Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-01 09:42:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '5.8.x'

Browse Source
This commit is contained in:
Marcus Da Coregio 2022-10-05 13:44:54 -03:00
commit 22ba358e57
1 changed files with 34 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
View File

@ -3377,12 +3377,12 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* {@link HttpSecurity} will be invoked on. This method allows for easily invoking the * {@link HttpSecurity} will be invoked on. This method allows for easily invoking the
* {@link HttpSecurity} for multiple different {@link RequestMatcher} instances. If * {@link HttpSecurity} for multiple different {@link RequestMatcher} instances. If
* only a single {@link RequestMatcher} is necessary consider using * only a single {@link RequestMatcher} is necessary consider using
* {@link #securityMatcher(String)}, or {@link #securityMatcher(RequestMatcher)}. * {@link #securityMatcher(String...)}, or {@link #securityMatcher(RequestMatcher)}.
* *
* <p> * <p>
* Invoking {@link #securityMatchers()} will not override previous invocations of * Invoking {@link #securityMatchers()} will not override previous invocations of
* {@link #securityMatchers()}}, {@link #securityMatchers(Customizer)} * {@link #securityMatchers()}}, {@link #securityMatchers(Customizer)}
* {@link #securityMatcher(String)} and {@link #securityMatcher(RequestMatcher)} * {@link #securityMatcher(String...)} and {@link #securityMatcher(RequestMatcher)}
* </p> * </p>
* *
* <h3>Example Configurations</h3> * <h3>Example Configurations</h3>
@ -3498,12 +3498,12 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* {@link HttpSecurity} will be invoked on. This method allows for easily invoking the * {@link HttpSecurity} will be invoked on. This method allows for easily invoking the
* {@link HttpSecurity} for multiple different {@link RequestMatcher} instances. If * {@link HttpSecurity} for multiple different {@link RequestMatcher} instances. If
* only a single {@link RequestMatcher} is necessary consider using * only a single {@link RequestMatcher} is necessary consider using
* {@link #securityMatcher(String)}, or {@link #securityMatcher(RequestMatcher)}. * {@link #securityMatcher(String...)}, or {@link #securityMatcher(RequestMatcher)}.
* *
* <p> * <p>
* Invoking {@link #securityMatchers(Customizer)} will not override previous * Invoking {@link #securityMatchers(Customizer)} will not override previous
* invocations of {@link #securityMatchers()}}, {@link #securityMatchers(Customizer)} * invocations of {@link #securityMatchers()}}, {@link #securityMatchers(Customizer)}
* {@link #securityMatcher(String)} and {@link #securityMatcher(RequestMatcher)} * {@link #securityMatcher(String...)} and {@link #securityMatcher(RequestMatcher)}
* </p> * </p>
* *
* <h3>Example Configurations</h3> * <h3>Example Configurations</h3>
@ -3627,12 +3627,12 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* invocations of {@link #requestMatchers()}, {@link #mvcMatcher(String)}, * invocations of {@link #requestMatchers()}, {@link #mvcMatcher(String)},
* {@link #antMatcher(String)}, {@link #regexMatcher(String)}, * {@link #antMatcher(String)}, {@link #regexMatcher(String)},
* {@link #requestMatcher(RequestMatcher)}, {@link #securityMatchers(Customizer)}, * {@link #requestMatcher(RequestMatcher)}, {@link #securityMatchers(Customizer)},
* {@link #securityMatchers()} and {@link #securityMatcher(String)} * {@link #securityMatchers()} and {@link #securityMatcher(String...)}
* </p> * </p>
* @param requestMatcher the {@link RequestMatcher} to use (i.e. new * @param requestMatcher the {@link RequestMatcher} to use (i.e. new
* AntPathRequestMatcher("/admin/**","GET") ) * AntPathRequestMatcher("/admin/**","GET") )
* @return the {@link HttpSecurity} for further customizations * @return the {@link HttpSecurity} for further customizations
* @see #securityMatcher(String) * @see #securityMatcher(String...)
*/ */
public HttpSecurity securityMatcher(RequestMatcher requestMatcher) { public HttpSecurity securityMatcher(RequestMatcher requestMatcher) {
this.requestMatcher = requestMatcher; this.requestMatcher = requestMatcher;
@ -3647,21 +3647,35 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* {@link #securityMatchers(Customizer)} or {@link #securityMatcher(RequestMatcher)}. * {@link #securityMatchers(Customizer)} or {@link #securityMatcher(RequestMatcher)}.
* *
* <p> * <p>
* Invoking {@link #securityMatcher(String)} will override previous invocations of * Invoking {@link #securityMatcher(String...)} will override previous invocations of
* {@link #mvcMatcher(String)}}, {@link #requestMatchers()}, * {@link #mvcMatcher(String)}}, {@link #requestMatchers()},
* {@link #antMatcher(String)}, {@link #regexMatcher(String)}, and * {@link #antMatcher(String)}, {@link #regexMatcher(String)}, and
* {@link #requestMatcher(RequestMatcher)}. * {@link #requestMatcher(RequestMatcher)}.
* </p> * </p>
* @param pattern the pattern to match on (i.e. "/admin/**") * @param patterns the pattern to match on (i.e. "/admin/**")
* @return the {@link HttpSecurity} for further customizations * @return the {@link HttpSecurity} for further customizations
* @see AntPathRequestMatcher * @see AntPathRequestMatcher
* @see MvcRequestMatcher * @see MvcRequestMatcher
*/ */
public HttpSecurity securityMatcher(String pattern) { public HttpSecurity securityMatcher(String... patterns) {
if (!mvcPresent) { if (mvcPresent) {
this.requestMatcher = new AntPathRequestMatcher(pattern); this.requestMatcher = new OrRequestMatcher(createMvcMatchers(patterns));
return this; return this;
} }
this.requestMatcher = new OrRequestMatcher(createAntMatchers(patterns));
return this;
}
private List<RequestMatcher> createAntMatchers(String... patterns) {
List<RequestMatcher> matchers = new ArrayList<>(patterns.length);
for (String pattern : patterns) {
matchers.add(new AntPathRequestMatcher(pattern));
}
return matchers;
}
private List<RequestMatcher> createMvcMatchers(String... mvcPatterns) {
ObjectPostProcessor<Object> opp = getContext().getBean(ObjectPostProcessor.class);
if (!getContext().containsBean(HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME)) { if (!getContext().containsBean(HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME)) {
throw new NoSuchBeanDefinitionException("A Bean named " + HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME throw new NoSuchBeanDefinitionException("A Bean named " + HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME
+ " of type " + HandlerMappingIntrospector.class.getName() + " of type " + HandlerMappingIntrospector.class.getName()
@ -3669,8 +3683,13 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
} }
HandlerMappingIntrospector introspector = getContext().getBean(HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME, HandlerMappingIntrospector introspector = getContext().getBean(HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME,
HandlerMappingIntrospector.class); HandlerMappingIntrospector.class);
this.requestMatcher = new MvcRequestMatcher(introspector, pattern); List<RequestMatcher> matchers = new ArrayList<>(mvcPatterns.length);
return this; for (String mvcPattern : mvcPatterns) {
MvcRequestMatcher matcher = new MvcRequestMatcher(introspector, mvcPattern);
opp.postProcess(matcher);
matchers.add(matcher);
}
return matchers;
} }
/** /**
@ -3686,7 +3705,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* </p> * </p>
* @param antPattern the Ant Pattern to match on (i.e. "/admin/**") * @param antPattern the Ant Pattern to match on (i.e. "/admin/**")
* @return the {@link HttpSecurity} for further customizations * @return the {@link HttpSecurity} for further customizations
* @deprecated use {@link #securityMatcher(String)} instead * @deprecated use {@link #securityMatcher(String...)} instead
* @see AntPathRequestMatcher * @see AntPathRequestMatcher
*/ */
@Deprecated @Deprecated
@ -3707,7 +3726,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* </p> * </p>
* @param mvcPattern the Spring MVC Pattern to match on (i.e. "/admin/**") * @param mvcPattern the Spring MVC Pattern to match on (i.e. "/admin/**")
* @return the {@link HttpSecurity} for further customizations * @return the {@link HttpSecurity} for further customizations
* @deprecated use {@link #securityMatcher(String)} instead * @deprecated use {@link #securityMatcher(String...)} instead
* @see MvcRequestMatcher * @see MvcRequestMatcher
*/ */
@Deprecated @Deprecated