Lab: Major Release Considerations ‐ 4: Update Request Matchers - shinyay/spring-boot-2-7-to-3-1-upgrade GitHub Wiki

4: Update Request Matchers The HttpSecurity class has replaced the deprecated antMatchers, mvcMatchers and regexMatchers with an expanded requestMatchers method.

It can usually introspect the type of matcher by just specifying a String path value. However, this depends on which dependencies are currently on your classpath. You can pass in a direct RequestMatcher instance to ensure the correct one is applied.

Fix the .antMatchers().

Open SecurityConfig.java again and replace the .antMatchers() calls with the following requestMatchers() calls:

antMatchers // Delete these antMatchers // .antMatchers("/cashcards/").hasRole("CARD-OWNER") // .antMatchers("/h2-console/").permitAll()

// replace with these requestMatchers .requestMatchers(new AntPathRequestMatcher("/cashcards/")).hasRole("CARD-OWNER") .requestMatchers(new AntPathRequestMatcher("/h2-console/")).permitAll() Remember to add the new import for AntPathRequestMatcher:

import org.springframework.security.web.util.matcher.AntPathRequestMatcher; Compile the code

Now is a good time to Compile the code again.

[~/exercises] $ ./mvnw clean compile It's compiling, but we still have some deprecations messages in the output

[INFO] /course-spring-boot-2-7-to-3-1-upgrade-code/src/main/java/example/cashcard/SecurityConfig.java: /course-spring-boot-2-7-to-3-1-upgrade-code/src/main/java/example/cashcard/SecurityConfig.java uses or overrides a deprecated API. Update our notes.

Before we move on, let's note the change in the upgrade-notes.md file.

• Replace antMatcher with requestMatcher builder method Let's move on to the next deprecations.