SEC-2202: http.authorizeUrls() to http.authorizeRequests()

This change is more meaningful since the requests can be matched on
anything not just the URL
This commit is contained in:
Rob Winch 2013-07-22 11:54:10 -05:00
parent e1d8db4e95
commit a39ff1b041
32 changed files with 119 additions and 119 deletions

View File

@ -88,7 +88,7 @@ import org.springframework.util.Assert;
* @Override
* protected void configure(HttpSecurity http) throws Exception {
* http
* .authorizeUrls()
* .authorizeRequests()
* .antMatchers("/**").hasRole("USER")
* .and()
* .formLogin();
@ -148,7 +148,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* &#064;Override
* protected void configure(HttpSecurity http) {
* http
* .authorizeUrls()
* .authorizeRequests()
* .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
* .and()
* .openidLogin()
@ -180,7 +180,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* &#064;Override
* protected void configure(HttpSecurity http) {
* http
* .authorizeUrls()
* .authorizeRequests()
* .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
* .and()
* .openidLogin()
@ -259,7 +259,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* &#064;Override
* protected void configure(HttpSecurity http) throws Exception {
* http
* .authorizeUrls()
* .authorizeRequests()
* .anyRequest().hasRole(&quot;USER&quot;)
* .and()
* .formLogin()
@ -330,7 +330,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* &#064;Override
* protected void configure(HttpSecurity http) throws Exception {
* http
* .authorizeUrls()
* .authorizeRequests()
* .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
* .and()
* .formLogin()
@ -379,7 +379,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* &#064;Override
* protected void configure(HttpSecurity http) throws Exception {
* http
* .authorizeUrls()
* .authorizeRequests()
* .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
* .and()
* // Example jee() configuration
@ -454,7 +454,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* &#064;Override
* protected void configure(HttpSecurity http) throws Exception {
* http
* .authorizeUrls()
* .authorizeRequests()
* .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
* .and()
* // Example x509() configuration
@ -497,7 +497,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* &#064;Override
* protected void configure(HttpSecurity http) throws Exception {
* http
* .authorizeUrls()
* .authorizeRequests()
* .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
* .and()
* .formLogin()
@ -534,7 +534,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* &#064;Override
* protected void configure(HttpSecurity http) throws Exception {
* http
* .authorizeUrls()
* .authorizeRequests()
* .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
* .and()
* .formLogin();
@ -568,7 +568,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* &#064;Override
* protected void configure(HttpSecurity http) throws Exception {
* http
* .authorizeUrls()
* .authorizeRequests()
* .antMatchers(&quot;/admin/**&quot;).hasRole(&quot;ADMIN&quot;)
* .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
* .and()
@ -596,7 +596,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
*
* <pre>
* http
* .authorizeUrls()
* .authorizeRequests()
* .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
* .antMatchers(&quot;/admin/**&quot;).hasRole(&quot;ADMIN&quot;)
* </pre>
@ -606,7 +606,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* @return
* @throws Exception
*/
public ExpressionUrlAuthorizationConfigurer<HttpSecurity> authorizeUrls() throws Exception {
public ExpressionUrlAuthorizationConfigurer<HttpSecurity> authorizeRequests() throws Exception {
return getOrApply(new ExpressionUrlAuthorizationConfigurer<HttpSecurity>());
}
@ -681,7 +681,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* &#064;Override
* protected void configure(HttpSecurity http) throws Exception {
* http
* .authorizeUrls()
* .authorizeRequests()
* .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
* .and()
* .formLogin()
@ -733,7 +733,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* &#064;Override
* protected void configure(HttpSecurity http) throws Exception {
* http
* .authorizeUrls()
* .authorizeRequests()
* .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
* .and()
* .formLogin()
@ -766,7 +766,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* &#064;Override
* protected void configure(HttpSecurity http) throws Exception {
* http
* .authorizeUrls()
* .authorizeRequests()
* .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
* .and()
* .formLogin()
@ -815,7 +815,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* &#064;Override
* protected void configure(HttpSecurity http) throws Exception {
* http
* .authorizeUrls()
* .authorizeRequests()
* .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
* .and()
* .formLogin();
@ -843,7 +843,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* &#064;Override
* protected void configure(HttpSecurity http) throws Exception {
* http
* .authorizeUrls()
* .authorizeRequests()
* .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
* .and()
* .formLogin()
@ -894,7 +894,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* &#064;Override
* protected void configure(HttpSecurity http) throws Exception {
* http
* .authorizeUrls()
* .authorizeRequests()
* .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
* .and()
* .formLogin()
@ -941,7 +941,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* &#064;Override
* protected void configure(HttpSecurity http) throws Exception {
* http
* .authorizeUrls()
* .authorizeRequests()
* .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;).and()
* .httpBasic();
* }
@ -1061,7 +1061,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* .requestMatchers()
* .antMatchers("/api/**","/oauth/**")
* .and()
* .authorizeUrls()
* .authorizeRequests()
* .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;).and()
* .httpBasic();
* }
@ -1092,7 +1092,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* .antMatchers("/api/**")
* .antMatchers("/oauth/**")
* .and()
* .authorizeUrls()
* .authorizeRequests()
* .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;).and()
* .httpBasic();
* }
@ -1125,7 +1125,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* .requestMatchers()
* .antMatchers("/oauth/**")
* .and()
* .authorizeUrls()
* .authorizeRequests()
* .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;).and()
* .httpBasic();
* }

View File

@ -45,7 +45,7 @@ import org.springframework.security.config.annotation.web.WebSecurityConfigurer;
* &#064;Override
* protected void configure(HttpSecurity http) throws Exception {
* http
* .authorizeUrls()
* .authorizeRequests()
* .antMatchers("/public/**").permitAll()
* .anyRequest().hasRole("USER")
* .and()

View File

@ -282,7 +282,7 @@ public abstract class WebSecurityConfigurerAdapter implements SecurityConfigurer
*
* <pre>
* http
* .authorizeUrls()
* .authorizeRequests()
* .anyRequest().authenticated().and()
* .formLogin().and()
* .httpBasic();
@ -297,7 +297,7 @@ public abstract class WebSecurityConfigurerAdapter implements SecurityConfigurer
logger.debug("Using default configure(HttpSecurity). If subclassed this will potentially override subclass configure(HttpSecurity).");
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin().and()

View File

@ -65,7 +65,7 @@ import org.springframework.util.StringUtils;
*
* @author Rob Winch
* @since 3.2
* @see {@link org.springframework.security.config.annotation.web.builders.HttpSecurity#authorizeUrls()}
* @see {@link org.springframework.security.config.annotation.web.builders.HttpSecurity#authorizeRequests()}
*/
public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>> extends AbstractInterceptUrlConfigurer<H,ExpressionUrlAuthorizationConfigurer<H>,ExpressionUrlAuthorizationConfigurer<H>.AuthorizedUrl> {
static final String permitAll = "permitAll";
@ -79,7 +79,7 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
/**
* Creates a new instance
* @see HttpSecurity#authorizeUrls()
* @see HttpSecurity#authorizeRequests()
*/
public ExpressionUrlAuthorizationConfigurer() {
}
@ -114,7 +114,7 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
final ExpressionBasedFilterInvocationSecurityMetadataSource createMetadataSource() {
LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap = createRequestMap();
if(requestMap.isEmpty()) {
throw new IllegalStateException("At least one mapping is required (i.e. authorizeUrls().anyRequest.authenticated())");
throw new IllegalStateException("At least one mapping is required (i.e. authorizeRequests().anyRequest.authenticated())");
}
return new ExpressionBasedFilterInvocationSecurityMetadataSource(requestMap, expressionHandler);
}

View File

@ -36,7 +36,7 @@ final class PermitAllSupport {
ExpressionUrlAuthorizationConfigurer<?> configurer = http.getConfigurer(ExpressionUrlAuthorizationConfigurer.class);
if(configurer == null) {
throw new IllegalStateException("permitAll only works with HttpSecurity.authorizeUrls()");
throw new IllegalStateException("permitAll only works with HttpSecurity.authorizeRequests()");
}
for(String url : urls) {

View File

@ -64,7 +64,7 @@ import org.springframework.security.web.authentication.ui.DefaultLoginPageViewFi
* &#064;Override
* protected void configure(HttpSecurity http) {
* http
* .authorizeUrls()
* .authorizeRequests()
* .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
* .and()
* .openidLogin()

View File

@ -169,7 +169,7 @@ public class SampleWebSecurityConfigurerAdapterTests extends BaseWebSpecuritySpe
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeUrls()
.authorizeRequests()
.antMatchers("/signup","/about").permitAll()
.anyRequest().hasRole("USER")
.and()
@ -290,7 +290,7 @@ public class SampleWebSecurityConfigurerAdapterTests extends BaseWebSpecuritySpe
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/api/**")
.authorizeUrls()
.authorizeRequests()
.antMatchers("/api/admin/**").hasRole("ADMIN")
.antMatchers("/api/**").hasRole("USER")
.and()
@ -310,7 +310,7 @@ public class SampleWebSecurityConfigurerAdapterTests extends BaseWebSpecuritySpe
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeUrls()
.authorizeRequests()
.antMatchers("/signup","/about").permitAll()
.anyRequest().hasRole("USER")
.and()

View File

@ -42,7 +42,7 @@ public class WebSecurityConfigurerAdapterTestsConfigs {
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/role1/**")
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("1");
}

View File

@ -113,7 +113,7 @@ public class HttpSecurityTests extends BaseSpringSpec {
.antMatchers("/api/**")
.antMatchers("/oauth/**")
.and()
.authorizeUrls()
.authorizeRequests()
.antMatchers("/**").hasRole("USER")
.and()
.httpBasic()

View File

@ -77,7 +77,7 @@ public class NamespaceHttpTests extends BaseSpringSpec {
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().permitAll()
.accessDecisionManager(ACCESS_DECISION_MGR)
}
@ -118,7 +118,7 @@ public class NamespaceHttpTests extends BaseSpringSpec {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("USER");
}
@ -301,7 +301,7 @@ public class NamespaceHttpTests extends BaseSpringSpec {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("USER");
}
}
@ -318,7 +318,7 @@ public class NamespaceHttpTests extends BaseSpringSpec {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.
authorizeUrls()
authorizeRequests()
.filterSecurityInterceptorOncePerRequest(false)
.antMatchers("/users**","/sessions/**").hasRole("ADMIN")
.antMatchers("/signup").permitAll()
@ -482,7 +482,7 @@ public class NamespaceHttpTests extends BaseSpringSpec {
static class UseExpressionsConfig extends BaseWebConfig {
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeUrls()
.authorizeRequests()
.antMatchers("/users**","/sessions/**").hasRole("USER")
.antMatchers("/signup").permitAll()
.anyRequest().hasRole("USER")

View File

@ -62,7 +62,7 @@ class EnableWebSecurityTests extends BaseSpringSpec {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeUrls()
.authorizeRequests()
.antMatchers("/*").hasRole("USER")
.and()
.formLogin();

View File

@ -87,7 +87,7 @@ class WebSecurityConfigurationTests extends BaseSpringSpec {
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/role1/**")
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("1");
}
}
@ -99,7 +99,7 @@ class WebSecurityConfigurationTests extends BaseSpringSpec {
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/role2/**")
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("2");
}
}
@ -111,7 +111,7 @@ class WebSecurityConfigurationTests extends BaseSpringSpec {
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/role3/**")
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("3");
}
}
@ -122,7 +122,7 @@ class WebSecurityConfigurationTests extends BaseSpringSpec {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("4");
}
}
@ -155,7 +155,7 @@ class WebSecurityConfigurationTests extends BaseSpringSpec {
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/role1/**")
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("1");
}
}
@ -166,7 +166,7 @@ class WebSecurityConfigurationTests extends BaseSpringSpec {
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/role2/**")
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("2");
}
}
@ -232,7 +232,7 @@ class WebSecurityConfigurationTests extends BaseSpringSpec {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().authenticated()
}
}
@ -253,7 +253,7 @@ class WebSecurityConfigurationTests extends BaseSpringSpec {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().authenticated()
}
}

View File

@ -130,7 +130,7 @@ class DefaultFiltersTests extends BaseSpringSpec {
@Override
protected void configure(HttpSecurity http) {
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("USER");
}
}

View File

@ -134,7 +134,7 @@ public class DefaultLoginPageConfigurerTests extends BaseSpringSpec {
@Override
protected void configure(HttpSecurity http) {
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.formLogin()
@ -159,7 +159,7 @@ public class DefaultLoginPageConfigurerTests extends BaseSpringSpec {
@Override
protected void configure(HttpSecurity http) {
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.logout()
@ -187,7 +187,7 @@ public class DefaultLoginPageConfigurerTests extends BaseSpringSpec {
@Override
protected void configure(HttpSecurity http) {
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.logout()
@ -222,7 +222,7 @@ public class DefaultLoginPageConfigurerTests extends BaseSpringSpec {
@Override
protected void configure(HttpSecurity http) {
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.formLogin()
@ -252,7 +252,7 @@ public class DefaultLoginPageConfigurerTests extends BaseSpringSpec {
@Override
protected void configure(HttpSecurity http) {
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.openidLogin()
@ -289,7 +289,7 @@ public class DefaultLoginPageConfigurerTests extends BaseSpringSpec {
@Override
protected void configure(HttpSecurity http) {
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.rememberMe()
@ -315,7 +315,7 @@ public class DefaultLoginPageConfigurerTests extends BaseSpringSpec {
.exceptionHandling()
.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login"))
.and()
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.formLogin()

View File

@ -110,7 +110,7 @@ class ExceptionHandlingConfigurerTests extends BaseSpringSpec {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().authenticated()
.and()
.httpBasic()

View File

@ -54,7 +54,7 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
e.message == "role should not start with 'ROLE_' since it is automatically inserted. Got 'ROLE_USER'"
}
def "authorizeUrls() uses AffirmativeBased AccessDecisionManager"() {
def "authorizeRequests() uses AffirmativeBased AccessDecisionManager"() {
when: "Load Config with no specific AccessDecisionManager"
loadConfig(NoSpecificAccessDecessionManagerConfig)
then: "AccessDecessionManager matches the HttpSecurityBuilder's default"
@ -66,17 +66,17 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
static class NoSpecificAccessDecessionManagerConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("USER")
}
}
def "authorizeUrls() no requests"() {
def "authorizeRequests() no requests"() {
when: "Load Config with no requests"
loadConfig(NoRequestsConfig)
then: "A meaningful exception is thrown"
BeanCreationException success = thrown()
success.message.contains "At least one mapping is required (i.e. authorizeUrls().anyRequest.authenticated())"
success.message.contains "At least one mapping is required (i.e. authorizeRequests().anyRequest.authenticated())"
}
@EnableWebSecurity
@ -84,11 +84,11 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
static class NoRequestsConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeUrls()
.authorizeRequests()
}
}
def "authorizeUrls() incomplete mapping"() {
def "authorizeRequests() incomplete mapping"() {
when: "Load Config with incomplete mapping"
loadConfig(IncompleteMappingConfig)
then: "A meaningful exception is thrown"
@ -101,13 +101,13 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
static class IncompleteMappingConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeUrls()
.authorizeRequests()
.antMatchers("/a").authenticated()
.anyRequest()
}
}
def "authorizeUrls() hasAuthority"() {
def "authorizeRequests() hasAuthority"() {
setup:
loadConfig(HasAuthorityConfig)
when:
@ -135,12 +135,12 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
http
.httpBasic()
.and()
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasAuthority("ROLE_USER")
}
}
def "authorizeUrls() hasAnyAuthority"() {
def "authorizeRequests() hasAnyAuthority"() {
setup:
loadConfig(HasAnyAuthorityConfig)
when:
@ -174,12 +174,12 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
http
.httpBasic()
.and()
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasAnyAuthority("ROLE_ADMIN","ROLE_DBA")
}
}
def "authorizeUrls() hasIpAddress"() {
def "authorizeRequests() hasIpAddress"() {
setup:
loadConfig(HasIpAddressConfig)
when:
@ -202,12 +202,12 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
http
.httpBasic()
.and()
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasIpAddress("192.168.1.0")
}
}
def "authorizeUrls() anonymous"() {
def "authorizeRequests() anonymous"() {
setup:
loadConfig(AnonymousConfig)
when:
@ -229,12 +229,12 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
http
.httpBasic()
.and()
.authorizeUrls()
.authorizeRequests()
.anyRequest().anonymous()
}
}
def "authorizeUrls() rememberMe"() {
def "authorizeRequests() rememberMe"() {
setup:
loadConfig(RememberMeConfig)
when:
@ -258,7 +258,7 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
.and()
.httpBasic()
.and()
.authorizeUrls()
.authorizeRequests()
.anyRequest().rememberMe()
}
@ -271,7 +271,7 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
}
}
def "authorizeUrls() denyAll"() {
def "authorizeRequests() denyAll"() {
setup:
loadConfig(DenyAllConfig)
when:
@ -293,12 +293,12 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
http
.httpBasic()
.and()
.authorizeUrls()
.authorizeRequests()
.anyRequest().denyAll()
}
}
def "authorizeUrls() not denyAll"() {
def "authorizeRequests() not denyAll"() {
setup:
loadConfig(NotDenyAllConfig)
when:
@ -320,12 +320,12 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
http
.httpBasic()
.and()
.authorizeUrls()
.authorizeRequests()
.anyRequest().not().denyAll()
}
}
def "authorizeUrls() fullyAuthenticated"() {
def "authorizeRequests() fullyAuthenticated"() {
setup:
loadConfig(FullyAuthenticatedConfig)
when:
@ -355,7 +355,7 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
.and()
.httpBasic()
.and()
.authorizeUrls()
.authorizeRequests()
.anyRequest().fullyAuthenticated()
}
@ -368,7 +368,7 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
}
}
def "authorizeUrls() access"() {
def "authorizeRequests() access"() {
setup:
loadConfig(AccessConfig)
when:
@ -399,7 +399,7 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
.and()
.httpBasic()
.and()
.authorizeUrls()
.authorizeRequests()
.anyRequest().access("hasRole('ROLE_USER') or request.method == 'GET'")
}
@ -430,10 +430,10 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
http
.httpBasic()
.and()
.authorizeUrls()
.authorizeRequests()
.anyRequest().authenticated()
.and()
.authorizeUrls()
.authorizeRequests()
}
@Override

View File

@ -99,7 +99,7 @@ class FormLoginConfigurerTests extends BaseSpringSpec {
@Override
protected void configure(HttpSecurity http) {
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.formLogin()
@ -131,7 +131,7 @@ class FormLoginConfigurerTests extends BaseSpringSpec {
@Override
protected void configure(HttpSecurity http) {
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.formLogin()
@ -155,7 +155,7 @@ class FormLoginConfigurerTests extends BaseSpringSpec {
@Override
protected void configure(HttpSecurity http) {
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.formLogin()
@ -187,7 +187,7 @@ class FormLoginConfigurerTests extends BaseSpringSpec {
@Override
protected void configure(HttpSecurity http) {
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.formLogin()

View File

@ -52,7 +52,7 @@ class Issue55Tests extends BaseSpringSpec {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("USER");
}
}
@ -84,7 +84,7 @@ class Issue55Tests extends BaseSpringSpec {
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/api/**")
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("USER");
}
}
@ -93,7 +93,7 @@ class Issue55Tests extends BaseSpringSpec {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("USER");
}
}

View File

@ -47,7 +47,7 @@ public class NamespaceHttpAnonymousTests extends BaseSpringSpec {
@Override
protected void configure(HttpSecurity http) {
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("USER");
}
}
@ -98,7 +98,7 @@ public class NamespaceHttpAnonymousTests extends BaseSpringSpec {
static class AnonymousKeyConfig extends BaseWebConfig {
protected void configure(HttpSecurity http) {
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.anonymous().key("AnonymousKeyConfig")
@ -120,7 +120,7 @@ public class NamespaceHttpAnonymousTests extends BaseSpringSpec {
static class AnonymousUsernameConfig extends BaseWebConfig {
protected void configure(HttpSecurity http) {
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.anonymous().principal("AnonymousUsernameConfig")

View File

@ -76,7 +76,7 @@ public class NamespaceHttpBasicTests extends BaseSpringSpec {
static class HttpBasicConfig extends BaseWebConfig {
protected void configure(HttpSecurity http) {
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.httpBasic();
@ -99,7 +99,7 @@ public class NamespaceHttpBasicTests extends BaseSpringSpec {
static class CustomHttpBasicConfig extends BaseWebConfig {
protected void configure(HttpSecurity http) {
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.httpBasic().realmName("Custom Realm");
@ -150,7 +150,7 @@ public class NamespaceHttpBasicTests extends BaseSpringSpec {
static class EntryPointRefHttpBasicConfig extends BaseWebConfig {
protected void configure(HttpSecurity http) {
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.httpBasic()

View File

@ -152,7 +152,7 @@ public class NamespaceHttpCustomFilterTests extends BaseSpringSpec {
@Override
protected void configure(HttpSecurity http) {
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.addFilterBefore(new CustomFilter(), UsernamePasswordAuthenticationFilter.class)

View File

@ -47,7 +47,7 @@ public class NamespaceHttpExpressionHandlerTests extends BaseSpringSpec {
protected void configure(HttpSecurity http) {
http
.authorizeUrls()
.authorizeRequests()
.expressionHandler(EXPRESSION_HANDLER)
.antMatchers("/users**","/sessions/**").hasRole("ADMIN")
.antMatchers("/signup").permitAll()

View File

@ -79,7 +79,7 @@ public class NamespaceHttpFormLoginTests extends BaseSpringSpec {
@Override
protected void configure(HttpSecurity http) {
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.formLogin()
@ -117,7 +117,7 @@ public class NamespaceHttpFormLoginTests extends BaseSpringSpec {
protected void configure(HttpSecurity http) throws Exception {
boolean alwaysUseDefaultSuccess = true;
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.formLogin()

View File

@ -138,7 +138,7 @@ public class NamespaceHttpInterceptUrlTests extends BaseSpringSpec {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeUrls()
.authorizeRequests()
// the line below is similar to intercept-url@pattern:
// <intercept-url pattern="/users**" access="hasRole('ROLE_ADMIN')"/>
// <intercept-url pattern="/sessions/**" access="hasRole('ROLE_ADMIN')"/>

View File

@ -99,7 +99,7 @@ public class NamespaceHttpJeeTests extends BaseSpringSpec {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.jee()
@ -126,7 +126,7 @@ public class NamespaceHttpJeeTests extends BaseSpringSpec {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.jee()

View File

@ -78,7 +78,7 @@ public class NamespaceHttpOpenIDLoginTests extends BaseSpringSpec {
static class OpenIDLoginConfig extends BaseWebConfig {
protected void configure(HttpSecurity http) {
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.openidLogin()
@ -129,7 +129,7 @@ public class NamespaceHttpOpenIDLoginTests extends BaseSpringSpec {
static class OpenIDLoginAttributeExchangeConfig extends BaseWebConfig {
protected void configure(HttpSecurity http) {
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.openidLogin()
@ -184,7 +184,7 @@ public class NamespaceHttpOpenIDLoginTests extends BaseSpringSpec {
protected void configure(HttpSecurity http) throws Exception {
boolean alwaysUseDefaultSuccess = true;
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.openidLogin()
@ -218,7 +218,7 @@ public class NamespaceHttpOpenIDLoginTests extends BaseSpringSpec {
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.openidLogin()

View File

@ -88,7 +88,7 @@ public class NamespaceHttpPortMappingsTests extends BaseSpringSpec {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.portMapper()

View File

@ -103,7 +103,7 @@ public class NamespaceHttpX509Tests extends BaseSpringSpec {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.x509();
@ -136,7 +136,7 @@ public class NamespaceHttpX509Tests extends BaseSpringSpec {
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.x509()
@ -170,7 +170,7 @@ public class NamespaceHttpX509Tests extends BaseSpringSpec {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.x509()
@ -204,7 +204,7 @@ public class NamespaceHttpX509Tests extends BaseSpringSpec {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.x509()
@ -238,7 +238,7 @@ public class NamespaceHttpX509Tests extends BaseSpringSpec {
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.x509()

View File

@ -112,7 +112,7 @@ public class NamespaceRememberMeTests extends BaseSpringSpec {
static class RememberMeConfig extends BaseWebConfig {
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.formLogin()

View File

@ -46,7 +46,7 @@ class PermitAllSupportTests extends BaseSpringSpec {
loadConfig(NoAuthorizedUrlsConfig)
then:
BeanCreationException e = thrown()
e.message.contains "permitAll only works with HttpSecurity.authorizeUrls"
e.message.contains "permitAll only works with HttpSecurity.authorizeRequests"
}

View File

@ -45,7 +45,7 @@ public class RememberMeConfigurerTests extends BaseSpringSpec {
static class NullUserDetailsConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().hasRole("USER")
.and()
.formLogin()

View File

@ -76,7 +76,7 @@ class OpenIDLoginConfigurerTests extends BaseSpringSpec {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeUrls()
.authorizeRequests()
.anyRequest().authenticated()
.and()
.openidLogin()