From 0233178855fed6b135c1166c31dde5273912a02a Mon Sep 17 00:00:00 2001 From: Phillip Webb Date: Tue, 18 Jul 2023 09:49:11 +0100 Subject: [PATCH] Use explicit matchers following Spring Security 6.0.5 upgrade See gh-36293 --- .../customsecurity/SecurityConfiguration.java | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-actuator-custom-security/src/main/java/smoketest/actuator/customsecurity/SecurityConfiguration.java b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-actuator-custom-security/src/main/java/smoketest/actuator/customsecurity/SecurityConfiguration.java index 9db6c70bea..5b7b1f266a 100644 --- a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-actuator-custom-security/src/main/java/smoketest/actuator/customsecurity/SecurityConfiguration.java +++ b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-actuator-custom-security/src/main/java/smoketest/actuator/customsecurity/SecurityConfiguration.java @@ -31,6 +31,9 @@ import org.springframework.security.core.userdetails.User.UserBuilder; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.springframework.security.web.SecurityFilterChain; +import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher; +import org.springframework.security.web.util.matcher.AntPathRequestMatcher; +import org.springframework.web.servlet.handler.HandlerMappingIntrospector; @Configuration(proxyBeanMethods = false) public class SecurityConfiguration { @@ -54,16 +57,18 @@ public class SecurityConfiguration { } @Bean - SecurityFilterChain configure(HttpSecurity http) throws Exception { + SecurityFilterChain configure(HttpSecurity http, HandlerMappingIntrospector handlerMappingIntrospector) + throws Exception { http.authorizeHttpRequests((requests) -> { - requests.requestMatchers("/actuator/beans").hasRole("BEANS"); + requests.requestMatchers(new MvcRequestMatcher(handlerMappingIntrospector, "/actuator/beans")) + .hasRole("BEANS"); requests.requestMatchers(EndpointRequest.to("health")).permitAll(); requests.requestMatchers(EndpointRequest.toAnyEndpoint().excluding(MappingsEndpoint.class)) .hasRole("ACTUATOR"); requests.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll(); requests.requestMatchers("/foo").permitAll(); - requests.requestMatchers("/error").permitAll(); - requests.requestMatchers("/**").hasRole("USER"); + requests.requestMatchers(new AntPathRequestMatcher("/error")).permitAll(); + requests.requestMatchers(new AntPathRequestMatcher("/**")).hasRole("USER"); }); http.cors(Customizer.withDefaults()); http.httpBasic();