Trying to configure JWT configuration. Seems like JWT is deprecated. How can I use OAuth2ResourceServerConfigurer::jwt now?
My code:
@Bean
SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated());
http.sessionManagement((session) -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
//http.formLogin(withDefaults());
http.httpBasic(Customizer.withDefaults());
http.csrf(csrf -> csrf.disable());
http.headers(headers -> headers.frameOptions(frameOptionsConfig -> frameOptionsConfig.sameOrigin()));
http.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
return http.build();
}
Also, in Spring Security 6.0, antMatchers() as well as other configuration methods for securing requests (namely mvcMatchers() and regexMatchers()) have been removed from the API.
In addition to @schrom answer and more related to the deprecation of OAuth2ResourceServerConfigurer#jwt, Spring Security deprecated the methods that return its own configurer in favor of the ones that return HttpSecurity, and deprecated the .and() method from the HttpSecurity.
For example, httpBasic() is deprecated in favor of httpBasic(Customizer). Those deprecations were done to have only one way to configure the security DSL, which is using lambdas. Take a look at the documentation.
So, for JWT configuration, you'd have to do:
oauth2ResourceServer((oauth2) -> oauth2
.jwt(Customizer.withDefaults())
)