Skip to content

Simplify Java Configuration RequestMatcher Usage #11934

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 3, 2022
Merged

Simplify Java Configuration RequestMatcher Usage #11934

merged 1 commit into from
Oct 3, 2022

Conversation

marcusdacoregio
Copy link
Contributor

If Spring MVC is present in the classpath, use MvcRequestMatcher by default. This commit also adds a new securityMatcher method in HttpSecurity

Closes gh-11347
Closes gh-9159

@marcusdacoregio marcusdacoregio added status: duplicate A duplicate of another issue in: config An issue in spring-security-config type: enhancement A general enhancement labels Oct 3, 2022
@marcusdacoregio marcusdacoregio added this to the 5.8.0-RC1 milestone Oct 3, 2022
@marcusdacoregio marcusdacoregio requested a review from rwinch October 3, 2022 12:17
@marcusdacoregio marcusdacoregio self-assigned this Oct 3, 2022
@marcusdacoregio marcusdacoregio force-pushed the gh-11347-requestmatcher-validation branch from 1687ea8 to cc8ea1c Compare October 3, 2022 12:17
rwinch
rwinch requested changes Oct 3, 2022
View reviewed changes
Copy link
Member

@rwinch rwinch left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to update the XML support to automatically default to MVC if HandlerMappingIntrospector is on the classpath?

It might be good to add static factory methods to AntRequestMatcher and RegexRequetsMatcher as well. If you desire, this can be done as a separate ticket.

Can you search for Javadoc, reference doc, etc for use of the deprecated methods (i.e. antMatchers, regexMatchers, etc) and replace them with the new methods?

.../src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java Outdated
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this be authorizeHttpRequests?

.../src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java Outdated
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should document any matcher that is /**' to be anyRequest()` instead

.../src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java Outdated
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should document any matcher that is /**' to be anyRequest()` instead

.../src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java Outdated
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this should be authorizeHttpRequests

.../src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java Outdated
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should document any matcher that is /**' to be anyRequest()` instead

web/src/main/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcher.java Outdated
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be added to the reference documentation somewhere. We will likely need it in the migration guide

docs/modules/ROOT/pages/whats-new.adoc Outdated
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this has evolved. Rather than validation we have changed the DSL to make it easier to make the right choice.

@marcusdacoregio marcusdacoregio changed the title Support RequestMatcher Validation Make it easier to configure the right RequestMatcher in the DSL Oct 3, 2022
@marcusdacoregio marcusdacoregio force-pushed the gh-11347-requestmatcher-validation branch from cc8ea1c to fef8f9d Compare October 3, 2022 17:17
@marcusdacoregio marcusdacoregio mentioned this pull request Oct 3, 2022
Closed
@marcusdacoregio
Copy link
Contributor Author

marcusdacoregio commented Oct 3, 2022
edited
Loading

Thanks @rwinch, I've updated the PR with the suggested changes. I also created #11938

@marcusdacoregio marcusdacoregio requested a review from rwinch October 3, 2022 17:24
@marcusdacoregio marcusdacoregio force-pushed the gh-11347-requestmatcher-validation branch 2 times, most recently from 90fbba3 to 3e1fb81 Compare October 3, 2022 18:30
@marcusdacoregio marcusdacoregio mentioned this pull request Oct 3, 2022
Closed
@marcusdacoregio marcusdacoregio changed the title Make it easier to configure the right RequestMatcher in the DSL Simplify Java Configuration RequestMatcher Usage Oct 3, 2022
@marcusdacoregio
Simplify Java Configuration RequestMatcher Usage
ee7e60e 
If Spring MVC is present in the classpath, use MvcRequestMatcher by default. This commit also adds a new securityMatcher method in HttpSecurity

Closes spring-projectsgh-11347
Closes spring-projectsgh-9159
@marcusdacoregio marcusdacoregio force-pushed the gh-11347-requestmatcher-validation branch from 3e1fb81 to ee7e60e Compare October 3, 2022 18:35
@marcusdacoregio marcusdacoregio merged commit 039e032 into spring-projects:5.8.x Oct 3, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rwinch rwinch rwinch approved these changes

Assignees

@marcusdacoregio marcusdacoregio

Labels

in: config An issue in spring-security-config status: duplicate A duplicate of another issue type: enhancement A general enhancement

Projects

None yet

Milestone

5.8.0-RC1

Development

Successfully merging this pull request may close these issues.

2 participants

@marcusdacoregio @rwinch