Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Simplify Java Configuration RequestMatcher Usage #11347

Closed
rwinch opened this issue Jun 7, 2022 · 2 comments
Closed

Simplify Java Configuration RequestMatcher Usage #11347

rwinch opened this issue Jun 7, 2022 · 2 comments
Assignees
@marcusdacoregio
Labels
in: config An issue in spring-security-config type: enhancement A general enhancement
Milestone
5.8.0-RC1

Comments

@rwinch
Copy link
Member

rwinch commented Jun 7, 2022
edited
Loading

By default, we should reject using the built in RequestMatcher implementations other than MvcRequestMatcher in a MvcRequestMatcher application.

Alternatively we can deprecate/remove antMatcher, regexMatchers, and mvcMatchers from the DSL and have a requestMatcher that is automatic based on the classpath. Users that want to opt out of this would need to use requestMatchers(new RegExRequestMatcher(...)). This makes it much more difficult to get the wrong configuration.
@rwinch rwinch added in: config An issue in spring-security-config type: enhancement A general enhancement labels Jun 7, 2022
@rwinch rwinch added this to the 6.0.x milestone Jun 7, 2022
@evgeniycheban
Copy link
Contributor

I can take this.

@rwinch
Copy link
Member Author

rwinch commented Jun 10, 2022

@evgeniycheban Thank you for the volunteering. This is going to be a pretty tricky issue with quite a bit of design necessary. For that reason, I'm not sure if it is an ideal for contribution issue.

@rwinch rwinch self-assigned this Jun 14, 2022
@jzheaux jzheaux mentioned this issue Jul 26, 2022
Closed
@rwinch rwinch assigned marcusdacoregio and unassigned rwinch Sep 20, 2022
@marcusdacoregio marcusdacoregio moved this to In Progress in Spring Security Team Sep 22, 2022
This was referenced Sep 22, 2022
Closed
Closed
@marcusdacoregio marcusdacoregio mentioned this issue Oct 3, 2022
Merged
@marcusdacoregio marcusdacoregio modified the milestones: 6.0.x, 5.8.0-RC1 Oct 3, 2022
@marcusdacoregio marcusdacoregio changed the title Support RequestMatcher Validation Make it easier to configure the right RequestMatcher in the DSL Oct 3, 2022
@marcusdacoregio marcusdacoregio changed the title Make it easier to configure the right RequestMatcher in the DSL Simplify Java Configuration RequestMatcher Usage Oct 3, 2022
marcusdacoregio added a commit to marcusdacoregio/spring-security that referenced this issue Oct 3, 2022
@marcusdacoregio
Simplify Java Configuration RequestMatcher Usage
ee7e60e 
If Spring MVC is present in the classpath, use MvcRequestMatcher by default. This commit also adds a new securityMatcher method in HttpSecurity

Closes spring-projectsgh-11347
Closes spring-projectsgh-9159
This was referenced Oct 3, 2022
Closed
Closed
marcusdacoregio added a commit that referenced this issue Oct 3, 2022
@marcusdacoregio
Merge branch '5.8.x'
ad2abd3 
Closes gh-11347 in 6.0.x
Closes gh-11945
Repository owner moved this from In Progress to Done in Spring Security Team Oct 3, 2022
sjohnr added a commit that referenced this issue Oct 3, 2022
@sjohnr
Fix servlet import
c847efd 
Issue gh-11347
Issue gh-9159
marcusdacoregio added a commit that referenced this issue Oct 4, 2022
@marcusdacoregio
Disable tests that need Spring MVC mocked in classpath
c6978fb 
Issue gh-11347
@marcusdacoregio marcusdacoregio mentioned this issue Oct 4, 2022
Closed
marcusdacoregio added a commit to marcusdacoregio/spring-security that referenced this issue Oct 4, 2022
@marcusdacoregio
Use modified classpath test support for tests that depend on the clas…
a4e4119 
…spath

Issue spring-projectsgh-11347
marcusdacoregio added a commit that referenced this issue Oct 4, 2022
@marcusdacoregio
Use modified classpath test support for tests that depend on the clas…
76d7a85 
…spath

Issue gh-11347
marcusdacoregio added a commit that referenced this issue Oct 5, 2022
@marcusdacoregio
Remove mvcMatchers usage from docs
ace8caa 
Issue gh-11347
marcusdacoregio added a commit that referenced this issue Oct 6, 2022
@marcusdacoregio
Add deprecation warning to mvcMatchers methods
bc4ad52 
Issue gh-11347
marcusdacoregio added a commit that referenced this issue Oct 6, 2022
@marcusdacoregio
Add deprecation warning to CsrfDsl#ignoringAntMatchers
8a5aed2 
Issue gh-11347
@marcusdacoregio marcusdacoregio mentioned this issue Oct 28, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@marcusdacoregio marcusdacoregio

Labels
in: config An issue in spring-security-config type: enhancement A general enhancement
Projects
Spring Security Team
Status: Done
Milestone
5.8.0-RC1
Development

No branches or pull requests
3 participants
@rwinch @marcusdacoregio @evgeniycheban