AbstractWebSocketMessageBrokerConfigurer in Spring-Security deprecated

I'm trying to learn more about Spring-Websocket in combination with Spring-Security and was trying out the examples from the Spring Documentation.

After creating my class WebSecurityConfig and extending from AbstractWebSocketMessageBrokerConfigurer I was informed that AbstractWebSocketMessageBrokerConfigurer is deprecated.

I tried to find out if there is an alternative to use Spring-Security with Spring-Websocket but couldn't find something on that.

So, my question is should I still use AbstractWebSocketMessageBrokerConfigurer or is there an alternative way to combine Spring-Security with Spring-Websocket?

This is the example I implemented to my test project. It seems to working thine, but shouldn't be there an alternative from Spring before making AbstractWebSocketMessageBrokerConfigurer deprecated?

@Configuration
public class WebSocketSecurityConfig extends AbstractWebSocketMessageBrokerConfigurer {

        protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) {
                messages.simpDestMatchers("/user/*").authenticated();
        }
}

What is the replacement of WebSecurityConfigurerAdapter?

Spring Security Without the WebSecurityConfigurerAdapter0-M2, Spring deprecates the use of WebSecurityConfigureAdapter and suggests creating configurations without it. Let's create an example Spring Boot application using in-memory authentication to show this new type of configuration.

Why is Websecurityconfigureradapra deprecated?

0-M2 we deprecated the WebSecurityConfigurerAdapter , as we encourage users to move towards a component-based security configuration. To assist with the transition to this new style of configuration, we have compiled a list of common use-cases and the suggested alternatives going forward.

What is WebSecurityConfigurerAdapter in Spring Security?

Used by the default implementation of authenticationManager() to attempt to obtain an AuthenticationManager . protected void. configure(HttpSecurity http) Deprecated.

Please, read JavaDocs of that deprecated class:

 * @deprecated as of 5.0 in favor of simply using {@link WebSocketMessageBrokerConfigurer}
 * which has default methods, made possible by a Java 8 baseline.
 */
@Deprecated
public abstract class AbstractWebSocketMessageBrokerConfigurer implements WebSocketMessageBrokerConfigurer {

AbstractWebSocketMessageBrokerConfigurer in Spring-Security deprecated - is there an alternative?

Tags:

java

spring

spring-security

spring-websocket

Constantin Beer

People also ask

1 Answers

Artem Bilan

Recent Activity

Donate For Us