diff --git a/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfiguration.java b/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfiguration.java index f2edd5dac674..599afa363871 100644 --- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfiguration.java +++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfiguration.java @@ -58,7 +58,7 @@ public class ManagementWebSecurityAutoConfiguration { @Bean @Order(SecurityProperties.BASIC_AUTH_ORDER) SecurityFilterChain managementSecurityFilterChain(HttpSecurity http) throws Exception { - http.authorizeRequests((requests) -> { + http.authorizeHttpRequests((requests) -> { requests.requestMatchers(EndpointRequest.to(HealthEndpoint.class)).permitAll(); requests.anyRequest().authenticated(); }); diff --git a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/AbstractEndpointRequestIntegrationTests.java b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/AbstractEndpointRequestIntegrationTests.java index b51f302d40a6..a48cfaf3fe13 100644 --- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/AbstractEndpointRequestIntegrationTests.java +++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/AbstractEndpointRequestIntegrationTests.java @@ -183,7 +183,7 @@ org.springframework.security.config.annotation.web.configuration.WebSecurityConf @Override protected void configure(HttpSecurity http) throws Exception { - http.authorizeRequests((requests) -> { + http.authorizeHttpRequests((requests) -> { requests.requestMatchers(EndpointRequest.toLinks()).permitAll(); requests.requestMatchers(EndpointRequest.to(TestEndpoint1.class)).permitAll(); requests.requestMatchers(EndpointRequest.toAnyEndpoint()).authenticated(); diff --git a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfigurationTests.java b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfigurationTests.java index 03fcd3382937..bc8258dc5be9 100644 --- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfigurationTests.java +++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfigurationTests.java @@ -179,7 +179,7 @@ static class CustomSecurityConfiguration @Override protected void configure(HttpSecurity http) throws Exception { - http.authorizeRequests((requests) -> { + http.authorizeHttpRequests((requests) -> { requests.antMatchers("/foo").permitAll(); requests.anyRequest().authenticated(); }); @@ -194,7 +194,7 @@ static class TestSecurityFilterChainConfig { @Bean SecurityFilterChain testSecurityFilterChain(HttpSecurity http) throws Exception { - return http.antMatcher("/**").authorizeRequests((authorize) -> authorize.anyRequest().authenticated()) + return http.antMatcher("/**").authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated()) .build(); } @@ -206,8 +206,8 @@ static class TestRemoteDevToolsSecurityFilterChainConfig extends TestSecurityFil @Bean @Order(SecurityProperties.BASIC_AUTH_ORDER - 1) SecurityFilterChain testRemoteDevToolsSecurityFilterChain(HttpSecurity http) throws Exception { - return http.requestMatcher(new AntPathRequestMatcher("/**")).authorizeRequests().anyRequest().anonymous() - .and().csrf().disable().build(); + return http.requestMatcher(new AntPathRequestMatcher("/**")).authorizeHttpRequests().anyRequest() + .anonymous().and().csrf().disable().build(); } } diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/servlet/OAuth2WebSecurityConfiguration.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/servlet/OAuth2WebSecurityConfiguration.java index bee12ac2c3a1..97467895e57b 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/servlet/OAuth2WebSecurityConfiguration.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/servlet/OAuth2WebSecurityConfiguration.java @@ -58,7 +58,7 @@ static class OAuth2SecurityFilterChainConfiguration { @Bean SecurityFilterChain oauth2SecurityFilterChain(HttpSecurity http) throws Exception { - http.authorizeRequests((requests) -> requests.anyRequest().authenticated()); + http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated()); http.oauth2Login(Customizer.withDefaults()); http.oauth2Client(); return http.build(); diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerJwtConfiguration.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerJwtConfiguration.java index 479ace9b4321..c91bc34cb9b3 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerJwtConfiguration.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerJwtConfiguration.java @@ -153,7 +153,7 @@ static class OAuth2SecurityFilterChainConfiguration { @Bean @ConditionalOnBean(JwtDecoder.class) SecurityFilterChain jwtSecurityFilterChain(HttpSecurity http) throws Exception { - http.authorizeRequests((requests) -> requests.anyRequest().authenticated()); + http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated()); http.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt); return http.build(); } diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerOpaqueTokenConfiguration.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerOpaqueTokenConfiguration.java index 03c2bec19438..219570aaf9ee 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerOpaqueTokenConfiguration.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerOpaqueTokenConfiguration.java @@ -60,7 +60,7 @@ static class OAuth2SecurityFilterChainConfiguration { @Bean @ConditionalOnBean(OpaqueTokenIntrospector.class) SecurityFilterChain opaqueTokenSecurityFilterChain(HttpSecurity http) throws Exception { - http.authorizeRequests((requests) -> requests.anyRequest().authenticated()); + http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated()); http.oauth2ResourceServer(OAuth2ResourceServerConfigurer::opaqueToken); return http.build(); } diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/saml2/Saml2LoginConfiguration.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/saml2/Saml2LoginConfiguration.java index 56dd5be5d311..bd39d30f6fe2 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/saml2/Saml2LoginConfiguration.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/saml2/Saml2LoginConfiguration.java @@ -37,7 +37,7 @@ class Saml2LoginConfiguration { @Bean SecurityFilterChain samlSecurityFilterChain(HttpSecurity http) throws Exception { - http.authorizeRequests((requests) -> requests.anyRequest().authenticated()).saml2Login(); + http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated()).saml2Login(); http.saml2Logout(); return http.build(); } diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/servlet/SpringBootWebSecurityConfiguration.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/servlet/SpringBootWebSecurityConfiguration.java index ad7750bec5dc..2363eca9fd26 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/servlet/SpringBootWebSecurityConfiguration.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/servlet/SpringBootWebSecurityConfiguration.java @@ -54,7 +54,7 @@ static class SecurityFilterChainConfiguration { @Bean @Order(SecurityProperties.BASIC_AUTH_ORDER) SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception { - http.authorizeRequests().anyRequest().authenticated(); + http.authorizeHttpRequests().anyRequest().authenticated(); http.formLogin(); http.httpBasic(); return http.build(); diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/graphql/security/GraphQlWebMvcSecurityAutoConfigurationTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/graphql/security/GraphQlWebMvcSecurityAutoConfigurationTests.java index d56510311d8e..b5339283dec2 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/graphql/security/GraphQlWebMvcSecurityAutoConfigurationTests.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/graphql/security/GraphQlWebMvcSecurityAutoConfigurationTests.java @@ -160,7 +160,7 @@ DefaultSecurityFilterChain springWebFilterChain(HttpSecurity http) throws Except return http.csrf((c) -> c.disable()) // Demonstrate that method security works // Best practice to use both for defense in depth - .authorizeRequests((requests) -> requests.anyRequest().permitAll()).httpBasic(withDefaults()) + .authorizeHttpRequests((requests) -> requests.anyRequest().permitAll()).httpBasic(withDefaults()) .build(); } diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/servlet/OAuth2WebSecurityConfigurationTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/servlet/OAuth2WebSecurityConfigurationTests.java index 8e1b390b91c5..63b4b8692a8d 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/servlet/OAuth2WebSecurityConfigurationTests.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/servlet/OAuth2WebSecurityConfigurationTests.java @@ -241,7 +241,7 @@ static class TestSecurityFilterChainConfig { @Bean SecurityFilterChain testSecurityFilterChain(HttpSecurity http) throws Exception { - return http.antMatcher("/**").authorizeRequests((authorize) -> authorize.anyRequest().authenticated()) + return http.antMatcher("/**").authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated()) .build(); } diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerAutoConfigurationTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerAutoConfigurationTests.java index 007a941d52b3..a6541cfd275c 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerAutoConfigurationTests.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerAutoConfigurationTests.java @@ -692,7 +692,7 @@ static class TestSecurityFilterChainConfig { @Bean SecurityFilterChain testSecurityFilterChain(HttpSecurity http) throws Exception { - return http.antMatcher("/**").authorizeRequests((authorize) -> authorize.anyRequest().authenticated()) + return http.antMatcher("/**").authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated()) .build(); } diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/saml2/Saml2RelyingPartyAutoConfigurationTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/saml2/Saml2RelyingPartyAutoConfigurationTests.java index c9b19832dfa7..b9e52163ee42 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/saml2/Saml2RelyingPartyAutoConfigurationTests.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/saml2/Saml2RelyingPartyAutoConfigurationTests.java @@ -321,7 +321,7 @@ static class TestSecurityFilterChainConfig { @Bean SecurityFilterChain testSecurityFilterChain(HttpSecurity http) throws Exception { - return http.antMatcher("/**").authorizeRequests((authorize) -> authorize.anyRequest().authenticated()) + return http.antMatcher("/**").authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated()) .build(); } diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/servlet/SecurityAutoConfigurationTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/servlet/SecurityAutoConfigurationTests.java index 3c20e9920214..296a8fcbb3f1 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/servlet/SecurityAutoConfigurationTests.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/servlet/SecurityAutoConfigurationTests.java @@ -298,7 +298,7 @@ static class TestSecurityFilterChainConfig { @Bean SecurityFilterChain testSecurityFilterChain(HttpSecurity http) throws Exception { - return http.antMatcher("/**").authorizeRequests((authorize) -> authorize.anyRequest().authenticated()) + return http.antMatcher("/**").authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated()) .build(); } diff --git a/spring-boot-project/spring-boot-devtools/src/main/java/org/springframework/boot/devtools/autoconfigure/RemoteDevtoolsSecurityConfiguration.java b/spring-boot-project/spring-boot-devtools/src/main/java/org/springframework/boot/devtools/autoconfigure/RemoteDevtoolsSecurityConfiguration.java index 53247b595afb..67d55b4113f8 100644 --- a/spring-boot-project/spring-boot-devtools/src/main/java/org/springframework/boot/devtools/autoconfigure/RemoteDevtoolsSecurityConfiguration.java +++ b/spring-boot-project/spring-boot-devtools/src/main/java/org/springframework/boot/devtools/autoconfigure/RemoteDevtoolsSecurityConfiguration.java @@ -50,7 +50,7 @@ class RemoteDevtoolsSecurityConfiguration { @ConditionalOnMissingBean(org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.class) @SuppressWarnings("deprecation") SecurityFilterChain devtoolsSecurityFilterChain(HttpSecurity http) throws Exception { - http.requestMatcher(new AntPathRequestMatcher(this.url)).authorizeRequests().anyRequest().anonymous().and() + http.requestMatcher(new AntPathRequestMatcher(this.url)).authorizeHttpRequests().anyRequest().anonymous().and() .csrf().disable(); return http.build(); } diff --git a/spring-boot-project/spring-boot-devtools/src/test/java/org/springframework/boot/devtools/autoconfigure/RemoteDevToolsAutoConfigurationTests.java b/spring-boot-project/spring-boot-devtools/src/test/java/org/springframework/boot/devtools/autoconfigure/RemoteDevToolsAutoConfigurationTests.java index 9c959f444a82..230be0fdd17b 100644 --- a/spring-boot-project/spring-boot-devtools/src/test/java/org/springframework/boot/devtools/autoconfigure/RemoteDevToolsAutoConfigurationTests.java +++ b/spring-boot-project/spring-boot-devtools/src/test/java/org/springframework/boot/devtools/autoconfigure/RemoteDevToolsAutoConfigurationTests.java @@ -277,7 +277,7 @@ static class TestWebSecurityConfigurerAdapter @Override protected void configure(HttpSecurity http) throws Exception { - http.antMatcher("/foo/**").authorizeRequests().anyRequest().authenticated().and().httpBasic(); + http.antMatcher("/foo/**").authorizeHttpRequests().anyRequest().authenticated().and().httpBasic(); } } diff --git a/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/actuator/endpoints/security/exposeall/MySecurityConfiguration.java b/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/actuator/endpoints/security/exposeall/MySecurityConfiguration.java index 39ebcb33021e..e42829a3837f 100644 --- a/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/actuator/endpoints/security/exposeall/MySecurityConfiguration.java +++ b/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/actuator/endpoints/security/exposeall/MySecurityConfiguration.java @@ -28,7 +28,7 @@ public class MySecurityConfiguration { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http.requestMatcher(EndpointRequest.toAnyEndpoint()); - http.authorizeRequests((requests) -> requests.anyRequest().permitAll()); + http.authorizeHttpRequests((requests) -> requests.anyRequest().permitAll()); return http.build(); } diff --git a/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/actuator/endpoints/security/typical/MySecurityConfiguration.java b/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/actuator/endpoints/security/typical/MySecurityConfiguration.java index d45e4c6ba2dc..336edfcd5214 100644 --- a/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/actuator/endpoints/security/typical/MySecurityConfiguration.java +++ b/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/actuator/endpoints/security/typical/MySecurityConfiguration.java @@ -30,7 +30,7 @@ public class MySecurityConfiguration { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http.requestMatcher(EndpointRequest.toAnyEndpoint()); - http.authorizeRequests((requests) -> requests.anyRequest().hasRole("ENDPOINT_ADMIN")); + http.authorizeHttpRequests((requests) -> requests.anyRequest().hasRole("ENDPOINT_ADMIN")); http.httpBasic(withDefaults()); return http.build(); } diff --git a/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/data/sql/h2webconsole/springsecurity/DevProfileSecurityConfiguration.java b/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/data/sql/h2webconsole/springsecurity/DevProfileSecurityConfiguration.java index dd797fac09b4..6c534725b079 100644 --- a/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/data/sql/h2webconsole/springsecurity/DevProfileSecurityConfiguration.java +++ b/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/data/sql/h2webconsole/springsecurity/DevProfileSecurityConfiguration.java @@ -34,7 +34,7 @@ public class DevProfileSecurityConfiguration { @Order(Ordered.HIGHEST_PRECEDENCE) SecurityFilterChain h2ConsoleSecurityFilterChain(HttpSecurity http) throws Exception { http.requestMatcher(PathRequest.toH2Console()); - http.authorizeRequests(yourCustomAuthorization()); + http.authorizeHttpRequests(yourCustomAuthorization()); http.csrf((csrf) -> csrf.disable()); http.headers((headers) -> headers.frameOptions().sameOrigin()); return http.build(); diff --git a/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/howto/testing/slicetests/MyConfiguration.java b/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/howto/testing/slicetests/MyConfiguration.java index 6155797b205d..8bb2f8590316 100644 --- a/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/howto/testing/slicetests/MyConfiguration.java +++ b/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/howto/testing/slicetests/MyConfiguration.java @@ -30,7 +30,7 @@ public class MyConfiguration { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { - http.authorizeRequests((requests) -> requests.anyRequest().authenticated()); + http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated()); return http.build(); } diff --git a/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/howto/testing/slicetests/MySecurityConfiguration.java b/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/howto/testing/slicetests/MySecurityConfiguration.java index f24fb8a586b7..f1f1f5bbbe19 100644 --- a/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/howto/testing/slicetests/MySecurityConfiguration.java +++ b/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/howto/testing/slicetests/MySecurityConfiguration.java @@ -26,7 +26,7 @@ public class MySecurityConfiguration { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { - http.authorizeRequests((requests) -> requests.anyRequest().authenticated()); + http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated()); return http.build(); } diff --git a/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/web/security/oauth2/client/MyOAuthClientConfiguration.java b/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/web/security/oauth2/client/MyOAuthClientConfiguration.java index ea17f48a9c7c..ec814232edb5 100644 --- a/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/web/security/oauth2/client/MyOAuthClientConfiguration.java +++ b/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/web/security/oauth2/client/MyOAuthClientConfiguration.java @@ -26,7 +26,7 @@ public class MyOAuthClientConfiguration { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { - http.authorizeRequests((requests) -> requests.anyRequest().authenticated()); + http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated()); http.oauth2Login((login) -> login.redirectionEndpoint().baseUri("custom-callback")); return http.build(); } diff --git a/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/web/security/saml2/relyingparty/MySamlRelyingPartyConfiguration.java b/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/web/security/saml2/relyingparty/MySamlRelyingPartyConfiguration.java index 6cd3bc68f37a..f97ad97c2554 100644 --- a/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/web/security/saml2/relyingparty/MySamlRelyingPartyConfiguration.java +++ b/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/web/security/saml2/relyingparty/MySamlRelyingPartyConfiguration.java @@ -26,7 +26,7 @@ public class MySamlRelyingPartyConfiguration { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { - http.authorizeRequests().anyRequest().authenticated(); + http.authorizeHttpRequests().anyRequest().authenticated(); http.saml2Login(); http.saml2Logout((saml2) -> saml2.logoutRequest((request) -> request.logoutUrl("/SLOService.saml2")) .logoutResponse((response) -> response.logoutUrl("/SLOService.saml2"))); diff --git a/spring-boot-project/spring-boot-docs/src/main/kotlin/org/springframework/boot/docs/actuator/endpoints/security/exposeall/MySecurityConfiguration.kt b/spring-boot-project/spring-boot-docs/src/main/kotlin/org/springframework/boot/docs/actuator/endpoints/security/exposeall/MySecurityConfiguration.kt index f73ef895ee89..0debabed193b 100644 --- a/spring-boot-project/spring-boot-docs/src/main/kotlin/org/springframework/boot/docs/actuator/endpoints/security/exposeall/MySecurityConfiguration.kt +++ b/spring-boot-project/spring-boot-docs/src/main/kotlin/org/springframework/boot/docs/actuator/endpoints/security/exposeall/MySecurityConfiguration.kt @@ -27,9 +27,9 @@ class MySecurityConfiguration { @Bean fun securityFilterChain(http: HttpSecurity): SecurityFilterChain { - http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests { + http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeHttpRequests { requests -> requests.anyRequest().permitAll() } return http.build() } -} \ No newline at end of file +} diff --git a/spring-boot-project/spring-boot-docs/src/main/kotlin/org/springframework/boot/docs/actuator/endpoints/security/typical/MySecurityConfiguration.kt b/spring-boot-project/spring-boot-docs/src/main/kotlin/org/springframework/boot/docs/actuator/endpoints/security/typical/MySecurityConfiguration.kt index a777fd884a0b..0b74bd62be89 100644 --- a/spring-boot-project/spring-boot-docs/src/main/kotlin/org/springframework/boot/docs/actuator/endpoints/security/typical/MySecurityConfiguration.kt +++ b/spring-boot-project/spring-boot-docs/src/main/kotlin/org/springframework/boot/docs/actuator/endpoints/security/typical/MySecurityConfiguration.kt @@ -27,11 +27,11 @@ class MySecurityConfiguration { @Bean fun securityFilterChain(http: HttpSecurity): SecurityFilterChain { - http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests { requests -> + http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeHttpRequests { requests -> requests.anyRequest().hasRole("ENDPOINT_ADMIN") } http.httpBasic() return http.build() } -} \ No newline at end of file +} diff --git a/spring-boot-project/spring-boot-docs/src/main/kotlin/org/springframework/boot/docs/web/security/oauth2/client/MyOAuthClientConfiguration.kt b/spring-boot-project/spring-boot-docs/src/main/kotlin/org/springframework/boot/docs/web/security/oauth2/client/MyOAuthClientConfiguration.kt index 1390d9dc80fb..dfe75f4f1013 100644 --- a/spring-boot-project/spring-boot-docs/src/main/kotlin/org/springframework/boot/docs/web/security/oauth2/client/MyOAuthClientConfiguration.kt +++ b/spring-boot-project/spring-boot-docs/src/main/kotlin/org/springframework/boot/docs/web/security/oauth2/client/MyOAuthClientConfiguration.kt @@ -26,7 +26,7 @@ class MyOAuthClientConfiguration { @Bean fun securityFilterChain(http: HttpSecurity): SecurityFilterChain { - http.authorizeRequests().anyRequest().authenticated() + http.authorizeHttpRequests().anyRequest().authenticated() http.oauth2Login().redirectionEndpoint().baseUri("custom-callback") return http.build() } diff --git a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-actuator-custom-security/src/main/java/smoketest/actuator/customsecurity/SecurityConfiguration.java b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-actuator-custom-security/src/main/java/smoketest/actuator/customsecurity/SecurityConfiguration.java index 154c8d64848d..abec29aa506a 100644 --- a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-actuator-custom-security/src/main/java/smoketest/actuator/customsecurity/SecurityConfiguration.java +++ b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-actuator-custom-security/src/main/java/smoketest/actuator/customsecurity/SecurityConfiguration.java @@ -55,7 +55,7 @@ private UserDetails createUserDetails(String username, String password, String.. @Bean SecurityFilterChain configure(HttpSecurity http) throws Exception { - http.authorizeRequests((requests) -> { + http.authorizeHttpRequests((requests) -> { requests.mvcMatchers("/actuator/beans").hasRole("BEANS"); requests.requestMatchers(EndpointRequest.to("health")).permitAll(); requests.requestMatchers(EndpointRequest.toAnyEndpoint().excluding(MappingsEndpoint.class)) diff --git a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-graphql/src/main/java/smoketest/graphql/SecurityConfig.java b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-graphql/src/main/java/smoketest/graphql/SecurityConfig.java index ec1a87f03072..8375ae5d557c 100644 --- a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-graphql/src/main/java/smoketest/graphql/SecurityConfig.java +++ b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-graphql/src/main/java/smoketest/graphql/SecurityConfig.java @@ -38,7 +38,8 @@ public DefaultSecurityFilterChain springWebFilterChain(HttpSecurity http) throws return http.csrf((csrf) -> csrf.disable()) // Demonstrate that method security works // Best practice to use both for defense in depth - .authorizeRequests((requests) -> requests.anyRequest().permitAll()).httpBasic(withDefaults()).build(); + .authorizeHttpRequests((requests) -> requests.anyRequest().permitAll()).httpBasic(withDefaults()) + .build(); } @Bean diff --git a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-secure-jersey/src/main/java/smoketest/secure/jersey/SecurityConfiguration.java b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-secure-jersey/src/main/java/smoketest/secure/jersey/SecurityConfiguration.java index 83f0e7d80444..0a9c2282d8db 100644 --- a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-secure-jersey/src/main/java/smoketest/secure/jersey/SecurityConfiguration.java +++ b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-secure-jersey/src/main/java/smoketest/secure/jersey/SecurityConfiguration.java @@ -41,7 +41,7 @@ public InMemoryUserDetailsManager inMemoryUserDetailsManager() { @Bean SecurityFilterChain configure(HttpSecurity http) throws Exception { // @formatter:off - http.authorizeRequests() + http.authorizeHttpRequests() .requestMatchers(EndpointRequest.to("health")).permitAll() .requestMatchers(EndpointRequest.toAnyEndpoint().excluding(MappingsEndpoint.class)).hasRole("ACTUATOR") .antMatchers("/**").hasRole("USER") diff --git a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-method-security/src/main/java/smoketest/security/method/SampleMethodSecurityApplication.java b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-method-security/src/main/java/smoketest/security/method/SampleMethodSecurityApplication.java index 462e359e81b1..adb7d346e148 100644 --- a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-method-security/src/main/java/smoketest/security/method/SampleMethodSecurityApplication.java +++ b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-method-security/src/main/java/smoketest/security/method/SampleMethodSecurityApplication.java @@ -69,8 +69,8 @@ protected static class ApplicationSecurity { @Bean SecurityFilterChain configure(HttpSecurity http) throws Exception { http.csrf().disable(); - http.authorizeRequests((requests) -> requests.anyRequest().fullyAuthenticated() - .filterSecurityInterceptorOncePerRequest(true)); + http.authorizeHttpRequests( + (requests) -> requests.anyRequest().fullyAuthenticated().shouldFilterAllDispatcherTypes(false)); http.formLogin((form) -> form.loginPage("/login").permitAll()); http.exceptionHandling((exceptions) -> exceptions.accessDeniedPage("/access")); return http.build(); @@ -86,8 +86,8 @@ protected static class ActuatorSecurity { SecurityFilterChain actuatorSecurity(HttpSecurity http) throws Exception { http.csrf().disable(); http.requestMatcher(EndpointRequest.toAnyEndpoint()); - http.authorizeRequests( - (requests) -> requests.anyRequest().authenticated().filterSecurityInterceptorOncePerRequest(true)); + http.authorizeHttpRequests( + (requests) -> requests.anyRequest().authenticated().shouldFilterAllDispatcherTypes(false)); http.httpBasic(); return http.build(); } diff --git a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure-custom/src/main/java/smoketest/web/secure/custom/SampleWebSecureCustomApplication.java b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure-custom/src/main/java/smoketest/web/secure/custom/SampleWebSecureCustomApplication.java index 848b458613c1..799ae4efba78 100644 --- a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure-custom/src/main/java/smoketest/web/secure/custom/SampleWebSecureCustomApplication.java +++ b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure-custom/src/main/java/smoketest/web/secure/custom/SampleWebSecureCustomApplication.java @@ -1,5 +1,5 @@ /* - * Copyright 2012-2021 the original author or authors. + * Copyright 2012-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -44,7 +44,7 @@ protected static class ApplicationSecurity { @Bean SecurityFilterChain configure(HttpSecurity http) throws Exception { http.csrf().disable(); - http.authorizeRequests((requests) -> requests.anyRequest().fullyAuthenticated()); + http.authorizeHttpRequests((requests) -> requests.anyRequest().fullyAuthenticated()); http.formLogin((form) -> form.loginPage("/login").permitAll()); return http.build(); } diff --git a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure-jdbc/src/main/java/smoketest/web/secure/jdbc/SampleWebSecureJdbcApplication.java b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure-jdbc/src/main/java/smoketest/web/secure/jdbc/SampleWebSecureJdbcApplication.java index 5b90c499decb..aa978130a08b 100644 --- a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure-jdbc/src/main/java/smoketest/web/secure/jdbc/SampleWebSecureJdbcApplication.java +++ b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure-jdbc/src/main/java/smoketest/web/secure/jdbc/SampleWebSecureJdbcApplication.java @@ -1,5 +1,5 @@ /* - * Copyright 2012-2021 the original author or authors. + * Copyright 2012-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -47,7 +47,7 @@ protected static class ApplicationSecurity { @Bean SecurityFilterChain configure(HttpSecurity http) throws Exception { http.csrf().disable(); - http.authorizeRequests((requests) -> requests.anyRequest().fullyAuthenticated()); + http.authorizeHttpRequests((requests) -> requests.anyRequest().fullyAuthenticated()); http.formLogin((form) -> form.loginPage("/login").permitAll()); return http.build(); } diff --git a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/AbstractErrorPageTests.java b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/AbstractErrorPageTests.java index 22605fe0bc63..067e3a9899b9 100644 --- a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/AbstractErrorPageTests.java +++ b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/AbstractErrorPageTests.java @@ -50,7 +50,7 @@ protected AbstractErrorPageTests(String pathPrefix) { @Test void testBadCredentials() { final ResponseEntity response = this.testRestTemplate.withBasicAuth("username", "wrongpassword") - .exchange("/test", HttpMethod.GET, null, JsonNode.class); + .exchange(this.pathPrefix + "/test", HttpMethod.GET, null, JsonNode.class); assertThat(response.getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED); JsonNode jsonResponse = response.getBody(); assertThat(jsonResponse).isNull(); diff --git a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/CustomServletPathErrorPageTests.java b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/CustomServletPathErrorPageTests.java index e642bc05f897..406e76af646e 100644 --- a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/CustomServletPathErrorPageTests.java +++ b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/CustomServletPathErrorPageTests.java @@ -44,10 +44,10 @@ static class SecurityConfiguration { @Bean SecurityFilterChain configure(HttpSecurity http) throws Exception { - http.authorizeRequests((requests) -> { + http.authorizeHttpRequests((requests) -> { requests.antMatchers("/custom/servlet/path/public/**").permitAll(); requests.anyRequest().fullyAuthenticated(); - requests.filterSecurityInterceptorOncePerRequest(true); + requests.shouldFilterAllDispatcherTypes(false); }); http.httpBasic(); http.formLogin((form) -> form.loginPage("/custom/servlet/path/login").permitAll()); diff --git a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/CustomServletPathUnauthenticatedErrorPageTests.java b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/CustomServletPathUnauthenticatedErrorPageTests.java index 48190a3d5502..27300394ad57 100644 --- a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/CustomServletPathUnauthenticatedErrorPageTests.java +++ b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/CustomServletPathUnauthenticatedErrorPageTests.java @@ -43,7 +43,7 @@ static class SecurityConfiguration { @Bean SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception { - http.authorizeRequests((requests) -> { + http.authorizeHttpRequests((requests) -> { requests.antMatchers("/custom/servlet/path/error").permitAll(); requests.antMatchers("/custom/servlet/path/public/**").permitAll(); requests.anyRequest().authenticated(); diff --git a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/ErrorPageTests.java b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/ErrorPageTests.java index de2fe2a2fd65..bbdf4701a22a 100644 --- a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/ErrorPageTests.java +++ b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/ErrorPageTests.java @@ -43,10 +43,10 @@ static class SecurityConfiguration { @Bean SecurityFilterChain configure(HttpSecurity http) throws Exception { - http.authorizeRequests((requests) -> { + http.authorizeHttpRequests((requests) -> { requests.antMatchers("/public/**").permitAll(); requests.anyRequest().fullyAuthenticated(); - requests.filterSecurityInterceptorOncePerRequest(true); + requests.shouldFilterAllDispatcherTypes(false); }); http.httpBasic(); http.formLogin((form) -> form.loginPage("/login").permitAll()); diff --git a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/NoSessionErrorPageTests.java b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/NoSessionErrorPageTests.java index 1ae28b04bf2b..d822cc2e5612 100644 --- a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/NoSessionErrorPageTests.java +++ b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/NoSessionErrorPageTests.java @@ -45,10 +45,10 @@ static class SecurityConfiguration { @Bean SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception { http.sessionManagement((session) -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) - .authorizeRequests((requests) -> { + .authorizeHttpRequests((requests) -> { requests.antMatchers("/public/**").permitAll(); requests.anyRequest().authenticated(); - requests.filterSecurityInterceptorOncePerRequest(true); + requests.shouldFilterAllDispatcherTypes(false); }); http.httpBasic(); return http.build(); diff --git a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/SampleWebSecureApplicationTests.java b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/SampleWebSecureApplicationTests.java index 6794d3e40390..67e507487ccf 100644 --- a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/SampleWebSecureApplicationTests.java +++ b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/SampleWebSecureApplicationTests.java @@ -95,7 +95,7 @@ static class SecurityConfiguration { @Bean SecurityFilterChain configure(HttpSecurity http) throws Exception { http.csrf().disable(); - http.authorizeRequests((requests) -> { + http.authorizeHttpRequests((requests) -> { requests.antMatchers("/public/**").permitAll(); requests.anyRequest().fullyAuthenticated(); }); diff --git a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/UnauthenticatedErrorPageTests.java b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/UnauthenticatedErrorPageTests.java index f518bdb2029f..6cc7349962ec 100644 --- a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/UnauthenticatedErrorPageTests.java +++ b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/UnauthenticatedErrorPageTests.java @@ -43,7 +43,7 @@ static class SecurityConfiguration { @Bean SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception { - http.authorizeRequests((requests) -> { + http.authorizeHttpRequests((requests) -> { requests.antMatchers("/error").permitAll(); requests.antMatchers("/public/**").permitAll(); requests.anyRequest().authenticated();