php editor Yuzai tells you an important news: in Spring Security version 6, the cors() method has been deprecated and marked for deletion. The cors() method is used to handle the configuration of cross-domain resource sharing. However, in the new version, the Spring Security team decided to remove this method and introduce a more powerful cross-domain solution. This change is an important change for developers who use Spring Security, and they need to understand and upgrade their code in a timely manner to adapt to the changes in the new version.
Question content
I have the following code:
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
return http
.httpBasic().disable()
.cors().and().csrf().disable()
.authorizeHttpRequests()
.requestMatchers("/register")
.permitAll()
.and()
.authorizeHttpRequests()
.requestMatchers("/users")
.hasAnyAuthority("USER", "ADMIN")
.and().formLogin().and().build();
}
Please help me make this feature work
Workaround
According to the Migration Guide and additionally configure to the latest version, securityfilterchain should have the next body.
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
return http.csrf(AbstractHttpConfigurer::disable)
.cors(AbstractHttpConfigurer::disable)
.authorizeHttpRequests(request -> {
request.requestMatchers("/register").permitAll();
request.requestMatchers("/users")
.hasAnyAuthority("USER", "ADMIN");
}).formLogin(Customizer.withDefaults()).build();
}
Please also read/check the above documentation reference. By the way, there are a lot of posts here on Stack Overflow about migrating to the latest version of the framework.
The above is the detailed content of Spring Security 6: cors() is deprecated and marked for removal. For more information, please follow other related articles on the PHP Chinese website!
Spring Security 6:cors() 已弃用并标记为删除Feb 10, 2024 pm 11:45 PM我有下面的代码:publicSecurityFilterChainsecurityFilterChain(HttpSecurityhttp)throwsException{returnhttp.httpBasic().disable().cors().and().csrf().disable().authorizeHttpRequests().requestMatchers("
如何使用Java开发一个基于Spring Security SAML的单点登录系统Sep 22, 2023 am 08:49 AM如何使用Java开发一个基于SpringSecuritySAML的单点登录系统引言:随着互联网的快速发展,越来越多的应用程序被开发出来。在这些应用程序中,用户登录是最常见的功能之一。然而,对于企业级应用程序,用户需要在多个系统中进行登录,这将导致用户的登录体验非常糟糕。为了解决这个问题,单点登录系统(SingleSign-On,简称SSO)应运而生。简
使用 ucontext 的 Golang+CGO 在使用不同堆栈时因 SIGSEGV 或 SIGTRAP 崩溃(故意)崩溃Feb 09, 2024 pm 12:15 PM我目前正在编写Golang+CGO程序,并将在CGO中使用posixucontext。由于我所有的核心逻辑都将在ucontext的bind函数中,所以我们应该捕获所有错误的代码。我通过访问空指针来测试它,这给了我完全不同的行为,所有这些行为都取决于ucontext使用的堆栈位置。以下是带有简化示例的更多详细信息。如果我在线程的堆栈上分配ucontext堆栈,它将触发SIGSEGV。但如果我在堆上分配它,它会首先触发SIGSEGV,然后在调用morestack_noctxt时触发SIGT
如何解决C++运行时错误:'stack overflow'?Aug 25, 2023 pm 10:00 PM如何解决C++运行时错误:'stackoverflow'在C++程序中,当递归层数过深或者程序使用的内存超出栈的容量会导致运行时错误"stackoverflow"。这种错误发生时,程序会崩溃,并且很难找出具体的原因。本文将介绍一些解决'stackoverflow'错误的方法,并提供一些代码示例。运行时错误"stackoverflow"的主要原因是栈内
GO 验证访问令牌(keycloak)Feb 09, 2024 am 09:30 AM我正在尝试使用GO实现访问令牌验证。但我在网上看到的例子似乎只是用TOKEN_SECRET来验证它。但是我习惯了在Javaspring中编程,并且不需要使用TOKEN_SECRET。我只是提供jwk-set-uri,它会检查有效性(自动-安全过滤器等),我知道它与oauth服务器通信并进行此验证。Go中是否没有库可以通过向oauth服务器发出请求来检查令牌是否有效?我知道我知道我可以通过向oauth服务器的用户信息端点发出请求来手动进行此操作:http://localh
C++ 函数对程序性能有哪些影响?Apr 12, 2024 am 09:39 AM函数对C++程序性能的影响包括函数调用开销、局部变量和对象分配开销:函数调用开销:包括堆栈帧分配、参数传递和控制权转移,对小函数影响显著。局部变量和对象分配开销:大量局部变量或对象创建和销毁会导致堆栈溢出和性能下降。
Spring Security权限控制框架使用指南Feb 18, 2024 pm 05:00 PM在后台管理系统中,通常需要访问权限控制,以限制不同用户对接口的访问能力。如果用户缺乏特定权限,则无法访问某些接口。本文将用waynboot-mall项目举例,给大家介绍常见后管系统如何引入权限控制框架SpringSecurity。大纲如下:waynboot-mall项目地址:https://github.com/wayn111/waynboot-mall一、什么是SpringSecuritySpringSecurity是一个基于Spring框架的开源项目,旨在为Java应用程序提供强大和灵活的安
如何使用Java开发一个基于Spring Security OAuth2的单点登录系统Sep 20, 2023 pm 01:06 PM如何使用Java开发一个基于SpringSecurityOAuth2的单点登录系统引言:随着互联网的高速发展,越来越多的网站和应用程序需要用户进行登录,而用户却不希望为每个网站或应用程序都记住一个账号和密码。单点登录系统(SingleSign-On,简称SSO)能够解决这个问题,允许用户在一次登录后,无需重复认证就可以访问多个网站和应用程序。本文将介绍
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Dreamweaver Mac version
Visual web development tools
MantisBT
Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.
PhpStorm Mac version
The latest (2018.2.1) professional PHP integrated development tool
SublimeText3 Chinese version
Chinese version, very easy to use
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
