How to use org.springframework.security.config.annotation.web

/**
 * Create a {@link List} of {@link AntPathRequestMatcher} instances that do not
 * specify an {@link HttpMethod}.
 *
 * @param antPatterns the ant patterns to create {@link AntPathRequestMatcher}
 * from
 *
 * @return a {@link List} of {@link AntPathRequestMatcher} instances
 */
public static List<RequestMatcher> antMatchers(String... antPatterns) {
  return antMatchers(null, antPatterns);
}

/**
 * Create a {@link List} of {@link RegexRequestMatcher} instances that do not
 * specify an {@link HttpMethod}.
 *
 * @param regexPatterns the regular expressions to create
 * {@link RegexRequestMatcher} from
 *
 * @return a {@link List} of {@link RegexRequestMatcher} instances
 */
public static List<RequestMatcher> regexMatchers(String... regexPatterns) {
  return regexMatchers(null, regexPatterns);
}

/**
 * Maps a {@link List} of
 * {@link org.springframework.security.web.util.matcher.AntPathRequestMatcher}
 * instances.
 *
 * @param method the {@link HttpMethod} to use for any
 * {@link HttpMethod}.
 *
 * @return the object that is chained after creating the {@link RequestMatcher}
 */
public C antMatchers(HttpMethod method) {
  return antMatchers(method, new String[] { "/**" });
}

private void registerDefaultEntryPoint(H http) {
  ExceptionHandlingConfigurer<H> exceptionHandling = http
      .getConfigurer(ExceptionHandlingConfigurer.class);
  if (exceptionHandling == null) {
    return;
  }
  exceptionHandling.defaultAuthenticationEntryPointFor(
      this.authenticationEntryPoint,
      this.requestMatcher);
}

private GrantedAuthoritiesMapper getGrantedAuthoritiesMapper() {
  GrantedAuthoritiesMapper grantedAuthoritiesMapper =
      this.getBuilder().getSharedObject(GrantedAuthoritiesMapper.class);
  if (grantedAuthoritiesMapper == null) {
    grantedAuthoritiesMapper = this.getGrantedAuthoritiesMapperBean();
    if (grantedAuthoritiesMapper != null) {
      this.getBuilder().setSharedObject(GrantedAuthoritiesMapper.class, grantedAuthoritiesMapper);
    }
  }
  return grantedAuthoritiesMapper;
}

@Override
public void configure(H http) throws Exception {
  X509AuthenticationFilter filter = getFilter(http
      .getSharedObject(AuthenticationManager.class));
  http.addFilter(filter);
}

static <B extends HttpSecurityBuilder<B>> ClientRegistrationRepository getClientRegistrationRepository(B builder) {
  ClientRegistrationRepository clientRegistrationRepository = builder.getSharedObject(ClientRegistrationRepository.class);
  if (clientRegistrationRepository == null) {
    clientRegistrationRepository = getClientRegistrationRepositoryBean(builder);
    builder.setSharedObject(ClientRegistrationRepository.class, clientRegistrationRepository);
  }
  return clientRegistrationRepository;
}

private AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken> getAuthenticationUserDetailsService(
    H http) {
  if (authenticationUserDetailsService == null) {
    userDetailsService(http.getSharedObject(UserDetailsService.class));
  }
  return authenticationUserDetailsService;
}

/**
 * Allows explicit configuration of the {@link RequestCache} to be used. Defaults to
 * try finding a {@link RequestCache} as a shared object. Then falls back to a
 * {@link HttpSessionRequestCache}.
 *
 * @param requestCache the explicit {@link RequestCache} to use
 * @return the {@link RequestCacheConfigurer} for further customization
 */
public RequestCacheConfigurer<H> requestCache(RequestCache requestCache) {
  getBuilder().setSharedObject(RequestCache.class, requestCache);
  return this;
}

@Override
public void configure(H http) throws Exception {
  LogoutFilter logoutFilter = createLogoutFilter(http);
  http.addFilter(logoutFilter);
}

@Override
public void configure(H http) throws Exception {
  HeaderWriterFilter headersFilter = createHeaderWriterFilter();
  http.addFilter(headersFilter);
}

/**
 * Create a {@link List} of
 * {@link org.springframework.security.web.util.matcher.RegexRequestMatcher} instances
 * that do not specify an {@link HttpMethod}.
 *
 * @param regexPatterns the regular expressions to create
 * {@link org.springframework.security.web.util.matcher.RegexRequestMatcher} from
 *
 * @return the object that is chained after creating the {@link RequestMatcher}
 */
public C regexMatchers(String... regexPatterns) {
  Assert.state(!this.anyRequestConfigured, "Can't configure regexMatchers after anyRequest");
  return chainRequestMatchers(RequestMatchers.regexMatchers(regexPatterns));
}

/**
 * Maps a {@link List} of
 * {@link org.springframework.security.web.util.matcher.AntPathRequestMatcher}
 * instances that do not care which {@link HttpMethod} is used.
 *
 * @param antPatterns the ant patterns to create
 * {@link org.springframework.security.web.util.matcher.AntPathRequestMatcher} from
 *
 * @return the object that is chained after creating the {@link RequestMatcher}
 */
public C antMatchers(String... antPatterns) {
  Assert.state(!this.anyRequestConfigured, "Can't configure antMatchers after anyRequest");
  return chainRequestMatchers(RequestMatchers.antMatchers(antPatterns));
}

@Override
public void configure(H http) throws Exception {
  authenticationFilter.afterPropertiesSet();
  http.addFilter(authenticationFilter);
}

@Test(expected = IllegalStateException.class)
public void getConfigurerWhenMultipleConfigurersThenThrowIllegalStateException() throws Exception {
  TestConfiguredSecurityBuilder builder = new TestConfiguredSecurityBuilder(mock(ObjectPostProcessor.class), true);
  builder.apply(new DelegateSecurityConfigurer());
  builder.apply(new DelegateSecurityConfigurer());
  builder.getConfigurer(DelegateSecurityConfigurer.class);
}

@Test(expected = IllegalStateException.class)
public void removeConfigurerWhenMultipleConfigurersThenThrowIllegalStateException() throws Exception {
  TestConfiguredSecurityBuilder builder = new TestConfiguredSecurityBuilder(mock(ObjectPostProcessor.class), true);
  builder.apply(new DelegateSecurityConfigurer());
  builder.apply(new DelegateSecurityConfigurer());
  builder.removeConfigurer(DelegateSecurityConfigurer.class);
}

  @Override
  public void init(TestConfiguredSecurityBuilder builder) throws Exception {
    builder.apply(CONFIGURER);
  }
}

  @Bean
  public MyFilter myFilter(UserDetailsService userDetailsService) {
    return new MyFilter(userDetailsService);
  }
}

/**
 * Maps a {@link List} of
 * {@link org.springframework.security.web.util.matcher.RegexRequestMatcher}
 * instances.
 *
 * @param method the {@link HttpMethod} to use or {@code null} for any
 * {@link HttpMethod}.
 * @param regexPatterns the regular expressions to create
 * {@link org.springframework.security.web.util.matcher.RegexRequestMatcher} from
 *
 * @return the object that is chained after creating the {@link RequestMatcher}
 */
public C regexMatchers(HttpMethod method, String... regexPatterns) {
  Assert.state(!this.anyRequestConfigured, "Can't configure regexMatchers after anyRequest");
  return chainRequestMatchers(RequestMatchers.regexMatchers(method, regexPatterns));
}

/**
 * Maps a {@link List} of
 * {@link org.springframework.security.web.util.matcher.AntPathRequestMatcher}
 * instances.
 *
 * @param method the {@link HttpMethod} to use or {@code null} for any
 * {@link HttpMethod}.
 * @param antPatterns the ant patterns to create. If {@code null} or empty, then matches on nothing.
 * {@link org.springframework.security.web.util.matcher.AntPathRequestMatcher} from
 *
 * @return the object that is chained after creating the {@link RequestMatcher}
 */
public C antMatchers(HttpMethod method, String... antPatterns) {
  Assert.state(!this.anyRequestConfigured, "Can't configure antMatchers after anyRequest");
  return chainRequestMatchers(RequestMatchers.antMatchers(method, antPatterns));
}