GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Fix Add @Configuration to @Enable*Security Usage 

Issue gh-6613
pull/11709/head
Rob Winch 3 years ago
parent
040111ae9e
commit
a5069d7e35
16 changed files with 57 additions and 8 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java
  2. 2
      config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java
  3. 2
      config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/EnableWebMvcSecurity.java
  4. 2
      config/src/test/java/org/springframework/security/config/annotation/issue50/SecurityConfig.java
  5. 4
      config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
  6. 2
      config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java
  7. 1
      config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java
  8. 1
      config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java
  9. 7
      config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java
  10. 2
      config/src/test/kotlin/org/springframework/security/config/annotation/method/configuration/KotlinEnableReactiveMethodSecurityTests.kt
  11. 2
      config/src/test/kotlin/org/springframework/security/config/web/server/AuthorizeExchangeDslTests.kt
  12. 23
      docs/modules/ROOT/pages/servlet/authorization/method-security.adoc
  13. 1
      docs/modules/ROOT/pages/servlet/configuration/java.adoc
  14. 10
      docs/modules/ROOT/pages/servlet/exploits/headers.adoc
  15. 2
      docs/modules/ROOT/pages/servlet/oauth2/login/advanced.adoc
  16. 3
      docs/modules/ROOT/pages/servlet/oauth2/resource-server/jwt.adoc

1
config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java
Unescape View File

@ -189,6 +189,7 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests { @@ -189,6 +189,7 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
}
@Configuration
@EnableWebSecurity
static class GroupSearchConfig extends BaseLdapProviderConfig {

2
config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java
Unescape View File

@ -55,6 +55,7 @@ import org.springframework.security.rsocket.util.matcher.RoutePayloadExchangeMat @@ -55,6 +55,7 @@ import org.springframework.security.rsocket.util.matcher.RoutePayloadExchangeMat
* A minimal example can be found below:
*
* <pre class="code">
* &#064;Configuration
* &#064;EnableRSocketSecurity
* public class SecurityConfig {
* &#064;Bean
@ -82,6 +83,7 @@ import org.springframework.security.rsocket.util.matcher.RoutePayloadExchangeMat @@ -82,6 +83,7 @@ import org.springframework.security.rsocket.util.matcher.RoutePayloadExchangeMat
* A more advanced configuration can be seen below:
*
* <pre class="code">
* &#064;Configuration
* &#064;EnableRSocketSecurity
* public class SecurityConfig {
* &#064;Bean

2
config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/EnableWebMvcSecurity.java
Unescape View File

@ -22,7 +22,6 @@ import java.lang.annotation.Retention; @@ -22,7 +22,6 @@ import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.security.config.annotation.authentication.configuration.EnableGlobalAuthentication;
@ -39,7 +38,6 @@ import org.springframework.security.config.annotation.authentication.configurati @@ -39,7 +38,6 @@ import org.springframework.security.config.annotation.authentication.configurati
@Documented
@Import(WebMvcSecurityConfiguration.class)
@EnableGlobalAuthentication
@Configuration
@Deprecated
public @interface EnableWebMvcSecurity {

2
config/src/test/java/org/springframework/security/config/annotation/issue50/SecurityConfig.java
Unescape View File

@ -39,9 +39,9 @@ import org.springframework.util.Assert; @@ -39,9 +39,9 @@ import org.springframework.util.Assert;
* @author Rob Winch
*
*/
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired

4
config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
Unescape View File

@ -531,8 +531,8 @@ public class GlobalMethodSecurityConfigurationTests { @@ -531,8 +531,8 @@ public class GlobalMethodSecurityConfigurationTests {
}
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public static class RoleHierarchyConfig {
@Bean
@ -607,8 +607,8 @@ public class GlobalMethodSecurityConfigurationTests { @@ -607,8 +607,8 @@ public class GlobalMethodSecurityConfigurationTests {
}
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public static class CustomMetadataSourceBeanProxyEnabledConfig extends GlobalMethodSecurityConfiguration {
}

2
config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java
Unescape View File

@ -316,8 +316,8 @@ public class NamespaceGlobalMethodSecurityTests { @@ -316,8 +316,8 @@ public class NamespaceGlobalMethodSecurityTests {
}
@EnableGlobalMethodSecurity(jsr250Enabled = true)
@Configuration
@EnableGlobalMethodSecurity(jsr250Enabled = true)
public static class Jsr250Config {
}

1
config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java
Unescape View File

@ -127,6 +127,7 @@ public class AnonymousConfigurerTests { @@ -127,6 +127,7 @@ public class AnonymousConfigurerTests {
}
@Configuration
@EnableWebSecurity
static class AnonymousDisabledInLambdaConfig extends WebSecurityConfigurerAdapter {

1
config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java
Unescape View File

@ -131,6 +131,7 @@ public class NamespaceHttpFormLoginTests { @@ -131,6 +131,7 @@ public class NamespaceHttpFormLoginTests {
}
@Configuration
@EnableWebSecurity
static class FormLoginCustomConfig extends WebSecurityConfigurerAdapter {

7
config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java
Unescape View File

@ -26,6 +26,7 @@ import org.junit.jupiter.api.extension.ExtendWith; @@ -26,6 +26,7 @@ import org.junit.jupiter.api.extension.ExtendWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.ClassPathResource;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.SecurityContextChangedListenerConfig;
@ -151,6 +152,7 @@ public class X509ConfigurerTests { @@ -151,6 +152,7 @@ public class X509ConfigurerTests {
}
}
@Configuration
@EnableWebSecurity
static class ObjectPostProcessorConfig extends WebSecurityConfigurerAdapter {
@ -180,6 +182,7 @@ public class X509ConfigurerTests { @@ -180,6 +182,7 @@ public class X509ConfigurerTests {
}
@Configuration
@EnableWebSecurity
static class DuplicateDoesNotOverrideConfig extends WebSecurityConfigurerAdapter {
@ -205,6 +208,7 @@ public class X509ConfigurerTests { @@ -205,6 +208,7 @@ public class X509ConfigurerTests {
}
@Configuration
@EnableWebSecurity
static class DefaultsInLambdaConfig extends WebSecurityConfigurerAdapter {
@ -227,6 +231,7 @@ public class X509ConfigurerTests { @@ -227,6 +231,7 @@ public class X509ConfigurerTests {
}
@Configuration
@EnableWebSecurity
static class SubjectPrincipalRegexInLambdaConfig extends WebSecurityConfigurerAdapter {
@ -252,6 +257,7 @@ public class X509ConfigurerTests { @@ -252,6 +257,7 @@ public class X509ConfigurerTests {
}
@Configuration
@EnableWebSecurity
static class UserDetailsServiceBeanConfig {
@ -279,6 +285,7 @@ public class X509ConfigurerTests { @@ -279,6 +285,7 @@ public class X509ConfigurerTests {
}
@Configuration
@EnableWebSecurity
static class UserDetailsServiceAndBeanConfig {

2
config/src/test/kotlin/org/springframework/security/config/annotation/method/configuration/KotlinEnableReactiveMethodSecurityTests.kt
Unescape View File

@ -210,8 +210,8 @@ class KotlinEnableReactiveMethodSecurityTests { @@ -210,8 +210,8 @@ class KotlinEnableReactiveMethodSecurityTests {
verify { delegate wasNot Called }
}
@EnableReactiveMethodSecurity
@Configuration
@EnableReactiveMethodSecurity
open class Config {
var delegate = mockk<KotlinReactiveMessageService>()

2
config/src/test/kotlin/org/springframework/security/config/web/server/AuthorizeExchangeDslTests.kt
Unescape View File

@ -32,7 +32,7 @@ import org.springframework.test.web.reactive.server.WebTestClient @@ -32,7 +32,7 @@ import org.springframework.test.web.reactive.server.WebTestClient
import org.springframework.web.bind.annotation.RequestMapping
import org.springframework.web.bind.annotation.RestController
import org.springframework.web.reactive.config.EnableWebFlux
import java.util.*
import java.util.Base64
/**
* Tests for [AuthorizeExchangeDsl]

23
docs/modules/ROOT/pages/servlet/authorization/method-security.adoc
Unescape View File

@ -1,3 +1,4 @@ @@ -1,3 +1,4 @@
[[jc-method]]
= Method Security
@ -32,6 +33,7 @@ For example, the following would enable Spring Security's `@PreAuthorize` annota @@ -32,6 +33,7 @@ For example, the following would enable Spring Security's `@PreAuthorize` annota
.Java
[source,java,role="primary"]
----
@Configuration
@EnableMethodSecurity
public class MethodSecurityConfig {
// ...
@ -41,6 +43,7 @@ public class MethodSecurityConfig { @@ -41,6 +43,7 @@ public class MethodSecurityConfig {
.Kotlin
[source,kotlin,role="secondary"]
----
@Configuration
@EnableMethodSecurity
class MethodSecurityConfig {
// ...
@ -98,6 +101,7 @@ You can enable support for Spring Security's `@Secured` annotation using: @@ -98,6 +101,7 @@ You can enable support for Spring Security's `@Secured` annotation using:
.Java
[source,java,role="primary"]
----
@Configuration
@EnableMethodSecurity(securedEnabled = true)
public class MethodSecurityConfig {
// ...
@ -107,6 +111,7 @@ public class MethodSecurityConfig { @@ -107,6 +111,7 @@ public class MethodSecurityConfig {
.Kotlin
[source,kotlin,role="secondary"]
----
@Configuration
@EnableMethodSecurity(securedEnabled = true)
class MethodSecurityConfig {
// ...
@ -127,6 +132,7 @@ or JSR-250 using: @@ -127,6 +132,7 @@ or JSR-250 using:
.Java
[source,java,role="primary"]
----
@Configuration
@EnableMethodSecurity(jsr250Enabled = true)
public class MethodSecurityConfig {
// ...
@ -136,6 +142,7 @@ public class MethodSecurityConfig { @@ -136,6 +142,7 @@ public class MethodSecurityConfig {
.Kotlin
[source,kotlin,role="secondary"]
----
@Configuration
@EnableMethodSecurity(jsr250Enabled = true)
class MethodSecurityConfig {
// ...
@ -264,6 +271,7 @@ To recreate what adding `@EnableMethodSecurity` does by default, you would publi @@ -264,6 +271,7 @@ To recreate what adding `@EnableMethodSecurity` does by default, you would publi
.Java
[source,java,role="primary"]
----
@Configuration
@EnableMethodSecurity(prePostEnabled = false)
class MethodSecurityConfig {
@Bean
@ -295,6 +303,7 @@ class MethodSecurityConfig { @@ -295,6 +303,7 @@ class MethodSecurityConfig {
.Kotlin
[source,kotlin,role="secondary"]
----
@Configuration
@EnableMethodSecurity(prePostEnabled = false)
class MethodSecurityConfig {
@Bean
@ -392,6 +401,7 @@ You may want to only support `@PreAuthorize` in your application, in which case @@ -392,6 +401,7 @@ You may want to only support `@PreAuthorize` in your application, in which case
.Java
[source,java,role="primary"]
----
@Configuration
@EnableMethodSecurity(prePostEnabled = false)
class MethodSecurityConfig {
@Bean
@ -405,6 +415,7 @@ class MethodSecurityConfig { @@ -405,6 +415,7 @@ class MethodSecurityConfig {
.Kotlin
[source,kotlin,role="secondary"]
----
@Configuration
@EnableMethodSecurity(prePostEnabled = false)
class MethodSecurityConfig {
@Bean
@ -440,6 +451,7 @@ Thus, you can configure Spring Security to invoke your `AuthorizationManager` in @@ -440,6 +451,7 @@ Thus, you can configure Spring Security to invoke your `AuthorizationManager` in
.Java
[source,java,role="primary"]
----
@Configuration
@EnableMethodSecurity
class MethodSecurityConfig {
@Bean
@ -458,6 +470,7 @@ class MethodSecurityConfig { @@ -458,6 +470,7 @@ class MethodSecurityConfig {
.Kotlin
[source,kotlin,role="secondary"]
----
@Configuration
@EnableMethodSecurity
class MethodSecurityConfig {
@Bean
@ -542,6 +555,7 @@ For example, if you have your own custom annotation, you can configure it like s @@ -542,6 +555,7 @@ For example, if you have your own custom annotation, you can configure it like s
.Java
[source,java,role="primary"]
----
@Configuration
@EnableMethodSecurity
class MethodSecurityConfig {
@Bean
@ -558,6 +572,7 @@ class MethodSecurityConfig { @@ -558,6 +572,7 @@ class MethodSecurityConfig {
.Kotlin
[source,kotlin,role="secondary"]
----
@Configuration
@EnableMethodSecurity
class MethodSecurityConfig {
@Bean
@ -607,6 +622,7 @@ The following example enables Spring Security's `@Secured` annotation: @@ -607,6 +622,7 @@ The following example enables Spring Security's `@Secured` annotation:
.Java
[source,java,role="primary"]
----
@Configuration
@EnableGlobalMethodSecurity(securedEnabled = true)
public class MethodSecurityConfig {
// ...
@ -616,6 +632,7 @@ public class MethodSecurityConfig { @@ -616,6 +632,7 @@ public class MethodSecurityConfig {
.Kotlin
[source,kotlin,role="secondary"]
----
@Configuration
@EnableGlobalMethodSecurity(securedEnabled = true)
open class MethodSecurityConfig {
// ...
@ -666,6 +683,7 @@ Support for JSR-250 annotations can be enabled by using: @@ -666,6 +683,7 @@ Support for JSR-250 annotations can be enabled by using:
.Java
[source,java,role="primary"]
----
@Configuration
@EnableGlobalMethodSecurity(jsr250Enabled = true)
public class MethodSecurityConfig {
// ...
@ -675,6 +693,7 @@ public class MethodSecurityConfig { @@ -675,6 +693,7 @@ public class MethodSecurityConfig {
.Kotlin
[source,kotlin,role="secondary"]
----
@Configuration
@EnableGlobalMethodSecurity(jsr250Enabled = true)
open class MethodSecurityConfig {
// ...
@ -689,6 +708,7 @@ To use the new expression-based syntax, you would use: @@ -689,6 +708,7 @@ To use the new expression-based syntax, you would use:
.Java
[source,java,role="primary"]
----
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class MethodSecurityConfig {
// ...
@ -698,6 +718,7 @@ public class MethodSecurityConfig { @@ -698,6 +718,7 @@ public class MethodSecurityConfig {
.Kotlin
[source,kotlin,role="secondary"]
----
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
open class MethodSecurityConfig {
// ...
@ -750,6 +771,7 @@ For example, if you wanted to provide a custom `MethodSecurityExpressionHandler` @@ -750,6 +771,7 @@ For example, if you wanted to provide a custom `MethodSecurityExpressionHandler`
.Java
[source,java,role="primary"]
----
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
@Override
@ -763,6 +785,7 @@ public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration { @@ -763,6 +785,7 @@ public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
.Kotlin
[source,kotlin,role="secondary"]
----
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
open class MethodSecurityConfig : GlobalMethodSecurityConfiguration() {
override fun createExpressionHandler(): MethodSecurityExpressionHandler {

1
docs/modules/ROOT/pages/servlet/configuration/java.adoc
Unescape View File

@ -324,6 +324,7 @@ You can also explicit disable the default: @@ -324,6 +324,7 @@ You can also explicit disable the default:
====
[source,java]
----
@Configuration
@EnableWebSecurity
public class Config {
@Bean

10
docs/modules/ROOT/pages/servlet/exploits/headers.adoc
Unescape View File

@ -887,6 +887,7 @@ You can enable the preceding permissions policy header using the following confi @@ -887,6 +887,7 @@ You can enable the preceding permissions policy header using the following confi
.Java
[source,java,role="primary"]
----
@Configuration
@EnableWebSecurity
public class WebSecurityConfig {
@ -919,6 +920,7 @@ public class WebSecurityConfig { @@ -919,6 +920,7 @@ public class WebSecurityConfig {
.Kotlin
[source,kotlin,role="secondary"]
----
@Configuration
@EnableWebSecurity
class SecurityConfig {
@ -958,6 +960,7 @@ You can send the preceding header on log out with the following configuration: @@ -958,6 +960,7 @@ You can send the preceding header on log out with the following configuration:
.Java
[source,java,role="primary"]
----
@Configuration
@EnableWebSecurity
public class WebSecurityConfig {
@ -976,6 +979,7 @@ public class WebSecurityConfig { @@ -976,6 +979,7 @@ public class WebSecurityConfig {
.Kotlin
[source,kotlin,role="secondary"]
----
@Configuration
@EnableWebSecurity
class SecurityConfig {
@ -1015,6 +1019,7 @@ Given the preceding header, you could add the headers to the response by using t @@ -1015,6 +1019,7 @@ Given the preceding header, you could add the headers to the response by using t
.Java
[source,java,role="primary"]
----
@Configuration
@EnableWebSecurity
public class WebSecurityConfig {
@ -1045,6 +1050,7 @@ public class WebSecurityConfig { @@ -1045,6 +1050,7 @@ public class WebSecurityConfig {
.Kotlin
[source,kotlin,role="secondary"]
----
@Configuration
@EnableWebSecurity
class SecurityConfig {
@ -1074,6 +1080,7 @@ If you wanted to explicitly configure <<servlet-headers-frame-options>>, you cou @@ -1074,6 +1080,7 @@ If you wanted to explicitly configure <<servlet-headers-frame-options>>, you cou
.Java
[source,java,role="primary"]
----
@Configuration
@EnableWebSecurity
public class WebSecurityConfig {
@ -1110,6 +1117,7 @@ See https://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsi @@ -1110,6 +1117,7 @@ See https://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsi
.Kotlin
[source,kotlin,role="secondary"]
----
@Configuration
@EnableWebSecurity
class SecurityConfig {
@ -1141,6 +1149,7 @@ The following configuration example uses `DelegatingRequestMatcherHeaderWriter`: @@ -1141,6 +1149,7 @@ The following configuration example uses `DelegatingRequestMatcherHeaderWriter`:
.Java
[source,java,role="primary"]
----
@Configuration
@EnableWebSecurity
public class WebSecurityConfig {
@ -1188,6 +1197,7 @@ public class WebSecurityConfig { @@ -1188,6 +1197,7 @@ public class WebSecurityConfig {
.Kotlin
[source,kotlin,role="secondary"]
----
@Configuration
@EnableWebSecurity
class SecurityConfig {

2
docs/modules/ROOT/pages/servlet/oauth2/login/advanced.adoc
Unescape View File

@ -931,6 +931,7 @@ Also, you can configure `OidcClientInitiatedLogoutSuccessHandler`, which impleme @@ -931,6 +931,7 @@ Also, you can configure `OidcClientInitiatedLogoutSuccessHandler`, which impleme
.Java
[source,java,role="primary"]
----
@Configuration
@EnableWebSecurity
public class OAuth2LoginSecurityConfig {
@ -966,6 +967,7 @@ public class OAuth2LoginSecurityConfig { @@ -966,6 +967,7 @@ public class OAuth2LoginSecurityConfig {
.Kotlin
[source,kotlin,role="secondary"]
----
@Configuration
@EnableWebSecurity
class OAuth2LoginSecurityConfig {
@Autowired

3
docs/modules/ROOT/pages/servlet/oauth2/resource-server/jwt.adoc
Unescape View File

@ -757,6 +757,7 @@ public class DirectlyConfiguredJwkSetUri { @@ -757,6 +757,7 @@ public class DirectlyConfiguredJwkSetUri {
.Kotlin
[source,kotlin,role="secondary"]
----
@Configuration
@EnableWebSecurity
class DirectlyConfiguredJwkSetUri {
@Bean
@ -949,6 +950,7 @@ static class CustomAuthenticationConverter implements Converter<Jwt, AbstractAut @@ -949,6 +950,7 @@ static class CustomAuthenticationConverter implements Converter<Jwt, AbstractAut
// ...
@Configuration
@EnableWebSecurity
public class CustomAuthenticationConverterConfig {
@Bean
@ -978,6 +980,7 @@ internal class CustomAuthenticationConverter : Converter<Jwt, AbstractAuthentica @@ -978,6 +980,7 @@ internal class CustomAuthenticationConverter : Converter<Jwt, AbstractAuthentica
// ...
@Configuration
@EnableWebSecurity
class CustomAuthenticationConverterConfig {
@Bean

Write Preview
Loading…
Cancel
Save