From 8cb615e9b60e920c9aa1ff7aba6d0b2171d2af57 Mon Sep 17 00:00:00 2001 From: Madhura Bhave Date: Thu, 20 Oct 2022 15:55:33 -0700 Subject: [PATCH] Remove workarounds for SecurityContextRepository --- .../servlet/ManagementWebSecurityAutoConfiguration.java | 6 ------ .../servlet/SpringBootWebSecurityConfiguration.java | 6 ------ .../security/method/SampleMethodSecurityApplication.java | 3 --- .../web/secure/CustomServletPathErrorPageTests.java | 3 --- .../CustomServletPathUnauthenticatedErrorPageTests.java | 3 --- .../src/test/java/smoketest/web/secure/ErrorPageTests.java | 3 --- .../smoketest/web/secure/UnauthenticatedErrorPageTests.java | 3 --- 7 files changed, 27 deletions(-) diff --git a/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfiguration.java b/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfiguration.java index ea859ef8b42c..599afa363871 100644 --- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfiguration.java +++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfiguration.java @@ -34,10 +34,6 @@ import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.web.SecurityFilterChain; -import org.springframework.security.web.context.DelegatingSecurityContextRepository; -import org.springframework.security.web.context.HttpSessionSecurityContextRepository; -import org.springframework.security.web.context.RequestAttributeSecurityContextRepository; -import org.springframework.security.web.context.SecurityContextRepository; import org.springframework.util.ClassUtils; /** @@ -71,8 +67,6 @@ SecurityFilterChain managementSecurityFilterChain(HttpSecurity http) throws Exce } http.formLogin(Customizer.withDefaults()); http.httpBasic(Customizer.withDefaults()); - http.setSharedObject(SecurityContextRepository.class, new DelegatingSecurityContextRepository( - new RequestAttributeSecurityContextRepository(), new HttpSessionSecurityContextRepository())); return http.build(); } diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/servlet/SpringBootWebSecurityConfiguration.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/servlet/SpringBootWebSecurityConfiguration.java index 2b8e7960d534..840832125a53 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/servlet/SpringBootWebSecurityConfiguration.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/servlet/SpringBootWebSecurityConfiguration.java @@ -29,10 +29,6 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.web.SecurityFilterChain; -import org.springframework.security.web.context.DelegatingSecurityContextRepository; -import org.springframework.security.web.context.HttpSessionSecurityContextRepository; -import org.springframework.security.web.context.RequestAttributeSecurityContextRepository; -import org.springframework.security.web.context.SecurityContextRepository; /** * {@link Configuration @Configuration} class securing servlet applications. @@ -60,8 +56,6 @@ SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Excepti http.authorizeHttpRequests().anyRequest().authenticated(); http.formLogin(); http.httpBasic(); - http.setSharedObject(SecurityContextRepository.class, new DelegatingSecurityContextRepository( - new RequestAttributeSecurityContextRepository(), new HttpSessionSecurityContextRepository())); return http.build(); } diff --git a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-method-security/src/main/java/smoketest/security/method/SampleMethodSecurityApplication.java b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-method-security/src/main/java/smoketest/security/method/SampleMethodSecurityApplication.java index e4ae797af201..52b380dfe6d0 100644 --- a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-method-security/src/main/java/smoketest/security/method/SampleMethodSecurityApplication.java +++ b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-method-security/src/main/java/smoketest/security/method/SampleMethodSecurityApplication.java @@ -31,8 +31,6 @@ import org.springframework.security.core.userdetails.User; import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.springframework.security.web.SecurityFilterChain; -import org.springframework.security.web.context.RequestAttributeSecurityContextRepository; -import org.springframework.security.web.context.SecurityContextRepository; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.servlet.config.annotation.ViewControllerRegistry; @@ -95,7 +93,6 @@ SecurityFilterChain actuatorSecurity(HttpSecurity http) throws Exception { http.securityMatcher(EndpointRequest.toAnyEndpoint()); http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated()); http.httpBasic(); - http.setSharedObject(SecurityContextRepository.class, new RequestAttributeSecurityContextRepository()); return http.build(); } diff --git a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/CustomServletPathErrorPageTests.java b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/CustomServletPathErrorPageTests.java index 9906554b1e2c..7b0f55e80201 100644 --- a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/CustomServletPathErrorPageTests.java +++ b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/CustomServletPathErrorPageTests.java @@ -21,8 +21,6 @@ import org.springframework.context.annotation.Bean; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.web.SecurityFilterChain; -import org.springframework.security.web.context.RequestAttributeSecurityContextRepository; -import org.springframework.security.web.context.SecurityContextRepository; /** * Tests to ensure that the error page with a custom servlet path is accessible only to @@ -51,7 +49,6 @@ SecurityFilterChain configure(HttpSecurity http) throws Exception { requests.anyRequest().fullyAuthenticated(); }); http.httpBasic(); - http.setSharedObject(SecurityContextRepository.class, new RequestAttributeSecurityContextRepository()); http.formLogin((form) -> form.loginPage("/custom/servlet/path/login").permitAll()); return http.build(); } diff --git a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/CustomServletPathUnauthenticatedErrorPageTests.java b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/CustomServletPathUnauthenticatedErrorPageTests.java index ba4ce2e9af9d..81946f7b9680 100644 --- a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/CustomServletPathUnauthenticatedErrorPageTests.java +++ b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/CustomServletPathUnauthenticatedErrorPageTests.java @@ -20,8 +20,6 @@ import org.springframework.context.annotation.Bean; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.web.SecurityFilterChain; -import org.springframework.security.web.context.RequestAttributeSecurityContextRepository; -import org.springframework.security.web.context.SecurityContextRepository; /** * Tests for error page that permits access to all with a custom servlet path. @@ -50,7 +48,6 @@ SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Excepti requests.requestMatchers("/public/**").permitAll(); requests.anyRequest().authenticated(); }); - http.setSharedObject(SecurityContextRepository.class, new RequestAttributeSecurityContextRepository()); http.httpBasic(); return http.build(); } diff --git a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/ErrorPageTests.java b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/ErrorPageTests.java index cb1e0115f72d..24fb0c08eb78 100644 --- a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/ErrorPageTests.java +++ b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/ErrorPageTests.java @@ -21,8 +21,6 @@ import org.springframework.context.annotation.Bean; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.web.SecurityFilterChain; -import org.springframework.security.web.context.RequestAttributeSecurityContextRepository; -import org.springframework.security.web.context.SecurityContextRepository; /** * Tests to ensure that the error page is accessible only to authorized users. @@ -49,7 +47,6 @@ SecurityFilterChain configure(HttpSecurity http) throws Exception { requests.requestMatchers("/public/**").permitAll(); requests.anyRequest().fullyAuthenticated(); }); - http.setSharedObject(SecurityContextRepository.class, new RequestAttributeSecurityContextRepository()); http.httpBasic(); http.formLogin((form) -> form.loginPage("/login").permitAll()); return http.build(); diff --git a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/UnauthenticatedErrorPageTests.java b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/UnauthenticatedErrorPageTests.java index ddfd95497461..17f88761ec9f 100644 --- a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/UnauthenticatedErrorPageTests.java +++ b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/UnauthenticatedErrorPageTests.java @@ -21,8 +21,6 @@ import org.springframework.context.annotation.Bean; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.web.SecurityFilterChain; -import org.springframework.security.web.context.RequestAttributeSecurityContextRepository; -import org.springframework.security.web.context.SecurityContextRepository; /** * Tests for error page that permits access to all. @@ -50,7 +48,6 @@ SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Excepti requests.requestMatchers("/public/**").permitAll(); requests.anyRequest().authenticated(); }); - http.setSharedObject(SecurityContextRepository.class, new RequestAttributeSecurityContextRepository()); http.httpBasic(); return http.build(); }