Reputation: 53
Spring doesn't see WebSecurityConfigurerAdapter
I want to create WebSecurityConfig class that extends WebSecurityConfigurerAdapter, but I always get error "Cannot resolve symbol 'WebSecurityConfigurerAdapter'". I have already tried to add different dependencies. It's my gradle file
dependencies {
runtimeOnly 'org.postgresql:postgresql'
implementation group: 'org.postgresql', name: 'postgresql', version: '42.5.1'
implementation group: 'org.springframework.boot', name: 'spring-boot-starter-data-jpa', version: '3.0.0'
implementation group: 'org.springframework.boot', name: 'spring-boot-starter-data-rest', version: '3.0.0'
implementation group: 'org.springframework.boot', name: 'spring-boot-starter-tomcat', version: '3.0.0'
implementation group: 'org.springframework.boot', name: 'spring-boot-starter-web', version: '3.0.0'
implementation group: 'io.jsonwebtoken', name: 'jjwt-api', version: '0.11.5'
implementation group: 'org.postgresql', name: 'postgresql', version: '42.5.1'
implementation group: 'org.springframework.boot', name: 'spring-boot-starter-validation', version: '3.0.0'
implementation group: 'org.springframework.security', name: 'spring-security-core', version: '6.0.0'
implementation group: 'org.springframework.security', name: 'spring-security-config', version: '6.0.0'
implementation group: 'org.springframework.security', name: 'spring-security-web', version: '6.0.0'
implementation group: 'org.springframework.security', name: 'spring-security-oauth2-jose', version: '6.0.0'
implementation group: 'org.springframework.security', name: 'spring-security-oauth2-resource-server', version: '6.0.0'
implementation group: 'org.springframework.boot', name: 'spring-boot-starter-security', version: '3.0.0'
implementation group: 'org.springframework.boot', name: 'spring-boot-starter-thymeleaf', version: '3.0.0'
implementation group: 'org.thymeleaf.extras', name: 'thymeleaf-extras-springsecurity5', version: '3.1.0.RELEASE'
}
Maybe I don't understand something easy. Can you help me with this,please. I have already spent 2 days on this
There is the same question on stack overflow (Cannot resolve symbol WebSecurityConfigurerAdapter), but it doesn't help me. It's my file with WebSecurityConfig class
import nsu.project.springserver.security.jwt.AuthEntryPointJwt;
import nsu.project.springserver.security.jwt.AuthTokenFilter;
import nsu.project.springserver.security.services.UserDetailsServiceImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
....
}
Upvotes: 5
Views: 15645
Answers (2)
Reputation: 12865
WebsecurityConfigurerAdapter was removed in Spring-boot 3.
Expose a SecurityFilterChain bean instead (SecurityWebFilterChain if your app is reactive).
Open the manual or have look at those tutorials.
Upvotes: 6
Reputation: 408
Video from Dan Vega:
What's new in Spring Security 6
Spring Security: Upgrading the Deprecated WebSecurityConfigurerAdapter
Configure HTTP Security
More importantly, if we want to avoid deprecation for HTTP security, we can create a SecurityFilterChain bean.
For example, suppose we want to secure the endpoints depending on the roles, and leave an anonymous entry point only for login. We'll also restrict any delete request to an admin role. We'll use Basic Authentication:
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.csrf()
.disable()
.authorizeRequests()
.antMatchers(HttpMethod.DELETE)
.hasRole("ADMIN")
.antMatchers("/admin/**")
.hasAnyRole("ADMIN")
.antMatchers("/user/**")
.hasAnyRole("USER", "ADMIN")
.antMatchers("/login/**")
.anonymous()
.anyRequest()
.authenticated()
.and()
.httpBasic()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
return http.build();
}
The HTTP security will build a DefaultSecurityFilterChain object to load request matchers and filters.
spring Security: Upgrading the Deprecated WebSecurityConfigurerAdapter
Upvotes: 6
Related Questions
- extends WebSecurityConfigurerAdapter Cannot be resolved
- WebSecurityConfigurerAdapter not found
- Can't use WebSecurityConfigurerAdapter in a custom spring boot starter
- Method configure(WebSecurity web) in Spring Security doesn't work
- java.lang.IllegalStateException: When using WebSecurityConfigurerAdapter
- Spring Boot WebSecurityConfigurerAdapter: one configuration not being applied
- Correct use of WebSecurity in WebSecurityConfigurerAdapter
- Enabling WebSecurityConfigurer via @Profile does not work
- WebSecurityConfigurerAdapter didn't work
- Spring Security, Why second WebSecurityConfigurerAdapter is not working?