From 63d6aef4b90d66e97435709ddfd31de4d0e8f39c Mon Sep 17 00:00:00 2001 From: Henning Poettker Date: Sat, 21 May 2022 14:51:30 +0200 Subject: [PATCH] Use Lambda-based API in Spring Security examples --- .../src/docs/asciidoc/data/sql.adoc | 2 +- .../exposeall/MySecurityConfiguration.java | 6 +++--- .../typical/MySecurityConfiguration.java | 10 ++++++---- .../DevProfileSecurityConfiguration.java | 20 ++++++++++++------- .../client/MyOAuthClientConfiguration.java | 6 +++--- .../MyWebFluxSecurityConfiguration.java | 12 ++++++----- .../enablehttps/MySecurityConfig.java | 4 ++-- .../testing/slicetests/MyConfiguration.java | 2 +- .../slicetests/MySecurityConfiguration.java | 2 +- 9 files changed, 37 insertions(+), 27 deletions(-) diff --git a/spring-boot-project/spring-boot-docs/src/docs/asciidoc/data/sql.adoc b/spring-boot-project/spring-boot-docs/src/docs/asciidoc/data/sql.adoc index a449894d13e6..69619c935023 100644 --- a/spring-boot-project/spring-boot-docs/src/docs/asciidoc/data/sql.adoc +++ b/spring-boot-project/spring-boot-docs/src/docs/asciidoc/data/sql.adoc @@ -351,7 +351,7 @@ In simple setups, a `SecurityFilterChain` like the following can be used: [source,java,indent=0,subs="verbatim"] ---- -include::{docs-java}/data/sql/h2webconsole/springsecurity/DevProfileSecurityConfiguration.java[] +include::{docs-java}/data/sql/h2webconsole/springsecurity/DevProfileSecurityConfiguration.java[tag=!customizer] ---- WARNING: The H2 console is only intended for use during development. diff --git a/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/actuator/endpoints/security/exposeall/MySecurityConfiguration.java b/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/actuator/endpoints/security/exposeall/MySecurityConfiguration.java index ba372dd74c6d..39ebcb33021e 100644 --- a/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/actuator/endpoints/security/exposeall/MySecurityConfiguration.java +++ b/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/actuator/endpoints/security/exposeall/MySecurityConfiguration.java @@ -1,5 +1,5 @@ /* - * Copyright 2012-2021 the original author or authors. + * Copyright 2012-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -27,8 +27,8 @@ public class MySecurityConfiguration { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { - http.requestMatcher(EndpointRequest.toAnyEndpoint()) - .authorizeRequests((requests) -> requests.anyRequest().permitAll()); + http.requestMatcher(EndpointRequest.toAnyEndpoint()); + http.authorizeRequests((requests) -> requests.anyRequest().permitAll()); return http.build(); } diff --git a/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/actuator/endpoints/security/typical/MySecurityConfiguration.java b/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/actuator/endpoints/security/typical/MySecurityConfiguration.java index 0a963a0a6f86..d45e4c6ba2dc 100644 --- a/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/actuator/endpoints/security/typical/MySecurityConfiguration.java +++ b/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/actuator/endpoints/security/typical/MySecurityConfiguration.java @@ -1,5 +1,5 @@ /* - * Copyright 2012-2021 the original author or authors. + * Copyright 2012-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -22,14 +22,16 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.web.SecurityFilterChain; +import static org.springframework.security.config.Customizer.withDefaults; + @Configuration(proxyBeanMethods = false) public class MySecurityConfiguration { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { - http.requestMatcher(EndpointRequest.toAnyEndpoint()) - .authorizeRequests((requests) -> requests.anyRequest().hasRole("ENDPOINT_ADMIN")); - http.httpBasic(); + http.requestMatcher(EndpointRequest.toAnyEndpoint()); + http.authorizeRequests((requests) -> requests.anyRequest().hasRole("ENDPOINT_ADMIN")); + http.httpBasic(withDefaults()); return http.build(); } diff --git a/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/data/sql/h2webconsole/springsecurity/DevProfileSecurityConfiguration.java b/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/data/sql/h2webconsole/springsecurity/DevProfileSecurityConfiguration.java index cdb57f9d58d7..dd797fac09b4 100644 --- a/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/data/sql/h2webconsole/springsecurity/DevProfileSecurityConfiguration.java +++ b/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/data/sql/h2webconsole/springsecurity/DevProfileSecurityConfiguration.java @@ -22,6 +22,7 @@ import org.springframework.context.annotation.Profile; import org.springframework.core.Ordered; import org.springframework.core.annotation.Order; +import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.web.SecurityFilterChain; @@ -32,13 +33,18 @@ public class DevProfileSecurityConfiguration { @Bean @Order(Ordered.HIGHEST_PRECEDENCE) SecurityFilterChain h2ConsoleSecurityFilterChain(HttpSecurity http) throws Exception { - // @formatter:off - return http.requestMatcher(PathRequest.toH2Console()) - // ... configuration for authorization - .csrf().disable() - .headers().frameOptions().sameOrigin().and() - .build(); - // @formatter:on + http.requestMatcher(PathRequest.toH2Console()); + http.authorizeRequests(yourCustomAuthorization()); + http.csrf((csrf) -> csrf.disable()); + http.headers((headers) -> headers.frameOptions().sameOrigin()); + return http.build(); } + // tag::customizer[] + Customizer yourCustomAuthorization() { + return (t) -> { + }; + } + // end::customizer[] + } diff --git a/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/features/security/oauth2/client/MyOAuthClientConfiguration.java b/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/features/security/oauth2/client/MyOAuthClientConfiguration.java index 6e15db5f2e05..264a03d9d725 100644 --- a/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/features/security/oauth2/client/MyOAuthClientConfiguration.java +++ b/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/features/security/oauth2/client/MyOAuthClientConfiguration.java @@ -1,5 +1,5 @@ /* - * Copyright 2012-2021 the original author or authors. + * Copyright 2012-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -26,8 +26,8 @@ public class MyOAuthClientConfiguration { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { - http.authorizeRequests().anyRequest().authenticated(); - http.oauth2Login().redirectionEndpoint().baseUri("custom-callback"); + http.authorizeRequests((requests) -> requests.anyRequest().authenticated()); + http.oauth2Login((login) -> login.redirectionEndpoint().baseUri("custom-callback")); return http.build(); } diff --git a/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/features/security/springwebflux/MyWebFluxSecurityConfiguration.java b/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/features/security/springwebflux/MyWebFluxSecurityConfiguration.java index 05dca638ec2b..a419bb935fa2 100644 --- a/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/features/security/springwebflux/MyWebFluxSecurityConfiguration.java +++ b/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/features/security/springwebflux/MyWebFluxSecurityConfiguration.java @@ -1,5 +1,5 @@ /* - * Copyright 2012-2021 the original author or authors. + * Copyright 2012-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -22,16 +22,18 @@ import org.springframework.security.config.web.server.ServerHttpSecurity; import org.springframework.security.web.server.SecurityWebFilterChain; +import static org.springframework.security.config.Customizer.withDefaults; + @Configuration(proxyBeanMethods = false) public class MyWebFluxSecurityConfiguration { @Bean public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) { - http.authorizeExchange((spec) -> { - spec.matchers(PathRequest.toStaticResources().atCommonLocations()).permitAll(); - spec.pathMatchers("/foo", "/bar").authenticated(); + http.authorizeExchange((exchange) -> { + exchange.matchers(PathRequest.toStaticResources().atCommonLocations()).permitAll(); + exchange.pathMatchers("/foo", "/bar").authenticated(); }); - http.formLogin(); + http.formLogin(withDefaults()); return http.build(); } diff --git a/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/howto/security/enablehttps/MySecurityConfig.java b/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/howto/security/enablehttps/MySecurityConfig.java index a02a677ea6b5..4b007e241d9b 100644 --- a/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/howto/security/enablehttps/MySecurityConfig.java +++ b/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/howto/security/enablehttps/MySecurityConfig.java @@ -1,5 +1,5 @@ /* - * Copyright 2012-2021 the original author or authors. + * Copyright 2012-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -27,7 +27,7 @@ public class MySecurityConfig { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { // Customize the application security ... - http.requiresChannel().anyRequest().requiresSecure(); + http.requiresChannel((channel) -> channel.anyRequest().requiresSecure()); return http.build(); } diff --git a/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/howto/testing/slicetests/MyConfiguration.java b/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/howto/testing/slicetests/MyConfiguration.java index e6d24d1bbe09..6155797b205d 100644 --- a/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/howto/testing/slicetests/MyConfiguration.java +++ b/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/howto/testing/slicetests/MyConfiguration.java @@ -30,7 +30,7 @@ public class MyConfiguration { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { - http.authorizeRequests().anyRequest().authenticated(); + http.authorizeRequests((requests) -> requests.anyRequest().authenticated()); return http.build(); } diff --git a/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/howto/testing/slicetests/MySecurityConfiguration.java b/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/howto/testing/slicetests/MySecurityConfiguration.java index 866ab0fd4cd7..f24fb8a586b7 100644 --- a/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/howto/testing/slicetests/MySecurityConfiguration.java +++ b/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/howto/testing/slicetests/MySecurityConfiguration.java @@ -26,7 +26,7 @@ public class MySecurityConfiguration { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { - http.authorizeRequests().anyRequest().authenticated(); + http.authorizeRequests((requests) -> requests.anyRequest().authenticated()); return http.build(); }