Merge branch '7.0.x' into 7.1.x

2026-05-22 21:33:16 +00:00 · 2026-04-15 16:55:42 -06:00
parent 6e894fd6b7 438c783c7d
commit a3cfa8e13e
3 changed files with 146 additions and 1 deletions
@@ -239,7 +239,9 @@ class HttpSecurityConfiguration {
 		Map<Class<?>, Object> sharedObjects = new HashMap<>();
 		sharedObjects.put(ApplicationContext.class, this.context);
 		sharedObjects.put(ContentNegotiationStrategy.class, this.contentNegotiationStrategy);
-		sharedObjects.put(PathPatternRequestMatcher.Builder.class, constructRequestMatcherBuilder(this.context));
+		sharedObjects.put(PathPatternRequestMatcher.Builder.class,
 				this.context.getBeanProvider(PathPatternRequestMatcher.Builder.class)
 					.getIfUnique(() -> constructRequestMatcherBuilder(this.context)));
 		return sharedObjects;
 	}
@@ -452,6 +452,18 @@ public class AuthorizeHttpRequestsConfigurerTests {
 		this.mvc.perform(requestWithAdmin).andExpect(status().isOk());
 	}
 	@Test
 	public void requestMatchersWhenBuilderBeanWithBasePathAndRawStringThenHonorsBasePath() throws Exception {
 		this.spring.register(RequestMatchersRawStringServletPathConfig.class, BasicController.class).autowire();
 		// @formatter:off
 		MockHttpServletRequestBuilder matchedByBasePath = get("/spring/path")
 				.servletPath("/spring")
 				.with(user("user").roles("USER"));
 		// @formatter:on
 		this.mvc.perform(matchedByBasePath).andExpect(status().isForbidden());
 		this.mvc.perform(get("/path").with(user("user").roles("USER"))).andExpect(status().isOk());
 	}
 	@Test
 	public void getWhenAnyRequestAuthenticatedConfiguredAndNoUserThenRespondsWithUnauthorized() throws Exception {
 		this.spring.register(AuthenticatedConfig.class, BasicController.class).autowire();
@@ -1359,6 +1371,32 @@ public class AuthorizeHttpRequestsConfigurerTests {
 	}
 	@Configuration
 	@EnableWebMvc
 	@EnableWebSecurity
 	static class RequestMatchersRawStringServletPathConfig {
 		@Bean
 		PathPatternRequestMatcherBuilderFactoryBean requestMatcherBuilder() {
 			PathPatternRequestMatcherBuilderFactoryBean bean = new PathPatternRequestMatcherBuilderFactoryBean();
 			bean.setBasePath("/spring");
 			return bean;
 		}
 		@Bean
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			return http
 					.authorizeHttpRequests((authorize) -> authorize
 						.requestMatchers("/path").hasRole("ADMIN")
 						.anyRequest().permitAll()
 					)
 					.build();
 			// @formatter:on
 		}
 	}
 	@Configuration
 	@EnableWebSecurity
 	static class AuthenticatedConfig {
@@ -125,6 +125,34 @@ public class HttpSecuritySecurityMatchersTests {
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
 	}
 	@Test
 	public void securityMatcherWhenBuilderBeanWithBasePathThenHonorsBasePath() throws Exception {
 		loadConfig(SecurityMatcherBuilderBeanConfig.class);
 		this.request.setServletPath("/spring");
 		this.request.setRequestURI("/spring/path");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 		setup();
 		this.request.setServletPath("");
 		this.request.setRequestURI("/path");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
 	}
 	@Test
 	public void securityMatchersWhenBuilderBeanWithBasePathAndRawStringsThenHonorsBasePath() throws Exception {
 		loadConfig(SecurityMatchersBuilderBeanConfig.class);
 		this.request.setServletPath("/spring");
 		this.request.setRequestURI("/spring/path");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
 		setup();
 		this.request.setServletPath("");
 		this.request.setRequestURI("/path");
 		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
 	}
 	@Test
 	public void securityMatchersWhenMultiMvcMatcherInLambdaThenAllPathsAreDenied() throws Exception {
 		loadConfig(MultiMvcMatcherInLambdaConfig.class);
@@ -430,6 +458,83 @@ public class HttpSecuritySecurityMatchersTests {
 	}
 	@EnableWebSecurity
 	@Configuration
 	@EnableWebMvc
 	@Import(UsersConfig.class)
 	static class SecurityMatcherBuilderBeanConfig {
 		@Bean
 		PathPatternRequestMatcherBuilderFactoryBean requestMatcherBuilder() {
 			PathPatternRequestMatcherBuilderFactoryBean bean = new PathPatternRequestMatcherBuilderFactoryBean();
 			bean.setBasePath("/spring");
 			return bean;
 		}
 		@Bean
 		SecurityFilterChain appSecurity(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
 				.securityMatcher("/path")
 				.httpBasic(withDefaults())
 				.authorizeHttpRequests((authorize) -> authorize
 					.anyRequest().denyAll());
 			// @formatter:on
 			return http.build();
 		}
 		@RestController
 		static class PathController {
 			@RequestMapping("/path")
 			String path() {
 				return "path";
 			}
 		}
 	}
 	@EnableWebSecurity
 	@Configuration
 	@EnableWebMvc
 	@Import(UsersConfig.class)
 	static class SecurityMatchersBuilderBeanConfig {
 		@Bean
 		PathPatternRequestMatcherBuilderFactoryBean requestMatcherBuilder() {
 			PathPatternRequestMatcherBuilderFactoryBean bean = new PathPatternRequestMatcherBuilderFactoryBean();
 			bean.setBasePath("/spring");
 			return bean;
 		}
 		@Bean
 		SecurityFilterChain appSecurity(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
 				.securityMatchers((matchers) -> matchers
 					.requestMatchers("/path")
 				)
 				.httpBasic(withDefaults())
 				.authorizeHttpRequests((authorize) -> authorize
 					.anyRequest().denyAll()
 				);
 			// @formatter:on
 			return http.build();
 		}
 		@RestController
 		static class PathController {
 			@RequestMapping("/path")
 			String path() {
 				return "path";
 			}
 		}
 	}
 	@Configuration
 	static class UsersConfig {