WebSecurityConfigurerAdapter is deprecated

java/Spring

WebSecurityConfigurerAdapter is deprecated

킨글 2022. 9. 8. 15:56

extends WebSecurityConfigurerAdapter 부분에 취소선이 그어져 있어서 마우스를 올려보니 deprecated 되었다고 표시되고 있었다. 이게 무슨 일인가??

공식 문서에서는 아래와 같이 보안상 사용하지 않는다는 것이었다.

https://spring.io/blog/2022/02/21/spring-security-without-the-websecurityconfigureradapter

In Spring Security 5.7.0-M2 we deprecated the WebSecurityConfigurerAdapter, as we encourage users to move towards a component-based security configuration.

그래서 extends WebSecurityConfigurerAdapter 부분을 지워주니 @Override 한 configure에서 에러가 나고 있었다.

@Override
protected void configure(HttpSecurity http) throws Exception {
    com.gworld.manage.configuration.AuthenticationSuccessHandler a = new com.gworld.manage.configuration.AuthenticationSuccessHandler();
    http.csrf().disable();
    http.headers().frameOptions().sameOrigin();

    http.authorizeRequests()
            .antMatchers( // 로그인이 없어도 접근 가능한 위치를 정의
                    "/**"
            ).permitAll();

    http.formLogin()
            .loginPage("/member/login")
                    .successHandler(authenticationSuccessHandler)
                    .permitAll();
    http.exceptionHandling()
            .accessDeniedPage("/error/denied");

    super.configure(http);
}

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.userDetailsService(memberService)
            .passwordEncoder(getPasswordEncoder());
    super.configure(auth);
}

그래서 configure(HttpSecurity http) 부분을 SecurityFilterChain으로 변경해주었고,
super().configure(http); 대신에 return http.build();로 변경해주었다.

그리고 void configure(AuthenticationManagerBuilder auth) 부분을 AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration)으로 변경해주어 해결하였다.

@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception{
    com.gworld.manage.configuration.AuthenticationSuccessHandler a = new com.gworld.manage.configuration.AuthenticationSuccessHandler();
    http.csrf().disable();
    http.headers().frameOptions().sameOrigin();

    http.authorizeRequests()
            .antMatchers( // 로그인이 없어도 접근 가능한 위치를 정의
                    "/**"
            ).permitAll();

    http.formLogin()
            .loginPage("/member/login")
            .successHandler(authenticationSuccessHandler)
            .permitAll();
    http.exceptionHandling()
            .accessDeniedPage("/error/denied");

    return http.build();
}

@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration)
        throws Exception {
    return authenticationConfiguration.getAuthenticationManager();
}