From 2b05d5dece48c976dd3a53371abfb53576a2dc9b Mon Sep 17 00:00:00 2001 From: Marcus Da Coregio Date: Tue, 11 Apr 2023 15:27:47 -0300 Subject: [PATCH] Document in the reference how to migrate to lambda Closes gh-12628 --- docs/modules/ROOT/nav.adoc | 2 + .../ROOT/pages/migration-7/configuration.adoc | 116 ++++++++++++++++++ .../modules/ROOT/pages/migration-7/index.adoc | 8 ++ 3 files changed, 126 insertions(+) create mode 100644 docs/modules/ROOT/pages/migration-7/configuration.adoc create mode 100644 docs/modules/ROOT/pages/migration-7/index.adoc diff --git a/docs/modules/ROOT/nav.adoc b/docs/modules/ROOT/nav.adoc index cb4559cc31..c5db68ab81 100644 --- a/docs/modules/ROOT/nav.adoc +++ b/docs/modules/ROOT/nav.adoc @@ -2,6 +2,8 @@ * xref:prerequisites.adoc[Prerequisites] * xref:community.adoc[Community] * xref:whats-new.adoc[What's New] +* xref:migration-7/index.adoc[Preparing for 7.0] +** xref:migration-7/configuration.adoc[Configuration] * xref:migration/index.adoc[Migrating to 6.0] ** xref:migration/servlet/index.adoc[Servlet Migrations] *** xref:migration/servlet/session-management.adoc[Session Management] diff --git a/docs/modules/ROOT/pages/migration-7/configuration.adoc b/docs/modules/ROOT/pages/migration-7/configuration.adoc new file mode 100644 index 0000000000..acff200270 --- /dev/null +++ b/docs/modules/ROOT/pages/migration-7/configuration.adoc @@ -0,0 +1,116 @@ += Configuration Migrations + +The following steps relate to changes around how to configure `HttpSecurity`, `WebSecurity` and related components. + +== Use the Lambda DSL + +The Lambda DSL is present in Spring Security since version 5.2, and it allows HTTP security to be configured using lambdas. + +The prior configuration style will not be valid in Spring Security 7 where the usage of the Lambda DSL will be required. + +You may have seen this style of configuration in the Spring Security documentation or samples. +Let us take a look at how a lambda configuration of HTTP security compares to the previous configuration style. + +==== +[source,java] +.Configuration using lambdas +---- +@Configuration +@EnableWebSecurity +public class SecurityConfig { + + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + http + .authorizeHttpRequests(authorize -> authorize + .requestMatchers("/blog/**").permitAll() + .anyRequest().authenticated() + ) + .formLogin(formLogin -> formLogin + .loginPage("/login") + .permitAll() + ) + .rememberMe(Customizer.withDefaults()); + + return http.build(); + } +} +---- +==== + +==== +[source,java] +.Equivalent configuration without using lambdas +---- +@Configuration +@EnableWebSecurity +public class SecurityConfig { + + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + http + .authorizeHttpRequests() + .requestMatchers("/blog/**").permitAll() + .anyRequest().authenticated() + .and() + .formLogin() + .loginPage("/login") + .permitAll() + .and() + .rememberMe(); + + return http.build(); + } +} +---- +==== + +=== Lambda DSL Configuration Tips + +When comparing the two samples above, you will notice some key differences: + +- In the Lambda DSL there is no need to chain configuration options using the `.and()` method. +The `HttpSecurity` instance is automatically returned for further configuration after the call to the lambda method. + +- `Customizer.withDefaults()` enables a security feature using the defaults provided by Spring Security. +This is a shortcut for the lambda expression `it -> {}`. + +=== WebFlux Security + +You may also configure WebFlux security using lambdas in a similar manner. +Below is an example configuration using lambdas. + +==== +[source,java] +.WebFlux configuration using lambdas +---- +@Configuration +@EnableWebFluxSecurity +public class SecurityConfig { + + @Bean + public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) { + http + .authorizeExchange(exchanges -> exchanges + .pathMatchers("/blog/**").permitAll() + .anyExchange().authenticated() + ) + .httpBasic(Customizer.withDefaults()) + .formLogin(formLogin -> formLogin + .loginPage("/login") + ); + + return http.build(); + } + +} +---- +==== + +=== Goals of the Lambda DSL + +The Lambda DSL was created to accomplish to following goals: + +- Automatic indentation makes the configuration more readable. +- The is no need to chain configuration options using `.and()` +- The Spring Security DSL has a similar configuration style to other Spring DSLs such as Spring Integration and Spring Cloud Gateway. diff --git a/docs/modules/ROOT/pages/migration-7/index.adoc b/docs/modules/ROOT/pages/migration-7/index.adoc new file mode 100644 index 0000000000..ac2ef5f5e0 --- /dev/null +++ b/docs/modules/ROOT/pages/migration-7/index.adoc @@ -0,0 +1,8 @@ +[[preparing]] += Preparing for 7.0 + +While Spring Security 7.0 does not have a release date yet, it is important to start preparing for it now. + +This preparation guide is designed to summarize the biggest changes in Spring Security 7.0 and provide steps to prepare for them. + +It is important to keep your application up to date with the latest Spring Security 6 and Spring Boot 3 releases.