Remove WebSecurityConfigurerAdapter from Kotlin tests

Issue gh-10902
This commit is contained in:
Eleftheria Stein 2022-04-28 14:10:52 +02:00
parent 736f439bb5
commit 48ac100a92
39 changed files with 819 additions and 493 deletions

View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2020 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -19,15 +19,16 @@ package org.springframework.security.config.annotation.web
import org.junit.jupiter.api.Test
import org.junit.jupiter.api.extension.ExtendWith
import org.springframework.beans.factory.annotation.Autowired
import org.springframework.context.annotation.Bean
import org.springframework.security.authentication.AnonymousAuthenticationToken
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.test.SpringTestContext
import org.springframework.security.config.test.SpringTestContextExtension
import org.springframework.security.core.annotation.AuthenticationPrincipal
import org.springframework.security.core.authority.SimpleGrantedAuthority
import org.springframework.security.core.context.SecurityContextHolder
import org.springframework.security.web.SecurityFilterChain
import org.springframework.test.web.servlet.MockMvc
import org.springframework.test.web.servlet.get
import org.springframework.web.bind.annotation.GetMapping
@ -60,13 +61,15 @@ class AnonymousDslTests {
@EnableWebSecurity
@EnableWebMvc
open class PrincipalConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class PrincipalConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
anonymous {
principal = "principal"
}
}
return http.build()
}
}
@ -82,13 +85,15 @@ class AnonymousDslTests {
@EnableWebSecurity
@EnableWebMvc
open class KeyConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class KeyConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
anonymous {
key = "key"
}
}
return http.build()
}
}
@ -104,13 +109,15 @@ class AnonymousDslTests {
@EnableWebSecurity
@EnableWebMvc
open class AnonymousDisabledConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class AnonymousDisabledConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
anonymous {
disable()
}
}
return http.build()
}
}
@ -126,8 +133,9 @@ class AnonymousDslTests {
@EnableWebSecurity
@EnableWebMvc
open class AnonymousAuthoritiesConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class AnonymousAuthoritiesConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
anonymous {
authorities = listOf(SimpleGrantedAuthority("TEST"))
@ -136,6 +144,7 @@ class AnonymousDslTests {
authorize(anyRequest, hasAuthority("TEST"))
}
}
return http.build()
}
}

View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2020 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -24,7 +24,6 @@ import org.springframework.context.annotation.Configuration
import org.springframework.http.HttpMethod
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.test.SpringTestContext
import org.springframework.security.config.test.SpringTestContextExtension
import org.springframework.security.core.userdetails.User
@ -32,6 +31,7 @@ import org.springframework.security.core.userdetails.UserDetailsService
import org.springframework.security.provisioning.InMemoryUserDetailsManager
import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf
import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic
import org.springframework.security.web.SecurityFilterChain
import org.springframework.security.web.util.matcher.RegexRequestMatcher
import org.springframework.test.web.servlet.MockMvc
import org.springframework.test.web.servlet.get
@ -96,8 +96,9 @@ class AuthorizeRequestsDslTests {
}
@EnableWebSecurity
open class AuthorizeRequestsByRegexConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class AuthorizeRequestsByRegexConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
authorizeRequests {
authorize(RegexRequestMatcher("/path", null), permitAll)
@ -106,6 +107,7 @@ class AuthorizeRequestsDslTests {
authorize(RegexRequestMatcher(".*", null), authenticated)
}
}
return http.build()
}
@RestController
@ -152,14 +154,16 @@ class AuthorizeRequestsDslTests {
@EnableWebSecurity
@EnableWebMvc
open class AuthorizeRequestsByMvcConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class AuthorizeRequestsByMvcConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
authorizeRequests {
authorize("/path", permitAll)
authorize("/**", authenticated)
}
}
return http.build()
}
@RestController
@ -194,13 +198,15 @@ class AuthorizeRequestsDslTests {
@EnableWebSecurity
@EnableWebMvc
open class MvcMatcherPathVariablesConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class MvcMatcherPathVariablesConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
authorizeRequests {
authorize("/user/{userName}", "#userName == 'user'")
}
}
return http.build()
}
@RestController
@ -235,14 +241,16 @@ class AuthorizeRequestsDslTests {
@EnableWebSecurity
@EnableWebMvc
open class HasRoleConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class HasRoleConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
authorizeRequests {
authorize("/**", hasRole("ADMIN"))
}
httpBasic { }
}
return http.build()
}
@RestController
@ -253,7 +261,7 @@ class AuthorizeRequestsDslTests {
}
@Bean
override fun userDetailsService(): UserDetailsService {
open fun userDetailsService(): UserDetailsService {
val userDetails = User.withDefaultPasswordEncoder()
.username("user")
.password("password")
@ -298,14 +306,16 @@ class AuthorizeRequestsDslTests {
@EnableWebSecurity
@EnableWebMvc
open class HasAnyRoleConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class HasAnyRoleConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
authorizeRequests {
authorize("/**", hasAnyRole("ADMIN", "USER"))
}
httpBasic { }
}
return http.build()
}
@RestController
@ -316,7 +326,7 @@ class AuthorizeRequestsDslTests {
}
@Bean
override fun userDetailsService(): UserDetailsService {
open fun userDetailsService(): UserDetailsService {
val userDetails = User.withDefaultPasswordEncoder()
.username("user")
.password("password")
@ -366,14 +376,16 @@ class AuthorizeRequestsDslTests {
@EnableWebSecurity
@EnableWebMvc
open class HasAnyAuthorityConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class HasAnyAuthorityConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
authorizeRequests {
authorize("/**", hasAnyAuthority("ROLE_ADMIN", "ROLE_USER"))
}
httpBasic { }
}
return http.build()
}
@RestController
@ -384,7 +396,7 @@ class AuthorizeRequestsDslTests {
}
@Bean
override fun userDetailsService(): UserDetailsService {
open fun userDetailsService(): UserDetailsService {
val userDetails = User.withDefaultPasswordEncoder()
.username("user")
.password("password")
@ -425,8 +437,9 @@ class AuthorizeRequestsDslTests {
@EnableWebSecurity
@EnableWebMvc
open class MvcMatcherServletPathConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class MvcMatcherServletPathConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
authorizeRequests {
authorize("/path",
@ -434,6 +447,7 @@ class AuthorizeRequestsDslTests {
denyAll)
}
}
return http.build()
}
@RestController
@ -446,14 +460,16 @@ class AuthorizeRequestsDslTests {
@EnableWebSecurity
@EnableWebMvc
open class AuthorizeRequestsByMvcConfigWithHttpMethod : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class AuthorizeRequestsByMvcConfigWithHttpMethod{
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
authorizeRequests {
authorize(HttpMethod.GET, "/path", permitAll)
authorize(HttpMethod.PUT, "/path", denyAll)
}
}
return http.build()
}
@RestController
@ -481,14 +497,16 @@ class AuthorizeRequestsDslTests {
@EnableWebSecurity
@EnableWebMvc
open class MvcMatcherServletPathHttpMethodConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class MvcMatcherServletPathHttpMethodConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
authorizeRequests {
authorize(HttpMethod.GET, "/path", "/spring", denyAll)
authorize(HttpMethod.PUT, "/path", "/spring", denyAll)
}
}
return http.build()
}
@RestController

View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2021 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -25,9 +25,9 @@ import org.springframework.context.annotation.Bean
import org.springframework.http.HttpHeaders
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.test.SpringTestContext
import org.springframework.security.config.test.SpringTestContextExtension
import org.springframework.security.web.SecurityFilterChain
import org.springframework.test.web.servlet.MockMvc
import org.springframework.test.web.servlet.get
import org.springframework.web.bind.annotation.RequestMethod
@ -58,11 +58,13 @@ class CorsDslTests {
}
@EnableWebSecurity
open class DefaultCorsConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class DefaultCorsConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
cors { }
}
return http.build()
}
}
@ -80,11 +82,13 @@ class CorsDslTests {
@EnableWebMvc
@EnableWebSecurity
open class CorsCrossOriginBeanConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class CorsCrossOriginBeanConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
cors { }
}
return http.build()
}
@Bean
@ -114,14 +118,16 @@ class CorsDslTests {
@EnableWebMvc
@EnableWebSecurity
open class CorsDisabledConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class CorsDisabledConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http.cors()
http {
cors {
disable()
}
}
return http.build()
}
@Bean
@ -151,8 +157,9 @@ class CorsDslTests {
@EnableWebMvc
@EnableWebSecurity
open class CorsCrossOriginSourceConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class CorsCrossOriginSourceConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
val source = UrlBasedCorsConfigurationSource()
val corsConfiguration = CorsConfiguration()
corsConfiguration.allowedOrigins = listOf("*")
@ -165,6 +172,7 @@ class CorsDslTests {
configurationSource = source
}
}
return http.build()
}
}
}

View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2021 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -25,7 +25,6 @@ import org.springframework.beans.factory.annotation.Autowired
import org.springframework.context.annotation.Bean
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.test.SpringTestContext
import org.springframework.security.config.test.SpringTestContextExtension
import org.springframework.security.core.userdetails.User
@ -33,6 +32,7 @@ import org.springframework.security.core.userdetails.UserDetailsService
import org.springframework.security.provisioning.InMemoryUserDetailsManager
import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin
import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf
import org.springframework.security.web.SecurityFilterChain
import org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy
import org.springframework.security.web.csrf.CsrfTokenRepository
@ -81,11 +81,13 @@ class CsrfDslTests {
}
@EnableWebSecurity
open class DefaultCsrfConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class DefaultCsrfConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
csrf { }
}
return http.build()
}
}
@ -100,13 +102,15 @@ class CsrfDslTests {
}
@EnableWebSecurity
open class CsrfDisabledConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class CsrfDisabledConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
csrf {
disable()
}
}
return http.build()
}
}
@ -124,18 +128,20 @@ class CsrfDslTests {
}
@EnableWebSecurity
open class CustomRepositoryConfig : WebSecurityConfigurerAdapter() {
open class CustomRepositoryConfig {
companion object {
val REPO: CsrfTokenRepository = HttpSessionCsrfTokenRepository()
}
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
csrf {
csrfTokenRepository = REPO
}
}
return http.build()
}
}
@ -155,13 +161,15 @@ class CsrfDslTests {
}
@EnableWebSecurity
open class RequireCsrfProtectionMatcherConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class RequireCsrfProtectionMatcherConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
csrf {
requireCsrfProtectionMatcher = AntPathRequestMatcher("/test1")
}
}
return http.build()
}
}
@ -178,23 +186,25 @@ class CsrfDslTests {
}
@EnableWebSecurity
open class CustomStrategyConfig : WebSecurityConfigurerAdapter() {
open class CustomStrategyConfig {
companion object {
var STRATEGY: SessionAuthenticationStrategy = NullAuthenticatedSessionStrategy()
}
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
formLogin { }
csrf {
sessionAuthenticationStrategy = STRATEGY
}
}
return http.build()
}
@Bean
override fun userDetailsService(): UserDetailsService {
open fun userDetailsService(): UserDetailsService {
val userDetails = User.withDefaultPasswordEncoder()
.username("user")
.password("password")
@ -220,14 +230,16 @@ class CsrfDslTests {
}
@EnableWebSecurity
open class IgnoringRequestMatchersConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class IgnoringRequestMatchersConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
csrf {
requireCsrfProtectionMatcher = AntPathRequestMatcher("/**")
ignoringRequestMatchers(AntPathRequestMatcher("/test2"))
}
}
return http.build()
}
}
@ -247,14 +259,16 @@ class CsrfDslTests {
}
@EnableWebSecurity
open class IgnoringAntMatchersConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class IgnoringAntMatchersConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
csrf {
requireCsrfProtectionMatcher = AntPathRequestMatcher("/**")
ignoringAntMatchers("/test2")
}
}
return http.build()
}
}

View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2020 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -20,14 +20,15 @@ import org.assertj.core.api.Assertions.assertThatExceptionOfType
import org.junit.jupiter.api.Test
import org.junit.jupiter.api.extension.ExtendWith
import org.springframework.beans.factory.annotation.Autowired
import org.springframework.context.annotation.Bean
import org.springframework.security.access.AccessDeniedException
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.test.SpringTestContext
import org.springframework.security.config.test.SpringTestContextExtension
import org.springframework.security.core.userdetails.User.withUsername
import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user
import org.springframework.security.web.SecurityFilterChain
import org.springframework.security.web.access.AccessDeniedHandlerImpl
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
import org.springframework.security.web.util.matcher.AntPathRequestMatcher
@ -60,14 +61,16 @@ class ExceptionHandlingDslTests {
@EnableWebSecurity
@EnableWebMvc
open class ExceptionHandlingConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class ExceptionHandlingConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
authorizeRequests {
authorize(anyRequest, authenticated)
}
exceptionHandling { }
}
return http.build()
}
}
@ -81,8 +84,9 @@ class ExceptionHandlingDslTests {
}
@EnableWebSecurity
open class ExceptionHandlingDisabledConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class ExceptionHandlingDisabledConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
authorizeRequests {
authorize(anyRequest, authenticated)
@ -91,6 +95,7 @@ class ExceptionHandlingDslTests {
disable()
}
}
return http.build()
}
}
@ -108,8 +113,9 @@ class ExceptionHandlingDslTests {
@EnableWebSecurity
@EnableWebMvc
open class AccessDeniedPageConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class AccessDeniedPageConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
authorizeRequests {
authorize("/admin", hasAuthority("ROLE_ADMIN"))
@ -119,6 +125,7 @@ class ExceptionHandlingDslTests {
accessDeniedPage = "/access-denied"
}
}
return http.build()
}
}
@ -136,8 +143,9 @@ class ExceptionHandlingDslTests {
@EnableWebSecurity
@EnableWebMvc
open class AccessDeniedHandlerConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class AccessDeniedHandlerConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
val customAccessDeniedHandler = AccessDeniedHandlerImpl()
customAccessDeniedHandler.setErrorPage("/access-denied")
http {
@ -149,6 +157,7 @@ class ExceptionHandlingDslTests {
accessDeniedHandler = customAccessDeniedHandler
}
}
return http.build()
}
}
@ -173,8 +182,9 @@ class ExceptionHandlingDslTests {
@EnableWebSecurity
@EnableWebMvc
open class AccessDeniedHandlerForConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class AccessDeniedHandlerForConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
val customAccessDeniedHandler1 = AccessDeniedHandlerImpl()
customAccessDeniedHandler1.setErrorPage("/access-denied1")
val customAccessDeniedHandler2 = AccessDeniedHandlerImpl()
@ -190,6 +200,7 @@ class ExceptionHandlingDslTests {
defaultAccessDeniedHandlerFor(customAccessDeniedHandler2, AntPathRequestMatcher("/admin2"))
}
}
return http.build()
}
}
@ -206,8 +217,9 @@ class ExceptionHandlingDslTests {
@EnableWebSecurity
@EnableWebMvc
open class AuthenticationEntryPointConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class AuthenticationEntryPointConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
authorizeRequests {
authorize(anyRequest, authenticated)
@ -216,6 +228,7 @@ class ExceptionHandlingDslTests {
authenticationEntryPoint = LoginUrlAuthenticationEntryPoint("/custom-login")
}
}
return http.build()
}
}
@ -238,8 +251,9 @@ class ExceptionHandlingDslTests {
@EnableWebSecurity
@EnableWebMvc
open class AuthenticationEntryPointForConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class AuthenticationEntryPointForConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
val customAuthenticationEntryPoint1 = LoginUrlAuthenticationEntryPoint("/custom-login1")
val customAuthenticationEntryPoint2 = LoginUrlAuthenticationEntryPoint("/custom-login2")
http {
@ -251,6 +265,7 @@ class ExceptionHandlingDslTests {
defaultAuthenticationEntryPointFor(customAuthenticationEntryPoint2, AntPathRequestMatcher("/secured2"))
}
}
return http.build()
}
}
}

View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2020 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -24,11 +24,9 @@ import org.junit.jupiter.api.Test
import org.junit.jupiter.api.extension.ExtendWith
import org.springframework.beans.factory.annotation.Autowired
import org.springframework.context.annotation.Configuration
import org.springframework.security.authentication.AuthenticationDetailsSource
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.test.SpringTestContext
import org.springframework.security.config.test.SpringTestContextExtension
import org.springframework.security.core.userdetails.User
@ -42,6 +40,8 @@ import org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirec
import org.springframework.test.web.servlet.result.MockMvcResultMatchers.status
import org.springframework.web.bind.annotation.GetMapping
import jakarta.servlet.http.HttpServletRequest
import org.springframework.context.annotation.Bean
import org.springframework.security.web.SecurityFilterChain
import org.springframework.security.web.authentication.WebAuthenticationDetails
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource
@ -91,11 +91,13 @@ class FormLoginDslTests {
}
@EnableWebSecurity
open class FormLoginConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class FormLoginConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
formLogin {}
}
return http.build()
}
}
@ -111,14 +113,16 @@ class FormLoginDslTests {
}
@EnableWebSecurity
open class AllSecuredConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class AllSecuredConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
formLogin {}
authorizeRequests {
authorize(anyRequest, authenticated)
}
}
return http.build()
}
}
@ -134,8 +138,9 @@ class FormLoginDslTests {
}
@EnableWebSecurity
open class LoginPageConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class LoginPageConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
formLogin {
loginPage = "/log-in"
@ -144,6 +149,7 @@ class FormLoginDslTests {
authorize(anyRequest, authenticated)
}
}
return http.build()
}
}
@ -159,13 +165,15 @@ class FormLoginDslTests {
}
@EnableWebSecurity
open class SuccessHandlerConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class SuccessHandlerConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
formLogin {
authenticationSuccessHandler = SimpleUrlAuthenticationSuccessHandler("/success")
}
}
return http.build()
}
}
@ -181,13 +189,15 @@ class FormLoginDslTests {
}
@EnableWebSecurity
open class FailureHandlerConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class FailureHandlerConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
formLogin {
authenticationFailureHandler = SimpleUrlAuthenticationFailureHandler("/failure")
}
}
return http.build()
}
}
@ -203,13 +213,15 @@ class FormLoginDslTests {
}
@EnableWebSecurity
open class FailureUrlConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class FailureUrlConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
formLogin {
failureUrl = "/failure"
}
}
return http.build()
}
}
@ -225,13 +237,15 @@ class FormLoginDslTests {
}
@EnableWebSecurity
open class LoginProcessingUrlConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class LoginProcessingUrlConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
formLogin {
loginProcessingUrl = "/custom"
}
}
return http.build()
}
}
@ -247,13 +261,15 @@ class FormLoginDslTests {
}
@EnableWebSecurity
open class DefaultSuccessUrlConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class DefaultSuccessUrlConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
formLogin {
defaultSuccessUrl("/custom", true)
}
}
return http.build()
}
}
@ -268,8 +284,9 @@ class FormLoginDslTests {
}
@EnableWebSecurity
open class PermitAllConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class PermitAllConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
authorizeRequests {
authorize(anyRequest, authenticated)
@ -279,6 +296,7 @@ class FormLoginDslTests {
permitAll()
}
}
return http.build()
}
@Controller
@ -308,18 +326,20 @@ class FormLoginDslTests {
}
@EnableWebSecurity
open class CustomAuthenticationDetailsSourceConfig : WebSecurityConfigurerAdapter() {
open class CustomAuthenticationDetailsSourceConfig {
companion object {
val AUTHENTICATION_DETAILS_SOURCE = WebAuthenticationDetailsSource()
}
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
formLogin {
authenticationDetailsSource = AUTHENTICATION_DETAILS_SOURCE
}
}
return http.build()
}
}

View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2021 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -23,9 +23,9 @@ import org.springframework.context.annotation.Bean
import org.springframework.http.HttpHeaders
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.test.SpringTestContext
import org.springframework.security.config.test.SpringTestContextExtension
import org.springframework.security.web.SecurityFilterChain
import org.springframework.security.web.header.writers.StaticHeadersWriter
import org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter
import org.springframework.security.web.server.header.ContentTypeOptionsServerHttpHeadersWriter
@ -66,11 +66,13 @@ class HeadersDslTests {
}
@EnableWebSecurity
open class DefaultHeadersConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class DefaultHeadersConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
headers { }
}
return http.build()
}
}
@ -86,13 +88,15 @@ class HeadersDslTests {
@EnableWebSecurity
@Suppress("DEPRECATION")
open class FeaturePolicyConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class FeaturePolicyConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
headers {
featurePolicy(policyDirectives = "geolocation 'self'")
}
}
return http.build()
}
}
@ -107,8 +111,9 @@ class HeadersDslTests {
}
@EnableWebSecurity
open class PermissionsPolicyConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class PermissionsPolicyConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
headers {
permissionsPolicy {
@ -116,6 +121,7 @@ class HeadersDslTests {
}
}
}
return http.build()
}
}
@ -136,13 +142,15 @@ class HeadersDslTests {
}
@EnableWebSecurity
open class HeadersDisabledConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class HeadersDisabledConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
headers {
disable()
}
}
return http.build()
}
}
@ -157,13 +165,15 @@ class HeadersDslTests {
}
@EnableWebSecurity
open class HeaderWriterConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class HeaderWriterConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
headers {
addHeaderWriter(StaticHeadersWriter("custom-header", "custom-value"))
}
}
return http.build()
}
}
}

View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2021 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -20,17 +20,14 @@ import io.mockk.every
import io.mockk.mockk
import io.mockk.mockkObject
import io.mockk.verify
import jakarta.servlet.http.HttpServletRequest
import org.junit.jupiter.api.Test
import org.junit.jupiter.api.extension.ExtendWith
import org.springframework.beans.factory.annotation.Autowired
import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.http.HttpStatus
import org.springframework.security.authentication.AuthenticationDetailsSource
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.test.SpringTestContext
import org.springframework.security.config.test.SpringTestContextExtension
import org.springframework.security.core.userdetails.User
@ -38,6 +35,7 @@ import org.springframework.security.core.userdetails.UserDetailsService
import org.springframework.security.provisioning.InMemoryUserDetailsManager
import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic
import org.springframework.security.web.AuthenticationEntryPoint
import org.springframework.security.web.SecurityFilterChain
import org.springframework.security.web.authentication.HttpStatusEntryPoint
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource
import org.springframework.test.web.servlet.MockMvc
@ -90,14 +88,16 @@ class HttpBasicDslTests {
}
@EnableWebSecurity
open class HttpBasicConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class HttpBasicConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
httpBasic {}
authorizeRequests {
authorize(anyRequest, authenticated)
}
}
return http.build()
}
}
@ -112,8 +112,9 @@ class HttpBasicDslTests {
}
@EnableWebSecurity
open class CustomRealmConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class CustomRealmConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
httpBasic {
realmName = "Custom Realm"
@ -122,6 +123,7 @@ class HttpBasicDslTests {
authorize(anyRequest, authenticated)
}
}
return http.build()
}
}
@ -137,13 +139,14 @@ class HttpBasicDslTests {
}
@EnableWebSecurity
open class CustomAuthenticationEntryPointConfig : WebSecurityConfigurerAdapter() {
open class CustomAuthenticationEntryPointConfig {
companion object {
val ENTRY_POINT: AuthenticationEntryPoint = HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED)
}
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
httpBasic {
authenticationEntryPoint = ENTRY_POINT
@ -152,6 +155,7 @@ class HttpBasicDslTests {
authorize(anyRequest, authenticated)
}
}
return http.build()
}
}
@ -173,13 +177,14 @@ class HttpBasicDslTests {
}
@EnableWebSecurity
open class CustomAuthenticationDetailsSourceConfig : WebSecurityConfigurerAdapter() {
open class CustomAuthenticationDetailsSourceConfig {
companion object {
val AUTHENTICATION_DETAILS_SOURCE = WebAuthenticationDetailsSource()
}
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
httpBasic {
authenticationDetailsSource = AUTHENTICATION_DETAILS_SOURCE
@ -188,6 +193,7 @@ class HttpBasicDslTests {
authorize(anyRequest, authenticated)
}
}
return http.build()
}
}

View File

@ -32,7 +32,6 @@ import org.springframework.security.authentication.TestingAuthenticationProvider
import org.springframework.security.authentication.TestingAuthenticationToken
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.test.SpringTestContext
import org.springframework.security.config.test.SpringTestContextExtension
import org.springframework.security.core.userdetails.User
@ -112,9 +111,10 @@ class HttpSecurityDslTests {
}
@EnableWebSecurity
open class DefaultSecurityConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
http {}
open class DefaultSecurityConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
return http.build()
}
@Configuration
@ -160,14 +160,16 @@ class HttpSecurityDslTests {
}
@EnableWebSecurity
open class SecurityRequestMatcherRequestsConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class SecurityRequestMatcherRequestsConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
securityMatcher(RegexRequestMatcher("/path", null))
authorizeRequests {
authorize(anyRequest, authenticated)
}
}
return http.build()
}
}
@ -215,14 +217,16 @@ class HttpSecurityDslTests {
@EnableWebSecurity
@EnableWebMvc
open class SecurityPatternMatcherRequestsConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class SecurityPatternMatcherRequestsConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
securityMatcher("/path")
authorizeRequests {
authorize(anyRequest, authenticated)
}
}
return http.build()
}
}
@ -267,8 +271,9 @@ class HttpSecurityDslTests {
@EnableWebSecurity
@EnableWebMvc
open class MultiMatcherRequestsConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class MultiMatcherRequestsConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
securityMatcher("/path1")
securityMatcher(RegexRequestMatcher("/path2", null))
@ -276,6 +281,7 @@ class HttpSecurityDslTests {
authorize(anyRequest, authenticated)
}
}
return http.build()
}
}
@ -317,8 +323,9 @@ class HttpSecurityDslTests {
}
@EnableWebSecurity
open class AuthenticationManagerRequestsConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class AuthenticationManagerRequestsConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
authenticationManager = AuthenticationManagerConfig.AUTHENTICATION_MANAGER
authorizeRequests {
@ -326,6 +333,7 @@ class HttpSecurityDslTests {
}
httpBasic { }
}
return http.build()
}
}
@ -351,17 +359,18 @@ class HttpSecurityDslTests {
val filterChain = spring.context.getBean(FilterChainProxy::class.java)
val filters: List<Filter> = filterChain.getFilters("/")
assertThat(filters).hasSize(1)
assertThat(filters[0]).isExactlyInstanceOf(CustomFilter::class.java)
assertThat(filters).anyMatch { it is CustomFilter }
}
@EnableWebSecurity
@EnableWebMvc
open class CustomFilterConfig : WebSecurityConfigurerAdapter(true) {
override fun configure(http: HttpSecurity) {
open class CustomFilterConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
addFilterAt(CustomFilter(), UsernamePasswordAuthenticationFilter::class.java)
}
return http.build()
}
}
@ -372,17 +381,18 @@ class HttpSecurityDslTests {
val filterChain = spring.context.getBean(FilterChainProxy::class.java)
val filters: List<Filter> = filterChain.getFilters("/")
assertThat(filters).hasSize(1)
assertThat(filters[0]).isExactlyInstanceOf(CustomFilter::class.java)
assertThat(filters).anyMatch { it is CustomFilter }
}
@EnableWebSecurity
@EnableWebMvc
open class CustomFilterConfigReified : WebSecurityConfigurerAdapter(true) {
override fun configure(http: HttpSecurity) {
open class CustomFilterConfigReified {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
addFilterAt<UsernamePasswordAuthenticationFilter>(CustomFilter())
}
return http.build()
}
}
@ -401,12 +411,14 @@ class HttpSecurityDslTests {
@EnableWebSecurity
@EnableWebMvc
open class CustomFilterAfterConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class CustomFilterAfterConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
addFilterAfter(CustomFilter(), UsernamePasswordAuthenticationFilter::class.java)
formLogin {}
}
return http.build()
}
}
@ -425,12 +437,14 @@ class HttpSecurityDslTests {
@EnableWebSecurity
@EnableWebMvc
open class CustomFilterAfterConfigReified : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class CustomFilterAfterConfigReified{
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
addFilterAfter<UsernamePasswordAuthenticationFilter>(CustomFilter())
formLogin { }
}
return http.build()
}
}
@ -449,12 +463,14 @@ class HttpSecurityDslTests {
@EnableWebSecurity
@EnableWebMvc
open class CustomFilterBeforeConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class CustomFilterBeforeConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
addFilterBefore(CustomFilter(), UsernamePasswordAuthenticationFilter::class.java)
formLogin {}
}
return http.build()
}
}
@ -473,12 +489,14 @@ class HttpSecurityDslTests {
@EnableWebSecurity
@EnableWebMvc
open class CustomFilterBeforeConfigReified : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class CustomFilterBeforeConfigReified{
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
addFilterBefore<UsernamePasswordAuthenticationFilter>(CustomFilter())
formLogin { }
}
return http.build()
}
}

View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2021 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -25,16 +25,17 @@ import org.assertj.core.api.Assertions.assertThat
import org.junit.jupiter.api.Test
import org.junit.jupiter.api.extension.ExtendWith
import org.springframework.beans.factory.annotation.Autowired
import org.springframework.context.annotation.Bean
import org.springframework.mock.web.MockHttpSession
import org.springframework.security.authentication.TestingAuthenticationToken
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.test.SpringTestContext
import org.springframework.security.config.test.SpringTestContextExtension
import org.springframework.security.core.Authentication
import org.springframework.security.core.context.SecurityContextHolder
import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf
import org.springframework.security.web.SecurityFilterChain
import org.springframework.security.web.authentication.logout.LogoutHandler
import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler
import org.springframework.security.web.context.HttpSessionSecurityContextRepository
@ -68,13 +69,15 @@ class LogoutDslTests {
}
@EnableWebSecurity
open class CustomLogoutUrlConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class CustomLogoutUrlConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
logout {
logoutUrl = "/custom/logout"
}
}
return http.build()
}
}
@ -91,13 +94,15 @@ class LogoutDslTests {
}
@EnableWebSecurity
open class CustomLogoutRequestMatcherConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class CustomLogoutRequestMatcherConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
logout {
logoutRequestMatcher = AntPathRequestMatcher("/custom/logout")
}
}
return http.build()
}
}
@ -114,13 +119,15 @@ class LogoutDslTests {
}
@EnableWebSecurity
open class SuccessUrlConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class SuccessUrlConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
logout {
logoutSuccessUrl = "/login"
}
}
return http.build()
}
}
@ -137,13 +144,15 @@ class LogoutDslTests {
}
@EnableWebSecurity
open class SuccessHandlerConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class SuccessHandlerConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
logout {
logoutSuccessHandler = SimpleUrlLogoutSuccessHandler()
}
}
return http.build()
}
}
@ -160,8 +169,9 @@ class LogoutDslTests {
}
@EnableWebSecurity
open class PermitAllConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class PermitAllConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
authorizeRequests {
authorize(anyRequest, authenticated)
@ -171,6 +181,7 @@ class LogoutDslTests {
permitAll()
}
}
return http.build()
}
}
@ -194,13 +205,15 @@ class LogoutDslTests {
}
@EnableWebSecurity
open class ClearAuthenticationFalseConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class ClearAuthenticationFalseConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
logout {
clearAuthentication = false
}
}
return http.build()
}
}
@ -221,13 +234,15 @@ class LogoutDslTests {
}
@EnableWebSecurity
open class InvalidateHttpSessionFalseConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class InvalidateHttpSessionFalseConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
logout {
invalidateHttpSession = false
}
}
return http.build()
}
}
@ -245,13 +260,15 @@ class LogoutDslTests {
}
@EnableWebSecurity
open class DeleteCookiesConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class DeleteCookiesConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
logout {
deleteCookies("remove")
}
}
return http.build()
}
}
@ -275,14 +292,16 @@ class LogoutDslTests {
}
@EnableWebSecurity
open class DefaultLogoutSuccessHandlerForConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class DefaultLogoutSuccessHandlerForConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
logout {
logoutRequestMatcher = AntPathRequestMatcher("/logout/**")
defaultLogoutSuccessHandlerFor(SimpleUrlLogoutSuccessHandler(), AntPathRequestMatcher("/logout/custom"))
}
}
return http.build()
}
}
@ -300,18 +319,20 @@ class LogoutDslTests {
}
@EnableWebSecurity
open class CustomLogoutHandlerConfig : WebSecurityConfigurerAdapter() {
open class CustomLogoutHandlerConfig {
companion object {
val HANDLER: LogoutHandler = NoopLogoutHandler()
}
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
logout {
addLogoutHandler(HANDLER)
}
}
return http.build()
}
}

View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2021 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -26,7 +26,6 @@ import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.oauth2.client.CommonOAuth2Provider
import org.springframework.security.config.test.SpringTestContext
import org.springframework.security.config.test.SpringTestContextExtension
@ -43,6 +42,7 @@ import org.springframework.security.oauth2.core.OAuth2AccessToken
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
import org.springframework.security.web.SecurityFilterChain
import org.springframework.test.web.servlet.MockMvc
import org.springframework.test.web.servlet.get
@ -65,8 +65,9 @@ class OAuth2ClientDslTests {
}
@EnableWebSecurity
open class ClientRepoConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class ClientRepoConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
oauth2Client {
clientRegistrationRepository = InMemoryClientRegistrationRepository(
@ -76,6 +77,7 @@ class OAuth2ClientDslTests {
)
}
}
return http.build()
}
}
@ -118,7 +120,7 @@ class OAuth2ClientDslTests {
}
@EnableWebSecurity
open class ClientRepositoryConfig : WebSecurityConfigurerAdapter() {
open class ClientRepositoryConfig {
companion object {
val REQUEST_REPOSITORY: AuthorizationRequestRepository<OAuth2AuthorizationRequest> =
@ -128,7 +130,8 @@ class OAuth2ClientDslTests {
val CLIENT_REPOSITORY: OAuth2AuthorizedClientRepository = HttpSessionOAuth2AuthorizedClientRepository()
}
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
oauth2Client {
authorizedClientRepository = CLIENT_REPOSITORY
@ -141,6 +144,7 @@ class OAuth2ClientDslTests {
authorize(anyRequest, authenticated)
}
}
return http.build()
}
}

View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2020 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -25,10 +25,8 @@ import org.junit.jupiter.api.extension.ExtendWith
import org.springframework.beans.factory.annotation.Autowired
import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.security.authentication.AuthenticationDetailsSource
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.oauth2.client.CommonOAuth2Provider
import org.springframework.security.config.test.SpringTestContext
import org.springframework.security.config.test.SpringTestContextExtension
@ -43,7 +41,7 @@ import org.springframework.test.web.servlet.get
import org.springframework.test.web.servlet.post
import org.springframework.web.bind.annotation.GetMapping
import org.springframework.web.bind.annotation.RestController
import jakarta.servlet.http.HttpServletRequest
import org.springframework.security.web.SecurityFilterChain
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource
/**
@ -65,8 +63,9 @@ class OAuth2LoginDslTests {
}
@EnableWebSecurity
open class ClientRepoConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class ClientRepoConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
oauth2Login {
clientRegistrationRepository = InMemoryClientRegistrationRepository(
@ -76,6 +75,7 @@ class OAuth2LoginDslTests {
)
}
}
return http.build()
}
}
@ -90,11 +90,13 @@ class OAuth2LoginDslTests {
}
@EnableWebSecurity
open class OAuth2LoginConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class OAuth2LoginConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
oauth2Login { }
}
return http.build()
}
}
@ -109,13 +111,15 @@ class OAuth2LoginDslTests {
}
@EnableWebSecurity
open class LoginPageConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class LoginPageConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
oauth2Login {
loginPage = "/custom-login"
}
}
return http.build()
}
@RestController
@ -157,14 +161,15 @@ class OAuth2LoginDslTests {
}
@EnableWebSecurity
open class CustomAuthenticationDetailsSourceConfig : WebSecurityConfigurerAdapter() {
open class CustomAuthenticationDetailsSourceConfig {
companion object {
val AUTHENTICATION_DETAILS_SOURCE = WebAuthenticationDetailsSource()
val AUTHORIZATION_REQUEST_REPOSITORY = HttpSessionOAuth2AuthorizationRequestRepository()
}
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
oauth2Login {
authenticationDetailsSource = AUTHENTICATION_DETAILS_SOURCE
@ -173,6 +178,7 @@ class OAuth2LoginDslTests {
}
}
}
return http.build()
}
}

View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2021 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -32,7 +32,6 @@ import org.springframework.security.authentication.AuthenticationManager
import org.springframework.security.authentication.AuthenticationManagerResolver
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.test.SpringTestContext
import org.springframework.security.config.test.SpringTestContextExtension
import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames.SUB
@ -43,6 +42,7 @@ import org.springframework.security.oauth2.server.resource.authentication.JwtIss
import org.springframework.security.oauth2.server.resource.web.BearerTokenResolver
import org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver
import org.springframework.security.web.AuthenticationEntryPoint
import org.springframework.security.web.SecurityFilterChain
import org.springframework.security.web.access.AccessDeniedHandler
import org.springframework.security.web.access.AccessDeniedHandlerImpl
import org.springframework.security.web.authentication.HttpStatusEntryPoint
@ -79,13 +79,14 @@ class OAuth2ResourceServerDslTests {
}
@EnableWebSecurity
open class EntryPointConfig : WebSecurityConfigurerAdapter() {
open class EntryPointConfig {
companion object {
val ENTRY_POINT: AuthenticationEntryPoint = HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED)
}
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
authorizeRequests {
authorize(anyRequest, authenticated)
@ -95,6 +96,7 @@ class OAuth2ResourceServerDslTests {
jwt { }
}
}
return http.build()
}
@Bean
@ -115,14 +117,15 @@ class OAuth2ResourceServerDslTests {
}
@EnableWebSecurity
open class BearerTokenResolverConfig : WebSecurityConfigurerAdapter() {
open class BearerTokenResolverConfig {
companion object {
val RESOLVER: BearerTokenResolver = DefaultBearerTokenResolver()
val DECODER: JwtDecoder = MockJwtDecoder()
}
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
authorizeRequests {
authorize(anyRequest, authenticated)
@ -132,6 +135,7 @@ class OAuth2ResourceServerDslTests {
jwt { }
}
}
return http.build()
}
@Bean
@ -168,14 +172,15 @@ class OAuth2ResourceServerDslTests {
}
@EnableWebSecurity
open class AccessDeniedHandlerConfig : WebSecurityConfigurerAdapter() {
open class AccessDeniedHandlerConfig {
companion object {
val DECODER: JwtDecoder = MockJwtDecoder()
val DENIED_HANDLER: AccessDeniedHandler = AccessDeniedHandlerImpl()
}
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
authorizeRequests {
authorize(anyRequest, denyAll)
@ -185,6 +190,7 @@ class OAuth2ResourceServerDslTests {
jwt { }
}
}
return http.build()
}
@Bean
@ -209,14 +215,15 @@ class OAuth2ResourceServerDslTests {
}
@EnableWebSecurity
open class AuthenticationManagerResolverConfig : WebSecurityConfigurerAdapter() {
open class AuthenticationManagerResolverConfig {
companion object {
val RESOLVER: AuthenticationManagerResolver<HttpServletRequest> =
JwtIssuerAuthenticationManagerResolver("issuer")
}
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
authorizeRequests {
authorize(anyRequest, authenticated)
@ -225,6 +232,7 @@ class OAuth2ResourceServerDslTests {
authenticationManagerResolver = RESOLVER
}
}
return http.build()
}
}
@ -236,8 +244,9 @@ class OAuth2ResourceServerDslTests {
}
@EnableWebSecurity
open class AuthenticationManagerResolverAndOpaqueConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class AuthenticationManagerResolverAndOpaqueConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
authorizeRequests {
authorize(anyRequest, authenticated)
@ -247,6 +256,7 @@ class OAuth2ResourceServerDslTests {
opaqueToken { }
}
}
return http.build()
}
}
}

View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2021 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -19,11 +19,12 @@ package org.springframework.security.config.annotation.web
import org.junit.jupiter.api.Test
import org.junit.jupiter.api.extension.ExtendWith
import org.springframework.beans.factory.annotation.Autowired
import org.springframework.context.annotation.Bean
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.test.SpringTestContext
import org.springframework.security.config.test.SpringTestContextExtension
import org.springframework.security.web.SecurityFilterChain
import org.springframework.test.web.servlet.MockMvc
import org.springframework.test.web.servlet.get
@ -53,11 +54,13 @@ class PasswordManagementDslTests {
}
@EnableWebSecurity
open class PasswordManagementWithDefaultChangePasswordPageConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class PasswordManagementWithDefaultChangePasswordPageConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
passwordManagement {}
}
return http.build()
}
}
@ -73,13 +76,15 @@ class PasswordManagementDslTests {
}
@EnableWebSecurity
open class PasswordManagementWithCustomChangePasswordPageConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class PasswordManagementWithCustomChangePasswordPageConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
passwordManagement {
changePasswordPage = "/custom-change-password-page"
}
}
return http.build()
}
}
}

View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2020 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -19,12 +19,13 @@ package org.springframework.security.config.annotation.web
import org.junit.jupiter.api.Test
import org.junit.jupiter.api.extension.ExtendWith
import org.springframework.beans.factory.annotation.Autowired
import org.springframework.context.annotation.Bean
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.test.SpringTestContext
import org.springframework.security.config.test.SpringTestContextExtension
import org.springframework.security.web.PortMapperImpl
import org.springframework.security.web.SecurityFilterChain
import org.springframework.test.web.servlet.MockMvc
import org.springframework.test.web.servlet.get
import java.util.*
@ -53,8 +54,9 @@ class PortMapperDslTests {
}
@EnableWebSecurity
open class PortMapperMapConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class PortMapperMapConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
requiresChannel {
secure(anyRequest, requiresSecure)
@ -63,6 +65,7 @@ class PortMapperDslTests {
map(543, 123)
}
}
return http.build()
}
}
@ -77,8 +80,9 @@ class PortMapperDslTests {
}
@EnableWebSecurity
open class CustomPortMapperConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class CustomPortMapperConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
val customPortMapper = PortMapperImpl()
customPortMapper.setPortMappings(Collections.singletonMap("543", "123"))
http {
@ -89,6 +93,7 @@ class PortMapperDslTests {
portMapper = customPortMapper
}
}
return http.build()
}
}
}

View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2021 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -26,13 +26,12 @@ import org.junit.jupiter.api.Test
import org.junit.jupiter.api.fail
import org.springframework.beans.factory.annotation.Autowired
import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.core.annotation.Order
import org.springframework.mock.web.MockHttpSession
import org.springframework.security.authentication.RememberMeAuthenticationToken
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.test.SpringTestContext
import org.springframework.security.core.Authentication
import org.springframework.security.core.authority.AuthorityUtils
@ -45,6 +44,7 @@ import org.springframework.security.provisioning.InMemoryUserDetailsManager
import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin
import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf
import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers
import org.springframework.security.web.SecurityFilterChain
import org.springframework.security.web.authentication.AuthenticationSuccessHandler
import org.springframework.security.web.authentication.NullRememberMeServices
import org.springframework.security.web.authentication.RememberMeServices
@ -219,7 +219,7 @@ internal class RememberMeDslTests {
@Test
fun `Remember Me when key then remember me works only for matching routes`() {
this.spring.register(WithoutKeyConfig::class.java, KeyConfig::class.java).autowire()
this.spring.register(WithAndWithoutKeyConfig::class.java).autowire()
val withoutKeyMvcResult = mockMvc.post("/without-key/login") {
loginRememberMeRequest()
}.andReturn()
@ -383,17 +383,18 @@ internal class RememberMeDslTests {
}
}
abstract class DefaultUserConfig : WebSecurityConfigurerAdapter() {
@Autowired
open fun configureGlobal(auth: AuthenticationManagerBuilder) {
auth.inMemoryAuthentication()
.withUser(PasswordEncodedUser.user())
@Configuration
open class DefaultUserConfig {
@Bean
open fun userDetailsService(): UserDetailsService {
return InMemoryUserDetailsManager(PasswordEncodedUser.user())
}
}
@EnableWebSecurity
open class RememberMeConfig : DefaultUserConfig() {
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
authorizeRequests {
authorize(anyRequest, hasRole("USER"))
@ -401,12 +402,14 @@ internal class RememberMeDslTests {
formLogin {}
rememberMe {}
}
return http.build()
}
}
@EnableWebSecurity
open class RememberMeDomainConfig : DefaultUserConfig() {
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
authorizeRequests {
authorize(anyRequest, hasRole("USER"))
@ -416,6 +419,7 @@ internal class RememberMeDslTests {
rememberMeCookieDomain = "spring.io"
}
}
return http.build()
}
}
@ -426,13 +430,15 @@ internal class RememberMeDslTests {
val REMEMBER_ME_SERVICES: RememberMeServices = NullRememberMeServices()
}
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
formLogin {}
rememberMe {
rememberMeServices = REMEMBER_ME_SERVICES
}
}
return http.build()
}
}
@ -443,20 +449,23 @@ internal class RememberMeDslTests {
val SUCCESS_HANDLER: AuthenticationSuccessHandler = SimpleUrlAuthenticationSuccessHandler()
}
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
formLogin {}
rememberMe {
authenticationSuccessHandler = SUCCESS_HANDLER
}
}
return http.build()
}
}
@EnableWebSecurity
open class WithAndWithoutKeyConfig : DefaultUserConfig() {
@Bean
@Order(0)
open class WithoutKeyConfig : DefaultUserConfig() {
override fun configure(http: HttpSecurity) {
open fun securityFilterChainWithoutKey(http: HttpSecurity): SecurityFilterChain {
http {
securityMatcher(AntPathRequestMatcher("/without-key/**"))
formLogin {
@ -464,12 +473,11 @@ internal class RememberMeDslTests {
}
rememberMe {}
}
}
return http.build()
}
@EnableWebSecurity
open class KeyConfig : DefaultUserConfig() {
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChainWithKey(http: HttpSecurity): SecurityFilterChain {
http {
authorizeRequests {
authorize(anyRequest, authenticated)
@ -479,6 +487,7 @@ internal class RememberMeDslTests {
key = "RememberMeKey"
}
}
return http.build()
}
}
@ -489,66 +498,76 @@ internal class RememberMeDslTests {
val TOKEN_REPOSITORY: PersistentTokenRepository = mockk()
}
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
formLogin {}
rememberMe {
tokenRepository = TOKEN_REPOSITORY
}
}
return http.build()
}
}
@EnableWebSecurity
open class RememberMeTokenValidityConfig : DefaultUserConfig() {
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
formLogin {}
rememberMe {
tokenValiditySeconds = 42
}
}
return http.build()
}
}
@EnableWebSecurity
open class RememberMeUseSecureCookieConfig : DefaultUserConfig() {
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
formLogin {}
rememberMe {
useSecureCookie = true
}
}
return http.build()
}
}
@EnableWebSecurity
open class RememberMeParameterConfig : DefaultUserConfig() {
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
formLogin {}
rememberMe {
rememberMeParameter = "rememberMe"
}
}
return http.build()
}
}
@EnableWebSecurity
open class RememberMeCookieNameConfig : DefaultUserConfig() {
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
formLogin {}
rememberMe {
rememberMeCookieName = "rememberMe"
}
}
return http.build()
}
}
@EnableWebSecurity
open class RememberMeDefaultUserDetailsServiceConfig : DefaultUserConfig() {
open class RememberMeDefaultUserDetailsServiceConfig {
companion object {
val USER_DETAIL_SERVICE: UserDetailsService = InMemoryUserDetailsManager(
@ -557,15 +576,18 @@ internal class RememberMeDslTests {
val PASSWORD_ENCODER: PasswordEncoder = BCryptPasswordEncoder()
}
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
formLogin {}
rememberMe {}
}
return http.build()
}
override fun configure(auth: AuthenticationManagerBuilder) {
auth.userDetailsService(USER_DETAIL_SERVICE)
@Bean
open fun userDetailsService(): UserDetailsService {
return USER_DETAIL_SERVICE
}
@Bean
@ -582,25 +604,29 @@ internal class RememberMeDslTests {
)
}
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
formLogin {}
rememberMe {
userDetailsService = USER_DETAIL_SERVICE
}
}
return http.build()
}
}
@EnableWebSecurity
open class RememberMeAlwaysRememberConfig : DefaultUserConfig() {
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
formLogin {}
rememberMe {
alwaysRemember = true
}
}
return http.build()
}
}

View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2020 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -19,12 +19,13 @@ package org.springframework.security.config.annotation.web
import org.junit.jupiter.api.Test
import org.junit.jupiter.api.extension.ExtendWith
import org.springframework.beans.factory.annotation.Autowired
import org.springframework.context.annotation.Bean
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.test.SpringTestContext
import org.springframework.security.config.test.SpringTestContextExtension
import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin
import org.springframework.security.web.SecurityFilterChain
import org.springframework.security.web.savedrequest.NullRequestCache
import org.springframework.test.web.servlet.MockMvc
import org.springframework.test.web.servlet.get
@ -56,12 +57,14 @@ class RequestCacheDslTests {
}
@EnableWebSecurity
open class RequestCacheConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class RequestCacheConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
requestCache { }
formLogin { }
}
return http.build()
}
}
@ -78,14 +81,16 @@ class RequestCacheDslTests {
}
@EnableWebSecurity
open class CustomRequestCacheConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class CustomRequestCacheConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
requestCache {
requestCache = NullRequestCache()
}
formLogin { }
}
return http.build()
}
}
}

View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2021 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -21,13 +21,14 @@ import io.mockk.verify
import org.junit.jupiter.api.Test
import org.junit.jupiter.api.extension.ExtendWith
import org.springframework.beans.factory.annotation.Autowired
import org.springframework.context.annotation.Bean
import org.springframework.security.access.ConfigAttribute
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.test.SpringTestContext
import org.springframework.security.config.test.SpringTestContextExtension
import org.springframework.security.web.FilterInvocation
import org.springframework.security.web.SecurityFilterChain
import org.springframework.security.web.access.channel.ChannelProcessor
import org.springframework.test.web.servlet.MockMvc
import org.springframework.test.web.servlet.get
@ -63,13 +64,15 @@ class RequiresChannelDslTests {
}
@EnableWebSecurity
open class RequiresSecureConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class RequiresSecureConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
requiresChannel {
secure(anyRequest, requiresSecure)
}
}
return http.build()
}
}
@ -95,8 +98,9 @@ class RequiresChannelDslTests {
@EnableWebSecurity
@EnableWebMvc
open class MvcMatcherServletPathConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class MvcMatcherServletPathConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
requiresChannel {
secure("/path",
@ -104,6 +108,7 @@ class RequiresChannelDslTests {
requiresSecure)
}
}
return http.build()
}
@RestController
@ -125,7 +130,7 @@ class RequiresChannelDslTests {
}
@EnableWebSecurity
open class ChannelProcessorsConfig : WebSecurityConfigurerAdapter() {
open class ChannelProcessorsConfig {
companion object {
val CHANNEL_PROCESSOR: ChannelProcessor = object : ChannelProcessor {
@ -134,13 +139,15 @@ class RequiresChannelDslTests {
}
}
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
requiresChannel {
channelProcessors = listOf(CHANNEL_PROCESSOR)
secure(anyRequest, requiresSecure)
}
}
return http.build()
}
}
}

View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2021 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -32,7 +32,6 @@ import org.springframework.security.authentication.ProviderManager
import org.springframework.security.authentication.TestingAuthenticationProvider
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.test.SpringTestContext
import org.springframework.security.config.test.SpringTestContextExtension
import org.springframework.security.saml2.credentials.Saml2X509Credential
@ -42,6 +41,7 @@ import org.springframework.security.saml2.provider.service.registration.RelyingP
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository
import org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations
import org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter
import org.springframework.security.web.SecurityFilterChain
import org.springframework.test.web.servlet.MockMvc
import org.springframework.test.web.servlet.get
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders
@ -71,11 +71,13 @@ class Saml2DslTests {
}
@EnableWebSecurity
open class Saml2LoginNoRelyingPArtyRegistrationRepoConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class Saml2LoginNoRelyingPArtyRegistrationRepoConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
saml2Login { }
}
return http.build()
}
}
@ -90,9 +92,10 @@ class Saml2DslTests {
}
@EnableWebSecurity
open class Saml2LoginConfig : WebSecurityConfigurerAdapter() {
open class Saml2LoginConfig {
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
saml2Login {
relyingPartyRegistrationRepository =
@ -106,6 +109,7 @@ class Saml2DslTests {
)
}
}
return http.build()
}
private fun <T : Certificate> loadCert(location: String): T {
@ -127,17 +131,19 @@ class Saml2DslTests {
}
@EnableWebSecurity
open class Saml2LoginCustomAuthenticationManagerConfig : WebSecurityConfigurerAdapter() {
open class Saml2LoginCustomAuthenticationManagerConfig {
companion object {
val AUTHENTICATION_MANAGER: AuthenticationManager = ProviderManager(TestingAuthenticationProvider())
}
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
saml2Login {
authenticationManager = AUTHENTICATION_MANAGER
}
}
return http.build()
}
@Bean

View File

@ -19,27 +19,28 @@ package org.springframework.security.config.annotation.web
import io.mockk.every
import io.mockk.mockk
import io.mockk.mockkObject
import io.mockk.spyk
import io.mockk.verify
import org.assertj.core.api.Assertions.assertThat
import org.junit.jupiter.api.Test
import org.junit.jupiter.api.assertDoesNotThrow
import org.junit.jupiter.api.extension.ExtendWith
import org.springframework.beans.factory.annotation.Autowired
import org.springframework.context.annotation.Bean
import org.springframework.security.config.annotation.ObjectPostProcessor
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.test.SpringTestContext
import org.springframework.security.config.test.SpringTestContextExtension
import org.springframework.security.core.context.SecurityContext
import org.springframework.security.core.userdetails.PasswordEncodedUser
import org.springframework.security.core.userdetails.UserDetailsService
import org.springframework.security.provisioning.InMemoryUserDetailsManager
import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders
import org.springframework.security.web.FilterChainProxy
import org.springframework.security.web.context.*
import org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter
import org.springframework.security.web.SecurityFilterChain
import org.springframework.security.web.context.HttpRequestResponseHolder
import org.springframework.security.web.context.HttpSessionSecurityContextRepository
import org.springframework.security.web.context.NullSecurityContextRepository
import org.springframework.security.web.context.SecurityContextHolderFilter
import org.springframework.security.web.context.SecurityContextPersistenceFilter
import org.springframework.test.web.servlet.MockMvc
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get
@ -56,14 +57,17 @@ class SecurityContextDslTests {
fun `security context when invoked twice then uses original security context repository`() {
spring.register(DuplicateDoesNotOverrideConfig::class.java).autowire()
mockkObject(DuplicateDoesNotOverrideConfig.SECURITY_CONTEXT_REPOSITORY)
every { DuplicateDoesNotOverrideConfig.SECURITY_CONTEXT_REPOSITORY.loadContext(any<HttpRequestResponseHolder>()) } returns mockk<SecurityContext>(relaxed = true)
every { DuplicateDoesNotOverrideConfig.SECURITY_CONTEXT_REPOSITORY.loadContext(any<HttpRequestResponseHolder>()) } returns mockk<SecurityContext>(
relaxed = true
)
mvc.perform(get("/"))
verify(exactly = 1) { DuplicateDoesNotOverrideConfig.SECURITY_CONTEXT_REPOSITORY.loadContext(any<HttpRequestResponseHolder>()) }
}
@EnableWebSecurity
open class DuplicateDoesNotOverrideConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class DuplicateDoesNotOverrideConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
// @formatter:off
http {
securityContext {
@ -72,6 +76,7 @@ class SecurityContextDslTests {
securityContext { }
}
// @formatter:on
return http.build()
}
companion object {
@ -79,37 +84,6 @@ class SecurityContextDslTests {
}
}
@Test
fun `security context when security context repository not configured then does not throw exception`() {
spring.register(SecurityContextRepositoryDefaultsSecurityContextRepositoryConfig::class.java).autowire()
assertDoesNotThrow { mvc.perform(get("/")) }
}
@EnableWebSecurity
open class SecurityContextRepositoryDefaultsSecurityContextRepositoryConfig : WebSecurityConfigurerAdapter(true) {
override fun configure(http: HttpSecurity) {
// @formatter:off
http {
addFilterAt<WebAsyncManagerIntegrationFilter>(WebAsyncManagerIntegrationFilter())
anonymous { }
securityContext { }
authorizeRequests {
authorize(anyRequest, permitAll)
}
httpBasic { }
}
// @formatter:on
}
override fun configure(auth: AuthenticationManagerBuilder) {
// @formatter:off
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER")
// @formatter:on
}
}
@Test
fun `security context when require explicit save is true then configure SecurityContextHolderFilter`() {
val repository = HttpSessionSecurityContextRepository()
@ -130,8 +104,9 @@ class SecurityContextDslTests {
}
@EnableWebSecurity
open class RequireExplicitSaveConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class RequireExplicitSaveConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
// @formatter:off
http {
formLogin { }
@ -140,14 +115,12 @@ class SecurityContextDslTests {
}
}
// @formatter:on
return http.build()
}
override fun configure(auth: AuthenticationManagerBuilder) {
// @formatter:off
auth
.inMemoryAuthentication()
.withUser(PasswordEncodedUser.user())
// @formatter:on
@Bean
open fun userDetailsService(): UserDetailsService {
return InMemoryUserDetailsManager(PasswordEncodedUser.user())
}
}
}

View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2021 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -29,12 +29,12 @@ import org.springframework.context.annotation.Bean
import org.springframework.mock.web.MockHttpSession
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.http.SessionCreationPolicy
import org.springframework.security.config.test.SpringTestContext
import org.springframework.security.config.test.SpringTestContextExtension
import org.springframework.security.core.Authentication
import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.authentication
import org.springframework.security.web.SecurityFilterChain
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
import org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy
import org.springframework.security.web.authentication.session.SessionAuthenticationException
@ -73,13 +73,15 @@ class SessionManagementDslTests {
}
@EnableWebSecurity
open class InvalidSessionUrlConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class InvalidSessionUrlConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
sessionManagement {
invalidSessionUrl = "/invalid"
}
}
return http.build()
}
}
@ -98,13 +100,15 @@ class SessionManagementDslTests {
}
@EnableWebSecurity
open class InvalidSessionStrategyConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class InvalidSessionStrategyConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
sessionManagement {
invalidSessionStrategy = SimpleRedirectInvalidSessionStrategy("/invalid")
}
}
return http.build()
}
}
@ -124,8 +128,9 @@ class SessionManagementDslTests {
}
@EnableWebSecurity
open class SessionAuthenticationErrorUrlConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class SessionAuthenticationErrorUrlConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
authorizeRequests {
authorize(anyRequest, authenticated)
@ -134,6 +139,7 @@ class SessionManagementDslTests {
sessionAuthenticationErrorUrl = "/session-auth-error"
}
}
return http.build()
}
}
@ -153,8 +159,9 @@ class SessionManagementDslTests {
}
@EnableWebSecurity
open class SessionAuthenticationFailureHandlerConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class SessionAuthenticationFailureHandlerConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
authorizeRequests {
authorize(anyRequest, authenticated)
@ -163,6 +170,7 @@ class SessionManagementDslTests {
sessionAuthenticationFailureHandler = SimpleUrlAuthenticationFailureHandler("/session-auth-error")
}
}
return http.build()
}
}
@ -177,8 +185,9 @@ class SessionManagementDslTests {
}
@EnableWebSecurity
open class StatelessSessionManagementConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class StatelessSessionManagementConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
authorizeRequests {
authorize(anyRequest, authenticated)
@ -187,6 +196,7 @@ class SessionManagementDslTests {
sessionCreationPolicy = SessionCreationPolicy.STATELESS
}
}
return http.build()
}
}
@ -208,13 +218,14 @@ class SessionManagementDslTests {
}
@EnableWebSecurity
open class SessionAuthenticationStrategyConfig : WebSecurityConfigurerAdapter() {
open class SessionAuthenticationStrategyConfig {
companion object {
val STRATEGY: SessionAuthenticationStrategy = NullAuthenticatedSessionStrategy()
}
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
authorizeRequests {
authorize(anyRequest, authenticated)
@ -223,6 +234,7 @@ class SessionManagementDslTests {
sessionAuthenticationStrategy = STRATEGY
}
}
return http.build()
}
@Bean

View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2021 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -27,7 +27,6 @@ import org.springframework.context.annotation.Bean
import org.springframework.core.io.ClassPathResource
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.test.SpringTestContext
import org.springframework.security.config.test.SpringTestContextExtension
import org.springframework.security.core.userdetails.User
@ -36,6 +35,7 @@ import org.springframework.security.core.userdetails.UserDetailsService
import org.springframework.security.provisioning.InMemoryUserDetailsManager
import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.x509
import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated
import org.springframework.security.web.SecurityFilterChain
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken
import org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor
import org.springframework.test.web.servlet.MockMvc
@ -65,15 +65,17 @@ class X509DslTests {
}
@EnableWebSecurity
open class X509Config : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class X509Config {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
x509 { }
}
return http.build()
}
@Bean
override fun userDetailsService(): UserDetailsService {
open fun userDetailsService(): UserDetailsService {
val userDetails = User.withDefaultPasswordEncoder()
.username("rod")
.password("password")
@ -94,17 +96,19 @@ class X509DslTests {
}
@EnableWebSecurity
open class X509RegexConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class X509RegexConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
x509 {
subjectPrincipalRegex = "CN=(.*?)@example.com(?:,|$)"
}
}
return http.build()
}
@Bean
override fun userDetailsService(): UserDetailsService {
open fun userDetailsService(): UserDetailsService {
val userDetails = User.withDefaultPasswordEncoder()
.username("rod")
.password("password")
@ -125,8 +129,9 @@ class X509DslTests {
}
@EnableWebSecurity
open class UserDetailsServiceConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class UserDetailsServiceConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
val userDetails = User.withDefaultPasswordEncoder()
.username("rod")
.password("password")
@ -138,10 +143,11 @@ class X509DslTests {
userDetailsService = customUserDetailsService
}
}
return http.build()
}
@Bean
override fun userDetailsService(): UserDetailsService = mockk()
open fun userDetailsService(): UserDetailsService = mockk()
}
@Test
@ -155,8 +161,9 @@ class X509DslTests {
}
@EnableWebSecurity
open class AuthenticationUserDetailsServiceConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class AuthenticationUserDetailsServiceConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
val userDetails = User.withDefaultPasswordEncoder()
.username("rod")
.password("password")
@ -170,10 +177,11 @@ class X509DslTests {
authenticationUserDetailsService = customSource
}
}
return http.build()
}
@Bean
override fun userDetailsService(): UserDetailsService = mockk()
open fun userDetailsService(): UserDetailsService = mockk()
}
@Test
@ -187,8 +195,9 @@ class X509DslTests {
}
@EnableWebSecurity
open class X509PrincipalExtractorConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class X509PrincipalExtractorConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
val principalExtractor = SubjectDnX509PrincipalExtractor()
principalExtractor.setSubjectDnRegex("CN=(.*?)@example.com(?:,|$)")
http {
@ -196,10 +205,11 @@ class X509DslTests {
x509PrincipalExtractor = principalExtractor
}
}
return http.build()
}
@Bean
override fun userDetailsService(): UserDetailsService {
open fun userDetailsService(): UserDetailsService {
val userDetails = User.withDefaultPasswordEncoder()
.username("rod")
.password("password")

View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2020 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -19,13 +19,14 @@ package org.springframework.security.config.annotation.web.headers
import org.junit.jupiter.api.Test
import org.junit.jupiter.api.extension.ExtendWith
import org.springframework.beans.factory.annotation.Autowired
import org.springframework.context.annotation.Bean
import org.springframework.http.HttpHeaders
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.annotation.web.invoke
import org.springframework.security.config.test.SpringTestContext
import org.springframework.security.config.test.SpringTestContextExtension
import org.springframework.security.web.SecurityFilterChain
import org.springframework.test.web.servlet.MockMvc
import org.springframework.test.web.servlet.get
@ -55,14 +56,16 @@ class CacheControlDslTests {
}
@EnableWebSecurity
open class CacheControlConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class CacheControlConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
headers {
defaultsDisabled = true
cacheControl { }
}
}
return http.build()
}
}
@ -79,8 +82,9 @@ class CacheControlDslTests {
}
@EnableWebSecurity
open class CacheControlDisabledConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class CacheControlDisabledConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
headers {
cacheControl {
@ -88,6 +92,7 @@ class CacheControlDslTests {
}
}
}
return http.build()
}
}
}

View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2020 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -19,12 +19,13 @@ package org.springframework.security.config.annotation.web.headers
import org.junit.jupiter.api.Test
import org.junit.jupiter.api.extension.ExtendWith
import org.springframework.beans.factory.annotation.Autowired
import org.springframework.context.annotation.Bean
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.annotation.web.invoke
import org.springframework.security.config.test.SpringTestContext
import org.springframework.security.config.test.SpringTestContextExtension
import org.springframework.security.web.SecurityFilterChain
import org.springframework.security.web.server.header.ContentSecurityPolicyServerHttpHeadersWriter
import org.springframework.test.web.servlet.MockMvc
import org.springframework.test.web.servlet.get
@ -54,14 +55,16 @@ class ContentSecurityPolicyDslTests {
}
@EnableWebSecurity
open class ContentSecurityPolicyConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class ContentSecurityPolicyConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
headers {
defaultsDisabled = true
contentSecurityPolicy { }
}
}
return http.build()
}
}
@ -77,8 +80,9 @@ class ContentSecurityPolicyDslTests {
}
@EnableWebSecurity
open class CustomPolicyDirectivesConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class CustomPolicyDirectivesConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
headers {
defaultsDisabled = true
@ -87,6 +91,7 @@ class ContentSecurityPolicyDslTests {
}
}
}
return http.build()
}
}
@ -102,8 +107,9 @@ class ContentSecurityPolicyDslTests {
}
@EnableWebSecurity
open class ReportOnlyConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class ReportOnlyConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
headers {
defaultsDisabled = true
@ -112,6 +118,7 @@ class ContentSecurityPolicyDslTests {
}
}
}
return http.build()
}
}
}

View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2020 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -19,12 +19,13 @@ package org.springframework.security.config.annotation.web.headers
import org.junit.jupiter.api.Test
import org.junit.jupiter.api.extension.ExtendWith
import org.springframework.beans.factory.annotation.Autowired
import org.springframework.context.annotation.Bean
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.annotation.web.invoke
import org.springframework.security.config.test.SpringTestContext
import org.springframework.security.config.test.SpringTestContextExtension
import org.springframework.security.web.SecurityFilterChain
import org.springframework.security.web.server.header.ContentTypeOptionsServerHttpHeadersWriter
import org.springframework.test.web.servlet.MockMvc
import org.springframework.test.web.servlet.get
@ -53,14 +54,16 @@ class ContentTypeOptionsDslTests {
}
@EnableWebSecurity
open class ContentTypeOptionsConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class ContentTypeOptionsConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
headers {
defaultsDisabled = true
contentTypeOptions { }
}
}
return http.build()
}
}
@ -75,8 +78,9 @@ class ContentTypeOptionsDslTests {
}
@EnableWebSecurity
open class ContentTypeOptionsDisabledConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class ContentTypeOptionsDisabledConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
headers {
contentTypeOptions {
@ -84,6 +88,7 @@ class ContentTypeOptionsDslTests {
}
}
}
return http.build()
}
}
}

View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2020 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -19,12 +19,13 @@ package org.springframework.security.config.annotation.web.headers
import org.junit.jupiter.api.Test
import org.junit.jupiter.api.extension.ExtendWith
import org.springframework.beans.factory.annotation.Autowired
import org.springframework.context.annotation.Bean
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.annotation.web.invoke
import org.springframework.security.config.test.SpringTestContext
import org.springframework.security.config.test.SpringTestContextExtension
import org.springframework.security.web.SecurityFilterChain
import org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter
import org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter
import org.springframework.test.web.servlet.MockMvc
@ -55,14 +56,16 @@ class FrameOptionsDslTests {
}
@EnableWebSecurity
open class FrameOptionsConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class FrameOptionsConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
headers {
defaultsDisabled = true
frameOptions { }
}
}
return http.build()
}
}
@ -78,8 +81,9 @@ class FrameOptionsDslTests {
}
@EnableWebSecurity
open class FrameOptionsDenyConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class FrameOptionsDenyConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
headers {
defaultsDisabled = true
@ -88,6 +92,7 @@ class FrameOptionsDslTests {
}
}
}
return http.build()
}
}
@ -103,8 +108,9 @@ class FrameOptionsDslTests {
}
@EnableWebSecurity
open class FrameOptionsSameOriginConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class FrameOptionsSameOriginConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
headers {
defaultsDisabled = true
@ -113,6 +119,7 @@ class FrameOptionsDslTests {
}
}
}
return http.build()
}
}
@ -128,8 +135,9 @@ class FrameOptionsDslTests {
}
@EnableWebSecurity
open class FrameOptionsSameOriginAndDenyConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class FrameOptionsSameOriginAndDenyConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
headers {
defaultsDisabled = true
@ -139,6 +147,7 @@ class FrameOptionsDslTests {
}
}
}
return http.build()
}
}
@ -154,8 +163,9 @@ class FrameOptionsDslTests {
}
@EnableWebSecurity
open class FrameOptionsDisabledConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class FrameOptionsDisabledConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
headers {
frameOptions {
@ -163,6 +173,7 @@ class FrameOptionsDslTests {
}
}
}
return http.build()
}
}
}

View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2020 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -20,12 +20,13 @@ import org.assertj.core.api.Assertions
import org.junit.jupiter.api.Test
import org.junit.jupiter.api.extension.ExtendWith
import org.springframework.beans.factory.annotation.Autowired
import org.springframework.context.annotation.Bean
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.test.SpringTestContext
import org.springframework.security.config.test.SpringTestContextExtension
import org.springframework.security.config.annotation.web.invoke
import org.springframework.security.web.SecurityFilterChain
import org.springframework.test.web.servlet.MockMvc
import org.springframework.test.web.servlet.get
@ -57,14 +58,16 @@ class HttpPublicKeyPinningDslTests {
}
@EnableWebSecurity
open class HpkpNoPinConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class HpkpNoPinConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
headers {
defaultsDisabled = true
httpPublicKeyPinning { }
}
}
return http.build()
}
}
@ -80,8 +83,9 @@ class HttpPublicKeyPinningDslTests {
}
@EnableWebSecurity
open class HpkpPinConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class HpkpPinConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
headers {
defaultsDisabled = true
@ -90,6 +94,7 @@ class HttpPublicKeyPinningDslTests {
}
}
}
return http.build()
}
}
@ -105,8 +110,9 @@ class HttpPublicKeyPinningDslTests {
}
@EnableWebSecurity
open class HpkpMaxAgeConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class HpkpMaxAgeConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
headers {
defaultsDisabled = true
@ -116,6 +122,7 @@ class HttpPublicKeyPinningDslTests {
}
}
}
return http.build()
}
}
@ -131,8 +138,9 @@ class HttpPublicKeyPinningDslTests {
}
@EnableWebSecurity
open class HpkpReportOnlyFalseConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class HpkpReportOnlyFalseConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
headers {
defaultsDisabled = true
@ -142,6 +150,7 @@ class HttpPublicKeyPinningDslTests {
}
}
}
return http.build()
}
}
@ -160,8 +169,9 @@ class HttpPublicKeyPinningDslTests {
}
@EnableWebSecurity
open class HpkpIncludeSubdomainsConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class HpkpIncludeSubdomainsConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
headers {
defaultsDisabled = true
@ -171,6 +181,7 @@ class HttpPublicKeyPinningDslTests {
}
}
}
return http.build()
}
}
@ -189,8 +200,9 @@ class HttpPublicKeyPinningDslTests {
}
@EnableWebSecurity
open class HpkpReportUriConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class HpkpReportUriConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
headers {
defaultsDisabled = true
@ -200,6 +212,7 @@ class HttpPublicKeyPinningDslTests {
}
}
}
return http.build()
}
}
@ -217,8 +230,9 @@ class HttpPublicKeyPinningDslTests {
}
@EnableWebSecurity
open class HpkpDisabledConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class HpkpDisabledConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
headers {
httpPublicKeyPinning {
@ -226,6 +240,7 @@ class HttpPublicKeyPinningDslTests {
}
}
}
return http.build()
}
}
}

View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2020 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -20,12 +20,13 @@ import org.assertj.core.api.Assertions
import org.junit.jupiter.api.Test
import org.junit.jupiter.api.extension.ExtendWith
import org.springframework.beans.factory.annotation.Autowired
import org.springframework.context.annotation.Bean
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.annotation.web.invoke
import org.springframework.security.config.test.SpringTestContext
import org.springframework.security.config.test.SpringTestContextExtension
import org.springframework.security.web.SecurityFilterChain
import org.springframework.security.web.server.header.StrictTransportSecurityServerHttpHeadersWriter
import org.springframework.security.web.util.matcher.AntPathRequestMatcher
import org.springframework.test.web.servlet.MockMvc
@ -56,14 +57,16 @@ class HttpStrictTransportSecurityDslTests {
}
@EnableWebSecurity
open class HstsConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class HstsConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
headers {
defaultsDisabled = true
httpStrictTransportSecurity { }
}
}
return http.build()
}
}
@ -79,8 +82,9 @@ class HttpStrictTransportSecurityDslTests {
}
@EnableWebSecurity
open class HstsPreloadConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class HstsPreloadConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
headers {
defaultsDisabled = true
@ -89,6 +93,7 @@ class HttpStrictTransportSecurityDslTests {
}
}
}
return http.build()
}
}
@ -104,8 +109,9 @@ class HttpStrictTransportSecurityDslTests {
}
@EnableWebSecurity
open class HstsMaxAgeConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class HstsMaxAgeConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
headers {
defaultsDisabled = true
@ -114,6 +120,7 @@ class HttpStrictTransportSecurityDslTests {
}
}
}
return http.build()
}
}
@ -129,8 +136,9 @@ class HttpStrictTransportSecurityDslTests {
}
@EnableWebSecurity
open class HstsCustomMatcherConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class HstsCustomMatcherConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
headers {
defaultsDisabled = true
@ -139,6 +147,7 @@ class HttpStrictTransportSecurityDslTests {
}
}
}
return http.build()
}
}
@ -154,8 +163,9 @@ class HttpStrictTransportSecurityDslTests {
}
@EnableWebSecurity
open class HstsDisabledConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class HstsDisabledConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
headers {
httpStrictTransportSecurity {
@ -163,6 +173,7 @@ class HttpStrictTransportSecurityDslTests {
}
}
}
return http.build()
}
}
}

View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2020 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -19,12 +19,13 @@ package org.springframework.security.config.annotation.web.headers
import org.junit.jupiter.api.Test
import org.junit.jupiter.api.extension.ExtendWith
import org.springframework.beans.factory.annotation.Autowired
import org.springframework.context.annotation.Bean
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.annotation.web.invoke
import org.springframework.security.config.test.SpringTestContext
import org.springframework.security.config.test.SpringTestContextExtension
import org.springframework.security.web.SecurityFilterChain
import org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter
import org.springframework.test.web.servlet.MockMvc
import org.springframework.test.web.servlet.get
@ -53,14 +54,16 @@ class ReferrerPolicyDslTests {
}
@EnableWebSecurity
open class ReferrerPolicyConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class ReferrerPolicyConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
headers {
defaultsDisabled = true
referrerPolicy { }
}
}
return http.build()
}
}
@ -75,8 +78,9 @@ class ReferrerPolicyDslTests {
}
@EnableWebSecurity
open class ReferrerPolicyCustomPolicyConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class ReferrerPolicyCustomPolicyConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
headers {
defaultsDisabled = true
@ -85,6 +89,7 @@ class ReferrerPolicyDslTests {
}
}
}
return http.build()
}
}
}

View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2020 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -19,12 +19,13 @@ package org.springframework.security.config.annotation.web.headers
import org.junit.jupiter.api.Test
import org.junit.jupiter.api.extension.ExtendWith
import org.springframework.beans.factory.annotation.Autowired
import org.springframework.context.annotation.Bean
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.annotation.web.invoke
import org.springframework.security.config.test.SpringTestContext
import org.springframework.security.config.test.SpringTestContextExtension
import org.springframework.security.web.SecurityFilterChain
import org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter
import org.springframework.test.web.servlet.MockMvc
import org.springframework.test.web.servlet.get
@ -54,14 +55,16 @@ class XssProtectionConfigDslTests {
}
@EnableWebSecurity
open class XssProtectionConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class XssProtectionConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
headers {
defaultsDisabled = true
xssProtection { }
}
}
return http.build()
}
}
@ -77,8 +80,9 @@ class XssProtectionConfigDslTests {
}
@EnableWebSecurity
open class XssProtectionBlockFalseConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class XssProtectionBlockFalseConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
headers {
defaultsDisabled = true
@ -87,6 +91,7 @@ class XssProtectionConfigDslTests {
}
}
}
return http.build()
}
}
@ -102,8 +107,9 @@ class XssProtectionConfigDslTests {
}
@EnableWebSecurity
open class XssProtectionDisabledConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class XssProtectionDisabledConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
headers {
defaultsDisabled = true
@ -112,6 +118,7 @@ class XssProtectionConfigDslTests {
}
}
}
return http.build()
}
}
@ -127,8 +134,9 @@ class XssProtectionConfigDslTests {
}
@EnableWebSecurity
open class XssProtectionDisabledFunctionConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class XssProtectionDisabledFunctionConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
headers {
xssProtection {
@ -136,6 +144,7 @@ class XssProtectionConfigDslTests {
}
}
}
return http.build()
}
}
}

View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2021 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -27,7 +27,6 @@ import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.oauth2.client.CommonOAuth2Provider
import org.springframework.security.config.test.SpringTestContext
import org.springframework.security.config.test.SpringTestContextExtension
@ -44,6 +43,7 @@ import org.springframework.security.oauth2.core.OAuth2AccessToken
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
import org.springframework.security.web.SecurityFilterChain
import org.springframework.test.web.servlet.MockMvc
import org.springframework.test.web.servlet.get
@ -81,14 +81,15 @@ class AuthorizationCodeGrantDslTests {
}
@EnableWebSecurity
open class RequestRepositoryConfig : WebSecurityConfigurerAdapter() {
open class RequestRepositoryConfig {
companion object {
val REQUEST_REPOSITORY: AuthorizationRequestRepository<OAuth2AuthorizationRequest> =
HttpSessionOAuth2AuthorizationRequestRepository()
}
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
oauth2Client {
authorizationCodeGrant {
@ -99,6 +100,7 @@ class AuthorizationCodeGrantDslTests {
authorize(anyRequest, authenticated)
}
}
return http.build()
}
}
@ -130,7 +132,7 @@ class AuthorizationCodeGrantDslTests {
}
@EnableWebSecurity
open class AuthorizedClientConfig : WebSecurityConfigurerAdapter() {
open class AuthorizedClientConfig {
companion object {
val REQUEST_REPOSITORY: AuthorizationRequestRepository<OAuth2AuthorizationRequest> =
HttpSessionOAuth2AuthorizationRequestRepository()
@ -138,7 +140,8 @@ class AuthorizationCodeGrantDslTests {
DefaultAuthorizationCodeTokenResponseClient()
}
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
oauth2Client {
authorizationCodeGrant {
@ -150,6 +153,7 @@ class AuthorizationCodeGrantDslTests {
authorize(anyRequest, authenticated)
}
}
return http.build()
}
}
@ -171,11 +175,12 @@ class AuthorizationCodeGrantDslTests {
}
@EnableWebSecurity
open class RequestResolverConfig : WebSecurityConfigurerAdapter() {
open class RequestResolverConfig {
val requestResolver: OAuth2AuthorizationRequestResolver = mockk()
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
oauth2Client {
authorizationCodeGrant {
@ -186,6 +191,7 @@ class AuthorizationCodeGrantDslTests {
authorize(anyRequest, authenticated)
}
}
return http.build()
}
}

View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2021 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -27,7 +27,6 @@ import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.oauth2.client.CommonOAuth2Provider
import org.springframework.security.config.test.SpringTestContext
import org.springframework.security.config.test.SpringTestContextExtension
@ -38,6 +37,7 @@ import org.springframework.security.oauth2.client.web.AuthorizationRequestReposi
import org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository
import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
import org.springframework.security.web.SecurityFilterChain
import org.springframework.test.web.servlet.MockMvc
import org.springframework.test.web.servlet.get
@ -66,7 +66,7 @@ class AuthorizationEndpointDslTests {
}
@EnableWebSecurity
open class ResolverConfig : WebSecurityConfigurerAdapter() {
open class ResolverConfig {
companion object {
val RESOLVER: OAuth2AuthorizationRequestResolver = object : OAuth2AuthorizationRequestResolver {
@ -80,7 +80,8 @@ class AuthorizationEndpointDslTests {
}
}
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
oauth2Login {
authorizationEndpoint {
@ -88,6 +89,7 @@ class AuthorizationEndpointDslTests {
}
}
}
return http.build()
}
}
@ -103,14 +105,15 @@ class AuthorizationEndpointDslTests {
}
@EnableWebSecurity
open class RequestRepoConfig : WebSecurityConfigurerAdapter() {
open class RequestRepoConfig {
companion object {
val REPOSITORY: AuthorizationRequestRepository<OAuth2AuthorizationRequest> =
HttpSessionOAuth2AuthorizationRequestRepository()
}
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
oauth2Login {
authorizationEndpoint {
@ -118,6 +121,7 @@ class AuthorizationEndpointDslTests {
}
}
}
return http.build()
}
}
@ -132,14 +136,15 @@ class AuthorizationEndpointDslTests {
}
@EnableWebSecurity
open class AuthorizationUriConfig : WebSecurityConfigurerAdapter() {
open class AuthorizationUriConfig {
companion object {
val REPOSITORY: AuthorizationRequestRepository<OAuth2AuthorizationRequest> =
HttpSessionOAuth2AuthorizationRequestRepository()
}
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
oauth2Login {
authorizationEndpoint {
@ -148,6 +153,7 @@ class AuthorizationEndpointDslTests {
}
}
}
return http.build()
}
}

View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2021 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -25,7 +25,6 @@ import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.oauth2.client.CommonOAuth2Provider
import org.springframework.security.config.test.SpringTestContext
import org.springframework.security.config.test.SpringTestContextExtension
@ -47,6 +46,7 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequ
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
import org.springframework.security.oauth2.core.user.DefaultOAuth2User
import org.springframework.security.oauth2.core.user.OAuth2User
import org.springframework.security.web.SecurityFilterChain
import org.springframework.test.web.servlet.MockMvc
import org.springframework.test.web.servlet.get
@ -103,7 +103,7 @@ class RedirectionEndpointDslTests {
}
@EnableWebSecurity
open class UserServiceConfig : WebSecurityConfigurerAdapter() {
open class UserServiceConfig {
companion object {
val REPOSITORY: AuthorizationRequestRepository<OAuth2AuthorizationRequest> =
@ -113,7 +113,8 @@ class RedirectionEndpointDslTests {
val USER_SERVICE: OAuth2UserService<OAuth2UserRequest, OAuth2User> = DefaultOAuth2UserService()
}
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
authorizeRequests {
authorize(anyRequest, authenticated)
@ -133,6 +134,7 @@ class RedirectionEndpointDslTests {
}
}
}
return http.build()
}
}

View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2021 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -26,7 +26,6 @@ import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.oauth2.client.CommonOAuth2Provider
import org.springframework.security.config.test.SpringTestContext
import org.springframework.security.config.test.SpringTestContextExtension
@ -42,6 +41,7 @@ import org.springframework.security.oauth2.core.OAuth2AccessToken
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
import org.springframework.security.web.SecurityFilterChain
import org.springframework.test.web.servlet.MockMvc
import org.springframework.test.web.servlet.get
@ -94,7 +94,7 @@ class TokenEndpointDslTests {
}
@EnableWebSecurity
open class TokenConfig : WebSecurityConfigurerAdapter() {
open class TokenConfig {
companion object {
val REPOSITORY: AuthorizationRequestRepository<OAuth2AuthorizationRequest> =
@ -103,7 +103,8 @@ class TokenEndpointDslTests {
DefaultAuthorizationCodeTokenResponseClient()
}
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
authorizeRequests {
authorize(anyRequest, authenticated)
@ -117,6 +118,7 @@ class TokenEndpointDslTests {
}
}
}
return http.build()
}
}

View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2021 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -27,7 +27,6 @@ import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.oauth2.client.CommonOAuth2Provider
import org.springframework.security.config.test.SpringTestContext
import org.springframework.security.config.test.SpringTestContextExtension
@ -46,6 +45,7 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequ
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
import org.springframework.security.oauth2.core.user.DefaultOAuth2User
import org.springframework.security.oauth2.core.user.OAuth2User
import org.springframework.security.web.SecurityFilterChain
import org.springframework.test.web.servlet.MockMvc
import org.springframework.test.web.servlet.get
@ -102,7 +102,7 @@ class UserInfoEndpointDslTests {
}
@EnableWebSecurity
open class UserServiceConfig : WebSecurityConfigurerAdapter() {
open class UserServiceConfig {
companion object {
val REPOSITORY: AuthorizationRequestRepository<OAuth2AuthorizationRequest> = mockk()
@ -110,7 +110,8 @@ class UserInfoEndpointDslTests {
val USER_SERVICE: OAuth2UserService<OAuth2UserRequest, OAuth2User> = mockk()
}
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
authorizeRequests {
authorize(anyRequest, authenticated)
@ -127,6 +128,7 @@ class UserInfoEndpointDslTests {
}
}
}
return http.build()
}
}

View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2021 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -32,7 +32,6 @@ import org.springframework.security.authentication.TestingAuthenticationProvider
import org.springframework.security.authentication.TestingAuthenticationToken
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.test.SpringTestContext
import org.springframework.security.config.test.SpringTestContextExtension
import org.springframework.security.config.annotation.web.invoke
@ -41,6 +40,7 @@ import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames
import org.springframework.security.oauth2.jwt.Jwt
import org.springframework.security.oauth2.jwt.JwtDecoder
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken
import org.springframework.security.web.SecurityFilterChain
import org.springframework.test.web.servlet.MockMvc
import org.springframework.test.web.servlet.get
import org.springframework.web.bind.annotation.GetMapping
@ -75,8 +75,9 @@ class JwtDslTests {
}
@EnableWebSecurity
open class CustomJwtDecoderConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class CustomJwtDecoderConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
oauth2ResourceServer {
jwt {
@ -84,6 +85,7 @@ class JwtDslTests {
}
}
}
return http.build()
}
}
@ -93,8 +95,9 @@ class JwtDslTests {
}
@EnableWebSecurity
open class CustomJwkSetUriConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class CustomJwkSetUriConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
oauth2ResourceServer {
jwt {
@ -102,6 +105,7 @@ class JwtDslTests {
}
}
}
return http.build()
}
}
@ -127,14 +131,15 @@ class JwtDslTests {
}
@EnableWebSecurity
open class CustomJwtAuthenticationConverterConfig : WebSecurityConfigurerAdapter() {
open class CustomJwtAuthenticationConverterConfig {
companion object {
val CONVERTER: Converter<Jwt, out AbstractAuthenticationToken> = MockConverter()
val DECODER: JwtDecoder = MockJwtDecoder()
}
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
authorizeRequests {
authorize(anyRequest, authenticated)
@ -145,6 +150,7 @@ class JwtDslTests {
}
}
}
return http.build()
}
@Bean
@ -176,13 +182,14 @@ class JwtDslTests {
}
@EnableWebSecurity
open class JwtDecoderAfterJwkSetUriConfig : WebSecurityConfigurerAdapter() {
open class JwtDecoderAfterJwkSetUriConfig {
companion object {
val DECODER: JwtDecoder = MockJwtDecoder()
}
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
authorizeRequests {
authorize(anyRequest, authenticated)
@ -194,6 +201,7 @@ class JwtDslTests {
}
}
}
return http.build()
}
}
@ -222,13 +230,14 @@ class JwtDslTests {
}
@EnableWebSecurity
open class AuthenticationManagerConfig : WebSecurityConfigurerAdapter() {
open class AuthenticationManagerConfig {
companion object {
val AUTHENTICATION_MANAGER: AuthenticationManager = ProviderManager(TestingAuthenticationProvider())
}
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
authorizeRequests {
authorize(anyRequest, authenticated)
@ -239,6 +248,7 @@ class JwtDslTests {
}
}
}
return http.build()
}
}

View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2021 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -32,7 +32,6 @@ import org.springframework.security.authentication.ProviderManager
import org.springframework.security.authentication.TestingAuthenticationProvider
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.test.SpringTestContext
import org.springframework.security.config.test.SpringTestContextExtension
import org.springframework.security.config.annotation.web.invoke
@ -44,6 +43,7 @@ import org.springframework.security.oauth2.server.resource.authentication.Bearer
import org.springframework.security.oauth2.server.resource.introspection.NimbusOpaqueTokenIntrospector
import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector
import org.springframework.security.oauth2.server.resource.introspection.SpringOpaqueTokenIntrospector
import org.springframework.security.web.SecurityFilterChain
import org.springframework.test.web.servlet.MockMvc
import org.springframework.test.web.servlet.get
import org.springframework.web.bind.annotation.GetMapping
@ -102,13 +102,14 @@ class OpaqueTokenDslTests {
}
@EnableWebSecurity
open class DefaultOpaqueConfig : WebSecurityConfigurerAdapter() {
open class DefaultOpaqueConfig {
companion object {
val REST: RestOperations = RestTemplate()
}
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
authorizeRequests {
authorize(anyRequest, authenticated)
@ -117,6 +118,7 @@ class OpaqueTokenDslTests {
opaqueToken { }
}
}
return http.build()
}
@Bean
@ -145,13 +147,14 @@ class OpaqueTokenDslTests {
}
@EnableWebSecurity
open class CustomIntrospectorConfig : WebSecurityConfigurerAdapter() {
open class CustomIntrospectorConfig {
companion object {
val INTROSPECTOR: OpaqueTokenIntrospector = SpringOpaqueTokenIntrospector("uri", "clientId", "clientSecret")
}
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
authorizeRequests {
authorize(anyRequest, authenticated)
@ -162,6 +165,7 @@ class OpaqueTokenDslTests {
}
}
}
return http.build()
}
}
@ -181,13 +185,14 @@ class OpaqueTokenDslTests {
}
@EnableWebSecurity
open class IntrospectorAfterClientCredentialsConfig : WebSecurityConfigurerAdapter() {
open class IntrospectorAfterClientCredentialsConfig {
companion object {
val INTROSPECTOR: OpaqueTokenIntrospector = SpringOpaqueTokenIntrospector("uri", "clientId", "clientSecret")
}
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
authorizeRequests {
authorize(anyRequest, authenticated)
@ -200,6 +205,7 @@ class OpaqueTokenDslTests {
}
}
}
return http.build()
}
}
@ -222,13 +228,14 @@ class OpaqueTokenDslTests {
}
@EnableWebSecurity
open class AuthenticationManagerConfig : WebSecurityConfigurerAdapter() {
open class AuthenticationManagerConfig {
companion object {
val AUTHENTICATION_MANAGER: AuthenticationManager = ProviderManager(TestingAuthenticationProvider())
}
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
authorizeRequests {
authorize(anyRequest, authenticated)
@ -239,6 +246,7 @@ class OpaqueTokenDslTests {
}
}
}
return http.build()
}
}

View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2021 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -27,7 +27,6 @@ import org.springframework.context.annotation.Configuration
import org.springframework.mock.web.MockHttpSession
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.test.SpringTestContext
import org.springframework.security.config.test.SpringTestContextExtension
import org.springframework.security.config.annotation.web.invoke
@ -38,6 +37,7 @@ import org.springframework.security.core.userdetails.User
import org.springframework.security.core.userdetails.UserDetailsService
import org.springframework.security.provisioning.InMemoryUserDetailsManager
import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf
import org.springframework.security.web.SecurityFilterChain
import org.springframework.security.web.session.SimpleRedirectSessionInformationExpiredStrategy
import org.springframework.test.web.servlet.MockMvc
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get
@ -76,8 +76,9 @@ class SessionConcurrencyDslTests {
}
@EnableWebSecurity
open class MaximumSessionsConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class MaximumSessionsConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
sessionManagement {
sessionConcurrency {
@ -87,6 +88,7 @@ class SessionConcurrencyDslTests {
}
formLogin { }
}
return http.build()
}
}
@ -105,13 +107,14 @@ class SessionConcurrencyDslTests {
}
@EnableWebSecurity
open class ExpiredUrlConfig : WebSecurityConfigurerAdapter() {
open class ExpiredUrlConfig {
companion object {
val SESSION_REGISTRY: SessionRegistry = SessionRegistryImpl()
}
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
sessionManagement {
sessionConcurrency {
@ -121,6 +124,7 @@ class SessionConcurrencyDslTests {
}
}
}
return http.build()
}
@Bean
@ -142,13 +146,14 @@ class SessionConcurrencyDslTests {
}
@EnableWebSecurity
open class ExpiredSessionStrategyConfig : WebSecurityConfigurerAdapter() {
open class ExpiredSessionStrategyConfig {
companion object {
val SESSION_REGISTRY: SessionRegistry = SessionRegistryImpl()
}
override fun configure(http: HttpSecurity) {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
sessionManagement {
sessionConcurrency {
@ -158,6 +163,7 @@ class SessionConcurrencyDslTests {
}
}
}
return http.build()
}
@Bean

View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2020 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -25,7 +25,6 @@ import org.springframework.context.annotation.Configuration
import org.springframework.mock.web.MockHttpSession
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.core.userdetails.User
import org.springframework.security.core.userdetails.UserDetailsService
import org.springframework.security.config.annotation.web.invoke
@ -33,6 +32,7 @@ import org.springframework.security.config.test.SpringTestContext
import org.springframework.security.config.test.SpringTestContextExtension
import org.springframework.security.provisioning.InMemoryUserDetailsManager
import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic
import org.springframework.security.web.SecurityFilterChain
import org.springframework.test.web.servlet.MockMvc
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders
@ -69,8 +69,9 @@ class SessionFixationDslTests {
}
@EnableWebSecurity
open class NewSessionConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class NewSessionConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
sessionManagement {
sessionFixation {
@ -79,6 +80,7 @@ class SessionFixationDslTests {
}
httpBasic { }
}
return http.build()
}
}
@ -102,8 +104,9 @@ class SessionFixationDslTests {
}
@EnableWebSecurity
open class MigrateSessionConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class MigrateSessionConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
sessionManagement {
sessionFixation {
@ -112,6 +115,7 @@ class SessionFixationDslTests {
}
httpBasic { }
}
return http.build()
}
}
@ -135,8 +139,9 @@ class SessionFixationDslTests {
}
@EnableWebSecurity
open class ChangeSessionIdConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class ChangeSessionIdConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
sessionManagement {
sessionFixation {
@ -145,6 +150,7 @@ class SessionFixationDslTests {
}
httpBasic { }
}
return http.build()
}
}
@ -168,8 +174,9 @@ class SessionFixationDslTests {
}
@EnableWebSecurity
open class NoneConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
open class NoneConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
sessionManagement {
sessionFixation {
@ -178,6 +185,7 @@ class SessionFixationDslTests {
}
httpBasic { }
}
return http.build()
}
}