diff --git a/spring-bootstrap-actuator/src/main/java/org/springframework/bootstrap/actuate/autoconfigure/SecurityConfiguration.java b/spring-bootstrap-actuator/src/main/java/org/springframework/bootstrap/actuate/autoconfigure/SecurityConfiguration.java index 51fe694ee6..003ea64de1 100644 --- a/spring-bootstrap-actuator/src/main/java/org/springframework/bootstrap/actuate/autoconfigure/SecurityConfiguration.java +++ b/spring-bootstrap-actuator/src/main/java/org/springframework/bootstrap/actuate/autoconfigure/SecurityConfiguration.java @@ -30,9 +30,8 @@ import org.springframework.security.authentication.DefaultAuthenticationEventPub import org.springframework.security.authentication.ProviderManager; import org.springframework.security.config.annotation.authentication.AuthenticationBuilder; import org.springframework.security.config.annotation.web.EnableWebSecurity; -import org.springframework.security.config.annotation.web.ExpressionUrlAuthorizations; import org.springframework.security.config.annotation.web.HttpConfigurator; -import org.springframework.security.config.annotation.web.SpringSecurityFilterChainBuilder.IgnoredRequestRegistry; +import org.springframework.security.config.annotation.web.WebSecurityConfiguration; import org.springframework.security.config.annotation.web.WebSecurityConfigurerAdapter; /** @@ -70,24 +69,18 @@ public class SecurityConfiguration { @Autowired private AuthenticationEventPublisher authenticationEventPublisher; - @Override - protected void ignoredRequests(IgnoredRequestRegistry ignoredRequests) { - ignoredRequests.antMatchers(this.healthzPath); - ignoredRequests.antMatchers(this.infoPath); - } - - @Override - protected void authorizeUrls(ExpressionUrlAuthorizations interceptUrls) { - interceptUrls.antMatchers("/**").hasRole("USER"); - } - @Override protected void configure(HttpConfigurator http) throws Exception { http.antMatcher("/**").httpBasic().and().anonymous().disable(); if (this.security.isRequireSsl()) { http.requiresChannel().antMatchers("/**").requiresSecure(); } + http.authorizeUrls().antMatchers("/**").hasRole("USER"); + } + @Override + public void configure(WebSecurityConfiguration builder) throws Exception { + builder.ignoring().antMatchers(this.healthzPath, this.infoPath); } @Override