Spring/spring-boot
Spring/spring-boot
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-boot.git synced 2024-07-05 00:56:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fixes for Security snapshot changes

Browse Source
This commit is contained in:
Dave Syer 2013-07-01 15:25:53 +01:00
parent f3cb6d46ce
commit d9cc7575c3
5 changed files with 22 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
spring-bootstrap-actuator/pom.xml
View File

@ -50,6 +50,11 @@
<artifactId>spring-security-javaconfig</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-core</artifactId>

2
spring-bootstrap-actuator/src/main/java/org/springframework/bootstrap/actuate/autoconfigure/EndpointWebMvcChildContextConfiguration.java
View File

@ -30,7 +30,7 @@ import org.springframework.bootstrap.context.embedded.EmbeddedServletContainer;
import org.springframework.bootstrap.context.embedded.EmbeddedServletContainerCustomizer;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.web.servlet.DispatcherServlet;
import org.springframework.web.servlet.HandlerAdapter;
import org.springframework.web.servlet.HandlerMapping;

22
spring-bootstrap-actuator/src/main/java/org/springframework/bootstrap/actuate/autoconfigure/SecurityAutoConfiguration.java
View File

@ -37,12 +37,12 @@ import org.springframework.security.authentication.AuthenticationEventPublisher;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.DefaultAuthenticationEventPublisher;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.annotation.authentication.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.EnableWebSecurity;
import org.springframework.security.config.annotation.web.HttpConfiguration;
import org.springframework.security.config.annotation.web.WebSecurityBuilder;
import org.springframework.security.config.annotation.web.WebSecurityBuilder.IgnoredRequestRegistry;
import org.springframework.security.config.annotation.web.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity.IgnoredRequestConfigurer;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
@ -73,7 +73,7 @@ import org.springframework.security.web.authentication.www.BasicAuthenticationEn
* <code>security.basic.enabled: false</code></li>
* <li>Customize the user details: add an AuthenticationManager bean</li>
* <li>Add form login for user facing resources: add a
* {@link WebSecurityConfigurerAdapter} and use {@link HttpConfiguration#formLogin()}</li>
* {@link WebSecurityConfigurerAdapter} and use {@link HttpSecurity#formLogin()}</li>
* </ul>
*
* @author Dave Syer
@ -122,7 +122,7 @@ public class SecurityAutoConfiguration {
private ErrorController errorController;
@Override
protected void configure(HttpConfiguration http) throws Exception {
protected void configure(HttpSecurity http) throws Exception {
if (this.security.isRequireSsl()) {
http.requiresChannel().anyRequest().requiresSecure();
@ -152,7 +152,7 @@ public class SecurityAutoConfiguration {
list.add(path);
}
}
// FIXME makes more sense to secure enpoints with a different role
// FIXME makes more sense to secure endpoints with a different role
list.addAll(Arrays.asList(getEndpointPaths(true)));
return list.toArray(new String[list.size()]);
}
@ -164,8 +164,8 @@ public class SecurityAutoConfiguration {
}
@Override
public void configure(WebSecurityBuilder builder) throws Exception {
IgnoredRequestRegistry ignoring = builder.ignoring();
public void configure(WebSecurity builder) throws Exception {
IgnoredRequestConfigurer ignoring = builder.ignoring();
ignoring.antMatchers(this.security.getIgnored());
ignoring.antMatchers(getEndpointPaths(false));
if (this.errorController != null) {

2
spring-bootstrap-actuator/src/main/java/org/springframework/bootstrap/actuate/properties/SecurityProperties.java
View File

@ -17,7 +17,7 @@
package org.springframework.bootstrap.actuate.properties;
import org.springframework.bootstrap.context.annotation.ConfigurationProperties;
import org.springframework.security.config.annotation.web.SessionCreationPolicy;
import org.springframework.security.config.annotation.web.configurers.SessionCreationPolicy;
/**
* Properties for the security aspects of an application.

4
spring-bootstrap-samples/spring-bootstrap-actuator-ui-sample/pom.xml
View File

@ -48,6 +48,10 @@
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-javaconfig</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
</dependency>
</dependencies>
<build>
<plugins>