From 6675f49334b6c27d55cae05203f233dc5b38551b Mon Sep 17 00:00:00 2001 From: Phillip Webb Date: Mon, 29 Jul 2019 11:28:51 +0100 Subject: [PATCH] Switch to multi-line security configuration Now that we have lambda style security configuration we can further improve readability by switching to one statement per line. See gh-17525 --- ...anagementWebSecurityAutoConfiguration.java | 18 ++++--- ...anagementWebSecurityConfigurerAdapter.java | 18 ++++--- ...mentWebSecurityAutoConfigurationTests.java | 16 +++--- ...stractEndpointRequestIntegrationTests.java | 17 ++++--- ...mentWebSecurityAutoConfigurationTests.java | 8 ++- .../OAuth2WebSecurityConfiguration.java | 5 +- ...eOAuth2ResourceServerJwkConfiguration.java | 9 +++- ...esourceServerOpaqueTokenConfiguration.java | 5 +- .../OAuth2ResourceServerJwtConfiguration.java | 6 ++- ...esourceServerOpaqueTokenConfiguration.java | 6 ++- ...2ResourceServerAutoConfigurationTests.java | 8 +-- .../asciidoc/production-ready-features.adoc | 9 ++-- ...tClientSpringBootTestIntegrationTests.java | 3 +- .../customsecurity/SecurityConfiguration.java | 49 ++++++++++++------- ...anagementPortSampleSecureWebFluxTests.java | 19 ++++--- ...ampleSecureWebFluxCustomSecurityTests.java | 19 ++++--- .../SampleMethodSecurityApplication.java | 24 ++++----- .../SampleWebSecureCustomApplication.java | 16 +++--- .../jdbc/SampleWebSecureJdbcApplication.java | 15 +++--- .../secure/SampleWebSecureApplication.java | 18 +++---- 20 files changed, 164 insertions(+), 124 deletions(-) diff --git a/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/reactive/ReactiveManagementWebSecurityAutoConfiguration.java b/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/reactive/ReactiveManagementWebSecurityAutoConfiguration.java index c2617e9c45..1907e983e7 100644 --- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/reactive/ReactiveManagementWebSecurityAutoConfiguration.java +++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/reactive/ReactiveManagementWebSecurityAutoConfiguration.java @@ -19,6 +19,7 @@ package org.springframework.boot.actuate.autoconfigure.security.reactive; import org.springframework.boot.actuate.autoconfigure.endpoint.web.WebEndpointAutoConfiguration; import org.springframework.boot.actuate.autoconfigure.health.HealthEndpointAutoConfiguration; import org.springframework.boot.actuate.autoconfigure.info.InfoEndpointAutoConfiguration; +import org.springframework.boot.actuate.autoconfigure.security.reactive.EndpointRequest.EndpointServerWebExchangeMatcher; import org.springframework.boot.actuate.health.HealthEndpoint; import org.springframework.boot.actuate.info.InfoEndpoint; import org.springframework.boot.autoconfigure.AutoConfigureAfter; @@ -56,16 +57,17 @@ import org.springframework.security.web.server.WebFilterChainProxy; ReactiveOAuth2ResourceServerAutoConfiguration.class }) public class ReactiveManagementWebSecurityAutoConfiguration { + private static final EndpointServerWebExchangeMatcher HEALTH_OR_INFO_ENDPOINT = EndpointRequest + .to(HealthEndpoint.class, InfoEndpoint.class); + @Bean public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception { - // @formatter:off - http.authorizeExchange((exchanges) -> - exchanges - .matchers(EndpointRequest.to(HealthEndpoint.class, InfoEndpoint.class)).permitAll() - .anyExchange().authenticated()) - .httpBasic(Customizer.withDefaults()) - .formLogin(Customizer.withDefaults()); - // @formatter:on + http.authorizeExchange((exchanges) -> { + exchanges.matchers(HEALTH_OR_INFO_ENDPOINT).permitAll(); + exchanges.anyExchange().authenticated(); + }); + http.httpBasic(Customizer.withDefaults()); + http.formLogin(Customizer.withDefaults()); return http.build(); } diff --git a/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityConfigurerAdapter.java b/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityConfigurerAdapter.java index c416e7e28e..4ccf4390a2 100644 --- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityConfigurerAdapter.java +++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityConfigurerAdapter.java @@ -16,6 +16,7 @@ package org.springframework.boot.actuate.autoconfigure.security.servlet; +import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest.EndpointRequestMatcher; import org.springframework.boot.actuate.health.HealthEndpoint; import org.springframework.boot.actuate.info.InfoEndpoint; import org.springframework.context.annotation.Configuration; @@ -38,16 +39,17 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur @Configuration(proxyBeanMethods = false) class ManagementWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter { + private static final EndpointRequestMatcher HEALTH_OR_INFO_ENDPOINT = EndpointRequest.to(HealthEndpoint.class, + InfoEndpoint.class); + @Override protected void configure(HttpSecurity http) throws Exception { - // @formatter:off - http.authorizeRequests((requests) -> - requests - .requestMatchers(EndpointRequest.to(HealthEndpoint.class, InfoEndpoint.class)).permitAll() - .anyRequest().authenticated()) - .formLogin(Customizer.withDefaults()) - .httpBasic(Customizer.withDefaults()); - // @formatter:on + http.authorizeRequests((requests) -> { + requests.requestMatchers(HEALTH_OR_INFO_ENDPOINT).permitAll(); + requests.anyRequest().authenticated(); + }); + http.formLogin(Customizer.withDefaults()); + http.httpBasic(Customizer.withDefaults()); } } diff --git a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/reactive/ReactiveManagementWebSecurityAutoConfigurationTests.java b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/reactive/ReactiveManagementWebSecurityAutoConfigurationTests.java index 61a798f62e..ff5f00f9ec 100644 --- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/reactive/ReactiveManagementWebSecurityAutoConfigurationTests.java +++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/reactive/ReactiveManagementWebSecurityAutoConfigurationTests.java @@ -165,10 +165,12 @@ class ReactiveManagementWebSecurityAutoConfigurationTests { @Bean SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception { - return http - .authorizeExchange( - (exchanges) -> exchanges.pathMatchers("/foo").permitAll().anyExchange().authenticated()) - .formLogin(Customizer.withDefaults()).build(); + http.authorizeExchange((exchanges) -> { + exchanges.pathMatchers("/foo").permitAll(); + exchanges.anyExchange().authenticated(); + }); + http.formLogin(Customizer.withDefaults()); + return http.build(); } } @@ -194,9 +196,9 @@ class ReactiveManagementWebSecurityAutoConfigurationTests { } private List getFilterChains(ServerHttpSecurity http) throws Exception { - return Collections - .singletonList(http.authorizeExchange((exchanges) -> exchanges.anyExchange().authenticated()) - .formLogin(Customizer.withDefaults()).build()); + http.authorizeExchange((exchanges) -> exchanges.anyExchange().authenticated()); + http.formLogin(Customizer.withDefaults()); + return Collections.singletonList(http.build()); } static class TestServerHttpSecurity extends ServerHttpSecurity implements ApplicationContextAware { diff --git a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/AbstractEndpointRequestIntegrationTests.java b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/AbstractEndpointRequestIntegrationTests.java index 5c16496d79..d44202f581 100644 --- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/AbstractEndpointRequestIntegrationTests.java +++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/AbstractEndpointRequestIntegrationTests.java @@ -165,17 +165,18 @@ abstract class AbstractEndpointRequestIntegrationTests { @Bean WebSecurityConfigurerAdapter webSecurityConfigurerAdapter() { return new WebSecurityConfigurerAdapter() { + @Override protected void configure(HttpSecurity http) throws Exception { - // @formatter:off - http.authorizeRequests((requests) -> requests - .requestMatchers(EndpointRequest.toLinks()).permitAll() - .requestMatchers(EndpointRequest.to(TestEndpoint1.class)).permitAll() - .requestMatchers(EndpointRequest.toAnyEndpoint()).authenticated().anyRequest() - .hasRole("ADMIN")) - .httpBasic(); - // @formatter:on + http.authorizeRequests((requests) -> { + requests.requestMatchers(EndpointRequest.toLinks()).permitAll(); + requests.requestMatchers(EndpointRequest.to(TestEndpoint1.class)).permitAll(); + requests.requestMatchers(EndpointRequest.toAnyEndpoint()).authenticated(); + requests.anyRequest().hasRole("ADMIN"); + }); + http.httpBasic(); } + }; } diff --git a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfigurationTests.java b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfigurationTests.java index f20f1c68de..375b6e3cf7 100644 --- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfigurationTests.java +++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfigurationTests.java @@ -127,8 +127,12 @@ class ManagementWebSecurityAutoConfigurationTests { @Override protected void configure(HttpSecurity http) throws Exception { - http.authorizeRequests((requests) -> requests.antMatchers("/foo").permitAll().anyRequest().authenticated()) - .formLogin(Customizer.withDefaults()).httpBasic(); + http.authorizeRequests((requests) -> { + requests.antMatchers("/foo").permitAll(); + requests.anyRequest().authenticated(); + }); + http.formLogin(Customizer.withDefaults()); + http.httpBasic(); } } diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/servlet/OAuth2WebSecurityConfiguration.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/servlet/OAuth2WebSecurityConfiguration.java index 5ef96011f7..41eda3bd4c 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/servlet/OAuth2WebSecurityConfiguration.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/servlet/OAuth2WebSecurityConfiguration.java @@ -57,8 +57,9 @@ class OAuth2WebSecurityConfiguration { @Override protected void configure(HttpSecurity http) throws Exception { - http.authorizeRequests((requests) -> requests.anyRequest().authenticated()) - .oauth2Login(Customizer.withDefaults()).oauth2Client(); + http.authorizeRequests((requests) -> requests.anyRequest().authenticated()); + http.oauth2Login(Customizer.withDefaults()); + http.oauth2Client(); } } diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/reactive/ReactiveOAuth2ResourceServerJwkConfiguration.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/reactive/ReactiveOAuth2ResourceServerJwkConfiguration.java index 04ad7e622b..4607d7e457 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/reactive/ReactiveOAuth2ResourceServerJwkConfiguration.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/reactive/ReactiveOAuth2ResourceServerJwkConfiguration.java @@ -30,6 +30,7 @@ import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Conditional; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.web.server.ServerHttpSecurity; +import org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec; import org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder; import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder; import org.springframework.security.oauth2.jwt.ReactiveJwtDecoders; @@ -91,11 +92,15 @@ class ReactiveOAuth2ResourceServerJwkConfiguration { @ConditionalOnBean(ReactiveJwtDecoder.class) SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http, ReactiveJwtDecoder jwtDecoder) throws Exception { - http.authorizeExchange((exchanges) -> exchanges.anyExchange().authenticated()) - .oauth2ResourceServer((server) -> server.jwt((jwt) -> jwt.jwtDecoder(jwtDecoder))); + http.authorizeExchange((exchanges) -> exchanges.anyExchange().authenticated()); + http.oauth2ResourceServer((server) -> customDecoder(server, jwtDecoder)); return http.build(); } + private void customDecoder(OAuth2ResourceServerSpec server, ReactiveJwtDecoder decoder) throws Exception { + server.jwt((jwt) -> jwt.jwtDecoder(decoder)); + } + } } diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/reactive/ReactiveOAuth2ResourceServerOpaqueTokenConfiguration.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/reactive/ReactiveOAuth2ResourceServerOpaqueTokenConfiguration.java index f52d03df27..b5a414e718 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/reactive/ReactiveOAuth2ResourceServerOpaqueTokenConfiguration.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/reactive/ReactiveOAuth2ResourceServerOpaqueTokenConfiguration.java @@ -23,6 +23,7 @@ import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2Res import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.web.server.ServerHttpSecurity; +import org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec; import org.springframework.security.oauth2.server.resource.introspection.NimbusReactiveOAuth2TokenIntrospectionClient; import org.springframework.security.oauth2.server.resource.introspection.ReactiveOAuth2TokenIntrospectionClient; import org.springframework.security.web.server.SecurityWebFilterChain; @@ -58,8 +59,8 @@ class ReactiveOAuth2ResourceServerOpaqueTokenConfiguration { @Bean @ConditionalOnBean(ReactiveOAuth2TokenIntrospectionClient.class) SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception { - http.authorizeExchange((exchanges) -> exchanges.anyExchange().authenticated()) - .oauth2ResourceServer(ServerHttpSecurity.OAuth2ResourceServerSpec::opaqueToken); + http.authorizeExchange((exchanges) -> exchanges.anyExchange().authenticated()); + http.oauth2ResourceServer(OAuth2ResourceServerSpec::opaqueToken); return http.build(); } diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerJwtConfiguration.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerJwtConfiguration.java index 48556c5bf4..c7ad97955f 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerJwtConfiguration.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerJwtConfiguration.java @@ -94,11 +94,13 @@ class OAuth2ResourceServerJwtConfiguration { @ConditionalOnBean(JwtDecoder.class) WebSecurityConfigurerAdapter jwtDecoderWebSecurityConfigurerAdapter() { return new WebSecurityConfigurerAdapter() { + @Override protected void configure(HttpSecurity http) throws Exception { - http.authorizeRequests((requests) -> requests.anyRequest().authenticated()) - .oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt); + http.authorizeRequests((requests) -> requests.anyRequest().authenticated()); + http.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt); } + }; } diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerOpaqueTokenConfiguration.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerOpaqueTokenConfiguration.java index 2e339b4932..f8694016a6 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerOpaqueTokenConfiguration.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerOpaqueTokenConfiguration.java @@ -59,11 +59,13 @@ class OAuth2ResourceServerOpaqueTokenConfiguration { @ConditionalOnBean(OAuth2TokenIntrospectionClient.class) WebSecurityConfigurerAdapter opaqueTokenWebSecurityConfigurerAdapter() { return new WebSecurityConfigurerAdapter() { + @Override protected void configure(HttpSecurity http) throws Exception { - http.authorizeRequests((requests) -> requests.anyRequest().authenticated()) - .oauth2ResourceServer(OAuth2ResourceServerConfigurer::opaqueToken); + http.authorizeRequests((requests) -> requests.anyRequest().authenticated()); + http.oauth2ResourceServer(OAuth2ResourceServerConfigurer::opaqueToken); } + }; } diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/reactive/ReactiveOAuth2ResourceServerAutoConfigurationTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/reactive/ReactiveOAuth2ResourceServerAutoConfigurationTests.java index 7e17bc4949..df8b13a82d 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/reactive/ReactiveOAuth2ResourceServerAutoConfigurationTests.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/reactive/ReactiveOAuth2ResourceServerAutoConfigurationTests.java @@ -376,9 +376,11 @@ class ReactiveOAuth2ResourceServerAutoConfigurationTests { @Bean SecurityWebFilterChain testSpringSecurityFilterChain(ServerHttpSecurity http) throws Exception { - http.authorizeExchange( - (exchanges) -> exchanges.pathMatchers("/message/**").hasRole("ADMIN").anyExchange().authenticated()) - .httpBasic(); + http.authorizeExchange((exchanges) -> { + exchanges.pathMatchers("/message/**").hasRole("ADMIN"); + exchanges.anyExchange().authenticated(); + }); + http.httpBasic(); return http.build(); } diff --git a/spring-boot-project/spring-boot-docs/src/main/asciidoc/production-ready-features.adoc b/spring-boot-project/spring-boot-docs/src/main/asciidoc/production-ready-features.adoc index 8eaed843e1..b8597eb19b 100644 --- a/spring-boot-project/spring-boot-docs/src/main/asciidoc/production-ready-features.adoc +++ b/spring-boot-project/spring-boot-docs/src/main/asciidoc/production-ready-features.adoc @@ -396,10 +396,9 @@ A typical Spring Security configuration might look something like the following @Override protected void configure(HttpSecurity http) throws Exception { - http.requestMatcher(EndpointRequest.toAnyEndpoint()) - .authorizeRequests((requests) -> - requests.anyRequest().hasRole("ENDPOINT_ADMIN")) - .httpBasic(); + http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests((requests) -> + requests.anyRequest().hasRole("ENDPOINT_ADMIN")); + http.httpBasic(); } } @@ -433,7 +432,7 @@ following example: @Override protected void configure(HttpSecurity http) throws Exception { http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests((requests) -> - .anyRequest().permitAll()); + requests.anyRequest().permitAll()); } } diff --git a/spring-boot-project/spring-boot-test-autoconfigure/src/test/java/org/springframework/boot/test/autoconfigure/web/reactive/webclient/WebTestClientSpringBootTestIntegrationTests.java b/spring-boot-project/spring-boot-test-autoconfigure/src/test/java/org/springframework/boot/test/autoconfigure/web/reactive/webclient/WebTestClientSpringBootTestIntegrationTests.java index e2c6ff6cf6..64a9009a1d 100644 --- a/spring-boot-project/spring-boot-test-autoconfigure/src/test/java/org/springframework/boot/test/autoconfigure/web/reactive/webclient/WebTestClientSpringBootTestIntegrationTests.java +++ b/spring-boot-project/spring-boot-test-autoconfigure/src/test/java/org/springframework/boot/test/autoconfigure/web/reactive/webclient/WebTestClientSpringBootTestIntegrationTests.java @@ -68,7 +68,8 @@ class WebTestClientSpringBootTestIntegrationTests { @Bean SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception { - return http.authorizeExchange((exchanges) -> exchanges.anyExchange().permitAll()).build(); + http.authorizeExchange((exchanges) -> exchanges.anyExchange().permitAll()); + return http.build(); } } diff --git a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-actuator-custom-security/src/main/java/smoketest/actuator/customsecurity/SecurityConfiguration.java b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-actuator-custom-security/src/main/java/smoketest/actuator/customsecurity/SecurityConfiguration.java index 39461aa505..21709bbc65 100644 --- a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-actuator-custom-security/src/main/java/smoketest/actuator/customsecurity/SecurityConfiguration.java +++ b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-actuator-custom-security/src/main/java/smoketest/actuator/customsecurity/SecurityConfiguration.java @@ -16,6 +16,9 @@ package smoketest.actuator.customsecurity; +import java.util.ArrayList; +import java.util.List; + import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest; import org.springframework.boot.actuate.web.mappings.MappingsEndpoint; import org.springframework.boot.autoconfigure.security.servlet.PathRequest; @@ -25,36 +28,44 @@ import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.User.UserBuilder; +import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.provisioning.InMemoryUserDetailsManager; @Configuration(proxyBeanMethods = false) public class SecurityConfiguration extends WebSecurityConfigurerAdapter { - @SuppressWarnings("deprecation") @Bean public InMemoryUserDetailsManager inMemoryUserDetailsManager() { - return new InMemoryUserDetailsManager( - User.withDefaultPasswordEncoder().username("user").password("password").authorities("ROLE_USER") - .build(), - User.withDefaultPasswordEncoder().username("beans").password("beans").authorities("ROLE_BEANS").build(), - User.withDefaultPasswordEncoder().username("admin").password("admin") - .authorities("ROLE_ACTUATOR", "ROLE_USER").build()); + List userDetails = new ArrayList<>(); + userDetails.add(createUserDetails("user", "password", "ROLE_USER")); + userDetails.add(createUserDetails("beans", "beans", "ROLE_BEANS")); + userDetails.add(createUserDetails("admin", "admin", "ROLE_ACTUATOR", "ROLE_USER")); + return new InMemoryUserDetailsManager(userDetails); + } + + @SuppressWarnings("deprecation") + private UserDetails createUserDetails(String username, String password, String... authorities) { + UserBuilder builder = User.withDefaultPasswordEncoder(); + builder.username(username); + builder.password(password); + builder.authorities(authorities); + return builder.build(); } @Override protected void configure(HttpSecurity http) throws Exception { - // @formatter:off - http.authorizeRequests((requests) -> - requests - .mvcMatchers("/actuator/beans").hasRole("BEANS") - .requestMatchers(EndpointRequest.to("health", "info")).permitAll() - .requestMatchers(EndpointRequest.toAnyEndpoint().excluding(MappingsEndpoint.class)).hasRole("ACTUATOR") - .requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll() - .antMatchers("/foo").permitAll() - .antMatchers("/**").hasRole("USER")) - .cors(Customizer.withDefaults()) - .httpBasic(); - // @formatter:on + http.authorizeRequests((requests) -> { + requests.mvcMatchers("/actuator/beans").hasRole("BEANS"); + requests.requestMatchers(EndpointRequest.to("health", "info")).permitAll(); + requests.requestMatchers(EndpointRequest.toAnyEndpoint().excluding(MappingsEndpoint.class)) + .hasRole("ACTUATOR"); + requests.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll(); + requests.antMatchers("/foo").permitAll(); + requests.antMatchers("/**").hasRole("USER"); + }); + http.cors(Customizer.withDefaults()); + http.httpBasic(); } } diff --git a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-secure-webflux/src/test/java/smoketest/secure/webflux/ManagementPortSampleSecureWebFluxTests.java b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-secure-webflux/src/test/java/smoketest/secure/webflux/ManagementPortSampleSecureWebFluxTests.java index a66476454c..87c37fa6c3 100644 --- a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-secure-webflux/src/test/java/smoketest/secure/webflux/ManagementPortSampleSecureWebFluxTests.java +++ b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-secure-webflux/src/test/java/smoketest/secure/webflux/ManagementPortSampleSecureWebFluxTests.java @@ -91,16 +91,15 @@ class ManagementPortSampleSecureWebFluxTests { @Bean SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception { - // @formatter:off - http.authorizeExchange((exchanges) -> - exchanges - .matchers(EndpointRequest.to("health", "info")).permitAll() - .matchers(EndpointRequest.toAnyEndpoint().excluding(MappingsEndpoint.class)).hasRole("ACTUATOR") - .matchers(PathRequest.toStaticResources().atCommonLocations()).permitAll() - .pathMatchers("/login").permitAll() - .anyExchange().authenticated()) - .httpBasic(); - // @formatter:on + http.authorizeExchange((exchanges) -> { + exchanges.matchers(EndpointRequest.to("health", "info")).permitAll(); + exchanges.matchers(EndpointRequest.toAnyEndpoint().excluding(MappingsEndpoint.class)) + .hasRole("ACTUATOR"); + exchanges.matchers(PathRequest.toStaticResources().atCommonLocations()).permitAll(); + exchanges.pathMatchers("/login").permitAll(); + exchanges.anyExchange().authenticated(); + }); + http.httpBasic(); return http.build(); } diff --git a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-secure-webflux/src/test/java/smoketest/secure/webflux/SampleSecureWebFluxCustomSecurityTests.java b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-secure-webflux/src/test/java/smoketest/secure/webflux/SampleSecureWebFluxCustomSecurityTests.java index 16de5894eb..6575c61ce8 100644 --- a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-secure-webflux/src/test/java/smoketest/secure/webflux/SampleSecureWebFluxCustomSecurityTests.java +++ b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-secure-webflux/src/test/java/smoketest/secure/webflux/SampleSecureWebFluxCustomSecurityTests.java @@ -116,16 +116,15 @@ class SampleSecureWebFluxCustomSecurityTests { @Bean SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception { - // @formatter:off - http.authorizeExchange((exchanges) -> - exchanges - .matchers(EndpointRequest.to("health", "info")).permitAll() - .matchers(EndpointRequest.toAnyEndpoint().excluding(MappingsEndpoint.class)).hasRole("ACTUATOR") - .matchers(PathRequest.toStaticResources().atCommonLocations()).permitAll() - .pathMatchers("/login").permitAll() - .anyExchange().authenticated()) - .httpBasic(Customizer.withDefaults()); - // @formatter:off + http.authorizeExchange((exchanges) -> { + exchanges.matchers(EndpointRequest.to("health", "info")).permitAll(); + exchanges.matchers(EndpointRequest.toAnyEndpoint().excluding(MappingsEndpoint.class)) + .hasRole("ACTUATOR"); + exchanges.matchers(PathRequest.toStaticResources().atCommonLocations()).permitAll(); + exchanges.pathMatchers("/login").permitAll(); + exchanges.anyExchange().authenticated(); + }); + http.httpBasic(Customizer.withDefaults()); return http.build(); } diff --git a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-method-security/src/main/java/smoketest/security/method/SampleMethodSecurityApplication.java b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-method-security/src/main/java/smoketest/security/method/SampleMethodSecurityApplication.java index 1047e5af38..3db484701d 100644 --- a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-method-security/src/main/java/smoketest/security/method/SampleMethodSecurityApplication.java +++ b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-method-security/src/main/java/smoketest/security/method/SampleMethodSecurityApplication.java @@ -72,15 +72,16 @@ public class SampleMethodSecurityApplication implements WebMvcConfigurer { @Override protected void configure(HttpSecurity http) throws Exception { - // @formatter:off - http.authorizeRequests((requests) -> - requests - .antMatchers("/login").permitAll() - .anyRequest().fullyAuthenticated()) - .formLogin((form) -> form.loginPage("/login").failureUrl("/login?error")) - .logout((logout) -> logout.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))) - .exceptionHandling((exceptions) -> exceptions.accessDeniedPage("/access?error")); - // @formatter:on + http.authorizeRequests((requests) -> { + requests.antMatchers("/login").permitAll(); + requests.anyRequest().fullyAuthenticated(); + }); + http.formLogin((form) -> { + form.loginPage("/login"); + form.failureUrl("/login?error"); + }); + http.logout((logout) -> logout.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))); + http.exceptionHandling((exceptions) -> exceptions.accessDeniedPage("/access?error")); } } @@ -91,8 +92,9 @@ public class SampleMethodSecurityApplication implements WebMvcConfigurer { @Override protected void configure(HttpSecurity http) throws Exception { - http.requestMatcher(EndpointRequest.toAnyEndpoint()) - .authorizeRequests((requests) -> requests.anyRequest().authenticated()).httpBasic(); + http.requestMatcher(EndpointRequest.toAnyEndpoint()); + http.authorizeRequests((requests) -> requests.anyRequest().authenticated()); + http.httpBasic(); } } diff --git a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure-custom/src/main/java/smoketest/web/secure/custom/SampleWebSecureCustomApplication.java b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure-custom/src/main/java/smoketest/web/secure/custom/SampleWebSecureCustomApplication.java index e331f1ca95..a14e9f7a16 100644 --- a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure-custom/src/main/java/smoketest/web/secure/custom/SampleWebSecureCustomApplication.java +++ b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure-custom/src/main/java/smoketest/web/secure/custom/SampleWebSecureCustomApplication.java @@ -62,13 +62,15 @@ public class SampleWebSecureCustomApplication implements WebMvcConfigurer { @Override protected void configure(HttpSecurity http) throws Exception { - // @formatter:off - http.authorizeRequests((requests) -> - requests - .antMatchers("/css/**").permitAll().anyRequest().fullyAuthenticated()) - .formLogin((form) -> form.loginPage("/login").failureUrl("/login?error").permitAll()) - .logout(LogoutConfigurer::permitAll); - // @formatter:on + http.authorizeRequests((requests) -> { + requests.antMatchers("/css/**").permitAll(); + requests.anyRequest().fullyAuthenticated(); + }); + http.formLogin((form) -> { + form.loginPage("/login"); + form.failureUrl("/login?error").permitAll(); + }); + http.logout(LogoutConfigurer::permitAll); } } diff --git a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure-jdbc/src/main/java/smoketest/web/secure/jdbc/SampleWebSecureJdbcApplication.java b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure-jdbc/src/main/java/smoketest/web/secure/jdbc/SampleWebSecureJdbcApplication.java index 0aecccfc5d..589f2cae39 100644 --- a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure-jdbc/src/main/java/smoketest/web/secure/jdbc/SampleWebSecureJdbcApplication.java +++ b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure-jdbc/src/main/java/smoketest/web/secure/jdbc/SampleWebSecureJdbcApplication.java @@ -66,12 +66,15 @@ public class SampleWebSecureJdbcApplication implements WebMvcConfigurer { @Override protected void configure(HttpSecurity http) throws Exception { - // @formatter:off - http.authorizeRequests( - (requests) -> requests.antMatchers("/css/**").permitAll().anyRequest().fullyAuthenticated()) - .formLogin((form) -> form.loginPage("/login").failureUrl("/login?error").permitAll()) - .logout(LogoutConfigurer::permitAll); - // @formatter:on + http.authorizeRequests((requests) -> { + requests.antMatchers("/css/**").permitAll(); + requests.anyRequest().fullyAuthenticated(); + }); + http.formLogin((form) -> { + form.loginPage("/login"); + form.failureUrl("/login?error").permitAll(); + }); + http.logout(LogoutConfigurer::permitAll); } @Bean diff --git a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/main/java/smoketest/web/secure/SampleWebSecureApplication.java b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/main/java/smoketest/web/secure/SampleWebSecureApplication.java index a8ce04c7ff..d66798fde9 100644 --- a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/main/java/smoketest/web/secure/SampleWebSecureApplication.java +++ b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/main/java/smoketest/web/secure/SampleWebSecureApplication.java @@ -63,15 +63,15 @@ public class SampleWebSecureApplication implements WebMvcConfigurer { @Override protected void configure(HttpSecurity http) throws Exception { - // @formatter:off - http.authorizeRequests((requests) -> - requests - .requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll() - .anyRequest().fullyAuthenticated()) - .formLogin((form) -> - form.loginPage("/login").failureUrl("/login?error").permitAll()) - .logout(LogoutConfigurer::permitAll); - // @formatter:on + http.authorizeRequests((requests) -> { + requests.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll(); + requests.anyRequest().fullyAuthenticated(); + }); + http.formLogin((form) -> { + form.loginPage("/login"); + form.failureUrl("/login?error").permitAll(); + }); + http.logout(LogoutConfigurer::permitAll); } }