Fix Add @Configuration to @Enable*Security Usage
Issue gh-6613
This commit is contained in:
Rob Winch
parent
040111ae9e
commit
a5069d7e35
|
|
@ -189,6 +189,7 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
|
|||
|
||||
}
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
static class GroupSearchConfig extends BaseLdapProviderConfig {
|
||||
|
||||
|
|
|
|||
|
|
@ -55,6 +55,7 @@ import org.springframework.security.rsocket.util.matcher.RoutePayloadExchangeMat
|
|||
* A minimal example can be found below:
|
||||
*
|
||||
* <pre class="code">
|
||||
* @Configuration
|
||||
* @EnableRSocketSecurity
|
||||
* public class SecurityConfig {
|
||||
* @Bean
|
||||
|
|
@ -82,6 +83,7 @@ import org.springframework.security.rsocket.util.matcher.RoutePayloadExchangeMat
|
|||
* A more advanced configuration can be seen below:
|
||||
*
|
||||
* <pre class="code">
|
||||
* @Configuration
|
||||
* @EnableRSocketSecurity
|
||||
* public class SecurityConfig {
|
||||
* @Bean
|
||||
|
|
|
|||
|
|
@ -22,7 +22,6 @@ import java.lang.annotation.Retention;
|
|||
import java.lang.annotation.RetentionPolicy;
|
||||
import java.lang.annotation.Target;
|
||||
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.context.annotation.Import;
|
||||
import org.springframework.security.config.annotation.authentication.configuration.EnableGlobalAuthentication;
|
||||
|
||||
|
|
@ -39,7 +38,6 @@ import org.springframework.security.config.annotation.authentication.configurati
|
|||
@Documented
|
||||
@Import(WebMvcSecurityConfiguration.class)
|
||||
@EnableGlobalAuthentication
|
||||
@Configuration
|
||||
@Deprecated
|
||||
public @interface EnableWebMvcSecurity {
|
||||
|
||||
|
|
|
|||
|
|
@ -39,9 +39,9 @@ import org.springframework.util.Assert;
|
|||
* @author Rob Winch
|
||||
*
|
||||
*/
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
||||
@Configuration
|
||||
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Autowired
|
||||
|
|
|
|||
|
|
@ -531,8 +531,8 @@ public class GlobalMethodSecurityConfigurationTests {
|
|||
|
||||
}
|
||||
|
||||
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
||||
@Configuration
|
||||
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
||||
public static class RoleHierarchyConfig {
|
||||
|
||||
@Bean
|
||||
|
|
@ -607,8 +607,8 @@ public class GlobalMethodSecurityConfigurationTests {
|
|||
|
||||
}
|
||||
|
||||
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
||||
@Configuration
|
||||
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
||||
public static class CustomMetadataSourceBeanProxyEnabledConfig extends GlobalMethodSecurityConfiguration {
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -316,8 +316,8 @@ public class NamespaceGlobalMethodSecurityTests {
|
|||
|
||||
}
|
||||
|
||||
@EnableGlobalMethodSecurity(jsr250Enabled = true)
|
||||
@Configuration
|
||||
@EnableGlobalMethodSecurity(jsr250Enabled = true)
|
||||
public static class Jsr250Config {
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -127,6 +127,7 @@ public class AnonymousConfigurerTests {
|
|||
|
||||
}
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
static class AnonymousDisabledInLambdaConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
|
|
|
|||
|
|
@ -131,6 +131,7 @@ public class NamespaceHttpFormLoginTests {
|
|||
|
||||
}
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
static class FormLoginCustomConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
|
|
|
|||
|
|
@ -26,6 +26,7 @@ import org.junit.jupiter.api.extension.ExtendWith;
|
|||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.core.io.ClassPathResource;
|
||||
import org.springframework.security.config.annotation.ObjectPostProcessor;
|
||||
import org.springframework.security.config.annotation.SecurityContextChangedListenerConfig;
|
||||
|
|
@ -151,6 +152,7 @@ public class X509ConfigurerTests {
|
|||
}
|
||||
}
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
static class ObjectPostProcessorConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
|
|
@ -180,6 +182,7 @@ public class X509ConfigurerTests {
|
|||
|
||||
}
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
static class DuplicateDoesNotOverrideConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
|
|
@ -205,6 +208,7 @@ public class X509ConfigurerTests {
|
|||
|
||||
}
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
static class DefaultsInLambdaConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
|
|
@ -227,6 +231,7 @@ public class X509ConfigurerTests {
|
|||
|
||||
}
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
static class SubjectPrincipalRegexInLambdaConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
|
|
@ -252,6 +257,7 @@ public class X509ConfigurerTests {
|
|||
|
||||
}
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
static class UserDetailsServiceBeanConfig {
|
||||
|
||||
|
|
@ -279,6 +285,7 @@ public class X509ConfigurerTests {
|
|||
|
||||
}
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
static class UserDetailsServiceAndBeanConfig {
|
||||
|
||||
|
|
|
|||
|
|
@ -210,8 +210,8 @@ class KotlinEnableReactiveMethodSecurityTests {
|
|||
verify { delegate wasNot Called }
|
||||
}
|
||||
|
||||
@EnableReactiveMethodSecurity
|
||||
@Configuration
|
||||
@EnableReactiveMethodSecurity
|
||||
open class Config {
|
||||
var delegate = mockk<KotlinReactiveMessageService>()
|
||||
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ import org.springframework.test.web.reactive.server.WebTestClient
|
|||
import org.springframework.web.bind.annotation.RequestMapping
|
||||
import org.springframework.web.bind.annotation.RestController
|
||||
import org.springframework.web.reactive.config.EnableWebFlux
|
||||
import java.util.*
|
||||
import java.util.Base64
|
||||
|
||||
/**
|
||||
* Tests for [AuthorizeExchangeDsl]
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
|
||||
[[jc-method]]
|
||||
= Method Security
|
||||
|
||||
|
|
@ -32,6 +33,7 @@ For example, the following would enable Spring Security's `@PreAuthorize` annota
|
|||
.Java
|
||||
[source,java,role="primary"]
|
||||
----
|
||||
@Configuration
|
||||
@EnableMethodSecurity
|
||||
public class MethodSecurityConfig {
|
||||
// ...
|
||||
|
|
@ -41,6 +43,7 @@ public class MethodSecurityConfig {
|
|||
.Kotlin
|
||||
[source,kotlin,role="secondary"]
|
||||
----
|
||||
@Configuration
|
||||
@EnableMethodSecurity
|
||||
class MethodSecurityConfig {
|
||||
// ...
|
||||
|
|
@ -98,6 +101,7 @@ You can enable support for Spring Security's `@Secured` annotation using:
|
|||
.Java
|
||||
[source,java,role="primary"]
|
||||
----
|
||||
@Configuration
|
||||
@EnableMethodSecurity(securedEnabled = true)
|
||||
public class MethodSecurityConfig {
|
||||
// ...
|
||||
|
|
@ -107,6 +111,7 @@ public class MethodSecurityConfig {
|
|||
.Kotlin
|
||||
[source,kotlin,role="secondary"]
|
||||
----
|
||||
@Configuration
|
||||
@EnableMethodSecurity(securedEnabled = true)
|
||||
class MethodSecurityConfig {
|
||||
// ...
|
||||
|
|
@ -127,6 +132,7 @@ or JSR-250 using:
|
|||
.Java
|
||||
[source,java,role="primary"]
|
||||
----
|
||||
@Configuration
|
||||
@EnableMethodSecurity(jsr250Enabled = true)
|
||||
public class MethodSecurityConfig {
|
||||
// ...
|
||||
|
|
@ -136,6 +142,7 @@ public class MethodSecurityConfig {
|
|||
.Kotlin
|
||||
[source,kotlin,role="secondary"]
|
||||
----
|
||||
@Configuration
|
||||
@EnableMethodSecurity(jsr250Enabled = true)
|
||||
class MethodSecurityConfig {
|
||||
// ...
|
||||
|
|
@ -264,6 +271,7 @@ To recreate what adding `@EnableMethodSecurity` does by default, you would publi
|
|||
.Java
|
||||
[source,java,role="primary"]
|
||||
----
|
||||
@Configuration
|
||||
@EnableMethodSecurity(prePostEnabled = false)
|
||||
class MethodSecurityConfig {
|
||||
@Bean
|
||||
|
|
@ -295,6 +303,7 @@ class MethodSecurityConfig {
|
|||
.Kotlin
|
||||
[source,kotlin,role="secondary"]
|
||||
----
|
||||
@Configuration
|
||||
@EnableMethodSecurity(prePostEnabled = false)
|
||||
class MethodSecurityConfig {
|
||||
@Bean
|
||||
|
|
@ -392,6 +401,7 @@ You may want to only support `@PreAuthorize` in your application, in which case
|
|||
.Java
|
||||
[source,java,role="primary"]
|
||||
----
|
||||
@Configuration
|
||||
@EnableMethodSecurity(prePostEnabled = false)
|
||||
class MethodSecurityConfig {
|
||||
@Bean
|
||||
|
|
@ -405,6 +415,7 @@ class MethodSecurityConfig {
|
|||
.Kotlin
|
||||
[source,kotlin,role="secondary"]
|
||||
----
|
||||
@Configuration
|
||||
@EnableMethodSecurity(prePostEnabled = false)
|
||||
class MethodSecurityConfig {
|
||||
@Bean
|
||||
|
|
@ -440,6 +451,7 @@ Thus, you can configure Spring Security to invoke your `AuthorizationManager` in
|
|||
.Java
|
||||
[source,java,role="primary"]
|
||||
----
|
||||
@Configuration
|
||||
@EnableMethodSecurity
|
||||
class MethodSecurityConfig {
|
||||
@Bean
|
||||
|
|
@ -458,6 +470,7 @@ class MethodSecurityConfig {
|
|||
.Kotlin
|
||||
[source,kotlin,role="secondary"]
|
||||
----
|
||||
@Configuration
|
||||
@EnableMethodSecurity
|
||||
class MethodSecurityConfig {
|
||||
@Bean
|
||||
|
|
@ -542,6 +555,7 @@ For example, if you have your own custom annotation, you can configure it like s
|
|||
.Java
|
||||
[source,java,role="primary"]
|
||||
----
|
||||
@Configuration
|
||||
@EnableMethodSecurity
|
||||
class MethodSecurityConfig {
|
||||
@Bean
|
||||
|
|
@ -558,6 +572,7 @@ class MethodSecurityConfig {
|
|||
.Kotlin
|
||||
[source,kotlin,role="secondary"]
|
||||
----
|
||||
@Configuration
|
||||
@EnableMethodSecurity
|
||||
class MethodSecurityConfig {
|
||||
@Bean
|
||||
|
|
@ -607,6 +622,7 @@ The following example enables Spring Security's `@Secured` annotation:
|
|||
.Java
|
||||
[source,java,role="primary"]
|
||||
----
|
||||
@Configuration
|
||||
@EnableGlobalMethodSecurity(securedEnabled = true)
|
||||
public class MethodSecurityConfig {
|
||||
// ...
|
||||
|
|
@ -616,6 +632,7 @@ public class MethodSecurityConfig {
|
|||
.Kotlin
|
||||
[source,kotlin,role="secondary"]
|
||||
----
|
||||
@Configuration
|
||||
@EnableGlobalMethodSecurity(securedEnabled = true)
|
||||
open class MethodSecurityConfig {
|
||||
// ...
|
||||
|
|
@ -666,6 +683,7 @@ Support for JSR-250 annotations can be enabled by using:
|
|||
.Java
|
||||
[source,java,role="primary"]
|
||||
----
|
||||
@Configuration
|
||||
@EnableGlobalMethodSecurity(jsr250Enabled = true)
|
||||
public class MethodSecurityConfig {
|
||||
// ...
|
||||
|
|
@ -675,6 +693,7 @@ public class MethodSecurityConfig {
|
|||
.Kotlin
|
||||
[source,kotlin,role="secondary"]
|
||||
----
|
||||
@Configuration
|
||||
@EnableGlobalMethodSecurity(jsr250Enabled = true)
|
||||
open class MethodSecurityConfig {
|
||||
// ...
|
||||
|
|
@ -689,6 +708,7 @@ To use the new expression-based syntax, you would use:
|
|||
.Java
|
||||
[source,java,role="primary"]
|
||||
----
|
||||
@Configuration
|
||||
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
||||
public class MethodSecurityConfig {
|
||||
// ...
|
||||
|
|
@ -698,6 +718,7 @@ public class MethodSecurityConfig {
|
|||
.Kotlin
|
||||
[source,kotlin,role="secondary"]
|
||||
----
|
||||
@Configuration
|
||||
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
||||
open class MethodSecurityConfig {
|
||||
// ...
|
||||
|
|
@ -750,6 +771,7 @@ For example, if you wanted to provide a custom `MethodSecurityExpressionHandler`
|
|||
.Java
|
||||
[source,java,role="primary"]
|
||||
----
|
||||
@Configuration
|
||||
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
||||
public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
|
||||
@Override
|
||||
|
|
@ -763,6 +785,7 @@ public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
|
|||
.Kotlin
|
||||
[source,kotlin,role="secondary"]
|
||||
----
|
||||
@Configuration
|
||||
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
||||
open class MethodSecurityConfig : GlobalMethodSecurityConfiguration() {
|
||||
override fun createExpressionHandler(): MethodSecurityExpressionHandler {
|
||||
|
|
|
|||
|
|
@ -324,6 +324,7 @@ You can also explicit disable the default:
|
|||
====
|
||||
[source,java]
|
||||
----
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class Config {
|
||||
@Bean
|
||||
|
|
|
|||
|
|
@ -887,6 +887,7 @@ You can enable the preceding permissions policy header using the following confi
|
|||
.Java
|
||||
[source,java,role="primary"]
|
||||
----
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class WebSecurityConfig {
|
||||
|
||||
|
|
@ -919,6 +920,7 @@ public class WebSecurityConfig {
|
|||
.Kotlin
|
||||
[source,kotlin,role="secondary"]
|
||||
----
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
class SecurityConfig {
|
||||
|
||||
|
|
@ -958,6 +960,7 @@ You can send the preceding header on log out with the following configuration:
|
|||
.Java
|
||||
[source,java,role="primary"]
|
||||
----
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class WebSecurityConfig {
|
||||
|
||||
|
|
@ -976,6 +979,7 @@ public class WebSecurityConfig {
|
|||
.Kotlin
|
||||
[source,kotlin,role="secondary"]
|
||||
----
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
class SecurityConfig {
|
||||
|
||||
|
|
@ -1015,6 +1019,7 @@ Given the preceding header, you could add the headers to the response by using t
|
|||
.Java
|
||||
[source,java,role="primary"]
|
||||
----
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class WebSecurityConfig {
|
||||
|
||||
|
|
@ -1045,6 +1050,7 @@ public class WebSecurityConfig {
|
|||
.Kotlin
|
||||
[source,kotlin,role="secondary"]
|
||||
----
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
class SecurityConfig {
|
||||
|
||||
|
|
@ -1074,6 +1080,7 @@ If you wanted to explicitly configure <<servlet-headers-frame-options>>, you cou
|
|||
.Java
|
||||
[source,java,role="primary"]
|
||||
----
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class WebSecurityConfig {
|
||||
|
||||
|
|
@ -1110,6 +1117,7 @@ See https://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsi
|
|||
.Kotlin
|
||||
[source,kotlin,role="secondary"]
|
||||
----
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
class SecurityConfig {
|
||||
|
||||
|
|
@ -1141,6 +1149,7 @@ The following configuration example uses `DelegatingRequestMatcherHeaderWriter`:
|
|||
.Java
|
||||
[source,java,role="primary"]
|
||||
----
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class WebSecurityConfig {
|
||||
|
||||
|
|
@ -1188,6 +1197,7 @@ public class WebSecurityConfig {
|
|||
.Kotlin
|
||||
[source,kotlin,role="secondary"]
|
||||
----
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
class SecurityConfig {
|
||||
|
||||
|
|
|
|||
|
|
@ -931,6 +931,7 @@ Also, you can configure `OidcClientInitiatedLogoutSuccessHandler`, which impleme
|
|||
.Java
|
||||
[source,java,role="primary"]
|
||||
----
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class OAuth2LoginSecurityConfig {
|
||||
|
||||
|
|
@ -966,6 +967,7 @@ public class OAuth2LoginSecurityConfig {
|
|||
.Kotlin
|
||||
[source,kotlin,role="secondary"]
|
||||
----
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
class OAuth2LoginSecurityConfig {
|
||||
@Autowired
|
||||
|
|
|
|||
|
|
@ -757,6 +757,7 @@ public class DirectlyConfiguredJwkSetUri {
|
|||
.Kotlin
|
||||
[source,kotlin,role="secondary"]
|
||||
----
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
class DirectlyConfiguredJwkSetUri {
|
||||
@Bean
|
||||
|
|
@ -949,6 +950,7 @@ static class CustomAuthenticationConverter implements Converter<Jwt, AbstractAut
|
|||
|
||||
// ...
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class CustomAuthenticationConverterConfig {
|
||||
@Bean
|
||||
|
|
@ -978,6 +980,7 @@ internal class CustomAuthenticationConverter : Converter<Jwt, AbstractAuthentica
|
|||
|
||||
// ...
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
class CustomAuthenticationConverterConfig {
|
||||
@Bean
|
||||
|
|
|
|||
Loading…
Reference in New Issue