-
ElementDescriptionFor removal in 7.0. Use the lambda based configuration instead.For removal in 7.0. Use
HttpSecurity.anonymous(Customizer)
oranonymous(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.authorizeHttpRequests(Customizer)
insteadFor removal in 7.0. UseHttpSecurity.cors(Customizer)
orcors(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.csrf(Customizer)
orcsrf(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.exceptionHandling(Customizer)
orexceptionHandling(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.formLogin(Customizer)
orformLogin(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.headers(Customizer)
orheaders(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.httpBasic(Customizer)
orhttpBasic(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.jee(Customizer)
orjee(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.logout(Customizer)
orlogout(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.oauth2Client(Customizer)
oroauth2Client(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.oauth2Login(Customizer)
oroauth2Login(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.oauth2ResourceServer(Customizer)
insteadFor removal in 7.0. UseHttpSecurity.portMapper(Customizer)
orportMapper(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.rememberMe(Customizer)
orrememberMe(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.requestCache(Customizer)
orrequestCache(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.Use the lambda based configuration instead. For example:@Configuration @EnableWebSecurity public class SecurityConfig { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http .securityMatchers((matchers) -> matchers .requestMatchers("/api/**") ) .authorizeHttpRequests((authorize) -> authorize .anyRequest().hasRole("USER") ) .httpBasic(Customizer.withDefaults()); return http.build(); } }
For removal in 7.0. UseHttpSecurity.requiresChannel(Customizer)
orrequiresChannel(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.saml2Login(Customizer)
orsaml2Login(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.saml2Logout(Customizer)
orsaml2Logout(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.saml2Metadata(Customizer)
orsaml2Metadata(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.securityContext(Customizer)
orsecurityContext(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.securityMatchers(Customizer)
orsecurityMatchers(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.servletApi(Customizer)
orservletApi(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.sessionManagement(Customizer)
orsessionManagement(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.x509(Customizer)
orx509(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. Use the lambda based configuration instead.Permit access to theDispatcherType
instead.@Configuration @EnableWebSecurity public class SecurityConfig { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http .authorizeHttpRequests((authorize) -> authorize .dispatcherTypeMatchers(DispatcherType.ERROR).permitAll() // ... ); return http.build(); } }
For removal in 7.0. UseHttpSecurity.requiresChannel(Customizer)
insteadFor removal in 7.0. UseHeadersConfigurer.cacheControl(Customizer)
orcacheControl(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHeadersConfigurer.cacheControl(Customizer)
orcacheControl(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHeadersConfigurer.contentSecurityPolicy(Customizer)
insteadFor removal in 7.0. UseHeadersConfigurer.contentSecurityPolicy(Customizer)
insteadFor removal in 7.0. UseHeadersConfigurer.contentTypeOptions(Customizer)
orcontentTypeOptions(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHeadersConfigurer.contentTypeOptions(Customizer)
insteadFor removal in 7.0. UseHeadersConfigurer.crossOriginEmbedderPolicy(Customizer)
insteadFor removal in 7.0. UseHeadersConfigurer.crossOriginEmbedderPolicy(Customizer)
insteadFor removal in 7.0. UseHeadersConfigurer.crossOriginOpenerPolicy(Customizer)
insteadFor removal in 7.0. UseHeadersConfigurer.crossOriginOpenerPolicy(Customizer)
insteadFor removal in 7.0. UseHeadersConfigurer.crossOriginResourcePolicy(Customizer)
insteadFor removal in 7.0. UseHeadersConfigurer.crossOriginResourcePolicy(Customizer)
insteadFor removal in 7.0. UseHeadersConfigurer.frameOptions(Customizer)
orframeOptions(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHeadersConfigurer.frameOptions(Customizer)
orframeOptions(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHeadersConfigurer.httpStrictTransportSecurity(Customizer)
insteadFor removal in 7.0. UseHeadersConfigurer.httpStrictTransportSecurity(Customizer)
insteadorg.springframework.security.config.annotation.web.configurers.HeadersConfigurer.permissionsPolicy()For removal in 7.0. UseHeadersConfigurer.permissionsPolicy(Customizer)
orpermissionsPolicy(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHeadersConfigurer.permissionsPolicy(Customizer)
insteadFor removal in 7.0. UseHeadersConfigurer.referrerPolicy(Customizer)
orreferrerPolicy(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHeadersConfigurer.referrerPolicy(Customizer)
orreferrerPolicy(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHeadersConfigurer.referrerPolicy(Customizer)
orreferrerPolicy(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHeadersConfigurer.xssProtection(Customizer)
orxssProtection(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHeadersConfigurer.xssProtection(Customizer)
orxssProtection(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseOAuth2ClientConfigurer.authorizationCodeGrant(Customizer)
insteadFor removal in 7.0. UseOAuth2ClientConfigurer.authorizationCodeGrant(Customizer)
insteadFor removal in 7.0. UseOAuth2LoginConfigurer.authorizationEndpoint(Customizer)
insteadFor removal in 7.0. UseOAuth2LoginConfigurer.authorizationEndpoint(Customizer)
insteadFor removal in 7.0. UseOAuth2LoginConfigurer.redirectionEndpoint(Customizer)
insteadFor removal in 7.0. UseOAuth2LoginConfigurer.redirectionEndpoint(Customizer)
insteadFor removal in 7.0. UseOAuth2LoginConfigurer.tokenEndpoint(Customizer)
ortokenEndpoint(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseOAuth2LoginConfigurer.tokenEndpoint(Customizer)
ortokenEndpoint(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseOAuth2LoginConfigurer.userInfoEndpoint(Customizer)
oruserInfoEndpoint(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseOAuth2LoginConfigurer.userInfoEndpoint(Customizer)
insteadFor removal in 7.0. UseOAuth2ResourceServerConfigurer.jwt(Customizer)
orjwt(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseOAuth2ResourceServerConfigurer.jwt(Customizer)
orjwt(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseOAuth2ResourceServerConfigurer.opaqueToken(Customizer)
oropaqueToken(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseSaml2LogoutConfigurer.logoutRequest(Customizer)
orlogoutRequest(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseSaml2LogoutConfigurer.logoutRequest(Customizer)
orlogoutRequest(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseSaml2LogoutConfigurer.logoutResponse(Customizer)
orlogoutResponse(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseSaml2LogoutConfigurer.logoutResponse(Customizer)
orlogoutResponse(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseSessionManagementConfigurer.sessionConcurrency(Customizer)
insteadFor removal in 7.0. UseServerHttpSecurity.anonymous(Customizer)
oranonymous(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.anonymous(Customizer)
oranonymous(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.authorizeExchange(Customizer)
orauthorizeExchange(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.authorizeExchange(Customizer)
insteadFor removal in 7.0. UseServerHttpSecurity.cors(Customizer)
orcors(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.cors(Customizer)
orcors(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.csrf(Customizer)
orcsrf(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.csrf(Customizer)
orcsrf(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.exceptionHandling(Customizer)
orexceptionHandling(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.exceptionHandling(Customizer)
insteadFor removal in 7.0. UseServerHttpSecurity.formLogin(Customizer)
orformLogin(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.formLogin(Customizer)
orformLogin(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.headers(Customizer)
orheaders(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.headers(Customizer)
orheaders(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.HeaderSpec.cache(Customizer)
orcache(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.HeaderSpec.contentSecurityPolicy(Customizer)
instead.For removal in 7.0. UseServerHttpSecurity.HeaderSpec.contentSecurityPolicy(Customizer)
insteadFor removal in 7.0. UseServerHttpSecurity.HeaderSpec.contentTypeOptions(Customizer)
insteadFor removal in 7.0. UseServerHttpSecurity.HeaderSpec.crossOriginEmbedderPolicy(Customizer)
instead.For removal in 7.0. UseServerHttpSecurity.HeaderSpec.crossOriginEmbedderPolicy(Customizer)
insteadFor removal in 7.0. UseServerHttpSecurity.HeaderSpec.crossOriginOpenerPolicy(Customizer)
instead.For removal in 7.0. UseServerHttpSecurity.HeaderSpec.crossOriginOpenerPolicy(Customizer)
insteadFor removal in 7.0. UseServerHttpSecurity.HeaderSpec.crossOriginResourcePolicy(Customizer)
instead.For removal in 7.0. UseServerHttpSecurity.HeaderSpec.crossOriginResourcePolicy(Customizer)
insteadorg.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.FeaturePolicySpec.and()For removal in 7.0. Use#featurePolicy(Customizer)
insteadFor removal in 7.0. UseServerHttpSecurity.HeaderSpec.frameOptions(Customizer)
orframeOptions(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.HeaderSpec.hsts(Customizer)
orhsts(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.HeaderSpec.hsts(Customizer)
orhsts(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.HeaderSpec.permissionsPolicy(Customizer)
instead.For removal in 7.0. UseServerHttpSecurity.HeaderSpec.permissionsPolicy(Customizer)
insteadFor removal in 7.0. UseServerHttpSecurity.HeaderSpec.referrerPolicy(Customizer)
instead.For removal in 7.0. UseServerHttpSecurity.HeaderSpec.referrerPolicy(Customizer)
instead.For removal in 7.0. UseServerHttpSecurity.HeaderSpec.referrerPolicy(Customizer)
insteadFor removal in 7.0. UseServerHttpSecurity.HeaderSpec.xssProtection(Customizer)
orxssProtection(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.httpBasic(Customizer)
orhttpBasic(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.httpBasic(Customizer)
orhttpBasic(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.logout(Customizer)
orlogout(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.logout(Customizer)
orlogout(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.oauth2Client(Customizer)
oroauth2Client(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.oauth2Client(Customizer)
oroauth2Client(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.oauth2Login(Customizer)
oroauth2Login(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.oauth2Login(Customizer)
oroauth2Login(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.oauth2ResourceServer(Customizer)
insteadFor removal in 7.0. UseServerHttpSecurity.oauth2ResourceServer(Customizer)
insteadFor removal in 7.0. UseServerHttpSecurity.OAuth2ResourceServerSpec.jwt(Customizer)
orjwt(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.OAuth2ResourceServerSpec.jwt(Customizer)
orjwt(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.OAuth2ResourceServerSpec.opaqueToken(Customizer)
oropaqueToken(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.OAuth2ResourceServerSpec.opaqueToken(Customizer)
insteadFor removal in 7.0. UseServerHttpSecurity.passwordManagement(Customizer)
orpasswordManagement(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.passwordManagement(Customizer)
insteadFor removal in 7.0. UseServerHttpSecurity.redirectToHttps(Customizer)
orredirectToHttps(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.requestCache(Customizer)
orrequestCache(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.requestCache(Customizer)
orrequestCache(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.x509(Customizer)
orx509(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.x509(Customizer)
orx509(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.
-
ClassDescriptionUse
PrePostMethodSecurityConfiguration
,SecuredMethodSecurityConfiguration
, orJsr250MethodSecurityConfiguration
insteadUseAuthorizeHttpRequestsConfigurer
insteadUseAuthorizeHttpRequestsConfigurer
insteadsee Certificate and Public Key Pinning for more contextUseAuthorizeHttpRequestsConfigurer
insteadUseMessageMatcherDelegatingAuthorizationManager
insteadorg.springframework.security.config.annotation.web.servlet.configuration.WebMvcSecurityConfigurationThis is applied internally using SpringWebMvcImportSelectorUseEnableWebSocketSecurity
insteadUse `use-authorization-manager` property insteadUseMethodSecurityBeanDefinitionParser
insteadUse<intercept-methods>
,<method-security>
, or@EnableMethodSecurity
-
Annotation InterfaceDescriptionUse
EnableMethodSecurity
insteadUse EnableWebSecurity instead which will automatically add the Spring MVC related Security items.
-
MethodDescriptionFor removal in 7.0. Use
AbstractConfiguredSecurityBuilder.with(SecurityConfigurerAdapter, Customizer)
instead.For removal in 7.0. Use the lambda based configuration instead.For removal in 7.0. UseHttpSecurity.anonymous(Customizer)
oranonymous(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.authorizeHttpRequests(Customizer)
insteadFor removal in 7.0. UseHttpSecurity.authorizeHttpRequests()
insteadFor removal in 7.0. UseHttpSecurity.authorizeHttpRequests()
insteadFor removal in 7.0. UseHttpSecurity.cors(Customizer)
orcors(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.csrf(Customizer)
orcsrf(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.exceptionHandling(Customizer)
orexceptionHandling(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.formLogin(Customizer)
orformLogin(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.headers(Customizer)
orheaders(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.httpBasic(Customizer)
orhttpBasic(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.jee(Customizer)
orjee(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.logout(Customizer)
orlogout(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.oauth2Client(Customizer)
oroauth2Client(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.oauth2Login(Customizer)
oroauth2Login(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.oauth2ResourceServer(Customizer)
insteadFor removal in 7.0. UseHttpSecurity.portMapper(Customizer)
orportMapper(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.rememberMe(Customizer)
orrememberMe(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.requestCache(Customizer)
orrequestCache(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.Use the lambda based configuration instead. For example:@Configuration @EnableWebSecurity public class SecurityConfig { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http .securityMatchers((matchers) -> matchers .requestMatchers("/api/**") ) .authorizeHttpRequests((authorize) -> authorize .anyRequest().hasRole("USER") ) .httpBasic(Customizer.withDefaults()); return http.build(); } }
For removal in 7.0. UseHttpSecurity.requiresChannel(Customizer)
orrequiresChannel(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.saml2Login(Customizer)
orsaml2Login(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.saml2Logout(Customizer)
orsaml2Logout(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.saml2Metadata(Customizer)
orsaml2Metadata(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.securityContext(Customizer)
orsecurityContext(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.securityMatchers(Customizer)
orsecurityMatchers(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.servletApi(Customizer)
orservletApi(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.sessionManagement(Customizer)
orsessionManagement(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.x509(Customizer)
orx509(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. Use the lambda based configuration instead.Permit access to theDispatcherType
instead.@Configuration @EnableWebSecurity public class SecurityConfig { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http .authorizeHttpRequests((authorize) -> authorize .dispatcherTypeMatchers(DispatcherType.ERROR).permitAll() // ... ); return http.build(); } }
For removal in 7.0. UseHttpSecurity.requiresChannel(Customizer)
insteadFor removal in 7.0. UseHeadersConfigurer.cacheControl(Customizer)
orcacheControl(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHeadersConfigurer.cacheControl(Customizer)
orcacheControl(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHeadersConfigurer.contentSecurityPolicy(Customizer)
insteadFor removal in 7.0. UseHeadersConfigurer.contentSecurityPolicy(Customizer)
insteadFor removal in 7.0. UseHeadersConfigurer.contentTypeOptions(Customizer)
orcontentTypeOptions(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHeadersConfigurer.contentTypeOptions(Customizer)
insteadFor removal in 7.0. UseHeadersConfigurer.crossOriginEmbedderPolicy(Customizer)
insteadFor removal in 7.0. UseHeadersConfigurer.crossOriginEmbedderPolicy(Customizer)
insteadFor removal in 7.0. UseHeadersConfigurer.crossOriginOpenerPolicy(Customizer)
insteadFor removal in 7.0. UseHeadersConfigurer.crossOriginOpenerPolicy(Customizer)
insteadFor removal in 7.0. UseHeadersConfigurer.crossOriginResourcePolicy(Customizer)
insteadFor removal in 7.0. UseHeadersConfigurer.crossOriginResourcePolicy(Customizer)
insteadFor removal in 7.0. UseHeadersConfigurer.permissionsPolicy(Customizer)
orpermissionsPolicy(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHeadersConfigurer.frameOptions(Customizer)
orframeOptions(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHeadersConfigurer.frameOptions(Customizer)
orframeOptions(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHeadersConfigurer.httpStrictTransportSecurity(Customizer)
insteadsee Certificate and Public Key Pinning for more contextsee Certificate and Public Key Pinning for more contextFor removal in 7.0. UseHeadersConfigurer.httpStrictTransportSecurity(Customizer)
insteadorg.springframework.security.config.annotation.web.configurers.HeadersConfigurer.permissionsPolicy()For removal in 7.0. UseHeadersConfigurer.permissionsPolicy(Customizer)
orpermissionsPolicy(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHeadersConfigurer.permissionsPolicy(Customizer)
insteadFor removal in 7.0. UseHeadersConfigurer.referrerPolicy(Customizer)
orreferrerPolicy(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHeadersConfigurer.referrerPolicy(Customizer)
orreferrerPolicy(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHeadersConfigurer.referrerPolicy(Customizer)
orreferrerPolicy(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHeadersConfigurer.xssProtection(Customizer)
orxssProtection(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseHeadersConfigurer.xssProtection(Customizer)
orxssProtection(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseOAuth2ClientConfigurer.authorizationCodeGrant(Customizer)
insteadFor removal in 7.0. UseOAuth2ClientConfigurer.authorizationCodeGrant(Customizer)
insteadFor removal in 7.0. UseOAuth2LoginConfigurer.authorizationEndpoint(Customizer)
insteadFor removal in 7.0. UseOAuth2LoginConfigurer.authorizationEndpoint(Customizer)
insteadFor removal in 7.0. UseOAuth2LoginConfigurer.redirectionEndpoint(Customizer)
insteadFor removal in 7.0. UseOAuth2LoginConfigurer.redirectionEndpoint(Customizer)
insteadFor removal in 7.0. UseOAuth2LoginConfigurer.tokenEndpoint(Customizer)
ortokenEndpoint(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseOAuth2LoginConfigurer.tokenEndpoint(Customizer)
ortokenEndpoint(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseOAuth2LoginConfigurer.userInfoEndpoint(Customizer)
oruserInfoEndpoint(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseOAuth2LoginConfigurer.userInfoEndpoint(Customizer)
insteadFor removal in 7.0. UseOAuth2ResourceServerConfigurer.jwt(Customizer)
orjwt(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseOAuth2ResourceServerConfigurer.jwt(Customizer)
orjwt(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseOAuth2ResourceServerConfigurer.opaqueToken(Customizer)
oropaqueToken(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseSaml2LogoutConfigurer.logoutRequest(Customizer)
orlogoutRequest(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseSaml2LogoutConfigurer.logoutRequest(Customizer)
orlogoutRequest(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseSaml2LogoutConfigurer.logoutResponse(Customizer)
orlogoutResponse(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseSaml2LogoutConfigurer.logoutResponse(Customizer)
orlogoutResponse(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseSessionManagementConfigurer.sessionConcurrency(Customizer)
insteadFor removal in 7.0. UseServerHttpSecurity.anonymous(Customizer)
oranonymous(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.anonymous(Customizer)
oranonymous(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.authorizeExchange(Customizer)
orauthorizeExchange(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.authorizeExchange(Customizer)
insteadFor removal in 7.0. UseServerHttpSecurity.cors(Customizer)
orcors(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.cors(Customizer)
orcors(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.csrf(Customizer)
orcsrf(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.csrf(Customizer)
orcsrf(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.exceptionHandling(Customizer)
orexceptionHandling(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.exceptionHandling(Customizer)
insteadFor removal in 7.0. UseServerHttpSecurity.formLogin(Customizer)
orformLogin(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.formLogin(Customizer)
orformLogin(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.headers(Customizer)
orheaders(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.headers(Customizer)
orheaders(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.HeaderSpec.cache(Customizer)
orcache(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.HeaderSpec.contentSecurityPolicy(Customizer)
instead.For removal in 7.0. UseServerHttpSecurity.HeaderSpec.contentSecurityPolicy(Customizer)
insteadFor removal in 7.0. UseServerHttpSecurity.HeaderSpec.contentTypeOptions(Customizer)
insteadFor removal in 7.0. UseServerHttpSecurity.HeaderSpec.crossOriginEmbedderPolicy(Customizer)
instead.For removal in 7.0. UseServerHttpSecurity.HeaderSpec.crossOriginEmbedderPolicy(Customizer)
insteadFor removal in 7.0. UseServerHttpSecurity.HeaderSpec.crossOriginOpenerPolicy(Customizer)
instead.For removal in 7.0. UseServerHttpSecurity.HeaderSpec.crossOriginOpenerPolicy(Customizer)
insteadFor removal in 7.0. UseServerHttpSecurity.HeaderSpec.crossOriginResourcePolicy(Customizer)
instead.For removal in 7.0. UseServerHttpSecurity.HeaderSpec.crossOriginResourcePolicy(Customizer)
insteadFor removal in 7.0. UseServerHttpSecurity.HeaderSpec.permissionsPolicy(Customizer)
instead.org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.FeaturePolicySpec.and()For removal in 7.0. Use#featurePolicy(Customizer)
insteadFor removal in 7.0. UseServerHttpSecurity.HeaderSpec.frameOptions(Customizer)
orframeOptions(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.HeaderSpec.hsts(Customizer)
orhsts(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.HeaderSpec.hsts(Customizer)
orhsts(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.HeaderSpec.permissionsPolicy(Customizer)
instead.For removal in 7.0. UseServerHttpSecurity.HeaderSpec.permissionsPolicy(Customizer)
insteadFor removal in 7.0. UseServerHttpSecurity.HeaderSpec.referrerPolicy(Customizer)
instead.For removal in 7.0. UseServerHttpSecurity.HeaderSpec.referrerPolicy(Customizer)
instead.For removal in 7.0. UseServerHttpSecurity.HeaderSpec.referrerPolicy(Customizer)
insteadFor removal in 7.0. UseServerHttpSecurity.HeaderSpec.xssProtection(Customizer)
orxssProtection(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.httpBasic(Customizer)
orhttpBasic(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.httpBasic(Customizer)
orhttpBasic(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.logout(Customizer)
orlogout(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.logout(Customizer)
orlogout(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.oauth2Client(Customizer)
oroauth2Client(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.oauth2Client(Customizer)
oroauth2Client(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.oauth2Login(Customizer)
oroauth2Login(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.oauth2Login(Customizer)
oroauth2Login(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.oauth2ResourceServer(Customizer)
insteadFor removal in 7.0. UseServerHttpSecurity.oauth2ResourceServer(Customizer)
insteadFor removal in 7.0. UseServerHttpSecurity.OAuth2ResourceServerSpec.jwt(Customizer)
orjwt(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.OAuth2ResourceServerSpec.jwt(Customizer)
orjwt(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.OAuth2ResourceServerSpec.opaqueToken(Customizer)
oropaqueToken(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.OAuth2ResourceServerSpec.opaqueToken(Customizer)
insteadFor removal in 7.0. UseServerHttpSecurity.passwordManagement(Customizer)
orpasswordManagement(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.passwordManagement(Customizer)
insteadFor removal in 7.0. UseServerHttpSecurity.redirectToHttps(Customizer)
orredirectToHttps(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.requestCache(Customizer)
orrequestCache(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.requestCache(Customizer)
orrequestCache(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.x509(Customizer)
orx509(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.For removal in 7.0. UseServerHttpSecurity.x509(Customizer)
orx509(Customizer.withDefaults())
to stick with defaults. See the documentation for more details.
AbstractConfiguredSecurityBuilder.with(SecurityConfigurerAdapter, Customizer)
instead.