|
|
|
|
@ -29,7 +29,6 @@ import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
|
|
|
|
|
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
|
|
|
|
|
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
|
|
|
|
|
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
|
|
|
|
|
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingClass;
|
|
|
|
|
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
|
|
|
|
|
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
|
|
|
|
|
import org.springframework.boot.autoconfigure.security.SecurityProperties.Headers;
|
|
|
|
|
@ -49,7 +48,6 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
|
|
|
|
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration;
|
|
|
|
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
|
|
|
|
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
|
|
|
|
|
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
|
|
|
|
|
import org.springframework.security.web.AuthenticationEntryPoint;
|
|
|
|
|
import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
|
|
|
|
|
import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
|
|
|
|
|
@ -57,7 +55,6 @@ import org.springframework.security.web.header.writers.HstsHeaderWriter;
|
|
|
|
|
import org.springframework.security.web.util.matcher.AnyRequestMatcher;
|
|
|
|
|
import org.springframework.security.web.util.matcher.RequestMatcher;
|
|
|
|
|
import org.springframework.util.StringUtils;
|
|
|
|
|
import org.springframework.web.servlet.support.RequestDataValueProcessor;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* {@link EnableAutoConfiguration Auto-configuration} for security of a web application or
|
|
|
|
|
@ -89,6 +86,7 @@ import org.springframework.web.servlet.support.RequestDataValueProcessor;
|
|
|
|
|
@ConditionalOnClass({ EnableWebSecurity.class, AuthenticationEntryPoint.class })
|
|
|
|
|
@ConditionalOnMissingBean(WebSecurityConfiguration.class)
|
|
|
|
|
@ConditionalOnWebApplication
|
|
|
|
|
@EnableWebSecurity
|
|
|
|
|
public class SpringBootWebSecurityConfiguration {
|
|
|
|
|
|
|
|
|
|
private static List<String> DEFAULT_IGNORED = Arrays.asList("/css/**", "/js/**",
|
|
|
|
|
@ -184,30 +182,6 @@ public class SpringBootWebSecurityConfiguration {
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Pull in @EnableWebMvcSecurity if Spring MVC is available and no-one defined a
|
|
|
|
|
// RequestDataValueProcessor
|
|
|
|
|
@ConditionalOnClass(RequestDataValueProcessor.class)
|
|
|
|
|
@ConditionalOnMissingBean(RequestDataValueProcessor.class)
|
|
|
|
|
@Configuration
|
|
|
|
|
protected static class WebMvcSecurityConfigurationConditions {
|
|
|
|
|
|
|
|
|
|
@Configuration
|
|
|
|
|
@EnableWebMvcSecurity
|
|
|
|
|
protected static class DefaultWebMvcSecurityConfiguration {
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Pull in a plain @EnableWebSecurity if Spring MVC is not available
|
|
|
|
|
@ConditionalOnMissingBean(WebMvcSecurityConfigurationConditions.class)
|
|
|
|
|
@ConditionalOnMissingClass("org.springframework.web.servlet.support.RequestDataValueProcessor")
|
|
|
|
|
@Configuration
|
|
|
|
|
@EnableWebSecurity
|
|
|
|
|
protected static class DefaultWebSecurityConfiguration {
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Configuration
|
|
|
|
|
@ConditionalOnProperty(prefix = "security.basic", name = "enabled", havingValue = "false")
|
|
|
|
|
@Order(SecurityProperties.BASIC_AUTH_ORDER)
|
|
|
|
|
|
Dave Syer
10 years ago