SEC-2790: Deprecate @EnableWebMvcConfig
This commit is contained in:
@@ -16,16 +16,20 @@
|
||||
package org.springframework.security.config.annotation.web.configurers;
|
||||
|
||||
import static org.fest.assertions.Assertions.assertThat;
|
||||
import static org.mockito.Mockito.mock;
|
||||
|
||||
import org.junit.After;
|
||||
import org.junit.Test;
|
||||
import org.springframework.context.ConfigurableApplicationContext;
|
||||
import org.springframework.context.annotation.AnnotationConfigApplicationContext;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
|
||||
import org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor;
|
||||
import org.springframework.web.servlet.support.RequestDataValueProcessor;
|
||||
|
||||
/**
|
||||
* @author Rob Winch
|
||||
@@ -45,7 +49,7 @@ public class CsrfConfigurerNoWebMvcTests {
|
||||
public void missingDispatcherServletPreventsCsrfRequestDataValueProcessor() {
|
||||
loadContext(EnableWebConfig.class);
|
||||
|
||||
assertThat(context.containsBeanDefinition("requestDataValueProcessor")).isFalse();
|
||||
assertThat(context.containsBeanDefinition("requestDataValueProcessor")).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -55,6 +59,13 @@ public class CsrfConfigurerNoWebMvcTests {
|
||||
assertThat(context.containsBeanDefinition("requestDataValueProcessor")).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void overrideCsrfRequestDataValueProcessor() {
|
||||
loadContext(EnableWebOverrideRequestDataConfig.class);
|
||||
|
||||
assertThat(context.getBean(RequestDataValueProcessor.class).getClass()).isNotEqualTo(CsrfRequestDataValueProcessor.class);
|
||||
}
|
||||
|
||||
@EnableWebSecurity
|
||||
static class EnableWebConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@@ -63,7 +74,15 @@ public class CsrfConfigurerNoWebMvcTests {
|
||||
}
|
||||
}
|
||||
|
||||
@EnableWebMvcSecurity
|
||||
@EnableWebSecurity
|
||||
static class EnableWebOverrideRequestDataConfig {
|
||||
@Bean
|
||||
public RequestDataValueProcessor requestDataValueProcessor() {
|
||||
return mock(RequestDataValueProcessor.class);
|
||||
}
|
||||
}
|
||||
|
||||
@EnableWebSecurity
|
||||
static class EnableWebMvcConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
|
||||
Reference in New Issue
Block a user