Release Notes / Version 11.2304
Table Of ContentsWith the update to Spring Security 5.8, there're a number of deprecations whose invocations have been replaced:
Instead of extending the deprecated
org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper
, thecom.coremedia.livecontext.hybrid.CookieLevelerFilter.HttpServletResponseCookieAware
class now extends its super classorg.springframework.security.web.util.OnCommittedResponseWrapper
. The overrides of the abstract methods have been applied to reflect the same implementation.Usages of the deprecated
org.springframework.security.config.annotation.web.configurers.CsrfConfigurer#ignoringAntMatchers
security builder
methods have been replaced with
org.springframework.security.config.annotation.web.configurers.CsrfConfigurer#ignoringRequestMatchers
and
org.springframework.security.web.util.matcher.AntPathRequestMatcher#antMatcher(String)
.
Usages of the deprecated
org.springframework.security.config.annotation.web.builders.HttpSecurity#authorizeRequests
security builder
methods have been replaced with
org.springframework.security.config.annotation.web.builders.HttpSecurity#authorizeHttpRequests
(including chained
access method calls
).
Usages of the deprecated
org.springframework.security.config.annotation.web.builders.HttpSecurity#requestMatcher
security builder
methods have been replaced with
org.springframework.security.config.annotation.web.builders.HttpSecurity#securityMatcher
.
Usages of the deprecated
org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry#antMatchers
security builder
methods have been replaced with
org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry#requestMatchers
and
org.springframework.security.web.util.matcher.AntPathRequestMatcher#antMatcher(String)
.
Please note that the
*requestMatcher(String)
methods (that replace the deprecated
antMatcher(String)
,
mvcMatcher(String)
and
regexMatcher(String)
methods) create
org.springframework.security.web.util.matcher.AntPathRequestMatcher
or
org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher
objects under the hood, depending on the existence of
spring-webmvc
in the application classpath. As the CoreMedia applications contain
spring-webmvc
, each string pattern is wrapped in
org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher
. If this is not intended and/or leads to errors, consider wrapping the patterns using
org.springframework.security.web.util.matcher.AntPathRequestMatcher#antMatcher(String)
manually.
For further information how to apply customizations to the new Spring Security version see the Spring Security 5.8 Migration Guide .
(CMS-22524)