diff --git a/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/servlet/CloudFoundryActuatorAutoConfiguration.java b/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/servlet/CloudFoundryActuatorAutoConfiguration.java index 4b4c2d4c38cf..b1c95992be98 100644 --- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/servlet/CloudFoundryActuatorAutoConfiguration.java +++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/servlet/CloudFoundryActuatorAutoConfiguration.java @@ -62,6 +62,7 @@ import org.springframework.security.config.annotation.web.WebSecurityConfigurer; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer; +import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher; import org.springframework.security.web.util.matcher.OrRequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.web.cors.CorsConfiguration; @@ -183,15 +184,12 @@ static class IgnoredCloudFoundryPathsWebSecurityCustomizer implements WebSecurit } @Override - @SuppressWarnings("removal") public void customize(WebSecurity web) { List requestMatchers = new ArrayList<>(); this.pathMappedEndpoints.getAllPaths() - .forEach((path) -> requestMatchers - .add(new org.springframework.security.web.util.matcher.AntPathRequestMatcher(path + "/**"))); - requestMatchers.add(new org.springframework.security.web.util.matcher.AntPathRequestMatcher(BASE_PATH)); - requestMatchers - .add(new org.springframework.security.web.util.matcher.AntPathRequestMatcher(BASE_PATH + "/")); + .forEach((path) -> requestMatchers.add(PathPatternRequestMatcher.withDefaults().matcher(path + "/**"))); + requestMatchers.add(PathPatternRequestMatcher.withDefaults().matcher(BASE_PATH)); + requestMatchers.add(PathPatternRequestMatcher.withDefaults().matcher(BASE_PATH + "/")); web.ignoring().requestMatchers(new OrRequestMatcher(requestMatchers)); } diff --git a/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/servlet/AntPathRequestMatcherProvider.java b/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/servlet/AntPathRequestMatcherProvider.java index 62b477cffacf..16e21d9b7560 100644 --- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/servlet/AntPathRequestMatcherProvider.java +++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/servlet/AntPathRequestMatcherProvider.java @@ -19,11 +19,11 @@ import java.util.function.Function; import org.springframework.http.HttpMethod; -import org.springframework.security.web.util.matcher.AntPathRequestMatcher; +import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher; /** - * {@link RequestMatcherProvider} that provides an {@link AntPathRequestMatcher}. + * {@link RequestMatcherProvider} that provides an {@link PathPatternRequestMatcher}. * * @author Madhura Bhave * @author Chris Bono @@ -37,11 +37,9 @@ class AntPathRequestMatcherProvider implements RequestMatcherProvider { } @Override - @SuppressWarnings("removal") public RequestMatcher getRequestMatcher(String pattern, HttpMethod httpMethod) { String path = this.pathFactory.apply(pattern); - return new org.springframework.security.web.util.matcher.AntPathRequestMatcher(path, - (httpMethod != null) ? httpMethod.name() : null); + return PathPatternRequestMatcher.withDefaults().matcher(httpMethod, path); } } diff --git a/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/servlet/EndpointRequest.java b/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/servlet/EndpointRequest.java index daf3eb5cc724..bcea3b91716a 100644 --- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/servlet/EndpointRequest.java +++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/servlet/EndpointRequest.java @@ -42,6 +42,7 @@ import org.springframework.core.annotation.MergedAnnotation; import org.springframework.core.annotation.MergedAnnotations; import org.springframework.http.HttpMethod; +import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher; import org.springframework.security.web.util.matcher.OrRequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.util.Assert; @@ -231,14 +232,12 @@ protected List getLinksMatchers(RequestMatcherFactory requestMat return linksMatchers; } - @SuppressWarnings("removal") protected RequestMatcherProvider getRequestMatcherProvider(WebApplicationContext context) { try { return getRequestMatcherProviderBean(context); } catch (NoSuchBeanDefinitionException ex) { - return (pattern, method) -> new org.springframework.security.web.util.matcher.AntPathRequestMatcher( - pattern, (method != null) ? method.name() : null); + return (pattern, method) -> PathPatternRequestMatcher.withDefaults().matcher(method, pattern); } } diff --git a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/servlet/CloudFoundryActuatorAutoConfigurationTests.java b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/servlet/CloudFoundryActuatorAutoConfigurationTests.java index ea064bf689ac..e9bb84386d75 100644 --- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/servlet/CloudFoundryActuatorAutoConfigurationTests.java +++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/servlet/CloudFoundryActuatorAutoConfigurationTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2012-2024 the original author or authors. + * Copyright 2012-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -182,8 +182,10 @@ void cloudFoundryPathsIgnoredBySpringSecurity() { testCloudFoundrySecurity(request, BASE_PATH + "/test", chain); testCloudFoundrySecurity(request, BASE_PATH + "/test/a", chain); request.setServletPath(BASE_PATH + "/other-path"); + request.setRequestURI(BASE_PATH + "/other-path"); assertThat(chain.matches(request)).isFalse(); request.setServletPath("/some-other-path"); + request.setRequestURI("/some-other-path"); assertThat(chain.matches(request)).isFalse(); }); } @@ -211,7 +213,7 @@ private FilterChainProxy getFilterChainProxy(Filter filter) { private static void testCloudFoundrySecurity(MockHttpServletRequest request, String servletPath, SecurityFilterChain chain) { - request.setServletPath(servletPath); + request.setRequestURI(servletPath); assertThat(chain.matches(request)).isTrue(); } diff --git a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/EndpointRequestTests.java b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/EndpointRequestTests.java index 3c112666effe..3d90fa434347 100644 --- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/EndpointRequestTests.java +++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/EndpointRequestTests.java @@ -430,7 +430,7 @@ private MockHttpServletRequest mockRequest(HttpMethod httpMethod, String servlet servletContext.setAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE, this.context); MockHttpServletRequest request = new MockHttpServletRequest(servletContext); if (servletPath != null) { - request.setServletPath(servletPath); + request.setRequestURI(servletPath); } if (httpMethod != null) { request.setMethod(httpMethod.name()); diff --git a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfigurationTests.java b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfigurationTests.java index 229541e04610..354a81526a39 100644 --- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfigurationTests.java +++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfigurationTests.java @@ -52,7 +52,7 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.web.FilterChainProxy; import org.springframework.security.web.SecurityFilterChain; -import org.springframework.security.web.util.matcher.AntPathRequestMatcher; +import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher; import org.springframework.web.context.ConfigurableWebApplicationContext; import org.springframework.web.context.WebApplicationContext; @@ -206,7 +206,7 @@ private HttpStatus getResponseStatus(AssertableWebApplicationContext context, St MockHttpServletResponse response = new MockHttpServletResponse(); servletContext.setAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE, context); MockHttpServletRequest request = new MockHttpServletRequest(servletContext); - request.setServletPath(path); + request.setRequestURI(path); request.setMethod("GET"); filterChainProxy.doFilter(request, response, new MockFilterChain()); return HttpStatus.valueOf(response.getStatus()); @@ -216,10 +216,9 @@ private HttpStatus getResponseStatus(AssertableWebApplicationContext context, St static class CustomSecurityConfiguration { @Bean - @SuppressWarnings("removal") SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http.authorizeHttpRequests((requests) -> { - requests.requestMatchers(new AntPathRequestMatcher("/foo")).permitAll(); + requests.requestMatchers(PathPatternRequestMatcher.withDefaults().matcher("/foo")).permitAll(); requests.anyRequest().authenticated(); }); http.formLogin(withDefaults()); @@ -246,9 +245,8 @@ static class TestRemoteDevToolsSecurityFilterChainConfig extends TestSecurityFil @Bean @Order(SecurityProperties.BASIC_AUTH_ORDER - 1) - @SuppressWarnings("removal") SecurityFilterChain testRemoteDevToolsSecurityFilterChain(HttpSecurity http) throws Exception { - http.securityMatcher(new AntPathRequestMatcher("/**")); + http.securityMatcher(PathPatternRequestMatcher.withDefaults().matcher("/**")); http.authorizeHttpRequests((requests) -> requests.anyRequest().anonymous()); http.csrf((csrf) -> csrf.disable()); return http.build(); diff --git a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/SecurityRequestMatchersManagementContextConfigurationTests.java b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/SecurityRequestMatchersManagementContextConfigurationTests.java index 2423fff04291..c08f6e30cda3 100644 --- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/SecurityRequestMatchersManagementContextConfigurationTests.java +++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/SecurityRequestMatchersManagementContextConfigurationTests.java @@ -27,6 +27,7 @@ import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.web.util.matcher.RequestMatcher; +import org.springframework.web.util.pattern.PathPatternParser; import static org.assertj.core.api.Assertions.assertThat; @@ -60,7 +61,8 @@ void registersRequestMatcherProviderIfMvcPresent() { this.contextRunner.withUserConfiguration(TestMvcConfiguration.class).run((context) -> { AntPathRequestMatcherProvider matcherProvider = context.getBean(AntPathRequestMatcherProvider.class); RequestMatcher requestMatcher = matcherProvider.getRequestMatcher("/example", null); - assertThat(requestMatcher).extracting("pattern").isEqualTo("/custom/example"); + assertThat(requestMatcher).extracting("pattern") + .isEqualTo(PathPatternParser.defaultInstance.parse("/custom/example")); }); } @@ -71,7 +73,8 @@ void registersRequestMatcherForJerseyProviderIfJerseyPresentAndMvcAbsent() { .run((context) -> { AntPathRequestMatcherProvider matcherProvider = context.getBean(AntPathRequestMatcherProvider.class); RequestMatcher requestMatcher = matcherProvider.getRequestMatcher("/example", null); - assertThat(requestMatcher).extracting("pattern").isEqualTo("/admin/example"); + assertThat(requestMatcher).extracting("pattern") + .isEqualTo(PathPatternParser.defaultInstance.parse("/admin/example")); }); } diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/servlet/PathRequest.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/servlet/PathRequest.java index 530d30a044fc..438befcd631a 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/servlet/PathRequest.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/servlet/PathRequest.java @@ -1,5 +1,5 @@ /* - * Copyright 2012-2022 the original author or authors. + * Copyright 2012-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -24,6 +24,7 @@ import org.springframework.boot.autoconfigure.security.StaticResourceLocation; import org.springframework.boot.security.servlet.ApplicationContextRequestMatcher; import org.springframework.boot.web.context.WebServerApplicationContext; +import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.web.context.WebApplicationContext; @@ -76,10 +77,9 @@ protected boolean ignoreApplicationContext(WebApplicationContext applicationCont } @Override - @SuppressWarnings("removal") protected void initialized(Supplier h2ConsoleProperties) { - this.delegate = new org.springframework.security.web.util.matcher.AntPathRequestMatcher( - h2ConsoleProperties.get().getPath() + "/**"); + this.delegate = PathPatternRequestMatcher.withDefaults() + .matcher(h2ConsoleProperties.get().getPath() + "/**"); } @Override diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/servlet/StaticResourceRequest.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/servlet/StaticResourceRequest.java index 67fd2a223141..62200d562f58 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/servlet/StaticResourceRequest.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/servlet/StaticResourceRequest.java @@ -28,6 +28,7 @@ import org.springframework.boot.autoconfigure.web.servlet.DispatcherServletPath; import org.springframework.boot.security.servlet.ApplicationContextRequestMatcher; import org.springframework.boot.web.context.WebServerApplicationContext; +import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher; import org.springframework.security.web.util.matcher.OrRequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.util.Assert; @@ -134,10 +135,8 @@ protected void initialized(Supplier dispatcherServletPath this.delegate = new OrRequestMatcher(getDelegateMatchers(dispatcherServletPath.get()).toList()); } - @SuppressWarnings("removal") private Stream getDelegateMatchers(DispatcherServletPath dispatcherServletPath) { - return getPatterns(dispatcherServletPath) - .map(org.springframework.security.web.util.matcher.AntPathRequestMatcher::new); + return getPatterns(dispatcherServletPath).map(PathPatternRequestMatcher.withDefaults()::matcher); } private Stream getPatterns(DispatcherServletPath dispatcherServletPath) { diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/servlet/PathRequestTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/servlet/PathRequestTests.java index 7f30f8e7829e..b5c07801b461 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/servlet/PathRequestTests.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/servlet/PathRequestTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2012-2022 the original author or authors. + * Copyright 2012-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -25,6 +25,7 @@ import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockServletContext; import org.springframework.security.web.util.matcher.RequestMatcher; +import org.springframework.util.StringUtils; import org.springframework.web.context.WebApplicationContext; import static org.assertj.core.api.Assertions.assertThat; @@ -99,14 +100,14 @@ private MockHttpServletRequest mockRequest(String path) { MockServletContext servletContext = new MockServletContext(); servletContext.setAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE, this.context); MockHttpServletRequest request = new MockHttpServletRequest(servletContext); - request.setPathInfo(path); + request.setRequestURI(path); return request; } private String getRequestPath(HttpServletRequest request) { String url = request.getServletPath(); - if (request.getPathInfo() != null) { - url += request.getPathInfo(); + if (StringUtils.hasText(request.getRequestURI())) { + url += request.getRequestURI(); } return url; } diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/servlet/StaticResourceRequestTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/servlet/StaticResourceRequestTests.java index 7f2fe7869d01..99ddbd4c7f82 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/servlet/StaticResourceRequestTests.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/servlet/StaticResourceRequestTests.java @@ -25,6 +25,7 @@ import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockServletContext; import org.springframework.security.web.util.matcher.RequestMatcher; +import org.springframework.util.StringUtils; import org.springframework.web.context.WebApplicationContext; import static org.assertj.core.api.Assertions.assertThat; @@ -156,15 +157,18 @@ private MockHttpServletRequest mockRequest(String servletPath, String path) { MockHttpServletRequest request = new MockHttpServletRequest(servletContext); if (servletPath != null) { request.setServletPath(servletPath); + request.setRequestURI(servletPath + path); + } + else { + request.setRequestURI(path); } - request.setPathInfo(path); return request; } private String getRequestPath(HttpServletRequest request) { String url = request.getServletPath(); - if (request.getPathInfo() != null) { - url += request.getPathInfo(); + if (StringUtils.hasText(request.getRequestURI())) { + url += request.getRequestURI(); } return url; } diff --git a/spring-boot-project/spring-boot-devtools/src/main/java/org/springframework/boot/devtools/autoconfigure/RemoteDevtoolsSecurityConfiguration.java b/spring-boot-project/spring-boot-devtools/src/main/java/org/springframework/boot/devtools/autoconfigure/RemoteDevtoolsSecurityConfiguration.java index 0a306881d908..5acf44cbf1e3 100644 --- a/spring-boot-project/spring-boot-devtools/src/main/java/org/springframework/boot/devtools/autoconfigure/RemoteDevtoolsSecurityConfiguration.java +++ b/spring-boot-project/spring-boot-devtools/src/main/java/org/springframework/boot/devtools/autoconfigure/RemoteDevtoolsSecurityConfiguration.java @@ -1,5 +1,5 @@ /* - * Copyright 2012-2024 the original author or authors. + * Copyright 2012-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -25,6 +25,7 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer; import org.springframework.security.web.SecurityFilterChain; +import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher; /** * Spring Security configuration that allows anonymous access to the remote devtools @@ -45,10 +46,9 @@ class RemoteDevtoolsSecurityConfiguration { } @Bean - @SuppressWarnings("removal") @Order(SecurityProperties.BASIC_AUTH_ORDER - 1) SecurityFilterChain devtoolsSecurityFilterChain(HttpSecurity http) throws Exception { - http.securityMatcher(new org.springframework.security.web.util.matcher.AntPathRequestMatcher(this.url)); + http.securityMatcher(PathPatternRequestMatcher.withDefaults().matcher(this.url)); http.authorizeHttpRequests((requests) -> requests.anyRequest().anonymous()); http.csrf(CsrfConfigurer::disable); return http.build(); diff --git a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-actuator-custom-security/src/main/java/smoketest/actuator/customsecurity/SecurityConfiguration.java b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-actuator-custom-security/src/main/java/smoketest/actuator/customsecurity/SecurityConfiguration.java index 4826137ba18b..9bbb126d5c72 100644 --- a/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-actuator-custom-security/src/main/java/smoketest/actuator/customsecurity/SecurityConfiguration.java +++ b/spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-actuator-custom-security/src/main/java/smoketest/actuator/customsecurity/SecurityConfiguration.java @@ -1,5 +1,5 @@ /* - * Copyright 2012-2023 the original author or authors. + * Copyright 2012-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -31,7 +31,7 @@ import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher; -import org.springframework.security.web.util.matcher.AntPathRequestMatcher; +import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher; import org.springframework.web.servlet.handler.HandlerMappingIntrospector; import static org.springframework.security.config.Customizer.withDefaults; @@ -68,9 +68,9 @@ SecurityFilterChain configure(HttpSecurity http, HandlerMappingIntrospector hand requests.requestMatchers(EndpointRequest.toAnyEndpoint().excluding(MappingsEndpoint.class)) .hasRole("ACTUATOR"); requests.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll(); - requests.requestMatchers(new AntPathRequestMatcher("/foo")).permitAll(); + requests.requestMatchers(PathPatternRequestMatcher.withDefaults().matcher("/foo")).permitAll(); requests.requestMatchers(new MvcRequestMatcher(handlerMappingIntrospector, "/error")).permitAll(); - requests.requestMatchers(new AntPathRequestMatcher("/**")).hasRole("USER"); + requests.requestMatchers(PathPatternRequestMatcher.withDefaults().matcher("/**")).hasRole("USER"); }); http.cors(withDefaults()); http.httpBasic(withDefaults());