Spring Security 6.x

Categories

• Oauth2

Composite Recipes

Recipes that include further recipes, often including the individual recipes below.

• Migrate to Spring Security 6.0
• Migrate to Spring Security 6.1
• Migrate to Spring Security 6.2

Recipes

• Convert HttpSecurity::apply chained calls into HttpSecurity::with Lambda DSL
• Keep the default RequestCache querying behavior in Spring Security 5
• Remove calls matching AuthenticationEntryPointFailureHandler.setRethrowAuthenticationServiceException(true)
• Remove explicit SecurityContextConfigurer.requireExplicitSave(true) opt-in
• Remove explicit configuration of SHA-256 as encoding and matching algorithm for TokenBasedRememberMeServices
• Remove the useAuthorizationManager=true attribute from @EnableReactiveMethodSecurity
• Remove unnecessary filterSecurityInterceptorOncePerRequest(false) when upgrading to Spring Security 6
• Remove unnecessary use-authorization-manager for message security in Spring security 6
• Remove unneeded oauth2Login config when upgrading to Spring Security 6