Spring-Boot-Blog-REST-API icon indicating copy to clipboard operation
Spring-Boot-Blog-REST-API copied to clipboard
verified publisher icon osopromadze

Spring Security: Upgrading deprecated WebSecurityConfigurerAdapter

Open bdr0id opened this issue 3 years ago • 2 comments

SecurityConfig.java

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter{
      //is deprecated 
}

bdr0id avatar Jan 07 '23 16:01 bdr0id

Welcome @l00pinfinity to Spring-Boot-Blog-REST-API community! Thanks so much for creating your first issue :)

github-actions[bot] avatar Jan 07 '23 16:01 github-actions[bot]

you can use SecurityFilterChain instead and remove reference to WebSecurityConfigurerAdapter

@Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http .cors(Customizer.withDefaults()) .csrf(AbstractHttpConfigurer::disable) .exceptionHandling(ex -> ex.authenticationEntryPoint(unauthorizedHandler)) .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) .authorizeHttpRequests(auth -> auth .requestMatchers(HttpMethod.GET, "/api/**").permitAll() .requestMatchers(HttpMethod.POST, "/api/auth/**").permitAll() .anyRequest().authenticated() ) .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class); return http.build(); }

OmarShezan avatar Jul 06 '25 10:07 OmarShezan