1

how to convert this method in the security configuration to the newest spring boot security version (there are many deprecated methods):

 @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.cors().and().csrf().disable()
                .exceptionHandling().authenticationEntryPoint(authEntryPointJwt).and()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
                .authorizeRequests().antMatchers("/api/auth/**").permitAll()
                .antMatchers("/api/test/**").permitAll()
                .anyRequest().authenticated();
        http.addFilterBefore(authTokenFilter, UsernamePasswordAuthenticationFilter.class);
        return http.build();
    }

I tried to update it to the newest spring security methods but I cannot find the correct methods, the docs don't help me.

Pang
  • 9,564
  • 146
  • 81
  • 122
asdt
  • 11
  • 1

1 Answers1

0

Preparing for Spring Security 7, you should use the Lambda DSL.

First remove and(). In the Lambda DSL there is no need to chain configuration options using the .and() method. The HttpSecurity instance is automatically returned for further configuration after the call to the lambda method.

Here is an example of the old DSL and the new Lambda DSL.

Old example:

@Configuration
@EnableWebSecurity
public class SecurityConfig {

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
            .authorizeHttpRequests(authorize -> authorize
                .requestMatchers("/blog/**").permitAll()
                .anyRequest().authenticated()
            )
            .formLogin(formLogin -> formLogin
                .loginPage("/login")
                .permitAll()
            )
            .rememberMe(Customizer.withDefaults());

        return http.build();
    }
}

Becomes with new Lambda DSL:

@Configuration
@EnableWebSecurity
public class SecurityConfig {

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
            .authorizeHttpRequests()
                .requestMatchers("/blog/**").permitAll()
                .anyRequest().authenticated()
                .and()
            .formLogin()
                .loginPage("/login")
                .permitAll()
                .and()
            .rememberMe();

        return http.build();
    }
}

Source: https://docs.spring.io/spring-security/reference/migration-7/configuration.html

If you still need help to convert your config, then leave a message and I will try my best in assisting you! :)

Colin Degen
  • 55
  • 9