Spring Boot v3 迁移后弃用了 .csrf() 和 .requiresChannel() 方法

Question

Spring Boot v3 迁移后弃用了 .csrf() 和 .requiresChannel() 方法

Ale*_*Pap 4 java spring spring-mvc spring-data-jpa spring-boot

正如我们所说，我尝试将旧项目迁移到最新版本的 Spring Boot（又名 3.1.2）。但是，由于弃用，以下代码段的 .csrf() 和 .requiresChannel() 方法不再起作用。

我找不到替代它们的方法。你能帮我吗？

@Configuration
@EnableWebSecurity
public class ApplicationSecurityConfig {

    private final ApplicationUserService applicationUserService;

    private final BCryptPasswordEncoder bCryptPasswordEncoder;

    public ApplicationSecurityConfig(
            ApplicationUserService applicationUserService,
            BCryptPasswordEncoder bCryptPasswordEncoder) {
        this.applicationUserService = applicationUserService;
        this.bCryptPasswordEncoder = bCryptPasswordEncoder;
    }

    @Bean
    protected SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
                .csrf().disable()
                .requiresChannel()
                    .antMatchers("/actuator/**")
                    .requiresInsecure()
                .and()
                .authorizeRequests()
                    .antMatchers(
                            "/api/v*/registration/**",
                            "/register*",
                            "/login",
                            "/actuator/**").permitAll()
                    .anyRequest()
                    .authenticated()
                    .and()
                .formLogin()
                    .loginPage("/login")
                    .usernameParameter("email")
                    .permitAll()
                    .defaultSuccessUrl("/",true)
                    .failureUrl("/login-error")
                .and()
                .logout()
                    .logoutUrl("/logout")
                    .clearAuthentication(true)
                    .invalidateHttpSession(true)
                    .deleteCookies("JSESSIONID","Idea-2e8e7cee")
                    .logoutSuccessUrl("/login");

        return http.build();
    }

    @Bean
    public AuthenticationManager authenticationManager(
            AuthenticationConfiguration authenticationConfiguration) throws Exception {
        return authenticationConfiguration.getAuthenticationManager();
    }

    @Bean
    public DaoAuthenticationProvider daoAuthenticationProvider() {
        DaoAuthenticationProvider provider =
                new DaoAuthenticationProvider();
        provider.setPasswordEncoder(bCryptPasswordEncoder);
        provider.setUserDetailsService(applicationUserService);
        return provider;
    }
}

Run Code Online (Sandbox Code Playgroud)

Answer 1

And*_*isa 6

的实施filterChain将有下一个主体，但要了解更多详细信息和更多信息，为什么要这样做。您必须查看迁移指南，它是关于配置步骤的，也关于总体更改的，您可以在此处找到Servlet 迁移

  @Bean
  public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
    http.csrf(AbstractHttpConfigurer::disable);
    http.requiresChannel(c -> c.requestMatchers("/actuator/**").requiresInsecure());
    http.authorizeHttpRequests(request -> {
              request.requestMatchers(
              "/api/v*/registration/**",
              "/register*",
              "/login",
              "/actuator/**").permitAll();
              request.anyRequest().authenticated();
        });
    http.formLogin(fL -> fL.loginPage("/login")
            .usernameParameter("email").permitAll()
            .defaultSuccessUrl("/", true)
            .failureUrl("/login-error"));
    http.logout(logOut -> logOut.logoutUrl("/logout")
            .clearAuthentication(true)
            .invalidateHttpSession(true)
            .deleteCookies("JSESSIONID","Idea-2e8e7cee")
            .logoutSuccessUrl("/login"))

    return http.build();
  }

Run Code Online (Sandbox Code Playgroud)

归档时间：	2 年，6 月前
查看次数：	3182 次
最近记录：	2 年，2 月前