php editor Yuzai tells you an important news: in Spring Security version 6, the cors() method has been deprecated and marked for deletion. The cors() method is used to handle the configuration of cross-domain resource sharing. However, in the new version, the Spring Security team decided to remove this method and introduce a more powerful cross-domain solution. This change is an important change for developers who use Spring Security, and they need to understand and upgrade their code in a timely manner to adapt to the changes in the new version.
I have the following code:
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
return http
.httpBasic().disable()
.cors().and().csrf().disable()
.authorizeHttpRequests()
.requestMatchers("/register")
.permitAll()
.and()
.authorizeHttpRequests()
.requestMatchers("/users")
.hasAnyAuthority("USER", "ADMIN")
.and().formLogin().and().build();
}Please help me make this feature work
According to the Migration Guide and additionally configure to the latest version, securityfilterchain should have the next body.
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
return http.csrf(AbstractHttpConfigurer::disable)
.cors(AbstractHttpConfigurer::disable)
.authorizeHttpRequests(request -> {
request.requestMatchers("/register").permitAll();
request.requestMatchers("/users")
.hasAnyAuthority("USER", "ADMIN");
}).formLogin(Customizer.withDefaults()).build();
}Please also read/check the above documentation reference. By the way, there are a lot of posts here on Stack Overflow about migrating to the latest version of the framework.
The above is the detailed content of Spring Security 6: cors() is deprecated and marked for removal. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
