mirror of
https://github.com/spring-projects/spring-boot.git
synced 2024-07-15 01:07:30 +08:00
Switch to lambda style security configuration
Closes gh-17525
This commit is contained in:
Madhura Bhave
parent
ed0f6e66ca
commit
39a7b9da38
@ -32,6 +32,7 @@ import org.springframework.boot.autoconfigure.security.oauth2.resource.reactive.
|
||||
import org.springframework.boot.autoconfigure.security.reactive.ReactiveSecurityAutoConfiguration;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
|
||||
import org.springframework.security.config.web.server.ServerHttpSecurity;
|
||||
import org.springframework.security.web.server.SecurityWebFilterChain;
|
||||
@ -56,9 +57,16 @@ import org.springframework.security.web.server.WebFilterChainProxy;
|
||||
public class ReactiveManagementWebSecurityAutoConfiguration {
|
||||
|
||||
@Bean
|
||||
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
return http.authorizeExchange().matchers(EndpointRequest.to(HealthEndpoint.class, InfoEndpoint.class))
|
||||
.permitAll().anyExchange().authenticated().and().httpBasic().and().formLogin().and().build();
|
||||
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception {
|
||||
// @formatter:off
|
||||
http.authorizeExchange((exchanges) ->
|
||||
exchanges
|
||||
.matchers(EndpointRequest.to(HealthEndpoint.class, InfoEndpoint.class)).permitAll()
|
||||
.anyExchange().authenticated())
|
||||
.httpBasic(Customizer.withDefaults())
|
||||
.formLogin(Customizer.withDefaults());
|
||||
// @formatter:on
|
||||
return http.build();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -19,6 +19,7 @@ package org.springframework.boot.actuate.autoconfigure.security.servlet;
|
||||
import org.springframework.boot.actuate.health.HealthEndpoint;
|
||||
import org.springframework.boot.actuate.info.InfoEndpoint;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
|
||||
@ -39,8 +40,14 @@ class ManagementWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapte
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests().requestMatchers(EndpointRequest.to(HealthEndpoint.class, InfoEndpoint.class))
|
||||
.permitAll().anyRequest().authenticated().and().formLogin().and().httpBasic();
|
||||
// @formatter:off
|
||||
http.authorizeRequests((requests) ->
|
||||
requests
|
||||
.requestMatchers(EndpointRequest.to(HealthEndpoint.class, InfoEndpoint.class)).permitAll()
|
||||
.anyRequest().authenticated())
|
||||
.formLogin(Customizer.withDefaults())
|
||||
.httpBasic(Customizer.withDefaults());
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -47,6 +47,7 @@ import org.springframework.http.server.reactive.ServerHttpResponse;
|
||||
import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
|
||||
import org.springframework.mock.http.server.reactive.MockServerHttpResponse;
|
||||
import org.springframework.security.authentication.ReactiveAuthenticationManager;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.web.server.ServerHttpSecurity;
|
||||
import org.springframework.security.web.server.SecurityWebFilterChain;
|
||||
import org.springframework.security.web.server.WebFilterChainProxy;
|
||||
@ -163,9 +164,11 @@ class ReactiveManagementWebSecurityAutoConfigurationTests {
|
||||
static class CustomSecurityConfiguration {
|
||||
|
||||
@Bean
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
return http.authorizeExchange().pathMatchers("/foo").permitAll().anyExchange().authenticated().and()
|
||||
.formLogin().and().build();
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception {
|
||||
return http
|
||||
.authorizeExchange(
|
||||
(exchanges) -> exchanges.pathMatchers("/foo").permitAll().anyExchange().authenticated())
|
||||
.formLogin(Customizer.withDefaults()).build();
|
||||
}
|
||||
|
||||
}
|
||||
@ -179,7 +182,7 @@ class ReactiveManagementWebSecurityAutoConfigurationTests {
|
||||
}
|
||||
|
||||
@Bean
|
||||
WebFilterChainProxy webFilterChainProxy(ServerHttpSecurity http) {
|
||||
WebFilterChainProxy webFilterChainProxy(ServerHttpSecurity http) throws Exception {
|
||||
return new WebFilterChainProxy(getFilterChains(http));
|
||||
}
|
||||
|
||||
@ -190,9 +193,10 @@ class ReactiveManagementWebSecurityAutoConfigurationTests {
|
||||
return httpSecurity;
|
||||
}
|
||||
|
||||
private List<SecurityWebFilterChain> getFilterChains(ServerHttpSecurity http) {
|
||||
return Collections.singletonList(
|
||||
http.authorizeExchange().anyExchange().authenticated().and().formLogin().and().build());
|
||||
private List<SecurityWebFilterChain> getFilterChains(ServerHttpSecurity http) throws Exception {
|
||||
return Collections
|
||||
.singletonList(http.authorizeExchange((exchanges) -> exchanges.anyExchange().authenticated())
|
||||
.formLogin(Customizer.withDefaults()).build());
|
||||
}
|
||||
|
||||
static class TestServerHttpSecurity extends ServerHttpSecurity implements ApplicationContextAware {
|
||||
|
||||
@ -167,10 +167,14 @@ abstract class AbstractEndpointRequestIntegrationTests {
|
||||
return new WebSecurityConfigurerAdapter() {
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests().requestMatchers(EndpointRequest.toLinks()).permitAll()
|
||||
// @formatter:off
|
||||
http.authorizeRequests((requests) -> requests
|
||||
.requestMatchers(EndpointRequest.toLinks()).permitAll()
|
||||
.requestMatchers(EndpointRequest.to(TestEndpoint1.class)).permitAll()
|
||||
.requestMatchers(EndpointRequest.toAnyEndpoint()).authenticated().anyRequest()
|
||||
.hasRole("ADMIN").and().httpBasic();
|
||||
.hasRole("ADMIN"))
|
||||
.httpBasic();
|
||||
// @formatter:on
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
@ -37,6 +37,7 @@ import org.springframework.mock.web.MockFilterChain;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.mock.web.MockServletContext;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.web.FilterChainProxy;
|
||||
@ -126,8 +127,8 @@ class ManagementWebSecurityAutoConfigurationTests {
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests().antMatchers("/foo").permitAll().anyRequest().authenticated().and().formLogin()
|
||||
.and().httpBasic();
|
||||
http.authorizeRequests((requests) -> requests.antMatchers("/foo").permitAll().anyRequest().authenticated())
|
||||
.formLogin(Customizer.withDefaults()).httpBasic();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -20,6 +20,7 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService;
|
||||
@ -56,7 +57,8 @@ class OAuth2WebSecurityConfiguration {
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests().anyRequest().authenticated().and().oauth2Login().and().oauth2Client();
|
||||
http.authorizeRequests((requests) -> requests.anyRequest().authenticated())
|
||||
.oauth2Login(Customizer.withDefaults()).oauth2Client();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -89,9 +89,10 @@ class ReactiveOAuth2ResourceServerJwkConfiguration {
|
||||
|
||||
@Bean
|
||||
@ConditionalOnBean(ReactiveJwtDecoder.class)
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http, ReactiveJwtDecoder jwtDecoder) {
|
||||
http.authorizeExchange().anyExchange().authenticated().and().oauth2ResourceServer().jwt()
|
||||
.jwtDecoder(jwtDecoder);
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http, ReactiveJwtDecoder jwtDecoder)
|
||||
throws Exception {
|
||||
http.authorizeExchange((exchanges) -> exchanges.anyExchange().authenticated())
|
||||
.oauth2ResourceServer((server) -> server.jwt((jwt) -> jwt.jwtDecoder(jwtDecoder)));
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
||||
@ -57,8 +57,9 @@ class ReactiveOAuth2ResourceServerOpaqueTokenConfiguration {
|
||||
|
||||
@Bean
|
||||
@ConditionalOnBean(ReactiveOAuth2TokenIntrospectionClient.class)
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http.authorizeExchange().anyExchange().authenticated().and().oauth2ResourceServer().opaqueToken();
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception {
|
||||
http.authorizeExchange((exchanges) -> exchanges.anyExchange().authenticated())
|
||||
.oauth2ResourceServer(ServerHttpSecurity.OAuth2ResourceServerSpec::opaqueToken);
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
||||
@ -31,6 +31,7 @@ import org.springframework.context.annotation.Conditional;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
|
||||
import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
|
||||
import org.springframework.security.oauth2.jwt.JwtDecoder;
|
||||
import org.springframework.security.oauth2.jwt.JwtDecoders;
|
||||
@ -95,7 +96,8 @@ class OAuth2ResourceServerJwtConfiguration {
|
||||
return new WebSecurityConfigurerAdapter() {
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests().anyRequest().authenticated().and().oauth2ResourceServer().jwt();
|
||||
http.authorizeRequests((requests) -> requests.anyRequest().authenticated())
|
||||
.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
@ -23,6 +23,7 @@ import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
|
||||
import org.springframework.security.oauth2.server.resource.introspection.NimbusOAuth2TokenIntrospectionClient;
|
||||
import org.springframework.security.oauth2.server.resource.introspection.OAuth2TokenIntrospectionClient;
|
||||
|
||||
@ -60,7 +61,8 @@ class OAuth2ResourceServerOpaqueTokenConfiguration {
|
||||
return new WebSecurityConfigurerAdapter() {
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests().anyRequest().authenticated().and().oauth2ResourceServer().opaqueToken();
|
||||
http.authorizeRequests((requests) -> requests.anyRequest().authenticated())
|
||||
.oauth2ResourceServer(OAuth2ResourceServerConfigurer::opaqueToken);
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
@ -375,8 +375,9 @@ class ReactiveOAuth2ResourceServerAutoConfigurationTests {
|
||||
static class SecurityWebFilterChainConfig {
|
||||
|
||||
@Bean
|
||||
SecurityWebFilterChain testSpringSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http.authorizeExchange().pathMatchers("/message/**").hasRole("ADMIN").anyExchange().authenticated().and()
|
||||
SecurityWebFilterChain testSpringSecurityFilterChain(ServerHttpSecurity http) throws Exception {
|
||||
http.authorizeExchange(
|
||||
(exchanges) -> exchanges.pathMatchers("/message/**").hasRole("ADMIN").anyExchange().authenticated())
|
||||
.httpBasic();
|
||||
return http.build();
|
||||
}
|
||||
|
||||
@ -396,9 +396,9 @@ A typical Spring Security configuration might look something like the following
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests()
|
||||
.anyRequest().hasRole("ENDPOINT_ADMIN")
|
||||
.and()
|
||||
http.requestMatcher(EndpointRequest.toAnyEndpoint())
|
||||
.authorizeRequests((requests) ->
|
||||
requests.anyRequest().hasRole("ENDPOINT_ADMIN"))
|
||||
.httpBasic();
|
||||
}
|
||||
|
||||
@ -432,8 +432,8 @@ following example:
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests()
|
||||
.anyRequest().permitAll();
|
||||
http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests((requests) ->
|
||||
.anyRequest().permitAll());
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -67,8 +67,8 @@ class WebTestClientSpringBootTestIntegrationTests {
|
||||
static class TestConfiguration {
|
||||
|
||||
@Bean
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
return http.authorizeExchange().anyExchange().permitAll().and().build();
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception {
|
||||
return http.authorizeExchange((exchanges) -> exchanges.anyExchange().permitAll()).build();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -21,6 +21,7 @@ import org.springframework.boot.actuate.web.mappings.MappingsEndpoint;
|
||||
import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
@ -43,16 +44,15 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
// @formatter:off
|
||||
http.authorizeRequests()
|
||||
.mvcMatchers("/actuator/beans").hasRole("BEANS")
|
||||
.requestMatchers(EndpointRequest.to("health", "info")).permitAll()
|
||||
.requestMatchers(EndpointRequest.toAnyEndpoint().excluding(MappingsEndpoint.class)).hasRole("ACTUATOR")
|
||||
.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
|
||||
.antMatchers("/foo").permitAll()
|
||||
.antMatchers("/**").hasRole("USER")
|
||||
.and()
|
||||
.cors()
|
||||
.and()
|
||||
http.authorizeRequests((requests) ->
|
||||
requests
|
||||
.mvcMatchers("/actuator/beans").hasRole("BEANS")
|
||||
.requestMatchers(EndpointRequest.to("health", "info")).permitAll()
|
||||
.requestMatchers(EndpointRequest.toAnyEndpoint().excluding(MappingsEndpoint.class)).hasRole("ACTUATOR")
|
||||
.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
|
||||
.antMatchers("/foo").permitAll()
|
||||
.antMatchers("/**").hasRole("USER"))
|
||||
.cors(Customizer.withDefaults())
|
||||
.httpBasic();
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
@ -90,11 +90,18 @@ class ManagementPortSampleSecureWebFluxTests {
|
||||
static class SecurityConfiguration {
|
||||
|
||||
@Bean
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
return http.authorizeExchange().matchers(EndpointRequest.to("health", "info")).permitAll()
|
||||
.matchers(EndpointRequest.toAnyEndpoint().excluding(MappingsEndpoint.class)).hasRole("ACTUATOR")
|
||||
.matchers(PathRequest.toStaticResources().atCommonLocations()).permitAll().pathMatchers("/login")
|
||||
.permitAll().anyExchange().authenticated().and().httpBasic().and().build();
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception {
|
||||
// @formatter:off
|
||||
http.authorizeExchange((exchanges) ->
|
||||
exchanges
|
||||
.matchers(EndpointRequest.to("health", "info")).permitAll()
|
||||
.matchers(EndpointRequest.toAnyEndpoint().excluding(MappingsEndpoint.class)).hasRole("ACTUATOR")
|
||||
.matchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
|
||||
.pathMatchers("/login").permitAll()
|
||||
.anyExchange().authenticated())
|
||||
.httpBasic();
|
||||
// @formatter:on
|
||||
return http.build();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -29,6 +29,7 @@ import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.web.server.ServerHttpSecurity;
|
||||
import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
@ -114,11 +115,18 @@ class SampleSecureWebFluxCustomSecurityTests {
|
||||
}
|
||||
|
||||
@Bean
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
return http.authorizeExchange().matchers(EndpointRequest.to("health", "info")).permitAll()
|
||||
.matchers(EndpointRequest.toAnyEndpoint().excluding(MappingsEndpoint.class)).hasRole("ACTUATOR")
|
||||
.matchers(PathRequest.toStaticResources().atCommonLocations()).permitAll().pathMatchers("/login")
|
||||
.permitAll().anyExchange().authenticated().and().httpBasic().and().build();
|
||||
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception {
|
||||
// @formatter:off
|
||||
http.authorizeExchange((exchanges) ->
|
||||
exchanges
|
||||
.matchers(EndpointRequest.to("health", "info")).permitAll()
|
||||
.matchers(EndpointRequest.toAnyEndpoint().excluding(MappingsEndpoint.class)).hasRole("ACTUATOR")
|
||||
.matchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
|
||||
.pathMatchers("/login").permitAll()
|
||||
.anyExchange().authenticated())
|
||||
.httpBasic(Customizer.withDefaults());
|
||||
// @formatter:off
|
||||
return http.build();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -73,15 +73,13 @@ public class SampleMethodSecurityApplication implements WebMvcConfigurer {
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
// @formatter:off
|
||||
http.authorizeRequests()
|
||||
.antMatchers("/login").permitAll()
|
||||
.anyRequest().fullyAuthenticated()
|
||||
.and()
|
||||
.formLogin().loginPage("/login").failureUrl("/login?error")
|
||||
.and()
|
||||
.logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
|
||||
.and()
|
||||
.exceptionHandling().accessDeniedPage("/access?error");
|
||||
http.authorizeRequests((requests) ->
|
||||
requests
|
||||
.antMatchers("/login").permitAll()
|
||||
.anyRequest().fullyAuthenticated())
|
||||
.formLogin((form) -> form.loginPage("/login").failureUrl("/login?error"))
|
||||
.logout((logout) -> logout.logoutRequestMatcher(new AntPathRequestMatcher("/logout")))
|
||||
.exceptionHandling((exceptions) -> exceptions.accessDeniedPage("/access?error"));
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
@ -93,12 +91,8 @@ public class SampleMethodSecurityApplication implements WebMvcConfigurer {
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
// @formatter:off
|
||||
http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests()
|
||||
.anyRequest().authenticated()
|
||||
.and()
|
||||
.httpBasic();
|
||||
// @formatter:on
|
||||
http.requestMatcher(EndpointRequest.toAnyEndpoint())
|
||||
.authorizeRequests((requests) -> requests.anyRequest().authenticated()).httpBasic();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -24,6 +24,7 @@ import org.springframework.boot.builder.SpringApplicationBuilder;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.configurers.LogoutConfigurer;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
@ -61,8 +62,13 @@ public class SampleWebSecureCustomApplication implements WebMvcConfigurer {
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests().antMatchers("/css/**").permitAll().anyRequest().fullyAuthenticated().and()
|
||||
.formLogin().loginPage("/login").failureUrl("/login?error").permitAll().and().logout().permitAll();
|
||||
// @formatter:off
|
||||
http.authorizeRequests((requests) ->
|
||||
requests
|
||||
.antMatchers("/css/**").permitAll().anyRequest().fullyAuthenticated())
|
||||
.formLogin((form) -> form.loginPage("/login").failureUrl("/login?error").permitAll())
|
||||
.logout(LogoutConfigurer::permitAll);
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -27,6 +27,7 @@ import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.configurers.LogoutConfigurer;
|
||||
import org.springframework.security.provisioning.JdbcUserDetailsManager;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
@ -65,8 +66,12 @@ public class SampleWebSecureJdbcApplication implements WebMvcConfigurer {
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http.authorizeRequests().antMatchers("/css/**").permitAll().anyRequest().fullyAuthenticated().and()
|
||||
.formLogin().loginPage("/login").failureUrl("/login?error").permitAll().and().logout().permitAll();
|
||||
// @formatter:off
|
||||
http.authorizeRequests(
|
||||
(requests) -> requests.antMatchers("/css/**").permitAll().anyRequest().fullyAuthenticated())
|
||||
.formLogin((form) -> form.loginPage("/login").failureUrl("/login?error").permitAll())
|
||||
.logout(LogoutConfigurer::permitAll);
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
@Bean
|
||||
|
||||
@ -25,6 +25,7 @@ import org.springframework.boot.builder.SpringApplicationBuilder;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.configurers.LogoutConfigurer;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
@ -63,13 +64,13 @@ public class SampleWebSecureApplication implements WebMvcConfigurer {
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
// @formatter:off
|
||||
http.authorizeRequests()
|
||||
.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
|
||||
.anyRequest().fullyAuthenticated()
|
||||
.and()
|
||||
.formLogin().loginPage("/login").failureUrl("/login?error").permitAll()
|
||||
.and()
|
||||
.logout().permitAll();
|
||||
http.authorizeRequests((requests) ->
|
||||
requests
|
||||
.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
|
||||
.anyRequest().fullyAuthenticated())
|
||||
.formLogin((form) ->
|
||||
form.loginPage("/login").failureUrl("/login?error").permitAll())
|
||||
.logout(LogoutConfigurer::permitAll);
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user