Spring Security Java 17和Spring 6.0中的sessionManagement()

juud5qan  于 12个月前  发布在  Spring
关注(0)|答案(1)|浏览(238)

我正在尝试升级到Java 17和Spring 6.0,但下面的许多方法都已弃用。任何解决方案都将有所帮助。
SecurityFilterChain filterChain(HttpSecurity http)抛出异常{

http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
                                    .maximumSessions(maxNoOfSessions)
                                    .expiredUrl("/login")
                                    .and()
                                    .invalidSessionUrl(/login).and().csrf()
                                    .disable()
                                    .authorizeRequests()
                                    .antMatchers("/**/*.css","/**/*.ico","/**/*.svg")
                                    .permitAll().and()
                                    .authorizeRequests().anyRequest().authenticated().and().formLogin()
                                    .loginPage("/login")
                                    .failureUrl("login?error=true")
                                    .permitAll();
    http.authenticationProvider(authProvider);
    return http.build();

字符串
我尝试使用sessionManagement(Customizer<>),但没有效果。

wtzytmuj

wtzytmuj1#

根据Migration GuideLambda DSL
您当前的filterChain实现应该如下所示:

@Bean
  public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
    
    http.sessionManagement(sessionManagement -> {
      sessionManagement.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
          .maximumSessions(maxNoOfSessions)
          .expiredUrl("/login");
      sessionManagement.invalidSessionUrl("/login");
    });
    http.csrf(AbstractHttpConfigurer::disable);
    http.authorizeHttpRequests(request ->{
          request.anyRequest().authenticated();
        });
    http.formLogin(fLogin -> {
           fLogin.loginPage("/login");
           fLogin.failureUrl("login?error=true");
           fLogin.permitAll();
        });
    http.authenticationProvider(authProvider);
    
    return http.build();
  }

字符串

相关问题