mirror of
https://github.com/spring-projects/spring-boot.git
synced 2024-07-15 01:07:30 +08:00
Align default security filter dispatcher types with Spring Security
Fixes gh-33090
This commit is contained in:
parent
d34ccb3880
commit
f4cf722c27
@ -83,8 +83,8 @@ public class SecurityProperties {
|
|||||||
/**
|
/**
|
||||||
* Security filter chain dispatcher types.
|
* Security filter chain dispatcher types.
|
||||||
*/
|
*/
|
||||||
private Set<DispatcherType> dispatcherTypes = new HashSet<>(
|
private Set<DispatcherType> dispatcherTypes = new HashSet<>(Arrays.asList(DispatcherType.ASYNC,
|
||||||
Arrays.asList(DispatcherType.ASYNC, DispatcherType.ERROR, DispatcherType.REQUEST));
|
DispatcherType.ERROR, DispatcherType.REQUEST, DispatcherType.FORWARD, DispatcherType.INCLUDE));
|
||||||
|
|
||||||
public int getOrder() {
|
public int getOrder() {
|
||||||
return this.order;
|
return this.order;
|
||||||
|
@ -161,7 +161,8 @@ class SecurityAutoConfigurationTests {
|
|||||||
DelegatingFilterProxyRegistrationBean.class);
|
DelegatingFilterProxyRegistrationBean.class);
|
||||||
assertThat(bean)
|
assertThat(bean)
|
||||||
.extracting("dispatcherTypes", InstanceOfAssertFactories.iterable(DispatcherType.class))
|
.extracting("dispatcherTypes", InstanceOfAssertFactories.iterable(DispatcherType.class))
|
||||||
.containsOnly(DispatcherType.ASYNC, DispatcherType.ERROR, DispatcherType.REQUEST);
|
.containsOnly(DispatcherType.ASYNC, DispatcherType.ERROR, DispatcherType.REQUEST,
|
||||||
|
DispatcherType.INCLUDE, DispatcherType.FORWARD);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -16,6 +16,8 @@
|
|||||||
|
|
||||||
package smoketest.security.method;
|
package smoketest.security.method;
|
||||||
|
|
||||||
|
import jakarta.servlet.DispatcherType;
|
||||||
|
|
||||||
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
|
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
|
||||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||||
import org.springframework.boot.builder.SpringApplicationBuilder;
|
import org.springframework.boot.builder.SpringApplicationBuilder;
|
||||||
@ -71,7 +73,10 @@ public class SampleMethodSecurityApplication implements WebMvcConfigurer {
|
|||||||
@Bean
|
@Bean
|
||||||
SecurityFilterChain configure(HttpSecurity http) throws Exception {
|
SecurityFilterChain configure(HttpSecurity http) throws Exception {
|
||||||
http.csrf().disable();
|
http.csrf().disable();
|
||||||
http.authorizeHttpRequests((requests) -> requests.anyRequest().fullyAuthenticated());
|
http.authorizeHttpRequests((requests) -> {
|
||||||
|
requests.dispatcherTypeMatchers(DispatcherType.FORWARD).permitAll();
|
||||||
|
requests.anyRequest().fullyAuthenticated();
|
||||||
|
});
|
||||||
http.httpBasic();
|
http.httpBasic();
|
||||||
http.formLogin((form) -> form.loginPage("/login").permitAll());
|
http.formLogin((form) -> form.loginPage("/login").permitAll());
|
||||||
http.exceptionHandling((exceptions) -> exceptions.accessDeniedPage("/access"));
|
http.exceptionHandling((exceptions) -> exceptions.accessDeniedPage("/access"));
|
||||||
|
@ -16,6 +16,8 @@
|
|||||||
|
|
||||||
package smoketest.web.secure.custom;
|
package smoketest.web.secure.custom;
|
||||||
|
|
||||||
|
import jakarta.servlet.DispatcherType;
|
||||||
|
|
||||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||||
import org.springframework.boot.builder.SpringApplicationBuilder;
|
import org.springframework.boot.builder.SpringApplicationBuilder;
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
@ -44,7 +46,10 @@ public class SampleWebSecureCustomApplication implements WebMvcConfigurer {
|
|||||||
@Bean
|
@Bean
|
||||||
SecurityFilterChain configure(HttpSecurity http) throws Exception {
|
SecurityFilterChain configure(HttpSecurity http) throws Exception {
|
||||||
http.csrf().disable();
|
http.csrf().disable();
|
||||||
http.authorizeHttpRequests((requests) -> requests.anyRequest().fullyAuthenticated());
|
http.authorizeHttpRequests((requests) -> {
|
||||||
|
requests.dispatcherTypeMatchers(DispatcherType.FORWARD).permitAll();
|
||||||
|
requests.anyRequest().fullyAuthenticated();
|
||||||
|
});
|
||||||
http.formLogin((form) -> form.loginPage("/login").permitAll());
|
http.formLogin((form) -> form.loginPage("/login").permitAll());
|
||||||
return http.build();
|
return http.build();
|
||||||
}
|
}
|
||||||
|
@ -18,6 +18,8 @@ package smoketest.web.secure.jdbc;
|
|||||||
|
|
||||||
import javax.sql.DataSource;
|
import javax.sql.DataSource;
|
||||||
|
|
||||||
|
import jakarta.servlet.DispatcherType;
|
||||||
|
|
||||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||||
import org.springframework.boot.builder.SpringApplicationBuilder;
|
import org.springframework.boot.builder.SpringApplicationBuilder;
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
@ -47,7 +49,10 @@ public class SampleWebSecureJdbcApplication implements WebMvcConfigurer {
|
|||||||
@Bean
|
@Bean
|
||||||
SecurityFilterChain configure(HttpSecurity http) throws Exception {
|
SecurityFilterChain configure(HttpSecurity http) throws Exception {
|
||||||
http.csrf().disable();
|
http.csrf().disable();
|
||||||
http.authorizeHttpRequests((requests) -> requests.anyRequest().fullyAuthenticated());
|
http.authorizeHttpRequests((requests) -> {
|
||||||
|
requests.dispatcherTypeMatchers(DispatcherType.FORWARD).permitAll();
|
||||||
|
requests.anyRequest().fullyAuthenticated();
|
||||||
|
});
|
||||||
http.formLogin((form) -> form.loginPage("/login").permitAll());
|
http.formLogin((form) -> form.loginPage("/login").permitAll());
|
||||||
return http.build();
|
return http.build();
|
||||||
}
|
}
|
||||||
|
@ -18,6 +18,7 @@ package smoketest.web.secure;
|
|||||||
|
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
|
|
||||||
|
import jakarta.servlet.DispatcherType;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
|
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
@ -97,6 +98,7 @@ class SampleWebSecureApplicationTests {
|
|||||||
http.csrf().disable();
|
http.csrf().disable();
|
||||||
http.authorizeHttpRequests((requests) -> {
|
http.authorizeHttpRequests((requests) -> {
|
||||||
requests.requestMatchers("/public/**").permitAll();
|
requests.requestMatchers("/public/**").permitAll();
|
||||||
|
requests.dispatcherTypeMatchers(DispatcherType.FORWARD).permitAll();
|
||||||
requests.anyRequest().fullyAuthenticated();
|
requests.anyRequest().fullyAuthenticated();
|
||||||
});
|
});
|
||||||
http.httpBasic();
|
http.httpBasic();
|
||||||
|
Loading…
Reference in New Issue
Block a user