Spring Security upgrade to 5.7.x

tags: KeyOA-backend spring java rear end

Spring Security upgrade to 5.7.x

Problem Description

WebSecurityConfigurerAdapterClass is a class often used in Spring Security, which is used to quickly configure WebSecurity. After upgrading to version 5.7, this class was abandoned, so some APIs provided could not be used. Provide what you need to do after upgrading Spring Security.

solution

The original configuration class:

@Configuration
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.csrf().disable(); // omit other httpsecurity configuration
    }

		@Override
		public void configure(WebSecurity web) throws Exception {
				web.ignoring().antMatchers("/url");
		}
}

The original configuration class cancels inheritance`WebSecurityConfigurerAdapter`

@Configuration
public class SpringSecurityConfig {
    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.csrf().disable(); // omit other httpsecurity configuration
    }

		@Override
		public void configure(WebSecurity web) throws Exception {
				web.ignoring().antMatchers("/url");
		}
}

Re -configure HTTPSECURITY and WebSecurity

After completing the previous step, the abnormality of the Bean of the HTTPSECURITY type may not be found at runtime, so you need to add it to the original configuration class@EnableWebSecurityNote and modify the original configuration method at the same time. code show as below:

@Configuration
@EnableWebSecurity  // If you can't find the abnormality of the HTTPSECURITY type bean, add this annotation
public class SpringSecurityConfig {
    @Bean
		public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
				http.csrf().disable();
				return http.build();
		}

		@Bean
    public WebSecurityCustomizer webSecurityCustomizer() {
        return (web) -> web.ignoring().antMatchers("/url");
    }
}

Configuration`AuthenticationManager`(key step)

After completing the above steps, there may still be an error in the authenticationManager type bean that may not be found. At this time, this bean needs to be exposed. The code is as follows:

@Configuration
@EnableWebSecurity  // If you can't find the abnormality of the HTTPSECURITY type bean, add this annotation
public class SpringSecurityConfig {
    @Bean
		public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
				http.csrf().disable();
				return http.build();
		}

		@Bean
    public WebSecurityCustomizer webSecurityCustomizer() {
        return (web) -> web.ignoring().antMatchers("/url");
    }

		@Bean
		public AuthenticationManager authenticationManager(AuthenticationConfiguration configuration) throws Exception {
        return configuration.getAuthenticationManager();
    }
}

At this time, the code can run successfully and no longer report an error.

Intelligent Recommendation

Spring Security 3.2.x configuration

Securing Web Applications with Spring Security [url]http://www.ibm.com/developerworks/cn/java/j-lo-springsecurity/[/url] SpringSecurity method layer 4 ways to use [url]http://blog.csdn.net/wyabc1986/a...

Analysis of Spring Security 4.x

I. Overview Recently, using Spring security for fine-grained dynamic authority management, it took some time to sort out the process of spring security. In fact, spring security is mainly divided into...

Memo-Spring Security 4.x

2019 Unicorn Enterprise Heavy Recruitment Standards for Python Engineers >>> References Spring Security in Chinese Spring Security project Blog Spring Security Authentication Architecture Blo...

spring boot2.x configure spring security password

Database display: Get token interface: Note: Different multi-encoding methods, the following supports multi-encoding methods: ...

Token refresh interface 401 after Spring Security upgrade

Add the following content in the custom authentication server configuration class...