close

Filter

Close X
loading table of contents...

Release Notes / Version 11.2301

Table Of Contents

Replaced invocations of deprecated and breaking Spring Security code

With the update to Spring Security 5.8, there're a number of deprecations whose invocations have been replaced:

  • Instead of extending the deprecated org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper , the com.coremedia.livecontext.hybrid.CookieLevelerFilter.HttpServletResponseCookieAware class now extends its super class org.springframework.security.web.util.OnCommittedResponseWrapper . The overrides of the abstract methods have been applied to reflect the same implementation.

  • Usages of the deprecated org.springframework.security.config.annotation.web.configurers.CsrfConfigurer#ignoringAntMatchers security builder

methods have been replaced with org.springframework.security.config.annotation.web.configurers.CsrfConfigurer#ignoringRequestMatchers and org.springframework.security.web.util.matcher.AntPathRequestMatcher#antMatcher(String) .

  • Usages of the deprecated org.springframework.security.config.annotation.web.builders.HttpSecurity#authorizeRequests security builder

methods have been replaced with org.springframework.security.config.annotation.web.builders.HttpSecurity#authorizeHttpRequests (including chained access method calls ).

  • Usages of the deprecated org.springframework.security.config.annotation.web.builders.HttpSecurity#requestMatcher security builder

methods have been replaced with org.springframework.security.config.annotation.web.builders.HttpSecurity#securityMatcher .

  • Usages of the deprecated org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry#antMatchers security builder

methods have been replaced with org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry#requestMatchers and org.springframework.security.web.util.matcher.AntPathRequestMatcher#antMatcher(String) .

Please note that the *requestMatcher(String) methods (that replace the deprecated antMatcher(String) , mvcMatcher(String) and regexMatcher(String) methods) create org.springframework.security.web.util.matcher.AntPathRequestMatcher or org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher objects under the hood, depending on the existence of spring-webmvc in the application classpath. As the CoreMedia applications contain spring-webmvc , each string pattern is wrapped in org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher . If this is not intended and/or leads to errors, consider wrapping the patterns using org.springframework.security.web.util.matcher.AntPathRequestMatcher#antMatcher(String) manually.

For further information how to apply customizations to the new Spring Security version see the Spring Security 5.8 Migration Guide .

(CMS-22524)

Search Results

Table Of Contents
warning

Your Internet Explorer is no longer supported.

Please use Mozilla Firefox, Google Chrome, or Microsoft Edge.