From a0ca45e4b8858397d36863dce72edaa8bc3ae7fa Mon Sep 17 00:00:00 2001 From: Eleftheria Stein Date: Fri, 12 Jul 2019 14:00:07 -0400 Subject: [PATCH] Use http security nested builder in samples Issue: gh-5557 --- .../samples/config/SecurityConfig.java | 17 ++- .../samples/OAuth2LoginApplicationTests.java | 26 +++-- ...h2ResourceServerSecurityConfiguration.java | 19 ++-- ...h2ResourceServerSecurityConfiguration.java | 15 ++- ...h2ResourceServerSecurityConfiguration.java | 21 ++-- ...h2ResourceServerSecurityConfiguration.java | 18 +-- ...h2ResourceServerSecurityConfiguration.java | 19 ++-- .../java/sample/config/SecurityConfig.java | 21 ++-- .../samples/config/SecurityConfig.java | 25 ++-- .../samples/config/SecurityConfig.java | 26 +++-- .../samples/config/SecurityConfig.java | 107 +++++++++++------- .../samples/config/SecurityConfig.java | 17 +-- .../samples/config/SecurityConfig.java | 24 ++-- .../samples/config/SecurityConfig.java | 13 ++- 14 files changed, 224 insertions(+), 144 deletions(-) diff --git a/samples/boot/helloworld/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/boot/helloworld/src/main/java/org/springframework/security/samples/config/SecurityConfig.java index e6d09b2448..7bb3d9e64d 100644 --- a/samples/boot/helloworld/src/main/java/org/springframework/security/samples/config/SecurityConfig.java +++ b/samples/boot/helloworld/src/main/java/org/springframework/security/samples/config/SecurityConfig.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 the original author or authors. + * Copyright 2002-2019 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -32,11 +32,16 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http - .authorizeRequests() - .antMatchers("/css/**", "/index").permitAll() - .antMatchers("/user/**").hasRole("USER") - .and() - .formLogin().loginPage("/login").failureUrl("/login-error"); + .authorizeRequests(authorizeRequests -> + authorizeRequests + .antMatchers("/css/**", "/index").permitAll() + .antMatchers("/user/**").hasRole("USER") + ) + .formLogin(formLogin -> + formLogin + .loginPage("/login") + .failureUrl("/login-error") + ); } // @formatter:on diff --git a/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java b/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java index d176bd694c..848622a047 100644 --- a/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java +++ b/samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 the original author or authors. + * Copyright 2002-2019 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -358,15 +358,21 @@ public class OAuth2LoginApplicationTests { @Override protected void configure(HttpSecurity http) throws Exception { http - .authorizeRequests() - .anyRequest().authenticated() - .and() - .oauth2Login() - .tokenEndpoint() - .accessTokenResponseClient(this.mockAccessTokenResponseClient()) - .and() - .userInfoEndpoint() - .userService(this.mockUserService()); + .authorizeRequests(authorizeRequests -> + authorizeRequests + .anyRequest().authenticated() + ) + .oauth2Login(oauth2Login -> + oauth2Login + .tokenEndpoint(tokenEndpoint -> + tokenEndpoint + .accessTokenResponseClient(this.mockAccessTokenResponseClient()) + ) + .userInfoEndpoint(userInfoEndpoint -> + userInfoEndpoint + .userService(this.mockUserService()) + ) + ); } // @formatter:on diff --git a/samples/boot/oauth2resourceserver-jwe/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java b/samples/boot/oauth2resourceserver-jwe/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java index 53e0a134a0..827a9628f7 100644 --- a/samples/boot/oauth2resourceserver-jwe/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java +++ b/samples/boot/oauth2resourceserver-jwe/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 the original author or authors. + * Copyright 2002-2019 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -46,6 +46,8 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur import org.springframework.security.oauth2.jwt.JwtDecoder; import org.springframework.security.oauth2.jwt.NimbusJwtDecoder; +import static org.springframework.security.config.Customizer.withDefaults; + /** * @author Josh Cummings */ @@ -66,12 +68,15 @@ public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfig protected void configure(HttpSecurity http) throws Exception { // @formatter:off http - .authorizeRequests() - .antMatchers("/message/**").hasAuthority("SCOPE_message:read") - .anyRequest().authenticated() - .and() - .oauth2ResourceServer() - .jwt(); + .authorizeRequests(authorizeRequests -> + authorizeRequests + .antMatchers("/message/**").hasAuthority("SCOPE_message:read") + .anyRequest().authenticated() + ) + .oauth2ResourceServer(oauth2ResourceServer -> + oauth2ResourceServer + .jwt(withDefaults()) + ); // @formatter:on } diff --git a/samples/boot/oauth2resourceserver-multitenancy/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java b/samples/boot/oauth2resourceserver-multitenancy/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java index b8bd55b467..1c65ea247f 100644 --- a/samples/boot/oauth2resourceserver-multitenancy/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java +++ b/samples/boot/oauth2resourceserver-multitenancy/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java @@ -51,12 +51,15 @@ public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfig protected void configure(HttpSecurity http) throws Exception { // @formatter:off http - .authorizeRequests() - .antMatchers("/**/message/**").hasAuthority("SCOPE_message:read") - .anyRequest().authenticated() - .and() - .oauth2ResourceServer() - .authenticationManagerResolver(multitenantAuthenticationManager()); + .authorizeRequests(authorizeRequests -> + authorizeRequests + .antMatchers("/**/message/**").hasAuthority("SCOPE_message:read") + .anyRequest().authenticated() + ) + .oauth2ResourceServer(oauth2ResourceServer -> + oauth2ResourceServer + .authenticationManagerResolver(multitenantAuthenticationManager()) + ); // @formatter:on } diff --git a/samples/boot/oauth2resourceserver-opaque/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java b/samples/boot/oauth2resourceserver-opaque/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java index 03505b3d7e..ae7cf6736c 100644 --- a/samples/boot/oauth2resourceserver-opaque/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java +++ b/samples/boot/oauth2resourceserver-opaque/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java @@ -34,14 +34,19 @@ public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfig protected void configure(HttpSecurity http) throws Exception { // @formatter:off http - .authorizeRequests() - .mvcMatchers("/message/**").hasAuthority("SCOPE_message:read") - .anyRequest().authenticated() - .and() - .oauth2ResourceServer() - .opaqueToken() - .introspectionUri(this.introspectionUri) - .introspectionClientCredentials(this.clientId, this.clientSecret); + .authorizeRequests(authorizeRequests -> + authorizeRequests + .mvcMatchers("/message/**").hasAuthority("SCOPE_message:read") + .anyRequest().authenticated() + ) + .oauth2ResourceServer(oauth2ResourceServer -> + oauth2ResourceServer + .opaqueToken(opaqueToken -> + opaqueToken + .introspectionUri(this.introspectionUri) + .introspectionClientCredentials(this.clientId, this.clientSecret) + ) + ); // @formatter:on } } diff --git a/samples/boot/oauth2resourceserver-static/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java b/samples/boot/oauth2resourceserver-static/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java index 135b6b5b24..67d74d9e25 100644 --- a/samples/boot/oauth2resourceserver-static/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java +++ b/samples/boot/oauth2resourceserver-static/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java @@ -38,13 +38,17 @@ public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfig protected void configure(HttpSecurity http) throws Exception { // @formatter:off http - .authorizeRequests() - .antMatchers("/message/**").hasAuthority("SCOPE_message:read") - .anyRequest().authenticated() - .and() - .oauth2ResourceServer() - .jwt() - .decoder(jwtDecoder()); + .authorizeRequests(authorizeRequests -> + authorizeRequests + .antMatchers("/message/**").hasAuthority("SCOPE_message:read") + .anyRequest().authenticated() + ) + .oauth2ResourceServer(oauth2ResourceServer -> + oauth2ResourceServer + .jwt(jwt -> + jwt.decoder(jwtDecoder()) + ) + ); // @formatter:on } diff --git a/samples/boot/oauth2resourceserver/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java b/samples/boot/oauth2resourceserver/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java index 70d5bc0b5b..23c3a4a74c 100644 --- a/samples/boot/oauth2resourceserver/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java +++ b/samples/boot/oauth2resourceserver/src/main/java/sample/OAuth2ResourceServerSecurityConfiguration.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 the original author or authors. + * Copyright 2002-2019 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -19,6 +19,8 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import static org.springframework.security.config.Customizer.withDefaults; + /** * @author Josh Cummings */ @@ -29,12 +31,15 @@ public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfig protected void configure(HttpSecurity http) throws Exception { // @formatter:off http - .authorizeRequests() - .antMatchers("/message/**").hasAuthority("SCOPE_message:read") - .anyRequest().authenticated() - .and() - .oauth2ResourceServer() - .jwt(); + .authorizeRequests(authorizeRequests -> + authorizeRequests + .antMatchers("/message/**").hasAuthority("SCOPE_message:read") + .anyRequest().authenticated() + ) + .oauth2ResourceServer(oauth2ResourceServer -> + oauth2ResourceServer + .jwt(withDefaults()) + ); // @formatter:on } } diff --git a/samples/boot/oauth2webclient/src/main/java/sample/config/SecurityConfig.java b/samples/boot/oauth2webclient/src/main/java/sample/config/SecurityConfig.java index de8b5b5a6f..80cae2f658 100644 --- a/samples/boot/oauth2webclient/src/main/java/sample/config/SecurityConfig.java +++ b/samples/boot/oauth2webclient/src/main/java/sample/config/SecurityConfig.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 the original author or authors. + * Copyright 2002-2019 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -24,6 +24,8 @@ import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.provisioning.InMemoryUserDetailsManager; +import static org.springframework.security.config.Customizer.withDefaults; + /** * @author Joe Grandja */ @@ -33,15 +35,14 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http - .authorizeRequests() - .mvcMatchers("/", "/public/**").permitAll() - .anyRequest().authenticated() - .and() - .formLogin() - .and() - .oauth2Login() - .and() - .oauth2Client(); + .authorizeRequests(authorizeRequests -> + authorizeRequests + .mvcMatchers("/", "/public/**").permitAll() + .anyRequest().authenticated() + ) + .formLogin(withDefaults()) + .oauth2Login(withDefaults()) + .oauth2Client(withDefaults()); } @Bean diff --git a/samples/javaconfig/concurrency/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/javaconfig/concurrency/src/main/java/org/springframework/security/samples/config/SecurityConfig.java index d2c9501cf7..d71dd73fc7 100644 --- a/samples/javaconfig/concurrency/src/main/java/org/springframework/security/samples/config/SecurityConfig.java +++ b/samples/javaconfig/concurrency/src/main/java/org/springframework/security/samples/config/SecurityConfig.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 the original author or authors. + * Copyright 2002-2019 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -22,6 +22,8 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import static org.springframework.security.config.Customizer.withDefaults; + @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) public class SecurityConfig extends WebSecurityConfigurerAdapter { @@ -40,14 +42,19 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { protected void configure( HttpSecurity http) throws Exception { http - .authorizeRequests() - .anyRequest().authenticated() - .and() - .formLogin() - .and() - .sessionManagement() - .maximumSessions(1) - .expiredUrl("/login?expired"); + .authorizeRequests(authorizeRequests -> + authorizeRequests + .anyRequest().authenticated() + ) + .formLogin(withDefaults()) + .sessionManagement(sessionManagement -> + sessionManagement + .sessionConcurrency(sessionConcurrency -> + sessionConcurrency + .maximumSessions(1) + .expiredUrl("/login?expired") + ) + ); } // @formatter:on } diff --git a/samples/javaconfig/form/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/javaconfig/form/src/main/java/org/springframework/security/samples/config/SecurityConfig.java index e2ec33a61d..5b002bade0 100644 --- a/samples/javaconfig/form/src/main/java/org/springframework/security/samples/config/SecurityConfig.java +++ b/samples/javaconfig/form/src/main/java/org/springframework/security/samples/config/SecurityConfig.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 the original author or authors. + * Copyright 2002-2019 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -29,16 +29,20 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http - .authorizeRequests() - .antMatchers("/resources/**").permitAll() - .anyRequest().authenticated() - .and() - .formLogin() - .loginPage("/login") - .permitAll() - .and() - .logout() - .permitAll(); + .authorizeRequests(authorizeRequests -> + authorizeRequests + .antMatchers("/resources/**").permitAll() + .anyRequest().authenticated() + ) + .formLogin(formLogin -> + formLogin + .loginPage("/login") + .permitAll() + ) + .logout(logout -> + logout + .permitAll() + ); } // @formatter:on diff --git a/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/config/SecurityConfig.java index 0b21d482e9..dc9134832c 100644 --- a/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/config/SecurityConfig.java +++ b/samples/javaconfig/openid/src/main/java/org/springframework/security/samples/config/SecurityConfig.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 the original author or authors. + * Copyright 2002-2019 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -26,46 +26,71 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http - .authorizeRequests() - .antMatchers("/resources/**").permitAll() - .anyRequest().authenticated() - .and() - .openidLogin() - .loginPage("/login") - .permitAll() - .authenticationUserDetailsService(new CustomUserDetailsService()) - .attributeExchange("https://www.google.com/.*") - .attribute("email") - .type("https://axschema.org/contact/email") - .required(true) - .and() - .attribute("firstname") - .type("https://axschema.org/namePerson/first") - .required(true) - .and() - .attribute("lastname") - .type("https://axschema.org/namePerson/last") - .required(true) - .and() - .and() - .attributeExchange(".*yahoo.com.*") - .attribute("email") - .type("https://axschema.org/contact/email") - .required(true) - .and() - .attribute("fullname") - .type("https://axschema.org/namePerson") - .required(true) - .and() - .and() - .attributeExchange(".*myopenid.com.*") - .attribute("email") - .type("https://schema.openid.net/contact/email") - .required(true) - .and() - .attribute("fullname") - .type("https://schema.openid.net/namePerson") - .required(true); + .authorizeRequests(authorizeRequests -> + authorizeRequests + .antMatchers("/resources/**").permitAll() + .anyRequest().authenticated() + ) + .openidLogin(openidLogin -> + openidLogin + .loginPage("/login") + .permitAll() + .authenticationUserDetailsService(new CustomUserDetailsService()) + .attributeExchange(googleExchange -> + googleExchange + .identifierPattern("https://www.google.com/.*") + .attribute(emailAttribute -> + emailAttribute + .name("email") + .type("https://axschema.org/contact/email") + .required(true) + ) + .attribute(firstnameAttribute -> + firstnameAttribute + .name("firstname") + .type("https://axschema.org/namePerson/first") + .required(true) + ) + .attribute(lastnameAttribute -> + lastnameAttribute + .name("lastname") + .type("https://axschema.org/namePerson/last") + .required(true) + ) + ) + .attributeExchange(yahooExchange -> + yahooExchange + .identifierPattern(".*yahoo.com.*") + .attribute(emailAttribute -> + emailAttribute + .name("email") + .type("https://axschema.org/contact/email") + .required(true) + ) + .attribute(fullnameAttribute -> + fullnameAttribute + .name("fullname") + .type("https://axschema.org/namePerson") + .required(true) + ) + ) + .attributeExchange(myopenidExchange -> + myopenidExchange + .identifierPattern(".*myopenid.com.*") + .attribute(emailAttribute -> + emailAttribute + .name("email") + .type("https://schema.openid.net/contact/email") + .required(true) + ) + .attribute(fullnameAttribute -> + fullnameAttribute + .name("fullname") + .type("https://schema.openid.net/namePerson") + .required(true) + ) + ) + ); } // @formatter:on } diff --git a/samples/javaconfig/preauth/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/javaconfig/preauth/src/main/java/org/springframework/security/samples/config/SecurityConfig.java index 97b95313b2..1544f08b3b 100644 --- a/samples/javaconfig/preauth/src/main/java/org/springframework/security/samples/config/SecurityConfig.java +++ b/samples/javaconfig/preauth/src/main/java/org/springframework/security/samples/config/SecurityConfig.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 the original author or authors. + * Copyright 2002-2019 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -26,12 +26,15 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http - .authorizeRequests() - .antMatchers("/login", "/resources/**").permitAll() - .anyRequest().authenticated() - .and() - .jee() - .mappableRoles("USER", "ADMIN"); + .authorizeRequests(authorizeRequests -> + authorizeRequests + .antMatchers("/login", "/resources/**").permitAll() + .anyRequest().authenticated() + ) + .jee(jee -> + jee + .mappableRoles("USER", "ADMIN") + ); } // @formatter:on } diff --git a/samples/javaconfig/rememberme/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/javaconfig/rememberme/src/main/java/org/springframework/security/samples/config/SecurityConfig.java index 20e1e09a89..c2e36065a0 100644 --- a/samples/javaconfig/rememberme/src/main/java/org/springframework/security/samples/config/SecurityConfig.java +++ b/samples/javaconfig/rememberme/src/main/java/org/springframework/security/samples/config/SecurityConfig.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 the original author or authors. + * Copyright 2002-2019 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -21,6 +21,8 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import static org.springframework.security.config.Customizer.withDefaults; + @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @@ -39,15 +41,17 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http - .authorizeRequests() - .antMatchers("/resources/**").permitAll() - .anyRequest().authenticated() - .and() - .formLogin() - .loginPage("/login") - .permitAll() - .and() - .rememberMe(); + .authorizeRequests(authorizeRequests -> + authorizeRequests + .antMatchers("/resources/**").permitAll() + .anyRequest().authenticated() + ) + .formLogin(formLogin -> + formLogin + .loginPage("/login") + .permitAll() + ) + .rememberMe(withDefaults()); } // @formatter:on } diff --git a/samples/javaconfig/x509/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/javaconfig/x509/src/main/java/org/springframework/security/samples/config/SecurityConfig.java index ef7850625f..1fa5356df4 100644 --- a/samples/javaconfig/x509/src/main/java/org/springframework/security/samples/config/SecurityConfig.java +++ b/samples/javaconfig/x509/src/main/java/org/springframework/security/samples/config/SecurityConfig.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 the original author or authors. + * Copyright 2002-2019 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -21,6 +21,8 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import static org.springframework.security.config.Customizer.withDefaults; + @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @@ -40,10 +42,11 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http - .authorizeRequests() - .anyRequest().authenticated() - .and() - .x509(); + .authorizeRequests(authorizeRequests -> + authorizeRequests + .anyRequest().authenticated() + ) + .x509(withDefaults()); } // @formatter:on }