In Spring Boot 3, the authorizeRequests()
method of the WebSecurityConfigurerAdapter
class has been deprecated. This method was previously used to configure the authorization rules for securing web applications.
To secure your application in Spring Boot 3, you should use the HttpSecurity
class and its authorizeHttpRequests()
method instead.
authorizeHttpRequests() example
Here’s an example of how you can use HttpSecurity
in your application:
@Configuration @EnableWebSecurity public class WebSecurity { @Bean public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { http.authorizeHttpRequests() .requestMatchers("/h2-console/**").permitAll() .anyRequest().authenticated() // Other configuration here return http.build(); } }
This example specifies that all requests to a /h2-console URL path and all its sub-sources should be allowed. Notice how the authorizeHttpRequests() method is used with requestMatchers() instead of antMatchers()?
I hope this tutorial was helpful to you. To learn more, check out the Spring Boot tutorials page.