mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-07-04 17:52:15 +00:00
Format Lambda Expressions
This commit updats lambda expressions so that their variable is surrounded in parentheses. Issue gh-13067
This commit is contained in:
Josh Cummings
parent
20a2213e11
commit
c43afbf5e1
@ -61,7 +61,7 @@ public class ManagementConfigurationPlugin implements Plugin<Project> {
|
||||
PublishingExtension publishing = project.getExtensions().getByType(PublishingExtension.class);
|
||||
publishing.getPublications().withType(MavenPublication.class, (mavenPublication -> {
|
||||
mavenPublication.versionMapping((versions) ->
|
||||
versions.allVariants(versionMapping -> versionMapping.fromResolutionResult())
|
||||
versions.allVariants((versionMapping) -> versionMapping.fromResolutionResult())
|
||||
);
|
||||
}));
|
||||
});
|
||||
@ -71,4 +71,4 @@ public class ManagementConfigurationPlugin implements Plugin<Project> {
|
||||
}));
|
||||
});
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -46,7 +46,7 @@ public class CheckExpectedBranchVersionPlugin implements Plugin<Project> {
|
||||
task.setDescription("Check if the project version matches the branch version");
|
||||
task.onlyIf("skipCheckExpectedBranchVersion property is false or not present", CheckExpectedBranchVersionPlugin::skipPropertyFalseOrNotPresent);
|
||||
task.getVersion().convention(project.provider(() -> project.getVersion().toString()));
|
||||
task.getBranchName().convention(project.getProviders().exec(execSpec -> execSpec.setCommandLine("git", "symbolic-ref", "--short", "HEAD")).getStandardOutput().getAsText());
|
||||
task.getBranchName().convention(project.getProviders().exec((execSpec) -> execSpec.setCommandLine("git", "symbolic-ref", "--short", "HEAD")).getStandardOutput().getAsText());
|
||||
task.getOutputFile().convention(project.getLayout().getBuildDirectory().file("check-expected-branch-version"));
|
||||
});
|
||||
project.getTasks().named(JavaBasePlugin.CHECK_TASK_NAME, checkTask -> checkTask.dependsOn(checkExpectedBranchVersionTask));
|
||||
|
||||
@ -615,7 +615,7 @@ Java::
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeHttpRequests(authorize -> authorize
|
||||
.authorizeHttpRequests((authorize) -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.formLogin((login) -> login
|
||||
|
||||
@ -15,7 +15,7 @@ Java::
|
||||
@Bean
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
.authorizeExchange(exchanges -> exchanges
|
||||
.authorizeExchange((exchanges) -> exchanges
|
||||
.anyExchange().authenticated()
|
||||
)
|
||||
.httpBasic(withDefaults())
|
||||
|
||||
@ -614,7 +614,7 @@ public class SecurityConfig {
|
||||
return http
|
||||
// Demonstrate that method security works
|
||||
// Best practice to use both for defense in depth
|
||||
.authorizeExchange(exchanges -> exchanges
|
||||
.authorizeExchange((exchanges) -> exchanges
|
||||
.anyExchange().permitAll()
|
||||
)
|
||||
.httpBasic(withDefaults())
|
||||
|
||||
@ -87,7 +87,7 @@ public class HelloWebfluxSecurityConfig {
|
||||
@Bean
|
||||
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
.authorizeExchange(exchanges -> exchanges
|
||||
.authorizeExchange((exchanges) -> exchanges
|
||||
.anyExchange().authenticated()
|
||||
)
|
||||
.httpBasic(withDefaults())
|
||||
|
||||
@ -45,7 +45,7 @@ Java::
|
||||
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
// ...
|
||||
.csrf(csrf -> csrf.csrfTokenRepository(CookieServerCsrfTokenRepository.withHttpOnlyFalse()))
|
||||
.csrf((csrf) -> csrf.csrfTokenRepository(CookieServerCsrfTokenRepository.withHttpOnlyFalse()))
|
||||
return http.build();
|
||||
}
|
||||
-----
|
||||
@ -91,7 +91,7 @@ Java::
|
||||
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
// ...
|
||||
.csrf(csrf -> csrf.disable()))
|
||||
.csrf((csrf) -> csrf.disable()))
|
||||
return http.build();
|
||||
}
|
||||
----
|
||||
@ -133,7 +133,7 @@ Java::
|
||||
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
// ...
|
||||
.csrf(csrf -> csrf
|
||||
.csrf((csrf) -> csrf
|
||||
.csrfTokenRequestHandler(new ServerCsrfTokenRequestAttributeHandler())
|
||||
)
|
||||
return http.build();
|
||||
@ -181,7 +181,7 @@ public class SecurityControllerAdvice {
|
||||
@ModelAttribute
|
||||
Mono<CsrfToken> csrfToken(ServerWebExchange exchange) {
|
||||
Mono<CsrfToken> csrfToken = exchange.getAttribute(CsrfToken.class.getName());
|
||||
return csrfToken.doOnSuccess(token -> exchange.getAttributes()
|
||||
return csrfToken.doOnSuccess((token) -> token.getAttributes()
|
||||
.put(CsrfRequestDataValueProcessor.DEFAULT_CSRF_ATTR_NAME, token));
|
||||
}
|
||||
}
|
||||
@ -351,7 +351,7 @@ Java::
|
||||
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
// ...
|
||||
.logout(logout -> logout.requiresLogout(new PathPatternParserServerWebExchangeMatcher("/logout")))
|
||||
.logout((logout) -> logout.requiresLogout(new PathPatternParserServerWebExchangeMatcher("/logout")))
|
||||
return http.build();
|
||||
}
|
||||
----
|
||||
@ -416,7 +416,7 @@ Java::
|
||||
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
// ...
|
||||
.csrf(csrf -> csrf.tokenFromMultipartDataEnabled(true))
|
||||
.csrf((csrf) -> csrf.tokenFromMultipartDataEnabled(true))
|
||||
return http.build();
|
||||
}
|
||||
----
|
||||
|
||||
@ -26,8 +26,8 @@ Java::
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
// ...
|
||||
.headers(headers -> headers
|
||||
.frameOptions(frameOptions -> frameOptions
|
||||
.headers((headers) -> headers
|
||||
.frameOptions((frameOptions) -> frameOptions
|
||||
.mode(Mode.SAMEORIGIN)
|
||||
)
|
||||
);
|
||||
@ -67,7 +67,7 @@ Java::
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
// ...
|
||||
.headers(headers -> headers.disable());
|
||||
.headers((headers) -> headers.disable());
|
||||
return http.build();
|
||||
}
|
||||
----
|
||||
@ -112,8 +112,8 @@ Java::
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
// ...
|
||||
.headers(headers -> headers
|
||||
.cache(cache -> cache.disable())
|
||||
.headers((headers) -> headers
|
||||
.cache((cache) -> cache.disable())
|
||||
);
|
||||
return http.build();
|
||||
}
|
||||
@ -154,8 +154,8 @@ Java::
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
// ...
|
||||
.headers(headers -> headers
|
||||
.contentTypeOptions(contentTypeOptions -> contentTypeOptions.disable())
|
||||
.headers((headers) -> headers
|
||||
.contentTypeOptions((contentTypeOptions) -> contentTypeOptions.disable())
|
||||
);
|
||||
return http.build();
|
||||
}
|
||||
@ -196,8 +196,8 @@ Java::
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
// ...
|
||||
.headers(headers -> headers
|
||||
.hsts(hsts -> hsts
|
||||
.headers((headers) -> headers
|
||||
.hsts((hsts) -> hsts
|
||||
.includeSubdomains(true)
|
||||
.preload(true)
|
||||
.maxAge(Duration.ofDays(365))
|
||||
@ -244,8 +244,8 @@ Java::
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
// ...
|
||||
.headers(headers -> headers
|
||||
.frameOptions(frameOptions -> frameOptions
|
||||
.headers((headers) -> headers
|
||||
.frameOptions((frameOptions) -> frameOptions
|
||||
.mode(SAMEORIGIN)
|
||||
)
|
||||
);
|
||||
@ -287,8 +287,8 @@ Java::
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
// ...
|
||||
.headers(headers -> headers
|
||||
.xssProtection(xssProtection -> xssProtection.disable())
|
||||
.headers((headers) -> headers
|
||||
.xssProtection((xssProtection) -> xssProtection.disable())
|
||||
);
|
||||
return http.build();
|
||||
}
|
||||
@ -325,8 +325,8 @@ Java::
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
// ...
|
||||
.headers(headers -> headers
|
||||
.xssProtection(xssProtection -> xssProtection.headerValue(XXssProtectionServerHttpHeadersWriter.HeaderValue.ENABLED_MODE_BLOCK))
|
||||
.headers((headers) -> headers
|
||||
.xssProtection((xssProtection) -> xssProtection.headerValue(XXssProtectionServerHttpHeadersWriter.HeaderValue.ENABLED_MODE_BLOCK))
|
||||
);
|
||||
return http.build();
|
||||
}
|
||||
@ -376,8 +376,8 @@ Java::
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
// ...
|
||||
.headers(headers -> headers
|
||||
.contentSecurityPolicy(policy -> policy
|
||||
.headers((headers) -> headers
|
||||
.contentSecurityPolicy((policy) -> policy
|
||||
.policyDirectives("script-src 'self' https://trustedscripts.example.com; object-src https://trustedplugins.example.com; report-uri /csp-report-endpoint/")
|
||||
)
|
||||
);
|
||||
@ -416,8 +416,8 @@ Java::
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
// ...
|
||||
.headers(headers -> headers
|
||||
.contentSecurityPolicy(policy -> policy
|
||||
.headers((headers) -> headers
|
||||
.contentSecurityPolicy((policy) -> policy
|
||||
.policyDirectives("script-src 'self' https://trustedscripts.example.com; object-src https://trustedplugins.example.com; report-uri /csp-report-endpoint/")
|
||||
.reportOnly()
|
||||
)
|
||||
@ -462,8 +462,8 @@ Java::
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
// ...
|
||||
.headers(headers -> headers
|
||||
.referrerPolicy(referrer -> referrer
|
||||
.headers((headers) -> headers
|
||||
.referrerPolicy((referrer) -> referrer
|
||||
.policy(ReferrerPolicy.SAME_ORIGIN)
|
||||
)
|
||||
);
|
||||
@ -515,7 +515,7 @@ Java::
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
// ...
|
||||
.headers(headers -> headers
|
||||
.headers((headers) -> headers
|
||||
.featurePolicy("geolocation 'self'")
|
||||
);
|
||||
return http.build();
|
||||
@ -564,8 +564,8 @@ Java::
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
// ...
|
||||
.headers(headers -> headers
|
||||
.permissionsPolicy(permissions -> permissions
|
||||
.headers((headers) -> headers
|
||||
.permissionsPolicy((permissions) -> permissions
|
||||
.policy("geolocation=(self)")
|
||||
)
|
||||
);
|
||||
|
||||
@ -57,8 +57,8 @@ Java::
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
// ...
|
||||
.redirectToHttps(redirect -> redirect
|
||||
.httpsRedirectWhen(e -> e.getRequest().getHeaders().containsKey("X-Forwarded-Proto"))
|
||||
.redirectToHttps((redirect) -> redirect
|
||||
.httpsRedirectWhen((e) -> e.getRequest().getHeaders().containsKey("X-Forwarded-Proto"))
|
||||
);
|
||||
return http.build();
|
||||
}
|
||||
|
||||
@ -55,7 +55,7 @@ Java::
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
// ...
|
||||
.cors(cors -> cors.disable());
|
||||
.cors((cors) -> cors.disable());
|
||||
return http.build();
|
||||
}
|
||||
----
|
||||
|
||||
@ -426,7 +426,7 @@ rsocket
|
||||
authz
|
||||
.setup().hasRole("SETUP") // <1>
|
||||
.route("fetch.profile.me").authenticated() // <2>
|
||||
.matcher(payloadExchange -> isMatch(payloadExchange)) // <3>
|
||||
.matcher((payloadExchange) -> payloadExchange(payloadExchange)) // <3>
|
||||
.hasRole("CUSTOM")
|
||||
.route("fetch.profile.{username}") // <4>
|
||||
.access((authentication, context) -> checkFriends(authentication, context))
|
||||
|
||||
@ -145,10 +145,10 @@ public class OAuth2LoginSecurityConfig {
|
||||
@Bean
|
||||
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
.authorizeExchange(authorize -> authorize
|
||||
.authorizeExchange((authorize) -> authorize
|
||||
.anyExchange().authenticated()
|
||||
)
|
||||
.oauth2Login(oauth2 -> oauth2
|
||||
.oauth2Login((oauth2) -> oauth2
|
||||
.authorizationRequestResolver(
|
||||
authorizationRequestResolver(this.clientRegistrationRepository)
|
||||
)
|
||||
@ -170,7 +170,7 @@ public class OAuth2LoginSecurityConfig {
|
||||
|
||||
private Consumer<OAuth2AuthorizationRequest.Builder> authorizationRequestCustomizer() {
|
||||
return customizer -> customizer
|
||||
.additionalParameters(params -> params.put("prompt", "consent"));
|
||||
.additionalParameters((params) -> params.put("prompt", "consent"));
|
||||
}
|
||||
}
|
||||
----
|
||||
@ -252,7 +252,7 @@ Java::
|
||||
----
|
||||
private Consumer<OAuth2AuthorizationRequest.Builder> authorizationRequestCustomizer() {
|
||||
return customizer -> customizer
|
||||
.authorizationRequestUri(uriBuilder -> uriBuilder
|
||||
.authorizationRequestUri((uriBuilder) -> uriBuilder
|
||||
.queryParam("prompt", "consent").build());
|
||||
}
|
||||
----
|
||||
@ -301,7 +301,7 @@ public class OAuth2ClientSecurityConfig {
|
||||
@Bean
|
||||
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
.oauth2Client(oauth2 -> oauth2
|
||||
.oauth2Client((oauth2) -> oauth2
|
||||
.authorizationRequestRepository(this.authorizationRequestRepository())
|
||||
// ...
|
||||
);
|
||||
@ -370,7 +370,7 @@ public class OAuth2ClientSecurityConfig {
|
||||
@Bean
|
||||
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
.oauth2Client(oauth2 -> oauth2
|
||||
.oauth2Client((oauth2) -> oauth2
|
||||
.authenticationManager(this.authorizationCodeAuthenticationManager())
|
||||
// ...
|
||||
);
|
||||
@ -461,7 +461,7 @@ ReactiveOAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> refreshT
|
||||
ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider =
|
||||
ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
|
||||
.authorizationCode()
|
||||
.refreshToken(configurer -> configurer.accessTokenResponseClient(refreshTokenTokenResponseClient))
|
||||
.refreshToken((configurer) -> configurer.accessTokenResponseClient(refreshTokenTokenResponseClient))
|
||||
.build();
|
||||
|
||||
// ...
|
||||
@ -540,7 +540,7 @@ ReactiveOAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> cli
|
||||
|
||||
ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider =
|
||||
ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
|
||||
.clientCredentials(configurer -> configurer.accessTokenResponseClient(clientCredentialsTokenResponseClient))
|
||||
.clientCredentials((configurer) -> configurer.accessTokenResponseClient(clientCredentialsTokenResponseClient))
|
||||
.build();
|
||||
|
||||
// ...
|
||||
@ -748,7 +748,7 @@ ReactiveOAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> passwordToke
|
||||
|
||||
ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider =
|
||||
ReactiveOAuth2AuthorizedClientProviderBuilder.builder()
|
||||
.password(configurer -> configurer.accessTokenResponseClient(passwordTokenResponseClient))
|
||||
.password((configurer) -> configurer.accessTokenResponseClient(passwordTokenResponseClient))
|
||||
.refreshToken()
|
||||
.build();
|
||||
|
||||
|
||||
@ -38,7 +38,7 @@ public class OAuth2ClientSecurityConfig {
|
||||
@Bean
|
||||
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
.oauth2Client(oauth2 -> oauth2
|
||||
.oauth2Client((oauth2) -> oauth2
|
||||
.clientRegistrationRepository(this.clientRegistrationRepository())
|
||||
.authorizedClientRepository(this.authorizedClientRepository())
|
||||
.authorizationRequestRepository(this.authorizationRequestRepository())
|
||||
|
||||
@ -36,7 +36,7 @@ public class OAuth2LoginSecurityConfig {
|
||||
@Bean
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
.oauth2Login(oauth2 -> oauth2
|
||||
.oauth2Login((oauth2) -> oauth2
|
||||
.authenticationConverter(this.authenticationConverter())
|
||||
.authenticationMatcher(this.authenticationMatcher())
|
||||
.authenticationManager(this.authenticationManager())
|
||||
@ -135,10 +135,10 @@ public class OAuth2LoginSecurityConfig {
|
||||
@Bean
|
||||
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
.exceptionHandling(exceptionHandling -> exceptionHandling
|
||||
.exceptionHandling((exceptionHandling) -> exceptionHandling
|
||||
.authenticationEntryPoint(new RedirectServerAuthenticationEntryPoint("/login/oauth2"))
|
||||
)
|
||||
.oauth2Login(oauth2 -> oauth2
|
||||
.oauth2Login((oauth2) -> oauth2
|
||||
.authorizationRequestResolver(this.authorizationRequestResolver())
|
||||
);
|
||||
|
||||
@ -239,7 +239,7 @@ public class OAuth2LoginSecurityConfig {
|
||||
@Bean
|
||||
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
.oauth2Login(oauth2 -> oauth2
|
||||
.oauth2Login((oauth2) -> oauth2
|
||||
.authenticationMatcher(new PathPatternParserServerWebExchangeMatcher("/login/oauth2/callback/{registrationId}"))
|
||||
);
|
||||
|
||||
@ -688,7 +688,7 @@ Java::
|
||||
@Bean
|
||||
public ReactiveJwtDecoderFactory<ClientRegistration> idTokenDecoderFactory() {
|
||||
ReactiveOidcIdTokenDecoderFactory idTokenDecoderFactory = new ReactiveOidcIdTokenDecoderFactory();
|
||||
idTokenDecoderFactory.setJwsAlgorithmResolver(clientRegistration -> MacAlgorithm.HS256);
|
||||
idTokenDecoderFactory.setJwsAlgorithmResolver((clientRegistration) -> clientRegistration.HS256);
|
||||
return idTokenDecoderFactory;
|
||||
}
|
||||
----
|
||||
|
||||
@ -337,7 +337,7 @@ public class OAuth2LoginSecurityConfig {
|
||||
@Bean
|
||||
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
.authorizeExchange(authorize -> authorize
|
||||
.authorizeExchange((authorize) -> authorize
|
||||
.anyExchange().authenticated()
|
||||
)
|
||||
.oauth2Login(withDefaults());
|
||||
@ -390,7 +390,7 @@ public class OAuth2LoginConfig {
|
||||
@Bean
|
||||
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
.authorizeExchange(authorize -> authorize
|
||||
.authorizeExchange((authorize) -> authorize
|
||||
.anyExchange().authenticated()
|
||||
)
|
||||
.oauth2Login(withDefaults());
|
||||
@ -487,7 +487,7 @@ public class OAuth2LoginConfig {
|
||||
@Bean
|
||||
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
.authorizeExchange(authorize -> authorize
|
||||
.authorizeExchange((authorize) -> authorize
|
||||
.anyExchange().authenticated()
|
||||
)
|
||||
.oauth2Login(withDefaults());
|
||||
|
||||
@ -19,7 +19,7 @@ Java::
|
||||
ServerBearerTokenAuthenticationConverter converter = new ServerBearerTokenAuthenticationConverter();
|
||||
converter.setBearerTokenHeaderName(HttpHeaders.PROXY_AUTHORIZATION);
|
||||
http
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.oauth2ResourceServer((oauth2) -> oauth2
|
||||
.bearerTokenConverter(converter)
|
||||
);
|
||||
----
|
||||
@ -108,7 +108,7 @@ Java::
|
||||
----
|
||||
this.rest.get()
|
||||
.uri("https://other-service.example.com/endpoint")
|
||||
.headers(headers -> headers.setBearerAuth(overridingToken))
|
||||
.headers((headers) -> headers.setBearerAuth(overridingToken))
|
||||
.retrieve()
|
||||
.bodyToMono(String.class)
|
||||
----
|
||||
|
||||
@ -128,7 +128,7 @@ Java::
|
||||
@Bean
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
.authorizeExchange(exchanges -> exchanges
|
||||
.authorizeExchange((exchanges) -> exchanges
|
||||
.anyExchange().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(OAuth2ResourceServerSpec::jwt)
|
||||
@ -170,11 +170,11 @@ import static org.springframework.security.oauth2.core.authorization.OAuth2React
|
||||
@Bean
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
.authorizeExchange(exchanges -> exchanges
|
||||
.authorizeExchange((exchanges) -> exchanges
|
||||
.pathMatchers("/message/**").access(hasScope("message:read"))
|
||||
.anyExchange().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.oauth2ResourceServer((oauth2) -> oauth2
|
||||
.jwt(withDefaults())
|
||||
);
|
||||
return http.build();
|
||||
@ -254,11 +254,11 @@ Java::
|
||||
@Bean
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
.authorizeExchange(exchanges -> exchanges
|
||||
.authorizeExchange((exchanges) -> exchanges
|
||||
.anyExchange().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.jwt(jwt -> jwt
|
||||
.oauth2ResourceServer((oauth2) -> oauth2
|
||||
.jwt((jwt) -> jwt
|
||||
.jwkSetUri("https://idp.example.com/.well-known/jwks.json")
|
||||
)
|
||||
);
|
||||
@ -302,11 +302,11 @@ Java::
|
||||
@Bean
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
.authorizeExchange(exchanges -> exchanges
|
||||
.authorizeExchange((exchanges) -> exchanges
|
||||
.anyExchange().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.jwt(jwt -> jwt
|
||||
.oauth2ResourceServer((oauth2) -> oauth2
|
||||
.jwt((jwt) -> jwt
|
||||
.decoder(myCustomDecoder())
|
||||
)
|
||||
);
|
||||
@ -691,7 +691,7 @@ import static org.springframework.security.oauth2.core.authorization.OAuth2React
|
||||
@Bean
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
.authorizeExchange(exchanges -> exchanges
|
||||
.authorizeExchange((exchanges) -> exchanges
|
||||
.mvcMatchers("/contacts/**").access(hasScope("contacts"))
|
||||
.mvcMatchers("/messages/**").access(hasScope("messages"))
|
||||
.anyExchange().authenticated()
|
||||
@ -762,11 +762,11 @@ Java::
|
||||
@Bean
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
.authorizeExchange(exchanges -> exchanges
|
||||
.authorizeExchange((exchanges) -> exchanges
|
||||
.anyExchange().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.jwt(jwt -> jwt
|
||||
.oauth2ResourceServer((oauth2) -> oauth2
|
||||
.jwt((jwt) -> jwt
|
||||
.jwtAuthenticationConverter(grantedAuthoritiesExtractor())
|
||||
)
|
||||
);
|
||||
|
||||
@ -27,10 +27,10 @@ JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver = J
|
||||
.fromTrustedIssuers("https://idp.example.org/issuerOne", "https://idp.example.org/issuerTwo");
|
||||
|
||||
http
|
||||
.authorizeExchange(exchanges -> exchanges
|
||||
.authorizeExchange((exchanges) -> exchanges
|
||||
.anyExchange().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.oauth2ResourceServer((oauth2) -> oauth2
|
||||
.authenticationManagerResolver(authenticationManagerResolver)
|
||||
);
|
||||
----
|
||||
@ -74,7 +74,7 @@ private Mono<ReactiveAuthenticationManager> addManager(
|
||||
return Mono.fromCallable(() -> ReactiveJwtDecoders.fromIssuerLocation(issuer))
|
||||
.subscribeOn(Schedulers.boundedElastic())
|
||||
.map(JwtReactiveAuthenticationManager::new)
|
||||
.doOnNext(authenticationManager -> authenticationManagers.put(issuer, authenticationManager));
|
||||
.doOnNext((authenticationManager) -> authenticationManager.put(issuer, authenticationManager));
|
||||
}
|
||||
|
||||
// ...
|
||||
@ -83,10 +83,10 @@ JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver =
|
||||
new JwtIssuerReactiveAuthenticationManagerResolver(authenticationManagers::get);
|
||||
|
||||
http
|
||||
.authorizeExchange(exchanges -> exchanges
|
||||
.authorizeExchange((exchanges) -> exchanges
|
||||
.anyExchange().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.oauth2ResourceServer((oauth2) -> oauth2
|
||||
.authenticationManagerResolver(authenticationManagerResolver)
|
||||
);
|
||||
----
|
||||
|
||||
@ -176,7 +176,7 @@ Java::
|
||||
@Bean
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
.authorizeExchange(exchanges -> exchanges
|
||||
.authorizeExchange((exchanges) -> exchanges
|
||||
.anyExchange().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(ServerHttpSecurity.OAuth2ResourceServerSpec::opaqueToken)
|
||||
@ -221,12 +221,12 @@ public class MyCustomSecurityConfiguration {
|
||||
@Bean
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
.authorizeExchange(exchanges -> exchanges
|
||||
.authorizeExchange((exchanges) -> exchanges
|
||||
.pathMatchers("/messages/**").access(hasScope("message:read"))
|
||||
.anyExchange().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.opaqueToken(opaqueToken -> opaqueToken
|
||||
.oauth2ResourceServer((oauth2) -> oauth2
|
||||
.opaqueToken((opaqueToken) -> opaqueToken
|
||||
.introspector(myIntrospector())
|
||||
)
|
||||
);
|
||||
@ -310,11 +310,11 @@ public class DirectlyConfiguredIntrospectionUri {
|
||||
@Bean
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
.authorizeExchange(exchanges -> exchanges
|
||||
.authorizeExchange((exchanges) -> exchanges
|
||||
.anyExchange().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.opaqueToken(opaqueToken -> opaqueToken
|
||||
.oauth2ResourceServer((oauth2) -> oauth2
|
||||
.opaqueToken((opaqueToken) -> opaqueToken
|
||||
.introspectionUri("https://idp.example.com/introspect")
|
||||
.introspectionClientCredentials("client", "secret")
|
||||
)
|
||||
@ -364,11 +364,11 @@ public class DirectlyConfiguredIntrospector {
|
||||
@Bean
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
.authorizeExchange(exchanges -> exchanges
|
||||
.authorizeExchange((exchanges) -> exchanges
|
||||
.anyExchange().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.opaqueToken(opaqueToken -> opaqueToken
|
||||
.oauth2ResourceServer((oauth2) -> oauth2
|
||||
.opaqueToken((opaqueToken) -> opaqueToken
|
||||
.introspector(myCustomIntrospector())
|
||||
)
|
||||
);
|
||||
@ -457,7 +457,7 @@ public class MappedAuthorities {
|
||||
@Bean
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http
|
||||
.authorizeExchange(exchange -> exchange
|
||||
.authorizeExchange((exchange) -> exchange
|
||||
.pathMatchers("/contacts/**").access(hasScope("contacts"))
|
||||
.pathMatchers("/messages/**").access(hasScope("messages"))
|
||||
.anyExchange().authenticated()
|
||||
@ -543,7 +543,7 @@ public class CustomAuthoritiesOpaqueTokenIntrospector implements ReactiveOpaqueT
|
||||
|
||||
public Mono<OAuth2AuthenticatedPrincipal> introspect(String token) {
|
||||
return this.delegate.introspect(token)
|
||||
.map(principal -> new DefaultOAuth2AuthenticatedPrincipal(
|
||||
.map((principal) -> principal DefaultOAuth2AuthenticatedPrincipal(
|
||||
principal.getName(), principal.getAttributes(), extractAuthorities(principal)));
|
||||
}
|
||||
|
||||
@ -650,8 +650,8 @@ public class JwtOpaqueTokenIntrospector implements ReactiveOpaqueTokenIntrospect
|
||||
|
||||
public Mono<OAuth2AuthenticatedPrincipal> introspect(String token) {
|
||||
return this.delegate.introspect(token)
|
||||
.flatMap(principal -> this.jwtDecoder.decode(token))
|
||||
.map(jwt -> new DefaultOAuth2AuthenticatedPrincipal(jwt.getClaims(), NO_AUTHORITIES));
|
||||
.flatMap((principal) -> principal.jwtDecoder.decode(token))
|
||||
.map((jwt) -> jwt DefaultOAuth2AuthenticatedPrincipal(jwt.getClaims(), NO_AUTHORITIES));
|
||||
}
|
||||
|
||||
private static class ParseOnlyJWTProcessor implements Converter<JWT, Mono<JWTClaimsSet>> {
|
||||
|
||||
@ -227,7 +227,7 @@ Java::
|
||||
----
|
||||
client
|
||||
.mutateWith(mockOidcLogin()
|
||||
.idToken(token -> token.claim("user_id", "1234"))
|
||||
.idToken((token) -> token.claim("user_id", "1234"))
|
||||
)
|
||||
.get().uri("/endpoint").exchange();
|
||||
----
|
||||
@ -470,7 +470,7 @@ Java::
|
||||
----
|
||||
client
|
||||
.mutateWith(mockOAuth2Login()
|
||||
.attributes(attrs -> attrs.put("user_id", "1234"))
|
||||
.attributes((attrs) -> attrs.put("user_id", "1234"))
|
||||
)
|
||||
.get().uri("/endpoint").exchange();
|
||||
----
|
||||
@ -869,7 +869,7 @@ Java::
|
||||
[source,java,role="primary"]
|
||||
----
|
||||
client
|
||||
.mutateWith(mockJwt().jwt(jwt -> jwt.header("kid", "one")
|
||||
.mutateWith(mockJwt().jwt((jwt) -> jwt.header("kid", "one")
|
||||
.claim("iss", "https://idp.example.org")))
|
||||
.get().uri("/endpoint").exchange();
|
||||
----
|
||||
@ -893,7 +893,7 @@ Java::
|
||||
[source,java,role="primary"]
|
||||
----
|
||||
client
|
||||
.mutateWith(mockJwt().jwt(jwt -> jwt.claims(claims -> claims.remove("scope"))))
|
||||
.mutateWith(mockJwt().jwt((jwt) -> jwt.claims((claims) -> claims.remove("scope"))))
|
||||
.get().uri("/endpoint").exchange();
|
||||
----
|
||||
|
||||
@ -1206,7 +1206,7 @@ Java::
|
||||
----
|
||||
client
|
||||
.mutateWith(mockOpaqueToken()
|
||||
.attributes(attrs -> attrs.put("user_id", "1234"))
|
||||
.attributes((attrs) -> attrs.put("user_id", "1234"))
|
||||
)
|
||||
.get().uri("/endpoint").exchange();
|
||||
----
|
||||
|
||||
@ -171,7 +171,7 @@ public class SecurityConfig {
|
||||
.csrf(Customizer.withDefaults())
|
||||
.httpBasic(Customizer.withDefaults())
|
||||
.formLogin(Customizer.withDefaults())
|
||||
.authorizeHttpRequests(authorize -> authorize
|
||||
.authorizeHttpRequests((authorize) -> authorize
|
||||
.anyRequest().authenticated()
|
||||
);
|
||||
|
||||
|
||||
@ -64,7 +64,7 @@ DigestAuthenticationFilter digestAuthenticationFilter() {
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
// ...
|
||||
.exceptionHandling(e -> e.authenticationEntryPoint(authenticationEntryPoint()))
|
||||
.exceptionHandling((e) -> e.authenticationEntryPoint(authenticationEntryPoint()))
|
||||
.addFilter(digestAuthenticationFilter());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
@ -120,7 +120,7 @@ Java::
|
||||
----
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) {
|
||||
http
|
||||
.formLogin(form -> form
|
||||
.formLogin((form) -> form
|
||||
.loginPage("/login")
|
||||
.permitAll()
|
||||
);
|
||||
|
||||
@ -359,7 +359,7 @@ Java::
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) {
|
||||
http
|
||||
.sessionManagement(session -> session
|
||||
.sessionManagement((session) -> session
|
||||
.maximumSessions(1)
|
||||
);
|
||||
return http.build();
|
||||
@ -412,7 +412,7 @@ Java::
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) {
|
||||
AuthorizationManager<?> isAdmin = AuthorityAuthorizationManager.hasRole("ADMIN");
|
||||
http
|
||||
.sessionManagement(session -> session
|
||||
.sessionManagement((session) -> session
|
||||
.maximumSessions((authentication) -> isAdmin.authorize(() -> authentication, null).isGranted() ? -1 : 1)
|
||||
);
|
||||
return http.build();
|
||||
@ -504,7 +504,7 @@ Java::
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) {
|
||||
http
|
||||
.sessionManagement(session -> session
|
||||
.sessionManagement((session) -> session
|
||||
.maximumSessions(1)
|
||||
.maxSessionsPreventsLogin(true)
|
||||
);
|
||||
@ -612,7 +612,7 @@ Java::
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) {
|
||||
http
|
||||
.sessionManagement(session -> session
|
||||
.sessionManagement((session) -> session
|
||||
.invalidSessionUrl("/invalidSession")
|
||||
);
|
||||
return http.build();
|
||||
@ -663,7 +663,7 @@ Java::
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) {
|
||||
http
|
||||
.sessionManagement(session -> session
|
||||
.sessionManagement((session) -> session
|
||||
.invalidSessionStrategy(new MyCustomInvalidSessionStrategy())
|
||||
);
|
||||
return http.build();
|
||||
@ -767,7 +767,7 @@ Java::
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) {
|
||||
http
|
||||
.logout(logout -> logout
|
||||
.logout((logout) -> logout
|
||||
.deleteCookies("JSESSIONID")
|
||||
);
|
||||
return http.build();
|
||||
@ -971,7 +971,7 @@ Java::
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) {
|
||||
http
|
||||
.sessionManagement(session -> session
|
||||
.sessionManagement((session) -> session
|
||||
.sessionCreationPolicy(SessionCreationPolicy.ALWAYS)
|
||||
);
|
||||
return http.build();
|
||||
|
||||
@ -741,7 +741,7 @@ import static org.springframework.security.authorization.AuthorityAuthorizationM
|
||||
SecurityFilterChain web(HttpSecurity http) throws Exception {
|
||||
http
|
||||
// ...
|
||||
.authorizeHttpRequests(authorize -> authorize // <1>
|
||||
.authorizeHttpRequests((authorize) -> authorize // <1>
|
||||
.dispatcherTypeMatchers(FORWARD, ERROR).permitAll() // <2>
|
||||
.requestMatchers("/static/**", "/signup", "/about").permitAll() // <3>
|
||||
.requestMatchers("/admin/**").hasRole("ADMIN") // <4>
|
||||
@ -1043,7 +1043,7 @@ public class SecurityConfig {
|
||||
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.securityMatcher("/api/**") <1>
|
||||
.authorizeHttpRequests(authorize -> authorize
|
||||
.authorizeHttpRequests((authorize) -> authorize
|
||||
.requestMatchers("/api/user/**").hasRole("USER") <2>
|
||||
.requestMatchers("/api/admin/**").hasRole("ADMIN") <3>
|
||||
.anyRequest().authenticated() <4>
|
||||
@ -1106,7 +1106,7 @@ public class SecurityConfig {
|
||||
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.securityMatcher(antMatcher("/api/**")) <2>
|
||||
.authorizeHttpRequests(authorize -> authorize
|
||||
.authorizeHttpRequests((authorize) -> authorize
|
||||
.requestMatchers(antMatcher("/api/user/**")).hasRole("USER") <3>
|
||||
.requestMatchers(regexMatcher("/api/admin/.*")).hasRole("ADMIN") <4>
|
||||
.requestMatchers(new MyCustomRequestMatcher()).hasRole("SUPERVISOR") <5>
|
||||
|
||||
@ -173,7 +173,7 @@ It is configured with the following default implementation:
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeHttpRequests(authorize -> authorize
|
||||
.authorizeHttpRequests((authorize) -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.formLogin(Customizer.withDefaults())
|
||||
@ -228,7 +228,7 @@ public class MultiHttpSecurityConfig {
|
||||
public SecurityFilterChain apiFilterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.securityMatcher("/api/**") <3>
|
||||
.authorizeHttpRequests(authorize -> authorize
|
||||
.authorizeHttpRequests((authorize) -> authorize
|
||||
.anyRequest().hasRole("ADMIN")
|
||||
)
|
||||
.httpBasic(Customizer.withDefaults());
|
||||
@ -238,7 +238,7 @@ public class MultiHttpSecurityConfig {
|
||||
@Bean <4>
|
||||
public SecurityFilterChain formLoginFilterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeHttpRequests(authorize -> authorize
|
||||
.authorizeHttpRequests((authorize) -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.formLogin(Customizer.withDefaults());
|
||||
@ -297,7 +297,7 @@ public class PartialSecurityConfig {
|
||||
public SecurityFilterChain securedFilterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.securityMatcher("/secured/**") <1>
|
||||
.authorizeHttpRequests(authorize -> authorize
|
||||
.authorizeHttpRequests((authorize) -> authorize
|
||||
.requestMatchers("/secured/user").hasRole("USER") <2>
|
||||
.requestMatchers("/secured/admin").hasRole("ADMIN") <3>
|
||||
.anyRequest().authenticated() <4>
|
||||
@ -357,15 +357,15 @@ public class SecuredSecurityConfig {
|
||||
public SecurityFilterChain securedFilterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.securityMatcher("/secured/**") <1>
|
||||
.authorizeHttpRequests(authorize -> authorize
|
||||
.authorizeHttpRequests((authorize) -> authorize
|
||||
.anyRequest().authenticated() <2>
|
||||
)
|
||||
.formLogin(formLogin -> formLogin <3>
|
||||
.formLogin((formLogin) -> formLogin <3>
|
||||
.loginPage("/secured/login")
|
||||
.loginProcessingUrl("/secured/login")
|
||||
.permitAll()
|
||||
)
|
||||
.logout(logout -> logout <4>
|
||||
.logout((logout) -> logout <4>
|
||||
.logoutUrl("/secured/logout")
|
||||
.logoutSuccessUrl("/secured/login?logout")
|
||||
.permitAll()
|
||||
@ -377,7 +377,7 @@ public class SecuredSecurityConfig {
|
||||
@Bean
|
||||
public SecurityFilterChain defaultFilterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeHttpRequests(authorize -> authorize
|
||||
.authorizeHttpRequests((authorize) -> authorize
|
||||
.anyRequest().denyAll() <5>
|
||||
);
|
||||
return http.build();
|
||||
@ -424,7 +424,7 @@ public class BankingSecurityConfig {
|
||||
String[] approvalsPaths = { "/accounts/approvals/**", "/loans/approvals/**", "/credit-cards/approvals/**" };
|
||||
http
|
||||
.securityMatcher(approvalsPaths)
|
||||
.authorizeHttpRequests(authorize -> authorize
|
||||
.authorizeHttpRequests((authorize) -> authorize
|
||||
.anyRequest().hasRole("ADMIN")
|
||||
)
|
||||
.httpBasic(Customizer.withDefaults());
|
||||
@ -438,7 +438,7 @@ public class BankingSecurityConfig {
|
||||
String[] viewBalancePaths = { "/balances/**" };
|
||||
http
|
||||
.securityMatcher(bankingPaths)
|
||||
.authorizeHttpRequests(authorize -> authorize
|
||||
.authorizeHttpRequests((authorize) -> authorize
|
||||
.requestMatchers(viewBalancePaths).hasRole("VIEW_BALANCE")
|
||||
.anyRequest().hasRole("USER")
|
||||
);
|
||||
@ -449,15 +449,15 @@ public class BankingSecurityConfig {
|
||||
public SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
|
||||
String[] allowedPaths = { "/", "/user-login", "/user-logout", "/notices", "/contact", "/register" };
|
||||
http
|
||||
.authorizeHttpRequests(authorize -> authorize
|
||||
.authorizeHttpRequests((authorize) -> authorize
|
||||
.requestMatchers(allowedPaths).permitAll()
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.formLogin(formLogin -> formLogin
|
||||
.formLogin((formLogin) -> formLogin
|
||||
.loginPage("/user-login")
|
||||
.loginProcessingUrl("/user-login")
|
||||
)
|
||||
.logout(logout -> logout
|
||||
.logout((logout) -> logout
|
||||
.logoutUrl("/user-logout")
|
||||
.logoutSuccessUrl("/?logout")
|
||||
);
|
||||
@ -680,7 +680,7 @@ For example, to configure the `filterSecurityPublishAuthorizationSuccess` proper
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeHttpRequests(authorize -> authorize
|
||||
.authorizeHttpRequests((authorize) -> authorize
|
||||
.anyRequest().authenticated()
|
||||
.withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() {
|
||||
public <O extends FilterSecurityInterceptor> O postProcess(
|
||||
|
||||
@ -30,8 +30,8 @@ public class WebSecurityConfig {
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
// ...
|
||||
.headers(headers -> headers
|
||||
.frameOptions(frameOptions -> frameOptions
|
||||
.headers((headers) -> headers
|
||||
.frameOptions((frameOptions) -> frameOptions
|
||||
.sameOrigin()
|
||||
)
|
||||
);
|
||||
@ -96,7 +96,7 @@ public class WebSecurityConfig {
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
// ...
|
||||
.headers(headers -> headers
|
||||
.headers((headers) -> headers
|
||||
// do not use any default headers unless explicitly listed
|
||||
.defaultsDisabled()
|
||||
.cacheControl(withDefaults())
|
||||
@ -160,7 +160,7 @@ public class WebSecurityConfig {
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
// ...
|
||||
.headers(headers -> headers.disable());
|
||||
.headers((headers) -> headers.disable());
|
||||
return http.build();
|
||||
}
|
||||
}
|
||||
@ -226,8 +226,8 @@ public class WebSecurityConfig {
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
// ...
|
||||
.headers(headers -> headers
|
||||
.cacheControl(cache -> cache.disable())
|
||||
.headers((headers) -> headers
|
||||
.cacheControl((cache) -> cache.disable())
|
||||
);
|
||||
return http.build();
|
||||
}
|
||||
@ -291,8 +291,8 @@ public class WebSecurityConfig {
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
// ...
|
||||
.headers(headers -> headers
|
||||
.contentTypeOptions(contentTypeOptions -> contentTypeOptions.disable())
|
||||
.headers((headers) -> headers
|
||||
.contentTypeOptions((contentTypeOptions) -> contentTypeOptions.disable())
|
||||
);
|
||||
return http.build();
|
||||
}
|
||||
@ -357,8 +357,8 @@ public class WebSecurityConfig {
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
// ...
|
||||
.headers(headers -> headers
|
||||
.httpStrictTransportSecurity(hsts -> hsts
|
||||
.headers((headers) -> headers
|
||||
.httpStrictTransportSecurity((hsts) -> hsts
|
||||
.includeSubDomains(true)
|
||||
.preload(true)
|
||||
.maxAgeInSeconds(31536000)
|
||||
@ -431,8 +431,8 @@ public class WebSecurityConfig {
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
// ...
|
||||
.headers(headers -> headers
|
||||
.httpPublicKeyPinning(hpkp -> hpkp
|
||||
.headers((headers) -> headers
|
||||
.httpPublicKeyPinning((hpkp) -> hpkp
|
||||
.includeSubDomains(true)
|
||||
.reportUri("https://example.net/pkp-report")
|
||||
.addSha256Pins("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=", "E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=")
|
||||
@ -511,8 +511,8 @@ public class WebSecurityConfig {
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
// ...
|
||||
.headers(headers -> headers
|
||||
.frameOptions(frameOptions -> frameOptions
|
||||
.headers((headers) -> headers
|
||||
.frameOptions((frameOptions) -> frameOptions
|
||||
.sameOrigin()
|
||||
)
|
||||
);
|
||||
@ -582,8 +582,8 @@ public class WebSecurityConfig {
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
// ...
|
||||
.headers(headers -> headers
|
||||
.xssProtection(xss -> xss
|
||||
.headers((headers) -> headers
|
||||
.xssProtection((xss) -> xss
|
||||
.headerValue(XXssProtectionHeaderWriter.HeaderValue.ENABLED_MODE_BLOCK)
|
||||
)
|
||||
);
|
||||
@ -660,8 +660,8 @@ public class WebSecurityConfig {
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
// ...
|
||||
.headers(headers -> headers
|
||||
.contentSecurityPolicy(csp -> csp
|
||||
.headers((headers) -> headers
|
||||
.contentSecurityPolicy((csp) -> csp
|
||||
.policyDirectives("script-src 'self' https://trustedscripts.example.com; object-src https://trustedplugins.example.com; report-uri /csp-report-endpoint/")
|
||||
)
|
||||
);
|
||||
@ -725,8 +725,8 @@ public class WebSecurityConfig {
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
// ...
|
||||
.headers(headers -> headers
|
||||
.contentSecurityPolicy(csp -> csp
|
||||
.headers((headers) -> headers
|
||||
.contentSecurityPolicy((csp) -> csp
|
||||
.policyDirectives("script-src 'self' https://trustedscripts.example.com; object-src https://trustedplugins.example.com; report-uri /csp-report-endpoint/")
|
||||
.reportOnly()
|
||||
)
|
||||
@ -797,8 +797,8 @@ public class WebSecurityConfig {
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
// ...
|
||||
.headers(headers -> headers
|
||||
.referrerPolicy(referrer -> referrer
|
||||
.headers((headers) -> headers
|
||||
.referrerPolicy((referrer) -> referrer
|
||||
.policy(ReferrerPolicy.SAME_ORIGIN)
|
||||
)
|
||||
);
|
||||
@ -873,7 +873,7 @@ public class WebSecurityConfig {
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
// ...
|
||||
.headers(headers -> headers
|
||||
.headers((headers) -> headers
|
||||
.featurePolicy("geolocation 'self'")
|
||||
);
|
||||
return http.build();
|
||||
@ -945,8 +945,8 @@ public class WebSecurityConfig {
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
// ...
|
||||
.headers(headers -> headers
|
||||
.permissionsPolicy(permissions -> permissions
|
||||
.headers((headers) -> headers
|
||||
.permissionsPolicy((permissions) -> permissions
|
||||
.policy("geolocation=(self)")
|
||||
)
|
||||
);
|
||||
@ -1082,7 +1082,7 @@ public class WebSecurityConfig {
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
// ...
|
||||
.headers(headers -> headers
|
||||
.headers((headers) -> headers
|
||||
.addHeaderWriter(new StaticHeadersWriter("X-Custom-Security-Header","header-value"))
|
||||
);
|
||||
return http.build();
|
||||
@ -1147,7 +1147,7 @@ public class WebSecurityConfig {
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
// ...
|
||||
.headers(headers -> headers
|
||||
.headers((headers) -> headers
|
||||
.addHeaderWriter(new XFrameOptionsHeaderWriter(XFrameOptionsMode.SAMEORIGIN))
|
||||
);
|
||||
return http.build();
|
||||
@ -1223,8 +1223,8 @@ public class WebSecurityConfig {
|
||||
new DelegatingRequestMatcherHeaderWriter(matcher,new XFrameOptionsHeaderWriter());
|
||||
http
|
||||
// ...
|
||||
.headers(headers -> headers
|
||||
.frameOptions(frameOptions -> frameOptions.disable())
|
||||
.headers((headers) -> headers
|
||||
.frameOptions((frameOptions) -> frameOptions.disable())
|
||||
.addHeaderWriter(headerWriter)
|
||||
);
|
||||
return http.build();
|
||||
|
||||
@ -440,7 +440,7 @@ public class WebSocketSecurityConfig implements WebSocketMessageBrokerConfigurer
|
||||
private final ApplicationContext applicationContext;
|
||||
|
||||
private final AuthorizationManager<Message<?>> authorizationManager;
|
||||
|
||||
|
||||
public WebSocketSecurityConfig(ApplicationContext applicationContext, AuthorizationManager<Message<?>> authorizationManager) {
|
||||
this.applicationContext = applicationContext;
|
||||
this.authorizationManager = authorizationManager;
|
||||
@ -607,8 +607,8 @@ public class WebSecurityConfig {
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
// ...
|
||||
.headers(headers -> headers
|
||||
.frameOptions(frameOptions -> frameOptions
|
||||
.headers((headers) -> headers
|
||||
.frameOptions((frameOptions) -> frameOptions
|
||||
.sameOrigin()
|
||||
)
|
||||
);
|
||||
@ -670,17 +670,17 @@ public class WebSecurityConfig {
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.csrf(csrf -> csrf
|
||||
.csrf((csrf) -> csrf
|
||||
// ignore our stomp endpoints since they are protected using Stomp headers
|
||||
.ignoringRequestMatchers("/chat/**")
|
||||
)
|
||||
.headers(headers -> headers
|
||||
.headers((headers) -> headers
|
||||
// allow same origin to frame our site to support iframe SockJS
|
||||
.frameOptions(frameOptions -> frameOptions
|
||||
.frameOptions((frameOptions) -> frameOptions
|
||||
.sameOrigin()
|
||||
)
|
||||
)
|
||||
.authorizeHttpRequests(authorize -> authorize
|
||||
.authorizeHttpRequests((authorize) -> authorize
|
||||
...
|
||||
)
|
||||
...
|
||||
|
||||
@ -147,11 +147,11 @@ public class OAuth2LoginSecurityConfig {
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeHttpRequests(authorize -> authorize
|
||||
.authorizeHttpRequests((authorize) -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.oauth2Login(oauth2 -> oauth2
|
||||
.authorizationEndpoint(authorization -> authorization
|
||||
.oauth2Login((oauth2) -> oauth2
|
||||
.authorizationEndpoint((authorization) -> authorization
|
||||
.authorizationRequestResolver(
|
||||
authorizationRequestResolver(this.clientRegistrationRepository)
|
||||
)
|
||||
@ -174,7 +174,7 @@ public class OAuth2LoginSecurityConfig {
|
||||
|
||||
private Consumer<OAuth2AuthorizationRequest.Builder> authorizationRequestCustomizer() {
|
||||
return customizer -> customizer
|
||||
.additionalParameters(params -> params.put("prompt", "consent"));
|
||||
.additionalParameters((params) -> params.put("prompt", "consent"));
|
||||
}
|
||||
}
|
||||
----
|
||||
@ -257,7 +257,7 @@ Java::
|
||||
----
|
||||
private Consumer<OAuth2AuthorizationRequest.Builder> authorizationRequestCustomizer() {
|
||||
return customizer -> customizer
|
||||
.authorizationRequestUri(uriBuilder -> uriBuilder
|
||||
.authorizationRequestUri((uriBuilder) -> uriBuilder
|
||||
.queryParam("prompt", "consent").build());
|
||||
}
|
||||
----
|
||||
@ -306,14 +306,14 @@ public class OAuth2ClientSecurityConfig {
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.oauth2Client(oauth2 -> oauth2
|
||||
.authorizationCodeGrant(codeGrant -> codeGrant
|
||||
.oauth2Client((oauth2) -> oauth2
|
||||
.authorizationCodeGrant((codeGrant) -> codeGrant
|
||||
.authorizationRequestRepository(this.authorizationRequestRepository())
|
||||
// ...
|
||||
)
|
||||
)
|
||||
.oauth2Login(oauth2 -> oauth2
|
||||
.authorizationEndpoint(endpoint -> endpoint
|
||||
.oauth2Login((oauth2) -> oauth2
|
||||
.authorizationEndpoint((endpoint) -> endpoint
|
||||
.authorizationRequestRepository(this.authorizationRequestRepository())
|
||||
// ...
|
||||
)
|
||||
@ -412,8 +412,8 @@ public class OAuth2ClientSecurityConfig {
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.oauth2Client(oauth2 -> oauth2
|
||||
.authorizationCodeGrant(codeGrant -> codeGrant
|
||||
.oauth2Client((oauth2) -> oauth2
|
||||
.authorizationCodeGrant((codeGrant) -> codeGrant
|
||||
.accessTokenResponseClient(this.accessTokenResponseClient())
|
||||
// ...
|
||||
)
|
||||
@ -514,7 +514,7 @@ OAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> refreshTokenToke
|
||||
OAuth2AuthorizedClientProvider authorizedClientProvider =
|
||||
OAuth2AuthorizedClientProviderBuilder.builder()
|
||||
.authorizationCode()
|
||||
.refreshToken(configurer -> configurer.accessTokenResponseClient(refreshTokenTokenResponseClient))
|
||||
.refreshToken((configurer) -> configurer.accessTokenResponseClient(refreshTokenTokenResponseClient))
|
||||
.build();
|
||||
|
||||
// ...
|
||||
@ -605,7 +605,7 @@ OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> clientCrede
|
||||
|
||||
OAuth2AuthorizedClientProvider authorizedClientProvider =
|
||||
OAuth2AuthorizedClientProviderBuilder.builder()
|
||||
.clientCredentials(configurer -> configurer.accessTokenResponseClient(clientCredentialsTokenResponseClient))
|
||||
.clientCredentials((configurer) -> configurer.accessTokenResponseClient(clientCredentialsTokenResponseClient))
|
||||
.build();
|
||||
|
||||
// ...
|
||||
@ -882,7 +882,7 @@ OAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> passwordTokenRespons
|
||||
|
||||
OAuth2AuthorizedClientProvider authorizedClientProvider =
|
||||
OAuth2AuthorizedClientProviderBuilder.builder()
|
||||
.password(configurer -> configurer.accessTokenResponseClient(passwordTokenResponseClient))
|
||||
.password((configurer) -> configurer.accessTokenResponseClient(passwordTokenResponseClient))
|
||||
.refreshToken()
|
||||
.build();
|
||||
|
||||
|
||||
@ -40,11 +40,11 @@ public class OAuth2ClientSecurityConfig {
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.oauth2Client(oauth2 -> oauth2
|
||||
.oauth2Client((oauth2) -> oauth2
|
||||
.clientRegistrationRepository(this.clientRegistrationRepository())
|
||||
.authorizedClientRepository(this.authorizedClientRepository())
|
||||
.authorizedClientService(this.authorizedClientService())
|
||||
.authorizationCodeGrant(codeGrant -> codeGrant
|
||||
.authorizationCodeGrant((codeGrant) -> codeGrant
|
||||
.authorizationRequestRepository(this.authorizationRequestRepository())
|
||||
.authorizationRequestResolver(this.authorizationRequestResolver())
|
||||
.accessTokenResponseClient(this.accessTokenResponseClient())
|
||||
|
||||
@ -22,17 +22,17 @@ public class OAuth2LoginSecurityConfig {
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.oauth2Login(oauth2 -> oauth2
|
||||
.authorizationEndpoint(authorization -> authorization
|
||||
.oauth2Login((oauth2) -> oauth2
|
||||
.authorizationEndpoint((authorization) -> authorization
|
||||
...
|
||||
)
|
||||
.redirectionEndpoint(redirection -> redirection
|
||||
.redirectionEndpoint((redirection) -> redirection
|
||||
...
|
||||
)
|
||||
.tokenEndpoint(token -> token
|
||||
.tokenEndpoint((token) -> token
|
||||
...
|
||||
)
|
||||
.userInfoEndpoint(userInfo -> userInfo
|
||||
.userInfoEndpoint((userInfo) -> userInfo
|
||||
...
|
||||
)
|
||||
);
|
||||
@ -108,23 +108,23 @@ public class OAuth2LoginSecurityConfig {
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.oauth2Login(oauth2 -> oauth2
|
||||
.oauth2Login((oauth2) -> oauth2
|
||||
.clientRegistrationRepository(this.clientRegistrationRepository())
|
||||
.authorizedClientRepository(this.authorizedClientRepository())
|
||||
.authorizedClientService(this.authorizedClientService())
|
||||
.loginPage("/login")
|
||||
.authorizationEndpoint(authorization -> authorization
|
||||
.authorizationEndpoint((authorization) -> authorization
|
||||
.baseUri(this.authorizationRequestBaseUri())
|
||||
.authorizationRequestRepository(this.authorizationRequestRepository())
|
||||
.authorizationRequestResolver(this.authorizationRequestResolver())
|
||||
)
|
||||
.redirectionEndpoint(redirection -> redirection
|
||||
.redirectionEndpoint((redirection) -> redirection
|
||||
.baseUri(this.authorizationResponseBaseUri())
|
||||
)
|
||||
.tokenEndpoint(token -> token
|
||||
.tokenEndpoint((token) -> token
|
||||
.accessTokenResponseClient(this.accessTokenResponseClient())
|
||||
)
|
||||
.userInfoEndpoint(userInfo -> userInfo
|
||||
.userInfoEndpoint((userInfo) -> userInfo
|
||||
.userAuthoritiesMapper(this.userAuthoritiesMapper())
|
||||
.userService(this.oauth2UserService())
|
||||
.oidcUserService(this.oidcUserService())
|
||||
@ -250,10 +250,10 @@ public class OAuth2LoginSecurityConfig {
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.oauth2Login(oauth2 -> oauth2
|
||||
.oauth2Login((oauth2) -> oauth2
|
||||
.loginPage("/login/oauth2")
|
||||
...
|
||||
.authorizationEndpoint(authorization -> authorization
|
||||
.authorizationEndpoint((authorization) -> authorization
|
||||
.baseUri("/login/oauth2/authorization")
|
||||
...
|
||||
)
|
||||
@ -345,8 +345,8 @@ public class OAuth2LoginSecurityConfig {
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.oauth2Login(oauth2 -> oauth2
|
||||
.redirectionEndpoint(redirection -> redirection
|
||||
.oauth2Login((oauth2) -> oauth2
|
||||
.redirectionEndpoint((redirection) -> redirection
|
||||
.baseUri("/login/oauth2/callback/*")
|
||||
...
|
||||
)
|
||||
@ -469,8 +469,8 @@ public class OAuth2LoginSecurityConfig {
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.oauth2Login(oauth2 -> oauth2
|
||||
.userInfoEndpoint(userInfo -> userInfo
|
||||
.oauth2Login((oauth2) -> oauth2
|
||||
.userInfoEndpoint((userInfo) -> userInfo
|
||||
.userAuthoritiesMapper(this.userAuthoritiesMapper())
|
||||
...
|
||||
)
|
||||
@ -636,8 +636,8 @@ public class OAuth2LoginSecurityConfig {
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.oauth2Login(oauth2 -> oauth2
|
||||
.userInfoEndpoint(userInfo -> userInfo
|
||||
.oauth2Login((oauth2) -> oauth2
|
||||
.userInfoEndpoint((userInfo) -> userInfo
|
||||
.oidcUserService(this.oidcUserService())
|
||||
...
|
||||
)
|
||||
@ -776,8 +776,8 @@ public class OAuth2LoginSecurityConfig {
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.oauth2Login(oauth2 -> oauth2
|
||||
.userInfoEndpoint(userInfo -> userInfo
|
||||
.oauth2Login((oauth2) -> oauth2
|
||||
.userInfoEndpoint((userInfo) -> userInfo
|
||||
.userService(this.oauth2UserService())
|
||||
...
|
||||
)
|
||||
@ -844,8 +844,8 @@ public class OAuth2LoginSecurityConfig {
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.oauth2Login(oauth2 -> oauth2
|
||||
.userInfoEndpoint(userInfo -> userInfo
|
||||
.oauth2Login((oauth2) -> oauth2
|
||||
.userInfoEndpoint((userInfo) -> userInfo
|
||||
.oidcUserService(this.oidcUserService())
|
||||
...
|
||||
)
|
||||
@ -911,7 +911,7 @@ Java::
|
||||
@Bean
|
||||
public JwtDecoderFactory<ClientRegistration> idTokenDecoderFactory() {
|
||||
OidcIdTokenDecoderFactory idTokenDecoderFactory = new OidcIdTokenDecoderFactory();
|
||||
idTokenDecoderFactory.setJwsAlgorithmResolver(clientRegistration -> MacAlgorithm.HS256);
|
||||
idTokenDecoderFactory.setJwsAlgorithmResolver((clientRegistration) -> clientRegistration.HS256);
|
||||
return idTokenDecoderFactory;
|
||||
}
|
||||
----
|
||||
|
||||
@ -332,7 +332,7 @@ public class OAuth2LoginSecurityConfig {
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeHttpRequests(authorize -> authorize
|
||||
.authorizeHttpRequests((authorize) -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.oauth2Login(withDefaults());
|
||||
@ -381,7 +381,7 @@ public class OAuth2LoginConfig {
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeHttpRequests(authorize -> authorize
|
||||
.authorizeHttpRequests((authorize) -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.oauth2Login(withDefaults());
|
||||
@ -475,7 +475,7 @@ public class OAuth2LoginConfig {
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeHttpRequests(authorize -> authorize
|
||||
.authorizeHttpRequests((authorize) -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.oauth2Login(withDefaults());
|
||||
|
||||
@ -57,11 +57,11 @@ public class OAuth2LoginSecurityConfig {
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeHttpRequests(authorize -> authorize
|
||||
.authorizeHttpRequests((authorize) -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.oauth2Login(withDefaults())
|
||||
.logout(logout -> logout
|
||||
.logout((logout) -> logout
|
||||
.logoutSuccessHandler(oidcLogoutSuccessHandler())
|
||||
);
|
||||
return http.build();
|
||||
|
||||
@ -69,7 +69,7 @@ Java::
|
||||
DefaultBearerTokenResolver resolver = new DefaultBearerTokenResolver();
|
||||
resolver.setAllowFormEncodedBodyParameter(true);
|
||||
http
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.oauth2ResourceServer((oauth2) -> oauth2
|
||||
.bearerTokenResolver(resolver)
|
||||
);
|
||||
----
|
||||
@ -176,7 +176,7 @@ Java::
|
||||
----
|
||||
this.rest.get()
|
||||
.uri("https://other-service.example.com/endpoint")
|
||||
.headers(headers -> headers.setBearerAuth(overridingToken))
|
||||
.headers((headers) -> headers.setBearerAuth(overridingToken))
|
||||
.retrieve()
|
||||
.bodyToMono(String.class)
|
||||
.block()
|
||||
|
||||
@ -174,7 +174,7 @@ Java::
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeHttpRequests(authorize -> authorize
|
||||
.authorizeHttpRequests((authorize) -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer((oauth2) -> oauth2.jwt(Customizer.withDefaults()));
|
||||
@ -220,12 +220,12 @@ public class MyCustomSecurityConfiguration {
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeHttpRequests(authorize -> authorize
|
||||
.authorizeHttpRequests((authorize) -> authorize
|
||||
.requestMatchers("/messages/**").access(hasScope("message:read"))
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.jwt(jwt -> jwt
|
||||
.oauth2ResourceServer((oauth2) -> oauth2
|
||||
.jwt((jwt) -> jwt
|
||||
.jwtAuthenticationConverter(myConverter())
|
||||
)
|
||||
);
|
||||
@ -355,11 +355,11 @@ public class DirectlyConfiguredJwkSetUri {
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeHttpRequests(authorize -> authorize
|
||||
.authorizeHttpRequests((authorize) -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.jwt(jwt -> jwt
|
||||
.oauth2ResourceServer((oauth2) -> oauth2
|
||||
.jwt((jwt) -> jwt
|
||||
.jwkSetUri("https://idp.example.com/.well-known/jwks.json")
|
||||
)
|
||||
);
|
||||
@ -425,11 +425,11 @@ public class DirectlyConfiguredJwtDecoder {
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeHttpRequests(authorize -> authorize
|
||||
.authorizeHttpRequests((authorize) -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.jwt(jwt -> jwt
|
||||
.oauth2ResourceServer((oauth2) -> oauth2
|
||||
.jwt((jwt) -> jwt
|
||||
.decoder(myCustomDecoder())
|
||||
)
|
||||
);
|
||||
@ -875,12 +875,12 @@ public class DirectlyConfiguredJwkSetUri {
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeHttpRequests(authorize -> authorize
|
||||
.authorizeHttpRequests((authorize) -> authorize
|
||||
.requestMatchers("/contacts/**").access(hasScope("contacts"))
|
||||
.requestMatchers("/messages/**").access(hasScope("messages"))
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.oauth2ResourceServer((oauth2) -> oauth2
|
||||
.jwt(Customizer.withDefaults())
|
||||
);
|
||||
return http.build();
|
||||
@ -1107,11 +1107,11 @@ public class CustomAuthenticationConverterConfig {
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeHttpRequests(authorize -> authorize
|
||||
.authorizeHttpRequests((authorize) -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.jwt(jwt -> jwt
|
||||
.oauth2ResourceServer((oauth2) -> oauth2
|
||||
.jwt((jwt) -> jwt
|
||||
.jwtAuthenticationConverter(new CustomAuthenticationConverter())
|
||||
)
|
||||
);
|
||||
|
||||
@ -58,10 +58,10 @@ Java::
|
||||
[source,java,role="primary"]
|
||||
----
|
||||
http
|
||||
.authorizeHttpRequests(authorize -> authorize
|
||||
.authorizeHttpRequests((authorize) -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.oauth2ResourceServer((oauth2) -> oauth2
|
||||
.authenticationManagerResolver(this.tokenAuthenticationManagerResolver)
|
||||
);
|
||||
----
|
||||
@ -118,10 +118,10 @@ JwtIssuerAuthenticationManagerResolver authenticationManagerResolver = JwtIssuer
|
||||
.fromTrustedIssuers("https://idp.example.org/issuerOne", "https://idp.example.org/issuerTwo");
|
||||
|
||||
http
|
||||
.authorizeHttpRequests(authorize -> authorize
|
||||
.authorizeHttpRequests((authorize) -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.oauth2ResourceServer((oauth2) -> oauth2
|
||||
.authenticationManagerResolver(authenticationManagerResolver)
|
||||
);
|
||||
----
|
||||
@ -189,10 +189,10 @@ JwtIssuerAuthenticationManagerResolver authenticationManagerResolver =
|
||||
new JwtIssuerAuthenticationManagerResolver(authenticationManagers::get);
|
||||
|
||||
http
|
||||
.authorizeHttpRequests(authorize -> authorize
|
||||
.authorizeHttpRequests((authorize) -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.oauth2ResourceServer((oauth2) -> oauth2
|
||||
.authenticationManagerResolver(authenticationManagerResolver)
|
||||
);
|
||||
----
|
||||
@ -265,7 +265,7 @@ public class TenantJWSKeySelector
|
||||
|
||||
private JWSKeySelector<SecurityContext> fromTenant(String tenant) {
|
||||
return Optional.ofNullable(this.tenants.findById(tenant)) <3>
|
||||
.map(t -> t.getAttrbute("jwks_uri"))
|
||||
.map((t) -> t.getAttrbute("jwks_uri"))
|
||||
.map(this::fromUri)
|
||||
.orElseThrow(() -> new IllegalArgumentException("unknown tenant"));
|
||||
}
|
||||
|
||||
@ -201,10 +201,10 @@ Java::
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeHttpRequests(authorize -> authorize
|
||||
.authorizeHttpRequests((authorize) -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.oauth2ResourceServer((oauth2) -> oauth2
|
||||
.opaqueToken(Customizer.withDefaults())
|
||||
);
|
||||
return http.build();
|
||||
@ -249,12 +249,12 @@ public class MyCustomSecurityConfiguration {
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeHttpRequests(authorize -> authorize
|
||||
.authorizeHttpRequests((authorize) -> authorize
|
||||
.requestMatchers("/messages/**").access(hasScope("message:read"))
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.opaqueToken(opaqueToken -> opaqueToken
|
||||
.oauth2ResourceServer((oauth2) -> oauth2
|
||||
.opaqueToken((opaqueToken) -> opaqueToken
|
||||
.introspector(myIntrospector())
|
||||
)
|
||||
);
|
||||
@ -400,11 +400,11 @@ public class DirectlyConfiguredIntrospectionUri {
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeHttpRequests(authorize -> authorize
|
||||
.authorizeHttpRequests((authorize) -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.opaqueToken(opaqueToken -> opaqueToken
|
||||
.oauth2ResourceServer((oauth2) -> oauth2
|
||||
.opaqueToken((opaqueToken) -> opaqueToken
|
||||
.introspectionUri("https://idp.example.com/introspect")
|
||||
.introspectionClientCredentials("client", "secret")
|
||||
)
|
||||
@ -472,11 +472,11 @@ public class DirectlyConfiguredIntrospector {
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeHttpRequests(authorize -> authorize
|
||||
.authorizeHttpRequests((authorize) -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.opaqueToken(opaqueToken -> opaqueToken
|
||||
.oauth2ResourceServer((oauth2) -> oauth2
|
||||
.opaqueToken((opaqueToken) -> opaqueToken
|
||||
.introspector(myCustomIntrospector())
|
||||
)
|
||||
);
|
||||
@ -564,12 +564,12 @@ public class MappedAuthorities {
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeHttpRequests(authorizeRequests -> authorizeRequests
|
||||
.authorizeHttpRequests((authorizeRequests) -> authorizeRequests
|
||||
.requestMatchers("/contacts/**").access(hasScope("contacts"))
|
||||
.requestMatchers("/messages/**").access(hasScope("messages"))
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(oauth2 -> oauth2
|
||||
.oauth2ResourceServer((oauth2) -> oauth2
|
||||
.opaqueToken(Customizer.withDefaults())
|
||||
);
|
||||
return http.build();
|
||||
|
||||
@ -156,7 +156,7 @@ Java::
|
||||
----
|
||||
RelyingPartyRegistration relyingPartyRegistration = RelyingPartyRegistration.withRegistrationId("okta")
|
||||
// ...
|
||||
.assertingPartyMetadata(party -> party
|
||||
.assertingPartyMetadata((party) -> party
|
||||
// ...
|
||||
.wantAuthnRequestsSigned(false)
|
||||
)
|
||||
@ -239,7 +239,7 @@ Java::
|
||||
----
|
||||
RelyingPartyRegistration relyingPartyRegistration = RelyingPartyRegistration.withRegistrationId("okta")
|
||||
// ...
|
||||
.assertingPartyMetadata(party -> party
|
||||
.assertingPartyMetadata((party) -> party
|
||||
// ...
|
||||
.singleSignOnServiceBinding(Saml2MessageBinding.POST)
|
||||
)
|
||||
|
||||
@ -148,10 +148,10 @@ public class SecurityConfig {
|
||||
);
|
||||
|
||||
http
|
||||
.authorizeHttpRequests(authz -> authz
|
||||
.authorizeHttpRequests((authz) -> authz
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.saml2Login(saml2 -> saml2
|
||||
.saml2Login((saml2) -> saml2
|
||||
.authenticationManager(new ProviderManager(authenticationProvider))
|
||||
);
|
||||
return http.build();
|
||||
@ -211,10 +211,10 @@ public class SecurityConfig {
|
||||
.clockSkew(Duration.ofMinutes(10)).build();
|
||||
authenticationProvider.setAssertionValidator(assertionValidator);
|
||||
http
|
||||
.authorizeHttpRequests(authz -> authz
|
||||
.authorizeHttpRequests((authz) -> authz
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.saml2Login(saml2 -> saml2
|
||||
.saml2Login((saml2) -> saml2
|
||||
.authenticationManager(new ProviderManager(authenticationProvider))
|
||||
);
|
||||
return http.build();
|
||||
@ -409,10 +409,10 @@ public class SecurityConfig {
|
||||
});
|
||||
|
||||
http
|
||||
.authorizeHttpRequests(authz -> authz
|
||||
.authorizeHttpRequests((authz) -> authz
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.saml2Login(saml2 -> saml2
|
||||
.saml2Login((saml2) -> saml2
|
||||
.authenticationManager(new ProviderManager(authenticationProvider))
|
||||
);
|
||||
return http.build();
|
||||
@ -780,10 +780,10 @@ public class SecurityConfig {
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
AuthenticationManager authenticationManager = new MySaml2AuthenticationManager(...);
|
||||
http
|
||||
.authorizeHttpRequests(authorize -> authorize
|
||||
.authorizeHttpRequests((authorize) -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.saml2Login(saml2 -> saml2
|
||||
.saml2Login((saml2) -> saml2
|
||||
.authenticationManager(authenticationManager)
|
||||
)
|
||||
;
|
||||
|
||||
@ -342,7 +342,7 @@ Java::
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeHttpRequests(authorize -> authorize
|
||||
.authorizeHttpRequests((authorize) -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.saml2Login(withDefaults());
|
||||
@ -384,7 +384,7 @@ public class MyCustomSecurityConfiguration {
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeHttpRequests(authorize -> authorize
|
||||
.authorizeHttpRequests((authorize) -> authorize
|
||||
.requestMatchers("/messages/**").hasAuthority("ROLE_USER")
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
@ -486,11 +486,11 @@ public RelyingPartyRegistrationRepository relyingPartyRegistrations() throws Exc
|
||||
Saml2X509Credential credential = Saml2X509Credential.verification(certificate);
|
||||
RelyingPartyRegistration registration = RelyingPartyRegistration
|
||||
.withRegistrationId("example")
|
||||
.assertingPartyMetadata(party -> party
|
||||
.assertingPartyMetadata((party) -> party
|
||||
.entityId("https://idp.example.com/issuer")
|
||||
.singleSignOnServiceLocation("https://idp.example.com/SSO.saml2")
|
||||
.wantAuthnRequestsSigned(false)
|
||||
.verificationX509Credentials(c -> c.add(credential))
|
||||
.verificationX509Credentials((c) -> c.add(credential))
|
||||
)
|
||||
.build();
|
||||
return new InMemoryRelyingPartyRegistrationRepository(registration);
|
||||
@ -549,11 +549,11 @@ public class MyCustomSecurityConfiguration {
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeHttpRequests(authorize -> authorize
|
||||
.authorizeHttpRequests((authorize) -> authorize
|
||||
.requestMatchers("/messages/**").hasAuthority("ROLE_USER")
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.saml2Login(saml2 -> saml2
|
||||
.saml2Login((saml2) -> saml2
|
||||
.relyingPartyRegistrationRepository(relyingPartyRegistrations())
|
||||
);
|
||||
return http.build();
|
||||
@ -699,11 +699,11 @@ Java::
|
||||
----
|
||||
RelyingPartyRegistration relyingPartyRegistration = RelyingPartyRegistration.withRegistrationId("my-id")
|
||||
.entityId("{baseUrl}/{registrationId}")
|
||||
.decryptionX509Credentials(c -> c.add(relyingPartyDecryptingCredential()))
|
||||
.decryptionX509Credentials((c) -> c.add(relyingPartyDecryptingCredential()))
|
||||
.assertionConsumerServiceLocation("/my-login-endpoint/{registrationId}")
|
||||
.assertingPartyMetadata(party -> party
|
||||
.assertingPartyMetadata((party) -> party
|
||||
.entityId("https://ap.example.org")
|
||||
.verificationX509Credentials(c -> c.add(assertingPartyVerifyingCredential()))
|
||||
.verificationX509Credentials((c) -> c.add(assertingPartyVerifyingCredential()))
|
||||
.singleSignOnServiceLocation("https://ap.example.org/SSO.saml2")
|
||||
)
|
||||
.build();
|
||||
@ -913,7 +913,7 @@ private RelyingPartyRegistration.Builder
|
||||
addRelyingPartyDetails(RelyingPartyRegistration.Builder builder) {
|
||||
|
||||
Saml2X509Credential signingCredential = ...
|
||||
builder.signingX509Credentials(c -> c.addAll(signingCredential));
|
||||
builder.signingX509Credentials((c) -> c.addAll(signingCredential));
|
||||
// ... other relying party configurations
|
||||
}
|
||||
|
||||
|
||||
@ -228,7 +228,7 @@ Java::
|
||||
mvc
|
||||
.perform(get("/endpoint")
|
||||
.with(oidcLogin()
|
||||
.idToken(token -> token.claim("user_id", "1234"))
|
||||
.idToken((token) -> token.claim("user_id", "1234"))
|
||||
)
|
||||
);
|
||||
----
|
||||
@ -475,7 +475,7 @@ Java::
|
||||
mvc
|
||||
.perform(get("/endpoint")
|
||||
.with(oauth2Login()
|
||||
.attributes(attrs -> attrs.put("user_id", "1234"))
|
||||
.attributes((attrs) -> attrs.put("user_id", "1234"))
|
||||
)
|
||||
);
|
||||
----
|
||||
@ -875,7 +875,7 @@ Java::
|
||||
----
|
||||
mvc
|
||||
.perform(get("/endpoint")
|
||||
.with(jwt().jwt(jwt -> jwt.header("kid", "one").claim("iss", "https://idp.example.org"))));
|
||||
.with(jwt().jwt((jwt) -> jwt.header("kid", "one").claim("iss", "https://idp.example.org"))));
|
||||
----
|
||||
|
||||
Kotlin::
|
||||
@ -898,7 +898,7 @@ Java::
|
||||
----
|
||||
mvc
|
||||
.perform(get("/endpoint")
|
||||
.with(jwt().jwt(jwt -> jwt.claims(claims -> claims.remove("scope")))));
|
||||
.with(jwt().jwt((jwt) -> jwt.claims((claims) -> claims.remove("scope")))));
|
||||
----
|
||||
|
||||
Kotlin::
|
||||
@ -1219,7 +1219,7 @@ Java::
|
||||
mvc
|
||||
.perform(get("/endpoint")
|
||||
.with(opaqueToken()
|
||||
.attributes(attrs -> attrs.put("user_id", "1234"))
|
||||
.attributes((attrs) -> attrs.put("user_id", "1234"))
|
||||
)
|
||||
);
|
||||
----
|
||||
|
||||
@ -270,7 +270,7 @@ BodyExtractor<Mono<Map<String, Object>>, ReactiveHttpInputMessage> bodyExtractor
|
||||
BodyExtractors.toMono(new ParameterizedTypeReference<>() {});
|
||||
accessTokenResponseClient.setBodyExtractor((inputMessage, context) ->
|
||||
bodyExtractor.extract(inputMessage, context)
|
||||
.map(parameters -> OAuth2AccessTokenResponse.withToken("custom-token")
|
||||
.map((parameters) -> parameters.withToken("custom-token")
|
||||
// ...
|
||||
.build()
|
||||
)
|
||||
|
||||
@ -59,11 +59,11 @@ public class CustomX509Configuration {
|
||||
|
||||
// @formatter:off
|
||||
http
|
||||
.x509(x509 -> x509
|
||||
.x509((x509) -> x509
|
||||
.principalExtractor(principalExtractor)
|
||||
.authenticationManager(authenticationManager)
|
||||
)
|
||||
.authorizeExchange(exchanges -> exchanges
|
||||
.authorizeExchange((exchanges) -> exchanges
|
||||
.anyExchange().authenticated()
|
||||
);
|
||||
// @formatter:on
|
||||
|
||||
@ -44,7 +44,7 @@ public class DefaultX509Configuration {
|
||||
// @formatter:off
|
||||
http
|
||||
.x509(Customizer.withDefaults())
|
||||
.authorizeExchange(exchanges -> exchanges
|
||||
.authorizeExchange((exchanges) -> exchanges
|
||||
.anyExchange().authenticated()
|
||||
);
|
||||
// @formatter:on
|
||||
|
||||
@ -44,7 +44,7 @@ public class DefaultX509Configuration {
|
||||
// @formatter:off
|
||||
http
|
||||
.x509(Customizer.withDefaults())
|
||||
.authorizeHttpRequests(exchanges -> exchanges
|
||||
.authorizeHttpRequests((exchanges) -> exchanges
|
||||
.anyRequest().authenticated()
|
||||
);
|
||||
// @formatter:on
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user