Spring Security 6 中以下代码的替代方案应该是什么?
http
.authorizeRequests()
.requestMatchers("/hub/**").access("hasPermission('SOME_LAYER', '')")
.and()
.exceptionHandling()
.accessDeniedHandler(accessDeniedHandlerClass)
.and()
.authorizeRequests()
.anyRequest().authenticated()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.NEVER);
在 Spring Security 6 中替代代码如下
@Bean
SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
return http
.authorizeHttpRequests(c->c.requestMatchers("/hub/**").access(new WebExpressionAuthorizationManager("hasPermission('SOME_LAYER', '')")).anyRequest().permitAll())
.exceptionHandling(c->c.accessDeniedHandler(accessDeniedHandlerClass))
.sessionManagement(c->c.sessionCreationPolicy(SessionCreationPolicy.NEVER))
.build();
}