103103import org .springframework .web .filter .CorsFilter ;
104104import org .springframework .web .servlet .handler .HandlerMappingIntrospector ;
105105
106+ import static org .springframework .security .config .Customizer .withDefaults ;
107+
106108/**
107109 * A {@link HttpSecurity} is similar to Spring Security's XML <http> element in the
108110 * namespace configuration. It allows configuring web based security for specific http
@@ -219,8 +221,8 @@ private ApplicationContext getContext() {
219221 /**
220222 * Adds the Security headers to the response. This is activated by default when using
221223 * {@link EnableWebSecurity}. Accepting the default provided by
222- * {@link EnableWebSecurity} or only invoking {@link #headers() } without invoking
223- * additional methods on it, is the equivalent of:
224+ * {@link EnableWebSecurity} or only invoking {@link #headers(withDefaults()) } without
225+ * invoking additional methods on it, is the equivalent of:
224226 *
225227 * <pre>
226228 * @Configuration
@@ -266,8 +268,8 @@ private ApplicationContext getContext() {
266268 *
267269 * You can enable only a few of the headers by first invoking
268270 * {@link HeadersConfigurer#defaultsDisabled()} and then invoking the appropriate
269- * methods on the {@link #headers() } result. For example, the following will enable
270- * {@link HeadersConfigurer#cacheControl()} and
271+ * methods on the {@link #headers(withDefaults()) } result. For example, the following
272+ * will enable {@link HeadersConfigurer#cacheControl()} and
271273 * {@link HeadersConfigurer#frameOptions()} only.
272274 *
273275 * <pre>
@@ -331,7 +333,8 @@ public HeadersConfigurer<HttpSecurity> headers() throws Exception {
331333 * <h2>Example Configurations</h2>
332334 *
333335 * Accepting the default provided by {@link EnableWebSecurity} or only invoking
334- * {@link #headers()} without invoking additional methods on it, is the equivalent of:
336+ * {@link #headers(Customizer)} without invoking additional methods on it, is the
337+ * equivalent of:
335338 *
336339 * <pre>
337340 * @Configuration
@@ -372,9 +375,9 @@ public HeadersConfigurer<HttpSecurity> headers() throws Exception {
372375 *
373376 * You can enable only a few of the headers by first invoking
374377 * {@link HeadersConfigurer#defaultsDisabled()} and then invoking the appropriate
375- * methods on the {@link #headers()} result. For example, the following will enable
376- * {@link HeadersConfigurer#cacheControl()} and
377- * {@link HeadersConfigurer#frameOptions()} only.
378+ * methods on the {@link #headers(Customizer )} result. For example, the following will
379+ * enable {@link HeadersConfigurer#cacheControl(Customizer )} and
380+ * {@link HeadersConfigurer#frameOptions(Customizer )} only.
378381 *
379382 * <pre>
380383 * @Configuration
@@ -397,7 +400,7 @@ public HeadersConfigurer<HttpSecurity> headers() throws Exception {
397400 *
398401 * You can also choose to keep the defaults but explicitly disable a subset of
399402 * headers. For example, the following will enable all the default headers except
400- * {@link HeadersConfigurer#frameOptions()}.
403+ * {@link HeadersConfigurer#frameOptions(Customizer )}.
401404 *
402405 * <pre>
403406 * @Configuration
@@ -615,9 +618,10 @@ public HttpSecurity sessionManagement(
615618 * {@link HttpSecurity#getSharedObject(Class)}. Other provided
616619 * {@link SecurityConfigurer} objects use this configured {@link PortMapper} as a
617620 * default {@link PortMapper} when redirecting from HTTP to HTTPS or from HTTPS to
618- * HTTP (for example when used in combination with {@link #requiresChannel()}. By
619- * default Spring Security uses a {@link PortMapperImpl} which maps the HTTP port 8080
620- * to the HTTPS port 8443 and the HTTP port of 80 to the HTTPS port of 443.
621+ * HTTP (for example when used in combination with
622+ * {@link #requiresChannel(Customizer)} )}. By default Spring Security uses a
623+ * {@link PortMapperImpl} which maps the HTTP port 8080 to the HTTPS port 8443 and the
624+ * HTTP port of 80 to the HTTPS port of 443.
621625 *
622626 * <h2>Example Configuration</h2>
623627 *
@@ -657,7 +661,7 @@ public HttpSecurity sessionManagement(
657661 * <a href=
658662 * "https://docs.spring.io/spring-security/reference/migration-7/configuration.html#_use_the_lambda_dsl">documentation</a>
659663 * for more details.
660- * @see #requiresChannel()
664+ * @see #requiresChannel(withDefaults() )
661665 */
662666 @ Deprecated (since = "6.1" , forRemoval = true )
663667 public PortMapperConfigurer <HttpSecurity > portMapper () throws Exception {
@@ -669,9 +673,10 @@ public PortMapperConfigurer<HttpSecurity> portMapper() throws Exception {
669673 * {@link HttpSecurity#getSharedObject(Class)}. Other provided
670674 * {@link SecurityConfigurer} objects use this configured {@link PortMapper} as a
671675 * default {@link PortMapper} when redirecting from HTTP to HTTPS or from HTTPS to
672- * HTTP (for example when used in combination with {@link #requiresChannel()}. By
673- * default Spring Security uses a {@link PortMapperImpl} which maps the HTTP port 8080
674- * to the HTTPS port 8443 and the HTTP port of 80 to the HTTPS port of 443.
676+ * HTTP (for example when used in combination with
677+ * {@link #requiresChannel(withDefaults())}. By default Spring Security uses a
678+ * {@link PortMapperImpl} which maps the HTTP port 8080 to the HTTPS port 8443 and the
679+ * HTTP port of 80 to the HTTPS port of 443.
675680 *
676681 * <h2>Example Configuration</h2>
677682 *
@@ -714,7 +719,7 @@ public PortMapperConfigurer<HttpSecurity> portMapper() throws Exception {
714719 * {@link PortMapperConfigurer}
715720 * @return the {@link HttpSecurity} for further customizations
716721 * @throws Exception
717- * @see #requiresChannel()
722+ * @see #requiresChannel(Customizer )
718723 */
719724 public HttpSecurity portMapper (Customizer <PortMapperConfigurer <HttpSecurity >> portMapperCustomizer )
720725 throws Exception {
@@ -1776,7 +1781,7 @@ public HttpSecurity csrf(Customizer<CsrfConfigurer<HttpSecurity>> csrfCustomizer
17761781 * Provides logout support. This is automatically applied when using
17771782 * {@link EnableWebSecurity}. The default is that accessing the URL "/logout" will log
17781783 * the user out by invalidating the HTTP Session, cleaning up any
1779- * {@link #rememberMe()} authentication that was configured, clearing the
1784+ * {@link #rememberMe(Customizer )} authentication that was configured, clearing the
17801785 * {@link SecurityContextHolder}, and then redirect to "/login?success".
17811786 *
17821787 * <h2>Example Custom Configuration</h2>
@@ -1827,8 +1832,8 @@ public LogoutConfigurer<HttpSecurity> logout() throws Exception {
18271832 * Provides logout support. This is automatically applied when using
18281833 * {@link EnableWebSecurity}. The default is that accessing the URL "/logout" will log
18291834 * the user out by invalidating the HTTP Session, cleaning up any
1830- * {@link #rememberMe() } authentication that was configured, clearing the
1831- * {@link SecurityContextHolder}, and then redirect to "/login?success".
1835+ * {@link #rememberMe(withDefaults()) } authentication that was configured, clearing
1836+ * the {@link SecurityContextHolder}, and then redirect to "/login?success".
18321837 *
18331838 * <h2>Example Custom Configuration</h2>
18341839 *
@@ -2499,7 +2504,7 @@ public HttpSecurity saml2Logout(Customizer<Saml2LogoutConfigurer<HttpSecurity>>
24992504 * {@link RelyingPartyRegistration}(s) are composed within a
25002505 * {@link RelyingPartyRegistrationRepository}, which is <b>required</b> and must be
25012506 * registered with the {@link ApplicationContext} or configured via
2502- * {@link #saml2Login()}.<br>
2507+ * {@link #saml2Login(withDefaults() )}.<br>
25032508 * <br>
25042509 *
25052510 * The default configuration provides an auto-generated logout endpoint at
0 commit comments