close

Filter

Close X
loading table of contents...

Release Notes / Version 11.2310

Table Of Contents

Replaced invocations of deprecated and breaking Spring Security code

With the update to Spring Security 5.8, there're a number of deprecations whose invocations have been replaced:

  • Instead of extending the deprecated org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper, the com.coremedia.livecontext.hybrid.CookieLevelerFilter.HttpServletResponseCookieAware class now extends its super class org.springframework.security.web.util.OnCommittedResponseWrapper. The overrides of the abstract methods have been applied to reflect the same implementation.

  • Usages of the deprecated org.springframework.security.config.annotation.web.configurers.CsrfConfigurer#ignoringAntMatchers security builder
    methods have been replaced with org.springframework.security.config.annotation.web.configurers.CsrfConfigurer#ignoringRequestMatchers and org.springframework.security.web.util.matcher.AntPathRequestMatcher#antMatcher(String).

  • Usages of the deprecated org.springframework.security.config.annotation.web.builders.HttpSecurity#authorizeRequests security builder
    methods have been replaced with org.springframework.security.config.annotation.web.builders.HttpSecurity#authorizeHttpRequests (including chained access method calls).

  • Usages of the deprecated org.springframework.security.config.annotation.web.builders.HttpSecurity#requestMatcher security builder
    methods have been replaced with org.springframework.security.config.annotation.web.builders.HttpSecurity#securityMatcher.

  • Usages of the deprecated org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry#antMatchers security builder
    methods have been replaced with org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry#requestMatchers and org.springframework.security.web.util.matcher.AntPathRequestMatcher#antMatcher(String).

Please note that the *requestMatcher(String) methods (that replace the deprecated antMatcher(String), mvcMatcher(String) and regexMatcher(String) methods) create org.springframework.security.web.util.matcher.AntPathRequestMatcher or org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher objects under the hood, depending on the existence of spring-webmvc in the application classpath. As the CoreMedia applications contain spring-webmvc, each string pattern is wrapped in org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher. If this is not intended and/or leads to errors, consider wrapping the patterns using org.springframework.security.web.util.matcher.AntPathRequestMatcher#antMatcher(String) manually.

For further information how to apply customizations to the new Spring Security version see the Spring Security 5.8 Migration Guide.

(CMS-22524)

Search Results

Table Of Contents
warning

Your Internet Explorer is no longer supported.

Please use Mozilla Firefox, Google Chrome, or Microsoft Edge.