-
Notifications
You must be signed in to change notification settings - Fork 67
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Where is the proper place to help with the Spring Security 6 example #23
Comments
Thanks @purejgleason, we do need to include guidance for Spring 6, seeing increased interest in Spring Security 6 which is great! I'm not sure if we'll end up creating a new sample repo or just updating this one, but we will also need to update the quickstart article or create a new one. Until we do that, you could make a PR here that we could leave in draft for now, at least it would be a place for others to reference. I'm also working through the Spring Security 6 migration myself, and I'm going to share here the steps I had to take, and maybe push a branch for reference and/or a draft PR myself. But either way, would be great to compare notes about what was needed to work with Spring Security 6. |
Ok, I think I've got it working. As noted above we will need to update or create a new quickstart, and perhaps then just make a new sample repo for Spring Boot 3, but for those looking to use Spring Boot 3 hopefully the info here will help.
Migrating to Spring Boot 3 and Spring Security 6 (Servlet)Step 1 - Update to latest Spring Boot 3 and Spring Security 5.8
As documented on the Spring Boot 3 Migration Guide, the first thing to do is update to the latest of Spring Boot 2 and use Spring Security 5.8. As shown in this commit, this involves updating your dependencies (gradle shown): plugins {
latest
id 'org.springframework.boot' version '2.7.8'
}
ext['spring-security.version']='5.8.1' After doing this, you'll notice deprecation warnings regarding the @Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests((authorize) -> authorize
.requestMatchers("/api/public").permitAll()
.requestMatchers("/api/private").authenticated()
.requestMatchers("/api/private-scoped").hasAuthority("SCOPE_read:messages"))
.cors().and()
.oauth2ResourceServer((oauth2ResourceServer) ->
// works, but not as clear:
// oauth2ResourceServer.jwt());
oauth2ResourceServer.jwt(jwt -> jwt.decoder(jwtDecoder())));
return http.build();
} The application should now compile without warnings, and running it should demonstrate the protected endpoints. Step 2 - Update to Spring Boot 3
Now we can update to Spring Boot 3, which involves a few things: Update to latest GradleUpdate your gradle version to the latest of v7. If you don't do this, you may encounter errors related to building a jar when trying to run. ./gradlew wrapper --gradle-version 7.6 Update dependencies and source levelUpdate your dependency to use spring boot 3 (and make sure to remove the Spring Security version override if you followed the step above!): plugins {
// ...
id 'org.springframework.boot' version '3.0.2'
}
sourceCompatibility = '17' Add
|
Let's move this conversation to #25 since we've had a few issues regarding this. |
Since the upgrade a lot of things have changed and I finally got my authorization working with Spring Security 6. I would be willing to contribute an example but not sure where I should do that.
The text was updated successfully, but these errors were encountered: