🍃🎓 SPRING CERTIFICATION QUESTION: Which is the recommended securityMatchers method ?
🍃🎓 SPRING CERTIFICATION QUESTION: Which is the recommended securityMatchers method ?
🍃🎓 SPRING CERTIFICATION QUESTION: Which is the recommended securityMatchers method ?
* antMatchers
* mvcMatchers
* regexMatchers
* requestMatchers
#spring #certificationquestion #vcp
Answer: requestMatchers
In Spring Security 5.8, the antMatchers, mvcMatchers, and regexMatchers methods were deprecated in favor of new requestMatchers methods.
The new requestMatchers methods were added to authorizeHttpRequests, authorizeRequests, CSRF configuration, WebSecurityCustomizer and any other places that had the specialized RequestMatcher methods. The deprecated methods are removed in Spring Security 6.
These new methods have more secure defaults since they choose the most appropriate RequestMatcher implementation for your application. In summary, the new methods choose the MvcRequestMatcher implementation if your application has Spring MVC in the classpath, falling back to the AntPathRequestMatcher implementation if Spring MVC is not present (aligning the behavior with the Kotlin equivalent methods).
To start using the new methods, you can replace the deprecated methods with the new ones. For example, the following application configuration:
can be changed to: