Upgrade to Spring Security 6.1 for testing.
Also, to ensure Spring Framework 6.1 compatibility. Fixes #2271.
This commit is contained in:
@@ -14,7 +14,7 @@
|
||||
|
||||
<properties>
|
||||
<java-module-name>spring.data.rest.tests.security</java-module-name>
|
||||
<spring-security.version>6.0.0-M1</spring-security.version>
|
||||
<spring-security.version>6.1.0</spring-security.version>
|
||||
</properties>
|
||||
|
||||
<dependencies>
|
||||
|
||||
@@ -16,38 +16,37 @@
|
||||
package org.springframework.data.rest.tests.security;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
// tag::code[]
|
||||
@Configuration // <1>
|
||||
@EnableWebSecurity
|
||||
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true) // <2>
|
||||
class SecurityConfiguration extends WebSecurityConfigurerAdapter { // <3>
|
||||
// end::code[]
|
||||
@EnableMethodSecurity(securedEnabled = true, prePostEnabled = true) // <2>
|
||||
class SecurityConfiguration { // <3>
|
||||
// end::code[]
|
||||
@Autowired
|
||||
void configureAuth(AuthenticationManagerBuilder auth) throws Exception {
|
||||
|
||||
auth.inMemoryAuthentication()
|
||||
.withUser("user").password("user").roles("USER").and()
|
||||
.withUser("admin").password("admin").roles("USER", "ADMIN");
|
||||
.withUser("user").password("user").roles("USER").and()
|
||||
.withUser("admin").password("admin").roles("USER", "ADMIN");
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
@Bean
|
||||
SecurityFilterChain filterChain(HttpSecurity security) throws Exception {
|
||||
|
||||
http.
|
||||
authorizeRequests()
|
||||
.antMatchers(HttpMethod.GET, "/").permitAll() // Ignore security at the root URI.
|
||||
.anyRequest().authenticated()
|
||||
.and()
|
||||
.httpBasic()
|
||||
.and()
|
||||
.csrf().disable(); // Disable CSRF since it's not critical for the scope of testing.
|
||||
return security
|
||||
.authorizeHttpRequests(it -> it.requestMatchers(HttpMethod.GET, "/")
|
||||
.permitAll().anyRequest().authenticated())
|
||||
.csrf(it -> it.disable())
|
||||
.httpBasic().and()
|
||||
.build();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -30,7 +30,6 @@ import org.springframework.data.rest.tests.AbstractWebIntegrationTests;
|
||||
import org.springframework.data.rest.tests.TestMvcClient;
|
||||
import org.springframework.data.rest.webmvc.config.RepositoryRestMvcConfiguration;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
@@ -53,7 +52,6 @@ import org.springframework.web.context.WebApplicationContext;
|
||||
class SecurityIntegrationTests extends AbstractWebIntegrationTests {
|
||||
|
||||
@Autowired WebApplicationContext context;
|
||||
@Autowired MethodSecurityInterceptor methodSecurityInterceptor;
|
||||
|
||||
@Autowired SecuredPersonRepository personRepository;
|
||||
@Autowired PreAuthorizedOrderRepository orderRepository;
|
||||
|
||||
Reference in New Issue
Block a user