From 083cb388c046d38e241c97e8ef5fb62e2fff5bf7 Mon Sep 17 00:00:00 2001
From: Phillip Webb <pwebb@gopivotal.com>
Date: Mon, 24 Feb 2014 21:53:46 -0800
Subject: [PATCH] Upgrade to Spring Security 3.2.1

Fixes gh-392
---
 .../ManagementSecurityAutoConfiguration.java              | 7 +++----
 .../security/SpringBootWebSecurityConfiguration.java      | 8 +++-----
 .../security/SecurityAutoConfigurationTests.java          | 8 ++++++--
 spring-boot-dependencies/pom.xml                          | 2 +-
 4 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementSecurityAutoConfiguration.java b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementSecurityAutoConfiguration.java
index e900f21433..cc489df375 100644
--- a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementSecurityAutoConfiguration.java
+++ b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementSecurityAutoConfiguration.java
@@ -22,7 +22,6 @@ import java.util.List;
 import java.util.Set;
 
 import javax.annotation.PostConstruct;
-import javax.servlet.Filter;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.actuate.endpoint.Endpoint;
@@ -45,7 +44,7 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.core.Ordered;
 import org.springframework.core.annotation.Order;
 import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.config.annotation.SecurityConfigurer;
+import org.springframework.security.config.annotation.web.WebSecurityConfigurer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity.IgnoredRequestConfigurer;
@@ -77,7 +76,7 @@ public class ManagementSecurityAutoConfiguration {
 
 	@Bean
 	@ConditionalOnMissingBean({ IgnoredPathsWebSecurityConfigurerAdapter.class })
-	public SecurityConfigurer<Filter, WebSecurity> ignoredPathsWebSecurityConfigurerAdapter() {
+	public WebSecurityConfigurer<WebSecurity> ignoredPathsWebSecurityConfigurerAdapter() {
 		return new IgnoredPathsWebSecurityConfigurerAdapter();
 	}
 
@@ -104,7 +103,7 @@ public class ManagementSecurityAutoConfiguration {
 	// Get the ignored paths in early
 	@Order(Ordered.HIGHEST_PRECEDENCE + 1)
 	private static class IgnoredPathsWebSecurityConfigurerAdapter implements
-			SecurityConfigurer<Filter, WebSecurity> {
+			WebSecurityConfigurer<WebSecurity> {
 
 		@Autowired(required = false)
 		private ErrorController errorController;
diff --git a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SpringBootWebSecurityConfiguration.java b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SpringBootWebSecurityConfiguration.java
index 807fdd23f7..fd2f76934f 100644
--- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SpringBootWebSecurityConfiguration.java
+++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SpringBootWebSecurityConfiguration.java
@@ -20,8 +20,6 @@ import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
 
-import javax.servlet.Filter;
-
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
@@ -39,7 +37,7 @@ import org.springframework.security.authentication.AuthenticationEventPublisher;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.DefaultAuthenticationEventPublisher;
 import org.springframework.security.authentication.ProviderManager;
-import org.springframework.security.config.annotation.SecurityConfigurer;
+import org.springframework.security.config.annotation.web.WebSecurityConfigurer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity.IgnoredRequestConfigurer;
@@ -98,7 +96,7 @@ public class SpringBootWebSecurityConfiguration {
 
 	@Bean
 	@ConditionalOnMissingBean({ IgnoredPathsWebSecurityConfigurerAdapter.class })
-	public SecurityConfigurer<Filter, WebSecurity> ignoredPathsWebSecurityConfigurerAdapter() {
+	public WebSecurityConfigurer<WebSecurity> ignoredPathsWebSecurityConfigurerAdapter() {
 		return new IgnoredPathsWebSecurityConfigurerAdapter();
 	}
 
@@ -138,7 +136,7 @@ public class SpringBootWebSecurityConfiguration {
 	// Get the ignored paths in early
 	@Order(Ordered.HIGHEST_PRECEDENCE)
 	private static class IgnoredPathsWebSecurityConfigurerAdapter implements
-			SecurityConfigurer<Filter, WebSecurity> {
+			WebSecurityConfigurer<WebSecurity> {
 
 		@Autowired
 		private SecurityProperties security;
diff --git a/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/SecurityAutoConfigurationTests.java b/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/SecurityAutoConfigurationTests.java
index 8ca76e3a25..dbb05a175b 100644
--- a/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/SecurityAutoConfigurationTests.java
+++ b/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/SecurityAutoConfigurationTests.java
@@ -16,6 +16,8 @@
 
 package org.springframework.boot.autoconfigure.security;
 
+import java.util.List;
+
 import org.junit.Test;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.PropertyPlaceholderAutoConfiguration;
@@ -37,6 +39,7 @@ import org.springframework.security.config.annotation.authentication.builders.Au
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.FilterChainProxy;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
 
 import static org.junit.Assert.assertEquals;
@@ -60,8 +63,9 @@ public class SecurityAutoConfigurationTests {
 		debugRefresh(this.context);
 		assertNotNull(this.context.getBean(AuthenticationManagerBuilder.class));
 		// 4 for static resources and one for the rest
-		assertEquals(5, this.context.getBean(FilterChainProxy.class).getFilterChains()
-				.size());
+		List<SecurityFilterChain> filterChains = this.context.getBean(
+				FilterChainProxy.class).getFilterChains();
+		assertEquals(5, filterChains.size());
 	}
 
 	@Test
diff --git a/spring-boot-dependencies/pom.xml b/spring-boot-dependencies/pom.xml
index 9f2cb43581..dc9de80786 100644
--- a/spring-boot-dependencies/pom.xml
+++ b/spring-boot-dependencies/pom.xml
@@ -50,7 +50,7 @@
 		<spring-data-redis.version>1.1.1.RELEASE</spring-data-redis.version>
 		<spring-rabbit.version>1.2.1.RELEASE</spring-rabbit.version>
 		<spring-mobile.version>1.1.1.RELEASE</spring-mobile.version>
-		<spring-security.version>3.2.0.RELEASE</spring-security.version>
+		<spring-security.version>3.2.1.RELEASE</spring-security.version>
 		<thymeleaf.version>2.1.2.RELEASE</thymeleaf.version>
 		<thymeleaf-extras-springsecurity3.version>2.1.1.RELEASE</thymeleaf-extras-springsecurity3.version>
 		<thymeleaf-layout-dialect.version>1.2.2</thymeleaf-layout-dialect.version>