CODEWITHSUNDEEP
spring-bootspring-security
Shivam Roy
Shivam Roy

Reputation: 21

sessionManagement() in Java 17 and Spring 6.0

I am trying to upgrade to Java 17 and Spring 6.0 but many of the below methods are deprecated. Any solutions will be helpful.

SecurityFilterChain filterChain(HttpSecurity http) throws Exception {

    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
                                    .maximumSessions(maxNoOfSessions)
                                    .expiredUrl("/login")
                                    .and()
                                    .invalidSessionUrl(/login).and().csrf()
                                    .disable()
                                    .authorizeRequests()
                                    .antMatchers("/**/*.css","/**/*.ico","/**/*.svg")
                                    .permitAll().and()
                                    .authorizeRequests().anyRequest().authenticated().and().formLogin()
                                    .loginPage("/login")
                                    .failureUrl("login?error=true")
                                    .permitAll();
    http.authenticationProvider(authProvider);
    return http.build();

I tried using sessionManagement(Customizer<>) but to of no avail.

Upvotes: 1

Views: 794

Answers (1)

Andrei Lisa
Andrei Lisa

Reputation: 4956

According to Migration Guide and Lambda DSL

Your current implementation of filterChain should be as next one:

  @Bean
  public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
    
    http.sessionManagement(sessionManagement -> {
      sessionManagement.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
          .maximumSessions(maxNoOfSessions)
          .expiredUrl("/login");
      sessionManagement.invalidSessionUrl("/login");
    });
    http.csrf(AbstractHttpConfigurer::disable);
    http.authorizeHttpRequests(request ->{
          request.anyRequest().authenticated();
        });
    http.formLogin(fLogin -> {
           fLogin.loginPage("/login");
           fLogin.failureUrl("login?error=true");
           fLogin.permitAll();
        });
    http.authenticationProvider(authProvider);
    
    return http.build();
  }

Upvotes: 1

Related Questions