I am trying to create a securityFilterChain method with Spring Boot 3.1.5
Here is what I have:
@Bean
@Throws(java.lang.Exception::class)
fun securityFilterChain(http: HttpSecurity): SecurityFilterChain? {
http
.authorizeHttpRequests(
Customizer<AuthorizationManagerRequestMatcherRegistry> { authorizeHttpRequests: AuthorizationManagerRequestMatcherRegistry ->
authorizeHttpRequests
.requestMatchers("/**").hasRole("USER")
}
)
return http.build()
}
Unfortunately I get this compilation error: "Type arguments should be specified for an outer class. Use full class name to specify them."
Can anyone please guide in the right direction ?
Here is what else I have I tried:
@Bean
@Throws(Exception::class)
fun filterChain(http: HttpSecurity): SecurityFilterChain {
http.authorizeHttpRequests((requests) -> requests
.requestMatchers("/users/registration").permitAll())
return http.build()
}
but that does not compile as well.
Here are the project dependencies:
dependencies {
implementation("org.apache.tomcat.embed:tomcat-embed-jasper")
implementation("org.springframework.boot:spring-boot-starter-data-jpa")
implementation("org.springframework.boot:spring-boot-starter-validation")
implementation("org.springframework.boot:spring-boot-starter-security")
implementation("org.springframework.boot:spring-boot-starter-web")
implementation("org.springframework.security:spring-security-core")
implementation("org.springframework.security:spring-security-config")
implementation("com.fasterxml.jackson.module:jackson-module-kotlin")
implementation("org.jetbrains.kotlin:kotlin-reflect")
implementation("org.jetbrains.kotlin:kotlin-stdlib-jdk8")
implementation("io.jsonwebtoken:jjwt:0.9.0")
implementation("org.postgresql:postgresql")
implementation("org.jetbrains.kotlinx:kotlinx-coroutines-core")
testImplementation("org.springframework.boot:spring-boot-starter-test") {
exclude(group = "org.junit.vintage", module = "junit-vintage-engine")
}
testImplementation("org.springframework.security:spring-security-test")
}
The documentation includes an overview of Kotlin Configuration:
import org.springframework.security.config.annotation.web.invoke @Bean open fun filterChain(http: HttpSecurity): SecurityFilterChain { http { authorizeRequests { authorize(anyRequest, authenticated) } formLogin { } httpBasic { } } return http.build() }
This example uses the Kotlin DSL and includes an import to the invoke extension function for HttpSecurity which is required to use the DSL in this way.
Also note that this example uses authorizeRequests but it is recommended to use authorizeHttpRequests. I've filed an issue to improve this snippet in the docs.