0

I was using spring boot application running on version 2.x.x, now planning to upgrade the version to 3.3.0. But its throwing below error. My configuration file is as shown below but its not working, can someone please help me on this.

import com.connect.bytr.api.constants.BYTRConstants;
import com.connect.bytr.api.filters.AuthenticationFilter;
import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;

import javax.servlet.http.HttpServletResponse;

@RequiredArgsConstructor
@EnableWebSecurity
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig {

  private final AuthenticationFilter authenticationFilter;

  private final String[] AUTH_WHITELIST = {
          "/v2/api-docs",
          "/configuration/ui",
          "/configuration/security",
          "/webjars/**"
  };

  @Bean
  public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
    http.csrf()
        .disable()
        .authorizeRequests()
        .antMatchers(AUTH_WHITELIST)
        .permitAll()
        .anyRequest()
        .authenticated()
        .and()
        .exceptionHandling()
        .authenticationEntryPoint(unauthorizedEntryPoint())
        .and()
        .addFilterBefore(authenticationFilter, BasicAuthenticationFilter.class);
    return http.build();
  }

  @Bean
  public AuthenticationEntryPoint unauthorizedEntryPoint() {
    return (request, response, authException) ->
        response.sendError(HttpServletResponse.SC_UNAUTHORIZED, BYTRConstants.UNAUTHORIZED);
  }
}

Below is the error log

 warning: [removal] and() in 
AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry has been deprecated and marked for removal
                        .anyRequest().authenticated().and()

warning: [removal] exception
Handling() in HttpSecurity has been deprecated and marked for removal
                        .exceptionHandling()


 warning: [removal] and() in 
SecurityConfigurerAdapter has been deprecated and marked for removal
                        .and()

Please help me on this thank you in advance.

Improve this question

1 Answer 1

Reset to default
1

From Spring Security 5.x onwards, the and() and exceptionHandling() methods have been deprecated. This change occurred due to the redesign of Spring Security's Fluent API, which no longer recommends the previous method chaining approach.

Therefore, the code needs to be updated to align with the lambda DSL.

Spring Security

@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class SecurityConfig {

    private final AuthenticationFilter authenticationFilter;

    private final String[] AUTH_WHITELIST = {
            "/v2/api-docs",
            "/configuration/ui",
            "/configuration/security",
            "/webjars/**"
    };

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
            .csrf(AbstractHttpConfigurer::disable)
            .authorizeHttpRequests(req -> req
                    .requestMatchers(AUTH_WHITELIST).permitAll()
                    .anyRequest().authenticated()
            )
            .exceptionHandling(handling -> handling
                    .authenticationEntryPoint(unauthorizedEntryPoint())
            )
            .addFilterBefore(authenticationFilter, BasicAuthenticationFilter.class);

        return http.build();
    }

    @Bean
    public AuthenticationEntryPoint unauthorizedEntryPoint() {
        return (request, response, authException) ->
                response.sendError(HttpServletResponse.SC_UNAUTHORIZED, BYTRConstants.UNAUTHORIZED);
    }
}

For more details, please refer to the link below.

Deprecated API

Improve this answer
0

Not the answer you're looking for? Browse other questions tagged or ask your own question.