Spring更新了,authorizeRequests被废弃了,antMatchers被删除了。有人能展示一下SpringSecurity应该是什么样子的吗?
@Configuration
@EnableWebSecurity
@EnableMethodSecurity(prePostEnabled = false, securedEnabled = true)
public class SecurityConfig {
private final PersonDetailsService personDetailsService;
@Autowired
public SecurityConfig(PersonDetailsService personDetailsService) {
this.personDetailsService = personDetailsService;
}
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
return authenticationConfiguration.getAuthenticationManager();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable().authorizeHttpRequests(authorize -> authorize
.requestMatchers("/, /login, /signup, /logout").permitAll()
.requestMatchers("/api").hasRole("ADMIN")
.requestMatchers("/user").hasRole("USER")
.anyRequest().authenticated())
.logout().logoutUrl("/logout").logoutSuccessUrl("/").and()
.formLogin().loginPage("/login").loginProcessingUrl("/login").defaultSuccessUrl("/user").failureUrl("/login?error");
return http.build();
}
}
阅读文档、堆栈溢出等没有找到解决方案。
1条答案
按热度按时间5ktev3wc1#
您可以使用
authorizeHttpRequests
代替authorizeRequests
,也可以使用requestMatchers
代替antMatchers
。例如: