diff --git a/maku-framework/src/main/java/net/maku/framework/security/config/SecurityConfig.java b/maku-framework/src/main/java/net/maku/framework/security/config/SecurityConfig.java index 8dd497d..86c9c22 100644 --- a/maku-framework/src/main/java/net/maku/framework/security/config/SecurityConfig.java +++ b/maku-framework/src/main/java/net/maku/framework/security/config/SecurityConfig.java @@ -18,6 +18,7 @@ import org.springframework.security.config.annotation.method.configuration.Enabl import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; +import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.password.PasswordEncoder; @@ -81,17 +82,17 @@ public class SecurityConfig { http .addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class) - .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) - .and().authorizeHttpRequests(auth -> auth + .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) + .authorizeHttpRequests(auth -> auth .requestMatchers(permits).permitAll() .requestMatchers(HttpMethod.OPTIONS).permitAll() .anyRequest().authenticated() ) - .exceptionHandling().authenticationEntryPoint(new SecurityAuthenticationEntryPoint()) - .and().headers().frameOptions().disable() - .and().csrf(AbstractHttpConfigurer::disable) + .exceptionHandling(exception -> exception.authenticationEntryPoint(new SecurityAuthenticationEntryPoint())) + .headers(headers -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable)) + .csrf(AbstractHttpConfigurer::disable) ; - + return http.build(); } }