我正在尝试删除下面那些不推荐的方法(csrf()、authorizeHttpRequests()、sessionManagement())。我怎么才能写这段代码呢?
代码如下:
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
return http.csrf().disable()
.authorizeHttpRequests()
.requestMatchers("/api/**", "/signup/", "/signin/").permitAll()
.and()
.authorizeHttpRequests().requestMatchers("/api/search/", "/api/profile/", "/signout/").authenticated()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authenticationProvider(authenticationProvider())
.addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class).build();
//telling spring boot to use my own class JwtAuthFilter first before using your filter with username and password
}
字符串
IDE is generating errors for csrf(), authorizeHttpRequests(), sessionManagement()
- 我能直接移除脑脊液吗我有一个前端react应用程序与我的Sping Boot 后端连接。
- 我可以使用authorizeRequests()而不是authorizeHttpRequests()吗
- 我应该使用什么来代替sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
1条答案
按热度按时间bvhaajcl1#
您的SecurityFilterChain Bean将如下所示:
字符串
Migration Guide