From 8600bd7294419453d82608defe30f4ab718b259c Mon Sep 17 00:00:00 2001 From: Madhura Bhave Date: Thu, 19 Oct 2017 15:14:58 -0700 Subject: [PATCH] Upgrade to Spring Security 5.0.0.BUILD-SNAPSHOT Following some changes in the latest snapshot this includes: - Some updates to oauth2 client auto-config - Security auto-config no longer relies on GlobalAuthenticationConfigurerAdapter - Remove reactive security starter Closes gh-10704 --- .../spring-boot-autoconfigure/pom.xml | 5 --- .../security/SecurityAutoConfiguration.java | 4 +- .../SpringBootWebSecurityConfiguration.java | 3 -- .../WebSecurityEnablerConfiguration.java | 2 - ...h2ClientPropertiesRegistrationAdapter.java | 2 +- ...iveAuthenticationManagerConfiguration.java | 14 +++--- .../security/jpa/JpaUserDetailsTests.java | 3 -- ...entPropertiesRegistrationAdapterTests.java | 8 ++-- .../OAuth2WebSecurityConfigurationTests.java | 8 ++-- ...eactiveSecurityAutoConfigurationTests.java | 34 +++++++-------- .../security/user/SecurityConfig.java | 43 ------------------- .../spring-boot-dependencies/pom.xml | 2 +- spring-boot-project/spring-boot-docs/pom.xml | 5 --- .../spring-boot-starters/pom.xml | 1 - .../pom.xml | 34 --------------- .../main/resources/META-INF/spring.provides | 1 - .../spring-boot-sample-secure-webflux/pom.xml | 2 +- .../SampleSecureWebFluxApplication.java | 8 ++-- .../SampleMethodSecurityApplication.java | 20 +++++---- 19 files changed, 52 insertions(+), 147 deletions(-) delete mode 100644 spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/user/SecurityConfig.java delete mode 100644 spring-boot-project/spring-boot-starters/spring-boot-starter-security-reactive/pom.xml delete mode 100644 spring-boot-project/spring-boot-starters/spring-boot-starter-security-reactive/src/main/resources/META-INF/spring.provides diff --git a/spring-boot-project/spring-boot-autoconfigure/pom.xml b/spring-boot-project/spring-boot-autoconfigure/pom.xml index a22911a996..e13e5240cb 100755 --- a/spring-boot-project/spring-boot-autoconfigure/pom.xml +++ b/spring-boot-project/spring-boot-autoconfigure/pom.xml @@ -523,11 +523,6 @@ spring-security-data true - - org.springframework.security - spring-security-webflux - true - org.springframework.security spring-security-jwt-jose diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SecurityAutoConfiguration.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SecurityAutoConfiguration.java index da2dbee873..8770cebaf8 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SecurityAutoConfiguration.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SecurityAutoConfiguration.java @@ -27,7 +27,7 @@ import org.springframework.context.annotation.Import; import org.springframework.security.authentication.AuthenticationEventPublisher; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.DefaultAuthenticationEventPublisher; -import org.springframework.security.config.annotation.authentication.configurers.GlobalAuthenticationConfigurerAdapter; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.provisioning.InMemoryUserDetailsManager; /** @@ -42,7 +42,7 @@ import org.springframework.security.provisioning.InMemoryUserDetailsManager; */ @Configuration @ConditionalOnClass({ AuthenticationManager.class, - GlobalAuthenticationConfigurerAdapter.class }) + EnableWebSecurity.class }) @EnableConfigurationProperties(SecurityProperties.class) @Import({ SpringBootWebSecurityConfiguration.class, WebSecurityEnablerConfiguration.class, AuthenticationManagerConfiguration.class, SecurityDataConfiguration.class }) diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SpringBootWebSecurityConfiguration.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SpringBootWebSecurityConfiguration.java index 5e0a542e93..6cb509558b 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SpringBootWebSecurityConfiguration.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SpringBootWebSecurityConfiguration.java @@ -16,14 +16,12 @@ package org.springframework.boot.autoconfigure.security; -import org.springframework.boot.autoconfigure.condition.ConditionalOnClass; import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication; import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication.Type; import org.springframework.context.annotation.Configuration; import org.springframework.core.annotation.Order; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; /** @@ -36,7 +34,6 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur * @author Madhura Bhave * @since 2.0.0 */ -@ConditionalOnClass(EnableWebSecurity.class) @ConditionalOnMissingBean(WebSecurityConfigurerAdapter.class) @ConditionalOnWebApplication(type = Type.SERVLET) public class SpringBootWebSecurityConfiguration { diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/WebSecurityEnablerConfiguration.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/WebSecurityEnablerConfiguration.java index eeda91c3f0..d9766f1b8e 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/WebSecurityEnablerConfiguration.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/WebSecurityEnablerConfiguration.java @@ -17,7 +17,6 @@ package org.springframework.boot.autoconfigure.security; import org.springframework.boot.autoconfigure.condition.ConditionalOnBean; -import org.springframework.boot.autoconfigure.condition.ConditionalOnClass; import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; @@ -34,7 +33,6 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur * @since 2.0.0 */ @ConditionalOnBean(WebSecurityConfigurerAdapter.class) -@ConditionalOnClass(EnableWebSecurity.class) @ConditionalOnMissingBean(WebSecurityConfiguration.class) @ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET) @EnableWebSecurity diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapter.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapter.java index 6856672a4f..ce1dbde4c9 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapter.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapter.java @@ -76,7 +76,7 @@ final class OAuth2ClientPropertiesRegistrationAdapter { throw new IllegalStateException(getErrorMessage(configuredProviderId, registrationId)); } Builder builder = (provider != null ? provider.getBuilder(registrationId) - : new Builder(registrationId)); + : ClientRegistration.withRegistrationId(registrationId)); if (providers.containsKey(providerId)) { return getBuilder(builder, providers.get(providerId)); } diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/reactive/ReactiveAuthenticationManagerConfiguration.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/reactive/ReactiveAuthenticationManagerConfiguration.java index a5bc751899..bc05c17f7d 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/reactive/ReactiveAuthenticationManagerConfiguration.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/reactive/ReactiveAuthenticationManagerConfiguration.java @@ -27,15 +27,15 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplicat import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.authentication.ReactiveAuthenticationManager; -import org.springframework.security.core.userdetails.MapUserDetailsRepository; +import org.springframework.security.core.userdetails.MapReactiveUserDetailsService; +import org.springframework.security.core.userdetails.ReactiveUserDetailsService; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; -import org.springframework.security.core.userdetails.UserDetailsRepository; /** * Default user {@link Configuration} for a reactive web application. Configures a - * {@link UserDetailsRepository} with a default user and generated password. This - * backs-off completely if there is a bean of type {@link UserDetailsRepository} or + * {@link ReactiveUserDetailsService} with a default user and generated password. This + * backs-off completely if there is a bean of type {@link ReactiveUserDetailsService} or * {@link ReactiveAuthenticationManager}. * * @author Madhura Bhave @@ -44,7 +44,7 @@ import org.springframework.security.core.userdetails.UserDetailsRepository; @Configuration @ConditionalOnClass({ ReactiveAuthenticationManager.class }) @ConditionalOnMissingBean({ ReactiveAuthenticationManager.class, - UserDetailsRepository.class }) + ReactiveUserDetailsService.class }) @ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.REACTIVE) public class ReactiveAuthenticationManagerConfiguration { @@ -52,11 +52,11 @@ public class ReactiveAuthenticationManagerConfiguration { .getLog(ReactiveAuthenticationManagerConfiguration.class); @Bean - public MapUserDetailsRepository userDetailsRepository() { + public MapReactiveUserDetailsService reactiveUserDetailsService() { String password = UUID.randomUUID().toString(); logger.info(String.format("%n%nUsing default security password: %s%n", password)); UserDetails user = User.withUsername("user").password(password).roles().build(); - return new MapUserDetailsRepository(user); + return new MapReactiveUserDetailsService(user); } } diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/jpa/JpaUserDetailsTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/jpa/JpaUserDetailsTests.java index ce30f0327b..66e42c0f11 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/jpa/JpaUserDetailsTests.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/jpa/JpaUserDetailsTests.java @@ -25,9 +25,7 @@ import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration; import org.springframework.boot.autoconfigure.jdbc.EmbeddedDataSourceConfiguration; import org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration; import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration; -import org.springframework.boot.autoconfigure.security.user.SecurityConfig; import org.springframework.boot.test.context.SpringBootContextLoader; -import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.Import; import org.springframework.test.annotation.DirtiesContext; import org.springframework.test.context.ContextConfiguration; @@ -57,7 +55,6 @@ public class JpaUserDetailsTests { @Import({ EmbeddedDataSourceConfiguration.class, DataSourceAutoConfiguration.class, HibernateJpaAutoConfiguration.class, PropertyPlaceholderAutoConfiguration.class, SecurityAutoConfiguration.class }) - @ComponentScan(basePackageClasses = SecurityConfig.class) public static class Main { } diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapterTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapterTests.java index 3874231f71..384d2d1309 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapterTests.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapterTests.java @@ -78,7 +78,7 @@ public class OAuth2ClientPropertiesRegistrationAdapterTests { assertThat(adapted.getAuthorizationGrantType()).isEqualTo( org.springframework.security.oauth2.core.AuthorizationGrantType.AUTHORIZATION_CODE); assertThat(adapted.getRedirectUri()).isEqualTo("http://example.com/redirect"); - assertThat(adapted.getScope()).containsExactly("scope"); + assertThat(adapted.getScopes()).containsExactly("scope"); assertThat(adapted.getClientName()).isEqualTo("clientName"); } @@ -112,7 +112,7 @@ public class OAuth2ClientPropertiesRegistrationAdapterTests { org.springframework.security.oauth2.core.AuthorizationGrantType.AUTHORIZATION_CODE); assertThat(adapted.getRedirectUri()).isEqualTo( "{scheme}://{serverName}:{serverPort}{contextPath}/oauth2/authorize/code/{registrationId}"); - assertThat(adapted.getScope()).containsExactly("openid", "profile", "email", + assertThat(adapted.getScopes()).containsExactly("openid", "profile", "email", "address", "phone"); assertThat(adapted.getClientName()).isEqualTo("Google"); } @@ -151,7 +151,7 @@ public class OAuth2ClientPropertiesRegistrationAdapterTests { assertThat(adapted.getAuthorizationGrantType()).isEqualTo( org.springframework.security.oauth2.core.AuthorizationGrantType.AUTHORIZATION_CODE); assertThat(adapted.getRedirectUri()).isEqualTo("http://example.com/redirect"); - assertThat(adapted.getScope()).containsExactly("scope"); + assertThat(adapted.getScopes()).containsExactly("scope"); assertThat(adapted.getClientName()).isEqualTo("clientName"); } @@ -196,7 +196,7 @@ public class OAuth2ClientPropertiesRegistrationAdapterTests { org.springframework.security.oauth2.core.AuthorizationGrantType.AUTHORIZATION_CODE); assertThat(adapted.getRedirectUri()).isEqualTo( "{scheme}://{serverName}:{serverPort}{contextPath}/oauth2/authorize/code/{registrationId}"); - assertThat(adapted.getScope()).containsExactly("openid", "profile", "email", + assertThat(adapted.getScopes()).containsExactly("openid", "profile", "email", "address", "phone"); assertThat(adapted.getClientName()).isEqualTo("Google"); } diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2WebSecurityConfigurationTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2WebSecurityConfigurationTests.java index 98eaa2a1d9..d377002a3d 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2WebSecurityConfigurationTests.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2WebSecurityConfigurationTests.java @@ -36,7 +36,7 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository; import org.springframework.security.oauth2.client.web.AuthorizationCodeAuthenticationFilter; -import org.springframework.security.oauth2.client.web.AuthorizationCodeRequestRedirectFilter; +import org.springframework.security.oauth2.client.web.AuthorizationRequestRedirectFilter; import org.springframework.security.oauth2.core.AuthorizationGrantType; import org.springframework.security.web.FilterChainProxy; import org.springframework.security.web.SecurityFilterChain; @@ -97,7 +97,7 @@ public class OAuth2WebSecurityConfigurationTests { .getField(filterChains.get(0), "filters"); List oauth2Filters = filters.stream() .filter((f) -> f instanceof AuthorizationCodeAuthenticationFilter - || f instanceof AuthorizationCodeRequestRedirectFilter) + || f instanceof AuthorizationRequestRedirectFilter) .collect(Collectors.toList()); return oauth2Filters.stream() .filter((f) -> f instanceof AuthorizationCodeAuthenticationFilter) @@ -111,7 +111,7 @@ public class OAuth2WebSecurityConfigurationTests { && ObjectUtils.nullSafeEquals(reg1.getClientName(), reg2.getClientName()); result = result && ObjectUtils.nullSafeEquals(reg1.getClientSecret(), reg2.getClientSecret()); - result = result && ObjectUtils.nullSafeEquals(reg1.getScope(), reg2.getScope()); + result = result && ObjectUtils.nullSafeEquals(reg1.getScopes(), reg2.getScopes()); result = result && ObjectUtils.nullSafeEquals(reg1.getRedirectUri(), reg2.getRedirectUri()); result = result && ObjectUtils.nullSafeEquals(reg1.getRegistrationId(), @@ -154,7 +154,7 @@ public class OAuth2WebSecurityConfigurationTests { } private ClientRegistration getClientRegistration(String id, String userInfoUri) { - ClientRegistration.Builder builder = new ClientRegistration.Builder(id); + ClientRegistration.Builder builder = ClientRegistration.withRegistrationId(id); builder.clientName("foo").clientId("foo") .clientAuthenticationMethod( org.springframework.security.oauth2.core.ClientAuthenticationMethod.BASIC) diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/reactive/ReactiveSecurityAutoConfigurationTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/reactive/ReactiveSecurityAutoConfigurationTests.java index 0240eab8c5..9753e590cb 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/reactive/ReactiveSecurityAutoConfigurationTests.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/reactive/ReactiveSecurityAutoConfigurationTests.java @@ -29,14 +29,14 @@ import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.http.server.reactive.HttpHandler; import org.springframework.security.authentication.ReactiveAuthenticationManager; -import org.springframework.security.config.annotation.web.reactive.HttpSecurityConfiguration; +import org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfiguration; import org.springframework.security.config.annotation.web.reactive.WebFluxSecurityConfiguration; import org.springframework.security.core.Authentication; -import org.springframework.security.core.userdetails.MapUserDetailsRepository; +import org.springframework.security.core.userdetails.MapReactiveUserDetailsService; +import org.springframework.security.core.userdetails.ReactiveUserDetailsService; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; -import org.springframework.security.core.userdetails.UserDetailsRepository; -import org.springframework.security.web.server.WebFilterChainFilter; +import org.springframework.security.web.server.WebFilterChainProxy; import org.springframework.web.reactive.config.EnableWebFlux; import org.springframework.web.server.adapter.WebHttpHandlerBuilder; @@ -58,11 +58,11 @@ public class ReactiveSecurityAutoConfigurationTests { .withConfiguration( AutoConfigurations.of(ReactiveSecurityAutoConfiguration.class)) .run((context) -> { - assertThat(context).getBean(HttpSecurityConfiguration.class) + assertThat(context).getBean(ServerHttpSecurityConfiguration.class) .isNotNull(); assertThat(context).getBean(WebFluxSecurityConfiguration.class) .isNotNull(); - assertThat(context).getBean(WebFilterChainFilter.class).isNotNull(); + assertThat(context).getBean(WebFilterChainProxy.class).isNotNull(); }); } @@ -72,9 +72,9 @@ public class ReactiveSecurityAutoConfigurationTests { .withConfiguration( AutoConfigurations.of(ReactiveSecurityAutoConfiguration.class)) .run((context) -> { - UserDetailsRepository userDetailsRepository = context - .getBean(UserDetailsRepository.class); - assertThat(userDetailsRepository.findByUsername("user").block()) + ReactiveUserDetailsService userDetailsService = context + .getBean(ReactiveUserDetailsService.class); + assertThat(userDetailsService.findByUsername("user").block()) .isNotNull(); }); } @@ -85,13 +85,13 @@ public class ReactiveSecurityAutoConfigurationTests { .withConfiguration( AutoConfigurations.of(ReactiveSecurityAutoConfiguration.class)) .run((context) -> { - UserDetailsRepository userDetailsRepository = context - .getBean(UserDetailsRepository.class); - assertThat(userDetailsRepository.findByUsername("user").block()) + ReactiveUserDetailsService userDetailsService = context + .getBean(ReactiveUserDetailsService.class); + assertThat(userDetailsService.findByUsername("user").block()) .isNull(); - assertThat(userDetailsRepository.findByUsername("foo").block()) + assertThat(userDetailsService.findByUsername("foo").block()) .isNotNull(); - assertThat(userDetailsRepository.findByUsername("admin").block()) + assertThat(userDetailsService.findByUsername("admin").block()) .isNotNull(); }); } @@ -103,7 +103,7 @@ public class ReactiveSecurityAutoConfigurationTests { TestConfig.class) .withConfiguration( AutoConfigurations.of(ReactiveSecurityAutoConfiguration.class)) - .run((context) -> assertThat(context).getBean(UserDetailsRepository.class) + .run((context) -> assertThat(context).getBean(ReactiveUserDetailsService.class) .isNull()); } @@ -127,12 +127,12 @@ public class ReactiveSecurityAutoConfigurationTests { static class UserConfig { @Bean - public MapUserDetailsRepository userDetailsRepository() { + public MapReactiveUserDetailsService userDetailsService() { UserDetails foo = User.withUsername("foo").password("foo").roles("USER") .build(); UserDetails admin = User.withUsername("admin").password("admin") .roles("USER", "ADMIN").build(); - return new MapUserDetailsRepository(foo, admin); + return new MapReactiveUserDetailsService(foo, admin); } } diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/user/SecurityConfig.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/user/SecurityConfig.java deleted file mode 100644 index bfa71618d9..0000000000 --- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/user/SecurityConfig.java +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright 2012-2017 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.boot.autoconfigure.security.user; - -import org.springframework.boot.autoconfigure.domain.EntityScan; -import org.springframework.context.annotation.Configuration; -import org.springframework.data.jpa.repository.config.EnableJpaRepositories; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; -import org.springframework.security.config.annotation.authentication.configurers.GlobalAuthenticationConfigurerAdapter; -import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; - -@Configuration -@EnableGlobalMethodSecurity(securedEnabled = true) -@EntityScan(basePackageClasses = User.class) -@EnableJpaRepositories(basePackageClasses = User.class) -public class SecurityConfig extends GlobalAuthenticationConfigurerAdapter { - - protected final UserRepository userRepository; - - public SecurityConfig(UserRepository userRepository) { - this.userRepository = userRepository; - } - - @Override - public void init(AuthenticationManagerBuilder auth) throws Exception { - System.err.println("Global security config"); - } - -} diff --git a/spring-boot-project/spring-boot-dependencies/pom.xml b/spring-boot-project/spring-boot-dependencies/pom.xml index 204fc359e6..c2b6721cea 100644 --- a/spring-boot-project/spring-boot-dependencies/pom.xml +++ b/spring-boot-project/spring-boot-dependencies/pom.xml @@ -154,7 +154,7 @@ 1.2.0.RELEASE 1.2.2.RELEASE 1.2.1.RELEASE - 5.0.0.M5 + 5.0.0.BUILD-SNAPSHOT 2.0.0.M5 2.0.0.M4 2.0.0.M4 diff --git a/spring-boot-project/spring-boot-docs/pom.xml b/spring-boot-project/spring-boot-docs/pom.xml index 3c5af4475e..81f0248a5a 100644 --- a/spring-boot-project/spring-boot-docs/pom.xml +++ b/spring-boot-project/spring-boot-docs/pom.xml @@ -712,11 +712,6 @@ spring-security-test true - - org.springframework.security - spring-security-webflux - true - org.springframework.session spring-session-core diff --git a/spring-boot-project/spring-boot-starters/pom.xml b/spring-boot-project/spring-boot-starters/pom.xml index e0ae6b2cb6..bc1270dbeb 100644 --- a/spring-boot-project/spring-boot-starters/pom.xml +++ b/spring-boot-project/spring-boot-starters/pom.xml @@ -58,7 +58,6 @@ spring-boot-starter-quartz spring-boot-starter-reactor-netty spring-boot-starter-security - spring-boot-starter-security-reactive spring-boot-starter-social-facebook spring-boot-starter-social-twitter spring-boot-starter-social-linkedin diff --git a/spring-boot-project/spring-boot-starters/spring-boot-starter-security-reactive/pom.xml b/spring-boot-project/spring-boot-starters/spring-boot-starter-security-reactive/pom.xml deleted file mode 100644 index bc64017909..0000000000 --- a/spring-boot-project/spring-boot-starters/spring-boot-starter-security-reactive/pom.xml +++ /dev/null @@ -1,34 +0,0 @@ - - - 4.0.0 - - org.springframework.boot - spring-boot-starters - ${revision} - - spring-boot-starter-security-reactive - Spring Boot Security Reactive Starter - Starter for using reactive Spring Security - - ${basedir}/../../.. - - - - org.springframework.boot - spring-boot-starter - - - org.springframework - spring-aop - - - org.springframework.security - spring-security-config - - - org.springframework.security - spring-security-webflux - - - diff --git a/spring-boot-project/spring-boot-starters/spring-boot-starter-security-reactive/src/main/resources/META-INF/spring.provides b/spring-boot-project/spring-boot-starters/spring-boot-starter-security-reactive/src/main/resources/META-INF/spring.provides deleted file mode 100644 index 3f5de80181..0000000000 --- a/spring-boot-project/spring-boot-starters/spring-boot-starter-security-reactive/src/main/resources/META-INF/spring.provides +++ /dev/null @@ -1 +0,0 @@ -provides: spring-security-webflux,spring-security-config diff --git a/spring-boot-samples/spring-boot-sample-secure-webflux/pom.xml b/spring-boot-samples/spring-boot-sample-secure-webflux/pom.xml index 91cabbf869..056559a6c5 100644 --- a/spring-boot-samples/spring-boot-sample-secure-webflux/pom.xml +++ b/spring-boot-samples/spring-boot-sample-secure-webflux/pom.xml @@ -27,7 +27,7 @@ org.springframework.boot - spring-boot-starter-security-reactive + spring-boot-starter-security diff --git a/spring-boot-samples/spring-boot-sample-secure-webflux/src/main/java/sample/secure/webflux/SampleSecureWebFluxApplication.java b/spring-boot-samples/spring-boot-sample-secure-webflux/src/main/java/sample/secure/webflux/SampleSecureWebFluxApplication.java index 5709327ce8..0d8ea665e8 100644 --- a/spring-boot-samples/spring-boot-sample-secure-webflux/src/main/java/sample/secure/webflux/SampleSecureWebFluxApplication.java +++ b/spring-boot-samples/spring-boot-sample-secure-webflux/src/main/java/sample/secure/webflux/SampleSecureWebFluxApplication.java @@ -19,9 +19,9 @@ package sample.secure.webflux; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.context.annotation.Bean; -import org.springframework.security.core.userdetails.MapUserDetailsRepository; +import org.springframework.security.core.userdetails.MapReactiveUserDetailsService; +import org.springframework.security.core.userdetails.ReactiveUserDetailsService; import org.springframework.security.core.userdetails.User; -import org.springframework.security.core.userdetails.UserDetailsRepository; import org.springframework.web.reactive.function.server.RouterFunction; import org.springframework.web.reactive.function.server.ServerResponse; @@ -41,8 +41,8 @@ public class SampleSecureWebFluxApplication { } @Bean - public UserDetailsRepository userDetailsRepository() { - return new MapUserDetailsRepository( + public ReactiveUserDetailsService userDetailsRepository() { + return new MapReactiveUserDetailsService( User.withUsername("foo").password("password").roles("USER").build()); } diff --git a/spring-boot-samples/spring-boot-sample-web-method-security/src/main/java/sample/security/method/SampleMethodSecurityApplication.java b/spring-boot-samples/spring-boot-sample-web-method-security/src/main/java/sample/security/method/SampleMethodSecurityApplication.java index 6535288091..b4e7b640a5 100644 --- a/spring-boot-samples/spring-boot-sample-web-method-security/src/main/java/sample/security/method/SampleMethodSecurityApplication.java +++ b/spring-boot-samples/spring-boot-sample-web-method-security/src/main/java/sample/security/method/SampleMethodSecurityApplication.java @@ -18,19 +18,21 @@ package sample.security.method; import java.util.Date; import java.util.Map; +import java.util.UUID; import org.springframework.boot.actuate.autoconfigure.security.EndpointRequest; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.builder.SpringApplicationBuilder; +import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.Ordered; import org.springframework.core.annotation.Order; import org.springframework.security.access.annotation.Secured; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; -import org.springframework.security.config.annotation.authentication.configurers.GlobalAuthenticationConfigurerAdapter; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.GetMapping; @@ -67,14 +69,14 @@ public class SampleMethodSecurityApplication implements WebMvcConfigurer { @Order(Ordered.HIGHEST_PRECEDENCE) @Configuration - protected static class AuthenticationSecurity - extends GlobalAuthenticationConfigurerAdapter { + protected static class AuthenticationSecurity { - @Override - public void init(AuthenticationManagerBuilder auth) throws Exception { - auth.inMemoryAuthentication().withUser("admin").password("admin") - .roles("ADMIN", "USER", "ACTUATOR").and().withUser("user") - .password("user").roles("USER"); + @Bean + public InMemoryUserDetailsManager inMemoryUserDetailsManager() throws Exception { + String password = UUID.randomUUID().toString(); + return new InMemoryUserDetailsManager( + User.withUsername("admin").password("admin").roles("ADMIN", "USER", "ACTUATOR").build(), + User.withUsername("user").password("user").roles("USER").build()); } }