在Spring Security 6.1中,SecurityConfigurerAdapter::and已被弃用删除,并鼓励客户端使用Lambda DSL:https://docs.spring.io/spring-security/reference/migration-7/configuration.html#_use_the_lambda_dsl
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests(authorize -> authorize
.requestMatchers("/blog/**").permitAll()
.anyRequest().authenticated()
)
.formLogin(formLogin -> formLogin
.loginPage("/login")
.permitAll()
)
.rememberMe(Customizer.withDefaults());
return http.build();
}
}同时,自定义DSL的文档仍然显示使用apply()-and()模式:https://docs.spring.io/spring-security/reference/servlet/configuration/java.html#jc-custom-dsls
@Configuration
@EnableWebSecurity
public class Config {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.apply(customDsl())
.flag(true)
.and()
...;
return http.build();
}
}在HttpSecurity或AbstractConfiguredSecurityBuilder中,我没有看到遵循自定义AbstractHttpConfigurer的lambda模式的机制,例如:
@Configuration
@EnableWebSecurity
public class Config {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.apply(customDsl(), custom -> custom
.flag(true)
)
...;
return http.build();
}
}因此,如果我想保留单语句方法链模式,我只能使用已弃用的and()方法,直到将来的版本为自定义DSL添加此模式的替代品。
我是不是漏了什么?
1条答案
按热度按时间qv7cva1a1#
我也有同样的问题,并在Spring Security存储库中发现了这两个问题:13436和13204。看起来会有一个新的
.with()方法来取代.apply().and()。这似乎是他们正在谈论的一个:它https://github.com/spring-projects/spring-security/blob/main/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java#L155已经是6.2.0-M1版本的一部分。编辑:找到拉取请求:https://github.com/spring-projects/spring-security/pull/13432