diff --git a/servlet/java-configuration/authentication/preauth/src/main/java/example/SecurityConfiguration.java b/servlet/java-configuration/authentication/preauth/src/main/java/example/SecurityConfiguration.java index a481d2c..820b0dc 100644 --- a/servlet/java-configuration/authentication/preauth/src/main/java/example/SecurityConfiguration.java +++ b/servlet/java-configuration/authentication/preauth/src/main/java/example/SecurityConfiguration.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 the original author or authors. + * Copyright 2002-2023 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -17,6 +17,7 @@ package example; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Scope; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.core.userdetails.User; @@ -24,17 +25,19 @@ import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.springframework.security.web.SecurityFilterChain; +import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher; +import org.springframework.web.servlet.handler.HandlerMappingIntrospector; @Configuration @EnableWebSecurity public class SecurityConfiguration { @Bean - public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { + public SecurityFilterChain securityFilterChain(HttpSecurity http, MvcRequestMatcher.Builder mvc) throws Exception { // @formatter:off http .authorizeHttpRequests((authorize) -> authorize - .requestMatchers("/login", "/resources/**").permitAll() + .requestMatchers(mvc.pattern("/login"), mvc.pattern("/resources/**")).permitAll() .anyRequest().authenticated() ) .jee((jee) -> jee.mappableRoles("USER", "ADMIN")); @@ -42,6 +45,12 @@ public class SecurityConfiguration { return http.build(); } + @Scope("prototype") + @Bean + MvcRequestMatcher.Builder mvc(HandlerMappingIntrospector introspector) { + return new MvcRequestMatcher.Builder(introspector); + } + // @formatter:off @Bean public UserDetailsService userDetailsService() {