php editor Yuzai tells you an important news: in Spring Security version 6, the cors() method has been deprecated and marked for deletion. The cors() method is used to handle the configuration of cross-domain resource sharing. However, in the new version, the Spring Security team decided to remove this method and introduce a more powerful cross-domain solution. This change is an important change for developers who use Spring Security, and they need to understand and upgrade their code in a timely manner to adapt to the changes in the new version.
I have the following code:
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { return http .httpBasic().disable() .cors().and().csrf().disable() .authorizeHttpRequests() .requestMatchers("/register") .permitAll() .and() .authorizeHttpRequests() .requestMatchers("/users") .hasAnyAuthority("USER", "ADMIN") .and().formLogin().and().build(); }
Please help me make this feature work
According to the Migration Guide and additionally configure to the latest version, securityfilterchain
should have the next body.
@Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { return http.csrf(AbstractHttpConfigurer::disable) .cors(AbstractHttpConfigurer::disable) .authorizeHttpRequests(request -> { request.requestMatchers("/register").permitAll(); request.requestMatchers("/users") .hasAnyAuthority("USER", "ADMIN"); }).formLogin(Customizer.withDefaults()).build(); }
Please also read/check the above documentation reference. By the way, there are a lot of posts here on Stack Overflow about migrating to the latest version of the framework.
The above is the detailed content of Spring Security 6: cors() is deprecated and marked for removal. For more information, please follow other related articles on the PHP Chinese website!