我有以下 Spring Security 配置:
@Bean
public SecurityWebFilterChain springSecurityFilterChain (ServerHttpSecurity http) {
http.csrf().disable()
.authorizeExchange()
.pathMatchers("/api/**")
.permitAll()
.anyExchange()
.authenticated()
.and()
.oauth2Login(); // to redirect to oauth2 login page.
http.cors().configurationSource(request-> {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("http://localhost:3000");
configuration.setAllowedMethods(Arrays.asList("GET","POST", "OPTIONS"));
configuration.setAllowedHeaders(List.of("*"));
return configuration;
});
return http.build();
}
我在 Spring Cloud 2023.0.1 中遇到多个错误:
'csrf()' is deprecated since version 6.1 and marked for removal
'authorizeExchange()' is deprecated since version 6.1 and marked for removal
'and()' is deprecated since version 6.1 and marked for removal
'oauth2Login()' is deprecated since version 6.1 and marked for removal
'cors()' is deprecated since version 6.1 and marked for removal
我尝试以这种方式迁移代码:
http.csrf(CsrfConfigurer::disable)
.authorizeExchange((authz) -> authz
.pathMatchers("/")
.permitAll()
.anyExchange()
.authenticated()
.and()
.oauth2Login() // to redirect to oauth2 login page.
);
http.cors().configurationSource(request-> {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("http://localhost:3000");
configuration.setAllowedMethods(Arrays.asList("GET","POST", "OPTIONS"));
configuration.setAllowedHeaders(List.of("*"));
return configuration;
});
我得到:
CsrfConfigurer::disable -> Non-static method cannot be referenced from a static context
'oauth2Login()' is deprecated since version 6.1 and marked for removal
您知道迁移代码的正确方法是什么吗?
只需使用默认的
Customizerimport org.springframework.security.config.Customizer;
@Bean
public SecurityWebFilterChain springSecurityFilterChain (ServerHttpSecurity http) {
return http.csrf(Customizer.withDefaults())
.oauth2Login(Customizer.withDefaults())
.authorizeExchange( auth -> /* your config */)
.build();
}