更新到最新的Spring Security -替换过时的方法

o2g1uqev  于 2023-08-04  发布在  Spring
关注(0)|答案(1)|浏览(325)

我正在尝试删除下面那些不推荐的方法(csrf()、authorizeHttpRequests()、sessionManagement())。我怎么才能写这段代码呢?
代码如下:

@Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        return http.csrf().disable()
                .authorizeHttpRequests()
                .requestMatchers("/api/**", "/signup/", "/signin/").permitAll()
                .and()
                .authorizeHttpRequests().requestMatchers("/api/search/", "/api/profile/", "/signout/").authenticated()
                .and()
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .authenticationProvider(authenticationProvider())
                .addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class).build();
                //telling spring boot to use my own class JwtAuthFilter first before using your filter with username and password

    }

字符串
IDE is generating errors for csrf(), authorizeHttpRequests(), sessionManagement()

  • 我能直接移除脑脊液吗我有一个前端react应用程序与我的Sping Boot 后端连接。
  • 我可以使用authorizeRequests()而不是authorizeHttpRequests()吗
  • 我应该使用什么来代替sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
bvhaajcl

bvhaajcl1#

您的SecurityFilterChain Bean将如下所示:

@Bean
  public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
    http.csrf(AbstractHttpConfigurer::disable);
    http.authorizeHttpRequests(rQ -> {
           rQ.requestMatchers("/api/**", "/signup/", "/signin/").permitAll();
           rQ.requestMatchers("/api/search/", "/api/profile/", "/signout/").authenticated();
         });
    http.sessionManagement(sessionAuthenticationStrategy ->
        sessionAuthenticationStrategy.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
    http.authenticationProvider(authenticationProvider());
    http.addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class);
    return http.build();
  }

字符串
Migration Guide

相关问题