Open marcusdacoregio opened 1 year ago
Does it mean that instead of:
http.apply(myCustomAuthConfigurer())
.and()
.logout(logout -> ...)
...
User will have to do:
http.apply(myCustomAuthConfigurer());
http.logout(logout -> ...)
...
Hi @Aveyder, for custom DSLs you should use the new .with(...)
method available in 6.2, see https://docs.spring.io/spring-security/reference/6.2-SNAPSHOT/migration-7/configuration.html#_use_with_instead_of_apply_for_custom_dsls
It is a common way to configure Spring Security like this:
Where each configuration is in its own line, this is quite a reasonable alternative and there are many users who prefer this way to chaining methods.
With the deprecation of
.and()
and the non-lambda methods (see #12629), and, therefore, the removal in 7.0, users will be forced to use:The above configuration does not give any advantage over the former. We should consider replacing the deprecated methods with a variant that returns the root builder object, for example,
HttpSecurity
.Some methods, like
oauth2ResourceServer
, maybe should not returnHttpSecurity
since it doesn't make sense to configure it without the additional.jwt()
or.opaqueToken()
methods.