Switch to multi-line security configuration

Now that we have lambda style security configuration we can further
improve readability by switching to one statement per line.

See gh-17525
pull/17691/head
Phillip Webb 5 years ago
parent 6756385049
commit 6675f49334

@ -19,6 +19,7 @@ package org.springframework.boot.actuate.autoconfigure.security.reactive;
import org.springframework.boot.actuate.autoconfigure.endpoint.web.WebEndpointAutoConfiguration; import org.springframework.boot.actuate.autoconfigure.endpoint.web.WebEndpointAutoConfiguration;
import org.springframework.boot.actuate.autoconfigure.health.HealthEndpointAutoConfiguration; import org.springframework.boot.actuate.autoconfigure.health.HealthEndpointAutoConfiguration;
import org.springframework.boot.actuate.autoconfigure.info.InfoEndpointAutoConfiguration; import org.springframework.boot.actuate.autoconfigure.info.InfoEndpointAutoConfiguration;
import org.springframework.boot.actuate.autoconfigure.security.reactive.EndpointRequest.EndpointServerWebExchangeMatcher;
import org.springframework.boot.actuate.health.HealthEndpoint; import org.springframework.boot.actuate.health.HealthEndpoint;
import org.springframework.boot.actuate.info.InfoEndpoint; import org.springframework.boot.actuate.info.InfoEndpoint;
import org.springframework.boot.autoconfigure.AutoConfigureAfter; import org.springframework.boot.autoconfigure.AutoConfigureAfter;
@ -56,16 +57,17 @@ import org.springframework.security.web.server.WebFilterChainProxy;
ReactiveOAuth2ResourceServerAutoConfiguration.class }) ReactiveOAuth2ResourceServerAutoConfiguration.class })
public class ReactiveManagementWebSecurityAutoConfiguration { public class ReactiveManagementWebSecurityAutoConfiguration {
private static final EndpointServerWebExchangeMatcher HEALTH_OR_INFO_ENDPOINT = EndpointRequest
.to(HealthEndpoint.class, InfoEndpoint.class);
@Bean @Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception { public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception {
// @formatter:off http.authorizeExchange((exchanges) -> {
http.authorizeExchange((exchanges) -> exchanges.matchers(HEALTH_OR_INFO_ENDPOINT).permitAll();
exchanges exchanges.anyExchange().authenticated();
.matchers(EndpointRequest.to(HealthEndpoint.class, InfoEndpoint.class)).permitAll() });
.anyExchange().authenticated()) http.httpBasic(Customizer.withDefaults());
.httpBasic(Customizer.withDefaults()) http.formLogin(Customizer.withDefaults());
.formLogin(Customizer.withDefaults());
// @formatter:on
return http.build(); return http.build();
} }

@ -16,6 +16,7 @@
package org.springframework.boot.actuate.autoconfigure.security.servlet; package org.springframework.boot.actuate.autoconfigure.security.servlet;
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest.EndpointRequestMatcher;
import org.springframework.boot.actuate.health.HealthEndpoint; import org.springframework.boot.actuate.health.HealthEndpoint;
import org.springframework.boot.actuate.info.InfoEndpoint; import org.springframework.boot.actuate.info.InfoEndpoint;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
@ -38,16 +39,17 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
@Configuration(proxyBeanMethods = false) @Configuration(proxyBeanMethods = false)
class ManagementWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter { class ManagementWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
private static final EndpointRequestMatcher HEALTH_OR_INFO_ENDPOINT = EndpointRequest.to(HealthEndpoint.class,
InfoEndpoint.class);
@Override @Override
protected void configure(HttpSecurity http) throws Exception { protected void configure(HttpSecurity http) throws Exception {
// @formatter:off http.authorizeRequests((requests) -> {
http.authorizeRequests((requests) -> requests.requestMatchers(HEALTH_OR_INFO_ENDPOINT).permitAll();
requests requests.anyRequest().authenticated();
.requestMatchers(EndpointRequest.to(HealthEndpoint.class, InfoEndpoint.class)).permitAll() });
.anyRequest().authenticated()) http.formLogin(Customizer.withDefaults());
.formLogin(Customizer.withDefaults()) http.httpBasic(Customizer.withDefaults());
.httpBasic(Customizer.withDefaults());
// @formatter:on
} }
} }

@ -165,10 +165,12 @@ class ReactiveManagementWebSecurityAutoConfigurationTests {
@Bean @Bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception { SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception {
return http http.authorizeExchange((exchanges) -> {
.authorizeExchange( exchanges.pathMatchers("/foo").permitAll();
(exchanges) -> exchanges.pathMatchers("/foo").permitAll().anyExchange().authenticated()) exchanges.anyExchange().authenticated();
.formLogin(Customizer.withDefaults()).build(); });
http.formLogin(Customizer.withDefaults());
return http.build();
} }
} }
@ -194,9 +196,9 @@ class ReactiveManagementWebSecurityAutoConfigurationTests {
} }
private List<SecurityWebFilterChain> getFilterChains(ServerHttpSecurity http) throws Exception { private List<SecurityWebFilterChain> getFilterChains(ServerHttpSecurity http) throws Exception {
return Collections http.authorizeExchange((exchanges) -> exchanges.anyExchange().authenticated());
.singletonList(http.authorizeExchange((exchanges) -> exchanges.anyExchange().authenticated()) http.formLogin(Customizer.withDefaults());
.formLogin(Customizer.withDefaults()).build()); return Collections.singletonList(http.build());
} }
static class TestServerHttpSecurity extends ServerHttpSecurity implements ApplicationContextAware { static class TestServerHttpSecurity extends ServerHttpSecurity implements ApplicationContextAware {

@ -165,17 +165,18 @@ abstract class AbstractEndpointRequestIntegrationTests {
@Bean @Bean
WebSecurityConfigurerAdapter webSecurityConfigurerAdapter() { WebSecurityConfigurerAdapter webSecurityConfigurerAdapter() {
return new WebSecurityConfigurerAdapter() { return new WebSecurityConfigurerAdapter() {
@Override @Override
protected void configure(HttpSecurity http) throws Exception { protected void configure(HttpSecurity http) throws Exception {
// @formatter:off http.authorizeRequests((requests) -> {
http.authorizeRequests((requests) -> requests requests.requestMatchers(EndpointRequest.toLinks()).permitAll();
.requestMatchers(EndpointRequest.toLinks()).permitAll() requests.requestMatchers(EndpointRequest.to(TestEndpoint1.class)).permitAll();
.requestMatchers(EndpointRequest.to(TestEndpoint1.class)).permitAll() requests.requestMatchers(EndpointRequest.toAnyEndpoint()).authenticated();
.requestMatchers(EndpointRequest.toAnyEndpoint()).authenticated().anyRequest() requests.anyRequest().hasRole("ADMIN");
.hasRole("ADMIN")) });
.httpBasic(); http.httpBasic();
// @formatter:on
} }
}; };
} }

@ -127,8 +127,12 @@ class ManagementWebSecurityAutoConfigurationTests {
@Override @Override
protected void configure(HttpSecurity http) throws Exception { protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests((requests) -> requests.antMatchers("/foo").permitAll().anyRequest().authenticated()) http.authorizeRequests((requests) -> {
.formLogin(Customizer.withDefaults()).httpBasic(); requests.antMatchers("/foo").permitAll();
requests.anyRequest().authenticated();
});
http.formLogin(Customizer.withDefaults());
http.httpBasic();
} }
} }

@ -57,8 +57,9 @@ class OAuth2WebSecurityConfiguration {
@Override @Override
protected void configure(HttpSecurity http) throws Exception { protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests((requests) -> requests.anyRequest().authenticated()) http.authorizeRequests((requests) -> requests.anyRequest().authenticated());
.oauth2Login(Customizer.withDefaults()).oauth2Client(); http.oauth2Login(Customizer.withDefaults());
http.oauth2Client();
} }
} }

@ -30,6 +30,7 @@ import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Conditional; import org.springframework.context.annotation.Conditional;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.web.server.ServerHttpSecurity; import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec;
import org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder; import org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder;
import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder; import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder;
import org.springframework.security.oauth2.jwt.ReactiveJwtDecoders; import org.springframework.security.oauth2.jwt.ReactiveJwtDecoders;
@ -91,11 +92,15 @@ class ReactiveOAuth2ResourceServerJwkConfiguration {
@ConditionalOnBean(ReactiveJwtDecoder.class) @ConditionalOnBean(ReactiveJwtDecoder.class)
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http, ReactiveJwtDecoder jwtDecoder) SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http, ReactiveJwtDecoder jwtDecoder)
throws Exception { throws Exception {
http.authorizeExchange((exchanges) -> exchanges.anyExchange().authenticated()) http.authorizeExchange((exchanges) -> exchanges.anyExchange().authenticated());
.oauth2ResourceServer((server) -> server.jwt((jwt) -> jwt.jwtDecoder(jwtDecoder))); http.oauth2ResourceServer((server) -> customDecoder(server, jwtDecoder));
return http.build(); return http.build();
} }
private void customDecoder(OAuth2ResourceServerSpec server, ReactiveJwtDecoder decoder) throws Exception {
server.jwt((jwt) -> jwt.jwtDecoder(decoder));
}
} }
} }

@ -23,6 +23,7 @@ import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2Res
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.web.server.ServerHttpSecurity; import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec;
import org.springframework.security.oauth2.server.resource.introspection.NimbusReactiveOAuth2TokenIntrospectionClient; import org.springframework.security.oauth2.server.resource.introspection.NimbusReactiveOAuth2TokenIntrospectionClient;
import org.springframework.security.oauth2.server.resource.introspection.ReactiveOAuth2TokenIntrospectionClient; import org.springframework.security.oauth2.server.resource.introspection.ReactiveOAuth2TokenIntrospectionClient;
import org.springframework.security.web.server.SecurityWebFilterChain; import org.springframework.security.web.server.SecurityWebFilterChain;
@ -58,8 +59,8 @@ class ReactiveOAuth2ResourceServerOpaqueTokenConfiguration {
@Bean @Bean
@ConditionalOnBean(ReactiveOAuth2TokenIntrospectionClient.class) @ConditionalOnBean(ReactiveOAuth2TokenIntrospectionClient.class)
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception { SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception {
http.authorizeExchange((exchanges) -> exchanges.anyExchange().authenticated()) http.authorizeExchange((exchanges) -> exchanges.anyExchange().authenticated());
.oauth2ResourceServer(ServerHttpSecurity.OAuth2ResourceServerSpec::opaqueToken); http.oauth2ResourceServer(OAuth2ResourceServerSpec::opaqueToken);
return http.build(); return http.build();
} }

@ -94,11 +94,13 @@ class OAuth2ResourceServerJwtConfiguration {
@ConditionalOnBean(JwtDecoder.class) @ConditionalOnBean(JwtDecoder.class)
WebSecurityConfigurerAdapter jwtDecoderWebSecurityConfigurerAdapter() { WebSecurityConfigurerAdapter jwtDecoderWebSecurityConfigurerAdapter() {
return new WebSecurityConfigurerAdapter() { return new WebSecurityConfigurerAdapter() {
@Override @Override
protected void configure(HttpSecurity http) throws Exception { protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests((requests) -> requests.anyRequest().authenticated()) http.authorizeRequests((requests) -> requests.anyRequest().authenticated());
.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt); http.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
} }
}; };
} }

@ -59,11 +59,13 @@ class OAuth2ResourceServerOpaqueTokenConfiguration {
@ConditionalOnBean(OAuth2TokenIntrospectionClient.class) @ConditionalOnBean(OAuth2TokenIntrospectionClient.class)
WebSecurityConfigurerAdapter opaqueTokenWebSecurityConfigurerAdapter() { WebSecurityConfigurerAdapter opaqueTokenWebSecurityConfigurerAdapter() {
return new WebSecurityConfigurerAdapter() { return new WebSecurityConfigurerAdapter() {
@Override @Override
protected void configure(HttpSecurity http) throws Exception { protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests((requests) -> requests.anyRequest().authenticated()) http.authorizeRequests((requests) -> requests.anyRequest().authenticated());
.oauth2ResourceServer(OAuth2ResourceServerConfigurer::opaqueToken); http.oauth2ResourceServer(OAuth2ResourceServerConfigurer::opaqueToken);
} }
}; };
} }

@ -376,9 +376,11 @@ class ReactiveOAuth2ResourceServerAutoConfigurationTests {
@Bean @Bean
SecurityWebFilterChain testSpringSecurityFilterChain(ServerHttpSecurity http) throws Exception { SecurityWebFilterChain testSpringSecurityFilterChain(ServerHttpSecurity http) throws Exception {
http.authorizeExchange( http.authorizeExchange((exchanges) -> {
(exchanges) -> exchanges.pathMatchers("/message/**").hasRole("ADMIN").anyExchange().authenticated()) exchanges.pathMatchers("/message/**").hasRole("ADMIN");
.httpBasic(); exchanges.anyExchange().authenticated();
});
http.httpBasic();
return http.build(); return http.build();
} }

@ -396,10 +396,9 @@ A typical Spring Security configuration might look something like the following
@Override @Override
protected void configure(HttpSecurity http) throws Exception { protected void configure(HttpSecurity http) throws Exception {
http.requestMatcher(EndpointRequest.toAnyEndpoint()) http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests((requests) ->
.authorizeRequests((requests) -> requests.anyRequest().hasRole("ENDPOINT_ADMIN"));
requests.anyRequest().hasRole("ENDPOINT_ADMIN")) http.httpBasic();
.httpBasic();
} }
} }
@ -433,7 +432,7 @@ following example:
@Override @Override
protected void configure(HttpSecurity http) throws Exception { protected void configure(HttpSecurity http) throws Exception {
http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests((requests) -> http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests((requests) ->
.anyRequest().permitAll()); requests.anyRequest().permitAll());
} }
} }

@ -68,7 +68,8 @@ class WebTestClientSpringBootTestIntegrationTests {
@Bean @Bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception { SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception {
return http.authorizeExchange((exchanges) -> exchanges.anyExchange().permitAll()).build(); http.authorizeExchange((exchanges) -> exchanges.anyExchange().permitAll());
return http.build();
} }
} }

@ -16,6 +16,9 @@
package smoketest.actuator.customsecurity; package smoketest.actuator.customsecurity;
import java.util.ArrayList;
import java.util.List;
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest; import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
import org.springframework.boot.actuate.web.mappings.MappingsEndpoint; import org.springframework.boot.actuate.web.mappings.MappingsEndpoint;
import org.springframework.boot.autoconfigure.security.servlet.PathRequest; import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
@ -25,36 +28,44 @@ import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.User.UserBuilder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.springframework.security.provisioning.InMemoryUserDetailsManager;
@Configuration(proxyBeanMethods = false) @Configuration(proxyBeanMethods = false)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter { public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@SuppressWarnings("deprecation")
@Bean @Bean
public InMemoryUserDetailsManager inMemoryUserDetailsManager() { public InMemoryUserDetailsManager inMemoryUserDetailsManager() {
return new InMemoryUserDetailsManager( List<UserDetails> userDetails = new ArrayList<>();
User.withDefaultPasswordEncoder().username("user").password("password").authorities("ROLE_USER") userDetails.add(createUserDetails("user", "password", "ROLE_USER"));
.build(), userDetails.add(createUserDetails("beans", "beans", "ROLE_BEANS"));
User.withDefaultPasswordEncoder().username("beans").password("beans").authorities("ROLE_BEANS").build(), userDetails.add(createUserDetails("admin", "admin", "ROLE_ACTUATOR", "ROLE_USER"));
User.withDefaultPasswordEncoder().username("admin").password("admin") return new InMemoryUserDetailsManager(userDetails);
.authorities("ROLE_ACTUATOR", "ROLE_USER").build()); }
@SuppressWarnings("deprecation")
private UserDetails createUserDetails(String username, String password, String... authorities) {
UserBuilder builder = User.withDefaultPasswordEncoder();
builder.username(username);
builder.password(password);
builder.authorities(authorities);
return builder.build();
} }
@Override @Override
protected void configure(HttpSecurity http) throws Exception { protected void configure(HttpSecurity http) throws Exception {
// @formatter:off http.authorizeRequests((requests) -> {
http.authorizeRequests((requests) -> requests.mvcMatchers("/actuator/beans").hasRole("BEANS");
requests requests.requestMatchers(EndpointRequest.to("health", "info")).permitAll();
.mvcMatchers("/actuator/beans").hasRole("BEANS") requests.requestMatchers(EndpointRequest.toAnyEndpoint().excluding(MappingsEndpoint.class))
.requestMatchers(EndpointRequest.to("health", "info")).permitAll() .hasRole("ACTUATOR");
.requestMatchers(EndpointRequest.toAnyEndpoint().excluding(MappingsEndpoint.class)).hasRole("ACTUATOR") requests.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll();
.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll() requests.antMatchers("/foo").permitAll();
.antMatchers("/foo").permitAll() requests.antMatchers("/**").hasRole("USER");
.antMatchers("/**").hasRole("USER")) });
.cors(Customizer.withDefaults()) http.cors(Customizer.withDefaults());
.httpBasic(); http.httpBasic();
// @formatter:on
} }
} }

@ -91,16 +91,15 @@ class ManagementPortSampleSecureWebFluxTests {
@Bean @Bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception { SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception {
// @formatter:off http.authorizeExchange((exchanges) -> {
http.authorizeExchange((exchanges) -> exchanges.matchers(EndpointRequest.to("health", "info")).permitAll();
exchanges exchanges.matchers(EndpointRequest.toAnyEndpoint().excluding(MappingsEndpoint.class))
.matchers(EndpointRequest.to("health", "info")).permitAll() .hasRole("ACTUATOR");
.matchers(EndpointRequest.toAnyEndpoint().excluding(MappingsEndpoint.class)).hasRole("ACTUATOR") exchanges.matchers(PathRequest.toStaticResources().atCommonLocations()).permitAll();
.matchers(PathRequest.toStaticResources().atCommonLocations()).permitAll() exchanges.pathMatchers("/login").permitAll();
.pathMatchers("/login").permitAll() exchanges.anyExchange().authenticated();
.anyExchange().authenticated()) });
.httpBasic(); http.httpBasic();
// @formatter:on
return http.build(); return http.build();
} }

@ -116,16 +116,15 @@ class SampleSecureWebFluxCustomSecurityTests {
@Bean @Bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception { SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception {
// @formatter:off http.authorizeExchange((exchanges) -> {
http.authorizeExchange((exchanges) -> exchanges.matchers(EndpointRequest.to("health", "info")).permitAll();
exchanges exchanges.matchers(EndpointRequest.toAnyEndpoint().excluding(MappingsEndpoint.class))
.matchers(EndpointRequest.to("health", "info")).permitAll() .hasRole("ACTUATOR");
.matchers(EndpointRequest.toAnyEndpoint().excluding(MappingsEndpoint.class)).hasRole("ACTUATOR") exchanges.matchers(PathRequest.toStaticResources().atCommonLocations()).permitAll();
.matchers(PathRequest.toStaticResources().atCommonLocations()).permitAll() exchanges.pathMatchers("/login").permitAll();
.pathMatchers("/login").permitAll() exchanges.anyExchange().authenticated();
.anyExchange().authenticated()) });
.httpBasic(Customizer.withDefaults()); http.httpBasic(Customizer.withDefaults());
// @formatter:off
return http.build(); return http.build();
} }

@ -72,15 +72,16 @@ public class SampleMethodSecurityApplication implements WebMvcConfigurer {
@Override @Override
protected void configure(HttpSecurity http) throws Exception { protected void configure(HttpSecurity http) throws Exception {
// @formatter:off http.authorizeRequests((requests) -> {
http.authorizeRequests((requests) -> requests.antMatchers("/login").permitAll();
requests requests.anyRequest().fullyAuthenticated();
.antMatchers("/login").permitAll() });
.anyRequest().fullyAuthenticated()) http.formLogin((form) -> {
.formLogin((form) -> form.loginPage("/login").failureUrl("/login?error")) form.loginPage("/login");
.logout((logout) -> logout.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))) form.failureUrl("/login?error");
.exceptionHandling((exceptions) -> exceptions.accessDeniedPage("/access?error")); });
// @formatter:on http.logout((logout) -> logout.logoutRequestMatcher(new AntPathRequestMatcher("/logout")));
http.exceptionHandling((exceptions) -> exceptions.accessDeniedPage("/access?error"));
} }
} }
@ -91,8 +92,9 @@ public class SampleMethodSecurityApplication implements WebMvcConfigurer {
@Override @Override
protected void configure(HttpSecurity http) throws Exception { protected void configure(HttpSecurity http) throws Exception {
http.requestMatcher(EndpointRequest.toAnyEndpoint()) http.requestMatcher(EndpointRequest.toAnyEndpoint());
.authorizeRequests((requests) -> requests.anyRequest().authenticated()).httpBasic(); http.authorizeRequests((requests) -> requests.anyRequest().authenticated());
http.httpBasic();
} }
} }

@ -62,13 +62,15 @@ public class SampleWebSecureCustomApplication implements WebMvcConfigurer {
@Override @Override
protected void configure(HttpSecurity http) throws Exception { protected void configure(HttpSecurity http) throws Exception {
// @formatter:off http.authorizeRequests((requests) -> {
http.authorizeRequests((requests) -> requests.antMatchers("/css/**").permitAll();
requests requests.anyRequest().fullyAuthenticated();
.antMatchers("/css/**").permitAll().anyRequest().fullyAuthenticated()) });
.formLogin((form) -> form.loginPage("/login").failureUrl("/login?error").permitAll()) http.formLogin((form) -> {
.logout(LogoutConfigurer::permitAll); form.loginPage("/login");
// @formatter:on form.failureUrl("/login?error").permitAll();
});
http.logout(LogoutConfigurer::permitAll);
} }
} }

@ -66,12 +66,15 @@ public class SampleWebSecureJdbcApplication implements WebMvcConfigurer {
@Override @Override
protected void configure(HttpSecurity http) throws Exception { protected void configure(HttpSecurity http) throws Exception {
// @formatter:off http.authorizeRequests((requests) -> {
http.authorizeRequests( requests.antMatchers("/css/**").permitAll();
(requests) -> requests.antMatchers("/css/**").permitAll().anyRequest().fullyAuthenticated()) requests.anyRequest().fullyAuthenticated();
.formLogin((form) -> form.loginPage("/login").failureUrl("/login?error").permitAll()) });
.logout(LogoutConfigurer::permitAll); http.formLogin((form) -> {
// @formatter:on form.loginPage("/login");
form.failureUrl("/login?error").permitAll();
});
http.logout(LogoutConfigurer::permitAll);
} }
@Bean @Bean

@ -63,15 +63,15 @@ public class SampleWebSecureApplication implements WebMvcConfigurer {
@Override @Override
protected void configure(HttpSecurity http) throws Exception { protected void configure(HttpSecurity http) throws Exception {
// @formatter:off http.authorizeRequests((requests) -> {
http.authorizeRequests((requests) -> requests.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll();
requests requests.anyRequest().fullyAuthenticated();
.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll() });
.anyRequest().fullyAuthenticated()) http.formLogin((form) -> {
.formLogin((form) -> form.loginPage("/login");
form.loginPage("/login").failureUrl("/login?error").permitAll()) form.failureUrl("/login?error").permitAll();
.logout(LogoutConfigurer::permitAll); });
// @formatter:on http.logout(LogoutConfigurer::permitAll);
} }
} }

Loading…
Cancel
Save