JWT Filters without the WebSecurityConfigurerAdapter
(Spring Security without the WebSecurityConfigurerAdapter)
In Spring Security 5.7.0-M2 they have deprecated the WebSecurityConfigurerAdaptor, and we are encouraged to move towards a component-based security configuration.
Updating an existing configuration
(scroll down for full example — or view at github)
This is how we used to create the SecurityConfig class as WebSecurityConfigurerAdaptor subclass
Let’s see how we can update this class to new component-based configuration
1: Remove the codes that we no longer needed
- Remove
WebSecurityConfigurerAdaptorInheritance - Remove
AuthenticationManagerBeanBean - Injected (Autowire)
UserDetailsService
2: Update Authentication Manager Builder Configuration
3: Update Http Security Configuration
4 : No need to worry about CorsFilter (if you have)
And we are done !
Here is the full example with usage
- Security Config Class
- Jwt Token Filter Class
- User Details Service implementation
- Login with Username and Password
and that it…
Source Code : https://github.com/PavithMadusara/spring-rest-jwt-starter
More details and other implementation examples: https://spring.io/blog/2022/02/21/spring-security-without-the-websecurityconfigureradapter