Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Document in the reference how to migrate to lambda

Closes gh-12628
Marcus Da Coregio 2 years ago
parent
9f6a879043
commit
2b05d5dece
3 changed files with 126 additions and 0 deletions
Unified View Show Diff Stats
  1. 2 0
      docs/modules/ROOT/nav.adoc
  2. 116 0
      docs/modules/ROOT/pages/migration-7/configuration.adoc
  3. 8 0
      docs/modules/ROOT/pages/migration-7/index.adoc

+ 2 - 0
docs/modules/ROOT/nav.adoc
View File 

@@ -2,6 +2,8 @@
 
 * xref:prerequisites.adoc[Prerequisites]
 
 * xref:prerequisites.adoc[Prerequisites]
 
 * xref:community.adoc[Community]
 
 * xref:community.adoc[Community]
 
 * xref:whats-new.adoc[What's New]
 
 * xref:whats-new.adoc[What's New]
 
+* xref:migration-7/index.adoc[Preparing for 7.0]
 
+** xref:migration-7/configuration.adoc[Configuration]
 
 * xref:migration/index.adoc[Migrating to 6.0]
 
 * xref:migration/index.adoc[Migrating to 6.0]
 
 ** xref:migration/servlet/index.adoc[Servlet Migrations]
 
 ** xref:migration/servlet/index.adoc[Servlet Migrations]
 
 *** xref:migration/servlet/session-management.adoc[Session Management]
 
 *** xref:migration/servlet/session-management.adoc[Session Management]

+ 116 - 0
docs/modules/ROOT/pages/migration-7/configuration.adoc
View File 

@@ -0,0 +1,116 @@
 
+= Configuration Migrations
 
+
 
+The following steps relate to changes around how to configure `HttpSecurity`, `WebSecurity` and related components.
 
+
 
+== Use the Lambda DSL
 
+
 
+The Lambda DSL is present in Spring Security since version 5.2, and it allows HTTP security to be configured using lambdas.
 
+
 
+The prior configuration style will not be valid in Spring Security 7 where the usage of the Lambda DSL will be required.
 
+
 
+You may have seen this style of configuration in the Spring Security documentation or samples.
 
+Let us take a look at how a lambda configuration of HTTP security compares to the previous configuration style.
 
+
 
+====
 
+[source,java]
 
+.Configuration using lambdas
 
+----
 
+@Configuration
 
+@EnableWebSecurity
 
+public class SecurityConfig {
 
+
 
+    @Bean
 
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 
+        http
 
+            .authorizeHttpRequests(authorize -> authorize
 
+                .requestMatchers("/blog/**").permitAll()
 
+                .anyRequest().authenticated()
 
+            )
 
+            .formLogin(formLogin -> formLogin
 
+                .loginPage("/login")
 
+                .permitAll()
 
+            )
 
+            .rememberMe(Customizer.withDefaults());
 
+
 
+        return http.build();
 
+    }
 
+}
 
+----
 
+====
 
+
 
+====
 
+[source,java]
 
+.Equivalent configuration without using lambdas
 
+----
 
+@Configuration
 
+@EnableWebSecurity
 
+public class SecurityConfig {
 
+
 
+    @Bean
 
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 
+        http
 
+            .authorizeHttpRequests()
 
+                .requestMatchers("/blog/**").permitAll()
 
+                .anyRequest().authenticated()
 
+                .and()
 
+            .formLogin()
 
+                .loginPage("/login")
 
+                .permitAll()
 
+                .and()
 
+            .rememberMe();
 
+
 
+        return http.build();
 
+    }
 
+}
 
+----
 
+====
 
+
 
+=== Lambda DSL Configuration Tips
 
+
 
+When comparing the two samples above, you will notice some key differences:
 
+
 
+- In the Lambda DSL there is no need to chain configuration options using the `.and()` method.
 
+The `HttpSecurity` instance is automatically returned for further configuration after the call to the lambda method.
 
+
 
+- `Customizer.withDefaults()` enables a security feature using the defaults provided by Spring Security.
 
+This is a shortcut for the lambda expression `it -> {}`.
 
+
 
+=== WebFlux Security
 
+
 
+You may also configure WebFlux security using lambdas in a similar manner.
 
+Below is an example configuration using lambdas.
 
+
 
+====
 
+[source,java]
 
+.WebFlux configuration using lambdas
 
+----
 
+@Configuration
 
+@EnableWebFluxSecurity
 
+public class SecurityConfig {
 
+
 
+    @Bean
 
+    public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 
+        http
 
+            .authorizeExchange(exchanges -> exchanges
 
+                .pathMatchers("/blog/**").permitAll()
 
+                .anyExchange().authenticated()
 
+            )
 
+            .httpBasic(Customizer.withDefaults())
 
+            .formLogin(formLogin -> formLogin
 
+                .loginPage("/login")
 
+            );
 
+
 
+        return http.build();
 
+    }
 
+
 
+}
 
+----
 
+====
 
+
 
+=== Goals of the Lambda DSL
 
+
 
+The Lambda DSL was created to accomplish to following goals:
 
+
 
+- Automatic indentation makes the configuration more readable.
 
+- The is no need to chain configuration options using `.and()`
 
+- The Spring Security DSL has a similar configuration style to other Spring DSLs such as Spring Integration and Spring Cloud Gateway.

+ 8 - 0
docs/modules/ROOT/pages/migration-7/index.adoc
View File 

@@ -0,0 +1,8 @@
 
+[[preparing]]
 
+= Preparing for 7.0
 
+
 
+While Spring Security 7.0 does not have a release date yet, it is important to start preparing for it now.
 
+
 
+This preparation guide is designed to summarize the biggest changes in Spring Security 7.0 and provide steps to prepare for them.
 
+
 
+It is important to keep your application up to date with the latest Spring Security 6 and Spring Boot 3 releases.