spring-security 如何从WebSecurityConfigurerAdapter进行迁移？

64jmpszr 于 2022-11-11 发布在 Spring

关注(0)|答案(1)|浏览(275)

由于WebSecurityConfigurerAdapter是@Deprecated，我如何才能正确地移动到org.springframework.security.web.SecurityFilterChain？
我的意思是，下面的过时配置的等效配置是什么？

@Configuration
static class HttpSecurityConfiguration extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().anyRequest().authenticated();
        http.formLogin();
        http.httpBasic();
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER);
        http.csrf().disable();
    }
}

spring-security

来源：https://stackoverflow.com/questions/72967166/how-to-migrate-from-websecurityconfigureradapter

1条答案

按热度按时间

xqk2d5yq1#

如this blog中所述，移除extends并暴露SecurityFilterChain。

@EnableWebSecurity
static class HttpSecurityConfiguration {
    @public
    public SecurityFilterChain filterChain(HttpSecurity http) {
        http.authorizeRequests().anyRequest().authenticated();
        http.formLogin();
        http.httpBasic();
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER);
        http.csrf().disable();
        return http.build();
    }
}

理想情况下，您还应该重写授权部分。

@EnableWebSecurity
static class HttpSecurityConfiguration {
    @public
    public SecurityFilterChain filterChain(HttpSecurity http) {
        http
            .authorizeHttpRequests( (auth) -> auth.anyRequest().authenticated())
            .formLogin(Customizer.withDefaults())
            .httpBasic(Customizer.withDefaults())
            .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
            .csrf().disable();
        return http.build();
    }
}

赞(0）回复(0）举报 2022-11-11

我来回答

spring-security 如何从WebSecurityConfigurerAdapter进行迁移？

1条答案

相关问题

热门标签

最新问答