我正在尝试配置JWT设置。似乎JWT已经过时了。那么现在我该如何使用OAuth2ResourceServerConfigurer::jwt
呢?
我的代码:
@Bean
SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated());
http.sessionManagement((session) -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
//http.formLogin(withDefaults());
http.httpBasic(Customizer.withDefaults());
http.csrf(csrf -> csrf.disable());
http.headers(headers -> headers.frameOptions(frameOptionsConfig -> frameOptionsConfig.sameOrigin()));
http.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
return http.build();
}
此外,在Spring Security 6.0中,
antMatchers()
以及其他用于保护请求的配置方法(即mvcMatchers()
和regexMatchers()
)已从API中删除。