首页 发现 帮助
注册 登录
github
/
spring-authorization-server
镜像自地址 https://github.com/spring-projects/spring-authorization-server
2
0
派生 0
文件 工单管理 0 Wiki
浏览代码

Use securityMatcher() and authorizeHttpRequests()

Closes gh-922
Joe Grandja 2 年之前
父节点
411bf63bc3
当前提交
64d26a42a0
共有 17 个文件被更改,包括 70 次插入70 次删除
合并视图 显示文件统计
  1. 2 2
      docs/src/docs/asciidoc/examples/src/main/java/sample/userinfo/jwt/JwtUserInfoMapperSecurityConfig.java
  2. 3 3
      oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configuration/OAuth2AuthorizationServerConfiguration.java
  3. 12 12
      oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationCodeGrantTests.java
  4. 3 3
      oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerMetadataTests.java
  5. 6 6
      oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2ClientCredentialsGrantTests.java
  6. 3 3
      oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2TokenIntrospectionTests.java
  7. 3 3
      oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2TokenRevocationTests.java
  8. 3 3
      oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcClientRegistrationTests.java
  9. 3 3
      oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcProviderConfigurationTests.java
  10. 3 3
      oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcTests.java
  11. 9 9
      oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcUserInfoTests.java
  12. 3 3
      samples/custom-consent-authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java
  13. 3 3
      samples/custom-consent-authorizationserver/src/main/java/sample/config/DefaultSecurityConfig.java
  14. 3 3
      samples/default-authorizationserver/src/main/java/sample/config/DefaultSecurityConfig.java
  15. 3 3
      samples/federated-identity-authorizationserver/src/main/java/sample/config/DefaultSecurityConfig.java
  16. 4 4
      samples/messages-client/src/main/java/sample/config/SecurityConfig.java
  17. 4 4
      samples/messages-resource/src/main/java/sample/config/ResourceServerConfig.java

+ 2 - 2
docs/src/docs/asciidoc/examples/src/main/java/sample/userinfo/jwt/JwtUserInfoMapperSecurityConfig.java
查看文件 

@@ -83,8 +83,8 @@ public class JwtUserInfoMapperSecurityConfig {
 
 				)
 
 				)
 
 			);
 
 			);
 
 		http
 
 		http
 
-			.requestMatcher(endpointsMatcher)
 
-			.authorizeRequests((authorize) -> authorize
 
+			.securityMatcher(endpointsMatcher)
 
+			.authorizeHttpRequests((authorize) -> authorize
 
 				.anyRequest().authenticated()
 
 				.anyRequest().authenticated()
 
 			)
 
 			)
 
 			.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
 
 			.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))

+ 3 - 3
oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configuration/OAuth2AuthorizationServerConfiguration.java
查看文件 

@@ -63,9 +63,9 @@ public class OAuth2AuthorizationServerConfiguration {
 
 				.getEndpointsMatcher();
 
 				.getEndpointsMatcher();
 
 
 
 		http
 
 		http
 
-			.requestMatcher(endpointsMatcher)
 
-			.authorizeRequests(authorizeRequests ->
 
-				authorizeRequests.anyRequest().authenticated()
 
+			.securityMatcher(endpointsMatcher)
 
+			.authorizeHttpRequests(authorize ->
 
+				authorize.anyRequest().authenticated()
 
 			)
 
 			)
 
 			.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
 
 			.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
 
 			.apply(authorizationServerConfigurer);
 
 			.apply(authorizationServerConfigurer);

+ 12 - 12
oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationCodeGrantTests.java
查看文件 

@@ -843,9 +843,9 @@ public class OAuth2AuthorizationCodeGrantTests {
 
 			RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher();
 
 			RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher();
 
 
 
 			http
 
 			http
 
-					.requestMatcher(endpointsMatcher)
 
-					.authorizeRequests(authorizeRequests ->
 
-							authorizeRequests.anyRequest().authenticated()
 
+					.securityMatcher(endpointsMatcher)
 
+					.authorizeHttpRequests(authorize ->
 
+							authorize.anyRequest().authenticated()
 
 					)
 
 					)
 
 					.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
 
 					.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
 
 					.securityContext(securityContext ->
 
 					.securityContext(securityContext ->
 
@@ -905,9 +905,9 @@ public class OAuth2AuthorizationCodeGrantTests {
 
 			RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher();
 
 			RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher();
 
 
 
 			http
 
 			http
 
-					.requestMatcher(endpointsMatcher)
 
-					.authorizeRequests(authorizeRequests ->
 
-							authorizeRequests.anyRequest().authenticated()
 
+					.securityMatcher(endpointsMatcher)
 
+					.authorizeHttpRequests(authorize ->
 
+							authorize.anyRequest().authenticated()
 
 					)
 
 					)
 
 					.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
 
 					.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
 
 					.apply(authorizationServerConfigurer);
 
 					.apply(authorizationServerConfigurer);
 
@@ -938,9 +938,9 @@ public class OAuth2AuthorizationCodeGrantTests {
 
 			RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher();
 
 			RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher();
 
 
 
 			http
 
 			http
 
-					.requestMatcher(endpointsMatcher)
 
-					.authorizeRequests(authorizeRequests ->
 
-							authorizeRequests.anyRequest().authenticated()
 
+					.securityMatcher(endpointsMatcher)
 
+					.authorizeHttpRequests(authorize ->
 
+							authorize.anyRequest().authenticated()
 
 					)
 
 					)
 
 					.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
 
 					.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
 
 					.apply(authorizationServerConfigurer);
 
 					.apply(authorizationServerConfigurer);
 
@@ -1029,9 +1029,9 @@ public class OAuth2AuthorizationCodeGrantTests {
 
 			RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher();
 
 			RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher();
 
 
 
 			http
 
 			http
 
-					.requestMatcher(endpointsMatcher)
 
-					.authorizeRequests(authorizeRequests ->
 
-							authorizeRequests.anyRequest().authenticated()
 
+					.securityMatcher(endpointsMatcher)
 
+					.authorizeHttpRequests(authorize ->
 
+							authorize.anyRequest().authenticated()
 
 					)
 
 					)
 
 					.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
 
 					.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
 
 					.apply(authorizationServerConfigurer);
 
 					.apply(authorizationServerConfigurer);

+ 3 - 3
oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerMetadataTests.java
查看文件 

@@ -178,9 +178,9 @@ public class OAuth2AuthorizationServerMetadataTests {
 
 			RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher();
 
 			RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher();
 
 
 
 			http
 
 			http
 
-					.requestMatcher(endpointsMatcher)
 
-					.authorizeRequests(authorizeRequests ->
 
-							authorizeRequests.anyRequest().authenticated()
 
+					.securityMatcher(endpointsMatcher)
 
+					.authorizeHttpRequests(authorize ->
 
+							authorize.anyRequest().authenticated()
 
 					)
 
 					)
 
 					.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher));
 
 					.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher));

+ 6 - 6
oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2ClientCredentialsGrantTests.java
查看文件 

@@ -415,9 +415,9 @@ public class OAuth2ClientCredentialsGrantTests {
 
 			RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher();
 
 			RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher();
 
 
 
 			http
 
 			http
 
-					.requestMatcher(endpointsMatcher)
 
-					.authorizeRequests(authorizeRequests ->
 
-							authorizeRequests.anyRequest().authenticated()
 
+					.securityMatcher(endpointsMatcher)
 
+					.authorizeHttpRequests(authorize ->
 
+							authorize.anyRequest().authenticated()
 
 					)
 
 					)
 
 					.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
 
 					.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
 
 					.apply(authorizationServerConfigurer);
 
 					.apply(authorizationServerConfigurer);
 
@@ -447,9 +447,9 @@ public class OAuth2ClientCredentialsGrantTests {
 
 			RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher();
 
 			RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher();
 
 
 
 			http
 
 			http
 
-					.requestMatcher(endpointsMatcher)
 
-					.authorizeRequests(authorizeRequests ->
 
-							authorizeRequests.anyRequest().authenticated()
 
+					.securityMatcher(endpointsMatcher)
 
+					.authorizeHttpRequests(authorize ->
 
+							authorize.anyRequest().authenticated()
 
 					)
 
 					)
 
 					.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
 
 					.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
 
 					.apply(authorizationServerConfigurer);
 
 					.apply(authorizationServerConfigurer);

+ 3 - 3
oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2TokenIntrospectionTests.java
查看文件 

@@ -519,9 +519,9 @@ public class OAuth2TokenIntrospectionTests {
 
 			RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher();
 
 			RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher();
 
 
 
 			http
 
 			http
 
-					.requestMatcher(endpointsMatcher)
 
-					.authorizeRequests(authorizeRequests ->
 
-							authorizeRequests.anyRequest().authenticated()
 
+					.securityMatcher(endpointsMatcher)
 
+					.authorizeHttpRequests(authorize ->
 
+							authorize.anyRequest().authenticated()
 
 					)
 
 					)
 
 					.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
 
 					.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
 
 					.apply(authorizationServerConfigurer);
 
 					.apply(authorizationServerConfigurer);

+ 3 - 3
oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2TokenRevocationTests.java
查看文件 

@@ -339,9 +339,9 @@ public class OAuth2TokenRevocationTests {
 
 			RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher();
 
 			RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher();
 
 
 
 			http
 
 			http
 
-					.requestMatcher(endpointsMatcher)
 
-					.authorizeRequests(authorizeRequests ->
 
-							authorizeRequests.anyRequest().authenticated()
 
+					.securityMatcher(endpointsMatcher)
 
+					.authorizeHttpRequests(authorize ->
 
+							authorize.anyRequest().authenticated()
 
 					)
 
 					)
 
 					.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
 
 					.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
 
 					.apply(authorizationServerConfigurer);
 
 					.apply(authorizationServerConfigurer);

+ 3 - 3
oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcClientRegistrationTests.java
查看文件 

@@ -366,9 +366,9 @@ public class OidcClientRegistrationTests {
 
 			RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher();
 
 			RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher();
 
 
 
 			http
 
 			http
 
-					.requestMatcher(endpointsMatcher)
 
-					.authorizeRequests(authorizeRequests ->
 
-							authorizeRequests.anyRequest().authenticated()
 
+					.securityMatcher(endpointsMatcher)
 
+					.authorizeHttpRequests(authorize ->
 
+							authorize.anyRequest().authenticated()
 
 					)
 
 					)
 
 					.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
 
 					.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
 
 					.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt)
 
 					.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt)

+ 3 - 3
oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcProviderConfigurationTests.java
查看文件 

@@ -235,9 +235,9 @@ public class OidcProviderConfigurationTests {
 
 			RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher();
 
 			RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher();
 
 
 
 			http
 
 			http
 
-					.requestMatcher(endpointsMatcher)
 
-					.authorizeRequests(authorizeRequests ->
 
-							authorizeRequests.anyRequest().authenticated()
 
+					.securityMatcher(endpointsMatcher)
 
+					.authorizeHttpRequests(authorize ->
 
+							authorize.anyRequest().authenticated()
 
 					)
 
 					)
 
 					.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher));
 
 					.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher));

+ 3 - 3
oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcTests.java
查看文件 

@@ -367,9 +367,9 @@ public class OidcTests {
 
 			RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher();
 
 			RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher();
 
 
 
 			http
 
 			http
 
-					.requestMatcher(endpointsMatcher)
 
-					.authorizeRequests(authorizeRequests ->
 
-							authorizeRequests.anyRequest().authenticated()
 
+					.securityMatcher(endpointsMatcher)
 
+					.authorizeHttpRequests(authorize ->
 
+							authorize.anyRequest().authenticated()
 
 					)
 
 					)
 
 					.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher));
 
 					.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher));

+ 9 - 9
oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcUserInfoTests.java
查看文件 

@@ -280,9 +280,9 @@ public class OidcUserInfoTests {
 
 
 
 			// @formatter:off
 
 			// @formatter:off
 
 			http
 
 			http
 
-				.requestMatcher(endpointsMatcher)
 
-				.authorizeRequests(authorizeRequests ->
 
-					authorizeRequests.anyRequest().authenticated()
 
+				.securityMatcher(endpointsMatcher)
 
+				.authorizeHttpRequests(authorize ->
 
+					authorize.anyRequest().authenticated()
 
 				)
 
 				)
 
 				.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
 
 				.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
 
 				.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt)
 
 				.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt)
 
@@ -311,9 +311,9 @@ public class OidcUserInfoTests {
 
 
 
 			// @formatter:off
 
 			// @formatter:off
 
 			http
 
 			http
 
-				.requestMatcher(endpointsMatcher)
 
-				.authorizeRequests(authorizeRequests ->
 
-					authorizeRequests.anyRequest().authenticated()
 
+				.securityMatcher(endpointsMatcher)
 
+				.authorizeHttpRequests(authorize ->
 
+					authorize.anyRequest().authenticated()
 
 				)
 
 				)
 
 				.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
 
 				.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
 
 				.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt)
 
 				.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt)
 
@@ -338,9 +338,9 @@ public class OidcUserInfoTests {
 
 
 
 			// @formatter:off
 
 			// @formatter:off
 
 			http
 
 			http
 
-				.requestMatcher(endpointsMatcher)
 
-				.authorizeRequests(authorizeRequests ->
 
-					authorizeRequests.anyRequest().authenticated()
 
+				.securityMatcher(endpointsMatcher)
 
+				.authorizeHttpRequests(authorize ->
 
+					authorize.anyRequest().authenticated()
 
 				)
 
 				)
 
 				.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
 
 				.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
 
 				.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt)
 
 				.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt)

+ 3 - 3
samples/custom-consent-authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java
查看文件 

@@ -67,9 +67,9 @@ public class AuthorizationServerConfig {
 
 				.getEndpointsMatcher();
 
 				.getEndpointsMatcher();
 
 
 
 		http
 
 		http
 
-			.requestMatcher(endpointsMatcher)
 
-			.authorizeRequests(authorizeRequests ->
 
-				authorizeRequests.anyRequest().authenticated()
 
+			.securityMatcher(endpointsMatcher)
 
+			.authorizeHttpRequests(authorize ->
 
+				authorize.anyRequest().authenticated()
 
 			)
 
 			)
 
 			.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
 
 			.csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher))
 
 			.exceptionHandling(exceptions ->
 
 			.exceptionHandling(exceptions ->

+ 3 - 3
samples/custom-consent-authorizationserver/src/main/java/sample/config/DefaultSecurityConfig.java
查看文件 

@@ -1,5 +1,5 @@
 
 /*
 
 /*
 
- * Copyright 2020-2021 the original author or authors.
 
+ * Copyright 2020-2022 the original author or authors.
 
  *
 
  *
 
  * Licensed under the Apache License, Version 2.0 (the "License");
 
  * Licensed under the Apache License, Version 2.0 (the "License");
 
  * you may not use this file except in compliance with the License.
 
  * you may not use this file except in compliance with the License.
 
@@ -36,8 +36,8 @@ public class DefaultSecurityConfig {
 
 	@Bean
 
 	@Bean
 
 	SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
 
 	SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
 
 		http
 
 		http
 
-			.authorizeRequests(authorizeRequests ->
 
-				authorizeRequests.anyRequest().authenticated()
 
+			.authorizeHttpRequests(authorize ->
 
+				authorize.anyRequest().authenticated()
 
 			)
 
 			)
 
 			.formLogin(withDefaults());
 
 			.formLogin(withDefaults());
 
 		return http.build();
 
 		return http.build();

+ 3 - 3
samples/default-authorizationserver/src/main/java/sample/config/DefaultSecurityConfig.java
查看文件 

@@ -1,5 +1,5 @@
 
 /*
 
 /*
 
- * Copyright 2020-2021 the original author or authors.
 
+ * Copyright 2020-2022 the original author or authors.
 
  *
 
  *
 
  * Licensed under the Apache License, Version 2.0 (the "License");
 
  * Licensed under the Apache License, Version 2.0 (the "License");
 
  * you may not use this file except in compliance with the License.
 
  * you may not use this file except in compliance with the License.
 
@@ -37,8 +37,8 @@ public class DefaultSecurityConfig {
 
 	@Bean
 
 	@Bean
 
 	SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
 
 	SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
 
 		http
 
 		http
 
-			.authorizeRequests(authorizeRequests ->
 
-				authorizeRequests.anyRequest().authenticated()
 
+			.authorizeHttpRequests(authorize ->
 
+				authorize.anyRequest().authenticated()
 
 			)
 
 			)
 
 			.formLogin(withDefaults());
 
 			.formLogin(withDefaults());
 
 		return http.build();
 
 		return http.build();

+ 3 - 3
samples/federated-identity-authorizationserver/src/main/java/sample/config/DefaultSecurityConfig.java
查看文件 

@@ -41,9 +41,9 @@ public class DefaultSecurityConfig {
 
 		FederatedIdentityConfigurer federatedIdentityConfigurer = new FederatedIdentityConfigurer()
 
 		FederatedIdentityConfigurer federatedIdentityConfigurer = new FederatedIdentityConfigurer()
 
 			.oauth2UserHandler(new UserRepositoryOAuth2UserHandler());
 
 			.oauth2UserHandler(new UserRepositoryOAuth2UserHandler());
 
 		http
 
 		http
 
-			.authorizeRequests(authorizeRequests ->
 
-				authorizeRequests
 
-					.mvcMatchers("/assets/**", "/webjars/**", "/login").permitAll()
 
+			.authorizeHttpRequests(authorize ->
 
+				authorize
 
+					.requestMatchers("/assets/**", "/webjars/**", "/login").permitAll()
 
 					.anyRequest().authenticated()
 
 					.anyRequest().authenticated()
 
 			)
 
 			)
 
 			.formLogin(Customizer.withDefaults())
 
 			.formLogin(Customizer.withDefaults())

+ 4 - 4
samples/messages-client/src/main/java/sample/config/SecurityConfig.java
查看文件 

@@ -1,5 +1,5 @@
 
 /*
 
 /*
 
- * Copyright 2020-2021 the original author or authors.
 
+ * Copyright 2020-2022 the original author or authors.
 
  *
 
  *
 
  * Licensed under the Apache License, Version 2.0 (the "License");
 
  * Licensed under the Apache License, Version 2.0 (the "License");
 
  * you may not use this file except in compliance with the License.
 
  * you may not use this file except in compliance with the License.
 
@@ -32,15 +32,15 @@ public class SecurityConfig {
 
 
 
 	@Bean
 
 	@Bean
 
 	WebSecurityCustomizer webSecurityCustomizer() {
 
 	WebSecurityCustomizer webSecurityCustomizer() {
 
-		return (web) -> web.ignoring().antMatchers("/webjars/**");
 
+		return (web) -> web.ignoring().requestMatchers("/webjars/**");
 
 	}
 
 	}
 
 
 
 	// @formatter:off
 
 	// @formatter:off
 
 	@Bean
 
 	@Bean
 
 	SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
 
 	SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
 
 		http
 
 		http
 
-			.authorizeRequests(authorizeRequests ->
 
-				authorizeRequests.anyRequest().authenticated()
 
+			.authorizeHttpRequests(authorize ->
 
+				authorize.anyRequest().authenticated()
 
 			)
 
 			)
 
 			.oauth2Login(oauth2Login ->
 
 			.oauth2Login(oauth2Login ->
 
 				oauth2Login.loginPage("/oauth2/authorization/messaging-client-oidc"))
 
 				oauth2Login.loginPage("/oauth2/authorization/messaging-client-oidc"))

+ 4 - 4
samples/messages-resource/src/main/java/sample/config/ResourceServerConfig.java
查看文件 

@@ -1,5 +1,5 @@
 
 /*
 
 /*
 
- * Copyright 2020-2021 the original author or authors.
 
+ * Copyright 2020-2022 the original author or authors.
 
  *
 
  *
 
  * Licensed under the Apache License, Version 2.0 (the "License");
 
  * Licensed under the Apache License, Version 2.0 (the "License");
 
  * you may not use this file except in compliance with the License.
 
  * you may not use this file except in compliance with the License.
 
@@ -31,9 +31,9 @@ public class ResourceServerConfig {
 
 	@Bean
 
 	@Bean
 
 	SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
 
 	SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
 
 		http
 
 		http
 
-			.mvcMatcher("/messages/**")
 
-				.authorizeRequests()
 
-					.mvcMatchers("/messages/**").access("hasAuthority('SCOPE_message.read')")
 
+			.securityMatcher("/messages/**")
 
+				.authorizeHttpRequests()
 
+					.requestMatchers("/messages/**").hasAuthority("SCOPE_message.read")
 
 					.and()
 
 					.and()
 
 			.oauth2ResourceServer()
 
 			.oauth2ResourceServer()
 
 				.jwt();
 
 				.jwt();