mirror of
https://github.com/github/codeql.git
synced 2026-04-28 10:15:14 +02:00
Java: add APIs and tests for more recent Spring versions: authorizeHttpRequests, AuthorizeHttpRequestsConfigurer, securityMatcher(s)
This commit is contained in:
Jami Cogswell
@@ -15,12 +15,17 @@ class TypeHttpSecurity extends Class {
|
||||
|
||||
/**
|
||||
* The class
|
||||
* `org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer`.
|
||||
* `org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer$AuthorizedUrl`
|
||||
* or the class
|
||||
* `org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer$AuthorizedUrl`.
|
||||
*/
|
||||
class TypeAuthorizedUrl extends Class {
|
||||
TypeAuthorizedUrl() {
|
||||
this.hasQualifiedName("org.springframework.security.config.annotation.web.configurers",
|
||||
"ExpressionUrlAuthorizationConfigurer<HttpSecurity>$AuthorizedUrl<>")
|
||||
[
|
||||
"ExpressionUrlAuthorizationConfigurer<HttpSecurity>$AuthorizedUrl<>",
|
||||
"AuthorizeHttpRequestsConfigurer<HttpSecurity>$AuthorizedUrl<>"
|
||||
])
|
||||
}
|
||||
}
|
||||
|
||||
@@ -34,7 +39,12 @@ class TypeAbstractRequestMatcherRegistry extends Class {
|
||||
}
|
||||
}
|
||||
|
||||
/** A call to `HttpSecurity.authorizeRequests` method. */
|
||||
/**
|
||||
* A call to `HttpSecurity.authorizeRequests` method.
|
||||
*
|
||||
* Note: this API is deprecated and scheduled for removal
|
||||
* in Spring Security 7.0.
|
||||
*/
|
||||
class AuthorizeRequestsCall extends MethodCall {
|
||||
AuthorizeRequestsCall() {
|
||||
this.getMethod().hasName("authorizeRequests") and
|
||||
@@ -42,6 +52,19 @@ class AuthorizeRequestsCall extends MethodCall {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A call to `HttpSecurity.authorizeHttpRequests` method.
|
||||
*
|
||||
* Note: the no-argument version of this API is deprecated
|
||||
* and scheduled for removal in Spring Security 7.0.
|
||||
*/
|
||||
class AuthorizeHttpRequestsCall extends MethodCall {
|
||||
AuthorizeHttpRequestsCall() {
|
||||
this.getMethod().hasName("authorizeHttpRequests") and
|
||||
this.getMethod().getDeclaringType() instanceof TypeHttpSecurity
|
||||
}
|
||||
}
|
||||
|
||||
/** A call to `AuthorizedUrl.permitAll` method. */
|
||||
class PermitAllCall extends MethodCall {
|
||||
PermitAllCall() {
|
||||
|
||||
@@ -6,7 +6,7 @@ private import semmle.code.java.frameworks.spring.SpringBoot
|
||||
|
||||
/**
|
||||
* A call to `HttpSecurity.requestMatcher` method with argument
|
||||
* `RequestMatcher.toAnyEndpoint()`.
|
||||
* `EndpointRequest.toAnyEndpoint()`.
|
||||
*/
|
||||
private class RequestMatcherCall extends MethodCall {
|
||||
RequestMatcherCall() {
|
||||
@@ -18,7 +18,7 @@ private class RequestMatcherCall extends MethodCall {
|
||||
|
||||
/**
|
||||
* A call to `HttpSecurity.requestMatchers` method with lambda argument
|
||||
* `RequestMatcher.toAnyEndpoint()`.
|
||||
* `EndpointRequest.toAnyEndpoint()`.
|
||||
*/
|
||||
private class RequestMatchersCall extends MethodCall {
|
||||
RequestMatchersCall() {
|
||||
@@ -40,18 +40,75 @@ private class RegistryRequestMatchersCall extends MethodCall {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A call to `HttpSecurity.securityMatcher` method with argument
|
||||
* `EndpointRequest.toAnyEndpoint()`.
|
||||
*/
|
||||
private class SecurityMatcherCall extends MethodCall {
|
||||
SecurityMatcherCall() {
|
||||
this.getMethod().hasName("securityMatcher") and
|
||||
this.getMethod().getDeclaringType() instanceof TypeHttpSecurity and
|
||||
this.getArgument(0) instanceof ToAnyEndpointCall
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A call to `HttpSecurity.securityMatchers` method with lambda argument
|
||||
* `EndpointRequest.toAnyEndpoint()`.
|
||||
*/
|
||||
private class SecurityMatchersCall extends MethodCall {
|
||||
SecurityMatchersCall() {
|
||||
this.getMethod().hasName("securityMatchers") and
|
||||
this.getMethod().getDeclaringType() instanceof TypeHttpSecurity and
|
||||
this.getArgument(0).(LambdaExpr).getExprBody() instanceof ToAnyEndpointCall
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A call to a method that authorizes requests, e.g. `authorizeRequests` or
|
||||
* `authorizeHttpRequests`.
|
||||
*/
|
||||
private class AuthorizeCall extends MethodCall {
|
||||
AuthorizeCall() {
|
||||
this instanceof AuthorizeRequestsCall or
|
||||
this instanceof AuthorizeHttpRequestsCall
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A call to a matcher method with argument
|
||||
* `EndpointRequest.toAnyEndpoint()`.
|
||||
*/
|
||||
private class MatcherCall extends MethodCall {
|
||||
MatcherCall() {
|
||||
this instanceof RequestMatcherCall or
|
||||
this instanceof SecurityMatcherCall
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A call to a matchers method with argument
|
||||
* `EndpointRequest.toAnyEndpoint()`.
|
||||
*/
|
||||
private class MatchersCall extends MethodCall {
|
||||
MatchersCall() {
|
||||
this instanceof RequestMatchersCall or
|
||||
this instanceof SecurityMatchersCall
|
||||
}
|
||||
}
|
||||
|
||||
/** Holds if `permitAllCall` is called on request(s) mapped to actuator endpoint(s). */
|
||||
predicate permitsSpringBootActuators(PermitAllCall permitAllCall) {
|
||||
exists(AuthorizeRequestsCall authorizeRequestsCall |
|
||||
exists(AuthorizeCall authorizeCall |
|
||||
// .requestMatcher(EndpointRequest).authorizeRequests([...]).[...]
|
||||
authorizeRequestsCall.getQualifier() instanceof RequestMatcherCall
|
||||
authorizeCall.getQualifier() instanceof MatcherCall
|
||||
or
|
||||
// .requestMatchers(matcher -> EndpointRequest).authorizeRequests([...]).[...]
|
||||
authorizeRequestsCall.getQualifier() instanceof RequestMatchersCall
|
||||
authorizeCall.getQualifier() instanceof MatchersCall
|
||||
|
|
||||
// [...].authorizeRequests(r -> r.anyRequest().permitAll()) or
|
||||
// [...].authorizeRequests(r -> r.requestMatchers(EndpointRequest).permitAll())
|
||||
authorizeRequestsCall.getArgument(0).(LambdaExpr).getExprBody() = permitAllCall and
|
||||
authorizeCall.getArgument(0).(LambdaExpr).getExprBody() = permitAllCall and
|
||||
(
|
||||
permitAllCall.getQualifier() instanceof AnyRequestCall or
|
||||
permitAllCall.getQualifier() instanceof RegistryRequestMatchersCall
|
||||
@@ -59,30 +116,30 @@ predicate permitsSpringBootActuators(PermitAllCall permitAllCall) {
|
||||
or
|
||||
// [...].authorizeRequests().requestMatchers(EndpointRequest).permitAll() or
|
||||
// [...].authorizeRequests().anyRequest().permitAll()
|
||||
authorizeRequestsCall.getNumArgument() = 0 and
|
||||
authorizeCall.getNumArgument() = 0 and
|
||||
exists(RegistryRequestMatchersCall registryRequestMatchersCall |
|
||||
registryRequestMatchersCall.getQualifier() = authorizeRequestsCall and
|
||||
registryRequestMatchersCall.getQualifier() = authorizeCall and
|
||||
permitAllCall.getQualifier() = registryRequestMatchersCall
|
||||
)
|
||||
or
|
||||
exists(AnyRequestCall anyRequestCall |
|
||||
anyRequestCall.getQualifier() = authorizeRequestsCall and
|
||||
anyRequestCall.getQualifier() = authorizeCall and
|
||||
permitAllCall.getQualifier() = anyRequestCall
|
||||
)
|
||||
)
|
||||
or
|
||||
exists(AuthorizeRequestsCall authorizeRequestsCall |
|
||||
exists(AuthorizeCall authorizeCall |
|
||||
// http.authorizeRequests([...]).[...]
|
||||
authorizeRequestsCall.getQualifier() instanceof VarAccess
|
||||
authorizeCall.getQualifier() instanceof VarAccess
|
||||
|
|
||||
// [...].authorizeRequests(r -> r.requestMatchers(EndpointRequest).permitAll())
|
||||
authorizeRequestsCall.getArgument(0).(LambdaExpr).getExprBody() = permitAllCall and
|
||||
authorizeCall.getArgument(0).(LambdaExpr).getExprBody() = permitAllCall and
|
||||
permitAllCall.getQualifier() instanceof RegistryRequestMatchersCall
|
||||
or
|
||||
// [...].authorizeRequests().requestMatchers(EndpointRequest).permitAll() or
|
||||
authorizeRequestsCall.getNumArgument() = 0 and
|
||||
authorizeCall.getNumArgument() = 0 and
|
||||
exists(RegistryRequestMatchersCall registryRequestMatchersCall |
|
||||
registryRequestMatchersCall.getQualifier() = authorizeRequestsCall and
|
||||
registryRequestMatchersCall.getQualifier() = authorizeCall and
|
||||
permitAllCall.getQualifier() = registryRequestMatchersCall
|
||||
)
|
||||
)
|
||||
|
||||
@@ -2,6 +2,7 @@ import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointR
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
|
||||
public class SpringBootActuatorsTest {
|
||||
// Spring security version 5.2.3 used `authorizeRequests` and `requestMatcher(s)`
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests(requests -> requests.anyRequest().permitAll()); // $ hasExposedSpringBootActuator
|
||||
}
|
||||
@@ -101,4 +102,166 @@ public class SpringBootActuatorsTest {
|
||||
protected void configureOkNoPermitAll7(HttpSecurity http) throws Exception {
|
||||
http.requestMatchers(matcher -> EndpointRequest.toAnyEndpoint()).authorizeRequests().anyRequest();
|
||||
}
|
||||
|
||||
// Spring security version 5.5.0 introduced `authorizeHttpRequests`
|
||||
protected void configure_authorizeHttpRequests(HttpSecurity http) throws Exception {
|
||||
http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeHttpRequests(requests -> requests.anyRequest().permitAll()); // $ hasExposedSpringBootActuator
|
||||
}
|
||||
|
||||
protected void configure2_authorizeHttpRequests(HttpSecurity http) throws Exception {
|
||||
http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeHttpRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll(); // $ hasExposedSpringBootActuator
|
||||
}
|
||||
|
||||
protected void configure3_authorizeHttpRequests(HttpSecurity http) throws Exception {
|
||||
http.requestMatchers(matcher -> EndpointRequest.toAnyEndpoint()).authorizeHttpRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll(); // $ hasExposedSpringBootActuator
|
||||
}
|
||||
|
||||
protected void configure4_authorizeHttpRequests(HttpSecurity http) throws Exception {
|
||||
http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeHttpRequests().anyRequest().permitAll(); // $ hasExposedSpringBootActuator
|
||||
}
|
||||
|
||||
protected void configure5_authorizeHttpRequests(HttpSecurity http) throws Exception {
|
||||
http.authorizeHttpRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll(); // $ hasExposedSpringBootActuator
|
||||
}
|
||||
|
||||
protected void configure6_authorizeHttpRequests(HttpSecurity http) throws Exception {
|
||||
http.authorizeHttpRequests(requests -> requests.requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()); // $ hasExposedSpringBootActuator
|
||||
}
|
||||
|
||||
protected void configure7_authorizeHttpRequests(HttpSecurity http) throws Exception {
|
||||
http.requestMatchers(matcher -> EndpointRequest.toAnyEndpoint()).authorizeHttpRequests().anyRequest().permitAll(); // $ hasExposedSpringBootActuator
|
||||
}
|
||||
|
||||
protected void configureOk3_authorizeHttpRequests(HttpSecurity http) throws Exception {
|
||||
http.authorizeHttpRequests().anyRequest().permitAll();
|
||||
}
|
||||
|
||||
protected void configureOk4_authorizeHttpRequests(HttpSecurity http) throws Exception {
|
||||
http.authorizeHttpRequests(authz -> authz.anyRequest().permitAll());
|
||||
}
|
||||
|
||||
protected void configureOkSafeEndpoints1_authorizeHttpRequests(HttpSecurity http) throws Exception {
|
||||
http.requestMatcher(EndpointRequest.to("health", "info")).authorizeHttpRequests(requests -> requests.anyRequest().permitAll());
|
||||
}
|
||||
|
||||
protected void configureOkSafeEndpoints2_authorizeHttpRequests(HttpSecurity http) throws Exception {
|
||||
http.requestMatcher(EndpointRequest.to("health")).authorizeHttpRequests().requestMatchers(EndpointRequest.to("health")).permitAll();
|
||||
}
|
||||
|
||||
protected void configureOkSafeEndpoints3_authorizeHttpRequests(HttpSecurity http) throws Exception {
|
||||
http.requestMatchers(matcher -> EndpointRequest.to("health", "info")).authorizeHttpRequests().requestMatchers(EndpointRequest.to("health", "info")).permitAll();
|
||||
}
|
||||
|
||||
protected void configureOkSafeEndpoints4_authorizeHttpRequests(HttpSecurity http) throws Exception {
|
||||
http.requestMatcher(EndpointRequest.to("health", "info")).authorizeHttpRequests().anyRequest().permitAll();
|
||||
}
|
||||
|
||||
protected void configureOkSafeEndpoints5_authorizeHttpRequests(HttpSecurity http) throws Exception {
|
||||
http.authorizeHttpRequests().requestMatchers(EndpointRequest.to("health", "info")).permitAll();
|
||||
}
|
||||
|
||||
protected void configureOkSafeEndpoints6_authorizeHttpRequests(HttpSecurity http) throws Exception {
|
||||
http.authorizeHttpRequests(requests -> requests.requestMatchers(EndpointRequest.to("health", "info")).permitAll());
|
||||
}
|
||||
|
||||
protected void configureOkSafeEndpoints7_authorizeHttpRequests(HttpSecurity http) throws Exception {
|
||||
http.requestMatchers(matcher -> EndpointRequest.to("health", "info")).authorizeHttpRequests().anyRequest().permitAll();
|
||||
}
|
||||
|
||||
protected void configureOkNoPermitAll1_authorizeHttpRequests(HttpSecurity http) throws Exception {
|
||||
http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeHttpRequests(requests -> requests.anyRequest());
|
||||
}
|
||||
|
||||
protected void configureOkNoPermitAll2_authorizeHttpRequests(HttpSecurity http) throws Exception {
|
||||
http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeHttpRequests().requestMatchers(EndpointRequest.toAnyEndpoint());
|
||||
}
|
||||
|
||||
protected void configureOkNoPermitAll3_authorizeHttpRequests(HttpSecurity http) throws Exception {
|
||||
http.requestMatchers(matcher -> EndpointRequest.toAnyEndpoint()).authorizeHttpRequests().requestMatchers(EndpointRequest.toAnyEndpoint());
|
||||
}
|
||||
|
||||
protected void configureOkNoPermitAll4_authorizeHttpRequests(HttpSecurity http) throws Exception {
|
||||
http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeHttpRequests().anyRequest();
|
||||
}
|
||||
|
||||
protected void configureOkNoPermitAll5_authorizeHttpRequests(HttpSecurity http) throws Exception {
|
||||
http.authorizeHttpRequests().requestMatchers(EndpointRequest.toAnyEndpoint());
|
||||
}
|
||||
|
||||
protected void configureOkNoPermitAll6_authorizeHttpRequests(HttpSecurity http) throws Exception {
|
||||
http.authorizeHttpRequests(requests -> requests.requestMatchers(EndpointRequest.toAnyEndpoint()));
|
||||
}
|
||||
|
||||
protected void configureOkNoPermitAll7_authorizeHttpRequests(HttpSecurity http) throws Exception {
|
||||
http.requestMatchers(matcher -> EndpointRequest.toAnyEndpoint()).authorizeHttpRequests().anyRequest();
|
||||
}
|
||||
|
||||
// Spring security version 5.8.0 introduced `securityMatcher(s)`
|
||||
protected void configure_securityMatchers(HttpSecurity http) throws Exception {
|
||||
http.securityMatcher(EndpointRequest.toAnyEndpoint()).authorizeHttpRequests(requests -> requests.anyRequest().permitAll()); // $ hasExposedSpringBootActuator
|
||||
}
|
||||
|
||||
protected void configure2_securityMatchers(HttpSecurity http) throws Exception {
|
||||
http.securityMatcher(EndpointRequest.toAnyEndpoint()).authorizeHttpRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll(); // $ hasExposedSpringBootActuator
|
||||
}
|
||||
|
||||
protected void configure3_securityMatchers(HttpSecurity http) throws Exception {
|
||||
http.securityMatchers(matcher -> EndpointRequest.toAnyEndpoint()).authorizeHttpRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll(); // $ hasExposedSpringBootActuator
|
||||
}
|
||||
|
||||
protected void configure4_securityMatchers(HttpSecurity http) throws Exception {
|
||||
http.securityMatcher(EndpointRequest.toAnyEndpoint()).authorizeHttpRequests().anyRequest().permitAll(); // $ hasExposedSpringBootActuator
|
||||
}
|
||||
|
||||
protected void configure7_securityMatchers(HttpSecurity http) throws Exception {
|
||||
http.securityMatchers(matcher -> EndpointRequest.toAnyEndpoint()).authorizeHttpRequests().anyRequest().permitAll(); // $ hasExposedSpringBootActuator
|
||||
}
|
||||
|
||||
protected void configureOk1_securityMatchers(HttpSecurity http) throws Exception {
|
||||
http.securityMatcher(EndpointRequest.toAnyEndpoint());
|
||||
}
|
||||
|
||||
protected void configureOk2_securityMatchers(HttpSecurity http) throws Exception {
|
||||
http.securityMatchers().requestMatchers(EndpointRequest.toAnyEndpoint());
|
||||
}
|
||||
|
||||
protected void configureOkSafeEndpoints1_securityMatchers(HttpSecurity http) throws Exception {
|
||||
http.securityMatcher(EndpointRequest.to("health", "info")).authorizeHttpRequests(requests -> requests.anyRequest().permitAll());
|
||||
}
|
||||
|
||||
protected void configureOkSafeEndpoints2_securityMatchers(HttpSecurity http) throws Exception {
|
||||
http.securityMatcher(EndpointRequest.to("health")).authorizeHttpRequests().requestMatchers(EndpointRequest.to("health")).permitAll();
|
||||
}
|
||||
|
||||
protected void configureOkSafeEndpoints3_securityMatchers(HttpSecurity http) throws Exception {
|
||||
http.securityMatchers(matcher -> EndpointRequest.to("health", "info")).authorizeHttpRequests().requestMatchers(EndpointRequest.to("health", "info")).permitAll();
|
||||
}
|
||||
|
||||
protected void configureOkSafeEndpoints4_securityMatchers(HttpSecurity http) throws Exception {
|
||||
http.securityMatcher(EndpointRequest.to("health", "info")).authorizeHttpRequests().anyRequest().permitAll();
|
||||
}
|
||||
|
||||
protected void configureOkSafeEndpoints7_securityMatchers(HttpSecurity http) throws Exception {
|
||||
http.securityMatchers(matcher -> EndpointRequest.to("health", "info")).authorizeHttpRequests().anyRequest().permitAll();
|
||||
}
|
||||
|
||||
protected void configureOkNoPermitAll1_securityMatchers(HttpSecurity http) throws Exception {
|
||||
http.securityMatcher(EndpointRequest.toAnyEndpoint()).authorizeHttpRequests(requests -> requests.anyRequest());
|
||||
}
|
||||
|
||||
protected void configureOkNoPermitAll2_securityMatchers(HttpSecurity http) throws Exception {
|
||||
http.securityMatcher(EndpointRequest.toAnyEndpoint()).authorizeHttpRequests().requestMatchers(EndpointRequest.toAnyEndpoint());
|
||||
}
|
||||
|
||||
protected void configureOkNoPermitAll3_securityMatchers(HttpSecurity http) throws Exception {
|
||||
http.securityMatchers(matcher -> EndpointRequest.toAnyEndpoint()).authorizeHttpRequests().requestMatchers(EndpointRequest.toAnyEndpoint());
|
||||
}
|
||||
|
||||
protected void configureOkNoPermitAll4_securityMatchers(HttpSecurity http) throws Exception {
|
||||
http.securityMatcher(EndpointRequest.toAnyEndpoint()).authorizeHttpRequests().anyRequest();
|
||||
}
|
||||
|
||||
protected void configureOkNoPermitAll7_securityMatchers(HttpSecurity http) throws Exception {
|
||||
http.securityMatchers(matcher -> EndpointRequest.toAnyEndpoint()).authorizeHttpRequests().anyRequest();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -9,6 +9,7 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer;
|
||||
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
|
||||
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
|
||||
import org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry;
|
||||
|
||||
public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<DefaultSecurityFilterChain, HttpSecurity>
|
||||
@@ -18,6 +19,14 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
|
||||
return this;
|
||||
}
|
||||
|
||||
public HttpSecurity securityMatcher(RequestMatcher requestMatcher) {
|
||||
return this;
|
||||
}
|
||||
|
||||
public HttpSecurity securityMatcher(String... patterns) {
|
||||
return this;
|
||||
}
|
||||
|
||||
public HttpSecurity authorizeRequests(
|
||||
Customizer<ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry> authorizeRequestsCustomizer)
|
||||
throws Exception {
|
||||
@@ -29,6 +38,17 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
|
||||
return null;
|
||||
}
|
||||
|
||||
public HttpSecurity authorizeHttpRequests(
|
||||
Customizer<AuthorizeHttpRequestsConfigurer<HttpSecurity>.AuthorizationManagerRequestMatcherRegistry> authorizeHttpRequestsCustomizer)
|
||||
throws Exception {
|
||||
return this;
|
||||
}
|
||||
|
||||
public AuthorizeHttpRequestsConfigurer<HttpSecurity>.AuthorizationManagerRequestMatcherRegistry authorizeHttpRequests()
|
||||
throws Exception {
|
||||
return null;
|
||||
}
|
||||
|
||||
public HttpSecurity requestMatchers(Customizer<RequestMatcherConfigurer> requestMatcherCustomizer) {
|
||||
return this;
|
||||
}
|
||||
@@ -37,6 +57,14 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
|
||||
return null;
|
||||
}
|
||||
|
||||
public HttpSecurity securityMatchers(Customizer<RequestMatcherConfigurer> requestMatcherCustomizer) {
|
||||
return this;
|
||||
}
|
||||
|
||||
public RequestMatcherConfigurer securityMatchers() {
|
||||
return null;
|
||||
}
|
||||
|
||||
public CsrfConfigurer<HttpSecurity> csrf() {
|
||||
return null;
|
||||
}
|
||||
|
||||
@@ -0,0 +1,18 @@
|
||||
package org.springframework.security.config.annotation.web.configurers;
|
||||
|
||||
import org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry;
|
||||
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
||||
|
||||
public final class AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>
|
||||
extends AbstractHttpConfigurer<AuthorizeHttpRequestsConfigurer<H>, H> {
|
||||
|
||||
public final class AuthorizationManagerRequestMatcherRegistry extends
|
||||
AbstractRequestMatcherRegistry<AuthorizedUrl> {
|
||||
}
|
||||
|
||||
public class AuthorizedUrl {
|
||||
public AuthorizationManagerRequestMatcherRegistry permitAll() {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user