HttpSecurity->ServerHttpSecurity

Issue gh-4615

config/src/main/java/org/springframework/security/config/annotation/web/reactive/HttpSecurityConfiguration.java

@@ -22,14 +22,14 @@ import org.springframework.context.annotation.Scope;
 import org.springframework.core.ReactiveAdapterRegistry;
 import org.springframework.security.authentication.ReactiveAuthenticationManager;
 import org.springframework.security.authentication.UserDetailsRepositoryReactiveAuthenticationManager;
-import org.springframework.security.config.web.server.HttpSecurity;
+import org.springframework.security.config.web.server.ServerHttpSecurity;
 import org.springframework.security.core.userdetails.ReactiveUserDetailsService;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.reactive.result.method.annotation.AuthenticationPrincipalArgumentResolver;
 import org.springframework.web.reactive.config.WebFluxConfigurer;
 import org.springframework.web.reactive.result.method.annotation.ArgumentResolverConfigurer;
 
-import static org.springframework.security.config.web.server.HttpSecurity.http;
+import static org.springframework.security.config.web.server.ServerHttpSecurity.http;
 
 /**
  * @author Rob Winch
@@ -63,7 +63,7 @@ public class HttpSecurityConfiguration implements WebFluxConfigurer {
 
 	@Bean(HTTPSECURITY_BEAN_NAME)
 	@Scope("prototype")
-	public HttpSecurity httpSecurity() {
+	public ServerHttpSecurity httpSecurity() {
 		return http()
 			.authenticationManager(authenticationManager())
 			.headers().and()

config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java

@@ -21,7 +21,7 @@ import org.springframework.context.ApplicationContext;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.annotation.Order;
-import org.springframework.security.config.web.server.HttpSecurity;
+import org.springframework.security.config.web.server.ServerHttpSecurity;
 import org.springframework.security.web.server.SecurityWebFilterChain;
 import org.springframework.security.web.server.WebFilterChainProxy;
 import org.springframework.util.ObjectUtils;
@@ -62,7 +62,7 @@ public class WebFluxSecurityConfiguration {
 	}
 
 	private List<SecurityWebFilterChain> defaultSecurityWebFilterChains() {
-		HttpSecurity http = context.getBean(HttpSecurity.class);
+		ServerHttpSecurity http = context.getBean(ServerHttpSecurity.class);
 		http
 			.authorizeExchange()
 				.anyExchange().authenticated();

config/src/main/java/org/springframework/security/config/web/server/HttpSecurity.java → config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java

@@ -79,7 +79,7 @@ import static org.springframework.security.web.server.DelegatingServerAuthentica
  * @author Rob Winch
  * @since 5.0
  */
-public class HttpSecurity {
+public class ServerHttpSecurity {
 	private ServerWebExchangeMatcher securityMatcher = ServerWebExchangeMatchers.anyExchange();
 
 	private AuthorizeExchangeBuilder authorizeExchangeBuilder;
@@ -108,13 +108,13 @@ public class HttpSecurity {
 	 * @param matcher the ServerExchangeMatcher that determines which requests apply to this HttpSecurity instance.
 	 *                Default is all requests.
 	 */
-	public HttpSecurity securityMatcher(ServerWebExchangeMatcher matcher) {
+	public ServerHttpSecurity securityMatcher(ServerWebExchangeMatcher matcher) {
 		Assert.notNull(matcher, "matcher cannot be null");
 		this.securityMatcher = matcher;
 		return this;
 	}
 
-	public HttpSecurity addFilterAt(WebFilter webFilter, SecurityWebFiltersOrder order) {
+	public ServerHttpSecurity addFilterAt(WebFilter webFilter, SecurityWebFiltersOrder order) {
 		this.webFilters.add(new OrderedWebFilter(webFilter, order.getOrder()));
 		return this;
 	}
@@ -127,7 +127,7 @@ public class HttpSecurity {
 		return this.securityMatcher;
 	}
 
-	public HttpSecurity securityContextRepository(SecurityContextServerRepository securityContextServerRepository) {
+	public ServerHttpSecurity securityContextRepository(SecurityContextServerRepository securityContextServerRepository) {
 		Assert.notNull(securityContextServerRepository, "securityContextRepository cannot be null");
 		this.securityContextServerRepository = securityContextServerRepository;
 		return this;
@@ -168,7 +168,7 @@ public class HttpSecurity {
 		return this.logout;
 	}
 
-	public HttpSecurity authenticationManager(ReactiveAuthenticationManager manager) {
+	public ServerHttpSecurity authenticationManager(ReactiveAuthenticationManager manager) {
 		this.authenticationManager = manager;
 		return this;
 	}
@@ -228,8 +228,8 @@ public class HttpSecurity {
 		return result;
 	}
 
-	public static HttpSecurity http() {
-		return new HttpSecurity();
+	public static ServerHttpSecurity http() {
+		return new ServerHttpSecurity();
 	}
 
 	private WebFilter securityContextRepositoryWebFilter() {
@@ -241,7 +241,7 @@ public class HttpSecurity {
 		return new OrderedWebFilter(result, SecurityWebFiltersOrder.SECURITY_CONTEXT_REPOSITORY.getOrder());
 	}
 
-	private HttpSecurity() {}
+	private ServerHttpSecurity() {}
 
 	/**
 	 * @author Rob Winch
@@ -252,8 +252,8 @@ public class HttpSecurity {
 		private ServerWebExchangeMatcher matcher;
 		private boolean anyExchangeRegistered;
 
-		public HttpSecurity and() {
-			return HttpSecurity.this;
+		public ServerHttpSecurity and() {
+			return ServerHttpSecurity.this;
 		}
 
 		@Override
@@ -275,7 +275,7 @@ public class HttpSecurity {
 			return new Access();
 		}
 
-		protected void configure(HttpSecurity http) {
+		protected void configure(ServerHttpSecurity http) {
 			if(this.matcher != null) {
 				throw new IllegalStateException("The matcher " + this.matcher + " does not have an access rule defined");
 			}
@@ -336,23 +336,23 @@ public class HttpSecurity {
 			return this;
 		}
 
-		public HttpSecurity and() {
-			return HttpSecurity.this;
+		public ServerHttpSecurity and() {
+			return ServerHttpSecurity.this;
 		}
 
-		public HttpSecurity disable() {
-			HttpSecurity.this.httpBasic = null;
-			return HttpSecurity.this;
+		public ServerHttpSecurity disable() {
+			ServerHttpSecurity.this.httpBasic = null;
+			return ServerHttpSecurity.this;
 		}
 
-		protected void configure(HttpSecurity http) {
+		protected void configure(ServerHttpSecurity http) {
 			MediaTypeServerWebExchangeMatcher restMatcher = new MediaTypeServerWebExchangeMatcher(
 				MediaType.APPLICATION_ATOM_XML,
 				MediaType.APPLICATION_FORM_URLENCODED, MediaType.APPLICATION_JSON,
 				MediaType.APPLICATION_OCTET_STREAM, MediaType.APPLICATION_XML,
 				MediaType.MULTIPART_FORM_DATA, MediaType.TEXT_XML);
 			restMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
-			HttpSecurity.this.defaultEntryPoints.add(new DelegateEntry(restMatcher, this.entryPoint));
+			ServerHttpSecurity.this.defaultEntryPoints.add(new DelegateEntry(restMatcher, this.entryPoint));
 			AuthenticationWebFilter authenticationFilter = new AuthenticationWebFilter(
 				this.authenticationManager);
 			authenticationFilter.setServerAuthenticationFailureHandler(new ServerAuthenticationEntryPointFailureHandler(this.entryPoint));
@@ -413,23 +413,23 @@ public class HttpSecurity {
 			return this;
 		}
 
-		public HttpSecurity and() {
-			return HttpSecurity.this;
+		public ServerHttpSecurity and() {
+			return ServerHttpSecurity.this;
 		}
 
-		public HttpSecurity disable() {
-			HttpSecurity.this.formLogin = null;
-			return HttpSecurity.this;
+		public ServerHttpSecurity disable() {
+			ServerHttpSecurity.this.formLogin = null;
+			return ServerHttpSecurity.this;
 		}
 
-		protected void configure(HttpSecurity http) {
+		protected void configure(ServerHttpSecurity http) {
 			if(this.serverAuthenticationEntryPoint == null) {
 				loginPage("/login");
 			}
 			MediaTypeServerWebExchangeMatcher htmlMatcher = new MediaTypeServerWebExchangeMatcher(
 				MediaType.TEXT_HTML);
 			htmlMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
-			HttpSecurity.this.defaultEntryPoints.add(0, new DelegateEntry(htmlMatcher, this.serverAuthenticationEntryPoint));
+			ServerHttpSecurity.this.defaultEntryPoints.add(0, new DelegateEntry(htmlMatcher, this.serverAuthenticationEntryPoint));
 			AuthenticationWebFilter authenticationFilter = new AuthenticationWebFilter(
 				this.authenticationManager);
 			authenticationFilter.setRequiresAuthenticationMatcher(this.requiresAuthenticationMatcher);
@@ -461,8 +461,8 @@ public class HttpSecurity {
 
 		private XXssProtectionServerHttpHeadersWriter xss = new XXssProtectionServerHttpHeadersWriter();
 
-		public HttpSecurity and() {
-			return HttpSecurity.this;
+		public ServerHttpSecurity and() {
+			return ServerHttpSecurity.this;
 		}
 
 		public CacheSpec cache() {
@@ -481,7 +481,7 @@ public class HttpSecurity {
 			return new HstsSpec();
 		}
 
-		protected void configure(HttpSecurity http) {
+		protected void configure(ServerHttpSecurity http) {
 			ServerHttpHeadersWriter writer = new CompositeServerHttpHeadersWriter(this.writers);
 			HttpHeaderWriterWebFilter result = new HttpHeaderWriterWebFilter(writer);
 			http.addFilterAt(result, SecurityWebFiltersOrder.HTTP_HEADERS_WRITER);
@@ -575,21 +575,21 @@ public class HttpSecurity {
 			return this;
 		}
 
-		public HttpSecurity disable() {
-			HttpSecurity.this.logout = null;
+		public ServerHttpSecurity disable() {
+			ServerHttpSecurity.this.logout = null;
 			return and();
 		}
 
-		public HttpSecurity and() {
-			return HttpSecurity.this;
+		public ServerHttpSecurity and() {
+			return ServerHttpSecurity.this;
 		}
 
-		public void configure(HttpSecurity http) {
+		public void configure(ServerHttpSecurity http) {
 			LogoutWebFilter logoutWebFilter = createLogoutWebFilter(http);
 			http.addFilterAt(logoutWebFilter, SecurityWebFiltersOrder.LOGOUT);
 		}
 
-		private LogoutWebFilter createLogoutWebFilter(HttpSecurity http) {
+		private LogoutWebFilter createLogoutWebFilter(ServerHttpSecurity http) {
 			LogoutWebFilter logoutWebFilter = new LogoutWebFilter();
 			logoutWebFilter.setServerLogoutHandler(this.serverLogoutHandler);
 			logoutWebFilter.setRequiresLogout(this.requiresLogout);

config/src/test/groovy/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.groovy

@@ -40,7 +40,7 @@ import spock.lang.Unroll;
  * @author Rob Winch
  *
  */
-public class HttpSecurityTests extends BaseSpringSpec {
+public class ServerHttpSecurityTests extends BaseSpringSpec {
 	def "addFilter with unregistered Filter"() {
 		when:
 			loadConfig(UnregisteredFilterConfig)

config/src/test/java/org/springframework/security/config/annotation/web/HttpSecurityHeadersTests.java → config/src/test/java/org/springframework/security/config/annotation/web/ServerHttpSecurityHeadersTests.java

@@ -48,7 +48,7 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration
 @WebAppConfiguration
-public class HttpSecurityHeadersTests {
+public class ServerHttpSecurityHeadersTests {
 	@Autowired
 	WebApplicationContext wac;
 	@Autowired

config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityAntMatchersTests.java → config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServerHttpSecurityAntMatchersTests.java

@@ -39,7 +39,7 @@ import org.springframework.web.context.support.AnnotationConfigWebApplicationCon
  * @author Rob Winch
  *
  */
-public class HttpSecurityAntMatchersTests {
+public class ServerHttpSecurityAntMatchersTests {
 	AnnotationConfigWebApplicationContext context;
 
 	MockHttpServletRequest request;

config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java → config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServerHttpSecurityLogoutTests.java

@@ -40,7 +40,7 @@ import org.springframework.web.context.support.AnnotationConfigWebApplicationCon
  * @author Rob Winch
  *
  */
-public class HttpSecurityLogoutTests {
+public class ServerHttpSecurityLogoutTests {
 	AnnotationConfigWebApplicationContext context;
 
 	MockHttpServletRequest request;

config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityRequestMatchersTests.java → config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServerHttpSecurityRequestMatchersTests.java

@@ -43,7 +43,7 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @author Rob Winch
  *
  */
-public class HttpSecurityRequestMatchersTests {
+public class ServerHttpSecurityRequestMatchersTests {
 	AnnotationConfigWebApplicationContext context;
 
 	MockHttpServletRequest request;
@@ -268,4 +268,4 @@ public class HttpSecurityRequestMatchersTests {
 
 		this.context.getAutowireCapableBeanFactory().autowireBean(this);
 	}
-}
+}

config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java

@@ -26,7 +26,7 @@ import org.springframework.core.annotation.Order;
 import org.springframework.core.io.buffer.DataBuffer;
 import org.springframework.core.io.buffer.DefaultDataBufferFactory;
 import org.springframework.security.authentication.TestingAuthenticationToken;
-import org.springframework.security.config.web.server.HttpSecurity;
+import org.springframework.security.config.web.server.ServerHttpSecurity;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
 import org.springframework.security.core.userdetails.User;
@@ -234,7 +234,7 @@ public class EnableWebFluxSecurityTests {
 	}
 
 	@RunWith(SpringRunner.class)
-	public static class MultiHttpSecurity {
+	public static class MultiServerHttpSecurity {
 		@Autowired WebFilterChainProxy springSecurityFilterChain;
 
 		@Test
@@ -257,7 +257,7 @@ public class EnableWebFluxSecurityTests {
 		static class Config {
 			@Order(Ordered.HIGHEST_PRECEDENCE)
 			@Bean
-			public SecurityWebFilterChain apiHttpSecurity(HttpSecurity http) {
+			public SecurityWebFilterChain apiHttpSecurity(ServerHttpSecurity http) {
 				http
 					.securityMatcher(new PathPatternParserServerWebExchangeMatcher("/api/**"))
 					.authorizeExchange()
@@ -266,7 +266,7 @@ public class EnableWebFluxSecurityTests {
 			}
 
 			@Bean
-			public SecurityWebFilterChain httpSecurity(HttpSecurity http) {
+			public SecurityWebFilterChain httpSecurity(ServerHttpSecurity http) {
 				return http.build();
 			}
 

config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java → config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomServerHttpSecurityConfigurerTests.java

@@ -42,7 +42,7 @@ import org.springframework.security.web.FilterChainProxy;
  * @author Rob Winch
  *
  */
-public class CustomHttpSecurityConfigurerTests {
+public class CustomServerHttpSecurityConfigurerTests {
 	@Autowired
 	ConfigurableApplicationContext context;
 

config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeBuilderTests.java

@@ -19,7 +19,6 @@ package org.springframework.security.config.web.server;
 import org.junit.Test;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.test.web.reactive.server.WebTestClientBuilder;
-import org.springframework.security.web.server.authorization.ExceptionTranslationWebFilter;
 import org.springframework.test.web.reactive.server.WebTestClient;
 
 /**
@@ -27,8 +26,8 @@ import org.springframework.test.web.reactive.server.WebTestClient;
  * @since 5.0
  */
 public class AuthorizeExchangeBuilderTests {
-	HttpSecurity http = HttpSecurity.http();
-	HttpSecurity.AuthorizeExchangeBuilder authorization = this.http.authorizeExchange();
+	ServerHttpSecurity http = ServerHttpSecurity.http();
+	ServerHttpSecurity.AuthorizeExchangeBuilder authorization = this.http.authorizeExchange();
 
 	@Test
 	public void antMatchersWhenMethodAndPatternsThenDiscriminatesByMethod() {

config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java

@@ -43,7 +43,7 @@ import static org.assertj.core.api.Assertions.assertThat;
  */
 public class FormLoginTests {
 	private UserDetails user = User.withUsername("user").password("password").roles("USER").build();
-	private HttpSecurity http = HttpSecurity.http();
+	private ServerHttpSecurity http = ServerHttpSecurity.http();
 
 	ReactiveAuthenticationManager manager = new UserDetailsRepositoryReactiveAuthenticationManager(new MapReactiveUserDetailsService(this.user));
 

config/src/test/java/org/springframework/security/config/web/server/HeaderBuilderTests.java

@@ -41,7 +41,7 @@ import static org.assertj.core.api.AssertionsForInterfaceTypes.assertThat;
  */
 public class HeaderBuilderTests {
 
-	HttpSecurity.HeaderBuilder headers = HttpSecurity.http().headers();
+	ServerHttpSecurity.HeaderBuilder headers = ServerHttpSecurity.http().headers();
 
 	HttpHeaders expectedHeaders = new HttpHeaders();
 

config/src/test/java/org/springframework/security/config/web/server/LogoutBuilderTests.java

@@ -35,7 +35,7 @@ import org.springframework.security.test.web.reactive.server.WebTestClientBuilde
 public class LogoutBuilderTests {
 
 	private UserDetails user = User.withUsername("user").password("password").roles("USER").build();
-	private HttpSecurity http = HttpSecurity.http();
+	private ServerHttpSecurity http = ServerHttpSecurity.http();
 
 	ReactiveAuthenticationManager manager = new UserDetailsRepositoryReactiveAuthenticationManager(new MapReactiveUserDetailsService(this.user));
 

config/src/test/java/org/springframework/security/config/web/server/HttpSecurityTests.java → config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java

@@ -44,16 +44,16 @@ import static org.springframework.web.reactive.function.client.ExchangeFilterFun
  * @since 5.0
  */
 @RunWith(MockitoJUnitRunner.class)
-public class HttpSecurityTests {
+public class ServerHttpSecurityTests {
 	@Mock SecurityContextServerRepository contextRepository;
 	@Mock
 	ReactiveAuthenticationManager authenticationManager;
 
-	HttpSecurity http;
+	ServerHttpSecurity http;
 
 	@Before
 	public void setup() {
-		this.http = HttpSecurity.http().headers().and();
+		this.http = ServerHttpSecurity.http().headers().and();
 	}
 
 	@Test
@@ -80,7 +80,7 @@ public class HttpSecurityTests {
 		this.http.securityContextRepository(new WebSessionSecurityContextServerRepository());
 		this.http.httpBasic();
 		this.http.authenticationManager(this.authenticationManager);
-		HttpSecurity.AuthorizeExchangeBuilder authorize = this.http.authorizeExchange();
+		ServerHttpSecurity.AuthorizeExchangeBuilder authorize = this.http.authorizeExchange();
 		authorize.anyExchange().authenticated();
 
 		WebTestClient client = buildClient();

samples/javaconfig/hellowebflux-method/src/main/java/sample/SecurityConfig.java

@@ -20,7 +20,7 @@ import org.springframework.context.annotation.Bean;
 import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;
 import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
 import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
-import org.springframework.security.config.web.server.HttpSecurity;
+import org.springframework.security.config.web.server.ServerHttpSecurity;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.web.server.SecurityWebFilterChain;
@@ -34,7 +34,7 @@ import org.springframework.security.web.server.SecurityWebFilterChain;
 public class SecurityConfig {
 
 	@Bean
-	SecurityWebFilterChain springWebFilterChain(HttpSecurity http) throws Exception {
+	SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception {
 		return http
 			// we rely on method security
 			.authorizeExchange()