본문 바로가기
IT/Spring

security 6.1 마이그레이션

by 봉즙 2023. 5. 19.

spring boot 3.1 로 변경하면서 

security에 deprecated 된 코드들이 있다.

예시는 아래와 같으며 수정을 원하는 경우 configurer 를 사용하면되며

기존 설정은  Customizer.withDefaults() 을 사용하면된다.

 

# 기존 코드 

    public SecurityFilterChain filterChain(final @NotNull HttpSecurity http) throws Exception {
        http
                .httpBasic().disable()
                .csrf().disable()
                .cors().and()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .authorizeHttpRequests(authorize ->
                        authorize
                           .requestMatchers("/actuator/**", "/swagger-ui/**", "/sign/**",
                                        "/api-docs/swagger-config", "/sign-in", "/sign-up").permitAll()
                                .requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
                )
                .exceptionHandling().authenticationEntryPoint(new CustomAuthenticationEntryPoint())
                .and()
                .exceptionHandling().accessDeniedHandler(new CustomAccessDeniedHandler())
                .and()
                .addFilterBefore(new JwtAuthenticationFilter(this.userDetailsService, this.jwtTokenResolver),
                        UsernamePasswordAuthenticationFilter.class);
        return http.build();

 

 

# 변경

    @Bean
    public SecurityFilterChain filterChain(final @NotNull HttpSecurity http) throws Exception {
        http.httpBasic(HttpBasicConfigurer::disable)
                .csrf(CsrfConfigurer::disable)
                .cors(Customizer.withDefaults())
                .sessionManagement(configurer -> configurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                .authorizeHttpRequests(authorize ->
                        authorize
                                .requestMatchers("/actuator/**", "/swagger-ui/**", "/sign/**",
                                        "/api-docs/swagger-config", "/sign-in", "/sign-up").permitAll()
                                .requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
                )
                .exceptionHandling(authenticationManager -> authenticationManager
                        .authenticationEntryPoint(new CustomAuthenticationEntryPoint())
                        .accessDeniedHandler(new CustomAccessDeniedHandler()))
                .addFilterBefore(new JwtAuthenticationFilter(this.userDetailsService, this.jwtTokenResolver),
                        UsernamePasswordAuthenticationFilter.class);
        return http.build();
    }
저작자표시 비영리 변경금지

'IT > Spring' 카테고리의 다른 글

Private Method Test 하기  (0) 2023.09.14
Annotation Bean register  (0) 2023.09.07
Base64Utils Deprecated  (0) 2023.02.28
static 으로 Bean 주입  (0) 2023.02.28
response null 인경우 생략  (0) 2023.02.28

관련글

댓글

티스토리툴바