Spring Security 在Sping Boot 3.1.1中，如何单独使用'.and()'，'.sessionManagement()'，'authorizeHttpRequests()'被弃用并标记为删除？

tmb3ates 于 2023-08-05 发布在 Spring

关注(0)|答案(1)|浏览(190)

你好，我有一个使用Sping Boot 3.1.1开发的应用程序。我的Spring安全配置在Sping Boot 3.0.6中工作得很好，但现在不再工作了。很多东西都贬值了。“.and（）.build（）"，“csrf（）"，“authorizeHttpRequests（）"，“sessionManagement（）”已被弃用并标记为删除，有哪些替代品？下面是我的代码。

@Configuration
@EnableWebSecurity
public class SecurityConfig {

    private static final String ADMIN = "ADMIN";
    private static final String USER = "USER";

    @Autowired
    private AuthenticationManager authenticationManager;

    @Bean
    public AuthenticationManager authManager(HttpSecurity http, BCryptPasswordEncoder bCryptPasswordEncoder,
                                             UserDetailsService userDetailsService)
            throws Exception {
        return http.getSharedObject(AuthenticationManagerBuilder.class)
                .userDetailsService(userDetailsService)
                .passwordEncoder(bCryptPasswordEncoder)
                .and()
                .build();
    }

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.csrf().disable()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
                .cors().configurationSource(request -> {
                    CorsConfiguration config = new CorsConfiguration();

                    config.setAllowedOrigins(Collections.singletonList("http://localhost:4200"));
                    config.setAllowedMethods(Collections.singletonList("*"));
                    config.setAllowCredentials(true);
                    config.setAllowedHeaders(Collections.singletonList("*"));
                    config.setExposedHeaders(List.of("Authorization"));
                    config.setMaxAge(3600L);
                    return config;
                }).and()
                .authorizeHttpRequests()
                .requestMatchers("/login").permitAll()
                .requestMatchers(HttpMethod.GET, "/api/v1/list/**").permitAll()
                .requestMatchers(HttpMethod.DELETE, "/api/v1/delete/**").hasAuthority(ADMIN)
                .requestMatchers(HttpMethod.PUT, "/api/v1/update/**").hasAuthority(ADMIN)
                .requestMatchers(HttpMethod.GET, "/api/v1/get/**").hasAnyAuthority(ADMIN, USER)
                .anyRequest().authenticated().and()
                .addFilterBefore(new JWTAuthenticationFilter(authenticationManager), UsernamePasswordAuthenticationFilter.class)
                .addFilterBefore(new JWTAuthorizationFilter(),UsernamePasswordAuthenticationFilter.class);
        return http.build();
    }

}

字符串

spring-security

来源：https://stackoverflow.com/questions/76617411/in-spring-boot-3-1-1-how-to-sole-and-sessionmanagement-authorizeht

1条答案

按热度按时间

daupos2t1#

符合文档，您可以通过使用DSL来做您想做的事情
您当前的impl看起来是这样的：

http.csrf(AbstractHttpConfigurer::disable)
        .sessionManagement(c -> c.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
            .cors(c -> c.configurationSource(
                request -> {
                  CorsConfiguration config = new CorsConfiguration();

                  config.setAllowedOrigins(Collections.singletonList("http://localhost:4200"));
                  config.setAllowedMethods(Collections.singletonList("*"));
                  config.setAllowCredentials(true);
                  config.setAllowedHeaders(Collections.singletonList("*"));
                  config.setExposedHeaders(List.of("Authorization"));
                  config.setMaxAge(3600L);
                  return config;
                }))
                .authorizeHttpRequests(c ->
                    c.requestMatchers("/login").permitAll()
                    .requestMatchers(HttpMethod.GET, "/api/v1/list/**").permitAll()
                    .requestMatchers(HttpMethod.DELETE, "/api/v1/delete/**").hasAuthority(ADMIN)
                    .requestMatchers(HttpMethod.PUT, "/api/v1/update/**").hasAuthority(ADMIN)
                    .requestMatchers(HttpMethod.GET, "/api/v1/get/**").hasAnyAuthority(ADMIN, USER)
                    .anyRequest().authenticated());
http.addFilterBefore(new JWTAuthenticationFilter(authenticationManager), UsernamePasswordAuthenticationFilter.class);
http.addFilterAfter(new JWTAuthorizationFilter(),UsernamePasswordAuthenticationFilter.class);
return http.build();

字符串

赞(0）回复(0）举报 2023-08-05

我来回答

Spring Security 在Sping Boot 3.1.1中，如何单独使用'.and()'，'.sessionManagement()'，'authorizeHttpRequests()'被弃用并标记为删除？

1条答案

相关问题

热门标签

最新问答