Home  >  Article  >  Spring Security 6: cors() is deprecated and marked for removal

Spring Security 6: cors() is deprecated and marked for removal

WBOY
WBOYforward
2024-02-10 23:45:081328browse

php editor Yuzai tells you an important news: in Spring Security version 6, the cors() method has been deprecated and marked for deletion. The cors() method is used to handle the configuration of cross-domain resource sharing. However, in the new version, the Spring Security team decided to remove this method and introduce a more powerful cross-domain solution. This change is an important change for developers who use Spring Security, and they need to understand and upgrade their code in a timely manner to adapt to the changes in the new version.

Question content

I have the following code:

public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
    return http
            .httpBasic().disable()
            .cors().and().csrf().disable()
            .authorizeHttpRequests()
            .requestMatchers("/register")
            .permitAll()
            .and()
            .authorizeHttpRequests()
            .requestMatchers("/users")
            .hasAnyAuthority("USER", "ADMIN")
            .and().formLogin().and().build();
}

Please help me make this feature work

Workaround

According to the Migration Guide and additionally configure to the latest version, securityfilterchain should have the next body.

@Bean
  public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
    return http.csrf(AbstractHttpConfigurer::disable)
        .cors(AbstractHttpConfigurer::disable)
        .authorizeHttpRequests(request -> {
          request.requestMatchers("/register").permitAll();
          request.requestMatchers("/users")
              .hasAnyAuthority("USER", "ADMIN");
        }).formLogin(Customizer.withDefaults()).build();

  }

Please also read/check the above documentation reference. By the way, there are a lot of posts here on Stack Overflow about migrating to the latest version of the framework.

The above is the detailed content of Spring Security 6: cors() is deprecated and marked for removal. For more information, please follow other related articles on the PHP Chinese website!

Statement:
This article is reproduced at:stackoverflow.com. If there is any infringement, please contact admin@php.cn delete