0

I want to spring security of springboot projects from 5.7.3 upgraded to 6.0, but WebSecurityConfigurerAdapter is already deprecated.

    @Bean
    @Override
    protected AuthenticationManager authenticationManager() throws Exception {
        return super.authenticationManager();
    }

WebSecurityConfigurerAdapter.authenticationManager() has disappeared in 6.0

Where should I go to get the same class?

I tried to inject AuthenticationManagerBuilder to build an AuthenticationManager;

But it tells me that the authenticationManager must be specified.

Toutatis_Gc
  • 7
  • 2
  • duplicate [Spring Security: Upgrading the deprecated WebSecurityConfigurerAdapter in Spring Boot 2.7.0](https://stackoverflow.com/questions/72381114/spring-security-upgrading-the-deprecated-websecurityconfigureradapter-in-spring) – Toerktumlare Jul 07 '23 at 14:16
  • or just read any of the 1000s docs https://spring.io/blog/2022/02/21/spring-security-without-the-websecurityconfigureradapter or the official docs https://docs.spring.io/spring-security/reference/migration/index.html – Toerktumlare Jul 07 '23 at 14:19

1 Answers1

0

In the latest version of spring boot 3.1.1 WebSecurityConfigurerAdaptor, @EnableWebFluxSecurity, springSecurityFilterChain, .csrf(), ServerHttpSecurity & .pathMatchers() are deprecated so you have to change the code.

You can refer this code if you are using spring boot 3 :

@EnableWebSecurity
@Configuration
@RequiredArgsConstructor
public class SecurityConfig {

    private final UserDetailServiceImpl userDetailsService;


    private final BCryptPasswordEncoder encoder;

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {

       http.csrf(csrf -> csrf.disable())
            .authorizeRequests().
            requestMatchers("/category/add")
            .authenticated()
            .requestMatchers("/authenticate","/register").permitAll()
            .anyRequest()
            .authenticated()
            .and().exceptionHandling(ex -> ex.authenticationEntryPoint(point))
            .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
    http.addFilterBefore(filter, UsernamePasswordAuthenticationFilter.class);
    return http.build();

    }

    @Bean
    public AuthenticationManager authenticationManager() throws Exception {
        return new CustomAuthenticationManager();
    }

    @Bean
    public DaoAuthenticationProvider authenticationProvider() {
        DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
        authenticationProvider.setUserDetailsService(userDetailsService);
        authenticationProvider.setPasswordEncoder(encoder);
        return authenticationProvider;
    }
}

CustomAuthentcationManager :

public class CustomAuthenticationManager implements AuthenticationManager {

    @Autowired
    private DaoAuthenticationProvider authenticationProvider;

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        return authenticationProvider.authenticate(authentication);
    }
}
Dhruman Desai
  • 581
  • 7