Use http security nested builder in samples

Issue: gh-5557

samples/boot/helloworld/src/main/java/org/springframework/security/samples/config/SecurityConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -32,11 +32,16 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-				.authorizeRequests()
-					.antMatchers("/css/**", "/index").permitAll()
-					.antMatchers("/user/**").hasRole("USER")
-					.and()
-				.formLogin().loginPage("/login").failureUrl("/login-error");
+				.authorizeRequests(authorizeRequests ->
+					authorizeRequests
+						.antMatchers("/css/**", "/index").permitAll()
+						.antMatchers("/user/**").hasRole("USER")
+				)
+				.formLogin(formLogin ->
+					formLogin
+						.loginPage("/login")
+						.failureUrl("/login-error")
+				);
 	}
 	// @formatter:on
 

samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2018 the original author or authors.
+ * Copyright 2002-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -358,15 +358,21 @@ public class OAuth2LoginApplicationTests {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.oauth2Login()
-					.tokenEndpoint()
-						.accessTokenResponseClient(this.mockAccessTokenResponseClient())
-						.and()
-					.userInfoEndpoint()
-						.userService(this.mockUserService());
+				.authorizeRequests(authorizeRequests ->
+					authorizeRequests
+						.anyRequest().authenticated()
+				)
+				.oauth2Login(oauth2Login ->
+					oauth2Login
+						.tokenEndpoint(tokenEndpoint ->
+							tokenEndpoint
+								.accessTokenResponseClient(this.mockAccessTokenResponseClient())
+						)
+						.userInfoEndpoint(userInfoEndpoint ->
+							userInfoEndpoint
+								.userService(this.mockUserService())
+						)
+				);
 		}
 		// @formatter:on
 

samples/boot/oauth2resourceserver-jwe/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2018 the original author or authors.
+ * Copyright 2002-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -46,6 +46,8 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 import org.springframework.security.oauth2.jwt.JwtDecoder;
 import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
 
+import static org.springframework.security.config.Customizer.withDefaults;
+
 /**
  * @author Josh Cummings
  */
@@ -66,12 +68,15 @@ public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfig
 	protected void configure(HttpSecurity http) throws Exception {
 		// @formatter:off
 		http
-			.authorizeRequests()
-				.antMatchers("/message/**").hasAuthority("SCOPE_message:read")
-				.anyRequest().authenticated()
-				.and()
-			.oauth2ResourceServer()
-				.jwt();
+			.authorizeRequests(authorizeRequests ->
+				authorizeRequests
+					.antMatchers("/message/**").hasAuthority("SCOPE_message:read")
+					.anyRequest().authenticated()
+			)
+			.oauth2ResourceServer(oauth2ResourceServer ->
+				oauth2ResourceServer
+					.jwt(withDefaults())
+			);
 		// @formatter:on
 	}
 

samples/boot/oauth2resourceserver-multitenancy/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java

@@ -51,12 +51,15 @@ public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfig
 	protected void configure(HttpSecurity http) throws Exception {
 		// @formatter:off
 		http
-			.authorizeRequests()
-				.antMatchers("/**/message/**").hasAuthority("SCOPE_message:read")
-				.anyRequest().authenticated()
-				.and()
-			.oauth2ResourceServer()
-				.authenticationManagerResolver(multitenantAuthenticationManager());
+			.authorizeRequests(authorizeRequests ->
+				authorizeRequests
+					.antMatchers("/**/message/**").hasAuthority("SCOPE_message:read")
+					.anyRequest().authenticated()
+			)
+			.oauth2ResourceServer(oauth2ResourceServer ->
+				oauth2ResourceServer
+					.authenticationManagerResolver(multitenantAuthenticationManager())
+			);
 		// @formatter:on
 	}
 

samples/boot/oauth2resourceserver-opaque/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java

@@ -34,14 +34,19 @@ public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfig
 	protected void configure(HttpSecurity http) throws Exception {
 		// @formatter:off
 		http
-			.authorizeRequests()
-				.mvcMatchers("/message/**").hasAuthority("SCOPE_message:read")
-				.anyRequest().authenticated()
-				.and()
-			.oauth2ResourceServer()
-				.opaqueToken()
-					.introspectionUri(this.introspectionUri)
-					.introspectionClientCredentials(this.clientId, this.clientSecret);
+			.authorizeRequests(authorizeRequests ->
+				authorizeRequests
+					.mvcMatchers("/message/**").hasAuthority("SCOPE_message:read")
+					.anyRequest().authenticated()
+			)
+			.oauth2ResourceServer(oauth2ResourceServer ->
+				oauth2ResourceServer
+					.opaqueToken(opaqueToken ->
+						opaqueToken
+							.introspectionUri(this.introspectionUri)
+							.introspectionClientCredentials(this.clientId, this.clientSecret)
+					)
+			);
 		// @formatter:on
 	}
 }

samples/boot/oauth2resourceserver-static/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java

@@ -38,13 +38,17 @@ public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfig
 	protected void configure(HttpSecurity http) throws Exception {
 		// @formatter:off
 		http
-			.authorizeRequests()
-				.antMatchers("/message/**").hasAuthority("SCOPE_message:read")
-				.anyRequest().authenticated()
-				.and()
-			.oauth2ResourceServer()
-				.jwt()
-					.decoder(jwtDecoder());
+			.authorizeRequests(authorizeRequests ->
+				authorizeRequests
+					.antMatchers("/message/**").hasAuthority("SCOPE_message:read")
+					.anyRequest().authenticated()
+			)
+			.oauth2ResourceServer(oauth2ResourceServer ->
+				oauth2ResourceServer
+					.jwt(jwt ->
+						jwt.decoder(jwtDecoder())
+					)
+			);
 		// @formatter:on
 	}
 

samples/boot/oauth2resourceserver/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2018 the original author or authors.
+ * Copyright 2002-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,6 +19,8 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 
+import static org.springframework.security.config.Customizer.withDefaults;
+
 /**
  * @author Josh Cummings
  */
@@ -29,12 +31,15 @@ public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfig
 	protected void configure(HttpSecurity http) throws Exception {
 		// @formatter:off
 		http
-			.authorizeRequests()
-				.antMatchers("/message/**").hasAuthority("SCOPE_message:read")
-				.anyRequest().authenticated()
-				.and()
-			.oauth2ResourceServer()
-				.jwt();
+			.authorizeRequests(authorizeRequests ->
+				authorizeRequests
+					.antMatchers("/message/**").hasAuthority("SCOPE_message:read")
+					.anyRequest().authenticated()
+			)
+			.oauth2ResourceServer(oauth2ResourceServer ->
+				oauth2ResourceServer
+					.jwt(withDefaults())
+			);
 		// @formatter:on
 	}
 }

samples/boot/oauth2webclient/src/main/java/sample/config/SecurityConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2018 the original author or authors.
+ * Copyright 2002-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -24,6 +24,8 @@ import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 
+import static org.springframework.security.config.Customizer.withDefaults;
+
 /**
  * @author Joe Grandja
  */
@@ -33,15 +35,14 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.authorizeRequests()
-				.mvcMatchers("/", "/public/**").permitAll()
-				.anyRequest().authenticated()
-				.and()
-			.formLogin()
-				.and()
-			.oauth2Login()
-				.and()
-			.oauth2Client();
+			.authorizeRequests(authorizeRequests ->
+				authorizeRequests
+					.mvcMatchers("/", "/public/**").permitAll()
+					.anyRequest().authenticated()
+			)
+			.formLogin(withDefaults())
+			.oauth2Login(withDefaults())
+			.oauth2Client(withDefaults());
 	}
 
 	@Bean

samples/javaconfig/concurrency/src/main/java/org/springframework/security/samples/config/SecurityConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -22,6 +22,8 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 
+import static org.springframework.security.config.Customizer.withDefaults;
+
 @EnableWebSecurity
 @EnableGlobalMethodSecurity(prePostEnabled = true)
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
@@ -40,14 +42,19 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	protected void configure(
 			HttpSecurity http) throws Exception {
 		http
-			.authorizeRequests()
-				.anyRequest().authenticated()
-				.and()
-			.formLogin()
-				.and()
-			.sessionManagement()
-				.maximumSessions(1)
-					.expiredUrl("/login?expired");
+			.authorizeRequests(authorizeRequests ->
+				authorizeRequests
+					.anyRequest().authenticated()
+			)
+			.formLogin(withDefaults())
+			.sessionManagement(sessionManagement ->
+				sessionManagement
+					.sessionConcurrency(sessionConcurrency ->
+						sessionConcurrency
+							.maximumSessions(1)
+							.expiredUrl("/login?expired")
+					)
+			);
 	}
 	// @formatter:on
 }

samples/javaconfig/form/src/main/java/org/springframework/security/samples/config/SecurityConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -29,16 +29,20 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.authorizeRequests()
-				.antMatchers("/resources/**").permitAll()
-				.anyRequest().authenticated()
-				.and()
-			.formLogin()
-				.loginPage("/login")
-				.permitAll()
-				.and()
-			.logout()
-				.permitAll();
+			.authorizeRequests(authorizeRequests ->
+				authorizeRequests
+					.antMatchers("/resources/**").permitAll()
+					.anyRequest().authenticated()
+			)
+			.formLogin(formLogin ->
+				formLogin
+					.loginPage("/login")
+					.permitAll()
+			)
+			.logout(logout ->
+				logout
+					.permitAll()
+			);
 	}
 	// @formatter:on
 

samples/javaconfig/openid/src/main/java/org/springframework/security/samples/config/SecurityConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -26,46 +26,71 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.authorizeRequests()
-				.antMatchers("/resources/**").permitAll()
-				.anyRequest().authenticated()
-				.and()
-			.openidLogin()
-				.loginPage("/login")
-				.permitAll()
-				.authenticationUserDetailsService(new CustomUserDetailsService())
-				.attributeExchange("https://www.google.com/.*")
-					.attribute("email")
-						.type("https://axschema.org/contact/email")
-						.required(true)
-						.and()
-					.attribute("firstname")
-						.type("https://axschema.org/namePerson/first")
-						.required(true)
-						.and()
-					.attribute("lastname")
-						.type("https://axschema.org/namePerson/last")
-						.required(true)
-						.and()
-					.and()
-				.attributeExchange(".*yahoo.com.*")
-					.attribute("email")
-						.type("https://axschema.org/contact/email")
-						.required(true)
-						.and()
-					.attribute("fullname")
-						.type("https://axschema.org/namePerson")
-						.required(true)
-						.and()
-					.and()
-				.attributeExchange(".*myopenid.com.*")
-					.attribute("email")
-						.type("https://schema.openid.net/contact/email")
-						.required(true)
-						.and()
-					.attribute("fullname")
-						.type("https://schema.openid.net/namePerson")
-						.required(true);
+			.authorizeRequests(authorizeRequests ->
+				authorizeRequests
+					.antMatchers("/resources/**").permitAll()
+					.anyRequest().authenticated()
+			)
+			.openidLogin(openidLogin ->
+				openidLogin
+					.loginPage("/login")
+					.permitAll()
+					.authenticationUserDetailsService(new CustomUserDetailsService())
+					.attributeExchange(googleExchange ->
+						googleExchange
+							.identifierPattern("https://www.google.com/.*")
+							.attribute(emailAttribute ->
+								emailAttribute
+									.name("email")
+									.type("https://axschema.org/contact/email")
+									.required(true)
+							)
+							.attribute(firstnameAttribute ->
+								firstnameAttribute
+									.name("firstname")
+									.type("https://axschema.org/namePerson/first")
+									.required(true)
+							)
+							.attribute(lastnameAttribute ->
+								lastnameAttribute
+									.name("lastname")
+									.type("https://axschema.org/namePerson/last")
+									.required(true)
+							)
+					)
+					.attributeExchange(yahooExchange ->
+						yahooExchange
+							.identifierPattern(".*yahoo.com.*")
+							.attribute(emailAttribute ->
+								emailAttribute
+									.name("email")
+									.type("https://axschema.org/contact/email")
+									.required(true)
+							)
+							.attribute(fullnameAttribute ->
+								fullnameAttribute
+									.name("fullname")
+									.type("https://axschema.org/namePerson")
+									.required(true)
+							)
+					)
+					.attributeExchange(myopenidExchange ->
+						myopenidExchange
+							.identifierPattern(".*myopenid.com.*")
+							.attribute(emailAttribute ->
+								emailAttribute
+									.name("email")
+									.type("https://schema.openid.net/contact/email")
+									.required(true)
+							)
+							.attribute(fullnameAttribute ->
+									fullnameAttribute
+									.name("fullname")
+									.type("https://schema.openid.net/namePerson")
+									.required(true)
+							)
+					)
+			);
 	}
 	// @formatter:on
 }

samples/javaconfig/preauth/src/main/java/org/springframework/security/samples/config/SecurityConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -26,12 +26,15 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.authorizeRequests()
-				.antMatchers("/login", "/resources/**").permitAll()
-				.anyRequest().authenticated()
-				.and()
-			.jee()
-				.mappableRoles("USER", "ADMIN");
+			.authorizeRequests(authorizeRequests ->
+				authorizeRequests
+					.antMatchers("/login", "/resources/**").permitAll()
+					.anyRequest().authenticated()
+			)
+			.jee(jee ->
+				jee
+					.mappableRoles("USER", "ADMIN")
+			);
 	}
 	// @formatter:on
 }

samples/javaconfig/rememberme/src/main/java/org/springframework/security/samples/config/SecurityConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,6 +21,8 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 
+import static org.springframework.security.config.Customizer.withDefaults;
+
 @EnableWebSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
@@ -39,15 +41,17 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.authorizeRequests()
-				.antMatchers("/resources/**").permitAll()
-				.anyRequest().authenticated()
-				.and()
-			.formLogin()
-				.loginPage("/login")
-				.permitAll()
-				.and()
-			.rememberMe();
+			.authorizeRequests(authorizeRequests ->
+				authorizeRequests
+					.antMatchers("/resources/**").permitAll()
+					.anyRequest().authenticated()
+			)
+			.formLogin(formLogin ->
+				formLogin
+					.loginPage("/login")
+					.permitAll()
+			)
+			.rememberMe(withDefaults());
 	}
 	// @formatter:on
 }

samples/javaconfig/x509/src/main/java/org/springframework/security/samples/config/SecurityConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,6 +21,8 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 
+import static org.springframework.security.config.Customizer.withDefaults;
+
 @EnableWebSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
@@ -40,10 +42,11 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.authorizeRequests()
-				.anyRequest().authenticated()
-				.and()
-			.x509();
+			.authorizeRequests(authorizeRequests ->
+				authorizeRequests
+					.anyRequest().authenticated()
+			)
+			.x509(withDefaults());
 	}
 	// @formatter:on
 }