -> exchanges
.anyExchange().authenticated()
)
.oauth2ResourceServer(oauth2ResourceServer ->
oauth2ResourceServer
.jwt(jwt ->
jwt
.oauth2ResourceServer(oauth2 -> oauth2
.jwt(jwt -> jwt
.jwtAuthenticationConverter(grantedAuthoritiesExtractor())
)
);
@ -678,8 +666,7 @@ When use Opaque Token, this `SecurityWebFilterChain` looks like:
@Bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http
.authorizeExchange(exchanges ->
exchanges
.authorizeExchange(exchanges -> exchanges
.anyExchange().authenticated()
)
.oauth2ResourceServer(ServerHttpSecurity.OAuth2ResourceServerSpec::opaqueToken)
@ -698,15 +685,12 @@ public class MyCustomSecurityConfiguration {
@Bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http
.authorizeExchange(exchanges ->
exchanges
.authorizeExchange(exchanges -> exchanges
.pathMatchers("/messages/**").hasAuthority("SCOPE_message:read")
.anyExchange().authenticated()
)
.oauth2ResourceServer(oauth2ResourceServer ->
oauth2ResourceServer
.opaqueToken(opaqueToken ->
opaqueToken
.oauth2ResourceServer(oauth2 -> oauth2
.opaqueToken(opaqueToken -> opaqueToken
.introspector(myIntrospector())
)
);
@ -745,14 +729,11 @@ public class DirectlyConfiguredIntrospectionUri {
@Bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http
.authorizeExchange(exchanges ->
exchanges
.authorizeExchange(exchanges -> exchanges
.anyExchange().authenticated()
)
.oauth2ResourceServer(oauth2ResourceServer ->
oauth2ResourceServer
.opaqueToken(opaqueToken ->
opaqueToken
.oauth2ResourceServer(oauth2 -> oauth2
.opaqueToken(opaqueToken -> opaqueToken
.introspectionUri("https://idp.example.com/introspect")
.introspectionClientCredentials("client", "secret")
)
@ -776,14 +757,11 @@ public class DirectlyConfiguredIntrospector {
@Bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http
.authorizeExchange(exchanges ->
exchanges
.authorizeExchange(exchanges -> exchanges
.anyExchange().authenticated()
)
.oauth2ResourceServer(oauth2ResourceServer ->
oauth2ResourceServer
.opaqueToken(opaqueToken ->
opaqueToken
.oauth2ResourceServer(oauth2 -> oauth2
.opaqueToken(opaqueToken -> opaqueToken
.introspector(myCustomIntrospector())
)
);

View File

@ -56,8 +56,7 @@ public class HelloWebfluxSecurityConfig {
@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http
.authorizeExchange(exchanges ->
exchanges
.authorizeExchange(exchanges -> exchanges
.anyExchange().authenticated()
)
.httpBasic(withDefaults())

View File

@ -10,8 +10,7 @@ Below is an example of a reactive x509 security configuration:
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
http
.x509(withDefaults())
.authorizeExchange(exchanges ->
exchanges
.authorizeExchange(exchanges -> exchanges
.anyExchange().permitAll()
);
return http.build();
@ -37,13 +36,11 @@ public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
};
http
.x509(x509 ->
x509
.x509(x509 -> x509
.principalExtractor(principalExtractor)
.authenticationManager(authenticationManager)
)
.authorizeExchange(exchanges ->
exchanges
.authorizeExchange(exchanges -> exchanges
.anyExchange().authenticated()
);
return http.build();

View File

@ -18,8 +18,7 @@ Similar to configuring login capabilities, however, you also have various option
----
protected void configure(HttpSecurity http) throws Exception {
http
.logout(logout -> // <1>
logout
.logout(logout -> logout // <1>
.logoutUrl("/my/logout") // <2>
.logoutSuccessUrl("/my/index") // <3>
.logoutSuccessHandler(logoutSuccessHandler) // <4>

View File

@ -9,8 +9,7 @@ For example:
----
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests(authorizeRequests -> // <1>
authorizeRequests
.authorizeRequests(authorize -> authorize // <1>
.antMatchers("/resources/**", "/signup", "/about").permitAll() // <2>
.antMatchers("/admin/**").hasRole("ADMIN") // <3>
.antMatchers("/db/**").access("hasRole('ADMIN') and hasRole('DBA')") // <4>

View File

@ -140,8 +140,7 @@ or in Java configuration
[source,java]
----
http
.authorizeRequests(authorizeRequests ->
authorizeRequests
.authorizeRequests(authorize -> authorize
.antMatchers("/user/**").access("@webSecurity.check(authentication,request)")
...
)
@ -181,8 +180,7 @@ or in Java configuration
[source,java]
----
http
.authorizeRequests(authorizeRequests ->
authorizeRequests
.authorizeRequests(authorize -> authorize
.antMatchers("/user/{userId}/**").access("@webSecurity.checkUserId(authentication,#userId)")
...
);

View File

@ -70,8 +70,7 @@ public class WebSecurityConfig extends
@Override
protected void configure(HttpSecurity http) {
http
.csrf(csrf ->
csrf
.csrf(csrf -> csrf
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
);
}
@ -119,9 +118,7 @@ public class WebSecurityConfig extends
@Override
protected void configure(HttpSecurity http) {
http
.csrf(csrf ->
csrf.disable()
);
.csrf(csrf -> csrf.disable());
}
}
----
@ -303,8 +300,7 @@ public class WebSecurityConfig extends
@Override
protected void configure(HttpSecurity http) {
http
.logout(logout ->
logout
.logout(logout -> logout
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
);
}

View File

@ -27,10 +27,9 @@ public class WebSecurityConfig extends
protected void configure(HttpSecurity http) {
http
// ...
.headers(headers ->
headers
.frameOptions(frameOptions ->
frameOptions.sameOrigin()
.headers(headers -> headers
.frameOptions(frameOptions -> frameOptions
.sameOrigin()
)
);
}
@ -69,8 +68,7 @@ WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http
// ...
.headers(headers ->
headers
.headers(headers -> headers
// do not use any default headers unless explicitly listed
.defaultsDisabled()
.cacheControl(withDefaults())
@ -105,9 +103,7 @@ WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http
// ...
.headers(headers ->
headers.disable()
);
.headers(headers -> headers.disable());
}
}
----
@ -149,10 +145,8 @@ WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) {
http
// ...
.headers(headers ->
headers.cacheControl(cache ->
cache.disabled()
)
.headers(headers -> headers
.cacheControl(cache -> cache.disable())
);
}
}
@ -194,10 +188,8 @@ public class WebSecurityConfig extends
protected void configure(HttpSecurity http) {
http
// ...
.headers(headers ->
headers.contentTypeOptions(contentType ->
contentType.disabled()
)
.headers(headers -> headers
.contentTypeOptions(contentTypeOptions -> contentTypeOptions.disable())
);
}
}
@ -239,10 +231,8 @@ WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http
// ...
.headers(headers ->
headers
.httpStrictTransportSecurity(hsts ->
hsts
.headers(headers -> headers
.httpStrictTransportSecurity(hsts -> hsts
.includeSubDomains(true)
.preload(true)
.maxAgeInSeconds(31536000)
@ -291,10 +281,8 @@ WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http
// ...
.headers(headers ->
headers
.httpPublicKeyPinning(hpkp ->
hpkp
.headers(headers -> headers
.httpPublicKeyPinning(hpkp -> hpkp
.includeSubDomains(true)
.reportUri("https://example.net/pkp-report")
.addSha256Pins("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=", "E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=")
@ -348,10 +336,8 @@ WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http
// ...
.headers(headers ->
headers
.frameOptions(frameOptions ->
frameOptions
.headers(headers -> headers
.frameOptions(frameOptions -> frameOptions
.sameOrigin()
)
);
@ -397,10 +383,8 @@ WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http
// ...
.headers(headers ->
headers
.xssProtection(xssProtection ->
xssProtection
.headers(headers -> headers
.xssProtection(xss -> xss
.block(false)
)
);
@ -456,10 +440,8 @@ WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) {
http
// ...
.headers(headers ->
headers
.contentSecurityPolicy(csp ->
csp
.headers(headers -> headers
.contentSecurityPolicy(csp -> csp
.policyDirectives("script-src 'self' https://trustedscripts.example.com; object-src https://trustedplugins.example.com; report-uri /csp-report-endpoint/")
)
);
@ -499,10 +481,8 @@ public class WebSecurityConfig extends
protected void configure(HttpSecurity http) throws Exception {
http
// ...
.headers(headers ->
headers
.contentSecurityPolicy(csp ->
csp
.headers(headers -> headers
.contentSecurityPolicy(csp -> csp
.policyDirectives("script-src 'self' https://trustedscripts.example.com; object-src https://trustedplugins.example.com; report-uri /csp-report-endpoint/")
.reportOnly()
)
@ -548,10 +528,8 @@ WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) {
http
// ...
.headers(headers ->
headers
.referrerPolicy(referrerPolicy ->
referrerPolicy
.headers(headers -> headers
.referrerPolicy(referrer -> referrer
.policy(ReferrerPolicy.SAME_ORIGIN)
)
);
@ -605,8 +583,7 @@ WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http
// ...
.headers(headers ->
headers
.headers(headers -> headers
.featurePolicy("geolocation 'self'")
);
}
@ -694,8 +671,7 @@ WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http
// ...
.headers(headers ->
headers
.headers(headers -> headers
.addHeaderWriter(new StaticHeadersWriter("X-Custom-Security-Header","header-value"))
);
}
@ -739,8 +715,7 @@ WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http
// ...
.headers(headers ->
headers
.headers(headers -> headers
.addHeaderWriter(new XFrameOptionsHeaderWriter(XFrameOptionsMode.SAMEORIGIN))
);
}
@ -794,11 +769,8 @@ WebSecurityConfigurerAdapter {
new DelegatingRequestMatcherHeaderWriter(matcher,new XFrameOptionsHeaderWriter());
http
// ...
.headers(headers ->
headers
.frameOptions(frameOptions ->
frameOptions.disable()
)
.headers(headers -> headers
.frameOptions(frameOptions -> frameOptions.disable())
.addHeaderWriter(headerWriter)
);
}

View File

@ -25,8 +25,7 @@ public class WebSecurityConfig extends
protected void configure(HttpSecurity http) {
http
// ...
.requiresChannel(channel ->
channel
.requiresChannel(channel -> channel
.anyRequest().requiresSecure()
);
}

View File

@ -102,8 +102,7 @@ If we wanted to restrict access to this controller method to admin users, a deve
----
protected configure(HttpSecurity http) throws Exception {
http
.authorizeRequests(authorizeRequests ->
authorizeRequests
.authorizeRequests(authorize -> authorize
.antMatchers("/admin").hasRole("ADMIN")
);
}
@ -133,8 +132,7 @@ The following configuration will protect the same URLs that Spring MVC will matc
----
protected configure(HttpSecurity http) throws Exception {
http
.authorizeRequests(authorizeRequests ->
authorizeRequests
.authorizeRequests(authorize -> authorize
.mvcMatchers("/admin").hasRole("ADMIN")
);
}

View File

@ -323,10 +323,8 @@ public class WebSecurityConfig extends
protected void configure(HttpSecurity http) throws Exception {
http
// ...
.headers(headers ->
headers
.frameOptions(frameOptions ->
frameOptions
.headers(headers -> headers
.frameOptions(frameOptions -> frameOptions
.sameOrigin()
)
);
@ -361,20 +359,17 @@ public class WebSecurityConfig
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf(csrf ->
csrf
.csrf(csrf -> csrf
// ignore our stomp endpoints since they are protected using Stomp headers
.ignoringAntMatchers("/chat/**")
)
.headers(headers ->
headers
.headers(headers -> headers
// allow same origin to frame our site to support iframe SockJS
.frameOptions(frameOptions ->
frameOptions
.frameOptions(frameOptions -> frameOptions
.sameOrigin()
)
)
.authorizeRequests(authorizeRequests ->
.authorizeRequests(authorize -> authorize
...
)
...

View File

@ -140,8 +140,7 @@ It has a method called `configure` with the following default implementation:
----
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests(authorizeRequests ->
authorizeRequests
.authorizeRequests(authorize -> authorize
.anyRequest().authenticated()
)
.formLogin(withDefaults())
@ -192,8 +191,7 @@ public class MultiHttpSecurityConfig {
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/api/**") <3>
.authorizeRequests(authorizeRequests ->
authorizeRequests
.authorizeRequests(authorize -> authorize
.anyRequest().hasRole("ADMIN")
)
.httpBasic(withDefaults());
@ -206,8 +204,7 @@ public class MultiHttpSecurityConfig {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests(authorizeRequests ->
authorizeRequests
.authorizeRequests(authorize -> authorize
.anyRequest().authenticated()
)
.formLogin(withDefaults());
@ -326,8 +323,7 @@ For example, if you wanted to configure the `filterSecurityPublishAuthorizationS
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests(authorizeRequests ->
authorizeRequests
.authorizeRequests(authorize -> authorize
.anyRequest().authenticated()
.withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() {
public <O extends FilterSecurityInterceptor> O postProcess(

View File

@ -27,13 +27,11 @@ public class OAuth2ClientSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.oauth2Client(oauth2Client ->
oauth2Client
.oauth2Client(oauth2 -> oauth2
.clientRegistrationRepository(this.clientRegistrationRepository())
.authorizedClientRepository(this.authorizedClientRepository())
.authorizedClientService(this.authorizedClientService())
.authorizationCodeGrant(authorizationCodeGrant ->
authorizationCodeGrant
.authorizationCodeGrant(codeGrant -> codeGrant
.authorizationRequestRepository(this.authorizationRequestRepository())
.authorizationRequestResolver(this.authorizationRequestResolver())
.accessTokenResponseClient(this.accessTokenResponseClient())
@ -465,17 +463,15 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests(authorizeRequests ->
authorizeRequests
.authorizeRequests(authorize -> authorize
.anyRequest().authenticated()
)
.oauth2Login(oauth2Login ->
oauth2Login
.authorizationEndpoint(authorizationEndpoint ->
authorizationEndpoint
.oauth2Login(oauth2 -> oauth2
.authorizationEndpoint(authorization -> authorization
.authorizationRequestResolver(
new CustomAuthorizationRequestResolver(
this.clientRegistrationRepository)) <1>
this.clientRegistrationRepository) <1>
)
)
);
}
@ -595,10 +591,8 @@ public class OAuth2ClientSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.oauth2Client(oauth2Client ->
oauth2Client
.authorizationCodeGrant(authorizationCodeGrant ->
authorizationCodeGrant
.oauth2Client(oauth2 -> oauth2
.authorizationCodeGrant(codeGrant -> codeGrant
.authorizationRequestRepository(this.authorizationRequestRepository())
...
)
@ -659,10 +653,8 @@ public class OAuth2ClientSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.oauth2Client(oauth2Client ->
oauth2Client
.authorizationCodeGrant(authorizationCodeGrant ->
authorizationCodeGrant
.oauth2Client(oauth2 -> oauth2
.authorizationCodeGrant(codeGrant -> codeGrant
.accessTokenResponseClient(this.accessTokenResponseClient())
...
)

View File

@ -291,8 +291,7 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests(authorizeRequests ->
authorizeRequests
.authorizeRequests(authorize -> authorize
.anyRequest().authenticated()
)
.oauth2Login(withDefaults());
@ -317,8 +316,7 @@ public class OAuth2LoginConfig {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests(authorizeRequests ->
authorizeRequests
.authorizeRequests(authorize -> authorize
.anyRequest().authenticated()
)
.oauth2Login(withDefaults());
@ -366,8 +364,7 @@ public class OAuth2LoginConfig {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests(authorizeRequests ->
authorizeRequests
.authorizeRequests(authorize -> authorize
.anyRequest().authenticated()
)
.oauth2Login(withDefaults());
@ -418,22 +415,17 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.oauth2Login(oauth2Login ->
oauth2Login
.authorizationEndpoint(authorizationEndpoint ->
authorizationEndpoint
.oauth2Login(oauth2 -> oauth2
.authorizationEndpoint(authorization -> authorization
...
)
.redirectionEndpoint(redirectionEndpoint ->
redirectionEndpoint
.redirectionEndpoint(redirection -> redirection
...
)
.tokenEndpoint(tokenEndpoint ->
tokenEndpoint
.tokenEndpoint(token -> token
...
)
.userInfoEndpoint(userInfoEndpoint ->
userInfoEndpoint
.userInfoEndpoint(userInfo -> userInfo
...
)
);
@ -470,28 +462,23 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.oauth2Login(oauth2Login ->
oauth2Login
.oauth2Login(oauth2 -> oauth2
.clientRegistrationRepository(this.clientRegistrationRepository())
.authorizedClientRepository(this.authorizedClientRepository())
.authorizedClientService(this.authorizedClientService())
.loginPage("/login")
.authorizationEndpoint(authorizationEndpoint ->
authorizationEndpoint
.authorizationEndpoint(authorization -> authorization
.baseUri(this.authorizationRequestBaseUri())
.authorizationRequestRepository(this.authorizationRequestRepository())
.authorizationRequestResolver(this.authorizationRequestResolver())
)
.redirectionEndpoint(redirectionEndpoint ->
redirectionEndpoint
.redirectionEndpoint(redirection -> redirection
.baseUri(this.authorizationResponseBaseUri())
)
.tokenEndpoint(tokenEndpoint ->
tokenEndpoint
.tokenEndpoint(token -> token
.accessTokenResponseClient(this.accessTokenResponseClient())
)
.userInfoEndpoint(userInfoEndpoint ->
userInfoEndpoint
.userInfoEndpoint(userInfo -> userInfo
.userAuthoritiesMapper(this.userAuthoritiesMapper())
.userService(this.oauth2UserService())
.oidcUserService(this.oidcUserService())
@ -542,12 +529,10 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.oauth2Login(oauth2Login ->
oauth2Login
.oauth2Login(oauth2 -> oauth2
.loginPage("/login/oauth2")
...
.authorizationEndpoint(authorizationEndpoint ->
authorizationEndpoint
.authorizationEndpoint(authorization -> authorization
.baseUri("/login/oauth2/authorization")
...
)
@ -594,10 +579,8 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.oauth2Login(oauth2Login ->
oauth2Login
.redirectionEndpoint(redirectionEndpoint ->
redirectionEndpoint
.oauth2Login(oauth2 -> oauth2
.redirectionEndpoint(redirection -> redirection
.baseUri("/login/oauth2/callback/*")
...
)
@ -661,10 +644,8 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.oauth2Login(oauth2Login ->
oauth2Login
.userInfoEndpoint(userInfoEndpoint ->
userInfoEndpoint
.oauth2Login(oauth2 -> oauth2
.userInfoEndpoint(userInfo -> userInfo
.userAuthoritiesMapper(this.userAuthoritiesMapper())
...
)
@ -740,10 +721,8 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.oauth2Login(oauth2Login ->
oauth2Login
.userInfoEndpoint(userInfoEndpoint ->
userInfoEndpoint
.oauth2Login(oauth2 -> oauth2
.userInfoEndpoint(userInfo -> userInfo
.oidcUserService(this.oidcUserService())
...
)
@ -791,10 +770,8 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.oauth2Login(oauth2Login ->
oauth2Login
.userInfoEndpoint(userInfoEndpoint ->
userInfoEndpoint
.oauth2Login(oauth2 -> oauth2
.userInfoEndpoint(userInfo -> userInfo
.customUserType(GitHubOAuth2User.class, "github")
...
)
@ -909,10 +886,8 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.oauth2Login(oauth2Login ->
oauth2Login
.userInfoEndpoint(userInfoEndpoint ->
userInfoEndpoint
.oauth2Login(oauth2 -> oauth2
.userInfoEndpoint(userInfo -> userInfo
.userService(this.oauth2UserService())
...
)
@ -945,10 +920,8 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.oauth2Login(oauth2Login ->
oauth2Login
.userInfoEndpoint(userInfoEndpoint ->
userInfoEndpoint
.oauth2Login(oauth2 -> oauth2
.userInfoEndpoint(userInfo -> userInfo
.oidcUserService(this.oidcUserService())
...
)
@ -1031,13 +1004,11 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests(authorizeRequests ->
authorizeRequests
.authorizeRequests(authorize -> authorize
.anyRequest().authenticated()
)
.oauth2Login(withDefaults())
.logout(logout ->
logout
.logout(logout -> logout
.logoutSuccessHandler(oidcLogoutSuccessHandler())
);
}

View File

@ -128,8 +128,7 @@ The first is a `WebSecurityConfigurerAdapter` that configures the app as a resou
----
protected void configure(HttpSecurity http) {
http
.authorizeRequests(authorizeRequests ->
authorizeRequests
.authorizeRequests(authorize -> authorize
.anyRequest().authenticated()
)
.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
@ -146,15 +145,12 @@ Replacing this is as simple as exposing the bean within the application:
public class MyCustomSecurityConfiguration extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) {
http
.authorizeRequests(authorizeRequests ->
authorizeRequests
.authorizeRequests(authorize -> authorize
.mvcMatchers("/messages/**").hasAuthority("SCOPE_message:read")
.anyRequest().authenticated()
)
.oauth2ResourceServer(oauth2ResourceServer ->
oauth2ResourceServer
.jwt(jwt ->
jwt
.oauth2ResourceServer(oauth2 -> oauth2
.jwt(jwt -> jwt
.jwtAuthenticationConverter(myConverter())
)
);
@ -194,14 +190,11 @@ An authorization server's JWK Set Uri can be configured <<oauth2resourceserver-j
public class DirectlyConfiguredJwkSetUri extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) {
http
.authorizeRequests(authorizeRequests ->
authorizeRequests
.authorizeRequests(authorize -> authorize
.anyRequest().authenticated()
)
.oauth2ResourceServer(oauth2ResourceServer ->
oauth2ResourceServer
.jwt(jwt ->
jwt
.oauth2ResourceServer(oauth2 -> oauth2
.jwt(jwt -> jwt
.jwkSetUri("https://idp.example.com/.well-known/jwks.json")
)
);
@ -222,14 +215,11 @@ More powerful than `jwkSetUri()` is `decoder()`, which will completely replace a
public class DirectlyConfiguredJwtDecoder extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) {
http
.authorizeRequests(authorizeRequests ->
authorizeRequests
.authorizeRequests(authorize -> authorize
.anyRequest().authenticated()
)
.oauth2ResourceServer(oauth2ResourceServer ->
oauth2ResourceServer
.jwt(jwt ->
jwt
.oauth2ResourceServer(oauth2 -> oauth2
.jwt(jwt -> jwt
.decoder(myCustomDecoder())
)
);
@ -427,7 +417,7 @@ This means that to protect an endpoint or method with a scope derived from a JWT
public class DirectlyConfiguredJwkSetUri extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) {
http
.authorizeRequests(authorizeRequests -> authorizeRequests
.authorizeRequests(authorize -> authorize
.mvcMatchers("/contacts/**").hasAuthority("SCOPE_contacts")
.mvcMatchers("/messages/**").hasAuthority("SCOPE_messages")
.anyRequest().authenticated()
@ -460,14 +450,11 @@ To this end, the DSL exposes `jwtAuthenticationConverter()`:
public class DirectlyConfiguredJwkSetUri extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) {
http
.authorizeRequests(authorizeRequests ->
authorizeRequests
.authorizeRequests(authorize -> authorize
.anyRequest().authenticated()
)
.oauth2ResourceServer(oauth2ResourceServer ->
oauth2ResourceServer
.jwt(jwt ->
jwt
.oauth2ResourceServer(oauth2 -> oauth2
.jwt(jwt -> jwt
.jwtAuthenticationConverter(grantedAuthoritiesExtractor())
)
);
@ -828,8 +815,7 @@ When use Opaque Token, this `WebSecurityConfigurerAdapter` looks like:
----
protected void configure(HttpSecurity http) {
http
.authorizeRequests(authorizeRequests ->
authorizeRequests
.authorizeRequests(authorize -> authorize
.anyRequest().authenticated()
)
.oauth2ResourceServer(OAuth2ResourceServerConfigurer::opaqueToken);
@ -846,15 +832,12 @@ Replacing this is as simple as exposing the bean within the application:
public class MyCustomSecurityConfiguration extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) {
http
.authorizeRequests(authorizeRequests ->
authorizeRequests
.authorizeRequests(authorize -> authorize
.mvcMatchers("/messages/**").hasAuthority("SCOPE_message:read")
.anyRequest().authenticated()
)
.oauth2ResourceServer(oauth2ResourceServer ->
oauth2ResourceServer
.opaqueToken(opaqueToken ->
opaqueToken
.oauth2ResourceServer(oauth2 -> oauth2
.opaqueToken(opaqueToken -> opaqueToken
.introspector(myIntrospector())
)
);
@ -891,14 +874,11 @@ An authorization server's Introspection Uri can be configured <<oauth2resourcese
public class DirectlyConfiguredIntrospectionUri extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) {
http
.authorizeRequests(authorizeRequests ->
authorizeRequests
.authorizeRequests(authorize -> authorize
.anyRequest().authenticated()
)
.oauth2ResourceServer(oauth2ResourceServer ->
oauth2ResourceServer
.opaqueToken(opaqueToken ->
opaqueToken
.oauth2ResourceServer(oauth2 -> oauth2
.opaqueToken(opaqueToken -> opaqueToken
.introspectionUri("https://idp.example.com/introspect")
.introspectionClientCredentials("client", "secret")
)
@ -920,14 +900,11 @@ More powerful than `introspectionUri()` is `introspector()`, which will complete
public class DirectlyConfiguredIntrospector extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) {
http
.authorizeRequests(authorizeRequests ->
authorizeRequests
.authorizeRequests(authorize -> authorize
.anyRequest().authenticated()
)
.oauth2ResourceServer(oauth2ResourceServer ->
oauth2ResourceServer
.opaqueToken(opaqueToken ->
opaqueToken
.oauth2ResourceServer(oauth2 -> oauth2
.opaqueToken(opaqueToken -> opaqueToken
.introspector(myCustomIntrospector())
)
);
@ -1220,12 +1197,10 @@ And then specify this `AuthenticationManagerResolver` in the DSL:
[source,java]
----
http
.authorizeRequests(authorizeRequests ->
authorizeRequests
.authorizeRequests(authorize -> authorize
.anyRequest().authenticated()
)
.oauth2ResourceServer(oauth2ResourceServer ->
oauth2ResourceServer
.oauth2ResourceServer(oauth2 -> oauth2
.authenticationManagerResolver(this.tokenAuthenticationManagerResolver)
);
----
@ -1253,12 +1228,10 @@ JwtIssuerAuthenticationManagerResolver authenticationManagerResolver = new JwtIs
("https://idp.example.org/issuerOne", "https://idp.example.org/issuerTwo");
http
.authorizeRequests(authorizeRequests ->
authorizeRequests
.authorizeRequests(authorize -> authorize
.anyRequest().authenticated()
)
.oauth2ResourceServer(oauth2ResourceServer ->
oauth2ResourceServer
.oauth2ResourceServer(oauth2 -> oauth2
.authenticationManagerResolver(authenticationManagerResolver)
);
----
@ -1286,12 +1259,10 @@ JwtIssuerAuthenticationManagerResolver authenticationManagerResolver =
new JwtIssuerAuthenticationManagerResolver(authenticationManagers::get);
http
.authorizeRequests(authorizeRequests ->
authorizeRequests
.authorizeRequests(authorize -> authorize
.anyRequest().authenticated()
)
.oauth2ResourceServer(oauth2ResourceServer ->
oauth2ResourceServer
.oauth2ResourceServer(oauth2 -> oauth2
.authenticationManagerResolver(authenticationManagerResolver)
);
----
@ -1443,8 +1414,7 @@ To achieve this, you can wire a `HeaderBearerTokenResolver` instance into the DS
[source,java]
----
http
.oauth2ResourceServer(oauth2ResourceServer ->
oauth2ResourceServer
.oauth2ResourceServer(oauth2 -> oauth2
.bearerTokenResolver(new HeaderBearerTokenResolver("x-goog-iap-jwt-assertion"))
);
----
@ -1458,8 +1428,7 @@ Or, you may wish to read the token from a form parameter, which you can do by co
DefaultBearerTokenResolver resolver = new DefaultBearerTokenResolver();
resolver.setAllowFormEncodedBodyParameter(true);
http
.oauth2ResourceServer(oauth2ResourceServer ->
oauth2ResourceServer
.oauth2ResourceServer(oauth2 -> oauth2
.bearerTokenResolver(resolver)
);
----

View File

@ -85,8 +85,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests(authorizeRequests ->
authorizeRequests
.authorizeRequests(authorize -> authorize
.anyRequest().authenticated()
)
.saml2Login(withDefaults())
@ -105,12 +104,10 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests(authorizeRequests ->
authorizeRequests
.authorizeRequests(authorize -> authorize
.anyRequest().authenticated()
)
.saml2Login(saml2Login ->
saml2Login
.saml2Login(saml2 -> saml2
.relyingPartyRegistrationRepository(...)
)
;
@ -262,12 +259,10 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
};
http
.authorizeRequests(authorizeRequests ->
authorizeRequests
.authorizeRequests(authorize -> authorize
.anyRequest().authenticated()
)
.saml2Login(saml2Login ->
saml2Login
.saml2Login(saml2 -> saml2
.addObjectPostProcessor(processor)
)
;
@ -291,12 +286,10 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
authProvider.setAuthoritiesMapper(AUTHORITIES_MAPPER);
authProvider.setAuthoritiesExtractor(AUTHORITIES_EXTRACTOR);
http
.authorizeRequests(authorizeRequests ->
authorizeRequests
.authorizeRequests(authorize -> authorize
.anyRequest().authenticated()
)
.saml2Login(saml2Login ->
saml2Login
.saml2Login(saml2 -> saml2
.authenticationManager(new ProviderManager(asList(authProvider)))
)
;
@ -319,12 +312,10 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
AuthenticationManager authenticationManager = new MySaml2AuthenticationManager(...);
http
.authorizeRequests(authorizeRequests ->
authorizeRequests
.authorizeRequests(authorize -> authorize
.anyRequest().authenticated()
)
.saml2Login(saml2Login ->
saml2Login
.saml2Login(saml2 -> saml2
.authenticationManager(authenticationManager)
)
;

View File

@ -40,8 +40,7 @@ public class SecurityConfig {
return http
// Demonstrate that method security works
// Best practice to use both for defense in depth
.authorizeExchange(exchanges ->
exchanges
.authorizeExchange(exchanges -> exchanges
.anyExchange().permitAll()
)
.httpBasic(withDefaults())

View File

@ -34,13 +34,11 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests(authorizeRequests ->
authorizeRequests
.authorizeRequests(authorize -> authorize
.antMatchers("/css/**", "/index").permitAll()
.antMatchers("/user/**").hasRole("USER")
)
.formLogin(formLogin ->
formLogin
.formLogin(formLogin -> formLogin
.loginPage("/login")
.failureUrl("/login-error")
);