how can i fix spring-security version warning

129 Views Asked by Seo_Now At 29 November 2023 at 15:12

@Configurable
@EnableWebSecurity
@RequiredArgsConstructor
public class WebSecurityConfig {
    private final JwtAuthenticationFilter jwtAuthenticationFilter;

    @Bean
    protected SecurityFilterChain configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity
            .cors().and()
            .csrf().disable()
            .httpBasic().disable()
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
            .authorizeRequests()
            .requestMatchers("/", "/api/v1/auth/**").permitAll()
            .requestMatchers(HttpMethod.GET, "/api/v1/board/**").permitAll()
            .anyRequest().authenticated();

        httpSecurity.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
        return httpSecurity.getOrBuild();
    } 
}

cors() , and(), csrf(), httpBasic(), sessionManagement() from the type HttpSecurity has been deprecated since version 6.1 and marked for removal

The method permitAll() from the type ExpressionUrlAuthorizationConfigurer.AuthorizedUrl is deprecated

how can i fix these error?

https://youtu.be/l58zLT5l6BY?si=qei5bR1r5LaLY7tT

I'm following this video

video's SpringBoot version is 2.7.14 my SpringBoot version is 3.2.0

So what should I change?

I'm just copying without knowledge of the spring boot :(

please help me ToT

Original Q&A

There are 1 best solutions below

Andrei Lisa On 29 November 2023 at 15:31

According to documentation and Migration Guide you have to replace current one implementation to next one to avoid using deprecated methods:

@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class WebSecurityConfig {
  private final JwtAuthenticationFilter jwtAuthenticationFilter;

  @Bean
  protected SecurityFilterChain configure(HttpSecurity httpSecurity) throws Exception {
    
    httpSecurity.cors(AbstractHttpConfigurer::disable);
    httpSecurity.csrf(AbstractHttpConfigurer::disable);
    httpSecurity.httpBasic(AbstractHttpConfigurer::disable);

    httpSecurity.sessionManagement(session -> 
            session.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
    httpSecurity.authorizeHttpRequests(request -> {
      request.requestMatchers("/", "/api/v1/auth/**").permitAll();
      request.requestMatchers(HttpMethod.GET, "/api/v1/board/**").permitAll();
      request.anyRequest().authenticated();
    });
    httpSecurity.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
    return httpSecurity.getOrBuild();
  }
}

Before starting doing something I really recommend to read documentation about, instead of watching video about it.

how can i fix spring-security version warning

There are 1 best solutions below

Related Questions in SPRING-BOOT

Related Questions in SPRING-SECURITY

Related Questions in WEBSECURITY

Trending Questions

Popular # Hahtags

Popular Questions