Menu
It appears both "ignoring()" and "permitAll()" are ways to by-pass Spring Security when requesting a web resource. What are the performance differences seen from using either approach and why is one faster/scalable then the other?
377
Summary. We can actually consider that WebSecurity is the only external outlet for Spring Security, while HttpSecurity is just the way internal security policies are defined; WebSecurity is aligned to FilterChainProxy , while HttpSecurity is aligned to SecurityFilterChain .
You need to declare SecurityFilterChain and WebSecurityCustomizer beans instead of overriding methods of WebSecurityConfigurerAdapter class.
From Spring Boot 2.7, WebSecurityConfigurerAdapter is deprecated. In this tutorial, I will show you how to update your Web Security Config class in Spring Security without the WebSecurityConfigurerAdapter example.
Used by the default implementation of authenticationManager() to attempt to obtain an AuthenticationManager . protected void. configure(HttpSecurity http) Deprecated.
According to the Eugen Paraschiv on his excellent blog regarding these parts of Spring security the conclusion would be that something like:
web.ignoring().antMatchers("/resources/**");
is more efficient than this:
http.authorizeRequests().antMatchers("/resources/**").permitAll();
simply because the filter(s) involved in the spring security mechanism will be bypassed...
172
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
