Merge pull request #29 from pavelfomin/feature/web-security-deprecate…

…d-api Remove deprecated spring security api usage
pavelfomin · Oct 27, 2023 · 2fb7013 · 2fb7013
2 parents 3a6e76c + baf61d7
commit 2fb7013
Showing 1 changed file with 7 additions and 7 deletions.
diff --git a/src/main/java/com/droidablebee/springboot/rest/config/WebSecurityConfig.java b/src/main/java/com/droidablebee/springboot/rest/config/WebSecurityConfig.java
@@ -4,7 +4,7 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.Customizer;
-import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
@@ -15,7 +15,7 @@
 
 @Configuration
 @EnableWebSecurity
-@EnableGlobalMethodSecurity(prePostEnabled = true)
+@EnableMethodSecurity
 public class WebSecurityConfig {
 
  @Value("${app.security.ignore:/swagger/**, /swagger-resources/**, /swagger-ui/**, /swagger-ui.html, /webjars/**, /v3/api-docs/**, /actuator/info}")
@@ -25,16 +25,16 @@ public class WebSecurityConfig {
  public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 
  http
-  .csrf(AbstractHttpConfigurer::disable)
-  .authorizeRequests()
+ .csrf(AbstractHttpConfigurer::disable)
+ .authorizeHttpRequests(customizer -> customizer
  //make sure principal is created for the health endpoint to verify the role
  .requestMatchers(new AntPathRequestMatcher("/actuator/health"))
  .permitAll()
  .anyRequest()
  .authenticated()
-  .and()
-  .oauth2ResourceServer((configurer) -> configurer.jwt(Customizer.withDefaults()))
-  .sessionManagement((s) -> s.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
+ )
+ .oauth2ResourceServer((configurer) -> configurer.jwt(Customizer.withDefaults()))
+ .sessionManagement((s) -> s.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
 
  return http.build();
  }