我使用的是在 2.x.x 版本上运行的 spring boot 应用程序,现在计划将版本升级到 3.3.0。但它抛出以下错误。我的配置文件如下所示,但它不起作用,有人可以帮我解决这个问题吗?
import com.connect.bytr.api.constants.BYTRConstants;
import com.connect.bytr.api.filters.AuthenticationFilter;
import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import javax.servlet.http.HttpServletResponse;
@RequiredArgsConstructor
@EnableWebSecurity
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig {
private final AuthenticationFilter authenticationFilter;
private final String[] AUTH_WHITELIST = {
"/v2/api-docs",
"/configuration/ui",
"/configuration/security",
"/webjars/**"
};
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.csrf()
.disable()
.authorizeRequests()
.antMatchers(AUTH_WHITELIST)
.permitAll()
.anyRequest()
.authenticated()
.and()
.exceptionHandling()
.authenticationEntryPoint(unauthorizedEntryPoint())
.and()
.addFilterBefore(authenticationFilter, BasicAuthenticationFilter.class);
return http.build();
}
@Bean
public AuthenticationEntryPoint unauthorizedEntryPoint() {
return (request, response, authException) ->
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, BYTRConstants.UNAUTHORIZED);
}
}
以下是错误日志
warning: [removal] and() in
AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry has been deprecated and marked for removal
.anyRequest().authenticated().and()
warning: [removal] exception
Handling() in HttpSecurity has been deprecated and marked for removal
.exceptionHandling()
warning: [removal] and() in
SecurityConfigurerAdapter has been deprecated and marked for removal
.and()
请帮助我提前谢谢您。
从 Spring Security 5.x 开始,
and()
和 exceptionHandling()
方法已被弃用。这一变化是由于 Spring Security 的 Fluent API 的重新设计而发生的,它不再推荐以前的方法链方式。
因此,需要更新代码以与 lambda DSL 保持一致。
@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class SecurityConfig {
private final AuthenticationFilter authenticationFilter;
private final String[] AUTH_WHITELIST = {
"/v2/api-docs",
"/configuration/ui",
"/configuration/security",
"/webjars/**"
};
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.csrf(AbstractHttpConfigurer::disable)
.authorizeHttpRequests(req -> req
.requestMatchers(AUTH_WHITELIST).permitAll()
.anyRequest().authenticated()
)
.exceptionHandling(handling -> handling
.authenticationEntryPoint(unauthorizedEntryPoint())
)
.addFilterBefore(authenticationFilter, BasicAuthenticationFilter.class);
return http.build();
}
@Bean
public AuthenticationEntryPoint unauthorizedEntryPoint() {
return (request, response, authException) ->
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, BYTRConstants.UNAUTHORIZED);
}
}
欲了解更多详情,请参阅以下链接。