Remove FilterSecurityInterceptor from WebSecurity
Closes gh-11325
This commit is contained in:
parent
508f7d7b8a
commit
f8971742f2
|
@ -95,8 +95,6 @@ public final class WebSecurity extends AbstractConfiguredSecurityBuilder<Filter,
|
||||||
|
|
||||||
private IgnoredRequestConfigurer ignoredRequestRegistry;
|
private IgnoredRequestConfigurer ignoredRequestRegistry;
|
||||||
|
|
||||||
private FilterSecurityInterceptor filterSecurityInterceptor;
|
|
||||||
|
|
||||||
private HttpFirewall httpFirewall;
|
private HttpFirewall httpFirewall;
|
||||||
|
|
||||||
private RequestRejectedHandler requestRejectedHandler;
|
private RequestRejectedHandler requestRejectedHandler;
|
||||||
|
@ -211,8 +209,8 @@ public final class WebSecurity extends AbstractConfiguredSecurityBuilder<Filter,
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Set the {@link WebInvocationPrivilegeEvaluator} to be used. If this is not
|
* Set the {@link WebInvocationPrivilegeEvaluator} to be used. If this is not
|
||||||
* specified, then a {@link DefaultWebInvocationPrivilegeEvaluator} will be created
|
* specified, then a {@link RequestMatcherDelegatingWebInvocationPrivilegeEvaluator}
|
||||||
* when {@link #securityInterceptor(FilterSecurityInterceptor)} is non null.
|
* will be created based on the list of {@link SecurityFilterChain}.
|
||||||
* @param privilegeEvaluator the {@link WebInvocationPrivilegeEvaluator} to use
|
* @param privilegeEvaluator the {@link WebInvocationPrivilegeEvaluator} to use
|
||||||
* @return the {@link WebSecurity} for further customizations
|
* @return the {@link WebSecurity} for further customizations
|
||||||
*/
|
*/
|
||||||
|
@ -246,25 +244,7 @@ public final class WebSecurity extends AbstractConfiguredSecurityBuilder<Filter,
|
||||||
* @return the {@link WebInvocationPrivilegeEvaluator} for further customizations
|
* @return the {@link WebInvocationPrivilegeEvaluator} for further customizations
|
||||||
*/
|
*/
|
||||||
public WebInvocationPrivilegeEvaluator getPrivilegeEvaluator() {
|
public WebInvocationPrivilegeEvaluator getPrivilegeEvaluator() {
|
||||||
if (this.privilegeEvaluator != null) {
|
return this.privilegeEvaluator;
|
||||||
return this.privilegeEvaluator;
|
|
||||||
}
|
|
||||||
return (this.filterSecurityInterceptor != null)
|
|
||||||
? new DefaultWebInvocationPrivilegeEvaluator(this.filterSecurityInterceptor) : null;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Sets the {@link FilterSecurityInterceptor}. This is typically invoked by
|
|
||||||
* {@link WebSecurityConfiguration#springSecurityFilterChain()}.
|
|
||||||
* @param securityInterceptor the {@link FilterSecurityInterceptor} to use
|
|
||||||
* @return the {@link WebSecurity} for further customizations
|
|
||||||
* @deprecated Use {@link #privilegeEvaluator(WebInvocationPrivilegeEvaluator)}
|
|
||||||
* instead
|
|
||||||
*/
|
|
||||||
@Deprecated
|
|
||||||
public WebSecurity securityInterceptor(FilterSecurityInterceptor securityInterceptor) {
|
|
||||||
this.filterSecurityInterceptor = securityInterceptor;
|
|
||||||
return this;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -47,7 +47,6 @@ import org.springframework.security.web.FilterChainProxy;
|
||||||
import org.springframework.security.web.FilterInvocation;
|
import org.springframework.security.web.FilterInvocation;
|
||||||
import org.springframework.security.web.SecurityFilterChain;
|
import org.springframework.security.web.SecurityFilterChain;
|
||||||
import org.springframework.security.web.access.WebInvocationPrivilegeEvaluator;
|
import org.springframework.security.web.access.WebInvocationPrivilegeEvaluator;
|
||||||
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
|
|
||||||
import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
|
import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
|
||||||
import org.springframework.util.Assert;
|
import org.springframework.util.Assert;
|
||||||
|
|
||||||
|
@ -112,12 +111,6 @@ public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAwa
|
||||||
}
|
}
|
||||||
for (SecurityFilterChain securityFilterChain : this.securityFilterChains) {
|
for (SecurityFilterChain securityFilterChain : this.securityFilterChains) {
|
||||||
this.webSecurity.addSecurityFilterChainBuilder(() -> securityFilterChain);
|
this.webSecurity.addSecurityFilterChainBuilder(() -> securityFilterChain);
|
||||||
for (Filter filter : securityFilterChain.getFilters()) {
|
|
||||||
if (filter instanceof FilterSecurityInterceptor) {
|
|
||||||
this.webSecurity.securityInterceptor((FilterSecurityInterceptor) filter);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
for (WebSecurityCustomizer customizer : this.webSecurityCustomizers) {
|
for (WebSecurityCustomizer customizer : this.webSecurityCustomizers) {
|
||||||
customizer.customize(this.webSecurity);
|
customizer.customize(this.webSecurity);
|
||||||
|
|
|
@ -61,7 +61,6 @@ import org.springframework.security.core.userdetails.UserDetailsService;
|
||||||
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
||||||
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
|
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
|
||||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||||
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
|
|
||||||
import org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter;
|
import org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter;
|
||||||
import org.springframework.util.Assert;
|
import org.springframework.util.Assert;
|
||||||
import org.springframework.util.ReflectionUtils;
|
import org.springframework.util.ReflectionUtils;
|
||||||
|
@ -317,10 +316,7 @@ public abstract class WebSecurityConfigurerAdapter implements WebSecurityConfigu
|
||||||
@Override
|
@Override
|
||||||
public void init(WebSecurity web) throws Exception {
|
public void init(WebSecurity web) throws Exception {
|
||||||
HttpSecurity http = getHttp();
|
HttpSecurity http = getHttp();
|
||||||
web.addSecurityFilterChainBuilder(http).postBuildAction(() -> {
|
web.addSecurityFilterChainBuilder(http);
|
||||||
FilterSecurityInterceptor securityInterceptor = http.getSharedObject(FilterSecurityInterceptor.class);
|
|
||||||
web.securityInterceptor(securityInterceptor);
|
|
||||||
});
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
Loading…
Reference in New Issue