Document in the reference how to migrate to lambda
Closes gh-12628
This commit is contained in:
Marcus Da Coregio
Marcus Hert Da Coregio
parent
9f6a879043
commit
2b05d5dece
|
|
@ -2,6 +2,8 @@
|
||||||
* xref:prerequisites.adoc[Prerequisites]
|
* xref:prerequisites.adoc[Prerequisites]
|
||||||
* xref:community.adoc[Community]
|
* xref:community.adoc[Community]
|
||||||
* xref:whats-new.adoc[What's New]
|
* xref:whats-new.adoc[What's New]
|
||||||
|
* xref:migration-7/index.adoc[Preparing for 7.0]
|
||||||
|
** xref:migration-7/configuration.adoc[Configuration]
|
||||||
* xref:migration/index.adoc[Migrating to 6.0]
|
* xref:migration/index.adoc[Migrating to 6.0]
|
||||||
** xref:migration/servlet/index.adoc[Servlet Migrations]
|
** xref:migration/servlet/index.adoc[Servlet Migrations]
|
||||||
*** xref:migration/servlet/session-management.adoc[Session Management]
|
*** xref:migration/servlet/session-management.adoc[Session Management]
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,116 @@
|
||||||
|
= Configuration Migrations
|
||||||
|
|
||||||
|
The following steps relate to changes around how to configure `HttpSecurity`, `WebSecurity` and related components.
|
||||||
|
|
||||||
|
== Use the Lambda DSL
|
||||||
|
|
||||||
|
The Lambda DSL is present in Spring Security since version 5.2, and it allows HTTP security to be configured using lambdas.
|
||||||
|
|
||||||
|
The prior configuration style will not be valid in Spring Security 7 where the usage of the Lambda DSL will be required.
|
||||||
|
|
||||||
|
You may have seen this style of configuration in the Spring Security documentation or samples.
|
||||||
|
Let us take a look at how a lambda configuration of HTTP security compares to the previous configuration style.
|
||||||
|
|
||||||
|
====
|
||||||
|
[source,java]
|
||||||
|
.Configuration using lambdas
|
||||||
|
----
|
||||||
|
@Configuration
|
||||||
|
@EnableWebSecurity
|
||||||
|
public class SecurityConfig {
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||||
|
http
|
||||||
|
.authorizeHttpRequests(authorize -> authorize
|
||||||
|
.requestMatchers("/blog/**").permitAll()
|
||||||
|
.anyRequest().authenticated()
|
||||||
|
)
|
||||||
|
.formLogin(formLogin -> formLogin
|
||||||
|
.loginPage("/login")
|
||||||
|
.permitAll()
|
||||||
|
)
|
||||||
|
.rememberMe(Customizer.withDefaults());
|
||||||
|
|
||||||
|
return http.build();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
----
|
||||||
|
====
|
||||||
|
|
||||||
|
====
|
||||||
|
[source,java]
|
||||||
|
.Equivalent configuration without using lambdas
|
||||||
|
----
|
||||||
|
@Configuration
|
||||||
|
@EnableWebSecurity
|
||||||
|
public class SecurityConfig {
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||||
|
http
|
||||||
|
.authorizeHttpRequests()
|
||||||
|
.requestMatchers("/blog/**").permitAll()
|
||||||
|
.anyRequest().authenticated()
|
||||||
|
.and()
|
||||||
|
.formLogin()
|
||||||
|
.loginPage("/login")
|
||||||
|
.permitAll()
|
||||||
|
.and()
|
||||||
|
.rememberMe();
|
||||||
|
|
||||||
|
return http.build();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
----
|
||||||
|
====
|
||||||
|
|
||||||
|
=== Lambda DSL Configuration Tips
|
||||||
|
|
||||||
|
When comparing the two samples above, you will notice some key differences:
|
||||||
|
|
||||||
|
- In the Lambda DSL there is no need to chain configuration options using the `.and()` method.
|
||||||
|
The `HttpSecurity` instance is automatically returned for further configuration after the call to the lambda method.
|
||||||
|
|
||||||
|
- `Customizer.withDefaults()` enables a security feature using the defaults provided by Spring Security.
|
||||||
|
This is a shortcut for the lambda expression `it -> {}`.
|
||||||
|
|
||||||
|
=== WebFlux Security
|
||||||
|
|
||||||
|
You may also configure WebFlux security using lambdas in a similar manner.
|
||||||
|
Below is an example configuration using lambdas.
|
||||||
|
|
||||||
|
====
|
||||||
|
[source,java]
|
||||||
|
.WebFlux configuration using lambdas
|
||||||
|
----
|
||||||
|
@Configuration
|
||||||
|
@EnableWebFluxSecurity
|
||||||
|
public class SecurityConfig {
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||||
|
http
|
||||||
|
.authorizeExchange(exchanges -> exchanges
|
||||||
|
.pathMatchers("/blog/**").permitAll()
|
||||||
|
.anyExchange().authenticated()
|
||||||
|
)
|
||||||
|
.httpBasic(Customizer.withDefaults())
|
||||||
|
.formLogin(formLogin -> formLogin
|
||||||
|
.loginPage("/login")
|
||||||
|
);
|
||||||
|
|
||||||
|
return http.build();
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
----
|
||||||
|
====
|
||||||
|
|
||||||
|
=== Goals of the Lambda DSL
|
||||||
|
|
||||||
|
The Lambda DSL was created to accomplish to following goals:
|
||||||
|
|
||||||
|
- Automatic indentation makes the configuration more readable.
|
||||||
|
- The is no need to chain configuration options using `.and()`
|
||||||
|
- The Spring Security DSL has a similar configuration style to other Spring DSLs such as Spring Integration and Spring Cloud Gateway.
|
||||||
|
|
@ -0,0 +1,8 @@
|
||||||
|
[[preparing]]
|
||||||
|
= Preparing for 7.0
|
||||||
|
|
||||||
|
While Spring Security 7.0 does not have a release date yet, it is important to start preparing for it now.
|
||||||
|
|
||||||
|
This preparation guide is designed to summarize the biggest changes in Spring Security 7.0 and provide steps to prepare for them.
|
||||||
|
|
||||||
|
It is important to keep your application up to date with the latest Spring Security 6 and Spring Boot 3 releases.
|
||||||
Loading…
Reference in New Issue