Skip to content

Commit

Permalink
GH-441 - Adapt to changes in Spring Security.
Browse files Browse the repository at this point in the history
We need to use a MvcRequestMatcher now to avoid problems if multiple servlets are deployed (in case of H2 for example).

spring-projects/spring-security#13568 (comment)
  • Loading branch information
odrotbohm committed Sep 12, 2023
1 parent 467cce8 commit f5acb2e
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 7 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,8 @@
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
import org.springframework.web.servlet.handler.HandlerMappingIntrospector;

/**
* Basic Salespoint security configuration setting up the {@link AuthenticationManagerBuilder} to work with the
Expand All @@ -38,11 +40,17 @@ class SalespointWebSecurityConfiguration {

@Bean
@ConditionalOnWebApplication
SecurityFilterChain filterChain(HttpSecurity security) throws Exception {
MvcRequestMatcher.Builder mvc(HandlerMappingIntrospector introspector) {
return new MvcRequestMatcher.Builder(introspector).servletPath("/");
}

@Bean
@ConditionalOnWebApplication
SecurityFilterChain filterChain(HttpSecurity security, MvcRequestMatcher.Builder mvc) throws Exception {

return security
.userDetailsService(userDetailsService)
.authorizeHttpRequests(http -> http.requestMatchers("/resources/**").permitAll())
.authorizeHttpRequests(http -> http.requestMatchers(mvc.pattern("/resources/**")).permitAll())
.build();
}
}
15 changes: 10 additions & 5 deletions src/test/java/example/ExampleControllerIntegrationTests.java
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,10 @@
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.servlet.handler.HandlerMappingIntrospector;

/**
* Integration tests for sample components.
Expand All @@ -51,16 +53,19 @@ class ExampleControllerIntegrationTests {
static class Config {

@Bean
SecurityFilterChain testSecurity(HttpSecurity security) throws Exception {
SecurityFilterChain testSecurity(HttpSecurity security, HandlerMappingIntrospector introspector) throws Exception {

return security.csrf().disable()
.authorizeHttpRequests().requestMatchers("/**").permitAll()
.and().build();
var mvc = new MvcRequestMatcher.Builder(introspector);

return security
.authorizeHttpRequests(it -> it.requestMatchers(mvc.pattern("/**")).permitAll()
.anyRequest().authenticated())
.csrf(it -> it.disable())
.build();
}
}

@Test // #72
@SuppressWarnings("resource")
void usesUtf8ToDecodePayload() {

var template = new RestTemplate();
Expand Down

0 comments on commit f5acb2e

Please sign in to comment.