stackoom
  简体   繁体   中英

How to migrate from WebSecurityConfigurerAdapter?

 原文  2022-07-13 13:30:15       java/ spring/ spring-boot/ spring-security

Question

As WebSecurityConfigurerAdapter is @Deprecated , how can I correctly move to org.springframework.security.web.SecurityFilterChain ?

I mean, what is the equivalent of the following deprecated configuration?

@Configuration
static class HttpSecurityConfiguration extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().anyRequest().authenticated();
        http.formLogin();
        http.httpBasic();
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER);
        http.csrf().disable();
    }
}

1 answers

solution1
 2 ACCPTED  2022-07-13 13:54:43

As documented in this blog remove the extends and expose the SecurityFilterChain .

@EnableWebSecurity
static class HttpSecurityConfiguration {
    @public
    public SecurityFilterChain filterChain(HttpSecurity http) {
        http.authorizeRequests().anyRequest().authenticated();
        http.formLogin();
        http.httpBasic();
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER);
        http.csrf().disable();
        return http.build();
    }
}

Ideally you would rewrite the authorize part as well.

@EnableWebSecurity
static class HttpSecurityConfiguration {
    @public
    public SecurityFilterChain filterChain(HttpSecurity http) {
        http.authorizeHttpRequests( (auth) -> auth.anyRequest().authenticated());
        http.formLogin();
        http.httpBasic();
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER);
        http.csrf().disable();
        return http.build();
    }
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to migrate deprecated WebSecurityConfigurerAdapter to SecurityFilterChain? How to migrate from WebSecurityConfigurerAdapter to SecurityFilterChain when using Azure Active Directory extract Username from inMemoryAuthentication() -WebSecurityConfigurerAdapter How to change HttpSecurity without WebSecurityConfigurerAdapter How to migrate from Tapestry 4 to 5? How to pass GenericFilterBean data to WebSecurityConfigurerAdapter in Spring Boot? How to replace deprecated WebSecurityConfigurerAdapter with multiple filters by SecurityFilterChain? How to migrate from Gradle to Kobalt? How to use both GlobalMethodSecurityConfiguration and a WebSecurityConfigurerAdapter in a Spring application How to solve 403 error on WebSecurityConfigurerAdapter with a valid JWT?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM