2 rokov pred · 64d26a42a0
--- a/docs/src/docs/asciidoc/examples/src/main/java/sample/userinfo/jwt/JwtUserInfoMapperSecurityConfig.java
+++ b/docs/src/docs/asciidoc/examples/src/main/java/sample/userinfo/jwt/JwtUserInfoMapperSecurityConfig.java
@@ -83,8 +83,8 @@ public class JwtUserInfoMapperSecurityConfig {
 
				 				)
			
 
				 			);
			
 
				 		http
			
 
				-			.requestMatcher(endpointsMatcher)
			
 
				-			.authorizeRequests((authorize) -> authorize
			
 
				+			.securityMatcher(endpointsMatcher)
			
 
				+			.authorizeHttpRequests((authorize) -> authorize
			
 
				 				.anyRequest().authenticated()
			
 
				 			)
			
 
				 			.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
			
--- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configuration/OAuth2AuthorizationServerConfiguration.java
+++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configuration/OAuth2AuthorizationServerConfiguration.java
@@ -63,9 +63,9 @@ public class OAuth2AuthorizationServerConfiguration {
 
				 				.getEndpointsMatcher();
			
 
				 
			
 
				 		http
			
 
				-			.requestMatcher(endpointsMatcher)
			
 
				-			.authorizeRequests(authorizeRequests ->
			
 
				-				authorizeRequests.anyRequest().authenticated()
			
 
				+			.securityMatcher(endpointsMatcher)
			
 
				+			.authorizeHttpRequests(authorize ->
			
 
				+				authorize.anyRequest().authenticated()
			
 
				 			)
			
 
				 			.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
			
 
				 			.apply(authorizationServerConfigurer);
			
--- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationCodeGrantTests.java
+++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationCodeGrantTests.java
@@ -843,9 +843,9 @@ public class OAuth2AuthorizationCodeGrantTests {
 
				 			RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher();
			
 
				 
			
 
				 			http
			
 
				-					.requestMatcher(endpointsMatcher)
			
 
				-					.authorizeRequests(authorizeRequests ->
			
 
				-							authorizeRequests.anyRequest().authenticated()
			
 
				+					.securityMatcher(endpointsMatcher)
			
 
				+					.authorizeHttpRequests(authorize ->
			
 
				+							authorize.anyRequest().authenticated()
			
 
				 					)
			
 
				 					.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
			
 
				 					.securityContext(securityContext ->
			
@@ -905,9 +905,9 @@ public class OAuth2AuthorizationCodeGrantTests {
 
				 			RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher();
			
 
				 
			
 
				 			http
			
 
				-					.requestMatcher(endpointsMatcher)
			
 
				-					.authorizeRequests(authorizeRequests ->
			
 
				-							authorizeRequests.anyRequest().authenticated()
			
 
				+					.securityMatcher(endpointsMatcher)
			
 
				+					.authorizeHttpRequests(authorize ->
			
 
				+							authorize.anyRequest().authenticated()
			
 
				 					)
			
 
				 					.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
			
 
				 					.apply(authorizationServerConfigurer);
			
@@ -938,9 +938,9 @@ public class OAuth2AuthorizationCodeGrantTests {
 
				 			RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher();
			
 
				 
			
 
				 			http
			
 
				-					.requestMatcher(endpointsMatcher)
			
 
				-					.authorizeRequests(authorizeRequests ->
			
 
				-							authorizeRequests.anyRequest().authenticated()
			
 
				+					.securityMatcher(endpointsMatcher)
			
 
				+					.authorizeHttpRequests(authorize ->
			
 
				+							authorize.anyRequest().authenticated()
			
 
				 					)
			
 
				 					.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
			
 
				 					.apply(authorizationServerConfigurer);
			
@@ -1029,9 +1029,9 @@ public class OAuth2AuthorizationCodeGrantTests {
 
				 			RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher();
			
 
				 
			
 
				 			http
			
 
				-					.requestMatcher(endpointsMatcher)
			
 
				-					.authorizeRequests(authorizeRequests ->
			
 
				-							authorizeRequests.anyRequest().authenticated()
			
 
				+					.securityMatcher(endpointsMatcher)
			
 
				+					.authorizeHttpRequests(authorize ->
			
 
				+							authorize.anyRequest().authenticated()
			
 
				 					)
			
 
				 					.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
			
 
				 					.apply(authorizationServerConfigurer);
			
--- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerMetadataTests.java
+++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerMetadataTests.java
@@ -178,9 +178,9 @@ public class OAuth2AuthorizationServerMetadataTests {
 
				 			RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher();
			
 
				 
			
 
				 			http
			
 
				-					.requestMatcher(endpointsMatcher)
			
 
				-					.authorizeRequests(authorizeRequests ->
			
 
				-							authorizeRequests.anyRequest().authenticated()
			
 
				+					.securityMatcher(endpointsMatcher)
			
 
				+					.authorizeHttpRequests(authorize ->
			
 
				+							authorize.anyRequest().authenticated()
			
 
				 					)
			
 
				 					.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher));
			
 
				 
			
--- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2ClientCredentialsGrantTests.java
+++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2ClientCredentialsGrantTests.java
@@ -415,9 +415,9 @@ public class OAuth2ClientCredentialsGrantTests {
 
				 			RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher();
			
 
				 
			
 
				 			http
			
 
				-					.requestMatcher(endpointsMatcher)
			
 
				-					.authorizeRequests(authorizeRequests ->
			
 
				-							authorizeRequests.anyRequest().authenticated()
			
 
				+					.securityMatcher(endpointsMatcher)
			
 
				+					.authorizeHttpRequests(authorize ->
			
 
				+							authorize.anyRequest().authenticated()
			
 
				 					)
			
 
				 					.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
			
 
				 					.apply(authorizationServerConfigurer);
			
@@ -447,9 +447,9 @@ public class OAuth2ClientCredentialsGrantTests {
 
				 			RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher();
			
 
				 
			
 
				 			http
			
 
				-					.requestMatcher(endpointsMatcher)
			
 
				-					.authorizeRequests(authorizeRequests ->
			
 
				-							authorizeRequests.anyRequest().authenticated()
			
 
				+					.securityMatcher(endpointsMatcher)
			
 
				+					.authorizeHttpRequests(authorize ->
			
 
				+							authorize.anyRequest().authenticated()
			
 
				 					)
			
 
				 					.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
			
 
				 					.apply(authorizationServerConfigurer);
			
--- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2TokenIntrospectionTests.java
+++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2TokenIntrospectionTests.java
@@ -519,9 +519,9 @@ public class OAuth2TokenIntrospectionTests {
 
				 			RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher();
			
 
				 
			
 
				 			http
			
 
				-					.requestMatcher(endpointsMatcher)
			
 
				-					.authorizeRequests(authorizeRequests ->
			
 
				-							authorizeRequests.anyRequest().authenticated()
			
 
				+					.securityMatcher(endpointsMatcher)
			
 
				+					.authorizeHttpRequests(authorize ->
			
 
				+							authorize.anyRequest().authenticated()
			
 
				 					)
			
 
				 					.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
			
 
				 					.apply(authorizationServerConfigurer);
			
--- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2TokenRevocationTests.java
+++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2TokenRevocationTests.java
@@ -339,9 +339,9 @@ public class OAuth2TokenRevocationTests {
 
				 			RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher();
			
 
				 
			
 
				 			http
			
 
				-					.requestMatcher(endpointsMatcher)
			
 
				-					.authorizeRequests(authorizeRequests ->
			
 
				-							authorizeRequests.anyRequest().authenticated()
			
 
				+					.securityMatcher(endpointsMatcher)
			
 
				+					.authorizeHttpRequests(authorize ->
			
 
				+							authorize.anyRequest().authenticated()
			
 
				 					)
			
 
				 					.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
			
 
				 					.apply(authorizationServerConfigurer);
			
--- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcClientRegistrationTests.java
+++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcClientRegistrationTests.java
@@ -366,9 +366,9 @@ public class OidcClientRegistrationTests {
 
				 			RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher();
			
 
				 
			
 
				 			http
			
 
				-					.requestMatcher(endpointsMatcher)
			
 
				-					.authorizeRequests(authorizeRequests ->
			
 
				-							authorizeRequests.anyRequest().authenticated()
			
 
				+					.securityMatcher(endpointsMatcher)
			
 
				+					.authorizeHttpRequests(authorize ->
			
 
				+							authorize.anyRequest().authenticated()
			
 
				 					)
			
 
				 					.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
			
 
				 					.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt)
			
--- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcProviderConfigurationTests.java
+++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcProviderConfigurationTests.java
@@ -235,9 +235,9 @@ public class OidcProviderConfigurationTests {
 
				 			RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher();
			
 
				 
			
 
				 			http
			
 
				-					.requestMatcher(endpointsMatcher)
			
 
				-					.authorizeRequests(authorizeRequests ->
			
 
				-							authorizeRequests.anyRequest().authenticated()
			
 
				+					.securityMatcher(endpointsMatcher)
			
 
				+					.authorizeHttpRequests(authorize ->
			
 
				+							authorize.anyRequest().authenticated()
			
 
				 					)
			
 
				 					.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher));
			
 
				 
			
--- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcTests.java
+++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcTests.java
@@ -367,9 +367,9 @@ public class OidcTests {
 
				 			RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher();
			
 
				 
			
 
				 			http
			
 
				-					.requestMatcher(endpointsMatcher)
			
 
				-					.authorizeRequests(authorizeRequests ->
			
 
				-							authorizeRequests.anyRequest().authenticated()
			
 
				+					.securityMatcher(endpointsMatcher)
			
 
				+					.authorizeHttpRequests(authorize ->
			
 
				+							authorize.anyRequest().authenticated()
			
 
				 					)
			
 
				 					.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher));
			
 
				 
			
--- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcUserInfoTests.java
+++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcUserInfoTests.java
@@ -280,9 +280,9 @@ public class OidcUserInfoTests {
 
				 
			
 
				 			// @formatter:off
			
 
				 			http
			
 
				-				.requestMatcher(endpointsMatcher)
			
 
				-				.authorizeRequests(authorizeRequests ->
			
 
				-					authorizeRequests.anyRequest().authenticated()
			
 
				+				.securityMatcher(endpointsMatcher)
			
 
				+				.authorizeHttpRequests(authorize ->
			
 
				+					authorize.anyRequest().authenticated()
			
 
				 				)
			
 
				 				.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
			
 
				 				.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt)
			
@@ -311,9 +311,9 @@ public class OidcUserInfoTests {
 
				 
			
 
				 			// @formatter:off
			
 
				 			http
			
 
				-				.requestMatcher(endpointsMatcher)
			
 
				-				.authorizeRequests(authorizeRequests ->
			
 
				-					authorizeRequests.anyRequest().authenticated()
			
 
				+				.securityMatcher(endpointsMatcher)
			
 
				+				.authorizeHttpRequests(authorize ->
			
 
				+					authorize.anyRequest().authenticated()
			
 
				 				)
			
 
				 				.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
			
 
				 				.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt)
			
@@ -338,9 +338,9 @@ public class OidcUserInfoTests {
 
				 
			
 
				 			// @formatter:off
			
 
				 			http
			
 
				-				.requestMatcher(endpointsMatcher)
			
 
				-				.authorizeRequests(authorizeRequests ->
			
 
				-					authorizeRequests.anyRequest().authenticated()
			
 
				+				.securityMatcher(endpointsMatcher)
			
 
				+				.authorizeHttpRequests(authorize ->
			
 
				+					authorize.anyRequest().authenticated()
			
 
				 				)
			
 
				 				.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
			
 
				 				.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt)
			
--- a/samples/custom-consent-authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java
+++ b/samples/custom-consent-authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java
@@ -67,9 +67,9 @@ public class AuthorizationServerConfig {
 
				 				.getEndpointsMatcher();
			
 
				 
			
 
				 		http
			
 
				-			.requestMatcher(endpointsMatcher)
			
 
				-			.authorizeRequests(authorizeRequests ->
			
 
				-				authorizeRequests.anyRequest().authenticated()
			
 
				+			.securityMatcher(endpointsMatcher)
			
 
				+			.authorizeHttpRequests(authorize ->
			
 
				+				authorize.anyRequest().authenticated()
			
 
				 			)
			
 
				 			.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
			
 
				 			.exceptionHandling(exceptions ->
			
--- a/samples/custom-consent-authorizationserver/src/main/java/sample/config/DefaultSecurityConfig.java
+++ b/samples/custom-consent-authorizationserver/src/main/java/sample/config/DefaultSecurityConfig.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2020-2021 the original author or authors.
			
 
				+ * Copyright 2020-2022 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -36,8 +36,8 @@ public class DefaultSecurityConfig {
 
				 	@Bean
			
 
				 	SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
			
 
				 		http
			
 
				-			.authorizeRequests(authorizeRequests ->
			
 
				-				authorizeRequests.anyRequest().authenticated()
			
 
				+			.authorizeHttpRequests(authorize ->
			
 
				+				authorize.anyRequest().authenticated()
			
 
				 			)
			
 
				 			.formLogin(withDefaults());
			
 
				 		return http.build();
			
--- a/samples/default-authorizationserver/src/main/java/sample/config/DefaultSecurityConfig.java
+++ b/samples/default-authorizationserver/src/main/java/sample/config/DefaultSecurityConfig.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2020-2021 the original author or authors.
			
 
				+ * Copyright 2020-2022 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -37,8 +37,8 @@ public class DefaultSecurityConfig {
 
				 	@Bean
			
 
				 	SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
			
 
				 		http
			
 
				-			.authorizeRequests(authorizeRequests ->
			
 
				-				authorizeRequests.anyRequest().authenticated()
			
 
				+			.authorizeHttpRequests(authorize ->
			
 
				+				authorize.anyRequest().authenticated()
			
 
				 			)
			
 
				 			.formLogin(withDefaults());
			
 
				 		return http.build();
			
--- a/samples/federated-identity-authorizationserver/src/main/java/sample/config/DefaultSecurityConfig.java
+++ b/samples/federated-identity-authorizationserver/src/main/java/sample/config/DefaultSecurityConfig.java
@@ -41,9 +41,9 @@ public class DefaultSecurityConfig {
 
				 		FederatedIdentityConfigurer federatedIdentityConfigurer = new FederatedIdentityConfigurer()
			
 
				 			.oauth2UserHandler(new UserRepositoryOAuth2UserHandler());
			
 
				 		http
			
 
				-			.authorizeRequests(authorizeRequests ->
			
 
				-				authorizeRequests
			
 
				-					.mvcMatchers("/assets/**", "/webjars/**", "/login").permitAll()
			
 
				+			.authorizeHttpRequests(authorize ->
			
 
				+				authorize
			
 
				+					.requestMatchers("/assets/**", "/webjars/**", "/login").permitAll()
			
 
				 					.anyRequest().authenticated()
			
 
				 			)
			
 
				 			.formLogin(Customizer.withDefaults())
			
--- a/samples/messages-client/src/main/java/sample/config/SecurityConfig.java
+++ b/samples/messages-client/src/main/java/sample/config/SecurityConfig.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2020-2021 the original author or authors.
			
 
				+ * Copyright 2020-2022 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -32,15 +32,15 @@ public class SecurityConfig {
 
				 
			
 
				 	@Bean
			
 
				 	WebSecurityCustomizer webSecurityCustomizer() {
			
 
				-		return (web) -> web.ignoring().antMatchers("/webjars/**");
			
 
				+		return (web) -> web.ignoring().requestMatchers("/webjars/**");
			
 
				 	}
			
 
				 
			
 
				 	// @formatter:off
			
 
				 	@Bean
			
 
				 	SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
			
 
				 		http
			
 
				-			.authorizeRequests(authorizeRequests ->
			
 
				-				authorizeRequests.anyRequest().authenticated()
			
 
				+			.authorizeHttpRequests(authorize ->
			
 
				+				authorize.anyRequest().authenticated()
			
 
				 			)
			
 
				 			.oauth2Login(oauth2Login ->
			
 
				 				oauth2Login.loginPage("/oauth2/authorization/messaging-client-oidc"))
			
--- a/samples/messages-resource/src/main/java/sample/config/ResourceServerConfig.java
+++ b/samples/messages-resource/src/main/java/sample/config/ResourceServerConfig.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2020-2021 the original author or authors.
			
 
				+ * Copyright 2020-2022 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -31,9 +31,9 @@ public class ResourceServerConfig {
 
				 	@Bean
			
 
				 	SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
			
 
				 		http
			
 
				-			.mvcMatcher("/messages/**")
			
 
				-				.authorizeRequests()
			
 
				-					.mvcMatchers("/messages/**").access("hasAuthority('SCOPE_message.read')")
			
 
				+			.securityMatcher("/messages/**")
			
 
				+				.authorizeHttpRequests()
			
 
				+					.requestMatchers("/messages/**").hasAuthority("SCOPE_message.read")
			
 
				 					.and()
			
 
				 			.oauth2ResourceServer()
			
 
				 				.jwt();