我有下面的代码,我想替换authorizeRequests,因为它已被弃用
`@Bean
public SecurityFilterChain filterChain( HttpSecurity httpSecurity) throws Exception{
httpSecurity = httpSecurity.csrf().disable()
.authenticationProvider(authenticationProvider())
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests().antMatchers(GET, "/api/user/**").hasAnyAuthotity("ROLE_USER")
.and()
.addFilter(new CustomAuthenticationFilter(authManagerBuilder.getOrBuild()));
return httpSecurity.build();
}`
使用
authorizeHttpRequests(authorizeHttpRequestsCustomizer)
代替 authorizeRequests()
和 authorizeHttpRequests()
。您还可以参考 Javadoc 了解替代方案。
@Bean
public SecurityFilterChain filterChain( HttpSecurity httpSecurity) throws Exception{
httpSecurity = httpSecurity.csrf().disable()
.authenticationProvider(authenticationProvider())
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeHttpRequests((authorizeHttpRequests) ->
authorizeHttpRequests
.antMatchers(GET, "/api/user/**").hasAnyAuthotity("ROLE_USER")
)
.and()
.addFilter(new CustomAuthenticationFilter(authManagerBuilder.getOrBuild()));
return httpSecurity.build();
}
参考资料: