Эхлэл Бүгдийг харах Тусламж
Бүртгүүлэх Нэвтрэх
github
/
spring-security
-ын хуулбар https://github.com/spring-projects/spring-security
2
0
Салаа 0
Файлууд Асуудлууд 0 Мэдлэгийн сан
Эх сурвалжийг харах

Polish no-parameter authorizeHttpRequests

- Cleaned up JavaDoc
- Updated implementation to align with no-parameter authorizeRequests
- Updated test names and content for clarity, specifically identified
tests that target no-parameter authorizeHttpRequests with noParameter in
the name
- Switched order of methods to match others in HttpSecurity
- Updated copyright year

Issue gh-9498
Josh Cummings 4 жил өмнө
parent
3820f0f3a3
commit
e91cacfdaf
2 өөрчлөгдсөн 83 нэмэгдсэн , 65 устгасан
Өөрчлөлтийг ялгаж харах Өөрчлөлтийн статистик харах
  1. 40 42
      config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
  2. 43 23
      config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurerTests.java

+ 40 - 42
config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
Файл харах 

@@ -1281,11 +1281,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 
 	 * 	&#064;Override
 
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 
 	 * 		http
 
-	 * 			.authorizeHttpRequests((authorizeHttpRequests) -&gt;
 
-	 * 				authorizeHttpRequests
 
-	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 
-	 * 			)
 
-	 * 			.formLogin(withDefaults());
 
+	 * 			.authorizeHttpRequests()
 
+	 * 				.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 
+	 * 				.and()
 
+	 * 			.formLogin();
 
 	 * 	}
 
 	 * }
 
 	 * </pre>
 
@@ -1302,12 +1301,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 
 	 * 	&#064;Override
 
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 
 	 * 		http
 
-	 * 			.authorizeHttpRequests((authorizeHttpRequests) -&gt;
 
-	 * 				authorizeHttpRequests
 
-	 * 					.antMatchers(&quot;/admin/**&quot;).hasRole(&quot;ADMIN&quot;)
 
-	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 
-	 * 			)
 
-	 * 			.formLogin(withDefaults());
 
+	 * 			.authorizeHttpRequests()
 
+	 * 				.antMatchers(&quot;/admin&quot;).hasRole(&quot;ADMIN&quot;)
 
+	 * 				.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 
+	 * 				.and()
 
+	 * 			.formLogin();
 
 	 * 	}
 
 	 * }
 
 	 * </pre>
 
@@ -1320,32 +1318,27 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 
 	 * &#064;Configuration
 
 	 * &#064;EnableWebSecurity
 
 	 * public class AuthorizeUrlsSecurityConfig extends WebSecurityConfigurerAdapter {
 
-	 *HttpSecurity.java
 
+	 *
 
 	 * 	&#064;Override
 
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 
 	 * 		http
 
-	 * 		 	.authorizeHttpRequests((authorizeHttpRequests) -&gt;
 
-	 * 		 		authorizeHttpRequests
 
-	 * 			 		.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 
-	 * 			 		.antMatchers(&quot;/admin/**&quot;).hasRole(&quot;ADMIN&quot;)
 
-	 * 		 	);
 
+	 * 			.authorizeHttpRequests()
 
+	 * 				.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 
+	 * 				.antMatchers(&quot;/admin/**&quot;).hasRole(&quot;ADMIN&quot;)
 
+	 * 				.and()
 
+	 * 			.formLogin();
 
 	 * 	}
 
 	 * }
 
 	 * </pre>
 
-	 * @param authorizeHttpRequestsCustomizer the {@link Customizer} to provide more
 
-	 * options for the {@link AuthorizationManagerRequestMatcherRegistry}
 
 	 * @return the {@link HttpSecurity} for further customizations
 
 	 * @throws Exception
 
-	 * @since 5.5
 
+	 * @since 5.6
 
 	 * @see #requestMatcher(RequestMatcher)
 
 	 */
 
-	public HttpSecurity authorizeHttpRequests(
 
-			Customizer<AuthorizeHttpRequestsConfigurer<HttpSecurity>.AuthorizationManagerRequestMatcherRegistry> authorizeHttpRequestsCustomizer)
 
+	public AuthorizeHttpRequestsConfigurer<HttpSecurity>.AuthorizationManagerRequestMatcherRegistry authorizeHttpRequests()
 
 			throws Exception {
 
 		ApplicationContext context = getContext();
 
-		authorizeHttpRequestsCustomizer
 
-				.customize(getOrApply(new AuthorizeHttpRequestsConfigurer<>(context)).getRegistry());
 
-		return HttpSecurity.this;
 
+		return getOrApply(new AuthorizeHttpRequestsConfigurer<>(context)).getRegistry();
 
 	}
 
 
 	/**
 
@@ -1366,10 +1359,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 
 	 * 	&#064;Override
 
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 
 	 * 		http
 
-	 *     .authorizeHttpRequests()
 
-	 *         .antMatchers(&quot;/**&quot;).hasRoles(&quot;USER&quot;)
 
-	 *         .and()
 
-	 *     .formLogin();
 
+	 * 			.authorizeHttpRequests((authorizeHttpRequests) ->
 
+	 * 				authorizeHttpRequests
 
+	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 
+	 * 			)
 
+	 * 			.formLogin(withDefaults());
 
 	 * 	}
 
 	 * }
 
 	 * </pre>
 
@@ -1386,10 +1380,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 
 	 * 	&#064;Override
 
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 
 	 * 		http
 
-	 *     .authorizeHttpRequests()
 
-	 *         .antMatchers(&quot;/**&quot;).hasRoles(&quot;USER&quot;)
 
-	 *         .and()
 
-	 *     .formLogin();
 
+	 * 			.authorizeHttpRequests((authorizeHttpRequests) ->
 
+	 * 				authorizeHttpRequests
 
+	 * 					.antMatchers(&quot;/admin/**&quot;).hasRole(&quot;ADMIN&quot;)
 
+	 * 					.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 
+	 * 			)
 
 	 * 			.formLogin(withDefaults());
 
 	 * 	}
 
 	 * }
 
@@ -1407,24 +1402,27 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 
 	 * 	&#064;Override
 
 	 * 	protected void configure(HttpSecurity http) throws Exception {
 
 	 * 		http
 
-	 *     .authorizeHttpRequests()
 
-	 *         .antMatchers(&quot;/**&quot;).hasRoles(&quot;USER&quot;)
 
-	 *         .and()
 
-	 *     .formLogin();
 
+	 * 		 	.authorizeHttpRequests((authorizeHttpRequests) ->
 
+	 * 		 		authorizeHttpRequests
 
+	 * 			 		.antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
 
+	 * 			 		.antMatchers(&quot;/admin/**&quot;).hasRole(&quot;ADMIN&quot;)
 
+	 * 		 	);
 
 	 * 	}
 
 	 * }
 
 	 * </pre>
 
+	 * @param authorizeHttpRequestsCustomizer the {@link Customizer} to provide more
 
+	 * options for the {@link AuthorizationManagerRequestMatcherRegistry}
 
 	 * @return the {@link HttpSecurity} for further customizations
 
 	 * @throws Exception
 
 	 * @since 5.5
 
 	 * @see #requestMatcher(RequestMatcher)
 
 	 */
 
-	public HttpSecurity authorizeHttpRequests() throws Exception {
 
-		ApplicationContext applicationContext = getContext();
 
-		Customizer<AuthorizeHttpRequestsConfigurer<HttpSecurity>.AuthorizationManagerRequestMatcherRegistry> authorizeHttpRequestsCustomizer = Customizer
 
-				.withDefaults();
 
+	public HttpSecurity authorizeHttpRequests(
 
+			Customizer<AuthorizeHttpRequestsConfigurer<HttpSecurity>.AuthorizationManagerRequestMatcherRegistry> authorizeHttpRequestsCustomizer)
 
+			throws Exception {
 
+		ApplicationContext context = getContext();
 
 		authorizeHttpRequestsCustomizer
 
-				.customize(getOrApply(new AuthorizeHttpRequestsConfigurer<>(applicationContext)).getRegistry());
 
+				.customize(getOrApply(new AuthorizeHttpRequestsConfigurer<>(context)).getRegistry());
 
 		return HttpSecurity.this;
 
 	}

+ 43 - 23
config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurerTests.java
Файл харах 

@@ -73,9 +73,9 @@ public class AuthorizeHttpRequestsConfigurerTests {
 
 	}
 
 
 	@Test
 
-	public void configureWhenAuthorizedHttpRequestsAndNoRequestsThenExceptionWithDefaultConfig() {
 
+	public void configureNoParameterWhenAuthorizedHttpRequestsAndNoRequestsThenException() {
 
 		assertThatExceptionOfType(BeanCreationException.class)
 
-				.isThrownBy(() -> this.spring.register(NoRequestsConfigWithDefaultConfig.class).autowire())
 
+				.isThrownBy(() -> this.spring.register(NoRequestsNoParameterConfig.class).autowire())
 
 				.withMessageContaining(
 
 						"At least one mapping is required (for example, authorizeHttpRequests().anyRequest().authenticated())");
 
 	}
 
@@ -88,11 +88,10 @@ public class AuthorizeHttpRequestsConfigurerTests {
 
 	}
 
 
 	@Test
 
-	public void configureWhenAnyRequestIncompleteMappingDefaultConfigThenException() {
 
+	public void configureNoParameterWhenAnyRequestIncompleteMappingThenException() {
 
 		assertThatExceptionOfType(BeanCreationException.class)
 
-		this.spring.register(IncompleteMappingConfigWithDefaultConfig.class, BasicController.class).autowire();
 
-		this.mvc.perform(get("/")).andExpect(status().isOk());
 
-		verify(CustomAuthorizationManagerConfig.authorizationManager).check(any(), any());
 
+				.isThrownBy(() -> this.spring.register(IncompleteMappingNoParameterConfig.class).autowire())
 
+				.withMessageContaining("An incomplete mapping was found for ");
 
 	}
 
 
 	@Test
 
@@ -111,11 +110,11 @@ public class AuthorizeHttpRequestsConfigurerTests {
 
 	}
 
 
 	@Test
 
-	public void configureMvcMatcherAccessAuthorizationManagerOnDefault() throws Exception {
 
-		CustomAuthorizationManagerConfig.authorizationManager = mock(AuthorizationManager.class);
 
-		this.spring.register(IncompleteMappingConfigWithDefaultConfig.class).autowire();
 
-		this.mvc.perform(get("/")).andExpect(status().isUnauthorized());
 
-		verify(CustomAuthorizationManagerConfig.authorizationManager).check(any(), any());
 
+	public void configureNoParameterMvcMatcherAccessAuthorizationManagerWhenNotNullThenVerifyUse() throws Exception {
 
+		CustomAuthorizationManagerNoParameterConfig.authorizationManager = mock(AuthorizationManager.class);
 
+		this.spring.register(CustomAuthorizationManagerNoParameterConfig.class, BasicController.class).autowire();
 
+		this.mvc.perform(get("/")).andExpect(status().isOk());
 
+		verify(CustomAuthorizationManagerNoParameterConfig.authorizationManager).check(any(), any());
 
 	}
 
 
 	@Test
 
@@ -395,43 +394,46 @@ public class AuthorizeHttpRequestsConfigurerTests {
 
 	}
 
 
 	@EnableWebSecurity
 
-	static class NoRequestsConfigWithDefaultConfig {
 
+	static class NoRequestsNoParameterConfig {
 
 
 		@Bean
 
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 
 			// @formatter:off
 
-			return http
 
-					.authorizeHttpRequests()
 
-					.build();
 
+			http
 
+				.authorizeHttpRequests();
 
 			// @formatter:on
 
+
 
+			return http.build();
 
 		}
 
 
 	}
 
 
 	@EnableWebSecurity
 
-	static class IncompleteMappingConfigWithDefaultConfig {
 
+	static class IncompleteMappingConfig {
 
 
 		@Bean
 
-		FormLoginConfigurer<HttpSecurity> filterChain(HttpSecurity http) throws Exception {
 
+		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 
 			// @formatter:off
 
 			return http
 
-					.authorizeHttpRequests()
 
-					.formLogin();
 
+					.authorizeHttpRequests(AbstractRequestMatcherRegistry::anyRequest)
 
+					.build();
 
 			// @formatter:on
 
 		}
 
 
 	}
 
 
 	@EnableWebSecurity
 
-	static class IncompleteMappingConfig {
 
+	static class IncompleteMappingNoParameterConfig {
 
 
 		@Bean
 
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 
 			// @formatter:off
 
-			return http
 
-					.authorizeHttpRequests(AbstractRequestMatcherRegistry::anyRequest)
 
-					.build();
 
+			http
 
+					.authorizeHttpRequests()
 
+					.anyRequest();
 
 			// @formatter:on
 
+
 
+			return http.build();
 
 		}
 
 
 	}
 
@@ -471,6 +473,24 @@ public class AuthorizeHttpRequestsConfigurerTests {
 
 
 	}
 
 
+	@EnableWebSecurity
 
+	static class CustomAuthorizationManagerNoParameterConfig {
 
+
 
+		static AuthorizationManager<RequestAuthorizationContext> authorizationManager;
 
+
 
+		@Bean
 
+		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 
+			// @formatter:off
 
+			http
 
+				.authorizeHttpRequests()
 
+					.anyRequest().access(authorizationManager);
 
+			// @formatter:on
 
+
 
+			return http.build();
 
+		}
 
+
 
+	}
 
+
 
 	@EnableWebSecurity
 
 	static class ObjectPostProcessorConfig {