From a39ff1b0412e0bc2c1d017d095ae08acf8596db1 Mon Sep 17 00:00:00 2001 From: Rob Winch Date: Mon, 22 Jul 2013 11:54:10 -0500 Subject: [PATCH] SEC-2202: http.authorizeUrls() to http.authorizeRequests() This change is more meaningful since the requests can be matched on anything not just the URL --- .../annotation/web/builders/HttpSecurity.java | 44 +++++++-------- .../web/configuration/EnableWebSecurity.java | 2 +- .../WebSecurityConfigurerAdapter.java | 4 +- .../ExpressionUrlAuthorizationConfigurer.java | 6 +-- .../web/configurers/PermitAllSupport.java | 2 +- .../openid/OpenIDLoginConfigurer.java | 2 +- ...leWebSecurityConfigurerAdapterTests.groovy | 6 +-- ...SecurityConfigurerAdapterTestsConfigs.java | 2 +- .../builders/HttpConfigurationTests.groovy | 2 +- .../web/builders/NamespaceHttpTests.groovy | 10 ++-- .../EnableWebSecurityTests.groovy | 2 +- .../WebSecurityConfigurationTests.groovy | 16 +++--- .../configurers/DefaultFiltersTests.groovy | 2 +- .../DefaultLoginPageConfigurerTests.groovy | 14 ++--- .../ExceptionHandlingConfigurerTests.groovy | 2 +- .../ExpressionUrlAuthorizationsTests.groovy | 54 +++++++++---------- .../FormLoginConfigurerTests.groovy | 8 +-- .../web/configurers/Issue55Tests.groovy | 6 +-- .../NamespaceHttpAnonymousTests.groovy | 6 +-- .../NamespaceHttpBasicTests.groovy | 6 +-- .../NamespaceHttpCustomFilterTests.groovy | 2 +- ...NamespaceHttpExpressionHandlerTests.groovy | 2 +- .../NamespaceHttpFormLoginTests.groovy | 4 +- .../NamespaceHttpInterceptUrlTests.groovy | 2 +- .../configurers/NamespaceHttpJeeTests.groovy | 4 +- .../NamespaceHttpOpenIDLoginTests.groovy | 8 +-- .../NamespaceHttpPortMappingsTests.groovy | 2 +- .../configurers/NamespaceHttpX509Tests.groovy | 10 ++-- .../NamespaceRememberMeTests.groovy | 2 +- .../configurers/PermitAllSupportTests.groovy | 2 +- .../RememberMeConfigurerTests.groovy | 2 +- .../openid/OpenIDLoginConfigurerTests.groovy | 2 +- 32 files changed, 119 insertions(+), 119 deletions(-) diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java index 1c2fd4efcc..2b7fe7469e 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java @@ -88,7 +88,7 @@ import org.springframework.util.Assert; * @Override * protected void configure(HttpSecurity http) throws Exception { * http - * .authorizeUrls() + * .authorizeRequests() * .antMatchers("/**").hasRole("USER") * .and() * .formLogin(); @@ -148,7 +148,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * http - * .authorizeUrls() + * .authorizeRequests() * .antMatchers("/**").hasRole("USER") * .antMatchers("/admin/**").hasRole("ADMIN") * @@ -606,7 +606,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder authorizeUrls() throws Exception { + public ExpressionUrlAuthorizationConfigurer authorizeRequests() throws Exception { return getOrApply(new ExpressionUrlAuthorizationConfigurer()); } @@ -681,7 +681,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * http - * .authorizeUrls() + * .authorizeRequests() * .anyRequest().authenticated().and() * .formLogin().and() * .httpBasic(); @@ -297,7 +297,7 @@ public abstract class WebSecurityConfigurerAdapter implements SecurityConfigurer logger.debug("Using default configure(HttpSecurity). If subclassed this will potentially override subclass configure(HttpSecurity)."); http - .authorizeUrls() + .authorizeRequests() .anyRequest().authenticated() .and() .formLogin().and() diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java index 7ae103eb98..dc7529eca4 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java @@ -65,7 +65,7 @@ import org.springframework.util.StringUtils; * * @author Rob Winch * @since 3.2 - * @see {@link org.springframework.security.config.annotation.web.builders.HttpSecurity#authorizeUrls()} + * @see {@link org.springframework.security.config.annotation.web.builders.HttpSecurity#authorizeRequests()} */ public final class ExpressionUrlAuthorizationConfigurer> extends AbstractInterceptUrlConfigurer,ExpressionUrlAuthorizationConfigurer.AuthorizedUrl> { static final String permitAll = "permitAll"; @@ -79,7 +79,7 @@ public final class ExpressionUrlAuthorizationConfigurer> requestMap = createRequestMap(); if(requestMap.isEmpty()) { - throw new IllegalStateException("At least one mapping is required (i.e. authorizeUrls().anyRequest.authenticated())"); + throw new IllegalStateException("At least one mapping is required (i.e. authorizeRequests().anyRequest.authenticated())"); } return new ExpressionBasedFilterInvocationSecurityMetadataSource(requestMap, expressionHandler); } diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java index 606679bbd0..2291a2d71f 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java @@ -36,7 +36,7 @@ final class PermitAllSupport { ExpressionUrlAuthorizationConfigurer configurer = http.getConfigurer(ExpressionUrlAuthorizationConfigurer.class); if(configurer == null) { - throw new IllegalStateException("permitAll only works with HttpSecurity.authorizeUrls()"); + throw new IllegalStateException("permitAll only works with HttpSecurity.authorizeRequests()"); } for(String url : urls) { diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java index 1c38c408c8..e5a7c41c2f 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java @@ -64,7 +64,7 @@ import org.springframework.security.web.authentication.ui.DefaultLoginPageViewFi * @Override * protected void configure(HttpSecurity http) { * http - * .authorizeUrls() + * .authorizeRequests() * .antMatchers("/**").hasRole("USER") * .and() * .openidLogin() diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.groovy index b5dac6ceb2..b4ce9a23a2 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.groovy @@ -169,7 +169,7 @@ public class SampleWebSecurityConfigurerAdapterTests extends BaseWebSpecuritySpe @Override protected void configure(HttpSecurity http) throws Exception { http - .authorizeUrls() + .authorizeRequests() .antMatchers("/signup","/about").permitAll() .anyRequest().hasRole("USER") .and() @@ -290,7 +290,7 @@ public class SampleWebSecurityConfigurerAdapterTests extends BaseWebSpecuritySpe protected void configure(HttpSecurity http) throws Exception { http .antMatcher("/api/**") - .authorizeUrls() + .authorizeRequests() .antMatchers("/api/admin/**").hasRole("ADMIN") .antMatchers("/api/**").hasRole("USER") .and() @@ -310,7 +310,7 @@ public class SampleWebSecurityConfigurerAdapterTests extends BaseWebSpecuritySpe @Override protected void configure(HttpSecurity http) throws Exception { http - .authorizeUrls() + .authorizeRequests() .antMatchers("/signup","/about").permitAll() .anyRequest().hasRole("USER") .and() diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTestsConfigs.java b/config/src/test/groovy/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTestsConfigs.java index 975607862b..8a42d2e5cf 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTestsConfigs.java +++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTestsConfigs.java @@ -42,7 +42,7 @@ public class WebSecurityConfigurerAdapterTestsConfigs { protected void configure(HttpSecurity http) throws Exception { http .antMatcher("/role1/**") - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("1"); } diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.groovy index b52edb40d5..d546e3693c 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.groovy @@ -113,7 +113,7 @@ public class HttpSecurityTests extends BaseSpringSpec { .antMatchers("/api/**") .antMatchers("/oauth/**") .and() - .authorizeUrls() + .authorizeRequests() .antMatchers("/**").hasRole("USER") .and() .httpBasic() diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.groovy index 1f20f74355..e35a936c7a 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.groovy @@ -77,7 +77,7 @@ public class NamespaceHttpTests extends BaseSpringSpec { protected void configure(HttpSecurity http) throws Exception { http - .authorizeUrls() + .authorizeRequests() .anyRequest().permitAll() .accessDecisionManager(ACCESS_DECISION_MGR) } @@ -118,7 +118,7 @@ public class NamespaceHttpTests extends BaseSpringSpec { @Override protected void configure(HttpSecurity http) throws Exception { http - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("USER"); } @@ -301,7 +301,7 @@ public class NamespaceHttpTests extends BaseSpringSpec { @Override protected void configure(HttpSecurity http) throws Exception { http - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("USER"); } } @@ -318,7 +318,7 @@ public class NamespaceHttpTests extends BaseSpringSpec { @Override protected void configure(HttpSecurity http) throws Exception { http. - authorizeUrls() + authorizeRequests() .filterSecurityInterceptorOncePerRequest(false) .antMatchers("/users**","/sessions/**").hasRole("ADMIN") .antMatchers("/signup").permitAll() @@ -482,7 +482,7 @@ public class NamespaceHttpTests extends BaseSpringSpec { static class UseExpressionsConfig extends BaseWebConfig { protected void configure(HttpSecurity http) throws Exception { http - .authorizeUrls() + .authorizeRequests() .antMatchers("/users**","/sessions/**").hasRole("USER") .antMatchers("/signup").permitAll() .anyRequest().hasRole("USER") diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.groovy index 723784a886..f384d0779c 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.groovy @@ -62,7 +62,7 @@ class EnableWebSecurityTests extends BaseSpringSpec { @Override protected void configure(HttpSecurity http) throws Exception { http - .authorizeUrls() + .authorizeRequests() .antMatchers("/*").hasRole("USER") .and() .formLogin(); diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.groovy index acfd786a14..1e2f8bdb79 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.groovy @@ -87,7 +87,7 @@ class WebSecurityConfigurationTests extends BaseSpringSpec { protected void configure(HttpSecurity http) throws Exception { http .antMatcher("/role1/**") - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("1"); } } @@ -99,7 +99,7 @@ class WebSecurityConfigurationTests extends BaseSpringSpec { protected void configure(HttpSecurity http) throws Exception { http .antMatcher("/role2/**") - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("2"); } } @@ -111,7 +111,7 @@ class WebSecurityConfigurationTests extends BaseSpringSpec { protected void configure(HttpSecurity http) throws Exception { http .antMatcher("/role3/**") - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("3"); } } @@ -122,7 +122,7 @@ class WebSecurityConfigurationTests extends BaseSpringSpec { @Override protected void configure(HttpSecurity http) throws Exception { http - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("4"); } } @@ -155,7 +155,7 @@ class WebSecurityConfigurationTests extends BaseSpringSpec { protected void configure(HttpSecurity http) throws Exception { http .antMatcher("/role1/**") - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("1"); } } @@ -166,7 +166,7 @@ class WebSecurityConfigurationTests extends BaseSpringSpec { protected void configure(HttpSecurity http) throws Exception { http .antMatcher("/role2/**") - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("2"); } } @@ -232,7 +232,7 @@ class WebSecurityConfigurationTests extends BaseSpringSpec { @Override protected void configure(HttpSecurity http) throws Exception { http - .authorizeUrls() + .authorizeRequests() .anyRequest().authenticated() } } @@ -253,7 +253,7 @@ class WebSecurityConfigurationTests extends BaseSpringSpec { @Override protected void configure(HttpSecurity http) throws Exception { http - .authorizeUrls() + .authorizeRequests() .anyRequest().authenticated() } } diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.groovy index 9487657f87..615a1d5d8a 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.groovy @@ -130,7 +130,7 @@ class DefaultFiltersTests extends BaseSpringSpec { @Override protected void configure(HttpSecurity http) { http - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("USER"); } } diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.groovy index 2c56a56f6f..f0cb3156da 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.groovy @@ -134,7 +134,7 @@ public class DefaultLoginPageConfigurerTests extends BaseSpringSpec { @Override protected void configure(HttpSecurity http) { http - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("USER") .and() .formLogin() @@ -159,7 +159,7 @@ public class DefaultLoginPageConfigurerTests extends BaseSpringSpec { @Override protected void configure(HttpSecurity http) { http - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("USER") .and() .logout() @@ -187,7 +187,7 @@ public class DefaultLoginPageConfigurerTests extends BaseSpringSpec { @Override protected void configure(HttpSecurity http) { http - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("USER") .and() .logout() @@ -222,7 +222,7 @@ public class DefaultLoginPageConfigurerTests extends BaseSpringSpec { @Override protected void configure(HttpSecurity http) { http - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("USER") .and() .formLogin() @@ -252,7 +252,7 @@ public class DefaultLoginPageConfigurerTests extends BaseSpringSpec { @Override protected void configure(HttpSecurity http) { http - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("USER") .and() .openidLogin() @@ -289,7 +289,7 @@ public class DefaultLoginPageConfigurerTests extends BaseSpringSpec { @Override protected void configure(HttpSecurity http) { http - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("USER") .and() .rememberMe() @@ -315,7 +315,7 @@ public class DefaultLoginPageConfigurerTests extends BaseSpringSpec { .exceptionHandling() .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login")) .and() - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("USER") .and() .formLogin() diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.groovy index c713277220..178b90c131 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.groovy @@ -110,7 +110,7 @@ class ExceptionHandlingConfigurerTests extends BaseSpringSpec { @Override protected void configure(HttpSecurity http) throws Exception { http - .authorizeUrls() + .authorizeRequests() .anyRequest().authenticated() .and() .httpBasic() diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationsTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationsTests.groovy index f58411b355..ff31be26e9 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationsTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationsTests.groovy @@ -54,7 +54,7 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec { e.message == "role should not start with 'ROLE_' since it is automatically inserted. Got 'ROLE_USER'" } - def "authorizeUrls() uses AffirmativeBased AccessDecisionManager"() { + def "authorizeRequests() uses AffirmativeBased AccessDecisionManager"() { when: "Load Config with no specific AccessDecisionManager" loadConfig(NoSpecificAccessDecessionManagerConfig) then: "AccessDecessionManager matches the HttpSecurityBuilder's default" @@ -66,17 +66,17 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec { static class NoSpecificAccessDecessionManagerConfig extends WebSecurityConfigurerAdapter { protected void configure(HttpSecurity http) throws Exception { http - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("USER") } } - def "authorizeUrls() no requests"() { + def "authorizeRequests() no requests"() { when: "Load Config with no requests" loadConfig(NoRequestsConfig) then: "A meaningful exception is thrown" BeanCreationException success = thrown() - success.message.contains "At least one mapping is required (i.e. authorizeUrls().anyRequest.authenticated())" + success.message.contains "At least one mapping is required (i.e. authorizeRequests().anyRequest.authenticated())" } @EnableWebSecurity @@ -84,11 +84,11 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec { static class NoRequestsConfig extends WebSecurityConfigurerAdapter { protected void configure(HttpSecurity http) throws Exception { http - .authorizeUrls() + .authorizeRequests() } } - def "authorizeUrls() incomplete mapping"() { + def "authorizeRequests() incomplete mapping"() { when: "Load Config with incomplete mapping" loadConfig(IncompleteMappingConfig) then: "A meaningful exception is thrown" @@ -101,13 +101,13 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec { static class IncompleteMappingConfig extends WebSecurityConfigurerAdapter { protected void configure(HttpSecurity http) throws Exception { http - .authorizeUrls() + .authorizeRequests() .antMatchers("/a").authenticated() .anyRequest() } } - def "authorizeUrls() hasAuthority"() { + def "authorizeRequests() hasAuthority"() { setup: loadConfig(HasAuthorityConfig) when: @@ -135,12 +135,12 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec { http .httpBasic() .and() - .authorizeUrls() + .authorizeRequests() .anyRequest().hasAuthority("ROLE_USER") } } - def "authorizeUrls() hasAnyAuthority"() { + def "authorizeRequests() hasAnyAuthority"() { setup: loadConfig(HasAnyAuthorityConfig) when: @@ -174,12 +174,12 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec { http .httpBasic() .and() - .authorizeUrls() + .authorizeRequests() .anyRequest().hasAnyAuthority("ROLE_ADMIN","ROLE_DBA") } } - def "authorizeUrls() hasIpAddress"() { + def "authorizeRequests() hasIpAddress"() { setup: loadConfig(HasIpAddressConfig) when: @@ -202,12 +202,12 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec { http .httpBasic() .and() - .authorizeUrls() + .authorizeRequests() .anyRequest().hasIpAddress("192.168.1.0") } } - def "authorizeUrls() anonymous"() { + def "authorizeRequests() anonymous"() { setup: loadConfig(AnonymousConfig) when: @@ -229,12 +229,12 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec { http .httpBasic() .and() - .authorizeUrls() + .authorizeRequests() .anyRequest().anonymous() } } - def "authorizeUrls() rememberMe"() { + def "authorizeRequests() rememberMe"() { setup: loadConfig(RememberMeConfig) when: @@ -258,7 +258,7 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec { .and() .httpBasic() .and() - .authorizeUrls() + .authorizeRequests() .anyRequest().rememberMe() } @@ -271,7 +271,7 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec { } } - def "authorizeUrls() denyAll"() { + def "authorizeRequests() denyAll"() { setup: loadConfig(DenyAllConfig) when: @@ -293,12 +293,12 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec { http .httpBasic() .and() - .authorizeUrls() + .authorizeRequests() .anyRequest().denyAll() } } - def "authorizeUrls() not denyAll"() { + def "authorizeRequests() not denyAll"() { setup: loadConfig(NotDenyAllConfig) when: @@ -320,12 +320,12 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec { http .httpBasic() .and() - .authorizeUrls() + .authorizeRequests() .anyRequest().not().denyAll() } } - def "authorizeUrls() fullyAuthenticated"() { + def "authorizeRequests() fullyAuthenticated"() { setup: loadConfig(FullyAuthenticatedConfig) when: @@ -355,7 +355,7 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec { .and() .httpBasic() .and() - .authorizeUrls() + .authorizeRequests() .anyRequest().fullyAuthenticated() } @@ -368,7 +368,7 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec { } } - def "authorizeUrls() access"() { + def "authorizeRequests() access"() { setup: loadConfig(AccessConfig) when: @@ -399,7 +399,7 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec { .and() .httpBasic() .and() - .authorizeUrls() + .authorizeRequests() .anyRequest().access("hasRole('ROLE_USER') or request.method == 'GET'") } @@ -430,10 +430,10 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec { http .httpBasic() .and() - .authorizeUrls() + .authorizeRequests() .anyRequest().authenticated() .and() - .authorizeUrls() + .authorizeRequests() } @Override diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.groovy index 78bb4ba9cc..9393db2c41 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.groovy @@ -99,7 +99,7 @@ class FormLoginConfigurerTests extends BaseSpringSpec { @Override protected void configure(HttpSecurity http) { http - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("USER") .and() .formLogin() @@ -131,7 +131,7 @@ class FormLoginConfigurerTests extends BaseSpringSpec { @Override protected void configure(HttpSecurity http) { http - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("USER") .and() .formLogin() @@ -155,7 +155,7 @@ class FormLoginConfigurerTests extends BaseSpringSpec { @Override protected void configure(HttpSecurity http) { http - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("USER") .and() .formLogin() @@ -187,7 +187,7 @@ class FormLoginConfigurerTests extends BaseSpringSpec { @Override protected void configure(HttpSecurity http) { http - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("USER") .and() .formLogin() diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/Issue55Tests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/Issue55Tests.groovy index d9c804eee6..af84d074b6 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/Issue55Tests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/Issue55Tests.groovy @@ -52,7 +52,7 @@ class Issue55Tests extends BaseSpringSpec { @Override protected void configure(HttpSecurity http) throws Exception { http - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("USER"); } } @@ -84,7 +84,7 @@ class Issue55Tests extends BaseSpringSpec { protected void configure(HttpSecurity http) throws Exception { http .antMatcher("/api/**") - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("USER"); } } @@ -93,7 +93,7 @@ class Issue55Tests extends BaseSpringSpec { @Override protected void configure(HttpSecurity http) throws Exception { http - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("USER"); } } diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpAnonymousTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpAnonymousTests.groovy index bac648119a..2f2983aa2b 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpAnonymousTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpAnonymousTests.groovy @@ -47,7 +47,7 @@ public class NamespaceHttpAnonymousTests extends BaseSpringSpec { @Override protected void configure(HttpSecurity http) { http - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("USER"); } } @@ -98,7 +98,7 @@ public class NamespaceHttpAnonymousTests extends BaseSpringSpec { static class AnonymousKeyConfig extends BaseWebConfig { protected void configure(HttpSecurity http) { http - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("USER") .and() .anonymous().key("AnonymousKeyConfig") @@ -120,7 +120,7 @@ public class NamespaceHttpAnonymousTests extends BaseSpringSpec { static class AnonymousUsernameConfig extends BaseWebConfig { protected void configure(HttpSecurity http) { http - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("USER") .and() .anonymous().principal("AnonymousUsernameConfig") diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.groovy index 7bd5a860a8..c226354261 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.groovy @@ -76,7 +76,7 @@ public class NamespaceHttpBasicTests extends BaseSpringSpec { static class HttpBasicConfig extends BaseWebConfig { protected void configure(HttpSecurity http) { http - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("USER") .and() .httpBasic(); @@ -99,7 +99,7 @@ public class NamespaceHttpBasicTests extends BaseSpringSpec { static class CustomHttpBasicConfig extends BaseWebConfig { protected void configure(HttpSecurity http) { http - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("USER") .and() .httpBasic().realmName("Custom Realm"); @@ -150,7 +150,7 @@ public class NamespaceHttpBasicTests extends BaseSpringSpec { static class EntryPointRefHttpBasicConfig extends BaseWebConfig { protected void configure(HttpSecurity http) { http - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("USER") .and() .httpBasic() diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.groovy index cc477a246a..333ef50d0c 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.groovy @@ -152,7 +152,7 @@ public class NamespaceHttpCustomFilterTests extends BaseSpringSpec { @Override protected void configure(HttpSecurity http) { http - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("USER") .and() .addFilterBefore(new CustomFilter(), UsernamePasswordAuthenticationFilter.class) diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpExpressionHandlerTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpExpressionHandlerTests.groovy index 819d3ef0ae..fde56ede26 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpExpressionHandlerTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpExpressionHandlerTests.groovy @@ -47,7 +47,7 @@ public class NamespaceHttpExpressionHandlerTests extends BaseSpringSpec { protected void configure(HttpSecurity http) { http - .authorizeUrls() + .authorizeRequests() .expressionHandler(EXPRESSION_HANDLER) .antMatchers("/users**","/sessions/**").hasRole("ADMIN") .antMatchers("/signup").permitAll() diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.groovy index 35ad0324c0..4ffb9a8a8c 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.groovy @@ -79,7 +79,7 @@ public class NamespaceHttpFormLoginTests extends BaseSpringSpec { @Override protected void configure(HttpSecurity http) { http - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("USER") .and() .formLogin() @@ -117,7 +117,7 @@ public class NamespaceHttpFormLoginTests extends BaseSpringSpec { protected void configure(HttpSecurity http) throws Exception { boolean alwaysUseDefaultSuccess = true; http - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("USER") .and() .formLogin() diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.groovy index 1461eef069..51c7b4bbe4 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.groovy @@ -138,7 +138,7 @@ public class NamespaceHttpInterceptUrlTests extends BaseSpringSpec { @Override protected void configure(HttpSecurity http) throws Exception { http - .authorizeUrls() + .authorizeRequests() // the line below is similar to intercept-url@pattern: // // diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.groovy index adad677ef4..c7bf8e027b 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.groovy @@ -99,7 +99,7 @@ public class NamespaceHttpJeeTests extends BaseSpringSpec { @Override protected void configure(HttpSecurity http) throws Exception { http - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("USER") .and() .jee() @@ -126,7 +126,7 @@ public class NamespaceHttpJeeTests extends BaseSpringSpec { @Override protected void configure(HttpSecurity http) throws Exception { http - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("USER") .and() .jee() diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.groovy index cdf4ef5cf8..a72418532c 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.groovy @@ -78,7 +78,7 @@ public class NamespaceHttpOpenIDLoginTests extends BaseSpringSpec { static class OpenIDLoginConfig extends BaseWebConfig { protected void configure(HttpSecurity http) { http - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("USER") .and() .openidLogin() @@ -129,7 +129,7 @@ public class NamespaceHttpOpenIDLoginTests extends BaseSpringSpec { static class OpenIDLoginAttributeExchangeConfig extends BaseWebConfig { protected void configure(HttpSecurity http) { http - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("USER") .and() .openidLogin() @@ -184,7 +184,7 @@ public class NamespaceHttpOpenIDLoginTests extends BaseSpringSpec { protected void configure(HttpSecurity http) throws Exception { boolean alwaysUseDefaultSuccess = true; http - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("USER") .and() .openidLogin() @@ -218,7 +218,7 @@ public class NamespaceHttpOpenIDLoginTests extends BaseSpringSpec { protected void configure(HttpSecurity http) throws Exception { http - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("USER") .and() .openidLogin() diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.groovy index ca8b57536e..37b1a8d7ab 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.groovy @@ -88,7 +88,7 @@ public class NamespaceHttpPortMappingsTests extends BaseSpringSpec { @Override protected void configure(HttpSecurity http) throws Exception { http - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("USER") .and() .portMapper() diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.groovy index 8ae6d445aa..e3407563ca 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.groovy @@ -103,7 +103,7 @@ public class NamespaceHttpX509Tests extends BaseSpringSpec { @Override protected void configure(HttpSecurity http) throws Exception { http - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("USER") .and() .x509(); @@ -136,7 +136,7 @@ public class NamespaceHttpX509Tests extends BaseSpringSpec { protected void configure(HttpSecurity http) throws Exception { http - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("USER") .and() .x509() @@ -170,7 +170,7 @@ public class NamespaceHttpX509Tests extends BaseSpringSpec { @Override protected void configure(HttpSecurity http) throws Exception { http - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("USER") .and() .x509() @@ -204,7 +204,7 @@ public class NamespaceHttpX509Tests extends BaseSpringSpec { @Override protected void configure(HttpSecurity http) throws Exception { http - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("USER") .and() .x509() @@ -238,7 +238,7 @@ public class NamespaceHttpX509Tests extends BaseSpringSpec { protected void configure(HttpSecurity http) throws Exception { http - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("USER") .and() .x509() diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.groovy index e9bdac60a0..26a4524bf0 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.groovy @@ -112,7 +112,7 @@ public class NamespaceRememberMeTests extends BaseSpringSpec { static class RememberMeConfig extends BaseWebConfig { protected void configure(HttpSecurity http) throws Exception { http - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("USER") .and() .formLogin() diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.groovy index a784354ffa..dff9723443 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.groovy @@ -46,7 +46,7 @@ class PermitAllSupportTests extends BaseSpringSpec { loadConfig(NoAuthorizedUrlsConfig) then: BeanCreationException e = thrown() - e.message.contains "permitAll only works with HttpSecurity.authorizeUrls" + e.message.contains "permitAll only works with HttpSecurity.authorizeRequests" } diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.groovy index b3d7f10707..3c5e093554 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.groovy @@ -45,7 +45,7 @@ public class RememberMeConfigurerTests extends BaseSpringSpec { static class NullUserDetailsConfig extends WebSecurityConfigurerAdapter { protected void configure(HttpSecurity http) throws Exception { http - .authorizeUrls() + .authorizeRequests() .anyRequest().hasRole("USER") .and() .formLogin() diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.groovy index 0507f412a9..e7a66d4186 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.groovy @@ -76,7 +76,7 @@ class OpenIDLoginConfigurerTests extends BaseSpringSpec { @Override protected void configure(HttpSecurity http) throws Exception { http - .authorizeUrls() + .authorizeRequests() .anyRequest().authenticated() .and() .openidLogin()