Add @configuration to all web-security config classes

samples/tutorials/resource-server_with_introspection/README.md

@@ -55,7 +55,8 @@ all that from properties only
 ## Web-security config
 `spring-oauth2-addons` comes with `@AutoConfiguration` for web-security config adapted to REST API projects. Just add 
 ```java
-@EnableMethodSecurity(prePostEnabled = true)
+@Configuration
+@EnableMethodSecurity
 public static class SecurityConfig {
 }
 ```

samples/tutorials/resource-server_with_introspection/src/main/java/com/c4soft/springaddons/tutorials/ResourceServerWithOAuthenticationApplication.java

@@ -2,17 +2,19 @@
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 
 @SpringBootApplication
 public class ResourceServerWithOAuthenticationApplication {
 
-	public static void main(String[] args) {
-		SpringApplication.run(ResourceServerWithOAuthenticationApplication.class, args);
-	}
+    public static void main(String[] args) {
+        SpringApplication.run(ResourceServerWithOAuthenticationApplication.class, args);
+    }
 
-	@EnableMethodSecurity(prePostEnabled = true)
-	public static class WebSecurityConfig {
-	}
+    @Configuration
+    @EnableMethodSecurity
+    public static class WebSecurityConfig {
+    }
 
 }

samples/tutorials/resource-server_with_jwtauthenticationtoken/README.md

@@ -314,7 +314,8 @@ all that from properties only
 
 By replacing `spring-boot-starter-oauth2-resource-server` with `com.c4-soft.springaddons`:`spring-addons-webmvc-jwt-resource-server:6.0.8`, we can greatly simply web-security configuration:
 ```java
-@EnableMethodSecurity(prePostEnabled = true)
+@Configuration
+@EnableMethodSecurity
 public static class WebSecurityConfig {
 }
 ```

samples/tutorials/resource-server_with_oauthentication/README.md

@@ -43,9 +43,10 @@ all that from properties only
 
 ## Web-security config
 `spring-oauth2-addons` comes with `@AutoConfiguration` for web-security config adapted to REST API projects. We'll just add:
-- `@EnableMethodSecurity(prePostEnabled = true)` to activate `@PreAuthorize` on components methods.
+- `@EnableMethodSecurity` to activate `@PreAuthorize` on components methods.
 - provide an `OAuth2AuthenticationFactory` bean to switch `Authentication` implementation from `JwtAuthenticationToken` to `OAuthentication<OpenidClaimSet>`
 ```java
+@Configuration
 @EnableMethodSecurity
 public static class SecurityConfig {
     @Bean

samples/tutorials/resource-server_with_oauthentication/src/main/java/com/c4soft/springaddons/tutorials/ResourceServerWithOAuthenticationApplication.java

@@ -6,6 +6,7 @@
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.core.convert.converter.Converter;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.core.GrantedAuthority;
@@ -21,6 +22,7 @@ public static void main(String[] args) {
         SpringApplication.run(ResourceServerWithOAuthenticationApplication.class, args);
     }
 
+    @Configuration
     @EnableMethodSecurity
     public static class SecurityConfig {
         @Bean

samples/tutorials/resource-server_with_specialized_oauthentication/README.md

@@ -132,6 +132,7 @@ We'll also extend security SpEL with a few methods to:
 - evaluate if current user is granted with one of "nice" authorities
 
 ```java
+@Configuration
 @EnableMethodSecurity
 public class WebSecurityConfig {
 

samples/tutorials/resource-server_with_specialized_oauthentication/src/main/java/com/c4soft/springaddons/tutorials/SecurityConfig.java

@@ -16,8 +16,8 @@
 import com.c4_soft.springaddons.security.oauth2.spring.C4MethodSecurityExpressionHandler;
 import com.c4_soft.springaddons.security.oauth2.spring.C4MethodSecurityExpressionRoot;
 
-@EnableMethodSecurity(prePostEnabled = true)
 @Configuration
+@EnableMethodSecurity
 public class SecurityConfig {
 
     @Bean

samples/webmvc-introspecting-default/src/main/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/SecurityConfig.java

@@ -8,8 +8,8 @@
 
 import com.c4_soft.springaddons.security.oauth2.config.synchronised.ExpressionInterceptUrlRegistryPostProcessor;
 
-@EnableMethodSecurity(prePostEnabled = true)
 @Configuration
+@EnableMethodSecurity
 public class SecurityConfig {
     @Bean
     ExpressionInterceptUrlRegistryPostProcessor expressionInterceptUrlRegistryPostProcessor() {

samples/webmvc-introspecting-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/SecurityConfig.java

@@ -16,8 +16,8 @@
 import com.c4_soft.springaddons.security.oauth2.config.synchronised.ExpressionInterceptUrlRegistryPostProcessor;
 import com.c4_soft.springaddons.security.oauth2.config.synchronised.OAuth2AuthenticationFactory;
 
-@EnableMethodSecurity(prePostEnabled = true)
 @Configuration
+@EnableMethodSecurity
 public class SecurityConfig {
     @Bean
     OAuth2AuthenticationFactory authenticationFactory(

samples/webmvc-jwt-default-jpa-authorities/src/main/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken_jpa_authorities/SecurityConfig.java

@@ -9,8 +9,8 @@
 import com.c4_soft.springaddons.security.oauth2.config.OAuth2AuthoritiesConverter;
 import com.c4_soft.springaddons.security.oauth2.config.synchronised.ExpressionInterceptUrlRegistryPostProcessor;
 
-@EnableMethodSecurity(prePostEnabled = true)
 @Configuration
+@EnableMethodSecurity
 public class SecurityConfig {
     @Bean
     public ExpressionInterceptUrlRegistryPostProcessor expressionInterceptUrlRegistryPostProcessor() {

samples/webmvc-jwt-default-jpa-authorities/src/test/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken_jpa_authorities/MessageServiceTests.java

@@ -40,54 +40,57 @@
 @AutoConfigureAddonsSecurity
 class MessageServiceTests {
 
-	@Autowired
-	private MessageService messageService;
+    @Autowired
+    private MessageService messageService;
 
-	@Test()
-	void greetWitoutAuthentication() {
-		assertThrows(Exception.class, () -> messageService.getSecret());
-	}
+    @Test()
+    void greetWitoutAuthentication() {
+        assertThrows(Exception.class, () -> messageService.getSecret());
+    }
 
-	/*--------------*/
-	/* @WithMockJwt */
-	/*--------------*/
-	@Test
-	@WithMockJwtAuth(authorities = "ROLE_AUTHORIZED_PERSONNEL", claims = @OpenIdClaims(preferredUsername = "ch4mpy"))
-	void greetWithMockJwtAuth() {
-		final JwtAuthenticationToken auth = (JwtAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
+    /*--------------*/
+    /* @WithMockJwt */
+    /*--------------*/
+    @Test
+    @WithMockJwtAuth(authorities = "ROLE_AUTHORIZED_PERSONNEL", claims = @OpenIdClaims(preferredUsername = "ch4mpy"))
+    void greetWithMockJwtAuth() {
+        final JwtAuthenticationToken auth = (JwtAuthenticationToken) SecurityContextHolder.getContext()
+                .getAuthentication();
 
-		assertThat(messageService.greet(auth)).isEqualTo("Hello ch4mpy! You are granted with [ROLE_AUTHORIZED_PERSONNEL].");
-	}
+        assertThat(messageService.greet(auth))
+                .isEqualTo("Hello ch4mpy! You are granted with [ROLE_AUTHORIZED_PERSONNEL].");
+    }
 
-	@Test()
-	@WithMockJwtAuth()
-	void secretWithoutAuthorizedPersonnelGrant() {
-		assertThrows(Exception.class, () -> messageService.getSecret());
-	}
+    @Test()
+    @WithMockJwtAuth()
+    void secretWithoutAuthorizedPersonnelGrant() {
+        assertThrows(Exception.class, () -> messageService.getSecret());
+    }
 
-	@Test
-	@WithMockJwtAuth("ROLE_AUTHORIZED_PERSONNEL")
-	void secretWithAuthorizedPersonnelRole() {
-		assertThat(messageService.getSecret()).isEqualTo("Secret message");
-	}
+    @Test
+    @WithMockJwtAuth("ROLE_AUTHORIZED_PERSONNEL")
+    void secretWithAuthorizedPersonnelRole() {
+        assertThat(messageService.getSecret()).isEqualTo("Secret message");
+    }
 
-	/*-------------------------*/
-	/* @WithMockAuthentication */
-	/*-------------------------*/
-	@Test
-	@WithMockAuthentication(authType = JwtAuthenticationToken.class, principalType = Jwt.class, name = "ch4mpy", authorities = "ROLE_AUTHORIZED_PERSONNEL")
-	void greetWithMockAuthentication() {
-		final var token = mock(Jwt.class);
-		when(token.getClaimAsString(StandardClaimNames.PREFERRED_USERNAME)).thenReturn("ch4mpy");
-		final var auth = (JwtAuthenticationToken) TestSecurityContextHolder.getContext().getAuthentication();
-		when(auth.getToken()).thenReturn(token);
+    /*-------------------------*/
+    /* @WithMockAuthentication */
+    /*-------------------------*/
+    @Test
+    @WithMockAuthentication(authType = JwtAuthenticationToken.class, principalType = Jwt.class, name = "ch4mpy", authorities = "ROLE_AUTHORIZED_PERSONNEL")
+    void greetWithMockAuthentication() {
+        final var token = mock(Jwt.class);
+        when(token.getClaimAsString(StandardClaimNames.PREFERRED_USERNAME)).thenReturn("ch4mpy");
+        final var auth = (JwtAuthenticationToken) TestSecurityContextHolder.getContext().getAuthentication();
+        when(auth.getToken()).thenReturn(token);
 
-		assertThat(messageService.greet(auth)).isEqualTo("Hello ch4mpy! You are granted with [ROLE_AUTHORIZED_PERSONNEL].");
-	}
+        assertThat(messageService.greet(auth))
+                .isEqualTo("Hello ch4mpy! You are granted with [ROLE_AUTHORIZED_PERSONNEL].");
+    }
 
-	@TestConfiguration(proxyBeanMethods = false)
-	@EnableMethodSecurity(prePostEnabled = true)
-	@Import({ MessageService.class })
-	static class TestConfig {
-	}
+    @TestConfiguration(proxyBeanMethods = false)
+    @EnableMethodSecurity
+    @Import({ MessageService.class })
+    static class TestConfig {
+    }
 }

samples/webmvc-jwt-default/src/main/java/com/c4_soft/springaddons/samples/webmvc_jwtauthenticationtoken/SecurityConfig.java

@@ -8,8 +8,8 @@
 
 import com.c4_soft.springaddons.security.oauth2.config.synchronised.ExpressionInterceptUrlRegistryPostProcessor;
 
-@EnableMethodSecurity(prePostEnabled = true)
 @Configuration
+@EnableMethodSecurity
 public class SecurityConfig {
     @Bean
     ExpressionInterceptUrlRegistryPostProcessor expressionInterceptUrlRegistryPostProcessor() {

samples/webmvc-jwt-oauthentication/src/main/java/com/c4_soft/springaddons/samples/webmvc_oidcauthentication/SecurityConfig.java

@@ -16,8 +16,8 @@
 import com.c4_soft.springaddons.security.oauth2.config.synchronised.ExpressionInterceptUrlRegistryPostProcessor;
 import com.c4_soft.springaddons.security.oauth2.config.synchronised.OAuth2AuthenticationFactory;
 
-@EnableMethodSecurity(prePostEnabled = true)
 @Configuration
+@EnableMethodSecurity
 public class SecurityConfig {
     @Bean
     OAuth2AuthenticationFactory authenticationFactory(

webmvc/spring-addons-webmvc-jwt-resource-server/README.MD

@@ -38,7 +38,8 @@ public class SampleApi {
 		new SpringApplicationBuilder(SampleApi.class).web(WebApplicationType.SERVLET).run(args);
 	}
 
-	@EnableMethodSecurity(prePostEnabled = true)
+	@Configuration
+	@EnableMethodSecurity
 	public static class WebSecurityConfig {
 	  // browse com.c4_soft.springaddons.security.oauth2.config.synchronised.AddonsSecurityBeans
 	  // for auto-configuration you can override here