본문 바로가기
공부/에러노트

[Spring] WebSecurityConfigurerAdapter Deprecated

aerhergag0 2024. 1. 16. 00:59

 

https://spring.io/blog/2022/02/21/spring-security-without-the-websecurityconfigureradapter/

 

Spring Security without the WebSecurityConfigurerAdapter

In Spring Security 5.7.0-M2 we deprecated the WebSecurityConfigurerAdapter, as we encourage users to move towards a component-based security configuration. To assist with the transition to this new style of configuration, we have compiled a list of common

spring.io

 

WebSecurityConfigurerAdapter를 상속받아 설정하는 방식이 Deprecated되었다.

 

마이그레이션시 참고할것

 

 

구 방식 예시

@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .cors()
            .and()
            .csrf().disable()
            .httpBasic().disable()
            .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and()
            .authorizeRequests()
             .antMatchers("/","/ex/**").permitAll()
             .anyRequest()
             .authenticated()
            .exceptionHandling().authenticationEntryPoint(new CustomAuthenticationEntryPoint())
             .and()
             .exceptionHandling().accessDeniedHandler(new CustomAccessDeniedHandler())
             .and()
             .addFilterBefore(new JwtAuthenticationFilter(this.userDetailsService, this.jwtTokenResolver),
              UsernamePasswordAuthenticationFilter.class)
            .addFilterAfter(jwtAuthenticationFilter, CorsFilter.class);
    }

}

 

 

Spring Security 6 이후 예시

 

@Bean
public SecurityFilterChain filterChain(final @NotNull HttpSecurity http) throws Exception {
		http	
			.cors(Customizer.withDefaults()) // 기본설정시 Customizer.withDefaults() 을 사용
			.csrf(CsrfConfigurer::disable)
			.httpBasic(HttpBasicConfigurer::disable)
			.sessionManagement(sessionManagement -> sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
			.authorizeHttpRequests(authorizeRequests -> authorizeRequests
				.requestMatchers("/", "/ex/**").permitAll()
				.anyRequest().authenticated())
        		.exceptionHandling(authenticationManager -> authenticationManager
                     		.authenticationEntryPoint(new CustomAuthenticationEntryPoint())
                     		.accessDeniedHandler(new CustomAccessDeniedHandler()))
        		.addFilterAfter(jwtAuthenticationFilter, CorsFilter.class);

		return http.build();
	}

'공부 > 에러노트' 카테고리의 다른 글

[PowerShell] powershell script SecurityError UnauthorizedAccess  (0) 2024.01.17
[Node.js] nvm설치후 버전변경  (0) 2024.01.17
[Spring] Jwt 의존성 설정 오류 : UnknownClassException  (0) 2024.01.15
JPA Entity Column을 카멜케이스로 변경하기  (0) 2023.04.20
[IntelliJ] attempt to recreate a file for type qclass 에러  (0) 2023.01.13

'공부/에러노트' Related Articles

티스토리툴바