I started configuring security for a Spring boot application but WebMvcSecurityConfiguration is marked deprecated.
Is there a better alternative to configure security?
I'm using spring boot 1.5.4.
From official documentation
As of Spring Security 4.0, #EnableWebMvcSecurity is deprecated. The replacement is #EnableWebSecurity which will determine adding the Spring MVC features based upon the classpath.
https://docs.spring.io/spring-security/site/docs/current/reference/html/mvc.html
Related
After changing my imports to use the awspring library, I had #EnableSqs marked as deprecated, how to enable sqs if #EnableSqs is deprecated?
In Spring Cloud version 2.3 #EnableXYZ as deprecated being replaced by use of Auto-Configuration. See doc
Spring Cloud AWS 2.3 is now available.
#EnableXXX annotations have been deprecated. We recommend using Spring Boot auto-configurations.
How to use Auto-configuration?
Spring Boot auto-configuration attempts to automatically configure your Spring application based on the jar dependencies that you have added. For example, if HSQLDB is on your classpath, and you have not manually configured any database connection beans, then Spring Boot auto-configures an in-memory database.
You need to opt-in to auto-configuration by adding the #EnableAutoConfiguration or #SpringBootApplication annotations to one of your #Configuration classes.
I'm in the process of migrating away from the spring-security-saml module that has been deprecated to the new SAML support built into Spring Security 5+. I'd really like to not have to migrate this entire project from Spring Framework to String Boot at this time, so does anyone know if there is documentation on how to get Spring Security with SAML working on vanilla Spring Framework, everything I've seen has been only Spring Boot. Any help would be majestic!
I tried to upgrade my sample to Spring Boot 2.1.0.RELEASE, the PostControllerTest which used #WebFluxTest failed due to Spring Security protection. But in the initial version(Spring Boot 2.0.0.M7) it worked.
This is the expected behavior as of Spring Boot 2.1.0. It's been implemented in spring-boot#13632 and a similar issue has been raised already about this. We're aligning with the behavior of Spring MVC auto-configuration here.
You can learn how to improve your test configuration in the Spring Security documentation.
I would like to ask how to refresh spring boot configuration info with using spring cloud config. Would you please give me some advice? Many thanks.
If your spring boot application is a client of Spring Cloud Configuration Server and use itself as single point of truth in the application configuration let's say retrieve application.properties/yml from the config server, you can benefit of #RefreshScope. in this case if you do a post to the /refresh if you use spring boot 1.x or /actuator/refresh if you use spring boot 2.x all the bean that are have are annotated as #RefreshScope will be refreshed.
how to implement the oauth2 server using jwt to get clients from database in spring boot 2.0 M7 ? there is any example, I just found an example with spring boot 2.0. M4 but seems it is not compatible with M7 , could someone please provide me a example ?
Support for the spring-security-oauth2 dependency was removed from Spring Boot 2.0 in favor of Spring Security 5’s first class OAuth support. Functionality from the Spring Security OAuth project is still being migrated to core Spring Security. For Authorization server and Resource server support which has not been migrated yet, you will need to add a dependency on an additional jar. See this documentation for more details.