Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Explain the rational about deprecating .and() and non-lambda DSL methods 

Closes gh-13094
This commit is contained in:
Marcus Da Coregio 2023-04-26 14:49:40 -03:00
parent 07b884a2cb
commit 8481374ce7
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
docs/modules/ROOT/pages/migration-7/configuration.adoc
View File

@ -6,8 +6,6 @@ The following steps relate to changes around how to configure `HttpSecurity`, `W
The Lambda DSL is present in Spring Security since version 5.2, and it allows HTTP security to be configured using lambdas.
The prior configuration style will not be valid in Spring Security 7 where the usage of the Lambda DSL will be required.
You may have seen this style of configuration in the Spring Security documentation or samples.
Let us take a look at how a lambda configuration of HTTP security compares to the previous configuration style.
@ -65,6 +63,16 @@ public class SecurityConfig {
----
====
The Lambda DSL is the preferred way to configure Spring Security, the prior configuration style will not be valid in Spring Security 7 where the usage of the Lambda DSL will be required.
This has been done mainly for a couple of reasons:
- The previous way it was not clear what object was getting configured without knowing what the return type was.
The deeper the nesting the more confusing it became.
Even experienced users would think that their configuration was doing one thing when in fact, it was doing something else.
- Consistency.
Many code bases switched between the two styles which caused inconsistencies that made understanding the configuration difficult and often led to misconfigurations.
=== Lambda DSL Configuration Tips
When comparing the two samples above, you will notice some key differences: