Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Spring Security 6.1 - Lambda DSL for Custom DSL

Tags:

java

spring

spring-security

In Spring Security 6.1, SecurityConfigurerAdapter::and has been deprecated for removal, and clients are encouraged to use the Lambda DSL: https://docs.spring.io/spring-security/reference/migration-7/configuration.html#_use_the_lambda_dsl

@Configuration
@EnableWebSecurity
public class SecurityConfig {

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
            .authorizeHttpRequests(authorize -> authorize
                .requestMatchers("/blog/**").permitAll()
                .anyRequest().authenticated()
            )
            .formLogin(formLogin -> formLogin
                .loginPage("/login")
                .permitAll()
            )
            .rememberMe(Customizer.withDefaults());

        return http.build();
    }
}

Meanwhile, the documentation for Custom DSLs still show use of the apply()-and() pattern: https://docs.spring.io/spring-security/reference/servlet/configuration/java.html#jc-custom-dsls

@Configuration
@EnableWebSecurity
public class Config {
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
            .apply(customDsl())
                .flag(true)
                .and()
            ...;
        return http.build();
    }
}

I don't see a mechanism in HttpSecurity or AbstractConfiguredSecurityBuilder to follow the lambda pattern for a custom AbstractHttpConfigurer, such as:

@Configuration
@EnableWebSecurity
public class Config {
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
            .apply(customDsl(), custom -> custom
                .flag(true)
            )
            ...;
        return http.build();
    }
}

So I'm stuck using the deprecated and() method if I want to keep the single-statement method-chaining pattern, until a future release adds a replacement for this pattern for Custom DSL.

Am I missing something?

like image 285
Nick McKinney Avatar asked Sep 06 '25 21:09

Nick McKinney

1 Answers

I had the same question and found these two issues in the Spring Security repository: 13436 and 13204. It looks like there will be a new .with() method which will replace .apply().and(). This seems to be the one they are talking about: https://github.com/spring-projects/spring-security/blob/main/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java#L155. It is already part of the 6.2.0-M1 release.

Edit: Found the pull request: https://github.com/spring-projects/spring-security/pull/13432

like image 186
Farbfetzen Avatar answered Sep 08 '25 12:09

Farbfetzen

Sign in to Comment

Related questions

Is SLF4J thread-safe?
How to write instanceof with Java 8?
Java error in making file through console
How to parse a Mbox file with JavaMail API?
Powermock Compatibility with JDK 17
How to call Java code from C#?
Unchecked cast from X to generic type that extends X
How to embed Tablesaw graph in Jupyter Notebook with IJava kernel?
CrudRepository: Save method deletes entry
WrongTypeOfReturnValue: "Object" cannot be returned by findById()
What is the use case of the deferred security context?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!