mirror of
https://github.com/spring-projects/spring-boot.git
synced 2024-07-15 01:07:30 +08:00
Merge branch '2.7.x' into main
This commit is contained in:
Scott Frederick
commit
cb69d01e04
@ -44,7 +44,6 @@ import org.springframework.boot.web.servlet.context.AnnotationConfigServletWebSe
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.test.web.reactive.server.WebTestClient;
|
||||
|
||||
/**
|
||||
@ -172,8 +171,9 @@ abstract class AbstractEndpointRequestIntegrationTests {
|
||||
static class SecurityConfiguration {
|
||||
|
||||
@Bean
|
||||
WebSecurityConfigurerAdapter webSecurityConfigurerAdapter() {
|
||||
return new WebSecurityConfigurerAdapter() {
|
||||
@SuppressWarnings("deprecation")
|
||||
org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter webSecurityConfigurerAdapter() {
|
||||
return new org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter() {
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
|
||||
@ -47,7 +47,6 @@ import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.mock.web.MockServletContext;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.web.FilterChainProxy;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
||||
@ -174,7 +173,9 @@ class ManagementWebSecurityAutoConfigurationTests {
|
||||
}
|
||||
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
static class CustomSecurityConfiguration extends WebSecurityConfigurerAdapter {
|
||||
@SuppressWarnings("deprecation")
|
||||
static class CustomSecurityConfiguration
|
||||
extends org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
|
||||
@ -21,7 +21,6 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
|
||||
import org.springframework.context.annotation.Condition;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
/**
|
||||
@ -41,7 +40,10 @@ class DefaultWebSecurityCondition extends AllNestedConditions {
|
||||
|
||||
}
|
||||
|
||||
@ConditionalOnMissingBean({ WebSecurityConfigurerAdapter.class, SecurityFilterChain.class })
|
||||
@ConditionalOnMissingBean({
|
||||
org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.class,
|
||||
SecurityFilterChain.class })
|
||||
@SuppressWarnings("deprecation")
|
||||
static class Beans {
|
||||
|
||||
}
|
||||
|
||||
@ -23,7 +23,6 @@ import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
||||
@ -32,13 +31,15 @@ import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepo
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
/**
|
||||
* {@link WebSecurityConfigurerAdapter} to add OAuth client support.
|
||||
* {@link org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter}
|
||||
* to add OAuth client support.
|
||||
*
|
||||
* @author Madhura Bhave
|
||||
* @author Phillip Webb
|
||||
*/
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
@ConditionalOnBean(ClientRegistrationRepository.class)
|
||||
@SuppressWarnings("deprecation")
|
||||
class OAuth2WebSecurityConfiguration {
|
||||
|
||||
@Bean
|
||||
|
||||
@ -32,7 +32,6 @@ import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Conditional;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
|
||||
import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
|
||||
import org.springframework.security.oauth2.jwt.JwtDecoder;
|
||||
@ -44,7 +43,8 @@ import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
/**
|
||||
* Configures a {@link JwtDecoder} when a JWK Set URI, OpenID Connect Issuer URI or Public
|
||||
* Key configuration is available. Also configures a {@link WebSecurityConfigurerAdapter}
|
||||
* Key configuration is available. Also configures a
|
||||
* {@link org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter}
|
||||
* if a {@link JwtDecoder} bean is found.
|
||||
*
|
||||
* @author Madhura Bhave
|
||||
@ -52,6 +52,7 @@ import org.springframework.security.web.SecurityFilterChain;
|
||||
* @author HaiTao Zhang
|
||||
*/
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
@SuppressWarnings("deprecation")
|
||||
class OAuth2ResourceServerJwtConfiguration {
|
||||
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
|
||||
@ -24,7 +24,6 @@ import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2Res
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
|
||||
import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
|
||||
import org.springframework.security.oauth2.server.resource.introspection.SpringOpaqueTokenIntrospector;
|
||||
@ -32,12 +31,14 @@ import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
/**
|
||||
* Configures a {@link OpaqueTokenIntrospector} when a token introspection endpoint is
|
||||
* available. Also configures a {@link WebSecurityConfigurerAdapter} if a
|
||||
* {@link OpaqueTokenIntrospector} bean is found.
|
||||
* available. Also configures a
|
||||
* {@link org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter}
|
||||
* if a {@link OpaqueTokenIntrospector} bean is found.
|
||||
*
|
||||
* @author Madhura Bhave
|
||||
*/
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
@SuppressWarnings("deprecation")
|
||||
class OAuth2ResourceServerOpaqueTokenConfiguration {
|
||||
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
|
||||
@ -21,19 +21,19 @@ import org.springframework.boot.autoconfigure.security.ConditionalOnDefaultWebSe
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
/**
|
||||
* {@link WebSecurityConfigurerAdapter} configuration for Spring Security's relying party
|
||||
* SAML support.
|
||||
* {@link org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter}
|
||||
* configuration for Spring Security's relying party SAML support.
|
||||
*
|
||||
* @author Madhura Bhave
|
||||
*/
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
@ConditionalOnDefaultWebSecurity
|
||||
@ConditionalOnBean(RelyingPartyRegistrationRepository.class)
|
||||
@SuppressWarnings("deprecation")
|
||||
class Saml2LoginConfiguration {
|
||||
|
||||
@Bean
|
||||
|
||||
@ -24,14 +24,14 @@ import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.core.annotation.Order;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
/**
|
||||
* The default configuration for web security. It relies on Spring Security's
|
||||
* content-negotiation strategy to determine what sort of authentication to use. If the
|
||||
* user specifies their own {@link WebSecurityConfigurerAdapter} or
|
||||
* {@link SecurityFilterChain} bean, this will back-off completely and the users should
|
||||
* user specifies their own
|
||||
* {@link org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter}
|
||||
* or {@link SecurityFilterChain} bean, this will back-off completely and the users should
|
||||
* specify all the bits that they want to configure as part of the custom security
|
||||
* configuration.
|
||||
*
|
||||
@ -40,6 +40,7 @@ import org.springframework.security.web.SecurityFilterChain;
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
@ConditionalOnDefaultWebSecurity
|
||||
@ConditionalOnWebApplication(type = Type.SERVLET)
|
||||
@SuppressWarnings("deprecation")
|
||||
class SpringBootWebSecurityConfiguration {
|
||||
|
||||
@Bean
|
||||
|
||||
@ -33,7 +33,6 @@ import org.springframework.context.annotation.Import;
|
||||
import org.springframework.security.config.BeanIds;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
@ -230,7 +229,9 @@ class OAuth2WebSecurityConfigurationTests {
|
||||
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
@Import(ClientRegistrationRepositoryConfiguration.class)
|
||||
static class TestWebSecurityConfigurerConfig extends WebSecurityConfigurerAdapter {
|
||||
@SuppressWarnings("deprecation")
|
||||
static class TestWebSecurityConfigurerConfig
|
||||
extends org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter {
|
||||
|
||||
}
|
||||
|
||||
|
||||
@ -38,7 +38,6 @@ import org.springframework.core.io.Resource;
|
||||
import org.springframework.security.config.BeanIds;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
|
||||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
|
||||
import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
|
||||
@ -281,8 +280,9 @@ class Saml2RelyingPartyAutoConfigurationTests {
|
||||
static class WebSecurityConfigurerAdapterConfiguration {
|
||||
|
||||
@Bean
|
||||
WebSecurityConfigurerAdapter webSecurityConfigurerAdapter() {
|
||||
return new WebSecurityConfigurerAdapter() {
|
||||
@SuppressWarnings("deprecation")
|
||||
org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter webSecurityConfigurerAdapter() {
|
||||
return new org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter() {
|
||||
|
||||
};
|
||||
}
|
||||
|
||||
@ -50,7 +50,6 @@ import org.springframework.security.authentication.DefaultAuthenticationEventPub
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.data.repository.query.SecurityEvaluationContextExtension;
|
||||
@ -102,9 +101,12 @@ class SecurityAutoConfigurationTests {
|
||||
}
|
||||
|
||||
@Test
|
||||
@SuppressWarnings("deprecation")
|
||||
void securityConfigurerBacksOffWhenOtherWebSecurityAdapterBeanPresent() {
|
||||
this.contextRunner.withUserConfiguration(WebSecurity.class).run((context) -> {
|
||||
assertThat(context.getBeansOfType(WebSecurityConfigurerAdapter.class).size()).isEqualTo(1);
|
||||
assertThat(context.getBeansOfType(
|
||||
org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.class)
|
||||
.size()).isEqualTo(1);
|
||||
assertThat(context.containsBean("securityAutoConfigurationTests.WebSecurity")).isTrue();
|
||||
});
|
||||
}
|
||||
@ -285,7 +287,9 @@ class SecurityAutoConfigurationTests {
|
||||
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
@EnableWebSecurity
|
||||
static class WebSecurity extends WebSecurityConfigurerAdapter {
|
||||
@SuppressWarnings("deprecation")
|
||||
static class WebSecurity
|
||||
extends org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter {
|
||||
|
||||
}
|
||||
|
||||
|
||||
@ -38,7 +38,6 @@ import org.springframework.security.authentication.TestingAuthenticationProvider
|
||||
import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
@ -270,8 +269,9 @@ class UserDetailsServiceAutoConfigurationTests {
|
||||
static class TestConfigWithAuthenticationManagerBuilder {
|
||||
|
||||
@Bean
|
||||
WebSecurityConfigurerAdapter webSecurityConfigurerAdapter() {
|
||||
return new WebSecurityConfigurerAdapter() {
|
||||
@SuppressWarnings("deprecation")
|
||||
org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter webSecurityConfigurerAdapter() {
|
||||
return new org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter() {
|
||||
@Override
|
||||
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
||||
auth.inMemoryAuthentication().withUser("hero").password("{noop}hero").roles("HERO", "USER").and()
|
||||
|
||||
@ -24,7 +24,6 @@ import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.core.annotation.Order;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
||||
|
||||
@ -48,7 +47,8 @@ class RemoteDevtoolsSecurityConfiguration {
|
||||
|
||||
@Bean
|
||||
@Order(SecurityProperties.BASIC_AUTH_ORDER - 1)
|
||||
@ConditionalOnMissingBean(WebSecurityConfigurerAdapter.class)
|
||||
@ConditionalOnMissingBean(org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.class)
|
||||
@SuppressWarnings("deprecation")
|
||||
SecurityFilterChain devtoolsSecurityFilterChain(HttpSecurity http) throws Exception {
|
||||
http.requestMatcher(new AntPathRequestMatcher(this.url)).authorizeRequests().anyRequest().anonymous().and()
|
||||
.csrf().disable();
|
||||
|
||||
@ -45,7 +45,6 @@ import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.mock.web.MockServletContext;
|
||||
import org.springframework.security.config.BeanIds;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
||||
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
|
||||
@ -272,7 +271,9 @@ class RemoteDevToolsAutoConfigurationTests {
|
||||
}
|
||||
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
static class TestWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
|
||||
@SuppressWarnings("deprecation")
|
||||
static class TestWebSecurityConfigurerAdapter
|
||||
extends org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
|
||||
@ -29,7 +29,6 @@ import org.springframework.core.type.classreading.MetadataReader;
|
||||
import org.springframework.core.type.classreading.MetadataReaderFactory;
|
||||
import org.springframework.core.type.classreading.SimpleMetadataReaderFactory;
|
||||
import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.stereotype.Repository;
|
||||
@ -205,7 +204,9 @@ class WebMvcTypeExcludeFilterTests {
|
||||
|
||||
}
|
||||
|
||||
static class ExampleWebSecurityConfigurer extends WebSecurityConfigurerAdapter {
|
||||
@SuppressWarnings("deprecation")
|
||||
static class ExampleWebSecurityConfigurer
|
||||
extends org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter {
|
||||
|
||||
}
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user