Skip to content

Latest commit

 

History

History
173 lines (144 loc) · 5.44 KB

usenewsecuritymatchers.md

File metadata and controls

173 lines (144 loc) · 5.44 KB

Use the new securityMatcher() method

org.openrewrite.java.spring.security5.UseNewSecurityMatchers

In Spring Security 5.8, the HttpSecurity#antMatcher(), HttpSecurity#mvcMatcher(), and HttpSecurity#regexMatcher() methods were deprecated in favor of new HttpSecurity#securityMatcher() method. Refer to the Spring Security docs for more information.

Source

GitHub, Issue Tracker, Maven Central

  • groupId: org.openrewrite.recipe
  • artifactId: rewrite-spring
  • version: 5.0.1

Example

{% tabs %} {% tab title="com/example/SecurityConfig.java" %}

Before

{% code title="com/example/SecurityConfig.java" %}

package com.example;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
@EnableWebSecurity
class SecurityConfig {
    @Bean
    SecurityFilterChain securityFilterChain(HttpSecurity http) {
        http
                .antMatcher("/static/**")
                .authorizeHttpRequests((authz) -> authz
                        .mvcMatchers("/static/**").permitAll()
                );
        return http.build();
    }
}

{% endcode %}

After

{% code title="com/example/SecurityConfig.java" %}

package com.example;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
@EnableWebSecurity
class SecurityConfig {
    @Bean
    SecurityFilterChain securityFilterChain(HttpSecurity http) {
        http
                .securityMatcher("/static/**")
                .authorizeHttpRequests((authz) -> authz
                        .mvcMatchers("/static/**").permitAll()
                );
        return http.build();
    }
}

{% endcode %}

{% endtab %} {% tab title="Diff" %} {% code %}

--- com/example/SecurityConfig.java
+++ com/example/SecurityConfig.java
@@ -15,1 +15,1 @@
    SecurityFilterChain securityFilterChain(HttpSecurity http) {
        http
-               .antMatcher("/static/**")
+               .securityMatcher("/static/**")
                .authorizeHttpRequests((authz) -> authz

{% endcode %} {% endtab %} {% endtabs %}

Usage

This recipe has no required configuration options. It can be activated by adding a dependency on org.openrewrite.recipe:rewrite-spring:5.0.1 in your build file or by running a shell command (in which case no build changes are needed): {% tabs %} {% tab title="Gradle" %} {% code title="build.gradle" %}

plugins {
    id("org.openrewrite.rewrite") version("6.1.4")
}

rewrite {
    activeRecipe("org.openrewrite.java.spring.security5.UseNewSecurityMatchers")
}

repositories {
    mavenCentral()
}

dependencies {
    rewrite("org.openrewrite.recipe:rewrite-spring:5.0.1")
}

{% endcode %} {% endtab %} {% tab title="Maven POM" %} {% code title="pom.xml" %}

<project>
  <build>
    <plugins>
      <plugin>
        <groupId>org.openrewrite.maven</groupId>
        <artifactId>rewrite-maven-plugin</artifactId>
        <version>5.2.4</version>
        <configuration>
          <activeRecipes>
            <recipe>org.openrewrite.java.spring.security5.UseNewSecurityMatchers</recipe>
          </activeRecipes>
        </configuration>
        <dependencies>
          <dependency>
            <groupId>org.openrewrite.recipe</groupId>
            <artifactId>rewrite-spring</artifactId>
            <version>5.0.1</version>
          </dependency>
        </dependencies>
      </plugin>
    </plugins>
  </build>
</project>

{% endcode %} {% endtab %}

{% tab title="Maven Command Line" %} {% code title="shell" %} You will need to have Maven installed on your machine before you can run the following command.

mvn -U org.openrewrite.maven:rewrite-maven-plugin:run \
  -Drewrite.recipeArtifactCoordinates=org.openrewrite.recipe:rewrite-spring:RELEASE \
  -Drewrite.activeRecipes=org.openrewrite.java.spring.security5.UseNewSecurityMatchers

{% endcode %} {% endtab %} {% endtabs %}

Contributors

See how this recipe works across multiple open-source repositories

Moderne Link Image

The community edition of the Moderne platform enables you to easily run recipes across thousands of open-source repositories.

Please contact Moderne for more information about safely running the recipes on your own codebase in a private SaaS.