I'm trying to migrate this code to Spring Security 6:
@EnableWebSecurity
public class WebSecurityConfig {
@Configuration
@Order(1)
public static class NoFrameOptions extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.regexMatcher("^/.+$")
.csrf().disable()
.headers()
.frameOptions().disable();
}
}
new code:
@EnableWebSecurity
public class WebSecurityConfig {
@Configuration
@Order(1)
public static class NoFrameOptions {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.regexMatcher("^/.+$")
.csrf().disable()
.headers()
.frameOptions().disable();
return http.build();
}
}
}
I get Cannot resolve method 'regexMatcher' in 'HttpSecurity'. What should be used instead regexMatcher?
From Spring Security 6 on you'll have to use the #requestMatchers method of the configuration object of eg http#securityMatchers or http#authorizeHttpRequests and provide the specific matcher as argument:
...
http.securityMatchers(matchers -> matchers
.requestMatchers(RegexRequestMatcher.regexMatcher("^/.+$")))
...
If you don't pass an explicit matcher but a string, Spring considers you to expect using an MvcRequestMatcher.