Lab: Update Spring Security version ‐ 5: Adopt New Customizer Interface for csrf - shinyay/spring-boot-2-7-to-3-1-upgrade GitHub Wiki

5: Adopt New Customizer Interface for csrf Like http.authorizeHttpRequests the csrf method has been deprecated in favor of the new Customizer interface.

We'll use a similar lamba expression, but we'll use the collapsed method syntax.

Fix the crsf() method call.

Open SecurityConfig again and rewrite the csrf() using a lambda that accepts the Customizer:

csrf() Replace csrf().disable() with csrf(AbstractHttpConfigurer::disable)

.csrf(AbstractHttpConfigurer::disable) Be sure to add the new import:

import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; Compile the code

Now is a good time to Compile the code again.

[~/exercises] $ ./mvnw clean compile Woohoo! We have a clean compile. No more deprecation messages in the output

[INFO] ------------------------------------------------------------------------ [INFO] BUILD SUCCESS [INFO] ------------------------------------------------------------------------ [INFO] Total time: 1.706 s [INFO] Finished at: 2023-10-03T09:46:01-06:00 [INFO] ------------------------------------------------------------------------ Success! We're compiling without deprecation warnings again.

Update our notes.

Before we move on, let's note the change in the upgrade-notes.md file.

• Update csrf to use the new customizer interface Before we're done, let's establish a new baseline again.