Remove FilterSecurityInterceptor from WebSecurity
Closes gh-11325
This commit is contained in:
parent
508f7d7b8a
commit
f8971742f2
|
@ -95,8 +95,6 @@ public final class WebSecurity extends AbstractConfiguredSecurityBuilder<Filter,
|
|||
|
||||
private IgnoredRequestConfigurer ignoredRequestRegistry;
|
||||
|
||||
private FilterSecurityInterceptor filterSecurityInterceptor;
|
||||
|
||||
private HttpFirewall httpFirewall;
|
||||
|
||||
private RequestRejectedHandler requestRejectedHandler;
|
||||
|
@ -211,8 +209,8 @@ public final class WebSecurity extends AbstractConfiguredSecurityBuilder<Filter,
|
|||
|
||||
/**
|
||||
* Set the {@link WebInvocationPrivilegeEvaluator} to be used. If this is not
|
||||
* specified, then a {@link DefaultWebInvocationPrivilegeEvaluator} will be created
|
||||
* when {@link #securityInterceptor(FilterSecurityInterceptor)} is non null.
|
||||
* specified, then a {@link RequestMatcherDelegatingWebInvocationPrivilegeEvaluator}
|
||||
* will be created based on the list of {@link SecurityFilterChain}.
|
||||
* @param privilegeEvaluator the {@link WebInvocationPrivilegeEvaluator} to use
|
||||
* @return the {@link WebSecurity} for further customizations
|
||||
*/
|
||||
|
@ -246,25 +244,7 @@ public final class WebSecurity extends AbstractConfiguredSecurityBuilder<Filter,
|
|||
* @return the {@link WebInvocationPrivilegeEvaluator} for further customizations
|
||||
*/
|
||||
public WebInvocationPrivilegeEvaluator getPrivilegeEvaluator() {
|
||||
if (this.privilegeEvaluator != null) {
|
||||
return this.privilegeEvaluator;
|
||||
}
|
||||
return (this.filterSecurityInterceptor != null)
|
||||
? new DefaultWebInvocationPrivilegeEvaluator(this.filterSecurityInterceptor) : null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the {@link FilterSecurityInterceptor}. This is typically invoked by
|
||||
* {@link WebSecurityConfiguration#springSecurityFilterChain()}.
|
||||
* @param securityInterceptor the {@link FilterSecurityInterceptor} to use
|
||||
* @return the {@link WebSecurity} for further customizations
|
||||
* @deprecated Use {@link #privilegeEvaluator(WebInvocationPrivilegeEvaluator)}
|
||||
* instead
|
||||
*/
|
||||
@Deprecated
|
||||
public WebSecurity securityInterceptor(FilterSecurityInterceptor securityInterceptor) {
|
||||
this.filterSecurityInterceptor = securityInterceptor;
|
||||
return this;
|
||||
return this.privilegeEvaluator;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -47,7 +47,6 @@ import org.springframework.security.web.FilterChainProxy;
|
|||
import org.springframework.security.web.FilterInvocation;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.access.WebInvocationPrivilegeEvaluator;
|
||||
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
|
||||
import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
|
@ -112,12 +111,6 @@ public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAwa
|
|||
}
|
||||
for (SecurityFilterChain securityFilterChain : this.securityFilterChains) {
|
||||
this.webSecurity.addSecurityFilterChainBuilder(() -> securityFilterChain);
|
||||
for (Filter filter : securityFilterChain.getFilters()) {
|
||||
if (filter instanceof FilterSecurityInterceptor) {
|
||||
this.webSecurity.securityInterceptor((FilterSecurityInterceptor) filter);
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
for (WebSecurityCustomizer customizer : this.webSecurityCustomizers) {
|
||||
customizer.customize(this.webSecurity);
|
||||
|
|
|
@ -61,7 +61,6 @@ import org.springframework.security.core.userdetails.UserDetailsService;
|
|||
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
||||
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
|
||||
import org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.ReflectionUtils;
|
||||
|
@ -317,10 +316,7 @@ public abstract class WebSecurityConfigurerAdapter implements WebSecurityConfigu
|
|||
@Override
|
||||
public void init(WebSecurity web) throws Exception {
|
||||
HttpSecurity http = getHttp();
|
||||
web.addSecurityFilterChainBuilder(http).postBuildAction(() -> {
|
||||
FilterSecurityInterceptor securityInterceptor = http.getSharedObject(FilterSecurityInterceptor.class);
|
||||
web.securityInterceptor(securityInterceptor);
|
||||
});
|
||||
web.addSecurityFilterChainBuilder(http);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
Loading…
Reference in New Issue