mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-06-25 13:32:30 +00:00
Use HttpSecurity Lambda DSL in JavaDoc
Issue gh-13067
This commit is contained in:
Josh Cummings
parent
1435e0f3d3
commit
45a1447e9b
@ -103,6 +103,8 @@ import org.springframework.web.cors.CorsConfiguration;
|
||||
import org.springframework.web.filter.CorsFilter;
|
||||
import org.springframework.web.servlet.handler.HandlerMappingIntrospector;
|
||||
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
/**
|
||||
* A {@link HttpSecurity} is similar to Spring Security's XML <http> element in the
|
||||
* namespace configuration. It allows configuring web based security for specific http
|
||||
@ -219,8 +221,8 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
|
||||
/**
|
||||
* Adds the Security headers to the response. This is activated by default when using
|
||||
* {@link EnableWebSecurity}. Accepting the default provided by
|
||||
* {@link EnableWebSecurity} or only invoking {@link #headers()} without invoking
|
||||
* additional methods on it, is the equivalent of:
|
||||
* {@link EnableWebSecurity} or only invoking {@link #headers(withDefaults())} without
|
||||
* invoking additional methods on it, is the equivalent of:
|
||||
*
|
||||
* <pre>
|
||||
* @Configuration
|
||||
@ -266,8 +268,8 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
|
||||
*
|
||||
* You can enable only a few of the headers by first invoking
|
||||
* {@link HeadersConfigurer#defaultsDisabled()} and then invoking the appropriate
|
||||
* methods on the {@link #headers()} result. For example, the following will enable
|
||||
* {@link HeadersConfigurer#cacheControl()} and
|
||||
* methods on the {@link #headers(withDefaults())} result. For example, the following
|
||||
* will enable {@link HeadersConfigurer#cacheControl()} and
|
||||
* {@link HeadersConfigurer#frameOptions()} only.
|
||||
*
|
||||
* <pre>
|
||||
@ -331,7 +333,8 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
|
||||
* <h2>Example Configurations</h2>
|
||||
*
|
||||
* Accepting the default provided by {@link EnableWebSecurity} or only invoking
|
||||
* {@link #headers()} without invoking additional methods on it, is the equivalent of:
|
||||
* {@link #headers(Customizer)} without invoking additional methods on it, is the
|
||||
* equivalent of:
|
||||
*
|
||||
* <pre>
|
||||
* @Configuration
|
||||
@ -372,9 +375,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
|
||||
*
|
||||
* You can enable only a few of the headers by first invoking
|
||||
* {@link HeadersConfigurer#defaultsDisabled()} and then invoking the appropriate
|
||||
* methods on the {@link #headers()} result. For example, the following will enable
|
||||
* {@link HeadersConfigurer#cacheControl()} and
|
||||
* {@link HeadersConfigurer#frameOptions()} only.
|
||||
* methods on the {@link #headers(Customizer)} result. For example, the following will
|
||||
* enable {@link HeadersConfigurer#cacheControl(Customizer)} and
|
||||
* {@link HeadersConfigurer#frameOptions(Customizer)} only.
|
||||
*
|
||||
* <pre>
|
||||
* @Configuration
|
||||
@ -397,7 +400,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
|
||||
*
|
||||
* You can also choose to keep the defaults but explicitly disable a subset of
|
||||
* headers. For example, the following will enable all the default headers except
|
||||
* {@link HeadersConfigurer#frameOptions()}.
|
||||
* {@link HeadersConfigurer#frameOptions(Customizer)}.
|
||||
*
|
||||
* <pre>
|
||||
* @Configuration
|
||||
@ -615,9 +618,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
|
||||
* {@link HttpSecurity#getSharedObject(Class)}. Other provided
|
||||
* {@link SecurityConfigurer} objects use this configured {@link PortMapper} as a
|
||||
* default {@link PortMapper} when redirecting from HTTP to HTTPS or from HTTPS to
|
||||
* HTTP (for example when used in combination with {@link #requiresChannel()}. By
|
||||
* default Spring Security uses a {@link PortMapperImpl} which maps the HTTP port 8080
|
||||
* to the HTTPS port 8443 and the HTTP port of 80 to the HTTPS port of 443.
|
||||
* HTTP (for example when used in combination with
|
||||
* {@link #requiresChannel(Customizer)} )}. By default Spring Security uses a
|
||||
* {@link PortMapperImpl} which maps the HTTP port 8080 to the HTTPS port 8443 and the
|
||||
* HTTP port of 80 to the HTTPS port of 443.
|
||||
*
|
||||
* <h2>Example Configuration</h2>
|
||||
*
|
||||
@ -657,7 +661,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
|
||||
* <a href=
|
||||
* "https://docs.spring.io/spring-security/reference/migration-7/configuration.html#_use_the_lambda_dsl">documentation</a>
|
||||
* for more details.
|
||||
* @see #requiresChannel()
|
||||
* @see #requiresChannel(withDefaults())
|
||||
*/
|
||||
@Deprecated(since = "6.1", forRemoval = true)
|
||||
public PortMapperConfigurer<HttpSecurity> portMapper() throws Exception {
|
||||
@ -669,9 +673,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
|
||||
* {@link HttpSecurity#getSharedObject(Class)}. Other provided
|
||||
* {@link SecurityConfigurer} objects use this configured {@link PortMapper} as a
|
||||
* default {@link PortMapper} when redirecting from HTTP to HTTPS or from HTTPS to
|
||||
* HTTP (for example when used in combination with {@link #requiresChannel()}. By
|
||||
* default Spring Security uses a {@link PortMapperImpl} which maps the HTTP port 8080
|
||||
* to the HTTPS port 8443 and the HTTP port of 80 to the HTTPS port of 443.
|
||||
* HTTP (for example when used in combination with
|
||||
* {@link #requiresChannel(withDefaults())}. By default Spring Security uses a
|
||||
* {@link PortMapperImpl} which maps the HTTP port 8080 to the HTTPS port 8443 and the
|
||||
* HTTP port of 80 to the HTTPS port of 443.
|
||||
*
|
||||
* <h2>Example Configuration</h2>
|
||||
*
|
||||
@ -714,7 +719,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
|
||||
* {@link PortMapperConfigurer}
|
||||
* @return the {@link HttpSecurity} for further customizations
|
||||
* @throws Exception
|
||||
* @see #requiresChannel()
|
||||
* @see #requiresChannel(Customizer)
|
||||
*/
|
||||
public HttpSecurity portMapper(Customizer<PortMapperConfigurer<HttpSecurity>> portMapperCustomizer)
|
||||
throws Exception {
|
||||
@ -1776,7 +1781,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
|
||||
* Provides logout support. This is automatically applied when using
|
||||
* {@link EnableWebSecurity}. The default is that accessing the URL "/logout" will log
|
||||
* the user out by invalidating the HTTP Session, cleaning up any
|
||||
* {@link #rememberMe()} authentication that was configured, clearing the
|
||||
* {@link #rememberMe(Customizer)} authentication that was configured, clearing the
|
||||
* {@link SecurityContextHolder}, and then redirect to "/login?success".
|
||||
*
|
||||
* <h2>Example Custom Configuration</h2>
|
||||
@ -1827,8 +1832,8 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
|
||||
* Provides logout support. This is automatically applied when using
|
||||
* {@link EnableWebSecurity}. The default is that accessing the URL "/logout" will log
|
||||
* the user out by invalidating the HTTP Session, cleaning up any
|
||||
* {@link #rememberMe()} authentication that was configured, clearing the
|
||||
* {@link SecurityContextHolder}, and then redirect to "/login?success".
|
||||
* {@link #rememberMe(withDefaults())} authentication that was configured, clearing
|
||||
* the {@link SecurityContextHolder}, and then redirect to "/login?success".
|
||||
*
|
||||
* <h2>Example Custom Configuration</h2>
|
||||
*
|
||||
@ -2499,7 +2504,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
|
||||
* {@link RelyingPartyRegistration}(s) are composed within a
|
||||
* {@link RelyingPartyRegistrationRepository}, which is <b>required</b> and must be
|
||||
* registered with the {@link ApplicationContext} or configured via
|
||||
* {@link #saml2Login()}.<br>
|
||||
* {@link #saml2Login(withDefaults())}.<br>
|
||||
* <br>
|
||||
*
|
||||
* The default configuration provides an auto-generated logout endpoint at
|
||||
|
||||
@ -46,8 +46,9 @@ import org.springframework.security.web.SecurityFilterChain;
|
||||
*
|
||||
* @Bean
|
||||
* public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
||||
* http.authorizeHttpRequests().requestMatchers("/public/**").permitAll().anyRequest()
|
||||
* .hasRole("USER").and()
|
||||
* http.authorizeHttpRequests((authorize) -> authorize
|
||||
* .requestMatchers("/public/**").permitAll()
|
||||
* .anyRequest().hasRole("USER"))
|
||||
* // Possibly more configuration ...
|
||||
* .formLogin() // enable form based log in
|
||||
* // set permitAll for all URLs associated with Form Login
|
||||
|
||||
@ -21,6 +21,7 @@ import java.util.UUID;
|
||||
|
||||
import org.springframework.security.authentication.AnonymousAuthenticationProvider;
|
||||
import org.springframework.security.authentication.AuthenticationProvider;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.SecurityConfigurer;
|
||||
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
@ -57,7 +58,7 @@ public final class AnonymousConfigurer<H extends HttpSecurityBuilder<H>>
|
||||
|
||||
/**
|
||||
* Creates a new instance
|
||||
* @see HttpSecurity#anonymous()
|
||||
* @see HttpSecurity#anonymous(Customizer)
|
||||
*/
|
||||
public AnonymousConfigurer() {
|
||||
}
|
||||
|
||||
@ -43,6 +43,8 @@ import org.springframework.security.web.access.channel.SecureChannelProcessor;
|
||||
import org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource;
|
||||
import org.springframework.security.web.util.matcher.RequestMatcher;
|
||||
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
/**
|
||||
* Adds channel security (i.e. requires HTTPS or HTTP) to an application. In order for
|
||||
* {@link ChannelSecurityConfigurer} to be useful, at least one {@link RequestMatcher}
|
||||
@ -96,7 +98,7 @@ public final class ChannelSecurityConfigurer<H extends HttpSecurityBuilder<H>>
|
||||
|
||||
/**
|
||||
* Creates a new instance
|
||||
* @see HttpSecurity#requiresChannel()
|
||||
* @see HttpSecurity#requiresChannel(Customizer)
|
||||
*/
|
||||
public ChannelSecurityConfigurer(ApplicationContext context) {
|
||||
this.REGISTRY = new ChannelRequestMatcherRegistry(context);
|
||||
|
||||
@ -18,6 +18,7 @@ package org.springframework.security.config.annotation.web.configurers;
|
||||
|
||||
import org.springframework.beans.factory.NoSuchBeanDefinitionException;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.util.Assert;
|
||||
@ -57,7 +58,7 @@ public class CorsConfigurer<H extends HttpSecurityBuilder<H>> extends AbstractHt
|
||||
/**
|
||||
* Creates a new instance
|
||||
*
|
||||
* @see HttpSecurity#cors()
|
||||
* @see HttpSecurity#cors(Customizer)
|
||||
*/
|
||||
public CorsConfigurer() {
|
||||
}
|
||||
|
||||
@ -27,6 +27,7 @@ import jakarta.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry;
|
||||
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
@ -56,6 +57,8 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.StringUtils;
|
||||
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
/**
|
||||
* Adds
|
||||
* <a href="https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)" >CSRF</a>
|
||||
@ -103,7 +106,7 @@ public final class CsrfConfigurer<H extends HttpSecurityBuilder<H>>
|
||||
|
||||
/**
|
||||
* Creates a new instance
|
||||
* @see HttpSecurity#csrf()
|
||||
* @see HttpSecurity#csrf(Customizer)
|
||||
*/
|
||||
public CsrfConfigurer(ApplicationContext context) {
|
||||
this.context = context;
|
||||
@ -163,9 +166,8 @@ public final class CsrfConfigurer<H extends HttpSecurityBuilder<H>>
|
||||
*
|
||||
* <pre>
|
||||
* http
|
||||
* .csrf()
|
||||
* .ignoringRequestMatchers((request) -> "XMLHttpRequest".equals(request.getHeader("X-Requested-With")))
|
||||
* .and()
|
||||
* .csrf((csrf) -> csrf
|
||||
* .ignoringRequestMatchers((request) -> "XMLHttpRequest".equals(request.getHeader("X-Requested-With"))))
|
||||
* ...
|
||||
* </pre>
|
||||
*
|
||||
@ -191,9 +193,8 @@ public final class CsrfConfigurer<H extends HttpSecurityBuilder<H>>
|
||||
*
|
||||
* <pre>
|
||||
* http
|
||||
* .csrf()
|
||||
* .ignoringRequestMatchers("/sockjs/**")
|
||||
* .and()
|
||||
* .csrf((csrf) -> csrf
|
||||
* .ignoringRequestMatchers("/sockjs/**"))
|
||||
* ...
|
||||
* </pre>
|
||||
*
|
||||
|
||||
@ -18,6 +18,7 @@ package org.springframework.security.config.annotation.web.configurers;
|
||||
|
||||
import java.util.LinkedHashMap;
|
||||
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||
@ -76,7 +77,7 @@ public final class ExceptionHandlingConfigurer<H extends HttpSecurityBuilder<H>>
|
||||
|
||||
/**
|
||||
* Creates a new instance
|
||||
* @see HttpSecurity#exceptionHandling()
|
||||
* @see HttpSecurity#exceptionHandling(Customizer)
|
||||
*/
|
||||
public ExceptionHandlingConfigurer() {
|
||||
}
|
||||
|
||||
@ -29,6 +29,7 @@ import org.springframework.security.access.SecurityConfig;
|
||||
import org.springframework.security.access.expression.SecurityExpressionHandler;
|
||||
import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
|
||||
import org.springframework.security.authentication.AuthenticationTrustResolver;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.ObjectPostProcessor;
|
||||
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
@ -41,6 +42,8 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.StringUtils;
|
||||
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
/**
|
||||
* Adds URL based authorization based upon SpEL expressions to an application. At least
|
||||
* one {@link org.springframework.web.bind.annotation.RequestMapping} needs to be mapped
|
||||
@ -77,7 +80,7 @@ import org.springframework.util.StringUtils;
|
||||
* @author Yanming Zhou
|
||||
* @author Ngoc Nhan
|
||||
* @since 3.2
|
||||
* @see org.springframework.security.config.annotation.web.builders.HttpSecurity#authorizeRequests()
|
||||
* @see org.springframework.security.config.annotation.web.builders.HttpSecurity#authorizeRequests(Customizer)
|
||||
* @deprecated Use {@link AuthorizeHttpRequestsConfigurer} instead
|
||||
*/
|
||||
@Deprecated
|
||||
@ -104,7 +107,7 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
|
||||
|
||||
/**
|
||||
* Creates a new instance
|
||||
* @see HttpSecurity#authorizeRequests()
|
||||
* @see HttpSecurity#authorizeRequests(Customizer)
|
||||
*/
|
||||
public ExpressionUrlAuthorizationConfigurer(ApplicationContext context) {
|
||||
GrantedAuthorityDefaults grantedAuthorityDefaults = context.getBeanProvider(GrantedAuthorityDefaults.class)
|
||||
|
||||
@ -17,6 +17,7 @@
|
||||
package org.springframework.security.config.annotation.web.configurers;
|
||||
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
||||
import org.springframework.security.config.annotation.web.RequestMatcherFactory;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
@ -74,7 +75,7 @@ public final class FormLoginConfigurer<H extends HttpSecurityBuilder<H>> extends
|
||||
|
||||
/**
|
||||
* Creates a new instance
|
||||
* @see HttpSecurity#formLogin()
|
||||
* @see HttpSecurity#formLogin(Customizer)
|
||||
*/
|
||||
public FormLoginConfigurer() {
|
||||
super(new UsernamePasswordAuthenticationFilter(), null);
|
||||
|
||||
@ -48,6 +48,8 @@ import org.springframework.security.web.header.writers.frameoptions.XFrameOption
|
||||
import org.springframework.security.web.util.matcher.RequestMatcher;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
/**
|
||||
* <p>
|
||||
* Adds the Security HTTP headers to the response. Security HTTP headers is activated by
|
||||
@ -111,7 +113,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
|
||||
/**
|
||||
* Creates a new instance
|
||||
*
|
||||
* @see HttpSecurity#headers()
|
||||
* @see HttpSecurity#headers(Customizer)
|
||||
*/
|
||||
public HeadersConfigurer() {
|
||||
}
|
||||
|
||||
@ -26,6 +26,7 @@ import org.springframework.http.HttpStatus;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.security.authentication.AuthenticationDetailsSource;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||
@ -98,7 +99,7 @@ public final class HttpBasicConfigurer<B extends HttpSecurityBuilder<B>>
|
||||
|
||||
/**
|
||||
* Creates a new instance
|
||||
* @see HttpSecurity#httpBasic()
|
||||
* @see HttpSecurity#httpBasic(Customizer)
|
||||
*/
|
||||
public HttpBasicConfigurer() {
|
||||
realmName(DEFAULT_REALM);
|
||||
|
||||
@ -22,6 +22,7 @@ import java.util.Set;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.core.authority.mapping.SimpleMappableAttributesRetriever;
|
||||
@ -77,7 +78,7 @@ public final class JeeConfigurer<H extends HttpSecurityBuilder<H>> extends Abstr
|
||||
|
||||
/**
|
||||
* Creates a new instance
|
||||
* @see HttpSecurity#jee()
|
||||
* @see HttpSecurity#jee(Customizer)
|
||||
*/
|
||||
public JeeConfigurer() {
|
||||
}
|
||||
|
||||
@ -23,6 +23,7 @@ import java.util.List;
|
||||
import jakarta.servlet.http.HttpSession;
|
||||
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.SecurityConfigurer;
|
||||
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
||||
import org.springframework.security.config.annotation.web.RequestMatcherFactory;
|
||||
@ -92,7 +93,7 @@ public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>>
|
||||
|
||||
/**
|
||||
* Creates a new instance
|
||||
* @see HttpSecurity#logout()
|
||||
* @see HttpSecurity#logout(Customizer)
|
||||
*/
|
||||
public LogoutConfigurer() {
|
||||
}
|
||||
@ -150,7 +151,7 @@ public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>>
|
||||
* @param logoutUrl the URL that will invoke logout.
|
||||
* @return the {@link LogoutConfigurer} for further customization
|
||||
* @see #logoutRequestMatcher(RequestMatcher)
|
||||
* @see HttpSecurity#csrf()
|
||||
* @see HttpSecurity#csrf(Customizer)
|
||||
*/
|
||||
public LogoutConfigurer<H> logoutUrl(String logoutUrl) {
|
||||
this.logoutRequestMatcher = null;
|
||||
|
||||
@ -16,6 +16,7 @@
|
||||
|
||||
package org.springframework.security.config.annotation.web.configurers;
|
||||
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||
@ -70,7 +71,7 @@ public final class SecurityContextConfigurer<H extends HttpSecurityBuilder<H>>
|
||||
|
||||
/**
|
||||
* Creates a new instance
|
||||
* @see HttpSecurity#securityContext()
|
||||
* @see HttpSecurity#securityContext(Customizer)
|
||||
*/
|
||||
public SecurityContextConfigurer() {
|
||||
}
|
||||
|
||||
@ -23,6 +23,7 @@ import jakarta.servlet.http.HttpServletRequest;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.AuthenticationTrustResolver;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.core.GrantedAuthorityDefaults;
|
||||
@ -66,7 +67,7 @@ public final class ServletApiConfigurer<H extends HttpSecurityBuilder<H>>
|
||||
|
||||
/**
|
||||
* Creates a new instance
|
||||
* @see HttpSecurity#servletApi()
|
||||
* @see HttpSecurity#servletApi(Customizer)
|
||||
*/
|
||||
public ServletApiConfigurer() {
|
||||
}
|
||||
|
||||
@ -66,6 +66,8 @@ import org.springframework.security.web.session.SimpleRedirectSessionInformation
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.CollectionUtils;
|
||||
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
/**
|
||||
* Allows configuring session management.
|
||||
*
|
||||
@ -152,7 +154,7 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
|
||||
|
||||
/**
|
||||
* Creates a new instance
|
||||
* @see HttpSecurity#sessionManagement()
|
||||
* @see HttpSecurity#sessionManagement(Customizer)
|
||||
*/
|
||||
public SessionManagementConfigurer() {
|
||||
}
|
||||
|
||||
@ -21,6 +21,7 @@ import jakarta.servlet.http.HttpServletRequest;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.security.authentication.AuthenticationDetailsSource;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.core.Authentication;
|
||||
@ -90,7 +91,7 @@ public final class X509Configurer<H extends HttpSecurityBuilder<H>>
|
||||
/**
|
||||
* Creates a new instance
|
||||
*
|
||||
* @see HttpSecurity#x509()
|
||||
* @see HttpSecurity#x509(Customizer)
|
||||
*/
|
||||
public X509Configurer() {
|
||||
}
|
||||
|
||||
@ -104,6 +104,8 @@ import org.springframework.util.Assert;
|
||||
import org.springframework.util.ClassUtils;
|
||||
import org.springframework.util.ReflectionUtils;
|
||||
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
/**
|
||||
* An {@link AbstractHttpConfigurer} for OAuth 2.0 Login, which leverages the OAuth 2.0
|
||||
* Authorization Code Grant Flow.
|
||||
@ -155,7 +157,7 @@ import org.springframework.util.ReflectionUtils;
|
||||
* @author Kazuki Shimizu
|
||||
* @author Ngoc Nhan
|
||||
* @since 5.0
|
||||
* @see HttpSecurity#oauth2Login()
|
||||
* @see HttpSecurity#oauth2Login(Customizer)
|
||||
* @see OAuth2AuthorizationRequestRedirectFilter
|
||||
* @see OAuth2LoginAuthenticationFilter
|
||||
* @see ClientRegistrationRepository
|
||||
|
||||
@ -27,6 +27,7 @@ import org.opensaml.core.Version;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.AuthenticationProvider;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
||||
import org.springframework.security.config.annotation.web.RequestMatcherFactory;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
@ -111,7 +112,7 @@ import org.springframework.util.StringUtils;
|
||||
* </ul>
|
||||
*
|
||||
* @since 5.2
|
||||
* @see HttpSecurity#saml2Login()
|
||||
* @see HttpSecurity#saml2Login(Customizer)
|
||||
* @see Saml2WebSsoAuthenticationFilter
|
||||
* @see Saml2WebSsoAuthenticationRequestFilter
|
||||
* @see RelyingPartyRegistrationRepository
|
||||
|
||||
@ -71,6 +71,8 @@ import org.springframework.security.web.util.matcher.AndRequestMatcher;
|
||||
import org.springframework.security.web.util.matcher.ParameterRequestMatcher;
|
||||
import org.springframework.security.web.util.matcher.RequestMatcher;
|
||||
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
/**
|
||||
* Adds SAML 2.0 logout support.
|
||||
*
|
||||
@ -135,7 +137,7 @@ public final class Saml2LogoutConfigurer<H extends HttpSecurityBuilder<H>>
|
||||
|
||||
/**
|
||||
* Creates a new instance
|
||||
* @see HttpSecurity#logout()
|
||||
* @see HttpSecurity#logout(Customizer)
|
||||
*/
|
||||
public Saml2LogoutConfigurer(ApplicationContext context) {
|
||||
this.context = context;
|
||||
@ -158,7 +160,7 @@ public final class Saml2LogoutConfigurer<H extends HttpSecurityBuilder<H>>
|
||||
* @param logoutUrl the URL that will invoke logout
|
||||
* @return the {@link LogoutConfigurer} for further customizations
|
||||
* @see LogoutConfigurer#logoutUrl(String)
|
||||
* @see HttpSecurity#csrf()
|
||||
* @see HttpSecurity#csrf(Customizer)
|
||||
*/
|
||||
public Saml2LogoutConfigurer<H> logoutUrl(String logoutUrl) {
|
||||
this.logoutUrl = logoutUrl;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user