Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-25 13:32:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Deprecate SecurityMetadataSource

Browse Source 
Closes gh-16772
This commit is contained in:
Josh Cummings 2025-03-19 14:14:42 -06:00
parent 44d553946e
commit 989aee244b
No known key found for this signature in database
GPG Key ID: 869B37A20E876129
5 changed files with 42 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
core/src/main/java/org/springframework/security/access/SecurityMetadataSource.java
View File

@ -20,13 +20,22 @@ import java.util.Collection;
import org.springframework.aop.framework.AopInfrastructureBean; import org.springframework.aop.framework.AopInfrastructureBean;
import org.springframework.security.access.intercept.AbstractSecurityInterceptor; import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.core.annotation.SecurityAnnotationScanner;
/** /**
* Implemented by classes that store and can identify the {@link ConfigAttribute}s that * Implemented by classes that store and can identify the {@link ConfigAttribute}s that
* applies to a given secure object invocation. * applies to a given secure object invocation.
* *
* @author Ben Alex * @author Ben Alex
* @deprecated In modern Spring Security APIs, each API manages its own configuration
* context. As such there is no direct replacement for this interface. In the case of
* method security, please see {@link SecurityAnnotationScanner} and
* {@link AuthorizationManager}. In the case of channel security, please see
* {@code HttpsRedirectFilter}. In the case of web security, please see
* {@link AuthorizationManager}.
*/ */
@Deprecated
public interface SecurityMetadataSource extends AopInfrastructureBean { public interface SecurityMetadataSource extends AopInfrastructureBean {
/** /**

9
web/src/main/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSource.java
View File

@ -31,6 +31,8 @@ import org.springframework.expression.ExpressionParser;
import org.springframework.expression.ParseException; import org.springframework.expression.ParseException;
import org.springframework.security.access.ConfigAttribute; import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.expression.SecurityExpressionHandler; import org.springframework.security.access.expression.SecurityExpressionHandler;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.core.annotation.SecurityAnnotationScanner;
import org.springframework.security.web.FilterInvocation; import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource; import org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
@ -43,7 +45,14 @@ import org.springframework.util.Assert;
* @author Luke Taylor * @author Luke Taylor
* @author Eddú Meléndez * @author Eddú Meléndez
* @since 3.0 * @since 3.0
* @deprecated In modern Spring Security APIs, each API manages its own configuration
* context. As such there is no direct replacement for this interface. In the case of
* method security, please see {@link SecurityAnnotationScanner} and
* {@link AuthorizationManager}. In the case of channel security, please see
* {@code HttpsRedirectFilter}. In the case of web security, please see
* {@link AuthorizationManager}.
*/ */
@Deprecated
public final class ExpressionBasedFilterInvocationSecurityMetadataSource public final class ExpressionBasedFilterInvocationSecurityMetadataSource
extends DefaultFilterInvocationSecurityMetadataSource { extends DefaultFilterInvocationSecurityMetadataSource {

9
web/src/main/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSource.java
View File

@ -28,6 +28,8 @@ import org.apache.commons.logging.LogFactory;
import org.springframework.core.log.LogMessage; import org.springframework.core.log.LogMessage;
import org.springframework.security.access.ConfigAttribute; import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.core.annotation.SecurityAnnotationScanner;
import org.springframework.security.web.FilterInvocation; import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher;
@ -50,7 +52,14 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
* *
* @author Ben Alex * @author Ben Alex
* @author Luke Taylor * @author Luke Taylor
* @deprecated In modern Spring Security APIs, each API manages its own configuration
* context. As such there is no direct replacement for this interface. In the case of
* method security, please see {@link SecurityAnnotationScanner} and
* {@link AuthorizationManager}. In the case of channel security, please see
* {@code HttpsRedirectFilter}. In the case of web security, please see
* {@link AuthorizationManager}.
*/ */
@Deprecated
public class DefaultFilterInvocationSecurityMetadataSource implements FilterInvocationSecurityMetadataSource { public class DefaultFilterInvocationSecurityMetadataSource implements FilterInvocationSecurityMetadataSource {
protected final Log logger = LogFactory.getLog(getClass()); protected final Log logger = LogFactory.getLog(getClass());

9
web/src/main/java/org/springframework/security/web/access/intercept/FilterInvocationSecurityMetadataSource.java
View File

@ -17,6 +17,8 @@
package org.springframework.security.web.access.intercept; package org.springframework.security.web.access.intercept;
import org.springframework.security.access.SecurityMetadataSource; import org.springframework.security.access.SecurityMetadataSource;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.core.annotation.SecurityAnnotationScanner;
import org.springframework.security.web.FilterInvocation; import org.springframework.security.web.FilterInvocation;
/** /**
@ -24,7 +26,14 @@ import org.springframework.security.web.FilterInvocation;
* designed to perform lookups keyed on {@link FilterInvocation}s. * designed to perform lookups keyed on {@link FilterInvocation}s.
* *
* @author Ben Alex * @author Ben Alex
* @deprecated In modern Spring Security APIs, each API manages its own configuration
* context. As such there is no direct replacement for this interface. In the case of
* method security, please see {@link SecurityAnnotationScanner} and
* {@link AuthorizationManager}. In the case of channel security, please see
* {@code HttpsRedirectFilter}. In the case of web security, please see
* {@link AuthorizationManager}.
*/ */
@Deprecated
public interface FilterInvocationSecurityMetadataSource extends SecurityMetadataSource { public interface FilterInvocationSecurityMetadataSource extends SecurityMetadataSource {
} }

7
web/src/main/java/org/springframework/security/web/servlet/util/matcher/PathPatternRequestMatcher.java
View File

@ -127,7 +127,12 @@ public final class PathPatternRequestMatcher implements RequestMatcher {
} }
private RequestPath getRequestPath(HttpServletRequest request) { private RequestPath getRequestPath(HttpServletRequest request) {
return ServletRequestPathUtils.getParsedRequestPath(request); if (ServletRequestPathUtils.hasParsedRequestPath(request)) {
return ServletRequestPathUtils.getParsedRequestPath(request);
}
else {
return ServletRequestPathUtils.parseAndCache(request);
}
} }
/** /**