Upgrade to Spring Security 6.1 for testing.

Also, to ensure Spring Framework 6.1 compatibility.

Fixes #2271.
This commit is contained in:
Oliver Drotbohm
2023-06-13 11:49:30 +02:00
parent 529a5884c6
commit bfe1bd90d0
3 changed files with 17 additions and 20 deletions

View File

@@ -14,7 +14,7 @@
<properties>
<java-module-name>spring.data.rest.tests.security</java-module-name>
<spring-security.version>6.0.0-M1</spring-security.version>
<spring-security.version>6.1.0</spring-security.version>
</properties>
<dependencies>

View File

@@ -16,38 +16,37 @@
package org.springframework.data.rest.tests.security;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.SecurityFilterChain;
// tag::code[]
@Configuration // <1>
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true) // <2>
class SecurityConfiguration extends WebSecurityConfigurerAdapter { // <3>
// end::code[]
@EnableMethodSecurity(securedEnabled = true, prePostEnabled = true) // <2>
class SecurityConfiguration { // <3>
// end::code[]
@Autowired
void configureAuth(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user").password("user").roles("USER").and()
.withUser("admin").password("admin").roles("USER", "ADMIN");
.withUser("user").password("user").roles("USER").and()
.withUser("admin").password("admin").roles("USER", "ADMIN");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
@Bean
SecurityFilterChain filterChain(HttpSecurity security) throws Exception {
http.
authorizeRequests()
.antMatchers(HttpMethod.GET, "/").permitAll() // Ignore security at the root URI.
.anyRequest().authenticated()
.and()
.httpBasic()
.and()
.csrf().disable(); // Disable CSRF since it's not critical for the scope of testing.
return security
.authorizeHttpRequests(it -> it.requestMatchers(HttpMethod.GET, "/")
.permitAll().anyRequest().authenticated())
.csrf(it -> it.disable())
.httpBasic().and()
.build();
}
}

View File

@@ -30,7 +30,6 @@ import org.springframework.data.rest.tests.AbstractWebIntegrationTests;
import org.springframework.data.rest.tests.TestMvcClient;
import org.springframework.data.rest.webmvc.config.RepositoryRestMvcConfiguration;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContextHolder;
@@ -53,7 +52,6 @@ import org.springframework.web.context.WebApplicationContext;
class SecurityIntegrationTests extends AbstractWebIntegrationTests {
@Autowired WebApplicationContext context;
@Autowired MethodSecurityInterceptor methodSecurityInterceptor;
@Autowired SecuredPersonRepository personRepository;
@Autowired PreAuthorizedOrderRepository orderRepository;