[SpringSecurity] Config 변경사항 (SpringBoot 2.7 release Notes)

Spring Security without the WebSecurityConfigurerAdapter

In Spring Security 5.4 we introduced the ability to configure HttpSecurity by creating a SecurityFilterChain bean.

💊 기존 방식 : WebSecurityConfigurerAdapter를 class에 상속

Below is an example configuration using the WebSecurityConfigurerAdapter that secures all endpoints with HTTP Basic:

@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeHttpRequests((authz) -> authz
                .anyRequest().authenticated()
            )
            .httpBasic(withDefaults());
    }

}

💊 바뀐 방식 : SecurityFilterChain bean을 등록

Going forward, the recommended way of doing this is registering a SecurityFilterChain bean:

@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeHttpRequests((authz) -> authz
                .anyRequest().authenticated()
            )
            .httpBasic(withDefaults());
    }

}

• Spring Boot 2.7 Release Notes
• Spring Security without the WebSecurityConfigurerAdapter
• 스프링부트 Spring Security 기본 세팅 (스프링 시큐리티) - 2.6.x 버전