3 years ago · f8971742f2
--- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java
@@ -95,8 +95,6 @@ public final class WebSecurity extends AbstractConfiguredSecurityBuilder<Filter,
 
				 
			
 
				 	private IgnoredRequestConfigurer ignoredRequestRegistry;
			
 
				 
			
 
				-	private FilterSecurityInterceptor filterSecurityInterceptor;
			
 
				-
			
 
				 	private HttpFirewall httpFirewall;
			
 
				 
			
 
				 	private RequestRejectedHandler requestRejectedHandler;
			
@@ -211,8 +209,8 @@ public final class WebSecurity extends AbstractConfiguredSecurityBuilder<Filter,
 
				 
			
 
				 	/**
			
 
				 	 * Set the {@link WebInvocationPrivilegeEvaluator} to be used. If this is not
			
 
				-	 * specified, then a {@link DefaultWebInvocationPrivilegeEvaluator} will be created
			
 
				-	 * when {@link #securityInterceptor(FilterSecurityInterceptor)} is non null.
			
 
				+	 * specified, then a {@link RequestMatcherDelegatingWebInvocationPrivilegeEvaluator}
			
 
				+	 * will be created based on the list of {@link SecurityFilterChain}.
			
 
				 	 * @param privilegeEvaluator the {@link WebInvocationPrivilegeEvaluator} to use
			
 
				 	 * @return the {@link WebSecurity} for further customizations
			
 
				 	 */
			
@@ -246,25 +244,7 @@ public final class WebSecurity extends AbstractConfiguredSecurityBuilder<Filter,
 
				 	 * @return the {@link WebInvocationPrivilegeEvaluator} for further customizations
			
 
				 	 */
			
 
				 	public WebInvocationPrivilegeEvaluator getPrivilegeEvaluator() {
			
 
				-		if (this.privilegeEvaluator != null) {
			
 
				-			return this.privilegeEvaluator;
			
 
				-		}
			
 
				-		return (this.filterSecurityInterceptor != null)
			
 
				-				? new DefaultWebInvocationPrivilegeEvaluator(this.filterSecurityInterceptor) : null;
			
 
				-	}
			
 
				-
			
 
				-	/**
			
 
				-	 * Sets the {@link FilterSecurityInterceptor}. This is typically invoked by
			
 
				-	 * {@link WebSecurityConfiguration#springSecurityFilterChain()}.
			
 
				-	 * @param securityInterceptor the {@link FilterSecurityInterceptor} to use
			
 
				-	 * @return the {@link WebSecurity} for further customizations
			
 
				-	 * @deprecated Use {@link #privilegeEvaluator(WebInvocationPrivilegeEvaluator)}
			
 
				-	 * instead
			
 
				-	 */
			
 
				-	@Deprecated
			
 
				-	public WebSecurity securityInterceptor(FilterSecurityInterceptor securityInterceptor) {
			
 
				-		this.filterSecurityInterceptor = securityInterceptor;
			
 
				-		return this;
			
 
				+		return this.privilegeEvaluator;
			
 
				 	}
			
 
				 
			
 
				 	/**
			
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java
@@ -47,7 +47,6 @@ import org.springframework.security.web.FilterChainProxy;
 
				 import org.springframework.security.web.FilterInvocation;
			
 
				 import org.springframework.security.web.SecurityFilterChain;
			
 
				 import org.springframework.security.web.access.WebInvocationPrivilegeEvaluator;
			
 
				-import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
			
 
				 import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
			
 
				 import org.springframework.util.Assert;
			
 
				 
			
@@ -112,12 +111,6 @@ public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAwa
 
				 		}
			
 
				 		for (SecurityFilterChain securityFilterChain : this.securityFilterChains) {
			
 
				 			this.webSecurity.addSecurityFilterChainBuilder(() -> securityFilterChain);
			
 
				-			for (Filter filter : securityFilterChain.getFilters()) {
			
 
				-				if (filter instanceof FilterSecurityInterceptor) {
			
 
				-					this.webSecurity.securityInterceptor((FilterSecurityInterceptor) filter);
			
 
				-					break;
			
 
				-				}
			
 
				-			}
			
 
				 		}
			
 
				 		for (WebSecurityCustomizer customizer : this.webSecurityCustomizers) {
			
 
				 			customizer.customize(this.webSecurity);
			
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java
@@ -61,7 +61,6 @@ import org.springframework.security.core.userdetails.UserDetailsService;
 
				 import org.springframework.security.core.userdetails.UsernameNotFoundException;
			
 
				 import org.springframework.security.crypto.factory.PasswordEncoderFactories;
			
 
				 import org.springframework.security.crypto.password.PasswordEncoder;
			
 
				-import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
			
 
				 import org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter;
			
 
				 import org.springframework.util.Assert;
			
 
				 import org.springframework.util.ReflectionUtils;
			
@@ -317,10 +316,7 @@ public abstract class WebSecurityConfigurerAdapter implements WebSecurityConfigu
 
				 	@Override
			
 
				 	public void init(WebSecurity web) throws Exception {
			
 
				 		HttpSecurity http = getHttp();
			
 
				-		web.addSecurityFilterChainBuilder(http).postBuildAction(() -> {
			
 
				-			FilterSecurityInterceptor securityInterceptor = http.getSharedObject(FilterSecurityInterceptor.class);
			
 
				-			web.securityInterceptor(securityInterceptor);
			
 
				-		});
			
 
				+		web.addSecurityFilterChainBuilder(http);
			
 
				 	}
			
 
				 
			
 
				 	/**