I use spring security for my application. Up to now I used
org.springframework.boot spring-boot-starter-web 1.2.5 RELEASE
now I want to use
org.springframework.boot spring-boot-starter-web 1.3.2 RELEASE
My SecurityConfiguration.java looks like this:
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userService;
@Autowired
public void configureAuth(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userService).passwordEncoder(new BCryptPasswordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().authenticated().and().formLogin().loginPage("/login.html")
.failureUrl("/login.html?error").defaultSuccessUrl("/index", true).permitAll().and().logout()
.logoutSuccessUrl("/logout.html").permitAll().and().csrf().disable();
}
}
One of my rest services looks like this:
@RequestMapping("/test")
@PreAuthorize("hasRole('ADMIN')")
public List<Tests> getTests() {
return ...
}
The old version works. With the newer version I get a 403 forbidden if I try to call the rest service. Does anyone know how to get this to work again?
When upgrading from 1.2.5 to 1.3.2 you also update spring-security from 3.X to 4.X.
You can override spring security dependency in your own project to keep previous version of spring-security. (I don't think that it is recommended, at least you will see a warning at startup)
Alternatively, you can read carefully the documentation bellow and perform all necessary configuration update when moving from spring-security 3.X to 4.X
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.