Skip to content

Instantly share code, notes, and snippets.

@TopekoX

TopekoX/Spring Security without the WebSecurityConfigurerAdapter.md

Last active January 8, 2025 15:51
Show Gist options
  • Save TopekoX/4c3f1c086826bdf5ab43f4531f858402 to your computer and use it in GitHub Desktop.
Save TopekoX/4c3f1c086826bdf5ab43f4531f858402 to your computer and use it in GitHub Desktop.
Download ZIP
Spring Security Deprecated the WebSecurityConfigurerAdapter
Raw
Spring Security without the WebSecurityConfigurerAdapter.md

In my case im using @EnableMethodSecurity(prePostEnabled = true) for prepost filter on controller in SecurityConfig.java

@Configuration
@EnableMethodSecurity(prePostEnabled = true)
public class SecurityConfig {

   @Bean
   SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
      http.authorizeHttpRequests(autz -> autz
          .anyRequest().authenticated())
        .csrf(csrf -> csrf.disable())
        .sessionManagement(httpSecuritySessionManagementConfigurer -> httpSecuritySessionManagementConfigurer
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS))
        .httpBasic(Customizer.withDefaults());

      return http.build();
   }
   
 }

On my Controller

@PreAuthorize("isAuthenticated()")
@GetMapping("/book")
public ResponseEntity<Page<Book>> findAll() {
....
}

@PreAuthorize("hasAnyRole('ADMIN', 'SUPERADMIN')")
@PostMapping("/book")
public ResponseEntity<Page<Book>> findAll() {
....
}

Reference

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment