Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

FACTOR uses defaultEntryPoint when possible

Browse Source 
Previously they used addEntryPointFor(entryPoint, AnyRequestMatcher.INSTANCE) to
work around gh-17955. They now can use defaultEntryPoint which is more concise.

Issue gh-gh-17955
This commit is contained in:
Rob Winch
2025-09-25 11:15:05 -05:00
parent 029e31ebe8
commit be20201bf7
2 changed files with 2 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
config/src/main/java/org/springframework/security/config/annotation/web/configurers/WebAuthnConfigurer.java
+1 -3
View File
@@ -35,7 +35,6 @@ import org.springframework.security.web.authentication.ui.DefaultLoginPageGenera
import org.springframework.security.web.authentication.ui.DefaultResourcesFilter;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.csrf.CsrfToken;
import org.springframework.security.web.util.matcher.AnyRequestMatcher;
import org.springframework.security.web.webauthn.api.PublicKeyCredentialRpEntity;
import org.springframework.security.web.webauthn.authentication.PublicKeyCredentialRequestOptionsFilter;
import org.springframework.security.web.webauthn.authentication.WebAuthnAuthenticationFilter;
@@ -159,8 +158,7 @@ public class WebAuthnConfigurer<H extends HttpSecurityBuilder<H>>
ExceptionHandlingConfigurer<H> exceptions = http.getConfigurer(ExceptionHandlingConfigurer.class);
if (exceptions != null) {
AuthenticationEntryPoint entryPoint = new LoginUrlAuthenticationEntryPoint("/login");
exceptions.defaultDeniedHandlerForMissingAuthority(
(ep) -> ep.addEntryPointFor(entryPoint, AnyRequestMatcher.INSTANCE),
exceptions.defaultDeniedHandlerForMissingAuthority((ep) -> ep.defaultEntryPoint(entryPoint),
GrantedAuthorities.FACTOR_WEBAUTHN_AUTHORITY);
}
}
config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java
+1 -3
View File
@@ -39,7 +39,6 @@ import org.springframework.security.web.authentication.preauth.x509.SubjectDnX50
import org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter;
import org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor;
import org.springframework.security.web.context.RequestAttributeSecurityContextRepository;
import org.springframework.security.web.util.matcher.AnyRequestMatcher;
/**
* Adds X509 based pre authentication to an application. Since validating the certificate
@@ -187,8 +186,7 @@ public final class X509Configurer<H extends HttpSecurityBuilder<H>>
ExceptionHandlingConfigurer<H> exceptions = http.getConfigurer(ExceptionHandlingConfigurer.class);
if (exceptions != null) {
AuthenticationEntryPoint forbidden = new Http403ForbiddenEntryPoint();
exceptions.defaultDeniedHandlerForMissingAuthority(
(ep) -> ep.addEntryPointFor(forbidden, AnyRequestMatcher.INSTANCE),
exceptions.defaultDeniedHandlerForMissingAuthority((ep) -> ep.defaultEntryPoint(forbidden),
GrantedAuthorities.FACTOR_X509_AUTHORITY);
}
}